this paper we study this analogy for a classic polynomial interpolation problem known as decoding of Reed-Solomon codes. The problem reduces to the following question: given n pairs (x i ; y i ) 2 F q , for which the x i 's are distinct, nd all polynomials f 2 F q [x] of degree at most k such that y i = f(x i ) for all but e values of i 2 f1; : : : ; ng. It is easy to see that when e < (n k)=2 the solution is unique. The solution can be eciently found using a classic algorithm due to Berlekamp and Massey (see [2, 19] for a description). Surprisingly, it is possible to decode beyond the Berlekamp-Massey bound, however the solution is no longer unique. In a recent seminal work Guruswami and Sudan [22, 12] show that as long as e < n kn it is possible to eciently recover a list of all polynomials f satisfying y i = f(x i ) for all but e values. This decoding problem is known as the list decoding problem for Reed-Solomon codes

this article is on protocols allowing the well-functioning parts of such a large and complex system to carry out their work despite the failure of others. Many deep and interesting results on such problems have been discovered by computer scientists in recent years, the incorporation of which into game theory can greatly enrich this field

Linear quantum cellular automata were introduced recently as one of the models of quantum computing. A basic postulate of quantum mechanics imposes a strong constraint on any quantum machine: it has to be unitary, that is its time evolution operator has to be a unitary transformation. In this paper we give an efficient algorithm to decide if a linear quantum cellular automaton is unitary. The complexity of the algorithm is O(n ) in the algebraic computational model if the automaton has a continuous neighborhood of size r, where n is the size of the input.

this document, authentication will generally refer to the use of digital signatures, which play a function for digital documents similar to that played by handwritten signatures for printed documents: the signature is an unforgeable piece of data asserting that a named person wrote or otherwise agreed to the document to which the signature is attached. The recipient, as well as a third party, can verify both that the document did indeed originate from the person whose signature is attached and that the document has not been altered since it was signed. A secure digital signature system thus consists of two parts: a method of signing a document such that forgery is infeasible, and a method of verifying that a signature was actually generated by whomever it represents. Furthermore, secure digital signatures cannot be repudiated; i.e., the signer of a document cannot later disown it by claiming it was forged.

The ℓ th modular polynomial, φℓ(x,y), parameterizes pairs of elliptic curves with an isogeny of degree ℓ between them. Modular polynomials provide the defining equations for modular curves, and are useful in many different aspects of computational number theory and cryptography. For example, computations with modular polynomials have been used to speed elliptic curve point-counting

We present the first implementation of sieving techniques in the context of function fields. More precisely, we compute in class groups of quadratic congruence function fields by combining the Algorithm of Hafner and McCurley with sieving ideas known from factoring. We apply our methods to compute generators and relations of the Jacobian variety of hyperelliptic curves over finite fields. 1 Introduction Jacobian varieties of hyperelliptic curves over finite fields can be (under some condition) interpreted as class groups of imaginary quadratic congruence function fields; the algorithm of Hafner and McCurley [8] known to compute the class group of imaginary quadratic number fields and having subexponential running time in the size of the discriminant can be applied. This idea is realized (with a slight modification) in [1] by Adleman, DeMarrais and Huang who claim this algorithm to be of subexponential running time in the genus, believing in some heuristical evidence. An unconditional p...

We discuss two methods for generating cryptographically strong elliptic curves defined over finite prime fields. The advantages and disadvantages of these algorithms are discussed and a practical comparison of the algorithms is given.

Abstract not found

etwork security. Mandatory reading for aspiring system managers. Antonia J. Jones:18 December 2001 2 W. Stallings. Cryptography and Network Security: Principles and Practice. Prentice Hall. 1998. ISBN 0-13-869017-0. Fills in many aspects of the present course and goes on to discuss mail and internet security. C. P. Pfleeger. Security in Computing. Prentice Hall. 1997. ISBN 0-13-185794-0. Good general introduction. The classic 1,200 page definitive story of cryptography up to the late 1950's is: D. Kahn. The Codebreakers. Scribner, New York. 1996. A recent very interesting account including the history of RSA and PGP and a non-technical discussion of quantum cryptography is: S. Singh. The Code Book. Fourth Estate, London. 1999. Fiction: Neal Stephenson. Cryptonomicon. William Heinemann, London. 1999. Antonia J. Jones:18 December 2001 3 CONTENTS I G

We present an algorithm for factoring integers of the form N = p^r q for large r. Such integers were previously proposed for various cryptographic applications. When r log p our algorithm runs in polynomial time (in log N ). Hence, we obtain a new class of integers that can be efficiently factored. When r p log p the algorithm is asymptotically faster than the Elliptic Curve Method. Our results suggest that integers of the form N = p r q should be used with care. This is especially true when r is large, namely r greater than p log p.