Results 1  10
of
29
New PublicKey Schemes Based on Elliptic Curves over the Ring Z_n
, 1991
"... Three new trapdoor oneway functions are proposed that are based on elliptic curves over the ring Z_n. The first class of functions is a naive construction, which can be used only in a digital signature scheme, and not in a publickey cryptosystem. The second, preferred class of function, does not s ..."
Abstract

Cited by 46 (0 self)
 Add to MetaCart
Three new trapdoor oneway functions are proposed that are based on elliptic curves over the ring Z_n. The first class of functions is a naive construction, which can be used only in a digital signature scheme, and not in a publickey cryptosystem. The second, preferred class of function, does not suffer from this problem and can be used for the same applications as the RSA trapdoor oneway function, including zeroknowledge identification protocols. The third class of functions has similar properties to the Rabin trapdoor oneway functions. Although the security of these proposed schemes is based on the difficulty of factoring n, like the RSA and Rabin schemes, these schemes seem to be more secure than those schemes from the viewpoint of attacks without factoring such as low multiplier attacks.
Analysis of the binary Euclidean algorithm
 Directions and Recent Results in Algorithms and Complexity
, 1976
"... The binary Euclidean algorithm is a variant of the classical Euclidean algorithm. It avoids multiplications and divisions, except by powers of two, so is potentially faster than the classical algorithm on a binary machine. We describe the binary algorithm and consider its average case behaviour. In ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
The binary Euclidean algorithm is a variant of the classical Euclidean algorithm. It avoids multiplications and divisions, except by powers of two, so is potentially faster than the classical algorithm on a binary machine. We describe the binary algorithm and consider its average case behaviour. In particular, we correct some errors in the literature, discuss some recent results of Vallée, and describe a numerical computation which supports a conjecture of Vallée. 1
An Analysis of Lehmer's Euclidean GCD Algorithm
 Proceedings Of The 1995 International Symposium On Symbolic And Algebraic Computation
, 1995
"... Let u and v be positive integers. We show that a slightly modified version of D. H. Lehmer's greatest common divisor algorithm will compute gcd(u; v) (with u ? v) using at most Of(log u log v)=k + k log v + log u + k 2 g bit operations and O(log u + k2 2k ) space, where k is the number of ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
Let u and v be positive integers. We show that a slightly modified version of D. H. Lehmer's greatest common divisor algorithm will compute gcd(u; v) (with u ? v) using at most Of(log u log v)=k + k log v + log u + k 2 g bit operations and O(log u + k2 2k ) space, where k is the number of bits in the multiprecision base of the algorithm. This is faster than Euclid's algorithm by a factor that is roughly proportional to k. Letting n be the number of bits in u and v, and setting k = b(log n)=4c, we obtain a subquadratic running time of O(n 2 = log n) in linear space. 1 Introduction Let u and v be positive integers. The greatest common divisor (GCD) of u and v is the largest integer d such that d divides both u and v. The most wellknown algorithm for computing GCDs is the Euclidean Algorithm. Much is known about this algorithm: the number of iterations required is \Theta(log v), and the worstcase running time is \Theta(log u log v), where time is measured in bit operation...
A Binary Algorithm for the Jacobi Symbol
 ACM SIGSAM Bulletin
, 1993
"... We present a new algorithm to compute the Jacobi symbol, based on Stein's binary algorithm for the greatest common divisor, and we determine the worstcase behavior of this algorithm. Our implementation of the algorithm runs approximately 725% faster than traditional methods on inputs of size ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
We present a new algorithm to compute the Jacobi symbol, based on Stein's binary algorithm for the greatest common divisor, and we determine the worstcase behavior of this algorithm. Our implementation of the algorithm runs approximately 725% faster than traditional methods on inputs of size 1001000 decimal digits. 1 Introduction Efficient computation of the Jacobi symbol \Gamma a n \Delta is an important component of the Monte Carlo primality test of Solovay and Strassen [9]. Algorithms for computing the Jacobi symbol can also be found on symbolic algebra systems such as Mathematica and Maple. Several efficient algorithms modeled on Euclid's algorithm for computing the greatest common divisor (gcd) have been proposed and analyzed; see, for example, [12, 3, 8]. Indeed, it is possible to compute \Gamma a n \Delta in O((log a)(log n)) bit operations using the "naive arithmetic" model. Using Schonhage's result [7], it is possible (see [1]) to compute \Gamma a n \Delta (...
Efficient Algorithms for GCD and Cubic Residuosity
 IN THE RING OF EISENSTEIN INTEGERS, FCT ’03, LNCS 2751
, 2003
"... ..."
An analysis of the generalized binary GCD algorithm
 HIGH PRIMES AND MISDEMEANORS, LECTURES IN HONOUR OF HUGH COWIE
, 2007
"... In this paper we analyze a slight modification of Jebelean’s version of the kary GCD algorithm. Jebelean had shown that on nbit inputs, the algorithm runs in O(n²) time. In this paper, we show that the average running time of our modified algorithm is O(n²/ log n). This analysis involves explori ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
In this paper we analyze a slight modification of Jebelean’s version of the kary GCD algorithm. Jebelean had shown that on nbit inputs, the algorithm runs in O(n²) time. In this paper, we show that the average running time of our modified algorithm is O(n²/ log n). This analysis involves exploring the behavior of spurious factors introduced during the main loop of the algorithm. We also introduce a Jebeleanstyle leftshift kary GCD algorithm with a similar complexity that performs well in practice.
ECC2K130 on Cell CPUs
"... Abstract. This paper describes an implementation of Pollard’s rho algorithm to compute the elliptic curve discrete logarithm for the Synergistic Processor Elements of the Cell Broadband Engine Architecture. Our implementation targets the elliptic curve discrete logarithm problem defined in the Certi ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. This paper describes an implementation of Pollard’s rho algorithm to compute the elliptic curve discrete logarithm for the Synergistic Processor Elements of the Cell Broadband Engine Architecture. Our implementation targets the elliptic curve discrete logarithm problem defined in the Certicom ECC2K130 challenge. We compare a bitsliced implementation to a nonbitsliced implementation and describe several optimization techniques for both approaches. In particular, we address the question whether normalbasis or polynomialbasis representation of field elements leads to better performance. Using our software, the ECC2K130 challenge can be solved in one year using the Synergistic Processor Units of less than 2700 Sony Playstation 3 gaming consoles.
Integer and Rational Arithmetic on MasPar
 In DISCO'96
, 1996
"... . The speed of integer and rational arithmetic increases significantly by systolic implementation on a SIMD architecture. For multiplication of integers one obtains linear speedup (up to 29 times), using a serialparallel scheme. A twodimensional algorithm for multiplication of polynomials gives ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
. The speed of integer and rational arithmetic increases significantly by systolic implementation on a SIMD architecture. For multiplication of integers one obtains linear speedup (up to 29 times), using a serialparallel scheme. A twodimensional algorithm for multiplication of polynomials gives halflinear speedup (up to 383 times). We also implement multiprecision rational arithmetic using known systolic algorithms for addition and multiplication, as well as recent algorithms for exact division and GCD computation. All algorithms work in "leastsignificant digits first" pipelined manner, hence they can be well aggregated together. The practical experiments show that the timings depend linearly on the input length, demonstrating the effectiveness of the systolic paradigm for multiple precision arithmetic. 1 Introduction Systolic parallelization of multiprecision arithmetic in the "mostsignificant digits first" (MSF) pipelined manner was considered by [13] and other authors (see ...
Comparing several GCD algorithms
 in 11th Symposium on Computer Arithmetic, 1993, Proceedings
, 1993
"... ..."