Results 1 
9 of
9
Fast Generation of Prime Numbers and Secure PublicKey Cryptographic Parameters
, 1995
"... A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. The ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. Therefore our algorithm is even faster than presentlyused algorithms for generating only pseudoprimes because several MillerRabin tests with independent bases must be applied for achieving a sufficient confidence level. Heuristic arguments suggest that the generated primes are close to uniformly distributed over the set of primes in the specified interval. Security constraints on the prime parameters of certain cryptographic systems are discussed, and in particular a detailed analysis of the iterated encryption attack on the RSA publickey cryptosystem is presented. The prime generation algorithm can easily be modified to generate nearly random primes or RSAmoduli that satisfy t...
Detecting lacunary perfect powers and computing their roots
, 2009
"... We consider the problem of determining whether a lacunary (also called a sparse or supersparse) polynomial f is a perfect power, that is, f = h r for some other polynomial h and r ∈ N, and of finding h and r should they exist. We show how to determine if f is a perfect power in time polynomial in t ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We consider the problem of determining whether a lacunary (also called a sparse or supersparse) polynomial f is a perfect power, that is, f = h r for some other polynomial h and r ∈ N, and of finding h and r should they exist. We show how to determine if f is a perfect power in time polynomial in the number of nonzero terms of f, and in terms of log deg f, i.e., polynomial in the size of the lacunary representation. The algorithm works over Fq[x] (for large characteristic) and over Z[x], where the cost is also polynomial in log ‖f‖∞. We also give a Monte Carlo algorithm to find h if it exists, for which our proposed algorithm requires polynomial time in the output size, i.e., the sparsity and height of h. Conjectures of Erdös and Schinzel, and recent work of Zannier, suggest that h must be sparse. Subject to a slightly stronger conjectures we give an extremely efficient algorithm to find h via a form of sparse Newton iteration. We demonstrate the efficiency of these algorithms with an implementation using the C++ library NTL. 1.
On Lacunary Polynomial Perfect Powers
, 2008
"... We consider the problem of determining whether a tsparse or lacunary polynomial f is a perfect power, that is, f = h r for some other polynomial h and r ∈ N, and of finding h and r should they exist. We show how to determine if f is a perfect power in time polynomial in t and log deg f, i.e., polyn ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
We consider the problem of determining whether a tsparse or lacunary polynomial f is a perfect power, that is, f = h r for some other polynomial h and r ∈ N, and of finding h and r should they exist. We show how to determine if f is a perfect power in time polynomial in t and log deg f, i.e., polynomial in the size of the lacunary representation. The algorithm works over Fq[x] (at least for large characteristic) and over Z[x], where the cost is also polynomial in log ‖f‖∞. Subject to a conjecture, we show how to find h if it exists via a kind of sparse Newton iteration, again in time polynomial in the size of the sparse representation. Finally, we demonstrate an implementation using the C++ library NTL.
The Pseudosquares Prime Sieve
"... Abstract. We present the pseudosquares prime sieve, which finds all primes up to n. Define p to be the smallest prime such that the pseudosquare Lp>n/(π(p)(log n) 2); here π(x) is the prime counting function. Our algorithm requires only O(π(p)n) arithmetic operations and O(π(p)logn) space. It use ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. We present the pseudosquares prime sieve, which finds all primes up to n. Define p to be the smallest prime such that the pseudosquare Lp>n/(π(p)(log n) 2); here π(x) is the prime counting function. Our algorithm requires only O(π(p)n) arithmetic operations and O(π(p)logn) space. It uses the pseudosquares primality test of Lukes, Patterson, and Williams. Under the assumption of the Extended Riemann Hypothesis, we have p ≤ 2(log n) 2, but it is conjectured that p ∼ 1 log nlog log n. Thus, log2 the conjectured complexity of our prime sieve is O(n log n) arithmetic operations in O((log n) 2) space. The primes generated by our algorithm are proven prime unconditionally. The best current unconditional bound known is p ≤ n 1/(4√e−ɛ) 1.132, implying a running time of roughly n using roughly n 0.132 space. Existing prime sieves are generally faster but take much more space, greatly limiting their range (O(n / log log n)operationswithn 1/3+ɛ space, or O(n) operationswithn 1/4 conjectured space). Our algorithm found all 13284 primes in the interval [10 33,10 33 +10 6] in about 4 minutes on a1.3GHzPentiumIV. We also present an algorithm to find all pseudosquares Lp up to n in sublinear time using very little space. Our innovation here is a new, spaceefficient implementation of the wheel datastructure. 1
Computing Jacobi symbols modulo sparse integers and polynomials and some applications
 J. Algorithms
"... ..."
ABSTRACT On Lacunary Polynomial Perfect Powers
"... We consider the problem of determining whether a tsparse or lacunary polynomial f is a perfect power, that is, f = h r for some other polynomial h and r ∈ N, and of finding h and r should they exist. We show how to determine if f is a perfect power in time polynomial in t and log deg f, i.e., polyn ..."
Abstract
 Add to MetaCart
We consider the problem of determining whether a tsparse or lacunary polynomial f is a perfect power, that is, f = h r for some other polynomial h and r ∈ N, and of finding h and r should they exist. We show how to determine if f is a perfect power in time polynomial in t and log deg f, i.e., polynomial in the size of the lacunary representation. The algorithm works over Fq[x] (at least for large characteristic) and over Z[x], where the cost is also polynomial in log �f�∞. Subject to a conjecture, we show how to find h if it exists via a kind of sparse Newton iteration, again in time polynomial in the size of the sparse representation. Finally, we demonstrate an implementation using the C++ library NTL. 1.
PAPER Special Section on Cryptography and Information Security The Computational Difficulty of Solving Cryptographic Primitive Problems Related to the Discrete Logarithm Problem
, 2005
"... SUMMARY To the authors ’ knowledge, there are not many cryptosystems proven to be as difficult as or more difficult than the discrete logarithm problem. Concerning problems related to the discrete logarithm problem, there are problems called the double discrete logarithm problem and the eth root of ..."
Abstract
 Add to MetaCart
SUMMARY To the authors ’ knowledge, there are not many cryptosystems proven to be as difficult as or more difficult than the discrete logarithm problem. Concerning problems related to the discrete logarithm problem, there are problems called the double discrete logarithm problem and the eth root of the discrete logarithm problem. These two problems are likely to be difficult and they have been utilized in cryptographic protocols such as verifiable secret sharing scheme and group signature scheme. However, their exact complexity has not been clarified, yet. Related to the eth root of the discrete logarithm problem, we can consider a square root of the discrete logarithm problem. Again, the exact complexity of this problem has not been clarified, yet. The security of cryptosystems using these underlying problems deeply depends on the difficulty of these underlying problems. Hence it is important to clarify their difficulty. In this paper we prove reductions among these fundamental problems and show that under certain conditions, these problems are as difficult as or more difficult than the discrete logarithm problem modulo a prime. key words: discrete logarithm problem, double discrete logarithm problem, square root of discrete logarithm problem, eth root of discrete logarithm problem 1.
General Terms
"... We present algorithms for computing factorizations and least common left multiple (LCLM) decompositions of Ore polynomials over �q (t), for a prime power q = p µ. Our algorithms are effective in �q (t)[D; σ, δ], for any automorphism σ and σderivation δ of �q (t). On input f ∈ �q (t)[D; σ, δ], the a ..."
Abstract
 Add to MetaCart
We present algorithms for computing factorizations and least common left multiple (LCLM) decompositions of Ore polynomials over �q (t), for a prime power q = p µ. Our algorithms are effective in �q (t)[D; σ, δ], for any automorphism σ and σderivation δ of �q (t). On input f ∈ �q (t)[D; σ, δ], the algorithms run in time polynomial in deg D(f), deg t(f), p and µ.