Results 1  10
of
74
Hilbert's Nullstellensatz is in the Polynomial Hierarchy
 Journal of Complexity
, 1996
"... We show that if the Generalized Riemann Hypothesis is true, the problem of deciding whether a system of polynomial equations in several complex variables has a solution is in the second level of the polynomial hierarchy. In fact, this problem is in AM, the "ArthurMerlin" class (recall that NP ` AM ..."
Abstract

Cited by 39 (9 self)
 Add to MetaCart
We show that if the Generalized Riemann Hypothesis is true, the problem of deciding whether a system of polynomial equations in several complex variables has a solution is in the second level of the polynomial hierarchy. In fact, this problem is in AM, the "ArthurMerlin" class (recall that NP ` AM ` RP NP ` \Pi 2 ). The best previous bound was PSPACE. An earlier version of this paper was distributed as NeuroCOLT Technical Report 9644. The present paper includes in particular a new lower bound for unsatisfiable systems, and remarks on the ArthurMerlin class. 1 A part of this work was done when the author was visiting DIMACS at Rutgers University. 1 Introduction In its weak form, Hilbert's Nullstellensatz states that a system f 1 (x) = 0; : : : ; f s (x) = 0 (1) of polynomial equations in n unknowns has no solution over C if and only if there are polynomials g 1 ; : : : ; g s 2 C [X 1 ; : : : ; X n ] such that P s i=1 f i g i = 1. For this reason, the problem of deciding whethe...
Action of modular correspondences around CM points
"... We study the action of modular correspondences in the p adic neighborhood of CM points. We deduce and prove two stable and ecient padic analytic methods for computing singular values of modular functions. On the way we prove a non trivial lower bound for the density of smooth numbers in imagin ..."
Abstract

Cited by 25 (0 self)
 Add to MetaCart
We study the action of modular correspondences in the p adic neighborhood of CM points. We deduce and prove two stable and ecient padic analytic methods for computing singular values of modular functions. On the way we prove a non trivial lower bound for the density of smooth numbers in imaginary quadratic rings and show that the canonical lift of an elliptic curve over Fq can be computed in probabilistic time exp((log q) ) under GRH. We also extend the notion of canonical lift to supersingular elliptic curves and show how to compute it in that case.
Computing Hilbert class polynomials with the Chinese Remainder Theorem
, 2010
"... We present a spaceefficient algorithm to compute the Hilbert class polynomial HD(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(D  1/2+ɛ log P) space and has an expected running time of O ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
We present a spaceefficient algorithm to compute the Hilbert class polynomial HD(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(D  1/2+ɛ log P) space and has an expected running time of O(D  1+ɛ). We describe practical optimizations that allow us to handle larger discriminants than other methods, with D  as large as 1013 and h(D) up to 106. We apply these results to construct pairingfriendly elliptic curves of prime order, using the CM method.
Faster Fully Homomorphic Encryption
"... Abstract. We describe two improvements to Gentry's fully homomorphic scheme based on ideal lattices and its analysis: we provide a re ned analysis of one of the hardness assumptions (the one related to the Sparse Subset Sum Problem) and we introduce a probabilistic decryption algorithm that can be i ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
Abstract. We describe two improvements to Gentry's fully homomorphic scheme based on ideal lattices and its analysis: we provide a re ned analysis of one of the hardness assumptions (the one related to the Sparse Subset Sum Problem) and we introduce a probabilistic decryption algorithm that can be implemented with an algebraic circuit of low multiplicative degree. Combined together, these improvements lead to a faster fully homomorphic scheme, with a e O(λ 3) bit complexity per elementary binary add/mult gate, where λ is the security parameter. These improvements also apply to the fully homomorphic schemes of Smart and Vercauteren [PKC'2010] and van Dijk et al. [Eurocrypt'2010]. Keywords: fully homomorphic encryption, ideal lattices, SSSP. 1
Explicit bounds for primes in residue classes
 Math. Comp
, 1996
"... Abstract. Let E/K be an abelian extension of number fields, with E ̸ = Q. Let ∆ and n denote the absolute discriminant and degree of E. Letσdenote an element of the Galois group of E/K. Weprovethefollowingtheorems, assuming the Extended Riemann Hypothesis: () (1) There is a degree1 prime p of K su ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
Abstract. Let E/K be an abelian extension of number fields, with E ̸ = Q. Let ∆ and n denote the absolute discriminant and degree of E. Letσdenote an element of the Galois group of E/K. Weprovethefollowingtheorems, assuming the Extended Riemann Hypothesis: () (1) There is a degree1 prime p of K such that p = σ, satis
Computing the endomorphism ring of an ordinary elliptic curve over a finite field
 Journal of Number Theory
"... Abstract. We present two algorithms to compute the endomorphism ring of an ordinary elliptic curve E defined over a finite field Fq. Under suitable heuristic assumptions, both have subexponential complexity. We bound the complexity of the first algorithm in terms of log q, while our bound for the se ..."
Abstract

Cited by 15 (7 self)
 Add to MetaCart
Abstract. We present two algorithms to compute the endomorphism ring of an ordinary elliptic curve E defined over a finite field Fq. Under suitable heuristic assumptions, both have subexponential complexity. We bound the complexity of the first algorithm in terms of log q, while our bound for the second algorithm depends primarily on log DE, where DE is the discriminant of the order isomorphic to End(E). As a byproduct, our method yields a short certificate that may be used to verify that the endomorphism ring is as claimed. 1.
A padic algorithm to compute the Hilbert class polynomial
 in ASIACRYPT ’98 Springer LNCS 1514
, 2007
"... Abstract. Classicaly, the Hilbert class polynomial P ∆ ∈ Z[X] of an imaginary quadratic discriminant ∆ is computed using complex analytic techniques. In 2002, Couveignes and Henocq [5] suggested a padic algorithm to compute P∆. Unlike the complex analytic method, it does not suffer from problems c ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
Abstract. Classicaly, the Hilbert class polynomial P ∆ ∈ Z[X] of an imaginary quadratic discriminant ∆ is computed using complex analytic techniques. In 2002, Couveignes and Henocq [5] suggested a padic algorithm to compute P∆. Unlike the complex analytic method, it does not suffer from problems caused by rounding errors. In this paper we complete the outline given in [5] and we prove that, if the Generalized Riemann Hypothesis holds true, the expected runtime of the padic algorithm is eO(∆). We illustrate the algorithm by computing the polynomial P−639 using a 643adic algorithm. 1.
Cyclicity of elliptic curves modulo p and elliptic curve analogues of Linnik’s problem
, 2001
"... 1 Let E be an elliptic curve defined over Q and of conductor N. For a prime p ∤ N, we denote by E the reduction of E modulo p. We obtain an asymptotic formula for the number of primes p ≤ x for which E(Fp) is cyclic, assuming a certain generalized Riemann hypothesis. The error terms that we get are ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
1 Let E be an elliptic curve defined over Q and of conductor N. For a prime p ∤ N, we denote by E the reduction of E modulo p. We obtain an asymptotic formula for the number of primes p ≤ x for which E(Fp) is cyclic, assuming a certain generalized Riemann hypothesis. The error terms that we get are substantial improvements of earlier work of J.P. Serre and M. Ram Murty. We also consider the problem of finding the size of the smallest prime p = pE for which the group E(Fp) is cyclic and we show that, under the generalized Riemann hypothesis, pE = O � (log N) 4+ε � if E is without complex multiplication, and pE = O � (log N) 2+ε � if E is with complex multiplication, for any 0 < ε < 1. 1