A computer is generally considered to be a universal computational device; i.e., it is believed able to simulate any physical computational device with a increase in computation time of at most a polynomial factor. It is not clear whether this is still true when quantum mechanics is taken into consideration. Several researchers, starting with David Deutsch, have developed models for quantum mechanical computers and have investigated their computational properties. This paper gives Las Vegas algorithms for finding discrete logarithms and factoring integers on a quantum computer that take a number of steps which is polynomial in the input size, e.g., the number of digits of the integer to be factored. These two problems are generally considered hard on a classical computer and have been used as the basis of several proposed cryptosystems. (We thus give the first examples of quantum cryptanalysis.) 1 Introduction Since the discovery of quantum mechanics, people have found the behavior of...

A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time of at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. This paper considers factoring integers and finding discrete logarithms, two problems which are generally thought to be hard on a classical computer and have been used as the basis of several proposed cryptosystems. Efficient randomized algorithms are given for these two problems on a hypothetical quantum computer. These algorithms take a number of steps polynomial in the input size, e.g., the number of digits of the integer to be factored. AMS subject classifications: 82P10, 11Y05, 68Q10. 1 Introduction One of the first results in the mathematics of computation, which underlies the subsequent development of much of theoretical computer science, was the distinction between computable and ...

The authors consider the problem of reconstructing (i.e., interpolating) a t-sparse multivariate polynomial given a black box which will produce the value of the polynomial for any value of the arguments. It is shown that, if the polynomial has coefficients in a finite field GF[q] and the black box can evaluate the polynomial in the field GF[qr2g,tnt+37], where n is the number of variables, then there is an algorithm to interpolate the polynomial in O(log (nt)) boolean parallel time and O(n2t log nt) processors. This algorithm yields the first efficient deterministic polynomial time algorithm (and moreover boolean NC-algorithm) for interpolating t-sparse polynomials over finite fields and should be contrasted with the fact that efficient interpolation using a black box that only evaluates the polynomial at points in GF[q] is

For most digital signature schemes used in practice, such as ISO9796/RSA or DSA, it has only been shown that certain plausible cryptographic assumptions, such as the difficulty of factoring integers, computing discrete logarithms or the collision-intractability of certain hash-functions are necessary for the security of the scheme, while their sufficiency is, strictly speaking, an open question. A clear advantage of such schemes over many signature schemes with security proven relative to such common cryptographic assumptions, is their efficiency: as a result of their relatively weak requirements regarding computation, bandwidth and storage, these schemes have so far beaten proven secure schemes in practice. Our aim is to contribute to the bridging of the gap that seems to exist between the theory and practice of digital signature schemes. We present a digital signature that offers both proven security and practical value. More precisely, under an appropriate assumption about RSA, the ...

In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomial time. Therefore, factoring would be easy if Rabin's test systematically failed with a 25% probability on each composite integer (which, of course, it does not). The second observation is more fundamental because is it _not_ restricted to primality testing: it has consequences for the entire field of probabilistic algorithms. The failure probability when using a probabilistic algorithm for the purpose of testing some property is compared with that when using it for the purpose of obtaining a random element hopefully having this property. More specifically, we investigate the question of how reliable Rabin's test is when used to _generate_ a random integer that is probably prime, rather than to _test_ a specific integer for primality. Key words: factorization, false witnesses, primality testing, probabilistic algorithms, Rabin's test.

ABSTRACT. The problem is: Let Hn = n∑ n ≥ 1, that with equality only for n = 1. j=1 1 j d ≤ Hn + exp(Hn)log(Hn),

This paper defines and develops cycle indices for the finite classical groups. These tools are then applied to study properties of a random matrix chosen uniformly from one of these groups. Properties studied by this technique will include semisimplicity, regularity, regular semisimplicity, the characteristic polynomial, number of Jordan blocks, and average order of a matrix.

Abstract. We show that any set containing a positive proportion of the primes contains a 3-term arithmetic progression. An important ingredient is a proof that the primes enjoy the so-called Hardy-Littlewood majorant property. We derive this by giving a new proof of a rather more general result of Bourgain which, because of a close analogy with a classical argument of Tomas and Stein from Euclidean harmonic analysis, might be called a restriction theorem for the primes. 1.

For odd square-free n > 1 the cyclotomic polynomial n (x) satises the identity of Gauss 4 n (x) = A 2 n ( 1) (n 1)=2 nB 2 n : A similar identity of Aurifeuille, Le Lasseur and Lucas is n (( 1) (n 1)=2 x) = C 2 n nxD 2 n or, in the case that n is even and square-free, n=2 ( x 2 ) = C 2 n nxD 2 n ; Here A n (x); : : : ; D n (x) are polynomials with integer coecients. We show how these coef- cients can be computed by simple algorithms which require O(n 2 ) arithmetic operations and work over the integers. We also give explicit formulae and generating functions for A n (x); : : : ; D n (x), and illustrate the application to integer factorization with some numerical examples.

Abstract: We extend some of the theory of multifractal analysis for conformal expanding systems to two new cases: The non-uniformly hyperbolic example of the Manneville– Pomeau equation and the continued fraction transformation. A common point in the analysis is the use of thermodynamic formalism for transformations with infinitely many branches. We effect a complete multifractal analysis of the Lyapunov exponent for the continued fraction transformation and as a consequence obtain some new results on the precise exponential speed of convergence of the continued fraction algorithm. This analysis also provides new quantitative information about cuspital excursions on the modular surface. 1.