Results 1  10
of
23
The complexity of class polynomial computation via floating point approximations. ArXiv preprint
, 601
"... Abstract. We analyse the complexity of computing class polynomials, that are an important ingredient for CM constructions of elliptic curves, via complex floating point approximations of their roots. The heart of the algorithm is the evaluation of modular functions in several arguments. The fastest ..."
Abstract

Cited by 38 (5 self)
 Add to MetaCart
Abstract. We analyse the complexity of computing class polynomials, that are an important ingredient for CM constructions of elliptic curves, via complex floating point approximations of their roots. The heart of the algorithm is the evaluation of modular functions in several arguments. The fastest one of the presented approaches uses a technique devised by Dupont to evaluate modular functions by Newton iterations on an expression involving the arithmeticgeometric mean. Under the heuristic assumption, justified by experiments, that the correctness of the result is not perturbed by rounding errors, the algorithm runs in time “p “p ”” 3 2 O Dlog D  M Dlog D  ⊆ O ` Dlog 6+ε D  ´ ⊆ O ` h 2+ε´ for any ε> 0, where D is the CM discriminant, h is the degree of the class polynomial and M(n) is the time needed to multiply two nbit numbers. Up to logarithmic factors, this running time matches the size of the constructed polynomials. The estimate also relies on a new result concerning the complexity of enumerating the class group of an imaginary quadratic order and on a rigorously proven upper bound for the height of class polynomials. 1. Motivation and
Attacking and fixing helios: An analysis of ballot secrecy
, 2010
"... Helios 2.0 is an opensource webbased endtoend verifiable electronic voting system, suitable for use in lowcoercion environments. In this paper, we analyse ballot secrecy and discover a vulnerability which allows an adversary to compromise the privacy of voters. This vulnerability has been success ..."
Abstract

Cited by 35 (15 self)
 Add to MetaCart
Helios 2.0 is an opensource webbased endtoend verifiable electronic voting system, suitable for use in lowcoercion environments. In this paper, we analyse ballot secrecy and discover a vulnerability which allows an adversary to compromise the privacy of voters. This vulnerability has been successfully exploited to break privacy in a mock election using the current Helios implementation. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a real threat to ballot secrecy in such settings. Finally, we present a fix and show that our solution satisfies a formal definition of ballot secrecy using the applied pi calculus.
Finding Smooth Integers in Short Intervals Using CRT Decoding
 Proceedings of the 32nd Annual ACM Symposium on Theory of Computing
, 2000
"... this paper we study this analogy for a classic polynomial interpolation problem known as decoding of ReedSolomon codes. The problem reduces to the following question: given n pairs (x i ; y i ) 2 F q , for which the x i 's are distinct, nd all polynomials f 2 F q [x] of degree at most k s ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
this paper we study this analogy for a classic polynomial interpolation problem known as decoding of ReedSolomon codes. The problem reduces to the following question: given n pairs (x i ; y i ) 2 F q , for which the x i 's are distinct, nd all polynomials f 2 F q [x] of degree at most k such that y i = f(x i ) for all but e values of i 2 f1; : : : ; ng. It is easy to see that when e < (n k)=2 the solution is unique. The solution can be eciently found using a classic algorithm due to Berlekamp and Massey (see [2, 19] for a description). Surprisingly, it is possible to decode beyond the BerlekampMassey bound, however the solution is no longer unique. In a recent seminal work Guruswami and Sudan [22, 12] show that as long as e < n kn it is possible to eciently recover a list of all polynomials f satisfying y i = f(x i ) for all but e values. This decoding problem is known as the list decoding problem for ReedSolomon codes
A Decision Procedure For Unitary Linear Quantum Cellular Automata
 Proceedings of the 37th IEEE Symposium on Foundations of Computer Science
, 1999
"... Linear quantum cellular automata were introduced recently as one of the models of quantum computing. A basic postulate of quantum mechanics imposes a strong constraint on any quantum machine: it has to be unitary, that is its time evolution operator has to be a unitary transformation. In this pap ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
Linear quantum cellular automata were introduced recently as one of the models of quantum computing. A basic postulate of quantum mechanics imposes a strong constraint on any quantum machine: it has to be unitary, that is its time evolution operator has to be a unitary transformation. In this paper we give an efficient algorithm to decide if a linear quantum cellular automaton is unitary. The complexity of the algorithm is O(n ) in the algebraic computational model if the automaton has a continuous neighborhood of size r, where n is the size of the input.
Games Computers Play: GameTheoretic Aspects of Computing
 In
, 1992
"... this article is on protocols allowing the wellfunctioning parts of such a large and complex system to carry out their work despite the failure of others. Many deep and interesting results on such problems have been discovered by computer scientists in recent years, the incorporation of which into g ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
(Show Context)
this article is on protocols allowing the wellfunctioning parts of such a large and complex system to carry out their work despite the failure of others. Many deep and interesting results on such problems have been discovered by computer scientists in recent years, the incorporation of which into game theory can greatly enrich this field
Answers To Frequently Asked Questions About Today's Cryptography
, 1993
"... this document, authentication will generally refer to the use of digital signatures, which play a function for digital documents similar to that played by handwritten signatures for printed documents: the signature is an unforgeable piece of data asserting that a named person wrote or otherwise agre ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
this document, authentication will generally refer to the use of digital signatures, which play a function for digital documents similar to that played by handwritten signatures for printed documents: the signature is an unforgeable piece of data asserting that a named person wrote or otherwise agreed to the document to which the signature is attached. The recipient, as well as a third party, can verify both that the document did indeed originate from the person whose signature is attached and that the document has not been altered since it was signed. A secure digital signature system thus consists of two parts: a method of signing a document such that forgery is infeasible, and a method of verifying that a signature was actually generated by whomever it represents. Furthermore, secure digital signatures cannot be repudiated; i.e., the signer of a document cannot later disown it by claiming it was forged.
Sieving in Function Fields
 Experimental Mathematics
, 1997
"... We present the first implementation of sieving techniques in the context of function fields. More precisely, we compute in class groups of quadratic congruence function fields by combining the Algorithm of Hafner and McCurley with sieving ideas known from factoring. We apply our methods to compute g ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
We present the first implementation of sieving techniques in the context of function fields. More precisely, we compute in class groups of quadratic congruence function fields by combining the Algorithm of Hafner and McCurley with sieving ideas known from factoring. We apply our methods to compute generators and relations of the Jacobian variety of hyperelliptic curves over finite fields. 1 Introduction Jacobian varieties of hyperelliptic curves over finite fields can be (under some condition) interpreted as class groups of imaginary quadratic congruence function fields; the algorithm of Hafner and McCurley [8] known to compute the class group of imaginary quadratic number fields and having subexponential running time in the size of the discriminant can be applied. This idea is realized (with a slight modification) in [1] by Adleman, DeMarrais and Huang who claim this algorithm to be of subexponential running time in the genus, believing in some heuristical evidence. An unconditional p...
Computing modular polynomials
 London Math. Soc., Journal of Computational Mathematics
, 2005
"... The ℓ th modular polynomial, φℓ(x,y), parameterizes pairs of elliptic curves with an isogeny of degree ℓ between them. Modular polynomials provide the defining equations for modular curves, and are useful in many different aspects of computational number theory and cryptography. For example, computa ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
(Show Context)
The ℓ th modular polynomial, φℓ(x,y), parameterizes pairs of elliptic curves with an isogeny of degree ℓ between them. Modular polynomials provide the defining equations for modular curves, and are useful in many different aspects of computational number theory and cryptography. For example, computations with modular polynomials have been used to speed elliptic curve pointcounting
On the Generation of Cryptographically Strong Elliptic Curves
, 1997
"... We discuss two methods for generating cryptographically strong elliptic curves defined over finite prime fields. The advantages and disadvantages of these algorithms are discussed and a practical comparison of the algorithms is given. ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
We discuss two methods for generating cryptographically strong elliptic curves defined over finite prime fields. The advantages and disadvantages of these algorithms are discussed and a practical comparison of the algorithms is given.