Jiaxin WU Bing LI Li ZHAO Xinzhou XU
Maaki SAKAI Kanon HOKAZONO Yoshiko HANADA
Xuecheng SUN Zheming LU
Yuanhe WANG Chao ZHANG
Jinfeng CHONG Niu JIANG Zepeng ZHUO Weiyu ZHANG
Xiangrun LI Qiyu SHENG Guangda ZHOU Jialong WEI Yanmin SHI Zhen ZHAO Yongwei LI Xingfeng LI Yang LIU
Meiting XUE Wenqi WU Jinfeng LUO Yixuan ZHANG Bei ZHAO
Rong WANG Changjun YU Zhe LYU Aijun LIU
Huijuan ZHOU Zepeng ZHUO Guolong CHEN
Feifei YAN Pinhui KE Zuling CHANG
Manabu HAGIWARA
Ziqin FENG Hong WAN Guan GUI
Sungryul LEE
Feng WANG Xiangyu WEN Lisheng LI Yan WEN Shidong ZHANG Yang LIU
Yanjun LI Jinjie GAO Haibin KAN Jie PENG Lijing ZHENG Changhui CHEN
Ho-Lim CHOI
Feng WEN Haixin HUANG Xiangyang YIN Junguang MA Xiaojie HU
Shi BAO Xiaoyan SONG Xufei ZHUANG Min LU Gao LE
Chen ZHONG Chegnyu WU Xiangyang LI Ao ZHAN Zhengqiang WANG
Izumi TSUNOKUNI Gen SATO Yusuke IKEDA Yasuhiro OIKAWA
Feng LIU Helin WANG Conggai LI Yanli XU
Hongtian ZHAO Hua YANG Shibao ZHENG
Kento TSUJI Tetsu IWATA
Yueying LOU Qichun WANG
Menglong WU Jianwen ZHANG Yongfa XIE Yongchao SHI Tianao YAO
Jiao DU Ziwei ZHAO Shaojing FU Longjiang QU Chao LI
Yun JIANG Huiyang LIU Xiaopeng JIAO Ji WANG Qiaoqiao XIA
Qi QI Liuyi MENG Ming XU Bing BAI
Nihad A. A. ELHAG Liang LIU Ping WEI Hongshu LIAO Lin GAO
Dong Jae LEE Deukjo HONG Jaechul SUNG Seokhie HONG
Tetsuya ARAKI Shin-ichi NAKANO
Shoichi HIROSE Hidenori KUWAKADO
Yumeng ZHANG
Jun-Feng Liu Yuan Feng Zeng-Hui Li Jing-Wei Tang
Keita EMURA Kaisei KAJITA Go OHTAKE
Xiuping PENG Yinna LIU Hongbin LIN
Yang XIAO Zhongyuan ZHOU Mingjie SHENG Qi ZHOU
Kazuyuki MIURA
Yusaku HIRAI Toshimasa MATSUOKA Takatsugu KAMATA Sadahiro TANI Takao ONOYE
Ryuta TAMURA Yuichi TAKANO Ryuhei MIYASHIRO
Nobuyuki TAKEUCHI Kosei SAKAMOTO Takuro SHIRAYA Takanori ISOBE
Shion UTSUMI Kosei SAKAMOTO Takanori ISOBE
You GAO Ming-Yue XIE Gang WANG Lin-Zhi SHEN
Zhimin SHAO Chunxiu LIU Cong WANG Longtan LI Yimin LIU Zaiyan ZHOU
Xiaolong ZHENG Bangjie LI Daqiao ZHANG Di YAO Xuguang YANG
Takahiro IINUMA Yudai EBATO Sou NOBUKAWA Nobuhiko WAGATSUMA Keiichiro INAGAKI Hirotaka DOHO Teruya YAMANISHI Haruhiko NISHIMURA
Takeru INOUE Norihito YASUDA Hidetomo NABESHIMA Masaaki NISHINO Shuhei DENZUMI Shin-ichi MINATO
Zhan SHI
Hakan BERCAG Osman KUKRER Aykut HOCANIN
Ryoto Koizumi Xiaoyan Wang Masahiro Umehira Ran Sun Shigeki Takeda
Hiroya Hachiyama Takamichi Nakamoto
Chuzo IWAMOTO Takeru TOKUNAGA
Changhui CHEN Haibin KAN Jie PENG Li WANG
Pingping JI Lingge JIANG Chen HE Di HE Zhuxian LIAN
Ho-Lim CHOI
Akira KITAYAMA Goichi ONO Hiroaki ITO
Koji NUIDA Tomoko ADACHI
Yingcai WAN Lijin FANG
Yuta MINAMIKAWA Kazumasa SHINAGAWA
Sota MORIYAMA Koichi ICHIGE Yuichi HORI Masayuki TACHI
Sendren Sheng-Dong XU Albertus Andrie CHRISTIAN Chien-Peng HO Shun-Long WENG
Zhikui DUAN Xinmei YU Yi DING
Hongbo LI Aijun LIU Qiang YANG Zhe LYU Di YAO
Yi XIONG Senanayake THILAK Yu YONEZAWA Jun IMAOKA Masayoshi YAMAMOTO
Feng LIU Qian XI Yanli XU
Yuling LI Aihuang GUO
Mamoru SHIBATA Ryutaroh MATSUMOTO
Haiyang LIU Xiaopeng JIAO Lianrong MA
Ruixiao LI Hayato YAMANA
Riaz-ul-haque MIAN Tomoki NAKAMURA Masuo KAJIYAMA Makoto EIKI Michihiro SHINTANI
Kundan LAL DAS Munehisa SEKIKAWA Tadashi TSUBONE Naohiko INABA Hideaki OKAZAKI
In this paper, we propose a new type of authentication system, one-time zero-knowledge authentication system. Informally speaking, in this authentication system, double usage of the same authentication is prevented. Based on these one-time zero-knowledge authentication systems, we propose a new untraceable electronic cash scheme satisfying both untraceability and unreusablity. This scheme overcomes the problems of the previous scheme proposed by Chaum, Fiat and Naor through its greater efficiency and provable security under reasonable cryptographic assumptions. We also propose a scheme, transferable untraceable electronic cash scheme, satisfying transferability as well as the above two criteria. Moreover, we also propose a new type of electronic cash, untraceable electronic coupon ticket, in which the value of one piece of the electronic cash can be subdivided into many pieces.
Eiichiro FUJISAKI Tatsuaki OKAMOTO
This paper proposes practical escrow cash schemes with particular emphasis on countermeasures against social crimes such as money laundering and extortion. The proposed cash schemes restrict "unconditional" privacy in order to prevent these social crimes while preserving off-line-ness, divisibility and transferability, properties listed in [25] as criteria for ideal cash schemes.
This paper proposes a secure electronic sealed-bid auction protocol (SEAP) that provides an auction service on the Internet by combining three providers: an auction service provider, a key service provider, and a time service provider. The SEAP uses public key cryptography and the concept of a time-key certificate. The most important property of this protocol is that time-dependent security requirements can be strictly satisfied. The SEAP satisfies the following nine security requirements: (a) no one can deny having made a bid; (b) the protocol should be secure against malicious acts; (c) no bidder can act for another bidder; (d) no one can know who else is bidding until the time comes for the bids to be opened; (e) no one can discover the contents of any of the bids until the time comes for the bids to be opened; (f) the successful bid must have been submitted before the bidding deadline; (g) all bidders can verify that the auction policy has been correctly implemented; (h) the successful bidder can be identified without being required to make himself or herself known; and (i) the bidding contents cannot be altered. The protocol consists of three subprotocols: the Registration Subprotocol, the Bidding Subprotocol, and the Auction Subprotocol. The protocol parameters and algorithm are described in detail.
Hiromichi ITO Seiichi SUSAKI Masato ARAI Minoru KOIZUMI Kazuo TAKARAGI
A group-oriented cipher communication method is developed and implemented on a WWW-based (World Wide Web) network system. In this method, a group key common to all entities of the group is generated based on the group name or the identities of entities belonging to the group. The group key, in turn, is used for encrypting the data being shared among the group via the WWW server. The data theft at the WWW cache sites on the intermediate communication line is prevented, establishing a unified feature of the good WWW cache performance and security. A prototype of our method proved the feasibility and the efficiency.
Hikaru MORITA Hideki ODAGI Kazuo OHTA
This paper proposes to apply random mapping methods of a pseudo random function to find collisions of a hash function. We test a hash function including a block cipher (see ISO/IEC 10118-2) with computers, where users can select its initial vector. In particular, the paper shows that a hash function with multiple stages generates a lot of collision hash values, so our probabilistic consideration of a small model for the hash function well explains the computational results. We show that it's feasible to find collisions between the selected messages in advance for 64-bit-size hash functions with WSs linked via an ordinary LAN (Local Area Network). Thus, it is dangerous to use the hash function -- single block mode -- defined in [6] and [7].
S-boxes (vector output Boolean functions) should satisfy cryptographic criteria even if some input bits (say, k bits) are kept constant. However, this kind of security has been studied only for scalar output Boolean functions. SAC (k) is a criterion for scalar output Boolean functions of this type. This paper studies a generalization of SAC (k) to vector output Boolean functions as the first step toward the security of block ciphers against attacks which keep some input bits constant. We first show a close relationship between such Boolean functions and linear error correcting codes. Then we show the existence, bounds and enumeration of vector Boolean functions which satisfy the generalized SAC (k). A design method and examples are also presented.
In Asiacrypt '96, Bleichenbacher et al. showed the upper limit of the efficiency of one-time digital signature scheme using a directed graph of tree structure as its base. They also claimed that there exists more effective signature scheme on general directed graphs, and showed an example of a method to construct more effective signature schemes as a witness. Unfortunately, their example does not achieve the efficiency as they claimed. This paper shows the upper limit of the efficiency of the signature scheme on general directed graphs by showing no signature scheme is more effective than the optimal signature scheme on trees (or forests). Further, we introduce another signature scheme named pseudo k-time signature scheme. This signature scheme allows signers to sign k-time which is no less efficient than the one time signature scheme.
Kazuomi OISHI Masahiro MAMBO Eiji OKAMOTO
In this paper a public key certification scheme, which protects privacy of user of the public key certificate, is proposed. In the proposed scheme a certification authority issues anonymous public key certificates, with which a certificate user having his/her own secret key can make use of public key cryptography and a certificate verifier can confirm the authenticity of the cryptographic communication of the certificate user. The anonymity of their users is preserved against the verifier. In general, user's activities should not be linked each other from the viewpoint of privacy protection. The use of the same certificate results in the linkage of the cryptographic communications. So, ideally, a certificate should be used only once, and such a certificate is called a one-time certificate. In the proposed scheme one-time certificates are realized with low cost of communication and computation for the certificate user. Multiple certificates can be issued without interaction between CA and the user. The additional computation of the user to obtain a new anonymous public key certificate is one modular exponentiation. In addition, only one secret key is required for multiple certificates. Therefore, the proposed scheme is useful for applications which require anonymity, unlinkability, and efficiency.
Fiat-Shamir's identification and signature scheme is efficient as well as provably secure, but it has a problem in that the transmitted information size and memory size cannot simultaneously be small. This paper proposes an identification and signature scheme which overcomes this problem. Our scheme is based on the difficulty of extracting theL-th roots modn (e. g.L=2
Noboru KUNIHIRO Hirosuke YAMAMOTO
The addition chain (A-chain) and addition-subtraction chain (AS-chain) are efficient tools to calculate power Me (or multiplication eM), where integere is fixed andM is variable. Since the optimization problem to find the shortest A (or AS)-chain is NP-hard, many algorithms to get a sub-optimal A (or AS)-chain in polynomial time are proposed. In this paper, a window method for the AS-chain and an extended window method for the A-chain and AS-chain are proposed and their performances are theoretically evaluated by applying the theory of the optimal variable-to-fixed length code, i. e. , Tunstall code, in data compression. It is shown by theory and simulation that the proposed algorithms are more efficient than other algorithms in practical cases in addition to the asymptotic case.
Masaki TAKEDA Takeshi HAMADE Kazuyuki HISAMATSU Toshinobu KANEKO
In the linear cryptanalysis (LC), to decrease the number of plain/cipher text pairs required for successful attack against DES, it is necessary to improve the effectiveness of the linear approximate expression and to decrease the number of key bits in the expression to be exhaustively searched for. In the previous work, we proposed a linear sieve method to improve the effectiveness of the linear approximate expression. On the other hand, the number of key bits increased. To suppress the number of key bits, we propose Fixed Sieve Linear Cryptanalysis (FS-LC) with fixed sieve key of the linear sieve method. With FS-LC against 8-round DES, we showed the number of plain/cipher text pairs required for sucessful attack is less than that of LC. Furthmore, we extended FS-LC with Kaliski's techniques using the multiple linear approximate expressions to intoroduce Fixed Sieve multiple Linear Cryptanalysis (FS-mLC). With FS-mLC against 8-round DES, computer simulation revealed that it is possible to solve its encryption-key with 220 plain/cipher text pairs. The number of pairs is about a half of the Matsui's 1-round linear cryptanalysis cases.
Kazumaro AOKI Kazuo OHTA Shiho MORIAI Mitsuru MATSUI
This paper applies linear cryptanalysis to FEAL and describes the experimental results of attacking FEAL-8 by linear cryptanalysis. The following points are important in linear cryptanalysis to reduce the processing amount and memory size in the attack: 1) to find linear expressions with as high a deviation as possible, and 2) to reduce the number of effective key bits and effective text bits. We have succeeded in attacking FEAL-8 in about 1 hour on a low-end workstation (SPARCstation 10 Model 30). We have confirmed that the entire set of subkeys of FEAL-8 can be derived from 225 known plaintexts with a success rate of over 70%, and from 226 known plaintexts with a success rate of almost 100%.
Kazumaro AOKI Kunio KOBAYASHI Shiho MORIAI
This paper presents the results of the best differential characteristic search of FEAL. The search algorithm for the best differential characteristic (best linear expression) was already presented by Matsui, and improvements on this algorithm were presented by Moriai et al. We further improve the speed of the search algorithm. For example, the search time for the 7-round best differential characteristic of FEAL is reduced to about 10 minutes (Pentium/166 MHz), which is about 212. 6 times faster than Matsui's algorithm. Moreover, we determine all the best differential characteristics of FEAL for up to 32 rounds assuming all S-boxes are independent. As a result, we confirm that the N-round (7
A multiple signature scheme proposed in [1] is proved to be insecure.
This letter gives a study of additionY=X+K mod 2w which is used in some cryptosystems as RC5. Our results enables us to express the differential and linear probability of addition as a function of addendK. To detect a good differential characteristics or linear approximation of a cryptosystem in which extended key is used as addend, we need to consider how the characteristics or approximations behave depending upon the value of the addend, which are clarified by our results.
Koichi TANNO Jing SHEN Okihiko ISHIZUKA Zheng TANG
In this paper, a threshold voltage (VT) cancellation circuit for neuron-MOS (νMOS) analog circuits is described. By connecting the output terminal of this circuit with one of the input terminals of the νMOS transistor, cancellation ofVT is realized. The circuit has advantages of ground-referenced output and is insensitive to the fluctuation of bias and supply voltages. Second-order effects, such as the channel length modulation effect, the mobility reduction effect and device mismatch of the proposed circuit are analyzed in detail. Low-power and high-swing νMOS cascode current mirror is presented as an application. Performance of the proposed circuits is confirmed by HSPICE simulation with MOSIS 2. 0 µ p-well double-poly and double-metal CMOS device parameters.
Tateo YAMAOKA Takayuki NAKACHI Nozomu HAMADA
This paper presents two types of two-dimensional (2-D) adaptive beamforming algorithm which have high rate of convergence. One is a linearly constrained minimum variance (LCMV) beamforming algorithm which minimizes the average output power of a beamformer, and the other is a generalized sidelobe canceler (GSC) algorithm which generalizes the notion of a linear constraint by using the multiple linear constraints. In both algorithms, we apply a 2-D lattice filter to an adaptive filtering since the 2-D lattice filter provides excellent properties compared to a transversal filter. In order to evaluate the validity of the algorithm, we perform computer simulations. The experimental results show that the algorithm can reject interference signals while maintaining the direction of desired signal, and can improve convergent performance.
James OKELLO Yoshio ITOH Yutaka FUKUI Masaki KOBAYASHI
An adaptive infinite impulse response (IIR) filter implemented using an allpass and a minimum phase system has an advantage of its poles converging to the poles of the unknown system when the input is a white signal. However, when the input signal is colored, convergence speed deteriorates considerably, even to the point of lack of convergence for certain colored signals. Furthermore with a colored input signal, there is no guarantee that the poles of the adaptive digital filter (ADF) will converge to the poles of the unknown system. In this paper we propose a method which uses a linear predictor filter to whiten the input signal so as to improve the convergence characteristic. Computer simulation results confirm the increase in convergence speed and the convergence of the poles of the ADF to the poles of the unknown system even when the input is a colored signal.
An oversampling theorem for regular sampling in wavelet subspaces is established. The sufficient-necessary condition for which it holds is found. Meanwhile the truncation error and aliasing error are estimated respectively when the theorem is applied to reconstruct discretely sampled signals. Finally an algorithm is formulated and an example is calculated to show the algorithm.
For given integerp, a flow networkNwithn vertices, and sources inN, a problem of finding location ofp sinks inN which maximize the value of maximum flow from sources to sinks is calledp-collection problem. This problem is NP-hard even if a given network is a tree, but a pseudo-polynomial time algorithm is possible for such a network. This paper proposes a new pseudo-polynomial time algorithm for a tree-type network, which is simpler and more efficient than the previous algorithm, and has time complexity of O(p2n2Cc
The Cuong DINH Takeshi HASHIMOTO
Recently reported multidimensional geometrically uniform signal constellations (L
We propose new key exchange and authentication protocols, which are efficient in protecting a poorly-chosen weak secret from guessing attacks, based on the use of a one-time pad and a strong one-way hash function. Cryptographic protocols assume that a strong secret should be shared between communication participants for authentication, in the light of an ever-present threat of guessing attacks. Cryptographically long secret would be better for security only if ordinary users could remember it. But most users choose an easy-to-remember password as a secret and such a weak secret can be guessed easily. In our previous work, we made much of introducing a basic concept and its application. In this paper, we describe our idea in more detail and propose more protocols which correspond to variants of our basic protocol using well-defined notations. Formal verification and efficiency comparison of the proposed protocols are also presented. By our scheme the password guessing attacks are defeated efficiently, and a session key is exchanged and participants are authenticated securely.
Petri nets are one of useful models for discrete event systems in which liveness problem as well as reachability problem is one of big issues. But, it has not been completely solved from the point of view of useful initial-marking-based liveness conditions in general Petri nets. In this paper, to guarantee local liveness (i. e. , liveness underMoD) for each minimal deadlock (MSDL),ND=(SD,TD,FD,MoD), with real deadlock-trap structure, it is shown that the minimum number of required live minimal structural traps (MSTRs),NT=(ST,TT,FT,MoT) s. t. SD
Shougang REN Yosuke ARAKI Yoshitaka UCHINO Shuichi KUROGI
This paper focuses on competitive learning algorithms for WTA (winner-take-all) networks which perform rotation invariant pattern classification. Although WTA networks may theoretically be possible to achieve rotation invariant pattern classification with infinite memory capacities, actual networks cannot memorize all input data. To effectively memorize input patterns or the vectors to be classified, we present two algorithms for learning vectors in classes (LVC1 and LVC2), where the cells in the network memorize not only weight vectors but also their firing numbers as statistical values of the vectors. The LVC1 algorithm uses simple and ordinary competitive learning functions, but it incorporates the firing number into a coefficient of the weight change equation. In addition to all the functions of the LVC1, the LVC2 algorithm has a function to utilize under-utilized weight vectors. From theoretical analysis, the LVC2 algorithm works to minimize the energy of all weight vectors to form an effective memory. From computer simulation with two-dimensional rotated patterns, the LVC2 is shown to be better than the LVC1 in learning and generalization abilities, and both are better than the conventional Kohonen self-organizing feature map (SOFM) and the learning vector quantization (LVQ1). Furthermore, the incorporation of the firing number into the weight change equation is shown to be efficient for both the LVC1 and the LVC2 to achieve higher learning and generalization abilities. The theoretical analysis given here is not only for rotation invariant pattern classification, but it is also applicable to other WTA networks for learning vector quantization.
In the circumstances we want to deal with, transmission channel is limited and global motion can happen by camera movement, and also there exists a region-of-interest (ROI) which is more important than background. So very low bit rate coding algorithm is required and processing of global motion must be considered. Also ROI must be reconstructed with required quality after decoding because of its importance. But the existing methods such as H. 261, H. 263 are not suitable for such situations because they do not compensate global motion, which needs large amount of transmission bits in motion information and degrades image quality. And also they can not reconstruct ROI's with high quality because they do not consider the fact that ROI's are more important than background. So a new coding scheme is proposed that describes a method for encoding image sequences distinguishing bits between ROI and background. Simulations show that the suggested algorithm performs well especially in the circumstances where background changes and the area of ROI is small enough compared with that of background.
Xuedong YANG Masayuki KAWAMATA Tatsuo HIGUCHI
This letter proposes a Perfect-Reconstruction (PR) encryption scheme based on a PR QMF bank. Using the proposed scheme, signals can be encrypted and reconstructed perfectly by using two Periodically Time-Varying (PTV) digital filters respectively. Also we find that the proposed scheme has a "good" encryption effect and compares favorably with frequency scramble in the aspects of computation complexity, PR property, and degree of security.
Andong SHENG Satoshi YAMAGUCHI Hidekiyo ITAKURA
In this paper, a new nonlinear integrator with positive phase shifts is proposed. Results of the digital simulation show that the nonlinear integrator has a better performance than the conventional one in a control system.