Results 11  20
of
57
Low Redundancy in Static Dictionaries with O(1) Worst Case Lookup Time
 IN PROCEEDINGS OF THE 26TH INTERNATIONAL COLLOQUIUM ON AUTOMATA, LANGUAGES AND PROGRAMMING (ICALP '99
, 1999
"... A static dictionary is a data structure for storing subsets of a nite universe U , so that membership queries can be answered efficiently. We study this problem in a unit cost RAM model with word size (log jU j), and show that for nelement subsets, constant worst case query time can be obtained us ..."
Abstract

Cited by 23 (5 self)
 Add to MetaCart
A static dictionary is a data structure for storing subsets of a nite universe U , so that membership queries can be answered efficiently. We study this problem in a unit cost RAM model with word size (log jU j), and show that for nelement subsets, constant worst case query time can be obtained using B +O(log log jU j) + o(n) bits of storage, where B = dlog 2 jUj n e is the minimum number of bits needed to represent all such subsets. For jU j = n log O(1) n the dictionary supports constant time rank queries.
The Generation of Random Numbers That Are Probably Prime
 Journal of Cryptology
, 1988
"... In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomial time. Therefore, factoring would be easy if Rabin's test systematically failed with a 25% probability on each composite integer (which, of course, it does not). The second observation is more fundamental because is it _not_ restricted to primality testing: it has consequences for the entire field of probabilistic algorithms. The failure probability when using a probabilistic algorithm for the purpose of testing some property is compared with that when using it for the purpose of obtaining a random element hopefully having this property. More specifically, we investigate the question of how reliable Rabin's test is when used to _generate_ a random integer that is probably prime, rather than to _test_ a specific integer for primality.
Key words: factorization, false witnesses, primality testing, probabilistic algorithms, Rabin's test.
Constructing Elliptic Curve Cryptosystems in Characteristic 2
, 1998
"... Since the group of an elliptic curve defined over a finite field F_q... The purpose of this paper is to describe how one can search for suitable elliptic curves with random coefficients using Schoof's algorithm. We treat the important special case of characteristic 2, where one has certain simp ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
Since the group of an elliptic curve defined over a finite field F_q... The purpose of this paper is to describe how one can search for suitable elliptic curves with random coefficients using Schoof's algorithm. We treat the important special case of characteristic 2, where one has certain simplifications in some of the algorithms.
Low Redundancy in Dictionaries with O(1) Worst Case Lookup Time
 IN PROC. 26TH INTERNATIONAL COLLOQUIUM ON AUTOMATA, LANGUAGES AND PROGRAMMING (ICALP
, 1998
"... A static dictionary is a data structure for storing subsets of a finite universe U , so that membership queries can be answered efficiently. We study this problem in a unit cost RAM model with word size ze jU j), and show that for nelement subsets, constant worst case query time can be obtain ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
A static dictionary is a data structure for storing subsets of a finite universe U , so that membership queries can be answered efficiently. We study this problem in a unit cost RAM model with word size ze jU j), and show that for nelement subsets, constant worst case query time can be obtained using B +O(log log jU j) + o(n) bits of storage, where B = dlog jU j e is the minimum number of bits needed to represent all such subsets. The solution for dense subsets uses B + O( jU j log log jU j log jU j ) bits of storage, and supports constant time rank queries. In a dynamic setting, allowing insertions and deletions, our techniques give an O(B) bit space usage.
Lecture Notes on Cryptography
, 2001
"... This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shafi Goldwasser’s Cryptography and Cryptanalysis course at MI ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shafi Goldwasser’s Cryptography and Cryptanalysis course at MIT with notes written for Mihir Bellare’s Cryptography and network security course at UCSD. In addition, Rosario Gennaro (as Teaching Assistant for the course in 1996) contributed Section 9.6, Section 11.4, Section 11.5, and Appendix D to the notes, and also compiled, from various sources, some of the problems in Appendix E. Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain the notion of provable security and its usage for the design of secure protocols. Much of the material in Chapters 2, 3 and 7 is a result of scribe notes, originally taken by MIT graduate students who attended Professor Goldwasser’s Cryptography and Cryptanalysis course over the years, and later edited by Frank D’Ippolito who was a teaching assistant for the course in 1991. Frank also contributed much of the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 is from the chapter on Cryptography, by R. Rivest, in the Handbook of Theoretical Computer Science. Chapters 4, 5, 6, 8 and 10, and Sections 9.5 and 7.4.6, were written by Professor Bellare for his Cryptography and network security course at UCSD.
A Short History of Computational Complexity
 IEEE CONFERENCE ON COMPUTATIONAL COMPLEXITY
, 2002
"... this article mention all of the amazing research in computational complexity theory. We survey various areas in complexity choosing papers more for their historical value than necessarily the importance of the results. We hope that this gives an insight into the richness and depth of this still quit ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
this article mention all of the amazing research in computational complexity theory. We survey various areas in complexity choosing papers more for their historical value than necessarily the importance of the results. We hope that this gives an insight into the richness and depth of this still quite young eld
A Lower Bound for Primality
, 1999
"... Recent work by Bernasconi, Damm and Shparlinski proved lower bounds on the circuit complexity of the squarefree numbers, and raised as an open question if similar (or stronger) lower bounds could be proved for the set of prime numbers. In this short note, we answer this question affirmatively, by s ..."
Abstract

Cited by 11 (5 self)
 Add to MetaCart
Recent work by Bernasconi, Damm and Shparlinski proved lower bounds on the circuit complexity of the squarefree numbers, and raised as an open question if similar (or stronger) lower bounds could be proved for the set of prime numbers. In this short note, we answer this question affirmatively, by showing that the set of prime numbers (represented in the usual binary notation) is not contained in AC 0 [p] for any prime p. Similar lower bounds are presented for the set of squarefree numbers, and for the problem of computing the greatest common divisor of two numbers. 1 Introduction What is the computational complexity of the set of prime numbers? There is a large body of work presenting important upper bounds on the complexity of the set of primes (including [AH87, APR83, Mil76, R80, SS77]), but  Supported in part by NSF grant CCR9734918. y Supported in part by NSF grant CCR9700239. z Supported in part by ARC grant A69700294. as was pointed out recently in [BDS98a, BDS9...
Implementation Of The AtkinGoldwasserKilian Primality Testing Algorithm
 RAPPORT DE RECHERCHE 911, INRIA, OCTOBRE
, 1988
"... We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual implem ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual implementation of this test and its use on testing large primes, the records being two numbers of more than 550 decimal digits. Finally, we give a precise answer to the question of the reliability of our computations, providing a certificate of primality for a prime number.
An Approximation Algorithm for the Number of Zeros of Arbitrary Polynomials over GF[q]
 PROC. FOCS
, 1991
"... We design the first polynomial time (for an arbitrary and fixed field GF [q]) (ffl; ffi )approximation algorithm for the number of zeros of arbitrary polynomial f(x 1 ; : : : ; x n ) over GF [q]. It gives the first efficient method for estimating the number of zeros and nonzeros of multivariate po ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
We design the first polynomial time (for an arbitrary and fixed field GF [q]) (ffl; ffi )approximation algorithm for the number of zeros of arbitrary polynomial f(x 1 ; : : : ; x n ) over GF [q]. It gives the first efficient method for estimating the number of zeros and nonzeros of multivariate polynomials over small finite fields other than GF [2] (like GF [3]), the case important for various circuit approximation techniques. The algorithm is based on the estimation of the number of zeros of an arbitrary polynomial f(x 1 ; : : : ; x n ) over GF [q] in the function on the number m of its terms. The bounding ratio number is proved to be m (q\Gamma1) log q which is the main technical contribution of this paper and could be of independent algebraic interest.