Results 1 
7 of
7
Explicit bounds for primes in residue classes
 Math. Comp
, 1996
"... Abstract. Let E/K be an abelian extension of number fields, with E ̸ = Q. Let ∆ and n denote the absolute discriminant and degree of E. Letσdenote an element of the Galois group of E/K. Weprovethefollowingtheorems, assuming the Extended Riemann Hypothesis: () (1) There is a degree1 prime p of K su ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
Abstract. Let E/K be an abelian extension of number fields, with E ̸ = Q. Let ∆ and n denote the absolute discriminant and degree of E. Letσdenote an element of the Galois group of E/K. Weprovethefollowingtheorems, assuming the Extended Riemann Hypothesis: () (1) There is a degree1 prime p of K such that p = σ, satis
Privacy amplification and nonmalleable extractors via character sums
 In Proceedings of the 52nd Annual IEEE Symposium on Foundations of Computer Science, 2011. [DO03] Y. Dodis and
"... In studying how to communicate over a public channel with an active adversary, Dodis and Wichs introduced the notion of a nonmalleable extractor. A nonmalleable extractor dramatically strengthens the notion of a strong extractor. A strong extractor takes two inputs, a weaklyrandom x and a uniform ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
In studying how to communicate over a public channel with an active adversary, Dodis and Wichs introduced the notion of a nonmalleable extractor. A nonmalleable extractor dramatically strengthens the notion of a strong extractor. A strong extractor takes two inputs, a weaklyrandom x and a uniformly random seed y, and outputs a string which appears uniform, even given y. For a nonmalleable extractor nmExt, the output nmExt(x,y) should appear uniform given y as well as nmExt(x, A(y)), where A is an arbitrary function with A(y) = y. We show that an extractor introduced by Chor and Goldreich is nonmalleable when the entropy rate is above half. It outputs a linear number of bits when the entropy rate is 1/2 + α, for any α> 0. Previously, no nontrivial parameters were known for any nonmalleable extractor. To achieve a polynomial running time when outputting many bits, we rely on a widelybelieved conjecture about the distribution of prime numbers in arithmetic progressions. Our analysis involves character sum estimates, which may be of independent interest. Using our nonmalleable extractor, we obtain protocols for “privacy amplification”: key agreement between two parties who share a weaklyrandom secret. Our protocols work in the
Supersparse black box rational function interpolation
 Manuscript
, 2011
"... We present a method for interpolating a supersparse blackbox rational function with rational coefficients, for example, a ratio of binomials or trinomials with very high degree. We input a blackbox rational function, as well as an upper bound on the number of nonzero terms and an upper bound on the ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
We present a method for interpolating a supersparse blackbox rational function with rational coefficients, for example, a ratio of binomials or trinomials with very high degree. We input a blackbox rational function, as well as an upper bound on the number of nonzero terms and an upper bound on the degree. The result is found by interpolating the rational function modulo a small prime p, and then applying an effective version of Dirichlet’s Theorem on primes in an arithmetic progression progressively lift the result to larger primes. Eventually we reach a prime number that is larger than the inputted degree bound and we can recover the original function exactly. In a variant, the initial prime p is large, but the exponents of the terms are known modulo larger and larger factors of p − 1. The algorithm, as presented, is conjectured to be polylogarithmic in the degree, but exponential in the number of terms. Therefore, it is very effective for rational functions with a small number of nonzero terms, such as the ratio of binomials, but it quickly becomes ineffective for a high number of terms. The algorithm is oblivious to whether the numerator and denominator have a common factor. The algorithm will recover the sparse form of the rational function, rather than the reduced form, which could be dense. We have experimentally tested the algorithm in the case of under 10 terms in numerator and denominator combined and observed its conjectured high efficiency.
Preface Lectures on sieves
, 2002
"... These are notes of a series of lectures on sieves, presented during the Special ..."
Abstract
 Add to MetaCart
These are notes of a series of lectures on sieves, presented during the Special
EVASIVENESS AND THE DISTRIBUTION OF PRIME NUMBERS
, 2010
"... Abstract. A Boolean function on N variables is called evasive if its decisiontree complexity is N. A sequence Bn of Boolean functions is eventually evasive if Bn is evasive for all sufficiently large n. We confirm the eventual evasiveness of several classes of monotone graph properties under widely ..."
Abstract
 Add to MetaCart
Abstract. A Boolean function on N variables is called evasive if its decisiontree complexity is N. A sequence Bn of Boolean functions is eventually evasive if Bn is evasive for all sufficiently large n. We confirm the eventual evasiveness of several classes of monotone graph properties under widely accepted number theoretic hypotheses. In particular we show that Chowla’s conjecture on Dirichlet primes implies that (a) for any graph H, “forbidden subgraph H” is eventually evasive and (b) all nontrivial monotone properties of graphs with ≤ n 3/2−ǫ edges are eventually evasive. (n is the number of vertices.) While Chowla’s conjecture is not known to follow from the Extended Riemann Hypothesis (ERH, the Riemann Hypothesis for Dirichlet’s L functions), we show (b) with the bound O(n 5/4−ǫ) under ERH. We also prove unconditional results: (a ′ ) for any graph H, the query complexity of “forbidden subgraph H ” is ` ´ n −O(1); (b) for some constant c> 0, all nontrivial monotone
A DIGITAL SIGNATURE SCHEME FOR LONGTERM SECURITY
"... Abstract. In this paper we propose a signature scheme based on two intractable problems, namely the integer factorization problem and the discrete logarithm problem for elliptic curves. It is suitable for applications requiring longterm security and provides a more e cient solution than the existin ..."
Abstract
 Add to MetaCart
Abstract. In this paper we propose a signature scheme based on two intractable problems, namely the integer factorization problem and the discrete logarithm problem for elliptic curves. It is suitable for applications requiring longterm security and provides a more e cient solution than the existing ones. 1.