Results 1  10
of
27
Discrete Logarithms in Finite Fields and Their Cryptographic Significance
, 1984
"... Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u GF(q) is that integer k, 1 k q  1, for which u = g k . The wellknown problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its appl ..."
Abstract

Cited by 87 (6 self)
 Add to MetaCart
Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u GF(q) is that integer k, 1 k q  1, for which u = g k . The wellknown problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2 n ). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF(2 n ) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF(2 n ) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF(2 n ) ought to be avoided in all cryptographic applications. On the other hand, ...
Efficient blind signatures without random oracles
 In Carlo Blundo and Stelvio Cimato, editors, SCN 2004
, 2004
"... Abstract. The only known blind signature scheme that is secure in the standard model [20] is based on general results about multiparty computation, and thus it is extremely inefficient. The main result of this paper is the first provably secure blind signature scheme which is also efficient. We dev ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
Abstract. The only known blind signature scheme that is secure in the standard model [20] is based on general results about multiparty computation, and thus it is extremely inefficient. The main result of this paper is the first provably secure blind signature scheme which is also efficient. We develop our construction as follows. In the first step, which is a significant result on its own, we devise and prove the security of a new variant for the CramerShoupFischlin signature scheme. We are able to show that for generating signatures, instead of using randomly chosen prime exponents one can securely use randomly chosen odd integer exponents which significantly simplifies the signature generating process. We obtain our blind signing function as a secure and efficient twoparty computation that cleverly exploits its algebraic properties and those of the Paillier encryption scheme. The security of the resulting signing protocol relies on the Strong RSA assumption and the hardness of decisional composite residuosity; we stress that it does not rely on the existence of random oracles. 1
Approximating the number of integers free of large prime factors
 Math. Comp
, 1997
"... Abstract. Define Ψ(x, y) to be the number of positive integers n ≤ x such that n has no prime divisor larger than y. We present a simple algorithm that log log x approximates Ψ(x, y) inO(y { log y + 1}) floating point operations. log log y This algorithm is based directly on a theorem of Hildebrand ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Abstract. Define Ψ(x, y) to be the number of positive integers n ≤ x such that n has no prime divisor larger than y. We present a simple algorithm that log log x approximates Ψ(x, y) inO(y { log y + 1}) floating point operations. log log y This algorithm is based directly on a theorem of Hildebrand and Tenenbaum. We also present data which indicate that this algorithm is more accurate in practice than other known approximations, including the wellknown approximation Ψ(x, y) ≈ xρ(log x / log y), where ρ(u) is Dickman’s function. 1.
On values taken by the largest prime factor of shifted primes
 Journal of the Australian Mathematical Society
"... Let P denote the set of prime numbers, and let P(n) denote the largest prime factor of an integer n> 1. We show that, for every real number 32/17 < η < (4 + 3 √ 2)/4, there exists a constant c(η)> 1 such that for every integer a � = 0, the set � p ∈ P: p = P(q − a) for some prime q with p η < q < c( ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Let P denote the set of prime numbers, and let P(n) denote the largest prime factor of an integer n> 1. We show that, for every real number 32/17 < η < (4 + 3 √ 2)/4, there exists a constant c(η)> 1 such that for every integer a � = 0, the set � p ∈ P: p = P(q − a) for some prime q with p η < q < c(η) p η � has relative asymptotic density one in the set of all prime numbers. Moreover, in the range 2 ≤ η < (4+3 √ 2)/4, one can take c(η) = 1+ε for any fixed ε> 0. In particular, our results imply that for every real number 0.486 ≤ ϑ ≤ 0.531, the relation P(q − a) ≍ q ϑ holds for infinitely many primes q. We use this result to derive a lower bound on the number of distinct prime divisors of the value of the Carmichael function taken on a product of shifted primes. Finally, we study iterates of the map q ↦ → P(q − a) for a> 0, and show that for infinitely many primes q, this map can be iterated at least (log log q) 1+o(1) times before it terminates. 1.
Reciprocals of certain large additive functions
 225—231; MR0619450 (82k:10053). involving Arithmetric Functions 12
, 1981
"... 1. Introduction and statement of results ..."
DENSE EGYPTIAN FRACTIONS
, 1998
"... Abstract. Every positive rational number has representations as Egyptian fractions (sums of reciprocals of distinct positive integers) with arbitrarily many terms and with arbitrarily large denominators. However, such representations normally use a very sparse subset of the positive integers up to t ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. Every positive rational number has representations as Egyptian fractions (sums of reciprocals of distinct positive integers) with arbitrarily many terms and with arbitrarily large denominators. However, such representations normally use a very sparse subset of the positive integers up to the largest denominator. We show that for every positive rational there exist representations as Egyptian fractions whose largest denominator is at most N and whose denominators form a positive proportion of the integers up to N, for sufficiently large N; furthermore, the proportion is within a small factor of best possible. 1.
Arbitrarily Tight Bounds On The Distribution Of Smooth Integers
 Proceedings of the Millennial Conference on Number Theory
, 2002
"... This paper presents lower bounds and upper bounds on the distribution of smooth integers; builds an algebraic framework for the bounds; shows how the bounds can be computed at extremely high speed using FFTbased powerseries exponentiation; explains how one can choose the parameters to achieve ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
This paper presents lower bounds and upper bounds on the distribution of smooth integers; builds an algebraic framework for the bounds; shows how the bounds can be computed at extremely high speed using FFTbased powerseries exponentiation; explains how one can choose the parameters to achieve any desired level of accuracy; and discusses several generalizations.
Approximating the number of integers without large prime factors
 Mathematics of Computation
, 2004
"... Abstract. Ψ(x, y) denotes the number of positive integers ≤ x and free of prime factors>y. Hildebrand and Tenenbaum gave a smooth approximation formula for Ψ(x, y) in the range (log x) 1+ɛ
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. Ψ(x, y) denotes the number of positive integers ≤ x and free of prime factors>y. Hildebrand and Tenenbaum gave a smooth approximation formula for Ψ(x, y) in the range (log x) 1+ɛ <y ≤ x,whereɛ is a fixed positive number ≤ 1/2. In this paper, by modifying their approximation formula, we provide a fast algorithm to approximate Ψ(x, y). The computational complexity of this algorithm is O ( � (log x)(log y)). We give numerical results which show that this algorithm provides accurate estimates for Ψ(x, y) andisfaster than conventional methods such as algorithms exploiting Dickman’s function. 1.
Another generalization of Wiener’s attack on RSA
 Africacrypt 2008. LNCS
, 2008
"... Abstract. A wellknown attack on RSA with low secretexponent d was given by Wiener in 1990. Wiener showed that using the equation ed − (p − 1)(q − 1)k = 1 and continued fractions, one can efficiently recover the secretexponent d and factor N = pq from the public key (N, e) as long as d < 1 3 N 1 4 ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
Abstract. A wellknown attack on RSA with low secretexponent d was given by Wiener in 1990. Wiener showed that using the equation ed − (p − 1)(q − 1)k = 1 and continued fractions, one can efficiently recover the secretexponent d and factor N = pq from the public key (N, e) as long as d < 1 3 N 1 4. In this paper, we present a generalization of Wiener’s attack. We show that every public exponent e that satisfies eX − (p − u)(q − v)Y = 1 with 1 ≤ Y < X < 2 − 1 4 N 1 4, u  < N 1 [ 4, v = − qu p − u and all prime factors of p − u or q − v are less than 10 50 yields the factorization of N = pq. We show that the number of these exponents is at least N 1 2 −ε.