This paper proposes a new RSA-type scheme over non-singular parts of singular cubic curves En(α,β):(y-αx)(y-βx)x3(mod n). In usual one-to-one communication, we prove that breaking the proposed scheme is not easier than breaking the RSA scheme for the whole ciphertexts. If encryption key e is larger than 19 for 512 bits modulus n, then the proposed scheme is secure against the Hastad attack in broadcast applications. A plaintext of two blocks, i.e., x and y coordinates in En(α,β), is encrypted to a ciphertext of three blocks, where the size of one block is log2n bits. The decryption speed ofthe proposed scheme is as fast as that of the RSA scheme for the even block plaintext.

RDES cryptosystem is an n-round DES in which an probabilistic swapping is added onto the right half of the input in each round. It is more effective than a simple increase of DES rounds for a countermeasure against differential attack. In this paper, we show that the RDES is also effective against linear cryptanalysis. We applied Matsui's search algorithm to find the best expression for RDES-1 and RDES-2. The results are as follows: (a) The 16-round RDES-1 is approximately as strong as a 22-round DES, and the 16-round RDES-2 is approximately as strong as a 29-round DES. (b) Linear cryptanalysis for a 16-round RDES-1 and a 16-round RDES-2 requires more than 264 known-plaintexts.

We create a new version of the FEAL-N(X) cryptographic function, called FEAL-N(X)S, by introducing a dynamic swapping function. FEAL-N(X)S is stronger against Differential Cryptanalysis in the sense that any characteristic for FEAL-N(X) is less effective when applied to FEAL-N(X)S. Furthermore, the only iterative characteristics. that may attack the same number of rounds for the two versions are the symmetric ones, which have an average probability bounded above by 2-4 per round, i.e., the FEAL-N(X)S is at least as strong as DES with respect to this type of characteristic. We also show that in general the probability of an iterative characteristic for the FEAL-N(X) that is still valid for FEAL-N(X)S is decreased by 1/2 per round. Some of the best characteristics are shown. Experimental results show that the running time required by FEAL-N(X)S is around 10% greater compared to FEAL-N(X), in software; but this price is small compared to the gained strength against Differential Cryptanalysis.

In a (k,n) threshold digital signature scheme, k out of n signers must cooperate to issue a signature. In this paper, we show an efncient (k,n) threshold EIGamal type digital signature scheme with no trusted center. We first present a variant of EIGamal type digital signature scheme which requires only a linear combination of two shared secrets when applied to the (k,n)-threshold scenario. More precisely, it is a variant of Digital Signature Standard (DSS) which was recommended by the U.S. National Institute ofStandard and Technology (NIST). We consider that it is meaningful to develop an efficient (k,n)-threshold digital signature scheme for DSS. The proposed (k,n)-threshold digital signature scheme is proved to be as secure as the proposed variant of DSS against chosen message attack.

A performance estimation method has been developed that combines conventional performance evaluation with Bayesian regression analysis. The conventional method is used to estimate performance a priori; this a priori estimate is then updated through Bayesian regression analysis using monitored performance. This method compensates for modeling errors in the conventional technique without recreating complex performance models; it does not require additional traffic measurement or system behavior models. Numerical examples and applications of traffic management in ATM PVC networks have demonstrated its effectiveness.

A goal of a broadband ISDN network is to provide integrated transport for a wide range of applications such as teleconferencing, entertainment video, and file distribution. These require multipoint communications in addition to conventional point-to-point connections. The essential component to provide multipoint communications is a multicast packet switch. In this paper, we propose and analyze a new parallel multicast packet switch which easily approaches a maximum throughput of 100% as the number of fanout and multicast rate are increased. The proposed switch consists of a simple ring network and a point-to-point switch network in parallel. The ring network provides both replication and routing of multicast packets. The point-to-point switch network is responsible for delivering only unicast packets. The ring network provided in this switch overcomes the problems of clock synchronization and unfairness of access in the slotted ring by synchronizing the ring to the time slot used in the point-to-point switch and providing small amount of speed-up. Moreover, the significant drawbacks of the basic cascaded multicast fabric design are removed in this parallel switch which can separate the unicast and multicast packets before entering the switch fabric. The performance analysis shows that this switch with the small size of input/output buffers achieves good performance in delay and throughput, and the packet loss probability less than 10-9.

This paper presents a 15-GHz MMIC direct optical injection-locked oscillator (MMIC OILO) with very-wide locking range that uses photosensitive HBTs. The MMIC OILO consists of an HBT and a positive feedback circuit including a Q-damping variable resistor. By utilizing the high-fT/fmax photosensitive HBT, we realize both high-frequency oscillation of 15 GHz and increased equivalent electrical injection power. In addition to increasing the RF injection power, the Q-damping variable resistor effectively reduces the quality-factor of the oscillator, thus realizing the very wide locking range (f) of 567 MHz (f/fosc3.8%). The locking bandwidth of 3.8% is over 10 times wider than that of any yet reported microwave direct OILO. Furthermore, it is shown that the MMIC OILO can also work as a high-gain Q-variable filter photoreceiver by increasing a Q-damping variable resistance over the self-oscillation suppression range.

Exploitation of air interfaces for mobile communications is rapidly increasing because of diversified service demands, technology trends and radio propagation conditions. This paper summarizes the radio and optic interaction devices and systems that can solve the future problems resulting from spreading demands in mobile multimedia communications. The concept of the Virtual Free Space Network (Radio Highway Network) is proposed for universal mobile access networks that can support any mobile service or radio air-interface. As one example of the proposed network, the optical TDMA network for radio is analyzed and results of some theoretical calculations are shown.

A new configuration is proposed for an optoelectronic network (OEN) using microwave frequency mixing and multiplexing. The mn OEN consists of m optical sources, m-parallel n-stage cascaded optical intensity modulators, and m-photodetectors. The mn OEN matrix is theoretically discussed, and 12, 22 and 33 OENs are analyzed in detail. The 22 OEN, which mixes and multiplexes microwaves, is further investigated and the theoretical prediction derived from OEN equations is experimentally confirmed.

This paper proposes fiber-optic radio highway network using code division multiple access (CDMA) method which is universally applicable for various type of personal radio services and radio air interfaces. The proposed system can asynchronously open the radio-free space among any microcells. The outage probability and the number of connectable radio base stations are theoretically analyzed and compared with these in using conventional subcarrier multiplexing (SCM) method. Analysis results show that the reduction effect of the optical signal beat noise, due to spread spectrum of optical signal, improves the number of the active RBSs in CDMA radio highway network.

An invertible length preserving transducer is called a weakly invertible finite automaton (WIFA for short). If the first letter of any input string of length τ + 1 is uniquely determined by the corresponding output string by a WIFA and its initial state, it is called a WIFA with delay τ. The composition of two WIFAs is the natural concatenation of them. The composition is also a WIFA whose delay is less than or equal to the sum of the delays of the two WIFAs. In this paper we derive various results on a decomposition of a WIFA into WIFAs with smaller delays. The motivation of this subject is from theoretical interests as well as an application to cryptosystems. In order to capture the essence of the decomposability problem, we concentrate on WIFAs such that their input alphabets and their output alphabets are identical. A WIFA with size n of the input and output alphabet is denoted by an n-WIFA. We prove that for any n > 1, there exists an n-WIFA with delay 2 which cannot be decomposed into two n-WIFAs with delay 1. A one-element logic memory cell is a special WIFA with delay 1, and it is called a delay unit. We show that for any prime number p, every strongly connected p-WIFA with delay 1 can be decomposed into a WIFA with delay 0 and a delay unit, and that any 2-WIFA can be decomposed into a WIFA wiht delay 0 and a sequence of k delay units if and only if every state of the 2-WIFA has delay k.

An optoelectronic beam forming network (BFN) is presented for a single beam, 3-element phased array antenna that utilizes electrically controllable birefringence mode nematic liquid-crystal cells (ECB mode NLC cells) for phase shifting and amplitude control. In the circuit, a microwave signal is carried by a pair of orthogonal linearly polarized lightwaves (signal and reference lightwaves) using the optical heterodyning technique. Birefringence of liquid-crystals is utilized to selectively control the phase of the signal and reference lightwaves. Because an interferometer is formed on a single signal path, the complexity of the optical circuit is much reduced, compared to the BFNs based on arrays of Mach-Zender interferometers. A prototype circuit is built using laser sources of 1.3 µm, and its performance experimentally examined. With small deviations among the three cells, phase shifts of up to 240 degrees are achived for MW signals from 0.9 GHz to 20 GHz with good stability; attenuation of more than 18dB is achieved. An optoelectronic technique for parallel control of amplitude and phase of MW signals was developed.

In this paper it is pointed out that although an elegant differential-like approach is developed, Coppersmith' attacking method on NIKS-TAS cannot succeed to forge a shared key of legitimate entities especially when p-1 contains highly composite divisors, as well as decomposibility-hard divisors. This is mainly due to a severe reduction of modulo size. Computer simulation results confirm this assertion. The ambiguity in the solutions to the collusion equations in the first phase can be analyzed by the elementary divisor theory. Moreover, two basis vectors, qi,ri in the second phase, are found to be inadequate to represent the space spanned by xi-yi and ui-vi(i=1,...,N), because qi,ri exist frequently over the space with small modulo size. Then, the erroneous values of αi,βi,...,εi(i=1,...,N) are derived from the inadequate basis vectors, qi,ri. Also, when the degeneracy in modulo size happens, the solutions to αi,βi,...,εi(i=1,...,N) cannot be solved even by means of the exhaustive search over the small prime divisors of p-1.

In CRYPTO '94, Langford and Hellman attacked DES reduced to 8-round in the chosen plaintext scenario by their "differential-1inear cryptanalysis," which is a combination of differential cryptanalysis and linear cryptanalysis. In this paper, a historical review of differential-linear cryptanalysis, our formalization of differential-linear cryptanalysis, and the application of differential-linear cryptanalysis to FEAL-8 are presented. As a result, though the previous best method (differential cryptanalysis) required 128 chosen plaintexts, only 12 chosen plaintexts are sufficient, in computer experimentations, to attack FEAL-8.

In previous papers the building of hierarchical networks made up of components using fuzzy rules was presented. It was demonstrated that this approach could be used to construct networks to solve classification problems, and that in many cases these networks were computationally less expensive and performed at least as well as existing approaches based on feedforward neural networks. It has also been demonstrated how this approach could be extended to real-valued problems, such as function approximation and time series prediction. This paper investigates the problem of choosing the best network for real-valued approximation problems. Firstly, the nature of the network parameters, how they are interrelated, and how they affect the performance of the system are clarified. Then we address the problem of choosing the best values of these parameters. We present two model selection tools in this regard, the first using a simple statistical model of the network, and the second using structural information about the network components. The resulting network selection methods are demonstrated and their performance tested on several benchmark and applied problems. The conclusions look at future research issues for further improving the performance of the clustering network.

This article considers a hybrid data backup model for a file system, which combines both conventional magnetic disk (MD) and write-once, read-many optical disk (OD). Since OD recently is a lower cost medium as well as a longer life medium than the ordinary MD, this kind of backup configuration is just recognized to be important. We mathematically formulate the hybrid data backup model and obtain the closed-form average cost rate when the system failure time and the recovery time follow exponential distributions. Numerical calculations are carried out to obtain the optimal backup policy, which is composed of two kinds of backup sizes from the main memory to MD and from MD to OD and minimizes the average cost rate. In numerical examples, the dependence of the optimal backup policy on the failure and the recovery mechanism is examined.

In 1980, Hellman presented "time-memory trade-off cryptanalysis" for block ciphers, which requires precomputation equivalent to time complexity of exhaustive search, but can drastically reduce both time complexity on intercepted ciphertexts of exhaustive search and space complexity of table lookup. This paper extends his cryptanalysis and optimizes a relation among the breaking cost, time, and success probability. The power of the optimized cryptanalytic method can be demonstrated by the estimates as of January 1995 in the following. For breaking DES in one hour with success probability of 50% or more, the estimated cost of a simple and a highly parallel machine is respectively about 0.26[million dollars] and 0.06[million dollars]. Also it takes about six and two years respectively until each machine costs for breaking FEAL-32 on the same condition decreases to 1[million dollars]. Moreover, it takes about 22.5 and 19[years] respectively until each costs for breaking Skipjack similarly decreases to 1[million dollars], but time complexity of precomputation is huge in case of the former. The cost-time product for this precomputation will decrease to 20[million dollarsyears] in about 30[years].

There have been many developments on neural network research, and ability of a multi-layered network for classification of multi-spectral image data has been studied. We can classify non-Gaussian distributed data using the neural network trained by a back-propagation method (BPM) because it is independent of noise conditions. The BPM is a supervised classifier, so that we can get a high classification accuracy by using the method, so long as we can choose the good training data set. However, the multi-spectral data have many kinds of category information in a pixel because of its pixel resolution of the sensor. The data should be separated in many clusters even if they belong to a same class. Therefore, it is difficult to choose the good training data set which extract the characteristics of the class. Up to now, the researchers have chosen the training data set by random sampling from the input data. To overcome the problem, a hybrid pattern classification system using BPM and Kohonens feature mapping (KFM) has been proposed recently. The system performed choosing the training data set from the result of rough classification using KFM. However, how the remotely sensed data had been influenced by the KFM has not been demonstrated quantitatively. In this paper, we propose a new approach using the competitive weight vectors as the training data set, because we consider that a competitive unit represents a small cluster of the input patterns. The approach makes the training data set choice work easier than the usual one, because the KFM can automatically self-organize a topological relation among the target image patterns on a competitive plane. We demonstrate that the representative of the competitive units by principal component analysis (PCA). We also illustrate that the approach improves the classification accuracy by applying it on the classification of the real remotely sensed data.

This paper presents a technique for disparity selection in the context of binocular pursuit. For vergence control in binocular pursuit, it is a crucial problem to find the disparity which corresponds to the target among multiple disparities generally observed in a scene. To solve the problem of the selection, we propose an approach based on histogramming the disparities obtained in the scene. Here we use an extended phase-based disparity estimation algorithm. The idea is to slice the scene using the disparity histogram so that only the target remains. The slice is chosen around a peak in the histogram using prediction of the target disparity and target location obtained by back projection. The tracking of the peak enables robustness against other, possibly dominant, objects in the scene. The approach is investigated through experiments and shown to work appropriately.

With the fully depleted ultra-thin-film SOI CMOS, one important issue is controlling the threshold voltage (Vth) while maintaining high speed operation and low power consumption. To control the Vth, applying a bias voltage to the substrate is one of the most practical methods. We suggest a fully depleted ultra-thin-film SOI CMOS with a floating back gate, which is formed at the lower part of the channel field inside the substrate and stores electrons injected into it. This device can eliminate the necessity of an extra circuit or a separate power supply to apply a negative voltage. The silicon wafer direct bonding technique is used to construct this device. With the prototyped devices, we can successfully control the Vth for both the nMOSFET and pMOSFET at around 0.5 V by controlling the quantity of the electric charges injected into the floating back gate.