Results 1  10
of
16
Discrete logarithms in gf(p) using the number field sieve
 SIAM J. Discrete Math
, 1993
"... Recently, several algorithms using number field sieves have been given to factor a number n in heuristic expected time Ln[1/3; c], where Ln[v; c] = exp{(c + o(1))(log n) v (log log n) 1−v}, for n → ∞. In this paper we present an algorithm to solve the discrete logarithm problem for GF (p) with heur ..."
Abstract

Cited by 63 (1 self)
 Add to MetaCart
Recently, several algorithms using number field sieves have been given to factor a number n in heuristic expected time Ln[1/3; c], where Ln[v; c] = exp{(c + o(1))(log n) v (log log n) 1−v}, for n → ∞. In this paper we present an algorithm to solve the discrete logarithm problem for GF (p) with heuristic expected running time Lp[1/3; 3 2/3]. For numbers of a special form, there is an asymptotically slower but more practical version of the algorithm.
Open Problems in Number Theoretic Complexity, II
"... this paper contains a list of 36 open problems in numbertheoretic complexity. We expect that none of these problems are easy; we are sure that many of them are hard. This list of problems reflects our own interests and should not be viewed as definitive. As the field changes and becomes deeper, new ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
this paper contains a list of 36 open problems in numbertheoretic complexity. We expect that none of these problems are easy; we are sure that many of them are hard. This list of problems reflects our own interests and should not be viewed as definitive. As the field changes and becomes deeper, new problems will emerge and old problems will lose favor. Ideally there will be other `open problems' papers in future ANTS proceedings to help guide the field. It is likely that some of the problems presented here will remain open for the forseeable future. However, it is possible in some cases to make progress by solving subproblems, or by establishing reductions between problems, or by settling problems under the assumption of one or more well known hypotheses (e.g. the various extended Riemann hypotheses, NP 6= P; NP 6= coNP). For the sake of clarity we have often chosen to state a specific version of a problem rather than a general one. For example, questions about the integers modulo a prime often have natural generalizations to arbitrary finite fields, to arbitrary cyclic groups, or to problems with a composite modulus. Questions about the integers often have natural generalizations to the ring of integers in an algebraic number field, and questions about elliptic curves often generalize to arbitrary curves or abelian varieties. The problems presented here arose from many different places and times. To those whose research has generated these problems or has contributed to our present understanding of them but to whom inadequate acknowledgement is given here, we apologize. Our list of open problems is derived from an earlier `open problems' paper we wrote in 1986 [AM86]. When we wrote the first version of this paper, we feared that the problems presented were so difficult...
Designing and detecting trapdoors for discrete log cryptosystems
 Advances in Cryptology CRYPTO '92
, 1993
"... Abstract. Using a number field sieve, discrete logarithms modulo primes of special forms can be found faster than standard primes. This has raised concerns about trapdoors in discrete log cryptosystems, such as the Digital Signature Standard. This paper discusses the practical impact of these trapdo ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
Abstract. Using a number field sieve, discrete logarithms modulo primes of special forms can be found faster than standard primes. This has raised concerns about trapdoors in discrete log cryptosystems, such as the Digital Signature Standard. This paper discusses the practical impact of these trapdoors, and how to avoid them. 1
An Efficient MaximumLikelihood Decoding of LDPC Codes Over the Binary Erasure Channel
 IEEE Trans. Inform. Theory
, 2004
"... Abstract — We propose an efficient maximum likelihood decoding algorithm for decoding lowdensity paritycheck codes over the binary erasure channel. We also analyze the computational complexity of the proposed algorithm. Index Terms — Lowdensity paritycheck (LDPC) codes, Binary erasure channel (B ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
Abstract — We propose an efficient maximum likelihood decoding algorithm for decoding lowdensity paritycheck codes over the binary erasure channel. We also analyze the computational complexity of the proposed algorithm. Index Terms — Lowdensity paritycheck (LDPC) codes, Binary erasure channel (BEC), Iterative decoding, Maximum likelihood (ML) decoding. I.
Answers To Frequently Asked Questions About Today's Cryptography
, 1993
"... this document, authentication will generally refer to the use of digital signatures, which play a function for digital documents similar to that played by handwritten signatures for printed documents: the signature is an unforgeable piece of data asserting that a named person wrote or otherwise agre ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
this document, authentication will generally refer to the use of digital signatures, which play a function for digital documents similar to that played by handwritten signatures for printed documents: the signature is an unforgeable piece of data asserting that a named person wrote or otherwise agreed to the document to which the signature is attached. The recipient, as well as a third party, can verify both that the document did indeed originate from the person whose signature is attached and that the document has not been altered since it was signed. A secure digital signature system thus consists of two parts: a method of signing a document such that forgery is infeasible, and a method of verifying that a signature was actually generated by whomever it represents. Furthermore, secure digital signatures cannot be repudiated; i.e., the signer of a document cannot later disown it by claiming it was forged.
Computing Discrete Logarithms with Quadratic Number Rings
 Advances in Cryptology  EUROCRYPT '98, LNCS 1403
, 1998
"... At present, there are two competing index calculus variants for computing discrete logarithms in (Z/pZ) * in practice. The purpose of this paper is to summarize the recent practical experience with a generalized implementation covering both a variant of the Number Field Sieve and the Gaussian intege ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
At present, there are two competing index calculus variants for computing discrete logarithms in (Z/pZ) * in practice. The purpose of this paper is to summarize the recent practical experience with a generalized implementation covering both a variant of the Number Field Sieve and the Gaussian integer method. By this implementation we set a record with p consisting of 85 decimal digits. With regard to computational results, including the running time, we provide a comparison of the two methods for this value of p.
Faster index calculus for the medium prime case. application to 1175bit and 1425bit finite fields. Cryptology ePrint Archive, Report 2012/720, 2012. http: //eprint.iacr.org
"... Abstract. Many index calculus algorithms generate multiplicative relations between smoothness basis elements by using a process called Sieving. This process allows to filter potential candidate relations very quickly, without spending too much time to consider bad candidates. However, from an asympt ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Abstract. Many index calculus algorithms generate multiplicative relations between smoothness basis elements by using a process called Sieving. This process allows to filter potential candidate relations very quickly, without spending too much time to consider bad candidates. However, from an asymptotic point of view, there is not much difference between sieving and straightforward testing of candidates. The reason is that even when sieving, some small amount time is spend for each bad candidates. Thus, asymptotically, the total number of candidates contributes to the complexity. In this paper, we introduce a new technique: Pinpointing, which allows us to construct multiplicate relations much faster, thus reducing the asymptotic complexity of relations ’ construction. Unfortunately, we only know how to implement this technique for finite fields which contain a mediumsized subfield. When applicable, this method improves the asymptotic complexity of the index calculus algorithm in the cases where the sieving phase dominates. In practice, it gives a very interesting boost to the performance of stateoftheart algorithms. We illustrate the feasability of the method with a discrete logarithm record in medium prime finite fields of sizes 1175 bits and 1425 bits. 1
An Implementation of the General Number Field Sieve to Compute Discrete Logarithms mod p
 Advances in Cryptology, EUROCRYPT '95, Lecture Notes in Computer Science
, 1994
"... . There are many cryptographic protocols the security of which depends on the difficulty of solving the discrete logarithm problem ( [8], [9], [14], etc.). In [10] and [18] it was described how to apply the number field sieve algorithm to the discrete logarithm problem in prime fields. This resulted ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
. There are many cryptographic protocols the security of which depends on the difficulty of solving the discrete logarithm problem ( [8], [9], [14], etc.). In [10] and [18] it was described how to apply the number field sieve algorithm to the discrete logarithm problem in prime fields. This resulted in the asymptotically fastest known discrete log algorithm for finite fields of p elements. Very little is known about the behaviour of this algorithm in practice. In this report we write about our practical experience with our implementation of their algorithm whose first version was completed in October 1994 at the Department of Computer Science at the Universitat des Saarlandes. 1 Introduction The importance of the Discrete Logarithm Problem has its roots in its cryptographic significance. Many protocols in cryptography, for example the Digital Signature Standard [14], are secure if the underlying Discrete Logarithm Problem is difficult to solve. A lot of algorithms have already been c...
On finding multiplicities of characteristic polynomial factors of blackbox matrices
 In ISSAC’09, ACM
, 2009
"... We present algorithms and heuristics to compute the characteristic polynomial of a matrix given its minimal polynomial. The matrix is represented as a blackbox, i.e., by a function to compute its matrixvector product. The methods apply to matrices either over the integers or over a large enough fi ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We present algorithms and heuristics to compute the characteristic polynomial of a matrix given its minimal polynomial. The matrix is represented as a blackbox, i.e., by a function to compute its matrixvector product. The methods apply to matrices either over the integers or over a large enough finite field. Experiments show that these methods perform efficiently in practice. Combined in an adaptive strategy, these algorithms reach significant speedups in practice for some integer matrices arising in an application from graph theory.
Implementing Cryptographic Protocols Based on Algebraic Number Fields
"... . We show how to implement cryptographic protocols based on class groups of algebraic number fields of degree ? 2. We describe how the involved objects can be represented and how the arithmetic in class groups can be realized efficiently. Furthermore we show how to generate cryptographically sui ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
. We show how to implement cryptographic protocols based on class groups of algebraic number fields of degree ? 2. We describe how the involved objects can be represented and how the arithmetic in class groups can be realized efficiently. Furthermore we show how to generate cryptographically suitable algebraic number fields. In the final version we will give a numerical example and first timings. Right now, timings have not yet been computed (in fact, we just managed to finish the implementation) and the notation of the example (computed and written down by one of the other authors) is incomprehensible even for me. Unfortunately, I am the only one of the four authors available this week. 1 Introduction Many protocols of public key cryptography can be implemented in a finite abelian group such as the multiplicative group of a finite field [Odl85], the group of points over an elliptic curve over a finite field [Kob87] or the class group of algebraic number fields [BW88, BW89,...