Results 1  10
of
15
Solving Large Sparse Linear Systems Over Finite Fields
, 1991
"... Many of the fast methods for factoring integers and computing discrete logarithms require the solution of large sparse linear systems of equations over finite fields. This paper presents the results of implementations of several linear algebra algorithms. It shows that very large sparse systems can ..."
Abstract

Cited by 83 (3 self)
 Add to MetaCart
(Show Context)
Many of the fast methods for factoring integers and computing discrete logarithms require the solution of large sparse linear systems of equations over finite fields. This paper presents the results of implementations of several linear algebra algorithms. It shows that very large sparse systems can be solved efficiently by using combinations of structured Gaussian elimination and the conjugate gradient, Lanczos, and Wiedemann methods. 1. Introduction Factoring integers and computing discrete logarithms often requires solving large systems of linear equations over finite fields. General surveys of these areas are presented in [14, 17, 19]. So far there have been few implementations of discrete logarithm algorithms, but many of integer factoring methods. Some of the published results have involved solving systems of over 6 \Theta 10 4 equations in more than 6 \Theta 10 4 variables [12]. In factoring, equations have had to be solved over the field GF (2). In that situation, ordinary...
Feedback shift registers, 2adic span, and combiners with memory
 Journal of Cryptology
, 1997
"... Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presen ..."
Abstract

Cited by 54 (7 self)
 Add to MetaCart
(Show Context)
Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presented, including a synthesis algorithm (analogous to the BerlekampMassey algorithm for LFSR’s) which, for any pseudorandom sequence, constructs the smallest FCSR which will generate the sequence. These techniques are used to attack the summation cipher. This analysis gives a unified approach to the study of pseudorandom sequences, arithmetic codes, combiners with memory, and the MarsagliaZaman random number generator. Possible variations on the FCSR architecture are indicated at the end. Index Terms – Binary sequence, shift register, stream cipher, combiner with memory, cryptanalysis, 2adic numbers, arithmetic code, 1/q sequence, linear span. 1
Shiftregister synthesis (modulo m)
 SIAM J. Computing
, 1985
"... The BerlekampMassey algorithm takes a sequence of elements from a field and finds the shortest linear recurrence (or linear feedback shift register) that can generate the sequence. In this paper we extend the algorithm to the case when the elements of the sequence are integers modulo m, where m is ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
(Show Context)
The BerlekampMassey algorithm takes a sequence of elements from a field and finds the shortest linear recurrence (or linear feedback shift register) that can generate the sequence. In this paper we extend the algorithm to the case when the elements of the sequence are integers modulo m, where m is an arbitrary integer with known prime decomposition.
Some Aspects of Hankel Matrices in Coding Theory and Combinatorics
 J. Comb
, 2001
"... Hankel matrices consisting of Catalan numbers have been analyzed by various authors. DesainteCatherine and Viennot found their determinant to be # 1#i#j#k i+j+2n i+j and related them to the Bender  Knuth conjecture. The similar determinant formula # 1#i#j#k i+j1+2n i+j1 can be shown to ho ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
(Show Context)
Hankel matrices consisting of Catalan numbers have been analyzed by various authors. DesainteCatherine and Viennot found their determinant to be # 1#i#j#k i+j+2n i+j and related them to the Bender  Knuth conjecture. The similar determinant formula # 1#i#j#k i+j1+2n i+j1 can be shown to hold for Hankel matrices whose entries are successive middle binomial coe#cients # 2m+1 m # . Generalizing the Catalan numbers in a di#erent direction, it can be shown that determinants of Hankel matrices consisting of numbers 1 3m+1 # 3m+1 m # yield an alternate expression of two Mills  Robbins  Rumsey determinants important in the enumeration of plane partitions and alternating sign matrices. Hankel matrices with determinant 1 were studied by Aigner in the definition of Catalan  like numbers. The well  known relation of Hankel matrices to orthogonal polynomials further yields a combinatorial application of the famous Berlekamp  Massey algorithm in Coding Theory, which can be applied in order to calculate the coe#cients in the three  term recurrence of the family of orthogonal polynomials related to the sequence of Hankel matrices.
An algorithm for the kerror linear complexity of sequences over GF (p m ) with period p n , p a prime
 Information and Computation
, 1999
"... ..."
(Show Context)
On Shortest Linear Recurrences.
 J. Symbolic Computation
, 2001
"... This is an expository account of a constructive theorem on shortest linear recurrences over an arbitrary integral domain R. A generalisation of rational approximation, which we call 'realization', plays a key role throughout the paper. We also give the associated 'minimal realization& ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
This is an expository account of a constructive theorem on shortest linear recurrences over an arbitrary integral domain R. A generalisation of rational approximation, which we call 'realization', plays a key role throughout the paper. We also give the associated 'minimal realization' algorithm, which has a simple control structure and is divisionfree. It is easy to show that the number of Rmultiplications required is O(n 2 ), where n is the length of the input sequence. Our approach is algebraic and independent of any particular application. We view a linear recurring sequence as a torsion element in a natural R[X]module. The standard R[X]module of Laurent polynomials over R underlies our approach to finite sequences. The prerequisites are nominal and we use short Fibonacci sequences as running examples.
The BerlekampMassey Algorithm revisited
"... We propose a slight modification of the BerlekampMassey Algorithm for obtaining the minimal polynomial of a given linearly recurrent sequence. Such a modification enables to explain it in a simpler way and to adapt it to lazy evaluation. ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
We propose a slight modification of the BerlekampMassey Algorithm for obtaining the minimal polynomial of a given linearly recurrent sequence. Such a modification enables to explain it in a simpler way and to adapt it to lazy evaluation.
Efficient prediction of MarsagliaZaman random number generators
 IEEE Transactions on Information Theory
, 1993
"... Abstract—We show that the random number generator of Marsaglia and Zaman produces the successive digits of a rationaladic number. (Theadic number system generalizesadic numbers to an arbitrary integer base.) Using continued fractions, we derive an efficient prediction algorithm for this generator ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract—We show that the random number generator of Marsaglia and Zaman produces the successive digits of a rationaladic number. (Theadic number system generalizesadic numbers to an arbitrary integer base.) Using continued fractions, we derive an efficient prediction algorithm for this generator. Index Terms — Continued fractions, inductive inference,adic numbers, pseudorandom sequences.
On the Minimal Realizations of a Finite Sequence.
, 2001
"... We develop a theory of minimal realizations of a finite sequence over an integral domain R, from first principles. Our notion of a minimal realization is closely related to that of a linear recurring sequence and of a partial realization (as in Mathematical Systems Theory). From this theory, we deri ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We develop a theory of minimal realizations of a finite sequence over an integral domain R, from first principles. Our notion of a minimal realization is closely related to that of a linear recurring sequence and of a partial realization (as in Mathematical Systems Theory). From this theory, we derive Algorithm MR which computes a minimal realization of a sequence of L elements using at most L(5L + 1)=2 R{multiplications. We also characterize all minimal realizations of a given sequence in terms of the computed minimal realization. This algorithm computes the linear complexity of an R sequence, solves nonsingular linear systems over R (extending Wiedemann's method), computes the minimal polynomial of an Rmatrix, transfer/growth functions and symbolic Padé approximations. There are also a number of applications to Coding Theory. We thus provide a common framework for solving some wellknown problems in Systems Theory, Symbolic/Algebraic Computation and Coding Theory.
Cryptanalysis Based on . . .
, 1995
"... This paper presents a new algorithm for cryptanalytically attacking stream ciphers. There is an associated measure of security, the 2adac 8pan. In order for a stream cipher to be secure, its Zadic span must be large. This attack exposes a weakness of Rueppel and Massey's summation combiner. ..."
Abstract
 Add to MetaCart
This paper presents a new algorithm for cryptanalytically attacking stream ciphers. There is an associated measure of security, the 2adac 8pan. In order for a stream cipher to be secure, its Zadic span must be large. This attack exposes a weakness of Rueppel and Massey's summation combiner. The algorithm, based on De Weger and Mahler's rational approximation theory for 2adic numbers, synthesizes a shortest feedback with cam shaft qwter that outputs a particular key stream, given a small number of bits of the key stream. It is adaptive in that it does not neeed to know the number of available bits beforehand.