Results 1  10
of
12
Elliptic Curves And Primality Proving
 Math. Comp
, 1993
"... The aim of this paper is to describe the theory and implementation of the Elliptic Curve Primality Proving algorithm. ..."
Abstract

Cited by 162 (22 self)
 Add to MetaCart
The aim of this paper is to describe the theory and implementation of the Elliptic Curve Primality Proving algorithm.
A Knapsack Type Public Key Cryptosystem Based On Arithmetic in Finite Fields
 IEEE Trans. Inform. Theory
, 1988
"... { A new knapsack type public key cryptosystem is introduced. The system is based on a novel application of arithmetic in nite elds, following a construction by Bose and Chowla. By appropriately choosing the parameters, one can control the density of the resulting knapsack, which is the ratio between ..."
Abstract

Cited by 35 (2 self)
 Add to MetaCart
{ A new knapsack type public key cryptosystem is introduced. The system is based on a novel application of arithmetic in nite elds, following a construction by Bose and Chowla. By appropriately choosing the parameters, one can control the density of the resulting knapsack, which is the ratio between the number of elements in the knapsack and their size in bits. In particular, the density can be made high enough to foil \low density" attacks against our system. At the moment, no attacks capable of \breaking" this system in a reasonable amount of time are known. Research supported by NSF grant MCS{8006938. Part of this research was done while the rst author was visiting Bell Laboratories, Murray Hill, NJ. A preliminary version of this work was presented in Crypto 84 and has appeared in [8]. 1 1.
Asymptotic semismoothness probabilities
 Mathematics of computation
, 1996
"... Abstract. We call an integer semismooth with respect to y and z if each of its prime factors is ≤ y, and all but one are ≤ z. Such numbers are useful in various factoring algorithms, including the quadratic sieve. Let G(α, β)bethe asymptotic probability that a random integer n is semismooth with res ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
Abstract. We call an integer semismooth with respect to y and z if each of its prime factors is ≤ y, and all but one are ≤ z. Such numbers are useful in various factoring algorithms, including the quadratic sieve. Let G(α, β)bethe asymptotic probability that a random integer n is semismooth with respect to n β and n α. We present new recurrence relations for G and related functions. We then give numerical methods for computing G,tablesofG, and estimates for the error incurred by this asymptotic approximation. 1.
On the Deterministic Complexity of Factoring Polynomials over Finite Fields
 Inform. Process. Lett
, 1990
"... . We present a new deterministic algorithm for factoring polynomials over Z p of degree n. We show that the worstcase running time of our algorithm is O(p 1=2 (log p) 2 n 2+ffl ), which is faster than the running times of previous deterministic algorithms with respect to both n and p. We also ..."
Abstract

Cited by 21 (4 self)
 Add to MetaCart
. We present a new deterministic algorithm for factoring polynomials over Z p of degree n. We show that the worstcase running time of our algorithm is O(p 1=2 (log p) 2 n 2+ffl ), which is faster than the running times of previous deterministic algorithms with respect to both n and p. We also show that our algorithm runs in polynomial time for all but at most an exponentially small fraction of the polynomials of degree n over Z p . Specifically, we prove that the fraction of polynomials of degree n over Z p for which our algorithm fails to halt in time O((log p) 2 n 2+ffl ) is O((n log p) 2 =p). Consequently, the averagecase running time of our algorithm is polynomial in n and log p. Keywords: factorization, finite fields, irreducible polynomials. This research was supported by NSF grants DCR8504485 and DCR8552596. Appeared in Information Processing Letters 33, pp. 261267, 1990. An preliminary version of this paper appeared as University of WisconsinMadison, Comput...
On the asymptotic distribution of large prime factors
 J. London Math. Soc
, 1993
"... A random integer N, drawn uniformly from the set {1,2,..., n), has a prime factorization of the form N = a1a2...aM where ax ^ a2>... ^ aM. We establish the asymptotic distribution, as «» • oo, of the vector A(«) = (loga,/logiV: i:> 1) in a transparent manner. By randomly reordering the components ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
A random integer N, drawn uniformly from the set {1,2,..., n), has a prime factorization of the form N = a1a2...aM where ax ^ a2>... ^ aM. We establish the asymptotic distribution, as «» • oo, of the vector A(«) = (loga,/logiV: i:> 1) in a transparent manner. By randomly reordering the components of A(«), in a sizebiased manner, we obtain a new vector B(n) whose asymptotic distribution is the GEM distribution with parameter 1; this is a distribution on the infinitedimensional simplex of vectors (xv x2,...) having nonnegative components with unit sum. Using a standard continuity argument, this entails the weak convergence of A(/i) to the corresponding PoissonDirichlet distribution on this simplex; this result was obtained by Billingsley [3]. 1.
Efficient blind signatures without random oracles
 In Carlo Blundo and Stelvio Cimato, editors, SCN 2004
, 2004
"... Abstract. The only known blind signature scheme that is secure in the standard model [20] is based on general results about multiparty computation, and thus it is extremely inefficient. The main result of this paper is the first provably secure blind signature scheme which is also efficient. We dev ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
Abstract. The only known blind signature scheme that is secure in the standard model [20] is based on general results about multiparty computation, and thus it is extremely inefficient. The main result of this paper is the first provably secure blind signature scheme which is also efficient. We develop our construction as follows. In the first step, which is a significant result on its own, we devise and prove the security of a new variant for the CramerShoupFischlin signature scheme. We are able to show that for generating signatures, instead of using randomly chosen prime exponents one can securely use randomly chosen odd integer exponents which significantly simplifies the signature generating process. We obtain our blind signing function as a secure and efficient twoparty computation that cleverly exploits its algebraic properties and those of the Paillier encryption scheme. The security of the resulting signing protocol relies on the Strong RSA assumption and the hardness of decisional composite residuosity; we stress that it does not rely on the existence of random oracles. 1
The Complete Analysis of a Polynomial Factorization Algorithm Over Finite Fields
, 2001
"... This paper derives basic probabilistic properties of random polynomials over finite fields that are of interest in the study of polynomial factorization algorithms. We show that the main characteristics of random polynomial can be treated systematically by methods of "analytic combinatorics" based o ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
This paper derives basic probabilistic properties of random polynomials over finite fields that are of interest in the study of polynomial factorization algorithms. We show that the main characteristics of random polynomial can be treated systematically by methods of "analytic combinatorics" based on the combined use of generating functions and of singularity analysis. Our object of study is the classical factorization chain which is described in Fig. 1 and which, despite its simplicity, does not appear to have been totally analysed so far. In this paper, we provide a complete averagecase analysis.
Random Polynomials and Polynomial Factorization
 TO APPEAR IN AUTOMATA, LANGUAGES AND PROGRAMMING, PROCEEDINGS OF THE 23RD ICALP COLLOQUIUM, PADERBORN, JULY 1996, F. MEYER AUF DER HEIDE, ED.
, 1996
"... We give a precise averagecase analysis of a complete polynomial factorization chain over finite fields by methods based on generating functions and singularity analysis. ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
We give a precise averagecase analysis of a complete polynomial factorization chain over finite fields by methods based on generating functions and singularity analysis.
Computing Discrete Logarithms with Quadratic Number Rings
 Advances in Cryptology  EUROCRYPT '98, LNCS 1403
, 1998
"... At present, there are two competing index calculus variants for computing discrete logarithms in (Z/pZ) * in practice. The purpose of this paper is to summarize the recent practical experience with a generalized implementation covering both a variant of the Number Field Sieve and the Gaussian intege ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
At present, there are two competing index calculus variants for computing discrete logarithms in (Z/pZ) * in practice. The purpose of this paper is to summarize the recent practical experience with a generalized implementation covering both a variant of the Number Field Sieve and the Gaussian integer method. By this implementation we set a record with p consisting of 85 decimal digits. With regard to computational results, including the running time, we provide a comparison of the two methods for this value of p.
Fast Bounds on the Distribution of Smooth Numbers
, 2006
"... Let P(n) denote the largest prime divisor of n, andlet Ψ(x,y) be the number of integers n ≤ x with P(n) ≤ y. Inthispaper we present improvements to Bernstein’s algorithm, which finds rigorous upper and lower bounds for Ψ(x,y). Bernstein’s original algorithm runs in time roughly linear in y. Our fi ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Let P(n) denote the largest prime divisor of n, andlet Ψ(x,y) be the number of integers n ≤ x with P(n) ≤ y. Inthispaper we present improvements to Bernstein’s algorithm, which finds rigorous upper and lower bounds for Ψ(x,y). Bernstein’s original algorithm runs in time roughly linear in y. Our first, easy improvement runs in time roughly y 2/3. Then, assuming the Riemann Hypothesis, we show how to drastically improve this. In particular, if log y is a fractional power of log x, which is true in applications to factoring and cryptography, then our new algorithm has a running time that is polynomial in log y, and gives bounds as tight as, and often tighter than, Bernstein’s algorithm.