Results 1  10
of
25
Separating Decision DiffieHellman from DiffieHellman in cryptographic groups
, 2001
"... In many cases, the security of a cryptographic scheme based on DiffieHellman does in fact rely on the hardness of... ..."
Abstract

Cited by 65 (0 self)
 Add to MetaCart
In many cases, the security of a cryptographic scheme based on DiffieHellman does in fact rely on the hardness of...
A New Polynomial Factorization Algorithm and its Implementation
 Journal of Symbolic Computation
, 1996
"... We consider the problem of factoring univariate polynomials over a finite field. We demonstrate that the new baby step/giant step factoring method, recently developed by Kaltofen & Shoup, can be made into a very practical algorithm. We describe an implementation of this algorithm, and present the re ..."
Abstract

Cited by 63 (5 self)
 Add to MetaCart
We consider the problem of factoring univariate polynomials over a finite field. We demonstrate that the new baby step/giant step factoring method, recently developed by Kaltofen & Shoup, can be made into a very practical algorithm. We describe an implementation of this algorithm, and present the results of empirical tests comparing this new algorithm with others. When factoring polynomials modulo large primes, the algorithm allows much larger polynomials to be factored using a reasonable amount of time and space than was previously possible. For example, this new software has been used to factor a "generic" polynomial of degree 2048 modulo a 2048bit prime in under 12 days on a Sun SPARCstation 10, using 68 MB of main memory. 1 Introduction We consider the problem of factoring a univariate polynomial of degree n over the field F p of p elements, where p is prime. This problem has been wellstudied, and many algorithms for its solution have been proposed. In general, the running tim...
Parallel Algorithms for Integer Factorisation
"... The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends o ..."
Abstract

Cited by 41 (17 self)
 Add to MetaCart
The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends on the difficulty of factoring the public keys. In recent years the best known integer factorisation algorithms have improved greatly, to the point where it is now easy to factor a 60decimal digit number, and possible to factor numbers larger than 120 decimal digits, given the availability of enough computing power. We describe several algorithms, including the elliptic curve method (ECM), and the multiplepolynomial quadratic sieve (MPQS) algorithm, and discuss their parallel implementation. It turns out that some of the algorithms are very well suited to parallel implementation. Doubling the degree of parallelism (i.e. the amount of hardware devoted to the problem) roughly increases the size of a number which can be factored in a fixed time by 3 decimal digits. Some recent computational results are mentioned – for example, the complete factorisation of the 617decimal digit Fermat number F11 = 2211 + 1 which was accomplished using ECM.
Multidigit Multiplication For Mathematicians
, 2001
"... This paper surveys techniques for multiplying elements of various commutative rings. It covers Karatsuba multiplication, dual Karatsuba multiplication, Toom multiplication, dual Toom multiplication, the FFT trick, the twisted FFT trick, the splitradix FFT trick, Good's trick, the SchönhageStrassen ..."
Abstract

Cited by 27 (9 self)
 Add to MetaCart
This paper surveys techniques for multiplying elements of various commutative rings. It covers Karatsuba multiplication, dual Karatsuba multiplication, Toom multiplication, dual Toom multiplication, the FFT trick, the twisted FFT trick, the splitradix FFT trick, Good's trick, the SchönhageStrassen trick, Schönhage's trick, Nussbaumer's trick, the cyclic SchönhageStrassen trick, and the CantorKaltofen theorem. It emphasizes the underlying ring homomorphisms.
Asymptotic semismoothness probabilities
 Mathematics of computation
, 1996
"... Abstract. We call an integer semismooth with respect to y and z if each of its prime factors is ≤ y, and all but one are ≤ z. Such numbers are useful in various factoring algorithms, including the quadratic sieve. Let G(α, β)bethe asymptotic probability that a random integer n is semismooth with res ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
Abstract. We call an integer semismooth with respect to y and z if each of its prime factors is ≤ y, and all but one are ≤ z. Such numbers are useful in various factoring algorithms, including the quadratic sieve. Let G(α, β)bethe asymptotic probability that a random integer n is semismooth with respect to n β and n α. We present new recurrence relations for G and related functions. We then give numerical methods for computing G,tablesofG, and estimates for the error incurred by this asymptotic approximation. 1.
Linear recurrences with polynomial coefficients and computation of the CartierManin operator on hyperelliptic curves
 In International Conference on Finite Fields and Applications (Toulouse
, 2004
"... Abstract. We study the complexity of computing one or several terms (not necessarily consecutive) in a recurrence with polynomial coefficients. As applications, we improve the best currently known upper bounds for factoring integers deterministically and for computing the Cartier–Manin operator of h ..."
Abstract

Cited by 21 (8 self)
 Add to MetaCart
Abstract. We study the complexity of computing one or several terms (not necessarily consecutive) in a recurrence with polynomial coefficients. As applications, we improve the best currently known upper bounds for factoring integers deterministically and for computing the Cartier–Manin operator of hyperelliptic curves.
Factorization of the tenth and eleventh Fermat numbers
, 1996
"... . We describe the complete factorization of the tenth and eleventh Fermat numbers. The tenth Fermat number is a product of four prime factors with 8, 10, 40 and 252 decimal digits. The eleventh Fermat number is a product of five prime factors with 6, 6, 21, 22 and 564 decimal digits. We also note a ..."
Abstract

Cited by 17 (8 self)
 Add to MetaCart
. We describe the complete factorization of the tenth and eleventh Fermat numbers. The tenth Fermat number is a product of four prime factors with 8, 10, 40 and 252 decimal digits. The eleventh Fermat number is a product of five prime factors with 6, 6, 21, 22 and 564 decimal digits. We also note a new 27decimal digit factor of the thirteenth Fermat number. This number has four known prime factors and a 2391decimal digit composite factor. All the new factors reported here were found by the elliptic curve method (ECM). The 40digit factor of the tenth Fermat number was found after about 140 Mflopyears of computation. We discuss aspects of the practical implementation of ECM, including the use of specialpurpose hardware, and note several other large factors found recently by ECM. 1. Introduction For a nonnegative integer n, the nth Fermat number is F n = 2 2 n + 1. It is known that F n is prime for 0 n 4, and composite for 5 n 23. Also, for n 2, the factors of F n are of th...
The twistaugmented technique for key exchange
 In PKC ’06, LNCS 3958
, 2006
"... Abstract. Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a DiffieHellman ..."
Abstract

Cited by 13 (7 self)
 Add to MetaCart
Abstract. Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a DiffieHellman key exchange. However, formal proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to derive other keys. Whereas this is a quite simple tool, it is not easy to use in practice —or it is easy to misuse it—. In addition, in many standards, the acronym PRF (PseudoRandom Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudorandom functions are a priori distinct tools, we first study whether such an application is correct or not. We thereafter study DHkey exchange, in the cases of prime subgroups of Z ⋆ p (and namely where p is a safeprime) and of elliptic curves, since in IPSec, for example, only these groups are considered. We present very efficient and provable randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the socalled ’TwistAUgmented’ technique — an alternative to randomness extractors which exploits specific properties of some elliptic curves. We finally compare the efficiency of this method with other solutions.
Maximal quotient rational reconstruction: an almost optimal algorithm for rational reconstruction
 Proceedings of ISSAC ’04, ACM Press
, 2004
"... Let n/d ∈ Q, mbe a positive integer and let u = n/d mod m. Thus u is the image of a rational number modulo m. The rational reconstruction problem is; given u and m find n/d. A solution was first given by Wang in 1981. Wang’s algorithm outputs n/d when m>2M 2 where M =max(n,d). Because of the wide ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
Let n/d ∈ Q, mbe a positive integer and let u = n/d mod m. Thus u is the image of a rational number modulo m. The rational reconstruction problem is; given u and m find n/d. A solution was first given by Wang in 1981. Wang’s algorithm outputs n/d when m>2M 2 where M =max(n,d). Because of the wide application of this algorithm in computer algebra, several authors have investigated its practical efficiency and asymptotic time complexity. In this paper we present a new solution which is almost optimal in the following sense; with controllable high probability, our algorithm will output n/d when m is a modest number of bits longer than 2nd. This means that in a modular algorithm where m is a product of primes, the modular algorithm will need one or two primes more than the minimum necessary to reconstruct n/d; thusifn  ≪d or d ≪n the new algorithm saves up to half the number of primes. Further, our algorithm will fail with high probability when m<2nd.
Implementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware
"... A novel portable hardware architecture of the Elliptic Curve Method of factoring, designed and optimized for application in the relation collection step of the Number Field Sieve, is described and analyzed. A comparison with an earlier proofofconcept design by Pelzl, Simka, et al. has been perform ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
A novel portable hardware architecture of the Elliptic Curve Method of factoring, designed and optimized for application in the relation collection step of the Number Field Sieve, is described and analyzed. A comparison with an earlier proofofconcept design by Pelzl, Simka, et al. has been performed, and a substantial improvement has been demonstrated in terms of both the execution time and the areatime product. The ECM architecture has been ported across five different families of FPGA devices in order to select the family with the best performance to cost ratio. A timing comparison with the highly optimized software implementation, GMPECM, has been performed. Our results indicate that lowcost families of FPGAs, such as Spartan3 and Spartan3E, offer at least an order of magnitude improvement over the same generation of microprocessors in terms of the performance to cost ratio. 1.