A near-ring is an extended notion of a usual ring. Therefore a ring is a near-ring, but the converse does not necessarily hold. We investigate in this paper one-way functions associated with finite near-rings, and show that if there exists a one-way group homomorphism, there exists a one-way non-ring near-ring homomorphism (Theorem 1); if there exists a one-way ring homomorphism (Theorem 2). Further, we introduce a discrete logarithm problem over a finite near-ring, and show that the integer factoring is probabilistic polynomial-time Turing equivalent to a modified version of this problem (Theorem 3). Theorem 1 implies that under some standard cryptographic assumption, there is an affirmative but trivial solution to the extended version of the open question: Is there an encryption function f such that both f(x+y) and f(xy) are efficiently computed from given f(x) and f(y) ?

This paper discusses Boolean functions satisfying the propagation criterion (PC) and their balancedness. Firstly, we discuss Boolean functions with n variables that satisfy the PC with respect to all but three elements in {0,1}ⁿ-{(0,...,0)}. For even n4, a necessary and sufficient condition is presented for Boolean functions with n variables to satisfy the PC with respect to all but three elements in {0,1}ⁿ-{(0,...,0)}. From this condition, it is proved that all of these Boolean functions are constructed from all perfectly nonlinear Boolean functions with n-2 variables. For odd n3, it is shown that Boolean functions with n variables satisfying the PC with respect to all but three elements in {0,1}ⁿ-{(0,...,0)} satisfy the PC with respect to all but one elements in it. Secondly, Boolean functions satisfying the PC of degree n-2 and their balancedness are considered. For even n4, it is proved that an upper bound on the degree of the PC is n-3 for balanced Boolean functions with n variables. This bound is optimal for n=4,6. It is also proved that, for odd n3, balanced Boolean functions with n variables satisfying the PC of degree n-2 satisfy the PC with respect to all but one elements in {0,1}ⁿ-{(0,...,0)}.

Damgrd defined the notion of a collision intractable hash functions and showed that there exists a collection of collision intractable hash functions if there exists a collection of claw-free permutation pairs. For a long time, the necessary and sufficient condition for the existence of a collection of collision intractable hash functions has not been known, however, very recently Russell finally showed that there exists a collection of collision intractable hash functions iff there exists a collection of claw-free pseudo-permutation pairs. In this paper, we show an alternative necessary and sufficient condition for the existence of a collection of collision intractable hash functions, i.e., there exists a collection of collision intractable hash functions iff there exists a collection of distinction intractable pseudo-permutations.

We propose an RSA-type scheme over the nonsingular part of a singular cubic curve En (0,b) : y²x³+bx² (mod n), where n is a product of form-free primes p and q. Our new scheme encrypts/decrypts messages of 2 log n bits by operations of the x and y coordinates. The decryption is carried out over F_p or a subgroup of a quadratic extension of F_p, depending on quadratic residuosity of message-dependent parameter b. The decryption speed in our new scheme is about 4.6 and 5.8 times faster than that in the KMOV scheme and the Demytko scheme, respectively. We prove that if b is a quadratic residue in Z_n, breaking our new scheme over E_n(0,b) is not easier than breaking the RSA scheme.

In this paper, we consider ZKIPs for promise problems. A promise problem is a pair of predicates (Q,R). A Turning machine T solves the promise problem (Q,R) if, for every x satisfying Q(x), machine T halts and it answers "yes" iff R(x). When ¬Q (x), we do not care what T does. First, we define "promised BPP" which is a promise problem version of BPP. Then, we prove that a promise problem (Q,R) has a 3-move interactive proof system which is black-box simulation zero knowledge if and only if (Q,R) ∈ promised BPP. Next, we show a "4-move" perfect ZKIPs (black-box simulation) for a promise problem of Quadratic Residuosity and that of Blum Numbers under no cryptographic assumption.

Let L{0,1}^* be a language and let λ_L : {0,1}^*{0,1} be the characteristic function of the language L, i.e., if x ∈ L, λ_L (x) = 1; otherwise,λ_L (x) = 0. In this paper, we consider an adaptive checker with a single program F (resp. noncommunicating multiple programs F₁, F₂,...) for λ_L that works even when an incorrect program F^* (resp. incorrect noncommunicating multiple programs F^*₁,F^*₂,...) for λ_L adaptively behaves according to inputs previously provided to the program F^* (resp. the programs F^*₁,F^*₂,...). We show that (1) for any language L, there exists an adaptive checker with a single program for λ_L iff L and respectively have competitive interactive proof systems; and (2) that for any language L, there exists an adaptive checker with noncommunicating multiple programs for λ_L iff L and respectively have function-restricted interactive proof systems. This implies that for any language L, adaptive chekers with noncommunicating multiple programs for λ_L are as powerful as static ones with a single program for λ_L.

In this paper, we propose a new class of ID-based non-interactive key sharing scheme with a trusted center which generate a common key on the basis of a linear combination of the center secrets. We also discuss the security of the proposed schemes, and show that the proposed schemes prevent the conventional collusion attack, by adding another random integers unique to each user, on the secret vector that is assigned to the user. Furthermore, we present a new type of a statistical collusion attack which is more suitable for the proposed schemes. We also present the lower bound of the threshold of the statistical collusion attack on the proposed schemes. The proposed schemes can be easily implemented compared with other schemes as they require only computing of the inner product of two vectors over finite ring (including finite field) and an Euclidean quotient, for generating the common key. Our proposed schemes can be regarded as modified versions of the Blom's original scheme. However our proposed schemes are secure against our new type of the attack, as well as the collusion attack based on the solving of the linear equations, although Blom's scheme is insecure against both of these collusion attacks.

This paper deals with the information leakage measurement in a distributed computation protocol called SASC. The SASC protocol is a kind of two-party protocol between a client and a server. The computation for RSA cryptosystem is the target of this paper. This paper shows that a secure RSA-SASC protocol proposed recently could be changed to be insecure if the client which has secret information were to complain about the computation result. This paper first clarifies how to measure the information amount which leaks through the protocol. It, then, shows an attack procedure to make use of the client's complaint. Effectiveness of the attack procedure is measured by the information theoretic measure. By using the same measure, it is shown that some attacks do not work to derive the client's secret. It is also shown that a practical countermeasure to limit the number of incorrect computation allowed is effctive to limit the leakage of the secret information to some reasonable extent.

This paper proposes an electronic retail payment system to provide flexible and efficient funds transfers with adequate security, reliability, circulativity, and anonymity even in large-scale applications. Funds are represented by a portable intelligent device called a card issued by a supervising organization, the system provider. Funds can be transferred from a card to another at an intelligent terminal called a mediator. To update the balance of each card, two digital signatures are generated by a three-party protocol conducted by the cards and mediator, and are encoded and appended to a write-once separate memory in the card. Old signatures are simultaneously nullified. Through a wired or radio non-real-time link, the generated signatures are periodically reported to the system provider to systemically manage possible abuses.

Mobile communication networks need public key cryptosystems that offer both low computation cost and user authentication. Tatebayashi et al. showed a key distribution protocol for such networks at Crypto'89 based on low exponent RSA. This paper shows that their protocol is not secure. We also present two types of secure and efficient key distribution protocols.

Two new algorithms for performing modular exponentiation are suggested. Nonstandard number systems are used. The first algorithm is based on the representing the exponent as a sum of generalized Fibonacci numbers. This representation is known as Zeckendorf representation. When precomputing is allowed the resulting algorithm is more efficient than the classical binary algorithm, but requires more memory. The second algorithm is based on a new number system, which is called hybrid binary-ternary number system (HBTNS). The properties of the HBTNS are investigated. With or without precomputing the resulting algorithm for modular exponentiation is superior to the classical binary algorithm. A conjecture is made that if more bases are used asymptotically optimal algorithm can be obtained. Comparisons are made and directions for future research are given.

We developed a parallel bordered-block-diagonal (BBD) matrix solution for parallel circuit simulation. In parallel circuit sumulation on a MIMD parallel computer, a circuit is partitioned into as many subcircuits as the processors of a parallel computer. Circuit partition produce a BBD matrix. In parallel BBD matrix solution, diagonal blocks are easily solved separately in each processor. It is difficult, however, to solve the interconnection (IC) submatrix of a BBD matrix effectively in parallel. To make matters worse, the more a circuit is partitioned into subcircuits for highly parallel circuit simulation, the larger the size of an IC submatrix becomes. From an examination, we found that an IC submatrix is more dense (about 30% of all entries are non-zeros) than a normal circuit matrix, and the non-zeros per row in an IC submatrix are almost constant with the number of subcircuits. To attain high-speed circuit simulation, we devised a data structure for BBD matrix processing and an approach to parallel BBD matrix solution. Our approach solves the IC submatrix in a BBD matrix as well as the diagonal blocks in parallel using all processors. In this approach, we allocate an IC submatrix in block-wise order rather than in dot-wise order onto all processors. Thus, we balance the processor perfomance with the communication capacity of a parallel computer system. When we changed the block size of IC submatrix allocation from dot-wise order to 88 block-wise order, the 88 block-wise order allocation almost halved the matrix solution time. The parallel simulation of a sample circuit with 3277 transistors was 16.6 times faster than a single processor when we used 49 processors.

Coding scheme is discussed for M-Choose-T communication in which at most T active users out of M potential users simultaneously transmit their messages over a common channel. The multiple-access channel considered in this paper is assumed to be a time-discrete noiseless adder channel without feedback with T binary inputs and one real-valued output, and is used on the assumption of perfect block and bit synchronization among users. In this paper a new class of uniquely decodable codes is proposed in order to realize error-free M-Choose-T communication over the adder channel described above. These codes are uniquely decodable in the sense that not only the set of active users can be specified but also their transmitted messages can be recovered uniquely as long as T or fewer users are active simultaneously. It is shown that these codes have a simple decoding algorithm and can achieve a very high sum rate arbitrarily close to unity if exactly T users are active.

A new Hybrid-ARQ scheme with a convolutional code and the Viterbi decoding is proposed, which uses the packet combining technique and a retransmission criterion based on an estimated decoding error rate. The throughput and bit error rate are evaluated by theoretical bounds and computer simulations. It is shown that a given error rate tolerance can be attained with good throughput for any signal to noise ratio, i.e. for the slow time-varying channels. Furthermore, the throughput performance can be improved by retransmitting not all but a part of packet.

A novel total harmonic distortion (THD) measuring technique is proposed. A modified Volterra series using harmonics in place of powers of the sinusoidal input is used to identify the nonlinear models of the source and the device under test (DUT). The least-mean square (LMS) adaptive algorithm is applied for identification. While maintaining comparable speed and accuracy this technique provides a more flexible test procedure than conventional methods, in terms of the frequency resolution, the number of samples, and the sampling rate. It outperforms conventional methods when there is a bin energy leakage, which occurs in a non-coherent system. In addition, it is real-time computing while other conventional methods post process blocks of data. Simulation results collaborate the analytical results.

An efficient algorithm is presented for finding all solutions of piecewise-linear resistive circuits containing sophisticated transistor models such as the Gummel-Poon model or the Shichman-Hodges model. When a circuit contains these nonseparable models, the hybrid equation describing the circuit takes a special structure termed pairwise-separability (or tuplewise-separability). This structure is effectively exploited in the new algorithm. A numerical example is given, and it is shown that all solutions are computed very rapidly.

In this study, after focussing on an energy (or intensity) scaled variable of acoustic systems, first, a new regression analysis method is theoretically proposed by introducing a multiplicative noise model suitable to the positively scaled stocastic system. Then, the effectiveness of the proposed method is confirmed experimentally by applying it to the actual acoustic data.

This paper describes a method of coding image sequences based on global/local motion information. The suggested method initially estimates global motion parameters and segments a target region from a given image. Then we coded background and target region by assigning more bits to the target region and less bits to background in order to reconstruct the target region with high quality. Simulations show that the suggested algorithm has better result than the existing methods, especially in the circumstances where background changes and target region is small enough compared with that of background.

We introduce the interval set of a graph G which is a representation of the proper-path-decomposition of G, and show a linear time algorithm to construct an optimal interval set for any tree T. It is shown that a proper-path-decomposition of T with optimal width can be obtained from an optimal interval set of T in O(n log n) time.

In this paper, we compute entropies and average mutual informations for a 'choseong,' a 'jungseong,' and a 'jongseong' in multi-syllable Korean words. In these computations, we consider the property that each Korean syllable is divided into a 'choseong,' a 'jungseong,' and a 'jongseong' which are a consonant, a vowel, and a consonant, respectively, without exception. We compute entropies and average mutual informations for a 'choseong,' a 'jungseong,' and a 'jongseong' from the cumulative frequency of Korean syllables with respect to word length and syllable location in a word. We compute average mutual informations for a syllable and for a 'choseong,' a 'jungseong,' and a 'jongseong' between the two adjacent syllables in a word. The correlation between the two adjacent syllables in a word is not large on the average.

A simple method is presented to calculate the parasitic capacitance effect in the propagation delay of series-connected MOS (SCM) structures. This method divides SCM circuits into two parts and accurately calculates the contribution of each part to the difference from the delay without parasitic capacitances.