Results 21  30
of
35
Time Hierarchies for Sampling Distributions
, 2012
"... We prove that for every constant k ≥ 2, every polynomial time bound t, and every polynomially small ǫ, there exists a family of distributions on k elements that can be sampled exactly in polynomial time but cannot be sampled within statistical distance 1−1/k−ǫ in time t. Our proof involves reducing ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
We prove that for every constant k ≥ 2, every polynomial time bound t, and every polynomially small ǫ, there exists a family of distributions on k elements that can be sampled exactly in polynomial time but cannot be sampled within statistical distance 1−1/k−ǫ in time t. Our proof involves reducing the problem to a communication problem over a certain type of noisy channel. We solve the latter problem by giving a construction of a new type of listdecodable code, for a setting where there is no bound on the number of errors but each error gives more information than an erasure. 1
Efficient polynomial time algorithms computing industrialstrength primitive roots
"... ..."
(Show Context)
Advanced Cryptography March 3, 2003
"... L) in 3 rounds. A natural question which arises from the quest for eciency is \What happens when we parallelize ZK proofs?" 2 Parallelization of ZKPS 2.1 3Colorability and Parallelization First we describe a parallel version of Blum's protocol (P ) for the 3colorability of G: 7 ..."
Abstract
 Add to MetaCart
L) in 3 rounds. A natural question which arises from the quest for eciency is \What happens when we parallelize ZK proofs?" 2 Parallelization of ZKPS 2.1 3Colorability and Parallelization First we describe a parallel version of Blum's protocol (P ) for the 3colorability of G: 71 begins by choosing a set of random permutations i for i 2 f1; :::; kg and applying them to the graph G resulting in a new set of isomorphic graphs H i . The permutation only aects the labeling of the nodes thus all H i are still 3colorable i G is. Next P encrypts the coloring of every vertex of every H i and sends all this information to V 2. V ips enough coins to choose a random edge in each graph H i , and send the selection back to P . reveals the coloring for the 2 nodes in H i on each of the edges selected by V in the previous step, along with a proof that these colors where truly the information encrypted in the rst step. V then checks this proof, and if the colors
Asymptotic Semismoothness Probabilities
"... Abstract We call an integer semismooth with respect to y and z if each of its prime factors is ^ y, and all but one are ^ z. Such numbers are useful in various factoring algorithms, including the quadratic sieve. Let G(ff; fi) be the asymptotic probability that a random integer n is semismooth with ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract We call an integer semismooth with respect to y and z if each of its prime factors is ^ y, and all but one are ^ z. Such numbers are useful in various factoring algorithms, including the quadratic sieve. Let G(ff; fi) be the asymptotic probability that a random integer n is semismooth with respect to nfi and nff. We present new recurrence relations for G and related functions. We then give numerical methods for computing G, tables of G, and estimates for the error incurred by this asymptotic approximation.
Abstract The (True) Complexity of Statistical Zero Knowledge (Extended Abstract)
"... Statistical zeroknowledge is a very strong privacy constraint which is not dependent on computational limitations. In this paper we showthatgiven a complexity assumption a much weaker condition su ces to attain statistical zeroknowledge. As a result we are able to simplify statistical zeroknowled ..."
Abstract
 Add to MetaCart
(Show Context)
Statistical zeroknowledge is a very strong privacy constraint which is not dependent on computational limitations. In this paper we showthatgiven a complexity assumption a much weaker condition su ces to attain statistical zeroknowledge. As a result we are able to simplify statistical zeroknowledge and to better characterize, on many counts, the class of languages that possess statistical zeroknowledge proofs. 1
Project Specification Generation of truly random numbers with known factorization
"... ..."
(Show Context)
unknown title
"... Abstract — The number field sieve of factoring 1024bit RSA keys has many steps involved, one of them being the ‘relation collection ’ step. This step consists of two parts, the first part is called Sieving and is used to generate smooth random numbers (numbers whose factors are less than a given bo ..."
Abstract
 Add to MetaCart
Abstract — The number field sieve of factoring 1024bit RSA keys has many steps involved, one of them being the ‘relation collection ’ step. This step consists of two parts, the first part is called Sieving and is used to generate smooth random numbers (numbers whose factors are less than a given boundary), and these smooth numbers are factored in the second part by special factoring methods like ECM, p1 and rho. The Sieving processes involve high complexity in generating smooth numbers, so there is a requirement for a simple mechanism which would generate large smooth numbers so that these numbers can be used as test vectors for the factorization methods like ECM, P1 and rho. In the project our aim is to generate the smooth numbers so that they can be as test vectors. We used Eric Bach and Adam Kalai’s algorithms which are developed for generating factored random numbers, and made modifications to these algorithms in order to generate smooth numbers. In this paper we describe these algorithms, modifications we made to them and how we implemented them. We also compare these algorithms and come to a conclusion as to which method is faster in generating smooth factored random numbers.
AMS Math Review Number 94d:11103.
"... A positive integer n is a perfect power if there exist integers x and k, both at least 2, such that n = x k. The usual algorithm to recognize perfect powers computes approximate kth roots for k ≤ log 2 n, and runs in time O(log 3 n log log log n). First, we improve this worstcase running time to O( ..."
Abstract
 Add to MetaCart
(Show Context)
A positive integer n is a perfect power if there exist integers x and k, both at least 2, such that n = x k. The usual algorithm to recognize perfect powers computes approximate kth roots for k ≤ log 2 n, and runs in time O(log 3 n log log log n). First, we improve this worstcase running time to O(log 3 n) by using a modified Newton’s method to compute approximate kth roots. Parallelizing this gives an N C 2 algorithm. Second, we present a sieve algorithm that avoids kth root computations by seeing if the input n is a perfect kth power modulo small primes. If n is chosen uniformly from a large enough interval, the average running time is O(log 2 n). Third, we incorporate trial division to give a sieve algorithm with an average running time of O(log 2 n / log 2 log n) and a median running time of O(log n). The two sieve algorithms use a precomputed table of small primes. We give a heuristic argument and computational evidence that the largest prime needed in this table is (log n) 1+o(1) ; assuming the Extended Riemann Hypothesis, primes up to (log n) 2+o(1) suffice. The table can be computed in time roughly proportional to the largest prime it contains. We also present computational results indicating that our sieve algorithms perform extremely well in practice.