Results 1  10
of
673
Quantum Error Correction Via Codes Over GF(4)
, 1997
"... The problem of finding quantumerrorcorrecting codes is transformed into the problem of finding additive codes over the field GF(4) which are selforthogonal with respect to a certain trace inner product. Many new codes and new bounds are presented, as well as a table of upper and lower bounds on s ..."
Abstract

Cited by 232 (18 self)
 Add to MetaCart
The problem of finding quantumerrorcorrecting codes is transformed into the problem of finding additive codes over the field GF(4) which are selforthogonal with respect to a certain trace inner product. Many new codes and new bounds are presented, as well as a table of upper and lower bounds on such codes of length up to 30 qubits.
A Gröbner free alternative for polynomial system solving
 Journal of Complexity
, 2001
"... Given a system of polynomial equations and inequations with coefficients in the field of rational numbers, we show how to compute a geometric resolution of the set of common roots of the system over the field of complex numbers. A geometric resolution consists of a primitive element of the algebraic ..."
Abstract

Cited by 82 (17 self)
 Add to MetaCart
Given a system of polynomial equations and inequations with coefficients in the field of rational numbers, we show how to compute a geometric resolution of the set of common roots of the system over the field of complex numbers. A geometric resolution consists of a primitive element of the algebraic extension defined by the set of roots, its minimal polynomial and the parametrizations of the coordinates. Such a representation of the solutions has a long history which goes back to Leopold Kronecker and has been revisited many times in computer algebra. We introduce a new generation of probabilistic algorithms where all the computations use only univariate or bivariate polynomials. We give a new codification of the set of solutions of a positive dimensional algebraic variety relying on a new global version of Newton’s iterator. Roughly speaking the complexity of our algorithm is polynomial in some kind of degree of the system, in its height, and linear in the complexity of evaluation
Computing the equidimensional decomposition of an algebraic closed set by means of lifting fibers
 J. Complexity
, 2000
"... We present a new probabilistic method for solving systems of polynomial equations and inequations. Our algorithm computes the equidimensional decomposition of the Zariski closure of the solution set of such systems. Each equidimensional component is encoded by a generic fiber, that is a finite set o ..."
Abstract

Cited by 56 (2 self)
 Add to MetaCart
We present a new probabilistic method for solving systems of polynomial equations and inequations. Our algorithm computes the equidimensional decomposition of the Zariski closure of the solution set of such systems. Each equidimensional component is encoded by a generic fiber, that is a finite set of points obtained from the intersection of the component with a generic transverse affine subspace. Our algorithm is incremental in the number of equations to be solved. Its complexity is mainly cubic in the maximum of the degrees of the solution sets of the intermediate systems counting multiplicities. Our method is designed for coefficient fields having characteristic zero or big enough with respect to the number of solutions. If the base field is the field of the rational numbers then the resolution is first performed modulo a random prime number after we have applied a random change of coordinates. Then we search for coordinates with small integers and lift the solutions up to the rational numbers. Our implementation is available within our package Kronecker from version 0.166, which is written in the Magma computer algebra system. 1
A new approach to the conjugacy problem in Garside groups
, 2008
"... The cycling operation endows the super summit set Sx of any element x of a Garside group G with the structure of a directed graph Γx. We establish that the subset Ux of Sx consisting of the circuits of Γx can be used instead of Sx for deciding conjugacy to x in G, yielding a faster and more practica ..."
Abstract

Cited by 45 (6 self)
 Add to MetaCart
The cycling operation endows the super summit set Sx of any element x of a Garside group G with the structure of a directed graph Γx. We establish that the subset Ux of Sx consisting of the circuits of Γx can be used instead of Sx for deciding conjugacy to x in G, yielding a faster and more practical solution to the conjugacy problem for Garside groups. Moreover, we present a probabilistic approach to the conjugacy search problem in Garside groups. The results are likely to have implications for the security of recently proposed cryptosystems based on the hardness of problems related to the conjugacy (search) problem in braid groups.
Efficient and generalized pairing computation on Abelian varieties
, 2008
"... In this paper, we propose a new method for constructing a bilinear pairing over (hyper)elliptic curves, which we call the Rate pairing. This pairing is a generalization of the Ate and Atei pairing, and also improves efficiency of the pairing computation. Using the Rate pairing, the loop length in ..."
Abstract

Cited by 42 (2 self)
 Add to MetaCart
In this paper, we propose a new method for constructing a bilinear pairing over (hyper)elliptic curves, which we call the Rate pairing. This pairing is a generalization of the Ate and Atei pairing, and also improves efficiency of the pairing computation. Using the Rate pairing, the loop length in Miller’s algorithm can be as small as log(r 1/φ(k) ) for some pairingfriendly elliptic curves which have not reached this lower bound. Therefore we obtain from 29 % to 69 % savings in overall costs compared to the Atei pairing. On supersingular hyperelliptic curves of genus 2, we show that this approach makes the loop length in Miller’s algorithm shorter than that of the Ate pairing.
Classical and modular approaches to exponential Diophantine equations I. Fibonacci and Lucas perfect powers
 Annals of Math
"... Abstract. This is the second in a series of papers where we combine the classical approach to exponential Diophantine equations (linear forms in logarithms, Thue equations, etc.) with a modular approach based on some of the ideas of the proof of Fermat’s Last Theorem. In this paper we use a general ..."
Abstract

Cited by 33 (13 self)
 Add to MetaCart
Abstract. This is the second in a series of papers where we combine the classical approach to exponential Diophantine equations (linear forms in logarithms, Thue equations, etc.) with a modular approach based on some of the ideas of the proof of Fermat’s Last Theorem. In this paper we use a general and powerful new lower bound for linear forms in three logarithms, together with a combination of classical, elementary and substantially improved modular methods to solve completely the LebesgueNagell equation for D in the range 1 ≤ D ≤ 100. x 2 + D = y n, x, y integers, n ≥ 3, 1.
Ordinary abelian varieties having small embedding degree
 IN PROC. WORKSHOP ON MATHEMATICAL PROBLEMS AND TECHNIQUES IN CRYPTOLOGY
, 2004
"... Miyaji, Nakabayashi and Takano (MNT) gave families of group orders of ordinary elliptic curves with embedding degree suitable for pairing applications. In this paper we generalise their results by giving families corresponding to nonprime group orders. We also consider the case of ordinary abelia ..."
Abstract

Cited by 32 (1 self)
 Add to MetaCart
Miyaji, Nakabayashi and Takano (MNT) gave families of group orders of ordinary elliptic curves with embedding degree suitable for pairing applications. In this paper we generalise their results by giving families corresponding to nonprime group orders. We also consider the case of ordinary abelian varieties of dimension 2. We give families of group orders with embedding degrees 5, 10 and 12.
Optimal Pairings
"... Abstract. In this paper we introduce the concept of an optimal pairing, which by definition can be computed using only log 2 r/ϕ(k) basic Miller iterations, with r the order of the groups involved and k the embedding degree. We describe an algorithm to construct optimal ate pairings on all parametri ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
Abstract. In this paper we introduce the concept of an optimal pairing, which by definition can be computed using only log 2 r/ϕ(k) basic Miller iterations, with r the order of the groups involved and k the embedding degree. We describe an algorithm to construct optimal ate pairings on all parametrized families of pairing friendly elliptic curves. Finally, we conjecture that any nondegenerate pairing on an elliptic curve without efficiently computable endomorphisms different from powers of Frobenius requires at least log 2 r/ϕ(k) basic Miller iterations.
Extended gcd and Hermite normal form algorithms via lattice basis reduction
 Experimental Mathematics
, 1998
"... Extended gcd calculation has a long history and plays an important role in computational number theory and linear algebra. Recent results have shown that finding optimal multipliers in extended gcd calculations is difficult. We present an algorithm which uses lattice basis reduction to produce small ..."
Abstract

Cited by 32 (6 self)
 Add to MetaCart
Extended gcd calculation has a long history and plays an important role in computational number theory and linear algebra. Recent results have shown that finding optimal multipliers in extended gcd calculations is difficult. We present an algorithm which uses lattice basis reduction to produce small integer multipliers x1,..., xm for the equation d = gcd (d1,..., dm) = x1d1 + · · · + xmdm, where d1,..., dm are given integers. The method generalises to produce small unimodular transformation matrices for computing the Hermite normal form of an integer matrix. 1
Can Homomorphic Encryption be Practical?
"... Abstract. The prospect of outsourcing an increasing amount of data storage and management to cloud services raises many new privacy concerns for individuals and businesses alike. The privacy concerns can be satisfactorily addressed if users encrypt the data they send to the cloud. If the encryption ..."
Abstract

Cited by 30 (2 self)
 Add to MetaCart
Abstract. The prospect of outsourcing an increasing amount of data storage and management to cloud services raises many new privacy concerns for individuals and businesses alike. The privacy concerns can be satisfactorily addressed if users encrypt the data they send to the cloud. If the encryption scheme is homomorphic, the cloud can still perform meaningful computations on the data, even though it is encrypted. In fact, we now know a number of constructions of fully homomorphic encryption schemes that allow arbitrary computation on encrypted data. In the last two years, solutions for fully homomorphic encryption have been proposed and improved upon, but it is hard to ignore the elephant in the room, namely efficiency – can homomorphic encryption ever be efficient enough to be practical? Certainly, it seems that all known fully homomorphic encryption schemes have a long way to go before they can be used in practice. Given this state of affairs, our contribution is twofold. First, we exhibit a number of realworld applications, in the medical, financial, and the advertising domains, which require only that the encryption scheme is “somewhat ” homomorphic. Somewhat homomorphic encryption schemes, which support a limited number of homomorphic operations, can be much faster, and more compact than fully homomorphic encryption schemes. Secondly, we show a proofofconcept implementation of the recent somewhat homomorphic encryption scheme of Brakerski and Vaikuntanathan, whose security relies on the “ring learning with errors ” (Ring LWE) problem. The system is very efficient, and has reasonably short ciphertexts. Our unoptimized implementation in magma enjoys comparable efficiency to even optimized pairingbased schemes with the same level of security and homomorphic capacity. We also show a number of applicationspecific optimizations to the encryption scheme, most notably the ability to convert between different message encodings in a ciphertext.