Results 1 - 10
of
23
Discrete Logarithms in Finite Fields and Their Cryptographic Significance
, 1984
"... Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u GF(q) is that integer k, 1 k q - 1, for which u = g k . The well-known problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its appl ..."
Abstract
-
Cited by 73 (6 self)
- Add to MetaCart
Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u GF(q) is that integer k, 1 k q - 1, for which u = g k . The well-known problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2 n ). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF(2 n ) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF(2 n ) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF(2 n ) ought to be avoided in all cryptographic applications. On the other hand, ...
Efficient blind signatures without random oracles
- In Carlo Blundo and Stelvio Cimato, editors, SCN 2004
, 2004
"... Abstract. The only known blind signature scheme that is secure in the standard model [20] is based on general results about multi-party computation, and thus it is extremely inefficient. The main result of this paper is the first provably secure blind signature scheme which is also efficient. We dev ..."
Abstract
-
Cited by 12 (1 self)
- Add to MetaCart
Abstract. The only known blind signature scheme that is secure in the standard model [20] is based on general results about multi-party computation, and thus it is extremely inefficient. The main result of this paper is the first provably secure blind signature scheme which is also efficient. We develop our construction as follows. In the first step, which is a significant result on its own, we devise and prove the security of a new variant for the Cramer-Shoup-Fischlin signature scheme. We are able to show that for generating signatures, instead of using randomly chosen prime exponents one can securely use randomly chosen odd integer exponents which significantly simplifies the signature generating process. We obtain our blind signing function as a secure and efficient two-party computation that cleverly exploits its algebraic properties and those of the Paillier encryption scheme. The security of the resulting signing protocol relies on the Strong RSA assumption and the hardness of decisional composite residuosity; we stress that it does not rely on the existence of random oracles. 1
Approximating the number of integers free of large prime factors
- Math. Comp
, 1997
"... Abstract. Define Ψ(x, y) to be the number of positive integers n ≤ x such that n has no prime divisor larger than y. We present a simple algorithm that log log x approximates Ψ(x, y) inO(y { log y + 1}) floating point operations. log log y This algorithm is based directly on a theorem of Hildebrand ..."
Abstract
-
Cited by 8 (1 self)
- Add to MetaCart
Abstract. Define Ψ(x, y) to be the number of positive integers n ≤ x such that n has no prime divisor larger than y. We present a simple algorithm that log log x approximates Ψ(x, y) inO(y { log y + 1}) floating point operations. log log y This algorithm is based directly on a theorem of Hildebrand and Tenenbaum. We also present data which indicate that this algorithm is more accurate in practice than other known approximations, including the well-known approximation Ψ(x, y) ≈ xρ(log x / log y), where ρ(u) is Dickman’s function. 1.
On values taken by the largest prime factor of shifted primes
- Journal of the Australian Mathematical Society
"... Let P denote the set of prime numbers, and let P(n) denote the largest prime factor of an integer n> 1. We show that, for every real number 32/17 < η < (4 + 3 √ 2)/4, there exists a constant c(η)> 1 such that for every integer a � = 0, the set � p ∈ P: p = P(q − a) for some prime q with p η < q < c( ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
Let P denote the set of prime numbers, and let P(n) denote the largest prime factor of an integer n> 1. We show that, for every real number 32/17 < η < (4 + 3 √ 2)/4, there exists a constant c(η)> 1 such that for every integer a � = 0, the set � p ∈ P: p = P(q − a) for some prime q with p η < q < c(η) p η � has relative asymptotic density one in the set of all prime numbers. Moreover, in the range 2 ≤ η < (4+3 √ 2)/4, one can take c(η) = 1+ε for any fixed ε> 0. In particular, our results imply that for every real number 0.486 ≤ ϑ ≤ 0.531, the relation P(q − a) ≍ q ϑ holds for infinitely many primes q. We use this result to derive a lower bound on the number of distinct prime divisors of the value of the Carmichael function taken on a product of shifted primes. Finally, we study iterates of the map q ↦ → P(q − a) for a> 0, and show that for infinitely many primes q, this map can be iterated at least (log log q) 1+o(1) times before it terminates. 1.
Arbitrarily Tight Bounds On The Distribution Of Smooth Integers
- Proceedings of the Millennial Conference on Number Theory
, 2002
"... This paper presents lower bounds and upper bounds on the distribution of smooth integers; builds an algebraic framework for the bounds; shows how the bounds can be computed at extremely high speed using FFT-based power-series exponentiation; explains how one can choose the parameters to achieve ..."
Abstract
-
Cited by 3 (1 self)
- Add to MetaCart
This paper presents lower bounds and upper bounds on the distribution of smooth integers; builds an algebraic framework for the bounds; shows how the bounds can be computed at extremely high speed using FFT-based power-series exponentiation; explains how one can choose the parameters to achieve any desired level of accuracy; and discusses several generalizations.
Approximating the number of integers without large prime factors
- Mathematics of Computation
, 2004
"... Abstract. Ψ(x, y) denotes the number of positive integers ≤ x and free of prime factors>y. Hildebrand and Tenenbaum gave a smooth approximation formula for Ψ(x, y) in the range (log x) 1+ɛ
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
Abstract. Ψ(x, y) denotes the number of positive integers ≤ x and free of prime factors>y. Hildebrand and Tenenbaum gave a smooth approximation formula for Ψ(x, y) in the range (log x) 1+ɛ <y ≤ x,whereɛ is a fixed positive number ≤ 1/2. In this paper, by modifying their approximation formula, we provide a fast algorithm to approximate Ψ(x, y). The computational complexity of this algorithm is O ( � (log x)(log y)). We give numerical results which show that this algorithm provides accurate estimates for Ψ(x, y) andisfaster than conventional methods such as algorithms exploiting Dickman’s function. 1.
Multivariate Diophantine equations with many solutions
"... Among other things we show that for each n-tuple of positive rational numbers (a 1 ; : : : ; a n ) there are sets of primes S of arbitrarily large cardinality s such that the solutions of the equation a 1 x 1 + +a n x n = 1 with x 1 ; : : : ; x n S-units are not contained in fewer than exp((4 + ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
Among other things we show that for each n-tuple of positive rational numbers (a 1 ; : : : ; a n ) there are sets of primes S of arbitrarily large cardinality s such that the solutions of the equation a 1 x 1 + +a n x n = 1 with x 1 ; : : : ; x n S-units are not contained in fewer than exp((4 + o(1))s 1=2 (log s) 1=2 ) proper linear subspaces of C n . This generalizes a result of Erd}os, Stewart and Tijdeman [7] for S-unit equations in two variables. Further, we prove that for any algebraic number eld K of degree n, any integer m with 1 m < n, and any suciently large s there are integers 0 ; : : : ; m in K which are linearly independent over Q , and prime numbers p 1 ; : : : ; p s , such that the norm polynomial equation jN K=Q ( 0 + 1 x 1 + + mxm )j = p z1 1 p zs s has at least expf(1+o(1)) n m s m=n (log s) 1+m=n g solutions in x 1 ; : : : ; xm ; z 1 ; : : : ; z s 2 Z. This generalizes a result of Moree and Stewart [19] for m = 1. Our main tool, also established in this paper, is an eective lower bound for the number K;T (X; Y ) of ideals in a number eld K of norm X composed of prime ideals which lie outside a given nite set of prime ideals T and which have norm Y . This generalizes results of Caneld, Erd}os and Pomerance [6] and of Moree and Stewart [19]. 2000 Mathematics Subject Classication: 11D57, 11D61. The research of the third author was supported in part by Grant A3528 from the Natural Sciences and Engineering Research Council of Canada. 1 1
Reciprocals of certain large additive functions
- 225—231; MR0619450 (82k:10053). involving Arithmetric Functions 12
, 1981
"... 1. Introduction and statement of results ..."
DENSE EGYPTIAN FRACTIONS
, 1998
"... Abstract. Every positive rational number has representations as Egyptian fractions (sums of reciprocals of distinct positive integers) with arbitrarily many terms and with arbitrarily large denominators. However, such representations normally use a very sparse subset of the positive integers up to t ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
Abstract. Every positive rational number has representations as Egyptian fractions (sums of reciprocals of distinct positive integers) with arbitrarily many terms and with arbitrarily large denominators. However, such representations normally use a very sparse subset of the positive integers up to the largest denominator. We show that for every positive rational there exist representations as Egyptian fractions whose largest denominator is at most N and whose denominators form a positive proportion of the integers up to N, for sufficiently large N; furthermore, the proportion is within a small factor of best possible. 1.
Fast Bounds on the Distribution of Smooth Numbers ⋆
"... Abstract. Let P(n) denote the largest prime divisor of n, andlet Ψ(x,y) be the number of integers n ≤ x with P(n) ≤ y. Inthispaper we present improvements to Bernstein’s algorithm, which finds rigorous upper and lower bounds for Ψ(x,y). Bernstein’s original algorithm runs in time roughly linear in ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
Abstract. Let P(n) denote the largest prime divisor of n, andlet Ψ(x,y) be the number of integers n ≤ x with P(n) ≤ y. Inthispaper we present improvements to Bernstein’s algorithm, which finds rigorous upper and lower bounds for Ψ(x,y). Bernstein’s original algorithm runs in time roughly linear in y. Our first, easy improvement runs in time roughly y 2/3. Then, assuming the Riemann Hypothesis, we show how to drastically improve this. In particular, if log y is a fractional power of log x, which is true in applications to factoring and cryptography, then our new algorithm has a running time that is polynomial in log y, and gives bounds as tight as, and often tighter than, Bernstein’s algorithm. 1
