Results 1  10
of
21
Primality testing with Gaussian periods
, 2003
"... The problem of quickly determining whether a given large integer is prime or composite has been of interest for centuries, if not longer. The past 30 years has seen a great deal of progress, leading up to the recent deterministic, polynomialtime algorithm of Agrawal, Kayal, and Saxena [2]. This new ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
The problem of quickly determining whether a given large integer is prime or composite has been of interest for centuries, if not longer. The past 30 years has seen a great deal of progress, leading up to the recent deterministic, polynomialtime algorithm of Agrawal, Kayal, and Saxena [2]. This new “AKS test ” for the primality of n involves verifying the
It Is Easy to Determine Whether a Given Integer Is Prime
, 2004
"... The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic. It has engaged the industry and wisdom of ancient and modern geometers to such an extent that it would be super ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic. It has engaged the industry and wisdom of ancient and modern geometers to such an extent that it would be superfluous to discuss the problem at length. Nevertheless we must confess that all methods that have been proposed thus far are either restricted to very special cases or are so laborious and difficult that even for numbers that do not exceed the limits of tables constructed by estimable men, they try the patience of even the practiced calculator. And these methods do not apply at all to larger numbers... It frequently happens that the trained calculator will be sufficiently rewarded by reducing large numbers to their factors so that it will compensate for the time spent. Further, the dignity of the science itself seems to require that every possible means be explored for the solution of a problem so elegant and so celebrated... It is in the nature of the problem
Primality proving via one round in ECPP and one iteration in AKS
 Advances in Cryptology – CRYPTO 2003
, 2003
"... On August 2002, Agrawal, Kayal and Saxena announced the first deterministic and polynomial time primality testing algorithm. For an input n, the AKS algorithm runs in heuristic time Õ(log6 n). Verification takes roughly the same amount of time. On the other hand, the Elliptic Curve Primality Proving ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
On August 2002, Agrawal, Kayal and Saxena announced the first deterministic and polynomial time primality testing algorithm. For an input n, the AKS algorithm runs in heuristic time Õ(log6 n). Verification takes roughly the same amount of time. On the other hand, the Elliptic Curve Primality Proving algorithm (ECPP), runs in random heuristic time Õ(log6 n) ( Õ(log5 n) if the fast multiplication is used), and generates certificates which can be easily verified. More recently, Berrizbeitia gave a variant of the AKS algorithm, in which some primes cost much less time to prove than a general prime does. Building on these celebrated results, this paper explores the possibility of designing a more efficient algorithm. A random primality proving algorithm with heuristic time complexity Õ(log4 n) is presented. It generates a certificate of primality which is O(log n) bits long and can be verified in deterministic time Õ(log 4 n). The reduction in time complexity is achieved by first generalizing Berrizbeitia’s algorithm to one which has higher density of easilyproved primes. For a general prime, one round of ECPP is deployed to reduce its primality proof to the proof of a random easilyproved prime. 1
CONSTRUCTING ELLIPTIC CURVES OF PRIME ORDER
"... Abstract. We present a very efficient algorithm to construct an elliptic curve E and a finite field F such that the order of the point group E(F) is a given prime number N. Heuristically, this algorithm only takes polynomial time e O((log N) 3), and it is so fast that it may profitably be used to ta ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We present a very efficient algorithm to construct an elliptic curve E and a finite field F such that the order of the point group E(F) is a given prime number N. Heuristically, this algorithm only takes polynomial time e O((log N) 3), and it is so fast that it may profitably be used to tackle the related problem of finding elliptic curves with point groups of prime order of prescribed size. We also discuss the impact of the use of high level modular functions to reduce the run time by large constant factors and show that recent gonality bounds for modular curves imply limits on the time reduction that can be obtained. 1.
On the bounded sumofdigits discrete logarithm problem in finite fields
 In Proc. of the 24th Annual International Cryptology Conference (CRYPTO
, 2004
"... Abstract. In this paper, we study the bounded sumofdigits discrete logarithm problem in finite fields. Our results concern primarily with fields Fqn where nq − 1. The fields are called Kummer extensions of Fq. It is known that we can efficiently construct an element g with order greater than 2 n ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we study the bounded sumofdigits discrete logarithm problem in finite fields. Our results concern primarily with fields Fqn where nq − 1. The fields are called Kummer extensions of Fq. It is known that we can efficiently construct an element g with order greater than 2 n in the fields. Let Sq(•) be the function from integers to the sum of digits in their qary expansions. We first present an algorithm that given g e (0 ≤ e < q n) finds e in random polynomial time, provided that Sq(e) < n. We then show that the problem is solvable in random polynomial time for most of the exponent e with Sq(e) < 1.32n, by exploring an interesting connection between the discrete logarithm problem and the problem of list decoding of ReedSolomon codes, and applying the GuruswamiSudan algorithm. As a side result, we obtain a sharper lower bound on the number of congruent polynomials generated by linear factors than the one based on StothersMason ABCtheorem. We also prove that in the field Fqq−1, the bounded sumofdigits discrete logarithm with respect to g can be computed in random time O(f(w) log 4 (q q−1)), where f is a subexponential function and w is the bound on the qary sumofdigits of the exponent, hence the problem is fixed parameter tractable. These results are shown to be generalized to ArtinSchreier extension Fpp where p is a prime. Since every finite field has an extension of reasonable degree which is a Kummer extension, our result reveals an unexpected property of the discrete logarithm problem, namely, the bounded sumofdigits discrete logarithm problem in any given finite field becomes polynomial time solvable in certain low degree extensions. 1
Efficient CMconstructions of elliptic curves over finite fields
 MATH. COMP.
, 2007
"... We present an algorithm that, on input of an integer N ≥ 1 together with its prime factorization, constructs a finite field F and an elliptic curve E over F for which E(F) hasorderN. Although it is unproved that this can be done for all N, a heuristic analysis shows that the algorithm has an expect ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
We present an algorithm that, on input of an integer N ≥ 1 together with its prime factorization, constructs a finite field F and an elliptic curve E over F for which E(F) hasorderN. Although it is unproved that this can be done for all N, a heuristic analysis shows that the algorithm has an expected run time that is polynomial in 2 ω(N) log N, whereω(N) isthe number of distinct prime factors of N. In the cryptographically relevant case where N is prime, an expected run time O((log N) 4+ε) can be achieved. We illustrate the efficiency of the algorithm by constructing elliptic curves with point groups of order N =10 2004 and N = nextprime(10 2004)=10 2004 +4863.
Cyclotomy primality proofs and their certificates. Mathematica Goettingensis
, 2006
"... Elle est à toi cette chanson Toi l’professeur qui sans façon, As ouvert ma petite thèse Quand mon espoir manquait de braise 1. To the memory of Manuel Bronstein ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Elle est à toi cette chanson Toi l’professeur qui sans façon, As ouvert ma petite thèse Quand mon espoir manquait de braise 1. To the memory of Manuel Bronstein
Doublyfocused enumeration of pseudosquares and pseudocubes
 In Proceedings of the 7th International Algorithmic Number Theory Symposium (ANTS VII
, 2006
"... Abstract. This paper offers numerical evidence for a conjecture that primality proving may be done in (log N) 3+o(1) operations by examining the growth rate of quantities known as pseudosquares and pseudocubes. In the process, a novel method of solving simultaneous congruences— doublyfocused enumer ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. This paper offers numerical evidence for a conjecture that primality proving may be done in (log N) 3+o(1) operations by examining the growth rate of quantities known as pseudosquares and pseudocubes. In the process, a novel method of solving simultaneous congruences— doublyfocused enumeration — is examined. This technique, first described by D. J. Bernstein, allowed us to obtain recordsetting sieve computations in software on general purpose computers. 1
Fast Primality Proving on Cullen Numbers
, 2009
"... We present a unconditional deterministic primality proving algorithm for Cullen numbers. The expected running time and the worst case running time of the algorithm are Õ(log2 N) bit operations and Õ(log 3 N) bit operations, respectively. 1 ..."
Abstract
 Add to MetaCart
(Show Context)
We present a unconditional deterministic primality proving algorithm for Cullen numbers. The expected running time and the worst case running time of the algorithm are Õ(log2 N) bit operations and Õ(log 3 N) bit operations, respectively. 1