Results 1  10
of
13
The NPcompleteness column: an ongoing guide
 Journal of Algorithms
, 1985
"... This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book ‘‘Computers and Intractability: A Guide to the Theory of NPCompleteness,’ ’ W. H. Freeman & Co ..."
Abstract

Cited by 189 (0 self)
 Add to MetaCart
This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book ‘‘Computers and Intractability: A Guide to the Theory of NPCompleteness,’ ’ W. H. Freeman & Co., New York, 1979 (hereinafter referred to as ‘‘[G&J]’’; previous columns will be referred to by their dates). A background equivalent to that provided by [G&J] is assumed, and, when appropriate, crossreferences will be given to that book and the list of problems (NPcomplete and harder) presented there. Readers who have results they would like mentioned (NPhardness, PSPACEhardness, polynomialtimesolvability, etc.) or open problems they would like publicized, should
Factorization of a 768bit RSA modulus
, 2010
"... This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA. ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA.
Parity Check Matrices and Product Representations of Squares
"... Let NF(n, k, r) denote the maximum number of columns in an nrow matrix with entries ina finite field F in which each column has at most r nonzero entries and every k columns arelinearly independent over F. We obtain nearoptimal upper bounds for NF(n, k, r) in the case k> r. Namely, we show that N ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Let NF(n, k, r) denote the maximum number of columns in an nrow matrix with entries ina finite field F in which each column has at most r nonzero entries and every k columns arelinearly independent over F. We obtain nearoptimal upper bounds for NF(n, k, r) in the case k> r. Namely, we show that NF(n, k, r) # n r2 + cr k where c ij 43 for large k. Our method is based on a novel reduction of the problem to the extremal problem for cycles in graphs, and yields a fast algorithm for finding short linear dependences. We present additional applications of this method to problems in extremal hypergraph theory and combinatorial number theory.
The Magic Words Are Squeamish Ossifrage (Extended Abstract)
"... We describe the computation which resulted in the title of this paper. Furthermore, we give an analysis of the data collected during this computation. From these data, we derive the important observation that in the final stages, the progress of the double large prime variation of the quadratic siev ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We describe the computation which resulted in the title of this paper. Furthermore, we give an analysis of the data collected during this computation. From these data, we derive the important observation that in the final stages, the progress of the double large prime variation of the quadratic sieve integer factoring algorithm can more effectively be approximated by a quartic function of the time spent, than by the more familiar quadratic function. We also present, as an update to [15], some of our experiences with the management of a large computation distributed over the Internet. Based on this experience, we give some realistic estimates of the current readily available computational power of the Internet. We conclude that commonlyused 512bit RSA moduli are vulnerable to any organization prepared to spend a few million dollars and to wait a few months.
Running time predictions for factoring algorithms
 Algorithmic Number Theory, ANTS VIII, Banff, Springer LNCS 5011
, 2008
"... Partiellement soutenu par une bourse de la Conseil de recherches en sciences naturelles et en génie du Canada. 3 Supported in part by NSF Grant DMS0103635. In 1994, Carl Pomerance proposed the following problem: Select integers a1, a2,..., aJ at random from the interval [1, x], stopping when some ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Partiellement soutenu par une bourse de la Conseil de recherches en sciences naturelles et en génie du Canada. 3 Supported in part by NSF Grant DMS0103635. In 1994, Carl Pomerance proposed the following problem: Select integers a1, a2,..., aJ at random from the interval [1, x], stopping when some (nonempty) subsequence, {ai: i ∈ I} where I ⊆ {1, 2,..., J}, has a square product (that is ∏ i∈I ai ∈ Z2). What can we say about the possible stopping times, J? A 1985 algorithm of Schroeppel can be used to show that this process stops after selecting (1 + ɛ)J0(x) integers aj with probability 1 − o(1) (where the function J0(x) is given explicitly in (1) below). Schroeppel’s algorithm actually finds the square product, and this has subsequently been adopted, with relatively minor modifications, by all factorers. In 1994 Pomerance showed that, with probability 1−o(1), the
ECC: Do We Need to Count?
, 1999
"... A prohibitive barrier faced by elliptic curve users is the difficulty of computing the curves' cardinalities. Despite recent theoretical breakthroughs, point counting still remains very cumbersome and intensively time consuming. ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
A prohibitive barrier faced by elliptic curve users is the difficulty of computing the curves' cardinalities. Despite recent theoretical breakthroughs, point counting still remains very cumbersome and intensively time consuming.
Sharp Transitions in Making Squares
, 2006
"... In many integer factoring algorithms, one produces a sequence of integers (created in a pseudorandom way), and wishes to determine a subsequence whose product is a square. A good model for how this sequence is generated is the following process introduced by Pomerance in his 1994 invited ICM lectur ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
In many integer factoring algorithms, one produces a sequence of integers (created in a pseudorandom way), and wishes to determine a subsequence whose product is a square. A good model for how this sequence is generated is the following process introduced by Pomerance in his 1994 invited ICM lecture: Select integers a1, a2,..., at random from the interval [1, x], until some subsequence products to a square. Estimating the expected stopping time of this process turns out to be a central problem in developing heuristic running time estimates for integer factoring algorithms. Also, if one knows how long the other parts of the algorithm take, one can use such stopping time estimates to determine the optimal choice of algorithm parameters that minimizes the running time. Here we determine this expected stopping time up to a constant factor, which improves previous estimates due to Pomerance (1994) and Schroeppel (1985), who showed that this stopping time lies in an interval [y0, y 1+o(1) 0], for an appropriate y0 = y0(x). Thus our result significantly tightens this interval to [y0, cy0], for a small positive constant c, and comes close to proving a sharp threshold for the montone property of having a square dependence in a random sequence of integers. Our proof uses the first and second moment methods and analytical estimates on smooth numbers.
Computational Methods in Public Key Cryptology
, 2002
"... These notes informally review the most common methods from computational number theory that have applications in public key cryptology. ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
These notes informally review the most common methods from computational number theory that have applications in public key cryptology.
Enjeux Et Avancées De La Théorie Algorithmique Des Nombres
, 1992
"... Introduction L'apparition des syst`emes de chiffrement `a clefs publiques de fa¸con g'en'erale [DH76], et du syst`eme de chiffrement RSA en particulier [ARS78], a caus'e un regain d'int'eret pour la th'eorie des nombres et en particulier l'arithm'etique dans ses aspects calculatoires. Pour r'epondr ..."
Abstract
 Add to MetaCart
Introduction L'apparition des syst`emes de chiffrement `a clefs publiques de fa¸con g'en'erale [DH76], et du syst`eme de chiffrement RSA en particulier [ARS78], a caus'e un regain d'int'eret pour la th'eorie des nombres et en particulier l'arithm'etique dans ses aspects calculatoires. Pour r'epondre `a des questions aussi simples que celles concernant la d'ecomposition des nombres en facteurs premiers, il a fallu donner des r'eponses algorithmiques prenant en compte la faisabilit'e des calculs ainsi que le temps imparti pour donner une r'eponse satisfaisante. Cela a provoqu'e l'essor de la th'eorie algorithmique des nombres. Cet expos'e est destin'e `a mettre en lumi`ere les progr`es accomplis depuis une dizaine d'ann'ees dans les domaines de la primalit'e des entiers (comment peuton prouver qu'un entier de quelques centaines de chiffres d'ecimaux est premier) ; factorisation des entiers (quels sont les facteurs d'un nombre qui n'est pas premier) ; logarithme