Abstract. A quantum computer can efficiently find the order of an element in a group, factors of composite integers, discrete logarithms, stabilisers in Abelian groups, and hidden or unknown subgroups of Abelian groups. It is already known how to phrase the first four problems as the estimation of eigenvalues of certain unitary operators. Here we show how the solution to the more general Abelian hidden subgroup problem can also be described and analysed as such. We then point out how certain instances of these problems can be solved with only one control qubit, or flying qubits, instead of entire registers of control qubits. 1

Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to be done in the area. We hope to show that the study of algorithms not only increases our understanding of algebraic number fields but also stimulates our curiosity about them. The discussion is concentrated of three topics: the determination of Galois groups, the determination of the ring of integers of an algebraic number field, and the computation of the group of units and the class group of that ring of integers. 1.

We study the complexity of the circuit minimization problem: given the truth table of a Boolean function f and a parameter s, decide whether f can be realized by a Boolean circuit of size at most s. We argue why this problem is unlikely to be in P (or even in P=poly) by giving a number of surprising consequences of such an assumption. We also argue that proving this problem to be NP-complete (if it is indeed true) would imply proving strong circuit lower bounds for the class E, which appears beyond the currently known techniques. Keywords: hard Boolean functions, derandomization, natural properties, NP-completeness. 1 Introduction An n-variable Boolean function f n : f0; 1g n ! f0; 1g can be given by either its truth table of size 2 n , or a Boolean circuit whose size may be significantly smaller than 2 n . It is well known that most Boolean functions on n variables have circuit complexity at least 2 n =n [Sha49], but so far no family of sufficiently hard functions has ...

Abstract not found

We study the action of modular correspondences in the p- adic neighborhood of CM points. We deduce and prove two stable and ecient p-adic analytic methods for computing singular values of modular functions. On the way we prove a non trivial lower bound for the density of smooth numbers in imaginary quadratic rings and show that the canonical lift of an elliptic curve over Fq can be computed in probabilistic time exp((log q) ) under GRH. We also extend the notion of canonical lift to supersingular elliptic curves and show how to compute it in that case.

. In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the function field sieve. We also provide a sketch of the some of the cryptographic schemes whose security depends on the intractibility of the discrete logarithm problem. 1 Introduction Let G be a cyclic group generated by an element t. The discrete logarithm problem in G is to compute for any b 2 G the least non-negative integer e such that t e = b. In this case, we write log t b = e. Our purpose, in this paper, is to survey recent work on the discrete logarithm problem. Our approach is twofold. On the one hand, we consider the problem from a purely theoretical perspective. Indeed, the algorithms that have been developed to solve it not only explore the fundamental nature of one of the basic s...

Abstract. We study the complexity of computing one or several terms (not necessarily consecutive) in a recurrence with polynomial coefficients. As applications, we improve the best currently known upper bounds for factoring integers deterministically and for computing the Cartier–Manin operator of hyperelliptic curves.

Abstract not found

In this paper we study the algorithmic problem of finding the ring of integers of a given algebraic number field. In practice, this problem is often considered to be wellsolved, but theoretical results indicate that it is intractable for number fields that are defined by equations with very large coefficients. Such fields occur in the number field sieve algorithm for factoring integers. Applying a variant of a standard algorithm for finding rings of integers, one finds a subring of the number field that one may view as the "best guess" one has for the ring of integers. This best guess is probably often correct. Our main concern is what can be proved about this subring. We show that it has a particularly transparent local structure, which is reminiscent of the structure of tamely ramified extensions of local fields. A major portion of the paper is devoted to the study of rings that are "tame" in our more general sense. As a byproduct, we prove complexity results that elaborate upon a ...

This article presents algorithms for computing discrete logarithms in class groups of quadratic number fields. In the case of imaginary quadratic fields, the algorithm is based on methods applied by Hafner and McCurley [HM89] to determine the structure of the class group of imaginary quadratic fields. In the case of real quadratic fields, the algorithm of Buchmann [Buc89] for computation of class group and regulator forms the basis. We employ the rigorous elliptic curve factorization algorithm of Pomerance [Pom87], and an algorithm for solving systems of linear Diophantine equations proposed and analysed by Mulders and Storjohann [MS99]. Under the assumption of the Generalized Riemann Hypothesis, we obtain for fields with discriminant d a rigorously proven time bound of L jdj [ 1 2 ; 3 4 p 2].