Yuji Sugiyama

Unlinkable Divisible Electronic Cash

Recently, some divisible electronic cash (e-cash) systems have been proposed. However, in existing divisible e-cash systems, efficiency or unlinkability is not sufficiently accomplished. In the existing efficient divisible cash systems, all protocols are conducted in the order of the polynomial of log N where N is the divisibility precision (i.e., (the total coin amount)/ (minimum divisible unit amount)), but payments divided from a coin are linkable (i.e., anyone can decide whether the payments are made by the same payer). The linked payments help anyone to trace the payer, if N is large. On the other hand, in the existing unlinkable divisible e-cash system, the protocols are conducted in the order of the polynomial of N, and thus it is inefficient for large N. In this paper, an unlinkable divisible e-cash system is proposed, where all protocols are conducted in the order of (log N)2.

Unlinkable Electronic Coupon Protocol with Anonymity Control

In a variant of the electronic cash protocol, an electronic coupon protocol, a withdrawn coin is divided into many sub-coins whose face values are fixed in advance, and the sub-coins are only used in payments. The original coin is called ticket and the sub-coins are called sub-tickets. The electronic cash protocol should satisfy not only the anonymity that the payer cannot be traced from the payments, but also the unlinkability. The unlinkability means that anyone cannot determine whether payments were made by the same payer. If the unlinkability does not hold, tracing the payer from one payment leads to tracing the payer from all his/her payments, and the link between the payments also facilitates the de-anonymization. In the previously proposed electronic coupon protocol, payments of sub-tickets derived from the same ticket are linkable. Since the complete anonymity of payments facilitates fraud and criminal acts, the electronic cash protocols should equip the revocation of the anonymity. In this paper, an electronic coupon protocol is proposed, where all payments are unlinkable but the anonymity of the payments can be revoked.

A Group Signature Scheme with Efficient Membership Revocation for Reasonable Groups

Though group signature schemes with efficient membership revocation were proposed, the previous schemes force a member to obtain a public membership information of O(l n N) bits, where l n is the length of the RSA modulus and N is the number of members joining and removed. In the scheme proposed in this paper, the public membership information has only K bits, where K is the number of members’ joining. Then, for groups with a reasonable size that is comparable to the RSA modulus size (e.g., about 1000 members for 1024 bit RSA modulus), the public membership information is a single small value only, while the signing/verification also remains efficient.

An Efficient Online Electronic Cash with Unlinkable Exact Payments

Though there are intensive researches on off-line electronic cash (e-cash), the current computer network infrastructure sufficiently accepts on-line e-cash. The on-line means that the payment protocol involves with the bank, and the off-line means no involvement. For customers’ privacy, the e-cash system should satisfy unlinkability, i.e., any pair of payments is unlinkable w.r.t. the sameness of the payer. In addition, for the convenience, exact payments, i.e., the payments with arbitrary amounts, should be also able to performed. In an existing off-line system with unlinkable exact payments, the customers need massive computations. On the other hand, an existing on-line system does not satisfy the efficiency and the perfect unlinkability simultaneously. This paper proposes an on-line system, where the efficiency and the perfect unlinkability are achieved simultaneously.

Sealed-Bid Auctions with Efficient Bids

Efficient general secure multiparty computation (MPC) protocols were previously proposed, and the combination with the efficient auction circuits achieves the efficient sealed-bid auctions with the full privacy and correctness. However, the combination requires that each bidder submits ciphertexts of bits representing his bid, and their zero-knowledge proofs. This cost amounts to about 80 multi-exponentiations in usual case that the bid size is 20 bits (i.e. about 1,000,000 bid prices). This paper proposes the sealed-bid auction protocols based on the efficient MPC protocols, where a bidder can submit only a single ciphertext. The bidder’s cost is a few multi-exponentiations, and thus the proposed protocols are suitable for mobile bidders.

A Group Signature Scheme with Efficient Membership Revocation for Middle-Scale Groups *

This paper proposes a group signature scheme with efficient membership revocation. Though group signature schemes with efficient membership revocation based on a dynamic accumulator were proposed, the previous schemes force a member to change his secret key whenever he makes a signature. Furthermore, for the modification, the member has to obtain a public membership information of O(lnN) bits, where ln is the length of the RSA modulus and N is the total number of joining members and removed members. In our scheme, the signer needs no modification of his secret, and the public membership information has only K bits, where K is the maximal number of members. Then, for middle-scale groups with the size that is comparable to the RSA modulus size (e.g., up to about 1000 members for 1024 bit RSA modulus), the public membership information is a single small value only, while the signing/verification also remains efficient.

ASL program written in abstract sequential machine style and its compiler

The algebraic method as a formal approach in the design and development of the program has earned attention. The authors, in order to examine its usefulness, have defined the algebraic language ASL and constructed the ASL program developing system. But many problems concerning the compiler remain to be solved. The algebraic language ASL contains an abstract sequential machine style of description, and there exists a large number of problems that can be described in a natural way by this style. This paper proposes a method of constructing the compiler for the abstract sequential machine style program in the ASL program development system as well as of improving the execution efficiency of the object code. The usefulness of those methods are examined.

Timing verification of asynchronous sequential circuits with specifications—A method of reducing state transitions to be verified in detail

One of the important issues in the asynchronous sequential circuit is to verify that the state transitions as stated in the specification occur even if there is a delay variation in the element. When the exiting timing verification method is applied to this problem, however, the transient and other states must be examined, which requires an exponentially long time in the verification. This paper presents a formal procedure based on the circuit structure and the relation between the specification and the circuit, where the state transition to induce the transition in the specification is determined and the state transition to be verified in detail is restricted without generating the transient and other states. First, the time-invariant input values and state variable values are considered, and a sufficient condition is given for the above restriction. The sufficient condition ensures that the state transition occurs as is stated in the specification, independently of the element delay. A decision procedure for the sufficient condition is presented, and the time complexity is examined. It is shown that the proposed method is useful in reducing the verification time compared to the existing verification method. The sufficient condition is applied to sample circuits, and it is shown that the detailed verification can be omitted by the factor of 16/17 for the ring arbiter, and 20/24 for the D flip-flop. Thus, it is expected that the time for the verification can be reduced greatly by the proposed method.

A method of shortening metastable operation duration time by the use of feedback

If metastable operation (MS operation) occurs in conflict-resolving circuits, propagation delay time of flip-flop (FF) increases by the amount of its duration time and a malfunction may occur. This paper proposes a method of shortening duration time of MS operation that occurs when two inputs of RSFF consisting of CMOS NAND gates are switched from logic 0 to 1 approximately at the same instant. The MS operation is detected and fed back to inputs so that it is forced to terminate. A configuration of RSFF that has feedback based on this idea is first presented, and then a principle of shortening MS operation duration time follows. Then, considering implementation of RSFF by n-well process, feedback connection and MOSFET parameters are optimized. Although hardware increases slightly by addition of feedback, the result shows the MS operation duration time increase rate against input phase difference (switching time difference of two inputs of RSFF), and the range of input phase difference for MS operation incidence are reduced by approximately 1/4 and 1/3, respectively, compared with conventional methods.

Minimum test sets for locally exhaustive testing of combinational circuits with five outputs

In this paper, features of dependence matrices of combinational circuits with five outputs are discussed, and it is shown that a minimum test set for locally exhaustive testing of such circuits always has 2/sup w/ test patterns, where w is the maximum number of inputs on which any output depends.<<ETX>>