Results 1  10
of
81
MPFR: A multipleprecision binary floatingpoint library with correct rounding
 ACM Trans. Math. Softw
, 2007
"... This paper presents a multipleprecision binary floatingpoint library, written in the ISO C language, and based on the GNU MP library. Its particularity is to extend to arbitraryprecision ideas from the IEEE 754 standard, by providing correct rounding and exceptions. We demonstrate how these stron ..."
Abstract

Cited by 109 (16 self)
 Add to MetaCart
(Show Context)
This paper presents a multipleprecision binary floatingpoint library, written in the ISO C language, and based on the GNU MP library. Its particularity is to extend to arbitraryprecision ideas from the IEEE 754 standard, by providing correct rounding and exceptions. We demonstrate how these strong semantics are achieved — with no significant slowdown with respect to other arbitraryprecision tools — and discuss a few applications where such a library can be useful. Categories and Subject Descriptors: D.3.0 [Programming Languages]: General—Standards; G.1.0 [Numerical Analysis]: General—computer arithmetic, multiple precision arithmetic; G.1.2 [Numerical Analysis]: Approximation—elementary and special function approximation; G 4 [Mathematics of Computing]: Mathematical Software—algorithm design, efficiency, portability
CryptDB: Protecting confidentiality with encrypted query processing
 In SOSP
, 2011
"... Online applications are vulnerable to theft of sensitive information because adversaries can exploit software bugs to gain access to private data, and because curious or malicious administrators may capture and leak data. CryptDB is a system that provides practical and provable confidentiality in th ..."
Abstract

Cited by 107 (8 self)
 Add to MetaCart
(Show Context)
Online applications are vulnerable to theft of sensitive information because adversaries can exploit software bugs to gain access to private data, and because curious or malicious administrators may capture and leak data. CryptDB is a system that provides practical and provable confidentiality in the face of these attacks for applications backed by SQL databases. It works by executing SQL queries over encrypted data using a collection of efficient SQLaware encryption schemes. CryptDB can also chain encryption keys to user passwords, so that a data item can be decrypted only by using the password of one of the users with access to that data. As a result, a database administrator never gets access to decrypted data, and even if all servers are compromised, an adversary cannot decrypt the data of any user who is not logged in. An analysis of a trace of 126 million SQL queries from a production MySQL server shows that CryptDB can support operations over encrypted data for 99.5% of the 128,840 columns seen in the trace. Our evaluation shows that CryptDB has low overhead, reducing throughput by 14.5 % for phpBB, a web forum application, and by 26 % for queries from TPCC, compared to unmodified MySQL. Chaining encryption keys to user passwords requires 11–13 unique schema annotations to secure more than 20 sensitive fields and 2–7 lines of source code changes for three multiuser web applications.
Lattice attacks on digital signature schemes
 Designs, Codes and Cryptography
, 1999
"... digital signatures, lattices * Internal Accession Date Only © Copyright HewlettPackard Company 1999 We describe a lattice attack on the Digital Signature Algorithm (DSA) when used to sign many messages, mi, under the assumption that a proportion of the bits of each of the associated ephemeral keys, ..."
Abstract

Cited by 47 (8 self)
 Add to MetaCart
(Show Context)
digital signatures, lattices * Internal Accession Date Only © Copyright HewlettPackard Company 1999 We describe a lattice attack on the Digital Signature Algorithm (DSA) when used to sign many messages, mi, under the assumption that a proportion of the bits of each of the associated ephemeral keys, yi, can be recovered by alternative techniques.
Authenticated hash tables
 In ACM Conference on Computer and Communications Security (CCS ’08
, 2008
"... Hash tables are fundamental data structures that optimally answer membership queries. Suppose a client stores n elements in a hash table that is outsourced at a remote server so that the client can save space or achieve load balancing. Authenticating the hash table functionality, i.e., verifying the ..."
Abstract

Cited by 43 (12 self)
 Add to MetaCart
(Show Context)
Hash tables are fundamental data structures that optimally answer membership queries. Suppose a client stores n elements in a hash table that is outsourced at a remote server so that the client can save space or achieve load balancing. Authenticating the hash table functionality, i.e., verifying the correctness of queries answered by the server and ensuring the integrity of the stored data, is crucial because the server, lying outside the administrative control of the client, can be malicious. We design efficient and secure protocols for optimally authenticating membership queries on hash tables: for any fixed constants 0 < ǫ < 1 and κ> 1/ǫ, the server can provide a proof of integrity of the answer to a (non)membership query in constant time, requiring O ( n ǫ / log κǫ−1 n) time to treat updates, yet keeping the communication and verification costs constant. This is the first construction for authenticating a hash table with constant query cost and sublinear update cost. Our solution employs the RSA accumulator in a nested way over the stored data, strictly improving upon previous accumulatorbased solutions. Our construction applies to two concrete data authentication models and lends itself to a scheme that achieves different tradeoffs—namely, constant update time and O(n ǫ / log κǫ n) query time for fixed ǫ> 0 and κ> 0. An experimental evaluation of our solution shows very good scalability.
Construction of secure random curves of genus 2 over prime fields
 Advances in Cryptology – EUROCRYPT 2004, volume 3027 of Lecture Notes in Comput. Sci
, 2004
"... Abstract. For counting points of Jacobians of genus 2 curves defined over large prime fields, the best known method is a variant of Schoof’s algorithm. We present several improvements on the algorithms described by Gaudry and Harley in 2000. In particular we rebuild the symmetry that had been broken ..."
Abstract

Cited by 40 (15 self)
 Add to MetaCart
(Show Context)
Abstract. For counting points of Jacobians of genus 2 curves defined over large prime fields, the best known method is a variant of Schoof’s algorithm. We present several improvements on the algorithms described by Gaudry and Harley in 2000. In particular we rebuild the symmetry that had been broken by the use of Cantor’s division polynomials and design a faster division by 2 and a division by 3. Combined with the algorithm by Matsuo, Chao and Tsujii, our implementation can count the points on a Jacobian of size 164 bits within about one week on a PC. 1
Fast Deterministic Computation of Determinants of Dense Matrices
 IN PROCEEDINGS OF ACM INTERNATIONAL SYMPOSIUM ON SYMBOLIC AND ALGEBRAIC COMPUTATION
, 1999
"... In this paper we consider deterministic computation of the exact determinant of a dense matrix M of integers. We present a new algorithm with worst case complexity O \Gamma n 4 (log n + log jjM jj) + n 3 log 2 jjM jj \Delta , where n is the dimension of the matrix and jjM jj is a bound on ..."
Abstract

Cited by 37 (2 self)
 Add to MetaCart
In this paper we consider deterministic computation of the exact determinant of a dense matrix M of integers. We present a new algorithm with worst case complexity O \Gamma n 4 (log n + log jjM jj) + n 3 log 2 jjM jj \Delta , where n is the dimension of the matrix and jjM jj is a bound on the entries in M , but with average expected complexity O \Gamma n 4 + n 3 (log n + log jjM jj) 2 \Delta , assuming some plausible properties about the distribution of M . We will also describe a practical version of the algorithm and include timing data to compare this algorithm with existing ones. Our result does not depend on "fast" integer or matrix techniques.
High Quality Uniform Random Number Generation Through LUT Optimised Linear Recurrences
"... This paper describes a class of FPGAspecific uniform random number generators with a 2 k − 1 length period, which can provide k random bits percycle for the cost of k Lookup Tables (LUTs) and k flipflops. The generator is based on a binary linear recurrence, but with a recurrence matrix optimised ..."
Abstract

Cited by 29 (16 self)
 Add to MetaCart
(Show Context)
This paper describes a class of FPGAspecific uniform random number generators with a 2 k − 1 length period, which can provide k random bits percycle for the cost of k Lookup Tables (LUTs) and k flipflops. The generator is based on a binary linear recurrence, but with a recurrence matrix optimised for LUT based architectures. It avoids many of the problems and inefficiencies associated with LFSRs and Tausworthe generators, while retaining the ability to efficiently skip ahead in the sequence. In particular we show that this class of generators produce the highest sample rate for a given area compared to LFSR and Tausworthe generators. The statistical quality of this type of generators is very good, and can be used to create small and fast generators with long periods which pass all common empirical tests, such as Diehard, Crush, BigCrush and the NIST cryptographic tests. 1.
Linear recurrences with polynomial coefficients and computation of the CartierManin operator on hyperelliptic curves
 In International Conference on Finite Fields and Applications (Toulouse
, 2004
"... Abstract. We study the complexity of computing one or several terms (not necessarily consecutive) in a recurrence with polynomial coefficients. As applications, we improve the best currently known upper bounds for factoring integers deterministically and for computing the Cartier–Manin operator of h ..."
Abstract

Cited by 28 (9 self)
 Add to MetaCart
(Show Context)
Abstract. We study the complexity of computing one or several terms (not necessarily consecutive) in a recurrence with polynomial coefficients. As applications, we improve the best currently known upper bounds for factoring integers deterministically and for computing the Cartier–Manin operator of hyperelliptic curves.
Fast Computation of Special Resultants
, 2006
"... We propose fast algorithms for computing composed products and composed sums, as well as diamond products of univariate polynomials. These operations correspond to special multivariate resultants, that we compute using power sums of roots of polynomials, by means of their generating series. ..."
Abstract

Cited by 21 (10 self)
 Add to MetaCart
We propose fast algorithms for computing composed products and composed sums, as well as diamond products of univariate polynomials. These operations correspond to special multivariate resultants, that we compute using power sums of roots of polynomials, by means of their generating series.
The 2adic CM method for genus 2 curves with application to cryptography
 in ASIACRYPT ‘06, Springer LNCS 4284
, 2006
"... Abstract. The complex multiplication (CM) method for genus 2 is currently the most efficient way of generating genus 2 hyperelliptic curves defined over large prime fields and suitable for cryptography. Since low class number might be seen as a potential threat, it is of interest to push the method ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
(Show Context)
Abstract. The complex multiplication (CM) method for genus 2 is currently the most efficient way of generating genus 2 hyperelliptic curves defined over large prime fields and suitable for cryptography. Since low class number might be seen as a potential threat, it is of interest to push the method as far as possible. We have thus designed a new algorithm for the construction of CM invariants of genus 2 curves, using 2adic lifting of an input curve over a small finite field. This provides a numerically stable alternative to the complex analytic method in the first phase of the CM method for genus 2. As an example we compute an irreducible factor of the Igusa class polynomial system for the quartic CM field Q(i p 75 + 12 √ 17), whose class number is 50. We also introduce a new representation to describe the CM curves: a set of polynomials in (j1, j2, j3) which vanish on the precise set of triples which are the Igusa invariants of curves whose Jacobians have CM by a prescribed field. The new representation provides a speedup in the second phase, which uses Mestre’s algorithm to construct a genus 2 Jacobian of prime order over a large prime field for use in cryptography. 1