Results 1  10
of
13
PolynomialTime Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
 SIAM J. on Computing
, 1997
"... A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. ..."
Abstract

Cited by 883 (2 self)
 Add to MetaCart
A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. This paper considers factoring integers and finding discrete logarithms, two problems which are generally thought to be hard on a classical computer and which have been used as the basis of several proposed cryptosystems. Efficient randomized algorithms are given for these two problems on a hypothetical quantum computer. These algorithms take a number of steps polynomial in the input size, e.g., the number of digits of the integer to be factored.
Simulating Physics with Computers
 SIAM Journal on Computing
, 1982
"... A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time of at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. ..."
Abstract

Cited by 396 (1 self)
 Add to MetaCart
A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time of at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. This paper considers factoring integers and finding discrete logarithms, two problems which are generally thought to be hard on a classical computer and have been used as the basis of several proposed cryptosystems. Efficient randomized algorithms are given for these two problems on a hypothetical quantum computer. These algorithms take a number of steps polynomial in the input size, e.g., the number of digits of the integer to be factored. AMS subject classifications: 82P10, 11Y05, 68Q10. 1 Introduction One of the first results in the mathematics of computation, which underlies the subsequent development of much of theoretical computer science, was the distinction between computable and ...
Discrete logarithms in gf(p) using the number field sieve
 SIAM J. Discrete Math
, 1993
"... Recently, several algorithms using number field sieves have been given to factor a number n in heuristic expected time Ln[1/3; c], where Ln[v; c] = exp{(c + o(1))(log n) v (log log n) 1−v}, for n → ∞. In this paper we present an algorithm to solve the discrete logarithm problem for GF (p) with heur ..."
Abstract

Cited by 65 (1 self)
 Add to MetaCart
Recently, several algorithms using number field sieves have been given to factor a number n in heuristic expected time Ln[1/3; c], where Ln[v; c] = exp{(c + o(1))(log n) v (log log n) 1−v}, for n → ∞. In this paper we present an algorithm to solve the discrete logarithm problem for GF (p) with heuristic expected running time Lp[1/3; 3 2/3]. For numbers of a special form, there is an asymptotically slower but more practical version of the algorithm.
Algorithms in algebraic number theory
 Bull. Amer. Math. Soc
, 1992
"... Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to ..."
Abstract

Cited by 42 (4 self)
 Add to MetaCart
Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to be done in the area. We hope to show that the study of algorithms not only increases our understanding of algebraic number fields but also stimulates our curiosity about them. The discussion is concentrated of three topics: the determination of Galois groups, the determination of the ring of integers of an algebraic number field, and the computation of the group of units and the class group of that ring of integers. 1.
Discrete Logarithms: the Effectiveness of the Index Calculus Method
, 1996
"... . In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the func ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
. In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the function field sieve. We also provide a sketch of the some of the cryptographic schemes whose security depends on the intractibility of the discrete logarithm problem. 1 Introduction Let G be a cyclic group generated by an element t. The discrete logarithm problem in G is to compute for any b 2 G the least nonnegative integer e such that t e = b. In this case, we write log t b = e. Our purpose, in this paper, is to survey recent work on the discrete logarithm problem. Our approach is twofold. On the one hand, we consider the problem from a purely theoretical perspective. Indeed, the algorithms that have been developed to solve it not only explore the fundamental nature of one of the basic s...
An introduction to quantum complexity theory
 Collected Papers on Quantum Computation and Quantum Information Theory
, 2000
"... ..."
Computational Aspects of Discrete Logarithms
, 1996
"... I hereby declare that I am the sole author of this thesis. I authorize the University of Waterloo to lend this thesis to other institutions or individuals for the purpose of scholarly research. I further authorize the University of Waterloo to reproduce this thesis by photocopying or by other mean ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
I hereby declare that I am the sole author of this thesis. I authorize the University of Waterloo to lend this thesis to other institutions or individuals for the purpose of scholarly research. I further authorize the University of Waterloo to reproduce this thesis by photocopying or by other means, in total or in part, at the request of other institutions or individuals for the purpose of scholarly research. ii The University of Waterloo requires the signatures of all persons using or photocopying this thesis. Please sign below, and give address and date. iii Abstract Integer factorization and discrete logarithm calculation are important to public key cryptography. The most efficient known methods for these problems require the solution of large sparse linear systems, modulo two for the factoring case, and modulo large primesfor the logarithm case. This thesis is concerned with solving these equations modulo large primes. The methods typically used in this application are examined and compared, andimprovements are suggested. A solution method derived from the bidiagonalization method of Golub and Kahan is developed, and shown to require onehalf the storage ofthe Lanczos method, onequarter less than the conjugate gradient method, and no more computation than either of these methods. It is expected that this method will becomethe method of choice for the solution modulo large primes of the equations involved in discrete logarithm calculation. The problem of breakdown for the general case of nonsymmetric and possibly singular matrices is considered, and new lookahead methods for orthogonal and conjugate Lanczos algorithms are derived. A unified treatment of the Lanczos algorithms, theconjugate gradient algorithm and the Wiedemann algorithm is given using an orthogonal polynomial approach. It is shown, in particular, that incurable breakdowns can behandled by such an approach. The conjugate gradient algorithm is shown to consist of coupled conjugate and orthogonal Lanczos iterations, linking it to the developmentgiven for Lanczos methods. An efficient integrated lookahead method is developed for the conjugate gradient algorithm.
FixedParameter Complexity and Cryptography
, 1993
"... . We discuss the issue of the parameterized computational complexity of a number of problems of interest in cryptography. We show that the problem of determining whether an ndigit number has a prime divisor less than or equal to n k can be solved in expected time f(k)n 3 by a randomized algo ..."
Abstract

Cited by 14 (11 self)
 Add to MetaCart
. We discuss the issue of the parameterized computational complexity of a number of problems of interest in cryptography. We show that the problem of determining whether an ndigit number has a prime divisor less than or equal to n k can be solved in expected time f(k)n 3 by a randomized algorithm that employs elliptic curve factorization techniques (this result depends on an unproved but plausible numbertheoretic conjecture). An analogous computational problem concerning discrete logarithms is directly relevant to some proposed cryptosystem implementations. Our result suggests caution about implementations which fix a parameter such as the size or Hamming weight of keys. We show that several parameterized problems of relevance to cryptography, including kSubset Sum, kPerfect Code, and kSubset Product are likely to be intractable with respect to fixedparameter complexity. In particular, we show that they cannot be solved in time f(k)n ff , where ff is independent...
Comments on search procedures for primitive roots
 Math.Comp.66
, 1997
"... Abstract. Let p be an odd prime. Assuming the Extended Riemann Hypothesis, we show how to construct O((log p) 4 (log log p) −3) residues modulo p, one of which must be a primitive root, in deterministic polynomial time. Granting some wellknown character sum bounds, the proof is elementary, leading ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Abstract. Let p be an odd prime. Assuming the Extended Riemann Hypothesis, we show how to construct O((log p) 4 (log log p) −3) residues modulo p, one of which must be a primitive root, in deterministic polynomial time. Granting some wellknown character sum bounds, the proof is elementary, leading to an explicit algorithm. 1.