Results 11  20
of
252
Practical threshold RSA signatures without a trusted dealer
, 2001
"... Abstract. We propose a threshold RSA scheme which is as efficient as the fastest previous threshold RSA scheme (by Shoup), but where two assumptions needed in Shoup’s and in previous schemes can be dropped, namely that the modulus must be a product of safe primes and that a trusted dealer generates ..."
Abstract

Cited by 52 (4 self)
 Add to MetaCart
Abstract. We propose a threshold RSA scheme which is as efficient as the fastest previous threshold RSA scheme (by Shoup), but where two assumptions needed in Shoup’s and in previous schemes can be dropped, namely that the modulus must be a product of safe primes and that a trusted dealer generates the keys. The robustness (but not the unforgeability) of our scheme depends on a new intractability assumption, in addition to security of the underlying standard RSA scheme. 1
Greatest Common Divisors of Polynomials Given by StraightLine Programs
 J. ACM
, 1988
"... . F Algorithms on multivariate polynomials represented by straightline programs are developed irst it is shown that most algebraic algorithms can be probabilistically applied to data that is given by y r a straightline computation. Testing such rational numeric data for zero, for instance, is faci ..."
Abstract

Cited by 51 (18 self)
 Add to MetaCart
. F Algorithms on multivariate polynomials represented by straightline programs are developed irst it is shown that most algebraic algorithms can be probabilistically applied to data that is given by y r a straightline computation. Testing such rational numeric data for zero, for instance, is facilitated b andom evaluations modulo random prime numbers. Then auxiliary algorithms are constructed that a determine the coefficients of a multivariate polynomial in a single variable. The first main result is an lgorithm that produces the greatest common divisor of the input polynomials, all in straightline r a representation. The second result shows how to find a straightline program for the reduced numerato nd denominator from one for the corresponding rational function. Both the algorithm for that conl c struction and the greatest common divisor algorithm are in random polynomialtime for the usua oefficient fields and output a straightline program, which with controllably high probab...
On The Complexity Of Computing Determinants
 COMPUTATIONAL COMPLEXITY
, 2001
"... We present new baby steps/giant steps algorithms of asymptotically fast running time for dense matrix problems. Our algorithms compute the determinant, characteristic polynomial, Frobenius normal form and Smith normal form of a dense n n matrix A with integer entries in (n and (n bi ..."
Abstract

Cited by 47 (17 self)
 Add to MetaCart
We present new baby steps/giant steps algorithms of asymptotically fast running time for dense matrix problems. Our algorithms compute the determinant, characteristic polynomial, Frobenius normal form and Smith normal form of a dense n n matrix A with integer entries in (n and (n bit operations; here denotes the largest entry in absolute value and the exponent adjustment by "+o(1)" captures additional factors for positive real constants C 1 , C 2 , C 3 . The bit complexity (n results from using the classical cubic matrix multiplication algorithm. Our algorithms are randomized, and we can certify that the output is the determinant of A in a Las Vegas fashion. The second category of problems deals with the setting where the matrix A has elements from an abstract commutative ring, that is, when no divisions in the domain of entries are possible. We present algorithms that deterministically compute the determinant, characteristic polynomial and adjoint of A with n and O(n ) ring additions, subtractions and multiplications.
Detecting Perfect Powers In Essentially Linear Time
 Math. Comp
, 1998
"... This paper (1) gives complete details of an algorithm to compute approximate kth roots; (2) uses this in an algorithm that, given an integer n>1, either writes n as a perfect power or proves that n is not a perfect power; (3) proves, using Loxton's theorem on multiple linear forms in logarithms, th ..."
Abstract

Cited by 41 (12 self)
 Add to MetaCart
This paper (1) gives complete details of an algorithm to compute approximate kth roots; (2) uses this in an algorithm that, given an integer n>1, either writes n as a perfect power or proves that n is not a perfect power; (3) proves, using Loxton's theorem on multiple linear forms in logarithms, that this perfectpower decomposition algorithm runs in time (log n) . 1.
Serre's modularity conjecture (I)
, 2007
"... This paper is the first part of a work which proves Serre’s modularity conjecture. We first prove the cases p ̸ = 2 and odd conductor, see Theorem 1.2, modulo Theorems 4.1 and 5.1. Theorems 4.1 and 5.1 are proven in the second part, see [13]. We then reduce the general case to a modularity statement ..."
Abstract

Cited by 38 (0 self)
 Add to MetaCart
This paper is the first part of a work which proves Serre’s modularity conjecture. We first prove the cases p ̸ = 2 and odd conductor, see Theorem 1.2, modulo Theorems 4.1 and 5.1. Theorems 4.1 and 5.1 are proven in the second part, see [13]. We then reduce the general case to a modularity statement for 2adic lifts of modular mod 2 representations. This statement is now a theorem of Kisin [19].
Practical ZeroKnowledge Proofs: Giving Hints and Using Deficiencies
 JOURNAL OF CRYPTOLOGY
, 1994
"... New zeroknowledge proofs are given for some numbertheoretic problems. All of the problems are in NP, but the proofs given here are much more efficient than the previously known proofs. In addition, these proofs do not require the prover to be superpolynomial in power. A probabilistic polynomial t ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
New zeroknowledge proofs are given for some numbertheoretic problems. All of the problems are in NP, but the proofs given here are much more efficient than the previously known proofs. In addition, these proofs do not require the prover to be superpolynomial in power. A probabilistic polynomial time prover with the appropriate trapdoor knowledge is sufficient. The proofs are perfect or statistical zeroknowledge in all cases except one.
A Lower Bound for Parallel String Matching
 SIAM J. Comput
, 1993
"... This talk presents the derivation of an\Omega\Gamma/28 log m) lower bound on the number of rounds necessary for finding occurrences of a pattern string P [1::m] in a text string T [1::2m] in parallel using m comparisons in each round. The parallel complexity of the string matching problem using p ..."
Abstract

Cited by 25 (13 self)
 Add to MetaCart
This talk presents the derivation of an\Omega\Gamma/28 log m) lower bound on the number of rounds necessary for finding occurrences of a pattern string P [1::m] in a text string T [1::2m] in parallel using m comparisons in each round. The parallel complexity of the string matching problem using p processors for general alphabets follows. 1. Introduction Better and better parallel algorithms have been designed for stringmatching. All are on CRCWPRAM with the weakest form of simultaneous write conflict resolution: all processors which write into the same memory location must write the same value of 1. The best CREWPRAM algorithms are those obtained from the CRCW algorithms for a logarithmic loss of efficiency. Optimal algorithms have been designed: O(logm) time in [8, 17] and O(log log m) time in [4]. (An optimal algorithm is one with pt = O(n) where t is the time and p is the number of processors used.) Recently, Vishkin [18] developed an optimal O(log m) time algorithm. Unlike...
On Parallel Hashing and Integer Sorting
, 1991
"... The problem of sorting n integers from a restricted range [1::m], where m is superpolynomial in n, is considered. An o(n log n) randomized algorithm is given. Our algorithm takes O(n log log m) expected time and O(n) space. (Thus, for m = n polylog(n) we have an O(n log log n) algorithm.) The al ..."
Abstract

Cited by 25 (9 self)
 Add to MetaCart
The problem of sorting n integers from a restricted range [1::m], where m is superpolynomial in n, is considered. An o(n log n) randomized algorithm is given. Our algorithm takes O(n log log m) expected time and O(n) space. (Thus, for m = n polylog(n) we have an O(n log log n) algorithm.) The algorithm is parallelizable. The resulting parallel algorithm achieves optimal speed up. Some features of the algorithm make us believe that it is relevant for practical applications. A result of independent interest is a parallel hashing technique. The expected construction time is logarithmic using an optimal number of processors, and searching for a value takes O(1) time in the worst case. This technique enables drastic reduction of space requirements for the price of using randomness. Applicability of the technique is demonstrated for the parallel sorting algorithm, and for some parallel string matching algorithms. The parallel sorting algorithm is designed for a strong and non standard mo...
Criteria For Irrationality Of Euler's Constant
 Proc. Amer. Math. Soc
"... By modifying Beukers' proof of Apry's theorem that z ( ) 3 is irrational, we derive criteria for irrationality of Euler's constant, g . For n > 0 , we define a double integral I n and a positive integer S n , and prove that with d n n = LCM( ,..., ) 1 the following are equivalent. 1. The fractiona ..."
Abstract

Cited by 22 (7 self)
 Add to MetaCart
By modifying Beukers' proof of Apry's theorem that z ( ) 3 is irrational, we derive criteria for irrationality of Euler's constant, g . For n > 0 , we define a double integral I n and a positive integer S n , and prove that with d n n = LCM( ,..., ) 1 the following are equivalent. 1. The fractional part of logS n is given by {log } S d I n n n = 2 for some n . 2. The formula holds for all sufficiently large n . 3. Euler's constant is a rational number. A corollary is that if {log } S n 2 infinitely often, then g is irrational. Indeed, if the inequality holds for a given n (we present numerical evidence for 1 2500 n ) and g is rational, then its denominator does not divide d n n . We prove a new combinatorial identity in order to show that a certain linear form in logarithms is in fact logS n . A byproduct is a rapidly converging asymptotic formula for g , used by P. Sebah to compute g correct to 18063 decimals. 1.
A fast algorithm to compute cubic fields
 Math. Comp
, 1997
"... Abstract. We present a very fast algorithm to build up tables of cubic fields. Real cubic fields with discriminant up to 10 11 and complex cubic fields down to −10 11 have been computed. The classification of quadratic fields up to isomorphism is trivial: they are uniquely characterized by their dis ..."
Abstract

Cited by 21 (5 self)
 Add to MetaCart
Abstract. We present a very fast algorithm to build up tables of cubic fields. Real cubic fields with discriminant up to 10 11 and complex cubic fields down to −10 11 have been computed. The classification of quadratic fields up to isomorphism is trivial: they are uniquely characterized by their discriminant, and we can compute tables as soon as we know how to test if an integer is squarefree and how to check some simple congruence modulo 16. We intend to show that cubic fields are essentially as easy to deal with, and we will get a canonical representation for them. Contrary to the quadratic case, the treatment depends on the signature but, the fundamental ideas being the same, we shall expose as much as we can before splitting cases. Almost all results in this paper are either ancient or elementary. I would like to thank Professor H.Cohen for his interest when I first mentioned what I thought was a trivial application of some well known results. Moreover, his careful reading of successive drafts of this work and the many questions he had about it were most helpful in giving it its present shape. 1. Preliminaries Let (a, b, c, d) denote the integral binary cubic form F (x, y) = ax 3 + bx 2 y + cxy 2 + dy 3. We call as usual disc(F) its discriminant: disc(a, b, c, d) = b 2 c 2 − 27a 2 d 2 + 18abcd − 4ac 3 − 4b 3 d. We shall say a form F is complex whenever disc F < 0, and real otherwise. We call roots of F, the complex roots of F (X, 1) = 0. A form is said to be primitive if gcd(a, b, c, d) = 1, and irreducible if it is so in Q[x, y]. The usual change of variables gives an action of GL2(Z) on the set of binary cubic forms, which preserves discriminants, irreducibility and primitivity. We call Φ the set of classes of integral, binary cubic forms under this action. Please note that, contrary to the quadratic case, we do not restrict to SL2(Z). Let Vp be the subset of Φ given by the following congruence conditions: • If p = 2: disc F ≡ 1 (mod 4) or disc F ≡ 8, 12 (mod 16). • If p � = 2: p 2 ∤ disc F.