JP2003271055A - Window processor, window processing program, and recording medium therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To accelerate the previous operation speed of a ϕ-ary sliding window method. <P>SOLUTION: An previous operation part comprises a means which inputs a window size 'w' and a point P on an elliptic curve and calculates T<SB>i</SB>=ϕ<SP>i</SP>P (i=2, 3,..., w-1) by 'ϕ-multiplying (ϕ: Frobenius mapping) operation', a means which calculates T<SB>i</SB>±P (i=2, 3,..., w-1) by using Montgomery simultaneous inverse elements, a means which calculates T<SB>i</SB>±(ϕ<SP>2</SP>+1)P (i=4, 5,..., w-1), T<SB>i</SB>±(ϕ<SP>2</SP>-1)P (i=4, 5,..., w-1), T<SB>i</SB>±(ϕ<SP>3</SP>+1)P (i=5, 6,..., w-1), and T<SB>i</SB>±(ϕ<SP>3</SP>-1)P (i=5, 6,..., w-1) by the use of the Montgomery simultaneous inverse elements by using (ϕ<SP>2</SP>±1)P and (ϕ<SP>3</SP>±1)P as the calculation results, a means which adds and subtracts points already found similary and T<SB>i</SB>by using the Montgomery simultaneous inverse elements, and a means which generates a previous operation table by using the results obtained by the respective means. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an operation of elliptic curve cryptography used in information security technology, and more particularly to a window processing device and a window processing program applied when performing k times multiplication of a point on an elliptic curve. It relates to the recording medium.

[0002]

2. Description of the Related Art Elliptic curve cryptography has gained attention as a next-generation cryptography that will play an important role in the era of electronic commerce because it realizes the same level of security strength with a key length much shorter than that of the mainstream cryptosystems. There is. However, conventional elliptic curve cryptography
There is a problem in terms of decryption processing speed and security.
Safety research has been developed around the world. When public key cryptography or digital signature is realized on an elliptic curve, most of the processing time is spent for k times multiplication of points on the elliptic curve (k is an integer of 2 or more: for example, key, random number). Generally, an elliptic curve defined on a finite field GF (q) is used for encryption and signature. This is referred to as E / GF (q). q is a prime number or a power of a prime number. In the conventional mounting method, a prime number or 2 ^m (m is an integer of 1 or more) was often used for q.

It is possible to define addition or doubling for the point P on the elliptic curve. This is called “elliptic addition” or “ellipse doubling operation” to distinguish it from ordinary addition. Further, among the points on the elliptic curve, the unit element of addition is represented by O. A method is known in which "ellipse addition" and "ellipse doubling operation" are combined according to the result of binary expansion of k in order to configure k-fold operation, and it is called "binary method". . The procedure of the elliptic k times multiplication by the binary method will be described with reference to FIG. If k = 7 = (1,0,0, -1) ,.
Since the most significant bit is 1, O (unit element of addition) and P addition (+ P) are performed (elliptic addition). Since the next bit is 0, the result is doubled (elliptic double operation). .
Is the same as. .. is doubled, and since the least significant bit is -1, P subtraction (-P) is performed to obtain 7P.

The "sliding window method" is known as a method faster than the "binary method" (reference: "Handbook of Applied Cryptography", CRC Pres
s, pp.616 (1996)). This is because some odd multiples (3P, 5P, 7P, 9P, ...) Of point P are obtained in advance, and “a point in the middle of calculation is pre-computed according to the result of binary expansion of k. This is a method in which “ellipse addition with points” and “ellipse doubling operation” are combined. If the amount of pre-computation is increased by increasing the window size, the amount of computation of the main computation part in k-fold computation can be reduced, but since the amount of computation of the pre-computation itself increases, there is a trade-off here. The optimal window size depends on the number of bits of k (≈the number of bits of the key). Currently, the number of points to be pre-computed is not so large in the past, so in the past, this part was often calculated one by one using a simple method. However, in the future, when the number of bits of the key increases in order to ensure security due to the performance improvement of the computer, the optimum window size in the k-fold operation also increases, and therefore the amount of pre-calculation also increases. This increase is exponential, and if the amount of pre-computation can be reduced, the amount of computation for the entire k-fold computation can be reduced. As a method for performing this pre-calculation at high speed, the points expressed in affine coordinates are (2P), (3P, 4) using the Montgomery simultaneous inverse element.
P), (5P, 7P, 8P), ...
(Henri Cohen, Atsuko Miyaji, Takatoshi Ono, "Efficien
t elliptic curve exponentiation using mixed coordi
nates "Asiacrypt'98 (1998)" ,: hereinafter referred to as "Reference 1")
There is.

A procedure for calculating the elliptic k times by the sliding window method will be described with reference to FIG. k =
When 3395 = (110101000011) and window size w = 3, P _i = iP as a pre-calculation
(I = 1, 3, 5, 7) is calculated. . From the most significant bit to the non-zero bit so that the length becomes maximum at the window size w or less. In FIG. 5, in the case of (11) (that is, P ₃ addition), w = 2. O (Unit of addition)
Add P ₃ to. Since the next bit is 0, slide (101) (that is, add P ₅ ) and loop. Two
Add P ₅ to ⁴ (4 bit slide) x 3 P (result of). Since the next bit is 0, slide (1
1) (that is, P ₃ addition) is included. Add P ₃ to 2 ⁶ (6 bit slide) × 53P (result) and 3395
Get P

On the other hand, for a certain elliptic curve, k times multiplication may be possible using the "Frobenius map". This method is called “k-fold arithmetic by φ-adic expansion”.
For example, elliptic curve E / GF defined on GF (2)
(2) A method of multiplying the GF (2 ^m ) rational point (m is an integer of 2 or more) by k is proposed by Koblitz et al. Next, the elliptic curve and Frobenius map will be described. Against E / GF (2) on the GF (2 ^m) forms a group of rational points ^{E (GF (p m))} , can be defined calculation using the Frobenius map φ as follows. Definition 1 (Frobenius map) Point P = (x, y) on an elliptic curve, where x, yεGF
Automorphism map φ for (p) ': (x, y) →
(X ^p , y ^p ) is called a Frobenius map. GF (p) '
Represents an algebraic closed field of GF (p).

The Frobenius map φ is an automorphism on an elliptic curve, and if the k-fold map P → kP is represented as [k], then
Formula (1) is satisfied. φ ² − [t] φ + [p] = [0], −2√p <t <2√p (1) Equation (1) has an imaginary root, and depending on φ, when k is an integer
An operation different from [k] can be performed. φ is a value uniquely determined for a given elliptic curve, and its method of obtaining is known. The operation of Frobenius map can be generally performed at a higher speed than the elliptic curve addition. For example, when the element of GF (p ^m ) is represented by using the normal basis, the Frobenius map can be performed only by replacing the elements, and the calculation time can be ignored. Hereinafter, the operation of the Frobenius map will be referred to as “φ multiplication operation”. In the “k-fold operation by φ-advanced expansion”, kP is first converted into the form of the following expression (2) using φ. k = Σ _{i = 0} ^r c _i φ ⁱ (2) where −p <c _i <p, r≈ | k | (| k | represents the number of bits of k).

GF on E / GF (2) by Koblitz
(2 ^m ) A method for finding a rational point using "k-fold arithmetic by φ-adic expansion" (N. Koblitz, "CM-Curves with Good Crypt
graphic Properties, ”CRYPTO'91, pp.279-287 (1991))
Was proposed. This is called the "φ-adic binary method". This is performed by combining “elliptic addition” and “φ multiplication operation” in accordance with the result of φ-adic expansion of k as in the equation (2). A procedure for calculating the elliptic k times by the φ-advance expansion method will be described with reference to FIG. By an elliptic curve given a certain k

[Equation 1] In the case of φ-advanced expansion, since the most significant bit is 1, P is added (1) to O (unit element of addition). Since the next bit is 0, the result is multiplied by φ. The result of is multiplied by φ and P subtracted (-
Perform 1). The result of is multiplied by φ to obtain (φ ³ −φ) P. In addition, its improved version (JASolinas,
“An improved Algorithm for Arithmetic on a Family
of Elliptic Curves, ”CRYPTO'97, pp357-371 (1997))
Was proposed. This is called "φ-advance sliding window method". This is (φ ² −1) P, (φ ² +
1) P, (φ ³ -1) P, (φ ³ +1) P, ...
t form) expansion (expansion such that non-zero elements are not adjacent to each other), there is a method of performing a combination of “elliptic addition of a point in the middle of calculation and a pre-calculated point” and “φ multiplication”. Also in the "φ-advance sliding window method", since the number of points to be pre-calculated is not so large at present, conventionally, this part is often calculated one by one by a simple method.

The procedure for calculating the elliptic k times by the φ-advance sliding window method will be described with reference to FIG.
w = 4, the result of φ-adic NAF expansion of a certain k is

[Equation 2] , The window size w is 4, so that β ₃ P = (φ ² −1) P, β ₅ P =
(φ ² +1) P, β ₇ P = (φ ³ -1) P, β ₉ P = (φ ³ +1) P
Calculate and hold. . From the most significant bit (1,0,1)
And add with O (unit of addition). The result of is multiplied by φ ⁶ (slide 6 bits) and β ₉ P is subtracted ((-
1,0,0, −1) = − β ₉ ). The result of is φ ³ times (3
Bit-slide) and add P (1) to obtain β ₁₄₆₅ P.

[0010]

The "φ-sliding sliding window method" has the same problems as the "sliding window method". That is, if the pre-computation amount is increased by increasing the window size w, the computation amount of the main calculation part in the k-fold calculation can be reduced, but since the calculation amount of the pre-calculation itself increases, there is a trade-off here. There exists, and the optimal window size depends on the number of bits of k (≈number of bits of key). In the future, when the number of bits of the key increases to ensure security due to the improvement of computer performance, the optimum window size in k-fold arithmetic also increases, and therefore the amount of pre-computation also increases. This increase is exponential, and if the amount of pre-computation can be reduced, the amount of computation for the entire k-fold computation can be reduced.

Here, the first problem is that in the "φ-advance sliding window method", the pre-calculation method of Reference 1 cannot be applied in order to complete the pre-calculation at high speed. The reason is that in the pre-calculation method of Document 1, for example, (011) ₂ P + (010) ₂ P = (101)
It takes advantage of the fact that a calculation like ₂ P holds, but φ
In the operation between points that have a polynomial that has been expanded into a coefficient,

[Equation 3] The object of the present invention is "φ-advancing sliding window method".
Is the speedup of pre-calculation in.

[0012]

In order to solve the above-mentioned problems, the window processing apparatus according to the present invention is characterized in that the pre-calculation of the pre-calculation unit in the φ-adic sliding window method is performed as follows. . Let the window size be w. (1) By repeatedly applying the "φ multiplication operation", T _i = φ ⁱ P (i
= 2,3, ..., w-1) is calculated and stored in the memory. (2) Using T _i obtained in (1), T _i ± P (i = 2,
3, ..., W-1) is calculated using the Montgomery simultaneous inverse element and added to the pre-computation table. (3) Using (φ ² ± 1) P and (φ ³ ± 1) P obtained in (2), T _i ± (φ ² +1) P (i = 4, ..., w−
1), T _i ± (φ ² −1) P (i = 4, ..., w−1),
T _i ± (φ ³ +1) P (i = 5, ..., w-1), T _i ±
(Φ ³ −1) P (i = 5, ..., W−1) is calculated using the Montgomery simultaneous inverse element and added to the pre-computation table. (4) In the following, similarly, addition / subtraction of points on the pre-computation table and T _i that have already been calculated are calculated using the Montgomery homogeneous inverse element, added to the pre-computation table, and if all have been calculated finish.

[0013]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Next, embodiments of the present invention will be described in detail with reference to FIGS. (Structure) FIG. 1 shows the structure of an elliptic k-times arithmetic unit according to the φ-advance sliding window method of the present invention. An elliptic k-times arithmetic unit based on the φ-advance sliding window method inputs a window size value w (w is an integer of 3 or more), a point P on an elliptic curve, and an integer k, and outputs kP. The apparatus of FIG. 1 mainly outputs some pre-computation points for input P and w, and a pre-calculation φ-adic N of input k.
Φ-adic NAF expansion unit 402 for outputting AF expansion, memory 403 for storing a pre-calculation result and a value in the middle of operation, φ-adic sliding window method main operation for processing the main part of φ-adic sliding window method Part 4
It is composed of 04.

The present invention is characterized by the configuration and operation of the pre-calculation unit 401 for realizing high speed, and is configured as shown in FIG. The pre-calculation unit 401 in FIG.
Φ multiplication unit 101 that has performed multiplication, sign inversion unit 102 that outputs −P for input point P, φ multiplication unit 10
1 and a sign inversion unit 103 that inverts the outputs of the ellipse addition unit 104, and an ellipse addition unit having a function of collectively performing the process of obtaining an inverse element when performing a plurality of ellipse additions for a plurality of input points 104, a Montgomery simultaneous inverse element calculation unit 105 for simultaneously obtaining all inverse elements of a plurality of input elements on GF (2 ^m ) using the Montgomery simultaneous inverse element, and a control unit 106 for controlling them Composed. In Montgomery simultaneous inverse _{operation, a 1, a 2, ···} , a 1 -1 from ^{_{a n, a 2 -1, ···}} , when obtaining a _n ^-1, the inverse cost I, If M is the multiplication cost, n inverse elements are I + 3
It can be calculated at a cost of (n-1) M. That is, the inverse element can be obtained faster than the case where the inverse element is obtained one by one.

(Operation) The operation of the elliptic k-times arithmetic unit according to the φ-advance sliding window method of FIG. 1 will be described. An elliptic k-times arithmetic unit using the φ-advance sliding window method of FIG. 1 inputs a window size value w (w is an integer of 3 or more), a rational point P on an elliptic curve on a finite field, and an integer k, and then kP Output. The details of the pre-calculation unit are as shown in FIG. 2. For example, when w = 7 and the point P is input, the operation of FIG. 2 is as shown in FIG. The vector when the integer i is expanded by NAF is identified as β _i by equating it with the vector expression of the polynomial of φ. For example, NAF (19) = <1,0,1,0, -1>
Since it is a ^{_{β 1 9 = φ 4 + φ}} 2 -1.

The pre-calculation section will be described with reference to FIG. The pre-calculation unit is a process for obtaining some points in advance prior to the main process for obtaining the rational point kP, and a process for obtaining an inverse element required for elliptic addition / subtraction calculation while reusing the already obtained points. The maximum pre-calculation table is created by obtaining points on the elliptic curve necessary for the main processing for obtaining the rational point kP while simultaneously performing the maximum simultaneous processing by the Montgomery simultaneous inverse element.
First, P is input to the φ multiplication unit 101, and β is calculated by φ multiplication.
_i P (i = 2,4,8,16,32,64) is calculated, and the memory 4
03 (see FIG. 3 :). Next, β _i obtained above
Between P (i = 2,4,8,16,32,64) and P

[Equation 4] Is obtained while simultaneously performing the processing part for obtaining the inverse element using the Montgomery simultaneous inverse element, and stored in the memory 403 (FIG. 3:). Next, β _i P (i = 16,32,6) obtained above
4) and β ₃ P, β ₅ P, β ₇ P, β ₉ P obtained above

[Equation 5] Is obtained while simultaneously performing the processing part for obtaining the inverse element using the Montgomery simultaneous inverse element, and stored in the memory (FIG. 3:
). Next, β ₆₄ P obtained above and β ₁₁ P obtained above
β ₁₃ P, β ₁₅ P, β ₁₇ P, β ₁₉ P, β ₂₁ P

[Equation 6] Is obtained while simultaneously performing the processing part for obtaining the inverse element using the Montgomery simultaneous inverse element, and stored in the memory (FIG. 3:
). With the above, all the points necessary for the pre-calculation are obtained. The shaded portion in FIG. 3: is a place where the Montgomery simultaneous inverse element can be calculated at high speed. (The shaded portion of FIG. 3: is omitted.) The control unit 106 controls each component.

An elliptic k-times arithmetic unit based on the φ-advance sliding window method of FIG. 1 will be described. φ-advance NAF
The expansion unit 402 expands k by φ-adic NAF, and the expansion result is an φ-adic sliding window method main operation unit 404.
Send to. The φ-advancing sliding window method main operation unit 404 determines the result of the prior operation on the memory 403,
As a result of advancing NAF expansion, w and P are input, kP is calculated by combining φ multiplication operation (φ multiplication operation unit) and elliptic addition (elliptic addition unit).
And output. Further, the control unit controls the window size of the main processing of the main calculation unit 404. The operation of the main arithmetic unit according to the φ-advancing sliding window method is the same as the main arithmetic operation described with reference to FIG.

The elliptic k-times arithmetic unit according to the φ-advance sliding window method of the present invention can be composed of a computer having a CPU and a memory, a user terminal, and a recording medium. The recording medium is a machine-readable recording medium such as a CD-ROM, a magnetic disk device, a semiconductor memory, etc., and the window processing program recorded here controls the operation of the computer and controls the operation of the computer in each of the embodiments described above. Realize the components.

[0019]

The effects of the present invention will be described. GF (2 ^m )
When the k-fold operation in the above elliptic curve cryptography is obtained by the φ-advance sliding window method, the operation consists of a pre-operation part and a main operation part. The ratio of the pre-calculation amount to the total calculation amount is about 10 when m = 163 and w = 4.
%, When m = 163 and w = 5, they occupy about 25%. The present invention can reduce the calculation amount of this pre-calculation to about half, and as a result, it is possible to reduce the calculation amount of the entire k-fold calculation. For example, when m = 163, the optimum window size value w according to the present invention is 6, and at this time, the time required for the pre-calculation can be reduced by about 65%, and as a result, the time required for the entire k-fold calculation can be reduced by about 15%. can do.

[Brief description of drawings]

FIG. 1 is a configuration diagram of an elliptic k-times arithmetic unit based on a φ-advance sliding window method.

FIG. 2 is a block diagram of a pre-calculation unit.

FIG. 3 is an operation explanatory diagram of a pre-calculation unit.

FIG. 4 is a diagram showing a procedure of an elliptic k-fold calculation by a conventional binary method.

FIG. 5 is a diagram showing a procedure of an elliptic k-fold calculation by a conventional sliding window method.

FIG. 6 is a diagram showing a procedure of an elliptic k times multiplication operation according to a conventional φ-adic expansion method.

FIG. 7 is a diagram showing a procedure for calculating an elliptic k times by a conventional φ-adic sliding window method.

[Explanation of symbols]

101 ... φ multiplication unit, 102, 103 ... Sign inversion unit, 104 ... Ellipse addition unit, 105 ... Montgomery simultaneous inverse element calculation unit, 106 ... Control unit 401 ... Pre-computation Part, 402 ... φ-adic NAF expansion part, 403 ... Memory, 404 ... φ-adic sliding window method main operation part

   ─────────────────────────────────────────────────── ─── Continued front page    (72) Inventor Hoshino Literature             2-3-1, Otemachi, Chiyoda-ku, Tokyo             Inside Telegraph and Telephone Corporation F term (reference) 5J104 AA18 AA25 EA30 JA25 NA16

Claims (6)

[Claims] 1. A rational point P and an integer k on an elliptic curve on a finite field GF (p ^m ) (p is a prime number and m is an integer of 1 or more) are input, and an elliptic curve of the finite field GF (p ^m ) is input. Upper rational point kP
In a window processing device for computing and outputting, for obtaining a rational point kP, a φ-adic NAF expansion means for expanding an integer k into a polynomial of φ (φ represents a Frobenius map) such that the continuity of orders does not occur. When retrieving some points in advance prior to the main processing of, while reusing the points that have already been obtained, while simultaneously processing the inverse element required for the elliptic addition / subtraction operation by the Montgomery simultaneous inverse element A pre-computation unit that retains in memory the pre-computation table in which the points on the elliptic curve necessary for the main processing for obtaining the rational point kP are stored, and the integer k that was expanded by the φ-adic NAF and the pre-computation table were derived. A window processing device, comprising: a main calculation unit that obtains a rational point kP based on points on an elliptic curve necessary for a main process for obtaining a rational point kP. 2. The window processing device according to claim 1, wherein the pre-computation unit first performs T _i = φ ⁱ P (i = 2, 3, ...
, W-1) (where w represents a window size), and then T _i ± P (i = 2, 3, ..., w-1) is the Montgomery simultaneous inverse element. , And the resulting (φ ² ± 1) P, (φ ³ ± 1) P, T _i ± (φ ² +1) P (i = 4,5, ... , w-1),
T _i ± (φ ² −1) P (i = 4,5, ..., w−1), T _i
± (φ ³ +1) P (i = 5,6, ..., w-1), T _i ±
Means for calculating (φ ³ -1) P (i = 5,6, ..., w-1) using the Montgomery simultaneous inverse element, and the addition / subtraction of the points already obtained and T _{i in the same} manner 1. A window processing device comprising: a means for calculating Montgomery simultaneous inverse elements; and means for creating a pre-computation table based on the results obtained by the respective means. 3. A rational point P and an integer k on an elliptic curve on a finite field GF (p ^m ) (p is a prime number and m is an integer of 1 or more) are input, and an elliptic curve of the finite field GF (p ^m ) is input. Upper rational point kP
In a window processing program that causes a computer to execute a window processing method for calculating and outputting, a φ-adic NAF expansion processing for expanding an integer k into a polynomial of φ (φ represents a Frobenius map) such that the continuity of orders does not occur. In addition, when several points are obtained in advance before the main processing for obtaining the rational point kP, the points already obtained are reused and the inverse element required for the elliptic addition / subtraction calculation is obtained. Pre-processing that stores the pre-calculation table in which the points on the elliptic curve necessary for the main processing for obtaining the rational point kP while simultaneously processing by the simultaneous inverse element are stored in memory, and the integer k expanded by the φ-adic NAF. And a main calculation process for obtaining the rational point kP based on the points on the elliptic curve necessary for the main processing for obtaining the rational point kP derived from the pre-computation table When the window processing program for causing a computer to execute. 4. The window processing program according to claim 3, wherein the pre-computation processing is performed by "φ multiplication", first T _i = φ ⁱ P (i = 2,3, ...
, W-1) (where w represents the window size), and then T _i ± P (i = 2, 3, ..., W-1) , And the resulting (φ ² ± 1) P, (φ ³ ± 1) P, T _i ± (φ ² +1) P (i = 4,5, ... , w-1),
T _i ± (φ ² −1) P (i = 4,5, ..., w−1), T _i
± (φ ³ +1) P (i = 5,6, ..., w-1), T _i ±
(Φ ³ −1) P (i = 5,6, ..., w−1) is calculated by using the Montgomery simultaneous inverse element, and similarly, addition / subtraction of points already obtained and T _i is performed in the same manner. And a window processing program to be executed by a computer. 5. An elliptic curve of a finite field GF (p ^m ) is input by inputting a rational point P and an integer k on the elliptic curve on a finite field GF (p ^m ) (p is a prime number and m is an integer of 1 or more). Upper rational point kP
In a recording medium in which a window processing program for causing a computer to execute a window processing method for calculating and outputting is recorded, an integer k is expanded into a polynomial of φ (φ represents a Frobenius map) so that the continuity of orders does not occur. When obtaining some points in advance before the φ-adic NAF expansion processing and the main processing for obtaining the rational point kP, the inverse elements necessary for elliptic addition / subtraction calculation are reused while reusing the already obtained points. The pre-processing for storing points in the elliptic curve necessary for the main processing for obtaining the rational point kP while simultaneously performing the processing for obtaining The rational point kP is based on the integer k expanded by NAF and the points on the elliptic curve necessary for the main processing for obtaining the rational point kP derived from the pre-computation table. Major processing and recording medium recording a window processing program to be executed by a computer to determine. 6. A recording medium on which the window processing program according to claim 5 is recorded, wherein the pre-computation processing is first performed by "φ multiplication operation", so that T _i = φ ⁱ P (i = 2, 3, ...
, W-1) (where w represents the window size), and then T _i ± P (i = 2, 3, ..., W-1) , And the resulting (φ ² ± 1) P, (φ ³ ± 1) P, T _i ± (φ ² +1) P (i = 4,5, ... , w-1),
T _i ± (φ ² −1) P (i = 4,5, ..., w−1), T _i
± (φ ³ +1) P (i = 5,6, ..., w-1), T _i ±
(Φ ³ −1) P (i = 5,6, ..., w−1) is calculated by using the Montgomery simultaneous inverse element, and similarly, addition / subtraction of points already obtained and T _i is performed in the same manner. A recording medium which records a calculation process using the Montgomery simultaneous inverse element, a process of creating a pre-calculation table based on the results obtained in each process, and a window processing program to be executed by a computer.