Results 1  10
of
16
The NPcompleteness column: an ongoing guide
 Journal of Algorithms
, 1985
"... This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book ‘‘Computers and Intractability: A Guide to the Theory of NPCompleteness,’ ’ W. H. Freeman & ..."
Abstract

Cited by 190 (0 self)
 Add to MetaCart
This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book ‘‘Computers and Intractability: A Guide to the Theory of NPCompleteness,’ ’ W. H. Freeman & Co., New York, 1979 (hereinafter referred to as ‘‘[G&J]’’; previous columns will be referred to by their dates). A background equivalent to that provided by [G&J] is assumed, and, when appropriate, crossreferences will be given to that book and the list of problems (NPcomplete and harder) presented there. Readers who have results they would like mentioned (NPhardness, PSPACEhardness, polynomialtimesolvability, etc.) or open problems they would like publicized, should
Factorization of a 768bit RSA modulus
, 2010
"... This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA. ..."
Abstract

Cited by 23 (6 self)
 Add to MetaCart
This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA.
Parity Check Matrices and Product Representations of Squares
"... Let NF(n, k, r) denote the maximum number of columns in an nrow matrix with entries ina finite field F in which each column has at most r nonzero entries and every k columns arelinearly independent over F. We obtain nearoptimal upper bounds for NF(n, k, r) in the case k> r. Namely, we show tha ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Let NF(n, k, r) denote the maximum number of columns in an nrow matrix with entries ina finite field F in which each column has at most r nonzero entries and every k columns arelinearly independent over F. We obtain nearoptimal upper bounds for NF(n, k, r) in the case k> r. Namely, we show that NF(n, k, r) # n r2 + cr k where c ij 43 for large k. Our method is based on a novel reduction of the problem to the extremal problem for cycles in graphs, and yields a fast algorithm for finding short linear dependences. We present additional applications of this method to problems in extremal hypergraph theory and combinatorial number theory.
Running time predictions for factoring algorithms
 Algorithmic Number Theory, ANTS VIII, Banff, Springer LNCS 5011
, 2008
"... Partiellement soutenu par une bourse de la Conseil de recherches en sciences naturelles et en génie du Canada. 3 Supported in part by NSF Grant DMS0103635. In 1994, Carl Pomerance proposed the following problem: Select integers a1, a2,..., aJ at random from the interval [1, x], stopping when some ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Partiellement soutenu par une bourse de la Conseil de recherches en sciences naturelles et en génie du Canada. 3 Supported in part by NSF Grant DMS0103635. In 1994, Carl Pomerance proposed the following problem: Select integers a1, a2,..., aJ at random from the interval [1, x], stopping when some (nonempty) subsequence, {ai: i ∈ I} where I ⊆ {1, 2,..., J}, has a square product (that is ∏ i∈I ai ∈ Z2). What can we say about the possible stopping times, J? A 1985 algorithm of Schroeppel can be used to show that this process stops after selecting (1 + ɛ)J0(x) integers aj with probability 1 − o(1) (where the function J0(x) is given explicitly in (1) below). Schroeppel’s algorithm actually finds the square product, and this has subsequently been adopted, with relatively minor modifications, by all factorers. In 1994 Pomerance showed that, with probability 1−o(1), the
The Magic Words Are Squeamish Ossifrage (Extended Abstract)
"... We describe the computation which resulted in the title of this paper. Furthermore, we give an analysis of the data collected during this computation. From these data, we derive the important observation that in the final stages, the progress of the double large prime variation of the quadratic siev ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We describe the computation which resulted in the title of this paper. Furthermore, we give an analysis of the data collected during this computation. From these data, we derive the important observation that in the final stages, the progress of the double large prime variation of the quadratic sieve integer factoring algorithm can more effectively be approximated by a quartic function of the time spent, than by the more familiar quadratic function. We also present, as an update to [15], some of our experiences with the management of a large computation distributed over the Internet. Based on this experience, we give some realistic estimates of the current readily available computational power of the Internet. We conclude that commonlyused 512bit RSA moduli are vulnerable to any organization prepared to spend a few million dollars and to wait a few months.
Sharp Transitions in Making Squares
, 2006
"... In many integer factoring algorithms, one produces a sequence of integers (created in a pseudorandom way), and wishes to determine a subsequence whose product is a square. A good model for how this sequence is generated is the following process introduced by Pomerance in his 1994 invited ICM lectur ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
In many integer factoring algorithms, one produces a sequence of integers (created in a pseudorandom way), and wishes to determine a subsequence whose product is a square. A good model for how this sequence is generated is the following process introduced by Pomerance in his 1994 invited ICM lecture: Select integers a1, a2,..., at random from the interval [1, x], until some subsequence products to a square. Estimating the expected stopping time of this process turns out to be a central problem in developing heuristic running time estimates for integer factoring algorithms. Also, if one knows how long the other parts of the algorithm take, one can use such stopping time estimates to determine the optimal choice of algorithm parameters that minimizes the running time. Here we determine this expected stopping time up to a constant factor, which improves previous estimates due to Pomerance (1994) and Schroeppel (1985), who showed that this stopping time lies in an interval [y0, y 1+o(1) 0], for an appropriate y0 = y0(x). Thus our result significantly tightens this interval to [y0, cy0], for a small positive constant c, and comes close to proving a sharp threshold for the montone property of having a square dependence in a random sequence of integers. Our proof uses the first and second moment methods and analytical estimates on smooth numbers.
Computational Methods in Public Key Cryptology
, 2002
"... These notes informally review the most common methods from computational number theory that have applications in public key cryptology. ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
These notes informally review the most common methods from computational number theory that have applications in public key cryptology.
On the instantiability of hashandsign rsa signatures
 In TCC
, 2012
"... The hashandsign RSA signature is one of the most elegant and well known signatures schemes, extensively used in a wide variety of cryptographic applications. Unfortunately, the only existing analysis of this popular signature scheme is in the random oracle model, where the resulting idealized sign ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
The hashandsign RSA signature is one of the most elegant and well known signatures schemes, extensively used in a wide variety of cryptographic applications. Unfortunately, the only existing analysis of this popular signature scheme is in the random oracle model, where the resulting idealized signature is known as the RSA Full Domain Hash signature scheme (RSAFDH). In fact, prior work has shown several “uninstantiability ” results for various abstractions of RSAFDH, where the RSA function was replaced by a family of trapdoor random permutations, or the hash function instantiating the random oracle could not be keyed. These abstractions, however, do not allow the reduction and the hash function instantiation to use the algebraic properties of RSA function, such as the multiplicative group structure of Z ∗ n. In contrast, the multiplicative property of the RSA function is critically used in many standard model analyses of various RSAbased schemes. Motivated by closing this gap, we consider the setting where the RSA function representation is generic (i.e., blackbox) but multiplicative, whereas the hash function itself is in the standard model, and can be keyed and exploit the multiplicative properties of the RSA function. This
James Nechvatal Security Technology Group PUBLICKEY CRYPTOGRAPHY
, 1991
"... This publication presents a stateoftheart survey of publickey cryptography circa 1988 1990. In doing so, it covers a number of different topics including: 1. The theory of publickey cryptography. 2. Comparisons to conventional (secretkey) cryptography. 3. A largely selfcontained summary of r ..."
Abstract
 Add to MetaCart
This publication presents a stateoftheart survey of publickey cryptography circa 1988 1990. In doing so, it covers a number of different topics including: 1. The theory of publickey cryptography. 2. Comparisons to conventional (secretkey) cryptography. 3. A largely selfcontained summary of relevant mathematics. 4. A survey of major existing publickey systems. 5. An exploration of digital signatures and hash functions. 6. A survey of publickey implementations in networks. 7. An introduction to zeroknowledge protocols and probabilistic encryption. 8. An exploration of security issues and key sizes. The treatment of publickey cryptography in this publication includes both theory and practice. Much of the existing published work, including those documents listed in the references, treats