Results 11  20
of
227
a new CRTRSA Algorithm Secure Against Bellcore”, CC’03
"... In this paper we describe a new algorithm to prevent fault attacks on RSA signature algorithms using the Chinese Remainder Theorem (CRTRSA). This variant of the RSA signature algorithm is widely used on smartcards. Smartcards on the other hand are particularly susceptible to fault attacks like t ..."
Abstract

Cited by 32 (3 self)
 Add to MetaCart
(Show Context)
In this paper we describe a new algorithm to prevent fault attacks on RSA signature algorithms using the Chinese Remainder Theorem (CRTRSA). This variant of the RSA signature algorithm is widely used on smartcards. Smartcards on the other hand are particularly susceptible to fault attacks like the one described in [7]. Recent results have shown that fault attacks are practical and easy to accomplish ([21], [17]). Therefore, they establish a practical need for fault attack protected CRTRSA schemes. Starting from a careful derivation and classication of fault models, we describe a new variant of the CRTRSA algorithm. For the most realistic fault model described, we rigorously analyze the success probability of an adversary. Thereby, we prove that our new algorithm is secure against the Bellcore attack. Only once in the analysis do we need to refer to a plausible number theoretic assumption.
Expander graphs in pure and applied mathematics
 Bull. Amer. Math. Soc. (N.S
"... Expander graphs are highly connected sparse finite graphs. They play an important role in computer science as basic building blocks for network constructions, error correcting codes, algorithms and more. In recent years they have started to play an increasing role also in pure mathematics: number th ..."
Abstract

Cited by 30 (2 self)
 Add to MetaCart
(Show Context)
Expander graphs are highly connected sparse finite graphs. They play an important role in computer science as basic building blocks for network constructions, error correcting codes, algorithms and more. In recent years they have started to play an increasing role also in pure mathematics: number theory, group theory, geometry and more. This expository article describes their constructions and various applications in pure and applied mathematics. This paper is based on notes prepared for the Colloquium Lectures at the
Fast Generation of Prime Numbers and Secure PublicKey Cryptographic Parameters
, 1995
"... A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. The ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
(Show Context)
A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. Therefore our algorithm is even faster than presentlyused algorithms for generating only pseudoprimes because several MillerRabin tests with independent bases must be applied for achieving a sufficient confidence level. Heuristic arguments suggest that the generated primes are close to uniformly distributed over the set of primes in the specified interval. Security constraints on the prime parameters of certain cryptographic systems are discussed, and in particular a detailed analysis of the iterated encryption attack on the RSA publickey cryptosystem is presented. The prime generation algorithm can easily be modified to generate nearly random primes or RSAmoduli that satisfy t...
The distribution of totients
, 1998
"... This paper is an announcement of many new results concerning the set of totients, i.e. the set of values taken by Euler’s φfunction. The main functions studied are V (x), the number of totients not exceeding x, A(m), the number of solutions of φ(x) =m(the “multiplicity ” of m), and Vk(x), the numb ..."
Abstract

Cited by 27 (10 self)
 Add to MetaCart
(Show Context)
This paper is an announcement of many new results concerning the set of totients, i.e. the set of values taken by Euler’s φfunction. The main functions studied are V (x), the number of totients not exceeding x, A(m), the number of solutions of φ(x) =m(the “multiplicity ” of m), and Vk(x), the number of m ≤ x with A(m) =k. The first of the main results of the paper is a determination of the true order of V (x). It is also shown that for each k ≥ 1, if there is a totient with multiplicity k, thenVk(x)≫V(x). We further show that every multiplicity k ≥ 2 is possible, settling an old conjecture of Sierpiński. An older conjecture of Carmichael states that no totient has multiplicity 1. This remains an open problem, but some progress can be reported. In particular, the results stated above imply that if there is one counterexample, then a positive proportion of all totients are counterexamples. Determining the order of V (x) andVk(x) also provides a description of the “normal ” multiplicative structure of totients. This takes the form of bounds on the sizes of the prime factors of a preimage of a typical totient. One corollary is that the normal number of prime factors of a totient ≤ x is c log log x, wherec≈2.186. Lastly, similar results are proved for the set of values taken by a general multiplicative arithmetic function, such as the sum of divisors function, whose behavior is similar to that of Euler’s function.
The dichotomy between structure and randomness, arithmetic progressions, and the primes
"... Abstract. A famous theorem of Szemerédi asserts that all subsets of the integers with positive upper density will contain arbitrarily long arithmetic progressions. There are many different proofs of this deep theorem, but they are all based on a fundamental dichotomy between structure and randomness ..."
Abstract

Cited by 27 (1 self)
 Add to MetaCart
Abstract. A famous theorem of Szemerédi asserts that all subsets of the integers with positive upper density will contain arbitrarily long arithmetic progressions. There are many different proofs of this deep theorem, but they are all based on a fundamental dichotomy between structure and randomness, which in turn leads (roughly speaking) to a decomposition of any object into a structured (lowcomplexity) component and a random (discorrelated) component. Important examples of these types of decompositions include the Furstenberg structure theorem and the Szemerédi regularity lemma. One recent application of this dichotomy is the result of Green and Tao establishing that the prime numbers contain arbitrarily long arithmetic progressions (despite having density zero in the integers). The power of this dichotomy is evidenced by the fact that the GreenTao theorem requires surprisingly little technology from analytic number theory, relying instead almost exclusively on manifestations of this dichotomy such as Szemerédi’s theorem. In this paper we survey various manifestations of this dichotomy in combinatorics, harmonic analysis, ergodic theory, and number theory. As we hope to emphasize here, the underlying themes in these arguments are remarkably similar even though the contexts are radically different. 1.
Prime Number Races
 Amer. Math. Monthly
"... 1. INTRODUCTION. There’s nothing quite like a day at the races....The quickening of the pulse as the starter’s pistol sounds, the thrill when your favorite contestant speeds out into the lead (or the distress if another contestant dashes out ahead of yours), and the accompanying fear (or hope) that ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
(Show Context)
1. INTRODUCTION. There’s nothing quite like a day at the races....The quickening of the pulse as the starter’s pistol sounds, the thrill when your favorite contestant speeds out into the lead (or the distress if another contestant dashes out ahead of yours), and the accompanying fear (or hope) that the leader might change. And what if the race is a marathon? Maybe one of the contestants will be far stronger than the others, taking
Average twin prime conjecture for elliptic curves
, 2007
"... Let E be an elliptic curve over Q. In 1988, Koblitz conjectured a precise asymptotic for the number of primes p up to x such that the order of the group of points of E over Fp is prime. This is an analogue of the Hardy and Littlewood twin prime conjecture in the case of elliptic curves. Koblitz’s co ..."
Abstract

Cited by 22 (7 self)
 Add to MetaCart
(Show Context)
Let E be an elliptic curve over Q. In 1988, Koblitz conjectured a precise asymptotic for the number of primes p up to x such that the order of the group of points of E over Fp is prime. This is an analogue of the Hardy and Littlewood twin prime conjecture in the case of elliptic curves. Koblitz’s conjecture is still widely open. In this paper we prove that Koblitz’s conjecture is true on average over a twoparameter family of elliptic curves. One of the key ingredients in the proof is a short average distribution result in the style of BarbanDavenportHalberstam,
Two contradictory conjectures concerning Carmichael numbers
"... Erdös [8] conjectured that there are x 1;o(1) Carmichael numbers up to x, whereas Shanks [24] was skeptical as to whether one might even nd an x up to which there are more than p x Carmichael numbers. Alford, Granville and Pomerance [2] showed that there are more than x 2=7 Carmichael numbers up to ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
(Show Context)
Erdös [8] conjectured that there are x 1;o(1) Carmichael numbers up to x, whereas Shanks [24] was skeptical as to whether one might even nd an x up to which there are more than p x Carmichael numbers. Alford, Granville and Pomerance [2] showed that there are more than x 2=7 Carmichael numbers up to x, and gave arguments which even convinced Shanks (in persontoperson discussions) that Erdös must be correct. Nonetheless, Shanks's skepticism stemmed from an appropriate analysis of the data available to him (and his reasoning is still borne out by Pinch's extended new data [14,15]), and so we herein derive conjectures that are consistent with Shanks's observations, while tting in with the viewpoint of Erdös [8] and the results of [2,3].
Primes in short intervals
 Commun. Math. Phys
"... Dedicated to Freeman Dyson, with best wishes on the occasion of his eightieth birthday. Abstract. Contrary to what would be predicted on the basis of Cramér’s model concerning the distribution of prime numbers, we develop evidence that the distribution of ψ(x + H) − ψ(x), for 0 ≤ x ≤ N, is approxima ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
(Show Context)
Dedicated to Freeman Dyson, with best wishes on the occasion of his eightieth birthday. Abstract. Contrary to what would be predicted on the basis of Cramér’s model concerning the distribution of prime numbers, we develop evidence that the distribution of ψ(x + H) − ψ(x), for 0 ≤ x ≤ N, is approximately normal with mean ∼ H and variance ∼ H log N/H, when N δ ≤ H ≤ N 1−δ. Cramér [4] modeled the distribution of prime numbers by independent random variables Xn (for n ≥ 3) that take the value 1 (n is “prime”) with probability 1 / logn and take the value 0 (n is “composite”) with probability 1 − 1 / log n. If pn denotes the n th prime