Results 1 
6 of
6
Asymptotic semismoothness probabilities
 Mathematics of computation
, 1996
"... Abstract. We call an integer semismooth with respect to y and z if each of its prime factors is ≤ y, and all but one are ≤ z. Such numbers are useful in various factoring algorithms, including the quadratic sieve. Let G(α, β)bethe asymptotic probability that a random integer n is semismooth with res ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
Abstract. We call an integer semismooth with respect to y and z if each of its prime factors is ≤ y, and all but one are ≤ z. Such numbers are useful in various factoring algorithms, including the quadratic sieve. Let G(α, β)bethe asymptotic probability that a random integer n is semismooth with respect to n β and n α. We present new recurrence relations for G and related functions. We then give numerical methods for computing G,tablesofG, and estimates for the error incurred by this asymptotic approximation. 1.
Fast Generation Of Random, Strong RSA Primes
, 1997
"... A number of cryptographic standards currently under development call for the use of strong primes in the generation of an RSA key. This paper suggests a fast way of generating random strong primes that also satisfy a number of other cryptographic requirements. The method requires no more time to ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
A number of cryptographic standards currently under development call for the use of strong primes in the generation of an RSA key. This paper suggests a fast way of generating random strong primes that also satisfy a number of other cryptographic requirements. The method requires no more time to generate strong primes than it takes to generate random primes.
MODULAR EXPONENTIATION VIA THE EXPLICIT CHINESE REMAINDER THEOREM
"... Abstract. Fix pairwise coprime positive integers p1, p2,..., ps. We propose representing integers u modulo m, where m is any positive integer up to roughly √ p1p2 · · · ps, as vectors (u mod p1, u mod p2,..., u mod ps). We use this representation to obtain a new result on the parallel complexity o ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Abstract. Fix pairwise coprime positive integers p1, p2,..., ps. We propose representing integers u modulo m, where m is any positive integer up to roughly √ p1p2 · · · ps, as vectors (u mod p1, u mod p2,..., u mod ps). We use this representation to obtain a new result on the parallel complexity of modular exponentiation: there is an algorithm for the Common CRCW PRAM that, given positive integers x, e, and m in binary, of total bit length n, computes x e mod m in time O(n/lg lg n) using n O(1) processors. 1.
Multidigit Modular Multiplication With The Explicit Chinese Remainder Theorem
, 1995
"... . Fix coprime moduli m1 ; : : : ; ms , of a few digits each. Let n be an integer of a few hundred digits. We show how arithmetic modulo n may be performed upon integers u represented as vectors (u mod m1 ; : : : ; u mod ms ). This method involves no multiprecision arithmetic, except in an easy pr ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
. Fix coprime moduli m1 ; : : : ; ms , of a few digits each. Let n be an integer of a few hundred digits. We show how arithmetic modulo n may be performed upon integers u represented as vectors (u mod m1 ; : : : ; u mod ms ). This method involves no multiprecision arithmetic, except in an easy precomputation; it is practical in software and extremely well suited for hardware. Our main tool is the Explicit Chinese Remainder Theorem, which says exactly how u diers from a particular linear combination of the remainders u mod m i . 1.
Constructing Elliptic Curves With a Given Number of Points Over a Finite Field
, 2001
"... In using elliptic curves for cryptography, one often needs to construct elliptic curves with a given or known number of points over a given finite field. In the context of primality proving, Atkin and Morain suggested the use of the theory of complex multiplication to construct such curves. One of t ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In using elliptic curves for cryptography, one often needs to construct elliptic curves with a given or known number of points over a given finite field. In the context of primality proving, Atkin and Morain suggested the use of the theory of complex multiplication to construct such curves. One of the steps in this method is the calculation of the Hilbert class polynomial HD (X) modulo some integer p for a certain fundamental discriminant D. The usual way of doing this is to compute HD (X) over the integers and then reduce modulo p. But this involves computing the roots with very high accuracy and subsequent rounding of the coefficients to the closest integer. (Such accuracy issues also arise for higher genus cases.) We present a modified version of the Chinese remainder theorem (CRT) to compute HD (X) modulo p directly from the knowledge of HD (X) modulo enough small primes. Our algorithm is inspired by Couveigne's method for computing square roots in the number field sieve, which is useful in other scenarios as well. It runs in heuristic expected time less than the CRT method in [CNST]. Moreover, our method requires very few digits of precision to succeed, and avoids calculating the exponentially large coefficients of the Hilbert class polynomial over the integers.
F.: Kleptographic weaknesses in BenalohTuinstra protocol
 In: ICSNC, IEEE Comp. Soc. Press
, 2006
"... Abstract— During designing of cryptographic protocols, their participants are usually identified with software or hardware they use. However, these supporting tools are not verified at the protocol level. Such carelessness opens the door to kleptographic (SETUP) attacks. In this paper we design such ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Abstract— During designing of cryptographic protocols, their participants are usually identified with software or hardware they use. However, these supporting tools are not verified at the protocol level. Such carelessness opens the door to kleptographic (SETUP) attacks. In this paper we design such an attack on the classical BenalohTuinstra election protocol. One of the technical tools developed in the paper is a new variant of a DiffieHellman SETUP attack, in which Kronecker Decomposition of the group is not known to the attacker. This is especially the case of GoldwasserMicali cryptosystem. I.