This paper describes an attack that allows plural verifiers to check the validity of a signature simultaneously in Chaum's zero knowledge undeniable signature scheme, where if a malicious person takes part in the attack procedure as one verifier, the non-transitivity of a signature is suspect, and also proposes countermeasures to the attack.

This paper shows a collision free hash function which is based on the r-th residue cryptosystem (not based on the claw free pairs). In the proposed method, finding a collision pair is as hard as factorization.

In this paper, we investigate constant round zero knowledge interactive proofs (ZKIP) of knowledge comparing them with the ones for membership of languages. Our result is that there exist non-trivial problems that have five move perfect ZKIP's of knowledge without any unproven assumption. To do this, we construct a knowledge extractor for a five move zero knowledge protocol, which was proposed as the membership of the language of graph isomorphism by Bellare, Micali, and Ostrovsky.

This paper presents an efficient ZKIP for SAT by using the K-th reisude cryptosystem. The proposed ZKIP is generalized to a ZKIP for the following problem. Let F_i(i=1, 2, , m) be a rational function over mod K. Given {F_i}, does there exist (x₁, x₂, , x_n) such that F_i(x₁, x₂, , x_n)=0 mod K for i=1, 2, , m?

We give a characterization for the intractability of hyperelliptic discrete logarithm problem from a viewpoint of computational complexity theory. It is shown that the language of which complexity is equivalent to that of the hyperelliptic discrete logarithm problem is in NP co-AM, and that especially for elliptic curves, the corresponding language is in NP co-NP. It should be noted here that the language of which complexity is equivalent to that of the discrete logarithm problem defined over the multiplicative group of a finite field is also characterized as in NP co-NP.

Most number-theoretic cryptosystems are constructed based on a modular exponentiation, which requires a large number of processing steps. Therefore, one of the most significant problems in cryptographic research is how to reduce the time needed to carry out a modular exponentiation operation. This paper proposes an improved modular exponentiation algorithm using a new table-look-up method. On executing a modular exponentiation computation, first, it must be decomposed efficiently into a series of modular multiplications. For this decomposition, the Binary method is used in this paper. When the Binary method is so implemented as to process the exponent in the-most-significant-bit-first manner, multiplier M, as well as modulus N, can also be considered as a common constant in 1/3 of the decomposed modular multiplications. Thus, with some additional procedure, one can compute beforehand the residues concerning M and N. This makes it possible to process the multiplication and reduction simultaneously. This algorithm is faster than conventional ones which take into account only that the modulus N can be considered a constant. The effectiveness of the proposed method is investigated with an evaluation model proposed in this paper and evaluated by software implemented on a engineering workstation and on a digital signal processor. The evaluation model indicates that the proposed method reduces the execution time by 17% compared with a conventional table-look-up method, if bit length k of modulus N is sufficiently large. The corresponding figure in the computer simulation is 14% for k=512.

A new cipher scheme is created based on the cryptographic algorithm FEAL. This scheme can realize cipher functions with speeds of up to 1 Gbits/s. FEAL can efficiently randomize messages (plaintext) to cryptograms (ciphertext). Moreover, FEAL provides for compact software implementation and can yield the different security levels demanded by users. FEAL is implemented means of a 400-byte program on a microprocessor; processing speeds are in excess of 64 kbits/s. For higher-speed applications, a FEAL-LSI is developed which can be combined to form multiple FEAL-LSI machines. This paper presents hardware methods to construct a high-speed low-cost encipherment LSI together with a faulttolerant encipherment equipment set that employs a parallel configuration and multiple custom LSIs. Prototype FEAL-LSIs are tested and an equipment set using five FEAL-LSIs is constructed. Measured throughputs of the LSI and the set are 96 Mbits/s and 320 Mbits/s, respectively.

The differential cryptanalysis method developed by E. Biham et al. presented a new index of cryptographic strength, i.e. signal to noise ratio (S/N). Their paper estimates S/N only for DES-like functions, i.e., cryptographic function based on iterating the same weak function n times. Other types such as including both stronger and weaker functions have not yet been examined. This paper examines the N-stage MULTI2 cipher algorithm to calculate S/N and shows there are many fast cipher algorithms having small S/N property.

This paper studies the evaluation of information flow and access guard mechanism in information system, based on process requirements occured at business and security requirements which prohibit information leakage to subjects of "conflict of interest". For the evaluation, process requirements are described by read, append matrix of subject row and object column (S-O matrix), and then the S-O matrix is evaluated by security requirements. The method of the evaluation is the following, (1) it is prohibited that two conflicting subjects can directly read or append to each other's objects, (2) a subject that have a possibility of information leakage must be observed.

We discuss how to design mechanically an information processing system presented with two independent requirements, one of which shows information flow to perform some process and one which prohibits illegal information flow. To do this, we introduce one well-known security model the "Bell and LaPadula model" and formulate this design problem. This problem then becomes a security level assignment problem. We show that the design possibilities and level assignment can be mechanically solved by expressing the inequalities in graph theoretical form and by using an analytical method of graph theory.

In this letter, we discuss the conspiracy problem of the ID-based cryptosystem. The trap by Shalkwijk coding is shown to be ineffective against Euclidean attack. Moreover, we clarify that Euclidean attack is equivalent to the integer solution of an over-sized matrix equation by which the generalized Tanaka's scheme may be easily and efficiently broken.

Some properties of the multiplication operator, which performs multiplication between two functions on PL transform domain is discussed. Then we derive an efficient generation algorithm for the multiplication operator. The flow diagram of the generation algorithm is also presented.

Piezoelectric acoustic waves propagating on glass film/ZnO film/glass substrate structures are theoretically studied. When the thickness of the overgrowth glass film is thin, there exist only the surface waves similar to the Rayleigh waves propagating on ZnO/glass structures. With increasing the overgrowth thickness, there appear the boundary waves, whose particle displacement and electric potential become large at the ZnO layer. The velocity dispersion (velocity vs. ZnO thickness) curve changes very much with increasing the glass thickness, and there appear both dispersive and non-dispersive regions, which correspond to the boundary and surface waves, respectively.