Results 1  10
of
138
Algorithms for Quantum Computation: Discrete Logarithms and Factoring
, 1994
"... A computer is generally considered to be a universal computational device; i.e., it is believed able to simulate any physical computational device with a increase in computation time of at most a polynomial factor. It is not clear whether this is still true when quantum mechanics is taken into consi ..."
Abstract

Cited by 812 (7 self)
 Add to MetaCart
A computer is generally considered to be a universal computational device; i.e., it is believed able to simulate any physical computational device with a increase in computation time of at most a polynomial factor. It is not clear whether this is still true when quantum mechanics is taken into consideration. Several researchers, starting with David Deutsch, have developed models for quantum mechanical computers and have investigated their computational properties. This paper gives Las Vegas algorithms for finding discrete logarithms and factoring integers on a quantum computer that take a number of steps which is polynomial in the input size, e.g., the number of digits of the integer to be factored. These two problems are generally considered hard on a classical computer and have been used as the basis of several proposed cryptosystems. (We thus give the first examples of quantum cryptanalysis.) 1 Introduction Since the discovery of quantum mechanics, people have found the behavior of...
Simulating Physics with Computers
 SIAM Journal on Computing
, 1982
"... A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time of at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. ..."
Abstract

Cited by 393 (1 self)
 Add to MetaCart
A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time of at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. This paper considers factoring integers and finding discrete logarithms, two problems which are generally thought to be hard on a classical computer and have been used as the basis of several proposed cryptosystems. Efficient randomized algorithms are given for these two problems on a hypothetical quantum computer. These algorithms take a number of steps polynomial in the input size, e.g., the number of digits of the integer to be factored. AMS subject classifications: 82P10, 11Y05, 68Q10. 1 Introduction One of the first results in the mathematics of computation, which underlies the subsequent development of much of theoretical computer science, was the distinction between computable and ...
Fast parallel algorithms for sparse multivariate polynomial interpolation over finite fields
 SIAM J. COMPUT
, 1990
"... The authors consider the problem of reconstructing (i.e., interpolating) a tsparse multivariate polynomial given a black box which will produce the value of the polynomial for any value of the arguments. It is shown that, if the polynomial has coefficients in a finite field GF[q] and the black box ..."
Abstract

Cited by 52 (12 self)
 Add to MetaCart
The authors consider the problem of reconstructing (i.e., interpolating) a tsparse multivariate polynomial given a black box which will produce the value of the polynomial for any value of the arguments. It is shown that, if the polynomial has coefficients in a finite field GF[q] and the black box can evaluate the polynomial in the field GF[qr2g,tnt+37], where n is the number of variables, then there is an algorithm to interpolate the polynomial in O(log (nt)) boolean parallel time and O(n2t log nt) processors. This algorithm yields the first efficient deterministic polynomial time algorithm (and moreover boolean NCalgorithm) for interpolating tsparse polynomials over finite fields and should be contrasted with the fact that efficient interpolation using a black box that only evaluates the polynomial at points in GF[q] is
New Generation of Secure and Practical RSAbased Signatures
, 1996
"... For most digital signature schemes used in practice, such as ISO9796/RSA or DSA, it has only been shown that certain plausible cryptographic assumptions, such as the difficulty of factoring integers, computing discrete logarithms or the collisionintractability of certain hashfunctions are necessar ..."
Abstract

Cited by 36 (1 self)
 Add to MetaCart
For most digital signature schemes used in practice, such as ISO9796/RSA or DSA, it has only been shown that certain plausible cryptographic assumptions, such as the difficulty of factoring integers, computing discrete logarithms or the collisionintractability of certain hashfunctions are necessary for the security of the scheme, while their sufficiency is, strictly speaking, an open question. A clear advantage of such schemes over many signature schemes with security proven relative to such common cryptographic assumptions, is their efficiency: as a result of their relatively weak requirements regarding computation, bandwidth and storage, these schemes have so far beaten proven secure schemes in practice. Our aim is to contribute to the bridging of the gap that seems to exist between the theory and practice of digital signature schemes. We present a digital signature that offers both proven security and practical value. More precisely, under an appropriate assumption about RSA, the ...
The Generation of Random Numbers That Are Probably Prime
 Journal of Cryptology
, 1988
"... In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomia ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomial time. Therefore, factoring would be easy if Rabin's test systematically failed with a 25% probability on each composite integer (which, of course, it does not). The second observation is more fundamental because is it _not_ restricted to primality testing: it has consequences for the entire field of probabilistic algorithms. The failure probability when using a probabilistic algorithm for the purpose of testing some property is compared with that when using it for the purpose of obtaining a random element hopefully having this property. More specifically, we investigate the question of how reliable Rabin's test is when used to _generate_ a random integer that is probably prime, rather than to _test_ a specific integer for primality.
Key words: factorization, false witnesses, primality testing, probabilistic algorithms, Rabin's test.
Roth’s Theorem in the primes
 Annals of Math
"... Abstract. We show that any set containing a positive proportion of the primes contains a 3term arithmetic progression. An important ingredient is a proof that the primes enjoy the socalled HardyLittlewood majorant property. We derive this by giving a new proof of a rather more general result of B ..."
Abstract

Cited by 21 (4 self)
 Add to MetaCart
Abstract. We show that any set containing a positive proportion of the primes contains a 3term arithmetic progression. An important ingredient is a proof that the primes enjoy the socalled HardyLittlewood majorant property. We derive this by giving a new proof of a rather more general result of Bourgain which, because of a close analogy with a classical argument of Tomas and Stein from Euclidean harmonic analysis, might be called a restriction theorem for the primes. 1.
An elementary problem equivalent to the Riemann hypothesis
 Amer. Math. Monthly
"... ABSTRACT. The problem is: Let Hn = n∑ n ≥ 1, that with equality only for n = 1. j=1 1 j d ≤ Hn + exp(Hn)log(Hn), ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
ABSTRACT. The problem is: Let Hn = n∑ n ≥ 1, that with equality only for n = 1. j=1 1 j d ≤ Hn + exp(Hn)log(Hn),
Multifractal analysis of Lyapunov exponent for continued fraction and Manneville–Pomeau transformations and applications to Diophantine approximation
 Comm. Math. Phys
, 1999
"... Abstract: We extend some of the theory of multifractal analysis for conformal expanding systems to two new cases: The nonuniformly hyperbolic example of the Manneville– Pomeau equation and the continued fraction transformation. A common point in the analysis is the use of thermodynamic formalism fo ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
Abstract: We extend some of the theory of multifractal analysis for conformal expanding systems to two new cases: The nonuniformly hyperbolic example of the Manneville– Pomeau equation and the continued fraction transformation. A common point in the analysis is the use of thermodynamic formalism for transformations with infinitely many branches. We effect a complete multifractal analysis of the Lyapunov exponent for the continued fraction transformation and as a consequence obtain some new results on the precise exponential speed of convergence of the continued fraction algorithm. This analysis also provides new quantitative information about cuspital excursions on the modular surface. 1.
Critical Points and supersymmetric vacua III: string/M models (in preparation
"... Abstract. Motivated by the vacuum selection problem of string/M theory, we study a new geometric invariant of a positive Hermitian line bundle (L, h) → M over a compact Kähler manifold: the expected distribution Kcrit h (z) of critical points d log s(z)h = 0 of a Gaussian random holomorphic secti ..."
Abstract

Cited by 16 (7 self)
 Add to MetaCart
Abstract. Motivated by the vacuum selection problem of string/M theory, we study a new geometric invariant of a positive Hermitian line bundle (L, h) → M over a compact Kähler manifold: the expected distribution Kcrit h (z) of critical points d log s(z)h = 0 of a Gaussian random holomorphic section s ∈ H0 (M, L) with respect to h. It is a measure on M whose total mass is the average number N crit h of critical points of a random holomorphic section. We are interested in the metric dependence of N crit h, especially metrics h which minimize N crit h. We concentrate on the asymptotic minimization problem for the sequence of tensor powers (LN, hN) → M of the line bundle and their critical point densities Kcrit hN (z). We prove that Kcrit hN (z) has a complete asymptotic expansion in N whose coefficients are curvature invariants of h. The first two terms in the expansion of N crit hN are topological invariants of (L, M). The third term is a topological invariant plus a constant βm 2 (depending only on the dimension m of M) times the Calabi functional ∫ M ρ2dVolh, where ρ is the scalar curvature of the curvature form of h. We give an integral formula for βm 2 and show, by a crit> 0 for m ≤ 4, hence that N is asymptotically computer assisted calculation, that βm 2 hN minimized by the Calabi extremal metric (when one exists). We conjecture that βm 2> 0 in all dimensions, i.e. the Calabi extremal metric is always the asymptotic minimizer.
Cycle Indices for the Finite Classical Groups
 J. Group Theory
, 1997
"... This paper defines and develops cycle indices for the finite classical groups. These tools are then applied to study properties of a random matrix chosen uniformly from one of these groups. Properties studied by this technique will include semisimplicity, regularity, regular semisimplicity, the c ..."
Abstract

Cited by 16 (12 self)
 Add to MetaCart
This paper defines and develops cycle indices for the finite classical groups. These tools are then applied to study properties of a random matrix chosen uniformly from one of these groups. Properties studied by this technique will include semisimplicity, regularity, regular semisimplicity, the characteristic polynomial, number of Jordan blocks, and average order of a matrix.