Results 11  20
of
54
Efficient blind signatures without random oracles
 In Carlo Blundo and Stelvio Cimato, editors, SCN 2004
, 2004
"... Abstract. The only known blind signature scheme that is secure in the standard model [20] is based on general results about multiparty computation, and thus it is extremely inefficient. The main result of this paper is the first provably secure blind signature scheme which is also efficient. We dev ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The only known blind signature scheme that is secure in the standard model [20] is based on general results about multiparty computation, and thus it is extremely inefficient. The main result of this paper is the first provably secure blind signature scheme which is also efficient. We develop our construction as follows. In the first step, which is a significant result on its own, we devise and prove the security of a new variant for the CramerShoupFischlin signature scheme. We are able to show that for generating signatures, instead of using randomly chosen prime exponents one can securely use randomly chosen odd integer exponents which significantly simplifies the signature generating process. We obtain our blind signing function as a secure and efficient twoparty computation that cleverly exploits its algebraic properties and those of the Paillier encryption scheme. The security of the resulting signing protocol relies on the Strong RSA assumption and the hardness of decisional composite residuosity; we stress that it does not rely on the existence of random oracles. 1
Factorization of the tenth and eleventh Fermat numbers
, 1996
"... . We describe the complete factorization of the tenth and eleventh Fermat numbers. The tenth Fermat number is a product of four prime factors with 8, 10, 40 and 252 decimal digits. The eleventh Fermat number is a product of five prime factors with 6, 6, 21, 22 and 564 decimal digits. We also note a ..."
Abstract

Cited by 17 (8 self)
 Add to MetaCart
(Show Context)
. We describe the complete factorization of the tenth and eleventh Fermat numbers. The tenth Fermat number is a product of four prime factors with 8, 10, 40 and 252 decimal digits. The eleventh Fermat number is a product of five prime factors with 6, 6, 21, 22 and 564 decimal digits. We also note a new 27decimal digit factor of the thirteenth Fermat number. This number has four known prime factors and a 2391decimal digit composite factor. All the new factors reported here were found by the elliptic curve method (ECM). The 40digit factor of the tenth Fermat number was found after about 140 Mflopyears of computation. We discuss aspects of the practical implementation of ECM, including the use of specialpurpose hardware, and note several other large factors found recently by ECM. 1. Introduction For a nonnegative integer n, the nth Fermat number is F n = 2 2 n + 1. It is known that F n is prime for 0 n 4, and composite for 5 n 23. Also, for n 2, the factors of F n are of th...
On the asymptotic distribution of large prime factors
 J. London Math. Soc
, 1993
"... A random integer N, drawn uniformly from the set {1,2,..., n), has a prime factorization of the form N = a1a2...aM where ax ^ a2>... ^ aM. We establish the asymptotic distribution, as «» • oo, of the vector A(«) = (loga,/logiV: i:> 1) in a transparent manner. By randomly reordering the comp ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
(Show Context)
A random integer N, drawn uniformly from the set {1,2,..., n), has a prime factorization of the form N = a1a2...aM where ax ^ a2>... ^ aM. We establish the asymptotic distribution, as «» • oo, of the vector A(«) = (loga,/logiV: i:> 1) in a transparent manner. By randomly reordering the components of A(«), in a sizebiased manner, we obtain a new vector B(n) whose asymptotic distribution is the GEM distribution with parameter 1; this is a distribution on the infinitedimensional simplex of vectors (xv x2,...) having nonnegative components with unit sum. Using a standard continuity argument, this entails the weak convergence of A(/i) to the corresponding PoissonDirichlet distribution on this simplex; this result was obtained by Billingsley [3]. 1.
The Complete Analysis of a Polynomial Factorization Algorithm Over Finite Fields
, 2001
"... This paper derives basic probabilistic properties of random polynomials over finite fields that are of interest in the study of polynomial factorization algorithms. We show that the main characteristics of random polynomial can be treated systematically by methods of "analytic combinatorics&quo ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
This paper derives basic probabilistic properties of random polynomials over finite fields that are of interest in the study of polynomial factorization algorithms. We show that the main characteristics of random polynomial can be treated systematically by methods of "analytic combinatorics" based on the combined use of generating functions and of singularity analysis. Our object of study is the classical factorization chain which is described in Fig. 1 and which, despite its simplicity, does not appear to have been totally analysed so far. In this paper, we provide a complete averagecase analysis.
An analytic approach to smooth polynomials over finite fields
 in Algorithmic Number Theory: Third Intern. Symp., ANTSIII
, 1998
"... Abstract. We consider the largest degrees that occur in the decomposition of polynomials over finite fields into irreducible factors. We expand the range of applicability of the Dickman function as an approximation for the number of smooth polynomials, which provides precise estimates for the discr ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We consider the largest degrees that occur in the decomposition of polynomials over finite fields into irreducible factors. We expand the range of applicability of the Dickman function as an approximation for the number of smooth polynomials, which provides precise estimates for the discrete logarithm problem. In addition, we characterize the distribution of the two largest degrees of irreducible factors, a problem relevant to polynomial factorization. As opposed to most earlier treatments, our methods are based on a combination of exact descriptions by generating functions and a specific complex asymptotic method. 1
The PoissonDirichlet Distribution And Its Relatives Revisited
, 2001
"... The PoissonDirichlet distribution and its marginals are studied, in particular the largest component, that is Dickman's distribution. Sizebiased sampling and the GEM distribution are considered. Ewens sampling formula and random permutations, generated by the Chinese restaurant process, are a ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
The PoissonDirichlet distribution and its marginals are studied, in particular the largest component, that is Dickman's distribution. Sizebiased sampling and the GEM distribution are considered. Ewens sampling formula and random permutations, generated by the Chinese restaurant process, are also investigated. The used methods are elementary and based on properties of the finitedimensional Dirichlet distribution. Keywords: Chinese restaurant process; Dickman's function; Ewens sampling formula; GEM distribution; Hoppe's urn; random permutations; residual allocation models; sizebiased sampling ams 1991 subject classification: primary 60g57 secondary 60c05, 60k99 Running title: The PoissonDirichlet distribution revisited 1
Security analysis of the GennaroHaleviRabin signature scheme
 IN PROCEEDINGS OF EUROCRYPT 2000
, 2000
"... We exhibit an attack against a signature scheme recently proposed by Gennaro, Halevi and Rabin [9]. The scheme’s security is based on two assumptions namely the strong RSA assumption and the existence of a divisionintractable hashfunction. For the latter, the authors conjectured a security level ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
We exhibit an attack against a signature scheme recently proposed by Gennaro, Halevi and Rabin [9]. The scheme’s security is based on two assumptions namely the strong RSA assumption and the existence of a divisionintractable hashfunction. For the latter, the authors conjectured a security level exponential in the hashfunction’s digest size whereas our attack is subexponential with respect to the digest size. Moreover, since the new attack is optimal, the length of the hash function can now be rigorously fixed. In particular, to get a security level equivalent to 1024bit RSA, one should use a digest size of approximately 1024 bits instead of the 512 bits suggested in [9].
Integers, without large prime factors, in arithmetic progressions, II
"... : We show that, for any fixed " ? 0, there are asymptotically the same number of integers up to x, that are composed only of primes y, in each arithmetic progression (mod q), provided that y q 1+" and log x=log q ! 1 as y ! 1: this improves on previous estimates. y An Alfred P. Sloan R ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
: We show that, for any fixed " ? 0, there are asymptotically the same number of integers up to x, that are composed only of primes y, in each arithmetic progression (mod q), provided that y q 1+" and log x=log q ! 1 as y ! 1: this improves on previous estimates. y An Alfred P. Sloan Research Fellow. Supported, in part, by the National Science Foundation Integers, without large prime factors, in arithmetic progressions, II Andrew Granville 1. Introduction. The study of the distribution of integers with only small prime factors arises naturally in many areas of number theory; for example, in the study of large gaps between prime numbers, of values of character sums, of Fermat's Last Theorem, of the multiplicative group of integers modulo m, of Sunit equations, of Waring's problem, and of primality testing and factoring algorithms. For over sixty years this subject has received quite a lot of attention from analytic number theorists and we have recently begun to attain a very pre...
The PoissonDirichlet distribution and the scaleinvariant Poisson process
 COMBIN. PROBAB. COMPUT
, 1999
"... We show that the Poisson–Dirichlet distribution is the distribution of points in a scaleinvariant Poisson process, conditioned on the event that the sum T of the locations of the points in (0,1] is 1. This extends to a similar result, rescaling the locations by T, and conditioning on the event that ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
We show that the Poisson–Dirichlet distribution is the distribution of points in a scaleinvariant Poisson process, conditioned on the event that the sum T of the locations of the points in (0,1] is 1. This extends to a similar result, rescaling the locations by T, and conditioning on the event that T � 1. Restricting both processes to (0,β] for 0 <β � 1, we give an explicit formula for the total variation distance between their distributions. Connections between various representations of the Poisson–Dirichlet process are discussed.
Order computations in generic groups
 PHD THESIS MIT, SUBMITTED JUNE 2007. RESOURCES
, 2007
"... ..."