Results 11  20
of
34
Some results on pseudosquares
 Math. Comp
, 1996
"... Abstract. If p is an odd prime, the pseudosquare Lp is defined to be the least positive nonsquare integer such that Lp ≡ 1 (mod 8) and the Legendre symbol (Lp/q) = 1 for all odd primes q ≤ p. In this paper we first discuss the connection between pseudosquares and primality testing. We then describe ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
Abstract. If p is an odd prime, the pseudosquare Lp is defined to be the least positive nonsquare integer such that Lp ≡ 1 (mod 8) and the Legendre symbol (Lp/q) = 1 for all odd primes q ≤ p. In this paper we first discuss the connection between pseudosquares and primality testing. We then describe a new numerical sieving device which was used to extend the table of known pseudosquares up to L271. We also present several numerical results concerning the growth rate of the pseudosquares, results which so far confirm that Lp √ e p/2, an inequality that must hold under the extended Riemann Hypothesis. 1.
Computational Aspects of Curves of Genus at Least 2
 Algorithmic number theory. 5th international symposium. ANTSII
, 1996
"... . This survey discusses algorithms and explicit calculations for curves of genus at least 2 and their Jacobians, mainly over number fields and finite fields. Miscellaneous examples and a list of possible future projects are given at the end. 1. Introduction An enormous number of people have per ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
. This survey discusses algorithms and explicit calculations for curves of genus at least 2 and their Jacobians, mainly over number fields and finite fields. Miscellaneous examples and a list of possible future projects are given at the end. 1. Introduction An enormous number of people have performed an enormous number of computations on elliptic curves, as one can see from even a perfunctory glance at [29]. A few years ago, the same could not be said for curves of higher genus, even though the theory of such curves had been developed in detail. Now, however, polynomialtime algorithms and sometimes actual programs are available for solving a wide variety of problems associated with such curves. The genus 2 case especially is becoming accessible: in light of recent work, it seems reasonable to expect that within a few years, packages will be available for doing genus 2 computations analogous to the elliptic curve computations that are currently possible in PARI, MAGMA, SIMATH, apec...
It Is Easy to Determine Whether a Given Integer Is Prime
, 2004
"... The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic. It has engaged the industry and wisdom of ancient and modern geometers to such an extent that it would be super ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic. It has engaged the industry and wisdom of ancient and modern geometers to such an extent that it would be superfluous to discuss the problem at length. Nevertheless we must confess that all methods that have been proposed thus far are either restricted to very special cases or are so laborious and difficult that even for numbers that do not exceed the limits of tables constructed by estimable men, they try the patience of even the practiced calculator. And these methods do not apply at all to larger numbers... It frequently happens that the trained calculator will be sufficiently rewarded by reducing large numbers to their factors so that it will compensate for the time spent. Further, the dignity of the science itself seems to require that every possible means be explored for the solution of a problem so elegant and so celebrated... It is in the nature of the problem
ZeroKnowledge Arguments and PublicKey Cryptography
, 1995
"... In this work we consider the DiffieHellman Publickey model in which an additional short random string is shared by all users. This, which we call PublicKey PublicRandomness (PKPR) model, is very powerful as we show that it supports simple noninteractive implementations of important cryptographi ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
In this work we consider the DiffieHellman Publickey model in which an additional short random string is shared by all users. This, which we call PublicKey PublicRandomness (PKPR) model, is very powerful as we show that it supports simple noninteractive implementations of important cryptographic primitives. We give a noninteractive implementation of Oblivious Transfer in the PKPR model. Our implementation is secure against receivers with unlimited computational power. Building on this result, we show that all languages in NP have Perfect ZeroKnowledge Arguments in the PKPR model. 1 Introduction In PrivateKey Cryptography interaction is an essential resource. If two parties want to communicate secretly, they have to meet and agree on a common secret key. The need to establish a common key, before any communication could take place, severely limits the usefulness of this paradigm. Nonetheless it had been considered necessary for any form of secret communication. The PublicKey...
It Is Easy to Determine Whether a Given Integer Is
, 2005
"... Dedicated to the memory of W. ‘Red ’ Alford, friend and colleague Abstract. “The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic. It has engaged the industry and wis ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Dedicated to the memory of W. ‘Red ’ Alford, friend and colleague Abstract. “The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic. It has engaged the industry and wisdom of ancient and modern geometers to such an extent that it would be superfluous to discuss the problem at length. Nevertheless we must confess that all methods that have been proposed thus far are either restricted to very special cases or are so laborious and difficult that even for numbers that do not exceed the limits of tables constructed by estimable men, they try the patience of even the practiced calculator. And these methods do not apply at all to larger numbers... It frequently happens that the trained calculator will be sufficiently rewarded by reducing large numbers to their factors so that it will compensate for the time spent. Further, the dignity of the science itself seems to require that every possible means be explored for the solution of a problem so elegant and so celebrated... It is in the nature of the problem
On the Complexity of Breaking the DiffieHellman Protocol
 Computer Science Department
, 1996
"... It is shown that for a class of finite groups, breaking the DiffieHellman protocol is polynomialtime equivalent to computing discrete logarithms. Let G be a cyclic group with generator g and order jGj whose prime factorization is known. When for each large prime factor p of jGj an auxiliary group ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
It is shown that for a class of finite groups, breaking the DiffieHellman protocol is polynomialtime equivalent to computing discrete logarithms. Let G be a cyclic group with generator g and order jGj whose prime factorization is known. When for each large prime factor p of jGj an auxiliary group H p defined over GF (p) with smooth order is given, then breaking the DiffieHellman protocol for G and computing discrete logarithms in G are polynomialtime equivalent. Possible auxiliary groups H p are elliptic curves over GF (p) or over an extension field of GF (p), certain subgroups of the multiplicative group of such an extension field, and the Jacobian of a hyperelliptic curve. For a list of expressions in p, including p \Gamma 1, p + 1, and the cyclotomic polynomials of low degree in p, it is shown that an appropriate group H p can efficiently be constructed if one of the expressions in the list is smooth. Furthermore, efficient constructions of DiffieHellman groups with provable e...
Primality proving via one round in ECPP and one iteration in AKS
 Advances in Cryptology – CRYPTO 2003
, 2003
"... On August 2002, Agrawal, Kayal and Saxena announced the first deterministic and polynomial time primality testing algorithm. For an input n, the AKS algorithm runs in heuristic time Õ(log6 n). Verification takes roughly the same amount of time. On the other hand, the Elliptic Curve Primality Proving ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
On August 2002, Agrawal, Kayal and Saxena announced the first deterministic and polynomial time primality testing algorithm. For an input n, the AKS algorithm runs in heuristic time Õ(log6 n). Verification takes roughly the same amount of time. On the other hand, the Elliptic Curve Primality Proving algorithm (ECPP), runs in random heuristic time Õ(log6 n) ( Õ(log5 n) if the fast multiplication is used), and generates certificates which can be easily verified. More recently, Berrizbeitia gave a variant of the AKS algorithm, in which some primes cost much less time to prove than a general prime does. Building on these celebrated results, this paper explores the possibility of designing a more efficient algorithm. A random primality proving algorithm with heuristic time complexity Õ(log4 n) is presented. It generates a certificate of primality which is O(log n) bits long and can be verified in deterministic time Õ(log 4 n). The reduction in time complexity is achieved by first generalizing Berrizbeitia’s algorithm to one which has higher density of easilyproved primes. For a general prime, one round of ECPP is deployed to reduce its primality proof to the proof of a random easilyproved prime. 1
Efficient Construction of Secure Hyperelliptic Discrete Logarithm Problems
, 1997
"... . Hyperelliptic curves have been used to define discrete logarithm problems as cryptographic oneway functions. However, no efficient algorithm for construction of secure hyperelliptic curves is known until now. In this paper, efficient algorithms are presented to construct secure discrete logarithm ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
. Hyperelliptic curves have been used to define discrete logarithm problems as cryptographic oneway functions. However, no efficient algorithm for construction of secure hyperelliptic curves is known until now. In this paper, efficient algorithms are presented to construct secure discrete logarithm problems on hyperelliptic curves whose Jacobian varieties are either simple or isogenous to a product of simple abelian varieties. 1 Introduction Discrete logarithm problems over elliptic curves have recently been used instead of the discrete logarithm problems over finite fields in recent cryptosystems[10] [18] [17]. This new kind of cryptographic functions are believed to be stronger in the sense that they can resist all known subexponential attacks which have been developed against the latter problems. As a natural extension, hyperelliptic curves, which have genera larger than one and contain the elliptic curves as a special case with genera equal one, were used to define discrete logar...
Primality testing
, 1992
"... Abstract For many years mathematicians have searched for a fast and reliable primality test. This is especially relevant nowadays, because the RSA publickey cryptosystem requires very large primes in order to generate secure keys. I will describe some efficient randomised algorithms that are useful ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract For many years mathematicians have searched for a fast and reliable primality test. This is especially relevant nowadays, because the RSA publickey cryptosystem requires very large primes in order to generate secure keys. I will describe some efficient randomised algorithms that are useful in practice, but have the defect of occasionally giving the wrong answer, or taking a very long time to give an answer. Recently Agrawal, Kayal and Saxena found a deterministic polynomialtime primality test. I will describe their algorithm, mention some improvements by Bernstein and Lenstra, and explain why this is not the end of the story.