Results 1  10
of
20
Discrete logarithms in gf(p) using the number field sieve
 SIAM J. Discrete Math
, 1993
"... Recently, several algorithms using number field sieves have been given to factor a number n in heuristic expected time Ln[1/3; c], where Ln[v; c] = exp{(c + o(1))(log n) v (log log n) 1−v}, for n → ∞. In this paper we present an algorithm to solve the discrete logarithm problem for GF (p) with heur ..."
Abstract

Cited by 88 (1 self)
 Add to MetaCart
(Show Context)
Recently, several algorithms using number field sieves have been given to factor a number n in heuristic expected time Ln[1/3; c], where Ln[v; c] = exp{(c + o(1))(log n) v (log log n) 1−v}, for n → ∞. In this paper we present an algorithm to solve the discrete logarithm problem for GF (p) with heuristic expected running time Lp[1/3; 3 2/3]. For numbers of a special form, there is an asymptotically slower but more practical version of the algorithm.
The Irreducibility Of The Bessel Polynomials
"... this paper, we resolve this conjecture and establish the following generalization. ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
this paper, we resolve this conjecture and establish the following generalization.
The irreducibility of all but finitely many Bessel polynomials
, 1995
"... this paper, we prove that y n (x) is irreducible for all but finitely many (possibly 0) positive integers n. Although the current methods lead to an effective bound on the number of reducible y n (x), such a bound would be quite large and we do not concern ourselves with it. The coefficient of x ..."
Abstract

Cited by 15 (6 self)
 Add to MetaCart
this paper, we prove that y n (x) is irreducible for all but finitely many (possibly 0) positive integers n. Although the current methods lead to an effective bound on the number of reducible y n (x), such a bound would be quite large and we do not concern ourselves with it. The coefficient of x
Symmetric Polynomials over Z_m and Simultaneous Communication Protocols
 Proceedings of the 44 th Annual Symposium on the Foundations of Computer Science
, 2003
"... We study the problem of representing symmetric Boolean functions as symmetric polynomials over Zm . We show an equivalence between such representations and simultaneous communication protocols. Computing a function f on 0 1 inputs with a polynomial of degree d modulo pq is equivalent to a two player ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
(Show Context)
We study the problem of representing symmetric Boolean functions as symmetric polynomials over Zm . We show an equivalence between such representations and simultaneous communication protocols. Computing a function f on 0 1 inputs with a polynomial of degree d modulo pq is equivalent to a two player simultaneous protocol for computing f where one player is given the first dlog p de digits of the weight in base p and the other is given the first dlog q de digits of the weight in base q. This reduces the problem of proving bounds on the degree of symmetric polynomials to proving bounds on simultaneous communication protocols. We use this equivalence to show lower bounds of on symmetric polynomials weakly representing classes of Mod r and Threshold functions. Previously the best known lower bound for symmetric polynomials weakly representing any function over Zm was n [1] where t is the number of distinct prime factors of m. We show there exist symmetric polynomials over Zm of degree o(n) strongly representing Threshold c for c constant, using the fact that the number of solutions of certain exponential Diophantine equations are finite. Conversely, the fact that the degree is o(n) implies that some classes of Diophantine equations can have only finitely many solutions. Our results give simplifications of many previously known results and show that polynomial representations are intimately related to certain questions in number theory.
Prime Numbers and Irreducible Polynomials
"... The similarity between prime numbers and irreducible polynomials has been a dominant theme in the development of number theory and algebraic geometry. There are certain conjectures indicating that the connection goes well beyond analogy. For example, there is a famous conjecture of Buniakowski formu ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
The similarity between prime numbers and irreducible polynomials has been a dominant theme in the development of number theory and algebraic geometry. There are certain conjectures indicating that the connection goes well beyond analogy. For example, there is a famous conjecture of Buniakowski formulated in 1854 (see Lang [3, p. 323]), independently reformulated by Schinzel, to the effect that any irreducible polynomial f (x) in Z[x] such that the set of values f (Z +) has no common divisor larger than 1 represents prime numbers infinitely often. In this instance, the theme is to produce prime numbers from irreducible polynomials. This conjecture is still one of the major unsolved problems in number theory when the degree of f is greater than one. When f is linear, the conjecture is true, of course, and follows from Dirichlet’s theorem on primes in arithmetic progressions. It is not difficult to see that the converse of the Buniakowski conjecture is true; namely, if a polynomial represents prime numbers infinitely often, then it is an irreducible polynomial. To see this, let us try to factor f (x) = g(x)h(x) with g(x) and h(x) in Z[x] of positive degree. The fact that f (x) takes prime values infinitely often
The number field sieve for integers of low weight
, 2006
"... Abstract. We define the weight of an integer N to be the smallest w such that N can be represented as ∑w i=1 ɛi2ci,withɛ1,...,ɛw ∈{1, −1}. Since arithmetic modulo a prime of low weight is particularly efficient, it is tempting to use such primes in cryptographic protocols. In this paper we consider ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We define the weight of an integer N to be the smallest w such that N can be represented as ∑w i=1 ɛi2ci,withɛ1,...,ɛw ∈{1, −1}. Since arithmetic modulo a prime of low weight is particularly efficient, it is tempting to use such primes in cryptographic protocols. In this paper we consider the difficulty of the discrete logarithm problem modulo a prime N of low weight, as well as the difficulty of factoring an integer N of low weight. We describe a version of the number field sieve which handles both problems. In the case that w = 2, the method is the same as the special number field sieve, which runs conjecturally in time exp(((32/9) 1/3 + o(1))(log N) 1/3 (log log N) 2/3)for N →∞. For fixed w>2, we conjecture that there is a constant ξ less than (32/9) 1/3 ((2w − 3)/(w − 1)) 1/3 such that the running time of the algorithm is at most exp((ξ + o(1))(log N) 1/3 (log log N) 2/3)forN→∞. We further conjecture that no ξ less than (32/9) 1/3 ( ( √ 2w − 2 √ 2+1)/(w − 1)) 2/3 has this property. Our analysis reveals that on average the method performs significantly better than it does in the worst case. We consider all the examples given in a recent paper of Koblitz and Menezes and demonstrate that in every case but one, our algorithm runs faster than the standard versions of the number field sieve. 1.
Squarefree Values Of Polynomials All Of Whose Coefficients Are 0 And 1
 Acta Arith
, 1996
"... this paper is to establish two results concerning the polynomials in S. ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
this paper is to establish two results concerning the polynomials in S.
An Estimate For The Number Of Reducible Bessel Polynomials Of Bounded Degree
 Colloq. Math
, 1993
"... this paper is to give a further sharpening. Theorem. The number of n # t for which y n (x) is reducible is # t 2/3 . The first author's earlier work used the Tchebotarev Density Theorem, but the proof given here uses only elementary estimates. Our starting point is the Corollary to Lemm ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
this paper is to give a further sharpening. Theorem. The number of n # t for which y n (x) is reducible is # t 2/3 . The first author's earlier work used the Tchebotarev Density Theorem, but the proof given here uses only elementary estimates. Our starting point is the Corollary to Lemma 2 in [1], which states that if (1) # # # pn(n+1) p # # 2 # # # # # p(n1) p odd p # # # # # # # # # p(n+2) p>3 p # # # # >n 2 (n +1) 2 , then y n (x) is irreducible. We shall show that (1) holds for most n by showing that the nonsquarefree part of (n  1)n(n + 1)(n + 2) is typically very small. 2. Preliminaries For every positive integer n, we define a n = # p # #n # odd p and b n = # p # #n p [#/2] , where p # # n denotes, as usual, that p # is the highest power of p dividing n.We then have that n = a n b 2 n and that (2) a n # # pn p. In the next lemma, we use (2) to state (1) in a more usable form. The second author was supported in part by a grant from the National Security Agency 2 M. FILASETA AND S.W. GRAHAM Lemma 1. If y n (x) is reducible and t<n# 2t then b n1 b 2 n b 2 n+1 b n+2 > 1 3 t. Proof. From (1) and (2), we see that if y n (x) is reducible, then n  1 b 2 n1 n 2 b 4 n (n +1) 2 b 4 n+1 n +2 b 2 n+2 # 6n 2 (n +1) 2 . The result now follows. Lemma 2. If y is a positive real number, then #{n # (t, 2t]:b n >y}# t y + t 1/2 . Proof. The lefthand side is at most # t<n#2t # b 2 n b>y 1 # # y<b# # 2t # t b 2 +1 # # t y + t 1/2 . Lemma 3. If z # 2 and y are real numbers, then #{n # (t, 2t]:b n b n+1 >z,b n # y, and b n+1 # y}# t log z z + y 2 . Proof. The lefthand side is (3) # # t<n#2t # b 2 n,c 2 (n+1) bc>z,b#y,c#y 1 # # bc>z...
An experiment of Number Field Sieve for discrete logarithm problem over GF (p12
 In Number Theory and Cryptography
, 2013
"... The security of pairingbased cryptography is based on the hardness of solving the discrete logarithm problem (DLP) over an extension field GF(pn) of characteristic p and degree n. Joux et al. proposed the asymptotically fastest algorithm for solving DLPs over GF(pn) (JLSV06NFS). This algorithm is ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
The security of pairingbased cryptography is based on the hardness of solving the discrete logarithm problem (DLP) over an extension field GF(pn) of characteristic p and degree n. Joux et al. proposed the asymptotically fastest algorithm for solving DLPs over GF(pn) (JLSV06NFS). This algorithm is an extension of the number field sieve over the prime field GF(p) (JL03NFS). The lattice sieve is often used in largescaled experiments on solving DLPs over GF(p). Franke and Kleinjung proposed a twodimensional lattice sieve that efficiently enumerates all the points in a given sieve region of the lattice. However, we have to consider a sieve region of more than two dimensions in the lattice sieve of JLSV06NFS. In this paper, we presented an implementation of the number field sieve for solving the DLP over an extension field GF(pn) that underpinned the security of pairingbased cryptography. Especially we proposed the implementation of the lattice sieve of more than two dimensions. In our experiment, we discussed the