Results 1  10
of
16
Fast parallel circuits for the quantum Fourier transform
 PROCEEDINGS 41ST ANNUAL SYMPOSIUM ON FOUNDATIONS OF COMPUTER SCIENCE (FOCS’00)
, 2000
"... We give new bounds on the circuit complexity of the quantum Fourier transform (QFT). We give an upper bound of O(log n + log log(1/ε)) on the circuit depth for computing an approximation of the QFT with respect to the modulus 2 n with error bounded by ε. Thus, even for exponentially small error, our ..."
Abstract

Cited by 51 (2 self)
 Add to MetaCart
We give new bounds on the circuit complexity of the quantum Fourier transform (QFT). We give an upper bound of O(log n + log log(1/ε)) on the circuit depth for computing an approximation of the QFT with respect to the modulus 2 n with error bounded by ε. Thus, even for exponentially small error, our circuits have depth O(log n). The best previous depth bound was O(n), even for approximations with constant error. Moreover, our circuits have size O(n log(n/ε)). We also give an upper bound of O(n(log n) 2 log log n) on the circuit size of the exact QFT modulo 2 n, for which the best previous bound was O(n 2). As an application of the above depth bound, we show that Shor’s factoring algorithm may be based on quantum circuits with depth only O(log n) and polynomialsize, in combination with classical polynomialtime pre and postprocessing. In the language of computational complexity, this implies that factoring is in the complexity class ZPP BQNC, where BQNC is the class of problems computable with boundederror probability by quantum circuits with polylogarithmic depth and polynomial size. Finally, we prove an Ω(log n) lower bound on the depth complexity of approximations of the
Efficient Group Signatures without Trapdoors
, 2002
"... Group signature schemes are fundamental cryptographic tools that enable unlinkably anonymous authentication, in the same fashion that digital signatures provide the basis for strong authentication protocols. In this paper we present the first group signature scheme with constantsize parameters that ..."
Abstract

Cited by 28 (1 self)
 Add to MetaCart
Group signature schemes are fundamental cryptographic tools that enable unlinkably anonymous authentication, in the same fashion that digital signatures provide the basis for strong authentication protocols. In this paper we present the first group signature scheme with constantsize parameters that does not employ any trapdoor function. This novel type of group signature scheme allows public parameters to be shared among organizations. Such sharing represents a highly desirable simpli cation over existing schemes, which require each organization to maintain a separate cryptographic domain.
Fast Generation of Prime Numbers and Secure PublicKey Cryptographic Parameters
, 1995
"... A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. The ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. Therefore our algorithm is even faster than presentlyused algorithms for generating only pseudoprimes because several MillerRabin tests with independent bases must be applied for achieving a sufficient confidence level. Heuristic arguments suggest that the generated primes are close to uniformly distributed over the set of primes in the specified interval. Security constraints on the prime parameters of certain cryptographic systems are discussed, and in particular a detailed analysis of the iterated encryption attack on the RSA publickey cryptosystem is presented. The prime generation algorithm can easily be modified to generate nearly random primes or RSAmoduli that satisfy t...
The complexity of membership problems for circuits over sets of natural numbers
, 2007
"... The problem of testing membership in the subset of the natural numbers produced at the output gate of a {∪, ∩, − , +, ×} combinational circuit is shown to capture a wide range of complexity classes. Although the general problem remains open, the case {∪, ∩, +, ×} is shown NEXPTIMEcomplete, the cas ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
The problem of testing membership in the subset of the natural numbers produced at the output gate of a {∪, ∩, − , +, ×} combinational circuit is shown to capture a wide range of complexity classes. Although the general problem remains open, the case {∪, ∩, +, ×} is shown NEXPTIMEcomplete, the cases {∪, ∩, − , ×}, {∪, ∩, ×}, {∪, ∩, +} are shown PSPACEcomplete, the case {∪, +} is shown NPcomplete, the case {∩, +} is shown C=Lcomplete, and several other cases are resolved. Interesting auxiliary problems are used, such as testing nonemptyness for unionintersectionconcatenation circuits, and expressing each integer, drawn from a set given as input, as powers of relatively prime integers of one’s choosing. Our results extend in nontrivial ways past work by
The modular inversion hidden number problem
 In ASIACRYPT 2001, volume 2248 of LNCS
, 2001
"... Abstract. We study a class of problems called Modular Inverse Hidden Number Problems (MIHNPs). The basic problem in this class is the following: Given many pairs � � � � −1 xi, msbk (α + xi) mod p for random xi ∈ Zp the problem is to find α ∈ Zp (here msbk(x) refers to the k most significant bits o ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
Abstract. We study a class of problems called Modular Inverse Hidden Number Problems (MIHNPs). The basic problem in this class is the following: Given many pairs � � � � −1 xi, msbk (α + xi) mod p for random xi ∈ Zp the problem is to find α ∈ Zp (here msbk(x) refers to the k most significant bits of x). We describe an algorithm for this problem when k> (log 2 p)/3 and conjecture that the problem is hard whenever k < (log 2 p)/3. We show that assuming hardness of some variants of this MIHNP problem leads to very efficient algebraic PRNGs and MACs.
Quantum hidden subgroup algorithms on free groups, (in preparation
"... Abstract. One of the most promising and versatile approaches to creating new quantum algorithms is based on the quantum hidden subgroup (QHS) paradigm, originally suggested by Alexei Kitaev. This class of quantum algorithms encompasses the DeutschJozsa, Simon, Shor algorithms, and many more. In thi ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
Abstract. One of the most promising and versatile approaches to creating new quantum algorithms is based on the quantum hidden subgroup (QHS) paradigm, originally suggested by Alexei Kitaev. This class of quantum algorithms encompasses the DeutschJozsa, Simon, Shor algorithms, and many more. In this paper, our strategy for finding new quantum algorithms is to decompose Shor’s quantum factoring algorithm into its basic primitives, then to generalize these primitives, and finally to show how to reassemble them into new QHS algorithms. Taking an ”alphabetic building blocks approach, ” we use these primitives to form an ”algorithmic toolkit ” for the creation of new quantum algorithms, such as wandering Shor algorithms, continuous Shor algorithms, the quantum circle algorithm, the dual Shor algorithm, a QHS algorithm for Feynman integrals, free QHS algorithms, and more. Toward the end of this paper, we show how Grover’s algorithm is most surprisingly “almost ” a QHS algorithm, and how this result suggests the possibility of an even more complete ”algorithmic tookit ” beyond the QHS algorithms. Contents
On Valiant’s holographic algorithms
"... Leslie Valiant recently proposed a theory of holographic algorithms. These novel algorithms achieve exponential speedups for certain computational problems compared to naive algorithms for the same problems. The methodology uses Pfaffians and (planar) perfect matchings as basic computational primit ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Leslie Valiant recently proposed a theory of holographic algorithms. These novel algorithms achieve exponential speedups for certain computational problems compared to naive algorithms for the same problems. The methodology uses Pfaffians and (planar) perfect matchings as basic computational primitives, and attempts to create exponential cancellations in computation. In this article we survey this new theory of matchgate computations and holographic algorithms.
Computing Order Statistics in the Farey Sequence
"... Abstract. We study the problem of computing the kth term of the Farey sequence of order n, for given n and k. Several methods for generating the entire Farey sequence are known. However, these algorithms require at least quadratic time, since the Farey sequence has Θ(n 2) elements. For the problem ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We study the problem of computing the kth term of the Farey sequence of order n, for given n and k. Several methods for generating the entire Farey sequence are known. However, these algorithms require at least quadratic time, since the Farey sequence has Θ(n 2) elements. For the problem of finding the kth element, we obtain an algorithm that runs in time O(n lg n) and uses space O ( √ n). The same bounds hold for the problem of determining the rank in the Farey sequence of a given fraction. A more complicated solution can reduce the space to O(n 1/3 (lg lg n) 2/3), and, for the problem of determining the rank of a fraction, reduce the time to O(n). We also argue that an algorithm with running time O(poly(lg n)) is unlikely to exist, since that would give a polynomialtime algorithm for integer factorization. 1
NonParallelizable and NonInteractive Client Puzzles from Modular Square Roots
"... Abstract—Denial of Service (DoS) attacks aiming to exhaust the resources of a server by overwhelming it with bogus requests have become a serious threat. Especially protocols that rely on public key cryptography and perform expensive authentication handshakes may be an easy target. A wellknown coun ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract—Denial of Service (DoS) attacks aiming to exhaust the resources of a server by overwhelming it with bogus requests have become a serious threat. Especially protocols that rely on public key cryptography and perform expensive authentication handshakes may be an easy target. A wellknown countermeasure against DoS attacks are client puzzles. The victimized server demands from the clients to commit computing resources before it processes their requests. To get service, a client must solve a cryptographic puzzle and submit the right solution. Existing client puzzle schemes have some drawbacks. They are either parallelizable, coarsegrained or can be used only interactively. In case of interactive client puzzles where the server poses the challenge an attacker might mount a counterattack on the clients by injecting fake packets containing bogus puzzle parameters. In this paper we introduce a novel scheme for client puzzles which relies on the computation of square roots modulo a prime. Modular square root puzzles are nonparallelizable, i. e., the solution cannot be obtained faster than scheduled by distributing the puzzle to multiple machines or CPU cores, and they can be employed both interactively and noninteractively. Our puzzles provide polynomial granularity and compact solution and verification functions. Benchmark results demonstrate the feasibility of our approach to mitigate DoS attacks on hosts in 1 or even 10 GBit networks. In addition, we show how to raise the efficiency of our puzzle scheme by introducing a bandwidthbased cost factor for the client. Keywords—client puzzles, Denial of Service (DoS), network protocols, authentication, computational puzzles
Taking Roots over High Extensions of Finite Fields
"... We present a new algorithm for computing mth roots over the finite field Fq, where q = p n, with p a prime, and m any positive integer. In the particular case m = 2, the cost of the new algorithm is an expected O(M(n) log(p) + C(n) log(n)) operations in Fp, where M(n) and C(n) are bounds for the co ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
We present a new algorithm for computing mth roots over the finite field Fq, where q = p n, with p a prime, and m any positive integer. In the particular case m = 2, the cost of the new algorithm is an expected O(M(n) log(p) + C(n) log(n)) operations in Fp, where M(n) and C(n) are bounds for the cost of polynomial multiplication and modular polynomial composition. Known results give M(n) = O(n log(n) log log(n)) and C(n) = O(n 1.67), so our algorithm is subquadratic in n.