The two-parameter Poisson-Dirichlet distribution is a probability distribution on the totality of positive decreasing sequences with sum 1 and hence considered to govern masses of a random discrete distribution. A characterization of the associated point process (i.e., the random point process obtained by regarding the masses as points in the positive real line) is given in terms of the correlation functions. Relying on this, we apply the theory of point processes to reveal mathematical structure of the two-parameter Poisson-Dirichlet distribution. Also, developing the Laplace transform approach due to Pitman and Yor, we will be able to extend several results previously known for the one-parameter case, and the Markov-Krein identity for the generalized Dirichlet process is discussed from a point of view of functional analysis based on the twoparameter Poisson-Dirichlet distribution. 1

A prohibitive barrier faced by elliptic curve users is the difficulty of computing the curves' cardinalities. Despite recent theoretical breakthroughs, point counting still remains very cumbersome and intensively time consuming.

We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N 1/12) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over F p 2 and trace zero varieties over F p 3 with near-prime orders up to 372 bits in size. For p =2 61 − 1, the average time to find a group with 244-bit near-prime order is under an hour on a PC.

In this paper we prove a result for determining the number of integers without large prime factors lying in a given set S. We will apply it to give an easy proof that certain sufficiently dense sets A and B always produce the expected number of “smooth ” sums a + b, a ∈ A, b ∈ B. The proof of this result is completely combinatorial and elementary. 1

Abstract. We describe two different attacks against the iso/iec 9796-1 signature standard for RSA and Rabin. Both attacks consist in an existential forgery under a chosen-message attack: the attacker asks for the signature of some messages of his choice, and is then able to produce the signature of a message that was never signed by the legitimate signer. The first attack is a variant of Desmedt and Odlyzko’s attack and requires a few hundreds of signatures. The second attack is more powerful and requires only three signatures.

. It is not difficult to estimate the function /(x; y), which counts integers x, free of prime factors ? y, by "smooth" functions whenever y log 1=2 x or y is a fixed power of x. This can be extended to y ! log 3=4 x, and y ? log 2+" x under the assumption of the Riemann Hypothesis. The real difficulty lies when y is a fixed multiple of log x and, in this paper, we investigate the set of integers x, free of prime factors ? t log x, by estimating various functions related to /(x; t log x). 1. INTRODUCTION. Define S(x; y) to be the set of positive integers x, composed only of prime factors y. The cardinality of this set, /(x; y), is called the Dickman-De Bruijn function and has been extensively investigated by many authors (see [14] for a review). In this section we will give some well-known results about /(x; y) and sketch proofs of smooth asymptotic estimates when y ! log 1=2 x and when y is a fixed power of x. We also indicate how, in the literature, these have been ...

If n 2 2 is an integer, let p(n) denote the largest prime factor of IZ. For every x>Oandevery t,O~ttl,letA(x,t)denotethenumberof nix withP(n)rx’. A well-known result due to Dickmaa [4] and others is

Abstract. The paper describes a simple and fast randomized test for equality of grammar-compressed strings. The thorough running time analysis is done by applying a logarithmic cost measure. Keywords compression