Results 1 
9 of
9
Oneway accumulators: A decentralized alternative to digital signatures
, 1993
"... Abstract. This paper describes a simple candidate oneway hash function which satisfies a quasicommutative property that allows it to be used aa an accumulator. This property allows protocols to be developed in which the need for a trusted central authority can be eliminated. Spaceefficient distr ..."
Abstract

Cited by 115 (0 self)
 Add to MetaCart
Abstract. This paper describes a simple candidate oneway hash function which satisfies a quasicommutative property that allows it to be used aa an accumulator. This property allows protocols to be developed in which the need for a trusted central authority can be eliminated. Spaceefficient distributed protocols are given for document time stamping and for membership testing, and many other applications are possible. 1
Some integer factorization algorithms using elliptic curves
 Australian Computer Science Communications
, 1986
"... Lenstra’s integer factorization algorithm is asymptotically one of the fastest known algorithms, and is also ideally suited for parallel computation. We suggest a way in which the algorithm can be speeded up by the addition of a second phase. Under some plausible assumptions, the speedup is of order ..."
Abstract

Cited by 48 (13 self)
 Add to MetaCart
Lenstra’s integer factorization algorithm is asymptotically one of the fastest known algorithms, and is also ideally suited for parallel computation. We suggest a way in which the algorithm can be speeded up by the addition of a second phase. Under some plausible assumptions, the speedup is of order log(p), where p is the factor which is found. In practice the speedup is significant. We mention some refinements which give greater speedup, an alternative way of implementing a second phase, and the connection with Pollard’s “p − 1” factorization algorithm. 1
Asymptotic semismoothness probabilities
 Mathematics of computation
, 1996
"... Abstract. We call an integer semismooth with respect to y and z if each of its prime factors is ≤ y, and all but one are ≤ z. Such numbers are useful in various factoring algorithms, including the quadratic sieve. Let G(α, β)bethe asymptotic probability that a random integer n is semismooth with res ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
Abstract. We call an integer semismooth with respect to y and z if each of its prime factors is ≤ y, and all but one are ≤ z. Such numbers are useful in various factoring algorithms, including the quadratic sieve. Let G(α, β)bethe asymptotic probability that a random integer n is semismooth with respect to n β and n α. We present new recurrence relations for G and related functions. We then give numerical methods for computing G,tablesofG, and estimates for the error incurred by this asymptotic approximation. 1.
Fast Generation of Prime Numbers and Secure PublicKey Cryptographic Parameters
, 1995
"... A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. The ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. Therefore our algorithm is even faster than presentlyused algorithms for generating only pseudoprimes because several MillerRabin tests with independent bases must be applied for achieving a sufficient confidence level. Heuristic arguments suggest that the generated primes are close to uniformly distributed over the set of primes in the specified interval. Security constraints on the prime parameters of certain cryptographic systems are discussed, and in particular a detailed analysis of the iterated encryption attack on the RSA publickey cryptosystem is presented. The prime generation algorithm can easily be modified to generate nearly random primes or RSAmoduli that satisfy t...
Factorization of the tenth and eleventh Fermat numbers
, 1996
"... . We describe the complete factorization of the tenth and eleventh Fermat numbers. The tenth Fermat number is a product of four prime factors with 8, 10, 40 and 252 decimal digits. The eleventh Fermat number is a product of five prime factors with 6, 6, 21, 22 and 564 decimal digits. We also note a ..."
Abstract

Cited by 17 (8 self)
 Add to MetaCart
. We describe the complete factorization of the tenth and eleventh Fermat numbers. The tenth Fermat number is a product of four prime factors with 8, 10, 40 and 252 decimal digits. The eleventh Fermat number is a product of five prime factors with 6, 6, 21, 22 and 564 decimal digits. We also note a new 27decimal digit factor of the thirteenth Fermat number. This number has four known prime factors and a 2391decimal digit composite factor. All the new factors reported here were found by the elliptic curve method (ECM). The 40digit factor of the tenth Fermat number was found after about 140 Mflopyears of computation. We discuss aspects of the practical implementation of ECM, including the use of specialpurpose hardware, and note several other large factors found recently by ECM. 1. Introduction For a nonnegative integer n, the nth Fermat number is F n = 2 2 n + 1. It is known that F n is prime for 0 n 4, and composite for 5 n 23. Also, for n 2, the factors of F n are of th...
Fast Bounds on the Distribution of Smooth Numbers
, 2006
"... Let P(n) denote the largest prime divisor of n, andlet Ψ(x,y) be the number of integers n ≤ x with P(n) ≤ y. Inthispaper we present improvements to Bernstein’s algorithm, which finds rigorous upper and lower bounds for Ψ(x,y). Bernstein’s original algorithm runs in time roughly linear in y. Our fi ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Let P(n) denote the largest prime divisor of n, andlet Ψ(x,y) be the number of integers n ≤ x with P(n) ≤ y. Inthispaper we present improvements to Bernstein’s algorithm, which finds rigorous upper and lower bounds for Ψ(x,y). Bernstein’s original algorithm runs in time roughly linear in y. Our first, easy improvement runs in time roughly y 2/3. Then, assuming the Riemann Hypothesis, we show how to drastically improve this. In particular, if log y is a fractional power of log x, which is true in applications to factoring and cryptography, then our new algorithm has a running time that is polynomial in log y, and gives bounds as tight as, and often tighter than, Bernstein’s algorithm.
THE ELLIPTIC CURVE METHOD
"... The Elliptic Curve Method (ECM for short) was invented in 1985 by H. W. Lenstra, Jr. [5]. It is suited to find small — say 9 to 30 digits — prime factors of large numbers. Among the different factorization algorithms whose complexity mainly depends on the size of the factor searched for (trial divis ..."
Abstract
 Add to MetaCart
The Elliptic Curve Method (ECM for short) was invented in 1985 by H. W. Lenstra, Jr. [5]. It is suited to find small — say 9 to 30 digits — prime factors of large numbers. Among the different factorization algorithms whose complexity mainly depends on the size of the factor searched for (trial division, Pollard rho, Pollard p − 1, Williams p + 1), it is asymptotically the best method known. ECM can be viewed as a generalization of Pollard’s p − 1 method, just like ECPP generalizes the n − 1 primality test. ECM relies on Hasse’s theorem: if p is prime, then an elliptic curve over Z/pZ has group order p + 1 − t with t  ≤ 2 √ p, where t depends on the curve. If p + 1 − t is a smooth number, then ECM will — most probably — succeed and reveal the unknown factor p. Since 1985, many improvements have been proposed to ECM. Lenstra’s original algorithm had no second phase. Brent proposes in [2] a “birthday paradox ” second phase, and further more technical refinements. In [7], Montgomery presents different variants of phase two of ECM and Pollard p − 1, and introduces a parameterization with homogeneous coordinates, which avoids inversions modulo n, with only 6 and 5 modular multiplications per addition and duplication on E, respectively. It is also possible to choose elliptic curves with a group
Table of Contents
"... I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I authorize the University of Waterloo to lend this thesis to other institutions or individuals for the purpose of scholary research and ..."
Abstract
 Add to MetaCart
I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I authorize the University of Waterloo to lend this thesis to other institutions or individuals for the purpose of scholary research and I understand that my thesis may be made electonically available to the public. iii This thesis is dedicated to the loving memory of George and Alice Wolczuk. v Acknowledgements First, I would like to thank Dr. Cameron Stewart for all his assistance and understanding with my thesis and degree. I would also like to thank Shonn Martin, Lis D’Alessio and Kim Gingerich for all the support, help and kindness they gave me. I would further like to thank my readers YuRu Liu and Michael Rubinstein for their corrections and Agnieszka Zygmunt for all her encouragement. Finally, I will give a very special thank you to Carol Clemson whose moral support, encouragement and friendship made this thesis possible. vii