Results 1  10
of
19
Constructing Isogenies Between Elliptic Curves Over Finite Fields
 LMS J. Comput. Math
, 1999
"... Let E 1 and E 2 be ordinary elliptic curves over a finite field Fp such that #E1 (Fp ) = #E2 (Fp ). Tate's isogeny theorem states that there is an isogeny from E1 to E2 which is defined over Fp . The goal of this paper is to describe a probabilistic algorithm for constructing such an isogeny. ..."
Abstract

Cited by 31 (4 self)
 Add to MetaCart
Let E 1 and E 2 be ordinary elliptic curves over a finite field Fp such that #E1 (Fp ) = #E2 (Fp ). Tate's isogeny theorem states that there is an isogeny from E1 to E2 which is defined over Fp . The goal of this paper is to describe a probabilistic algorithm for constructing such an isogeny.
Open Problems in Number Theoretic Complexity, II
"... this paper contains a list of 36 open problems in numbertheoretic complexity. We expect that none of these problems are easy; we are sure that many of them are hard. This list of problems reflects our own interests and should not be viewed as definitive. As the field changes and becomes deeper, new ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
this paper contains a list of 36 open problems in numbertheoretic complexity. We expect that none of these problems are easy; we are sure that many of them are hard. This list of problems reflects our own interests and should not be viewed as definitive. As the field changes and becomes deeper, new problems will emerge and old problems will lose favor. Ideally there will be other `open problems' papers in future ANTS proceedings to help guide the field. It is likely that some of the problems presented here will remain open for the forseeable future. However, it is possible in some cases to make progress by solving subproblems, or by establishing reductions between problems, or by settling problems under the assumption of one or more well known hypotheses (e.g. the various extended Riemann hypotheses, NP 6= P; NP 6= coNP). For the sake of clarity we have often chosen to state a specific version of a problem rather than a general one. For example, questions about the integers modulo a prime often have natural generalizations to arbitrary finite fields, to arbitrary cyclic groups, or to problems with a composite modulus. Questions about the integers often have natural generalizations to the ring of integers in an algebraic number field, and questions about elliptic curves often generalize to arbitrary curves or abelian varieties. The problems presented here arose from many different places and times. To those whose research has generated these problems or has contributed to our present understanding of them but to whom inadequate acknowledgement is given here, we apologize. Our list of open problems is derived from an earlier `open problems' paper we wrote in 1986 [AM86]. When we wrote the first version of this paper, we feared that the problems presented were so difficult...
Computing the endomorphism ring of an ordinary elliptic curve over a finite field
 Journal of Number Theory
"... Abstract. We present two algorithms to compute the endomorphism ring of an ordinary elliptic curve E defined over a finite field Fq. Under suitable heuristic assumptions, both have subexponential complexity. We bound the complexity of the first algorithm in terms of log q, while our bound for the se ..."
Abstract

Cited by 15 (7 self)
 Add to MetaCart
Abstract. We present two algorithms to compute the endomorphism ring of an ordinary elliptic curve E defined over a finite field Fq. Under suitable heuristic assumptions, both have subexponential complexity. We bound the complexity of the first algorithm in terms of log q, while our bound for the second algorithm depends primarily on log DE, where DE is the discriminant of the order isomorphic to End(E). As a byproduct, our method yields a short certificate that may be used to verify that the endomorphism ring is as claimed. 1.
Efficiency and Security of Cryptosystems Based on Number Theory
, 1996
"... , 44 equivalent, 48 admissible, 19 associated, 48 binary addition chain, 45 binary method, 43, 63 Carmichael function, 4 Carmichael number, 16, 29 Chinese Remainder Theorem, 5 complex extension, 3 conjugate, 3 CRT, 5 Dickson polynomials, 11 doubling step, 63 dual, 48 Fermat test, 15, 16 graph reduce ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
, 44 equivalent, 48 admissible, 19 associated, 48 binary addition chain, 45 binary method, 43, 63 Carmichael function, 4 Carmichael number, 16, 29 Chinese Remainder Theorem, 5 complex extension, 3 conjugate, 3 CRT, 5 Dickson polynomials, 11 doubling step, 63 dual, 48 Fermat test, 15, 16 graph reduced, 48 group of units, 3 indegree, 45 Jacobi symbol, 6 Legendre symbol, 5 Lucas chain, 62 composite, 63 degenerate, 63 simple, 63 Lucas sequence, 8 Mathematica, 23, 41 MillerRabin test, 18 norm, 3 order of a group element, 7 outdegree, 45 Pocklington, 25 probable prime, 15 pseudoprimality, 2 BIBLIOGRAPHY 85 [R'ed48] L. R'edei. Uber eindeutig umkehrbare Polynome in endlichen Korpern. Acta Sci. Math., 11:7176, 194648. [Rie85] H. Riesel. Prime Numbers and Computer Methods for Factorization. Birkhauser, 1985. [RLS + 93] R. A. Rueppel, A. K. Lenstra, M. E. Smid, K. S. McCurley, Y. Desmedt, A. Odlyzko, and P. Landrock. Panel
On the distribution of quadratic residues and nonresidues modulo a prime number
 Mathematics of Computation
, 1992
"... you have obtained prior permission, you may not download an entire issue of a journal or multiple copies of articles, and you may use content in the JSTOR archive only for your personal, noncommercial use. Please contact the publisher regarding any further use of this work. Publisher contact inform ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
you have obtained prior permission, you may not download an entire issue of a journal or multiple copies of articles, and you may use content in the JSTOR archive only for your personal, noncommercial use. Please contact the publisher regarding any further use of this work. Publisher contact information may be obtained at.
On constructing 11 oneway functions
 Electronic Colloquium on Computational Complexity (ECCC
, 1995
"... Abstract. We show how to construct lengthpreserving 11 oneway functions based on popular intractability assumptions (e.g., RSA, DLP). Such 11 functions should not be confused with (infinite) families of (finite) oneway permutations. What we want and obtain is a single (infinite) 11 oneway fun ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
Abstract. We show how to construct lengthpreserving 11 oneway functions based on popular intractability assumptions (e.g., RSA, DLP). Such 11 functions should not be confused with (infinite) families of (finite) oneway permutations. What we want and obtain is a single (infinite) 11 oneway function.
Generating Random Factored Numbers, Easily
, 2003
"... Consider the problem of generating a random “prefactored ” number, that is, a uniformly random number between 1 and n, along with its prime factorization. Of course, one could pick a random number in this range and try to factor it, but there are no known polynomialtime factoring algorithms. In his ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
Consider the problem of generating a random “prefactored ” number, that is, a uniformly random number between 1 and n, along with its prime factorization. Of course, one could pick a random number in this range and try to factor it, but there are no known polynomialtime factoring algorithms. In his dissertation, Bach presents an efficient algorithm for this problem [1], [2]. Here, we present a significantly simpler algorithm and analysis for the same problem. Our algorithm is, however, a log(n) factor less efficient.
On the Implementation of Huge Random Objects
 IN 44TH ANNUAL SYMPOSIUM ON FOUNDATIONS OF COMPUTER SCIENCE
, 2003
"... We initiate a general study of pseudorandom implementations of huge random objects, and apply it to a few areas in which random objects occur naturally. For example, a random object being considered may be a random connected graph, a random boundeddegreegraph, or a random errorcorrecting code with ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
We initiate a general study of pseudorandom implementations of huge random objects, and apply it to a few areas in which random objects occur naturally. For example, a random object being considered may be a random connected graph, a random boundeddegreegraph, or a random errorcorrecting code with good distance. A pseudorandom implementation of such type T objects must generate objects of type T that can not be distinguished from random ones, rather than objects that can not be distinguished from type T objects (although they are not type T at all).
Comments on search procedures for primitive roots
 Math.Comp.66
, 1997
"... Abstract. Let p be an odd prime. Assuming the Extended Riemann Hypothesis, we show how to construct O((log p) 4 (log log p) −3) residues modulo p, one of which must be a primitive root, in deterministic polynomial time. Granting some wellknown character sum bounds, the proof is elementary, leading ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Abstract. Let p be an odd prime. Assuming the Extended Riemann Hypothesis, we show how to construct O((log p) 4 (log log p) −3) residues modulo p, one of which must be a primitive root, in deterministic polynomial time. Granting some wellknown character sum bounds, the proof is elementary, leading to an explicit algorithm. 1.