Results 1  10
of
20
The NPcompleteness column: an ongoing guide
 JOURNAL OF ALGORITHMS
, 1987
"... This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NPCompleteness," W. H. Freem ..."
Abstract

Cited by 242 (0 self)
 Add to MetaCart
This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NPCompleteness," W. H. Freeman & Co., New York, 1979 (hereinafter referred to as "[G&J]"; previous columns will be referred to by their dates). A background equivalent to that provided by [G&J] is assumed, and, when appropriate, crossreferences will be given to that book and the list of problems (NPcomplete and harder) presented there. Readers who have results they would like mentioned (NPhardness, PSPACEhardness, polynomialtimesolvability, etc.) or open problems they would like publicized, should
Factorization of a 768bit RSA modulus
, 2010
"... This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA. ..."
Abstract

Cited by 38 (13 self)
 Add to MetaCart
(Show Context)
This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA.
Parity Check Matrices and Product Representations of Squares
"... Let NF(n, k, r) denote the maximum number of columns in an nrow matrix with entries ina finite field F in which each column has at most r nonzero entries and every k columns arelinearly independent over F. We obtain nearoptimal upper bounds for NF(n, k, r) in the case k> r. Namely, we show tha ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
Let NF(n, k, r) denote the maximum number of columns in an nrow matrix with entries ina finite field F in which each column has at most r nonzero entries and every k columns arelinearly independent over F. We obtain nearoptimal upper bounds for NF(n, k, r) in the case k> r. Namely, we show that NF(n, k, r) # n r2 + cr k where c ij 43 for large k. Our method is based on a novel reduction of the problem to the extremal problem for cycles in graphs, and yields a fast algorithm for finding short linear dependences. We present additional applications of this method to problems in extremal hypergraph theory and combinatorial number theory.
Running time predictions for factoring algorithms
 Algorithmic Number Theory, ANTS VIII, Banff, Springer LNCS 5011
, 2008
"... Partiellement soutenu par une bourse de la Conseil de recherches en sciences naturelles et en génie du Canada. 3 Supported in part by NSF Grant DMS0103635. In 1994, Carl Pomerance proposed the following problem: Select integers a1, a2,..., aJ at random from the interval [1, x], stopping when some ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Partiellement soutenu par une bourse de la Conseil de recherches en sciences naturelles et en génie du Canada. 3 Supported in part by NSF Grant DMS0103635. In 1994, Carl Pomerance proposed the following problem: Select integers a1, a2,..., aJ at random from the interval [1, x], stopping when some (nonempty) subsequence, {ai: i ∈ I} where I ⊆ {1, 2,..., J}, has a square product (that is ∏ i∈I ai ∈ Z2). What can we say about the possible stopping times, J? A 1985 algorithm of Schroeppel can be used to show that this process stops after selecting (1 + ɛ)J0(x) integers aj with probability 1 − o(1) (where the function J0(x) is given explicitly in (1) below). Schroeppel’s algorithm actually finds the square product, and this has subsequently been adopted, with relatively minor modifications, by all factorers. In 1994 Pomerance showed that, with probability 1−o(1), the
On the instantiability of hashandsign rsa signatures
 In TCC
, 2012
"... The hashandsign RSA signature is one of the most elegant and well known signatures schemes, extensively used in a wide variety of cryptographic applications. Unfortunately, the only existing analysis of this popular signature scheme is in the random oracle model, where the resulting idealized sign ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
The hashandsign RSA signature is one of the most elegant and well known signatures schemes, extensively used in a wide variety of cryptographic applications. Unfortunately, the only existing analysis of this popular signature scheme is in the random oracle model, where the resulting idealized signature is known as the RSA Full Domain Hash signature scheme (RSAFDH). In fact, prior work has shown several “uninstantiability ” results for various abstractions of RSAFDH, where the RSA function was replaced by a family of trapdoor random permutations, or the hash function instantiating the random oracle could not be keyed. These abstractions, however, do not allow the reduction and the hash function instantiation to use the algebraic properties of RSA function, such as the multiplicative group structure of Z ∗ n. In contrast, the multiplicative property of the RSA function is critically used in many standard model analyses of various RSAbased schemes. Motivated by closing this gap, we consider the setting where the RSA function representation is generic (i.e., blackbox) but multiplicative, whereas the hash function itself is in the standard model, and can be keyed and exploit the multiplicative properties of the RSA function. This
The Magic Words Are Squeamish Ossifrage (Extended Abstract)
"... We describe the computation which resulted in the title of this paper. Furthermore, we give an analysis of the data collected during this computation. From these data, we derive the important observation that in the final stages, the progress of the double large prime variation of the quadratic siev ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We describe the computation which resulted in the title of this paper. Furthermore, we give an analysis of the data collected during this computation. From these data, we derive the important observation that in the final stages, the progress of the double large prime variation of the quadratic sieve integer factoring algorithm can more effectively be approximated by a quartic function of the time spent, than by the more familiar quadratic function. We also present, as an update to [15], some of our experiences with the management of a large computation distributed over the Internet. Based on this experience, we give some realistic estimates of the current readily available computational power of the Internet. We conclude that commonlyused 512bit RSA moduli are vulnerable to any organization prepared to spend a few million dollars and to wait a few months.
Application of BioInspired Algorithm to the Problem of Integer Factorisation
 International Journal of BioInspired Computation (IJBIC
"... integer factorisation ..."
(Show Context)
Computational Methods in Public Key Cryptology
, 2002
"... These notes informally review the most common methods from computational number theory that have applications in public key cryptology. ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
These notes informally review the most common methods from computational number theory that have applications in public key cryptology.