This paper speeds up Brent's algorithms for various high-precision computations in the power series ring C[[t]]. If it takes time 3 to compute a product then it takes time roughly 5:6 to compute a reciprocal; roughly 8:2 to compute a quotient or a logarithm; roughly 6:5 to compute a square root; roughly 9 to compute both a square root and a reciprocal square root; and roughly 10:4 to compute an exponential. The same ideas apply to approximate computations in R, Q p, etc.

There is a well-known class of message authentication systems guaranteeing that attackers will have a negligible chance of successfully forging a message. This paper shows how one of these systems can hash messages at extremely high speed -- much more quickly than previous systems at the same security level -- using IEEE floating-point arithmetic. This paper also presents a survey of the literature in a unified mathematical framework.

This survey explains how some useful arithmetic operations can be sped up from quadratic time to essentially linear time.

In this work we generalize the classical Karatsuba Algorithm (KA) for polynomial multiplication to (i) polynomials of arbitrary degree and (ii) recursive use. We determine exact complexity expressions for the KA and focus on how to use it with the least number of operations. We develop a rule for the optimum order of steps if the KA is used recursively. We show how the usage of dummy coe#cients may improve performance. Finally we provide detailed information on how to use the KA with least cost, and also provide tables that describe the best possible usage of the KA for polynomials up to a degree of 127. Our results are especially useful for e#cient implementations of cryptographic and coding schemes over fixed-size fields like GF (p ).

This paper presents an algorithm that computes the first n terms of the composition u(v), given the first n terms of u and v,inn ring operations. The algorithm is very fast in practice when R has small characteristic

We present efficient squaring formulae based on the Toom-Cook multiplication algorithm. The latter always requires at least one non-trivial constant division in the interpolation step. We show such non-trivial divisions are not needed in the case two operands are equal for three, four and five-way squarings. Our analysis shows that our 3-way squaring algorithms have much less overhead than the best known 3-way Toom-Cook algorithm. Our experimental results show that one of our new 3-way squaring methods performs faster than mpz_mul() in GNU multiple precision library (GMP) for squaring integers of approximately 2400–6700 bits on Pentium IV Prescott 3.2GHz. For squaring in Z[x], our 3-way squaring algorithms are much superior to other known squaring algorithms for small input size. In addition, we present 4-way and 5-way squaring formulae which do not require any constant divisions by integers other than a power of 2. Under some reasonable assumptions, our 5-way squaring formula is faster than the recently proposed Montgomery’s 5-way Karatsuba-like formulae. Keywords: Squaring, Karatsuba algorithm, Toom-

Abstract. Schönhage-Strassen’s algorithm is one of the best known algorithms for multiplying large integers. Implementing it efficiently is of utmost importance, since many other algorithms rely on it as a subroutine. We present here an improved implementation, based on the one distributed within the GMP library. The following ideas and techniques were used or tried: faster arithmetic modulo 2 n + 1, improved cache locality, Mersenne transforms, Chinese Remainder Reconstruction, the √ 2 trick, Harley’s and Granlund’s tricks, improved tuning. We also discuss some ideas we plan to try in the future.

Let q be an odd prime number. There are several methods known to compute square roots in Z=q: the quadratic-extension methods of Legendre, Pocklington, Cipolla, Lehmer, et al., and the discrete-logarithm methods of Tonelli, Shanks, et al. The quadratic-extension methods use (3 + o(1)) lg q multiplications and, on average, 2 + o(1) Jacobi-symbol computations mod q. The discrete-logarithm methods use only (1 + o(1)) lg q multiplications, after an easy precomputation of one element of Z=q, if ord2 (q 1) 2 o( p lg q). This paper presents an algorithm that uses only (1 + o(1)) lg q multiplications, after an easy precomputation of (lg q) O(1) elements of Z=q, if ord2 (q 1) 2 o( p lg q lg lg q). For example, the new algorithm can compute square roots in Z=q for q = 2 224 2 96 + 1 using 364 multiplications in Z=q and 1024 precomputed elements of Z=q. The same technique speeds up the Silver-Pohlig-Hellman algorithm for computing discrete logarithms in any cyclic group of smooth order.

We survey the contributions of the entire theoretical computer science/cryptography community during 1975-2002 that impact the question of how to run verifiable elections with secret ballots. The approach based on homomorphic encryptions is the most successful; one such scheme is sketched in detail and argued to be feasible to implement. It is explained precisely what these ideas accomplish but also what they do not accomplish, and a short history of election fraud throughout history is included.

This paper presents lower bounds and upper bounds on the distribution of smooth integers; builds an algebraic framework for the bounds; shows how the bounds can be computed at extremely high speed using FFT-based power-series exponentiation; explains how one can choose the parameters to achieve any desired level of accuracy; and discusses several generalizations.