Interest in normal bases over finite fields stems both from mathematical theory and practical applications. There has been a lot of literature dealing with various properties of normal bases (for finite fields and for Galois extension of arbitrary fields). The advantage of using normal bases to represent finite fields was noted by Hensel in 1888. With the introduction of optimal normal bases, large finite fields, that can be used in secure and e#cient implementation of several cryptosystems, have recently been realized in hardware. The present thesis studies various theoretical and practical aspects of normal bases in finite fields. We first give some characterizations of normal bases. Then by using linear algebra, we prove that F q n has a basis over F q such that any element in F q represented in this basis generates a normal basis if and only if some groups of coordinates are not simultaneously zero. We show how to construct an irreducible polynomial of degree 2 n with linearly i...

We present algorithms that are deterministic primality tests for a large family of integers, namely, integers n ≡ 1 (mod 4) for which an integer a is given such that the Jacobi symbol ( a) = −1, and n integers n ≡ −1 (mod 4) for which an integer a is given such that ( a 1−a) = ( ) = −1. The algorithms n n we present run in 2 − min(k,[2 log log n]) Õ(log n) 6 time, where k = ν2(n − 1) is the exact power of 2 dividing n − 1 when n ≡ 1 (mod 4) and k = ν2(n + 1) if n ≡ −1 (mod 4). The complexity of our algorithms improves up to Õ(log n)4 when k ≥ [2 log log n]. We also give tests for more general family of numbers and study their complexity.

Abstract not found

We describe how to generate large primes using the primality proving algorithm of Atkin. Figure 1: The Titanic . 1. Introduction. During the last ten years, primality testing evolved at great speed. Motivated by the RSA cryptosystem [3], the first deterministic primality proving algorithm was designed by Adleman, Pomerance and Rumely [2] and made practical by Cohen, H. W. Lenstra and A. K. Lenstra (see [9, 10] and more recently [5]). It was then proved that the time needed to test an arbitrary integer N for primality is O((log N) c log log log N ) for some positive constant c ? 0. When implemented on a huge computer, the algorithm was able to test 200 digit numbers in about 10 minutes of CPU time. A few years ago, Goldwasser and Kilian [11], used the theory of elliptic curves over finite fields to give the first primality proving algorithm whose running time is polynomial in log N (assuming a plausible conjecture in number theory). Atkin [4] used the theory of complex multiplicat...

We make an attempt to compare the speed of eeme primality testing algorithms for certifying loo-digit prime numbers. 1. Introduction. The

We explain how the Elliptic Curve Primality Proving algorithm can be implemented in a distributed way. Applications are given to the certification of large primes (more than 500 digits). As a result, we describe the successful attempt at proving the primality of the lO65-digit (2^3539+ l)/3, the first ordinary Titanic prime.

Abstract. The well-known Baillie-PSW probable prime test is a combination of a Rabin-Miller test and a “true ” (i.e., with (D/n) =−1) Lucas test. Arnault mentioned in a recent paper that no precise result is known about its probability of error. Grantham recently provided a probable prime test (RQFT) with probability of error less than 1/7710, and pointed out that the lack of counter-examples to the Baillie-PSW test indicates that the true probability of error may be much lower. In this paper we first define pseudoprimes and strong pseudoprimes to quadratic bases with one parameter: Tu = T mod (T 2 − uT + 1), and define the base-counting functions: B(n) =#{u:0 ≤ u<n, nis a psp(Tu)} and SB(n) =#{u:0 ≤ u<n, nis an spsp(Tu)}. Then we give explicit formulas to compute B(n) and SB(n), and prove that, for odd composites n, B(n) <n/2 and SB(n) <n/8, and point out that these are best possible. Finally, based on one-parameter quadratic-base pseudoprimes, we provide a probable prime test, called the One-Parameter Quadratic-Base Test (OPQBT), which passed by all primes ≥ 5 andpassedbyanoddcompositen = p r1 1 pr2 2 ···prs s (p1 <p2 < ·· · <ps odd primes) with probability of error τ(n). We give explicit formulas to compute τ(n), and prove that

These notes informally review the most common methods from computational number theory that have applications in public key cryptology.

25> f(a=b) and of a=b\Gammam are both smooth, meaning that only small prime factors divide these numerators. These are more likely to be smooth when 1 We assume the reader to be familiar with this factoring method, although no expert knowledge is required to understand the spirit of this announcement. 2 NFSNET is a collaborative effort to factor numbers by the Number Field Sieve. It relies on volunteers from around the world who contribute the "spare time" of a large number of workstations to perform the sieving. In addition to completing work on other numbers, their 75 workstations sieved (3 349 \Gamma 1)=2 during the months of December 1996 and January 1997. The organizers and principal researchers of NFSNET are: Marije ElkenbrachtHuizing, Peter Montgomery, Bob Silverman, Richard Wackerbarth, and Sam Wagstaff, Jr. 1. the polynomial values themselves are

F13.54> k = 100, the algorithm answers correctly with an overwhelming probability: 1 \Gamma 2 \Gamma100 . Also observe that the running time is O(kn 3 ), since for each of the k a's, we compute each of the at most n u i 's by a simple squaring. The idea behind the proof of claim 1 is to distinguish two special cases: 1. N is a prime power, N = p b , b 2 and 2-1 2-2 Lecture 2 : March 8, 1995 2. N has at least two distinct prime factors. Proof: (In case 1.) Here, we are almost home free, since this case won't pass the criterion in Fermat's little theorem, i.e. for most a we have a N \Gamma1 6j 1 (mod N ). Assume N = p b