In recent years, methods based on lattice reduction have been used repeatedly for the cryptanalytic attack of various systems. Even if they do not rest on highly sophisticated theories, these methods may look a bit intricate to the practically oriented cryptographers, both from the mathematical and the algorithmic point of view. The aim of the present paper is to explain what can be achieved by lattice reduction algorithms, even without understanding of the actual mechanisms involved. Two examples are given, one of them being the attack devised by the second named author against Knuth's truncated linear congruential generator, which has been announced a few years ago and appears here for the first time in journal version.

this paper (section 2), and to Denis Simon for the reference [10].

Abstract. Let Q be an n × n symmetric matrix with integral entries and with det Q � = 0, but not necesarily positive definite. We describe a generalized LLL algorithm to reduce this quadratic form. This algorithm either reduces the quadratic form or stops with some isotropic vector. It is proved to run in polynomial time. We also describe an algorithm for the minimization of a ternary quadratic form: when a quadratic equation q(x, y, z) =0issolvable over Q, a solution can be deduced from another quadratic equation of determinant ±1. The combination of these algorithms allows us to solve efficiently any general ternary quadratic equation over Q, and this gives a polynomial time algorithm (as soon as the factorization of the determinant of Q is known). There are various methods in the literature for solving homogeneous quadratic equations q(x, y, z) =0overQ. Mathematicians seem to be unanimous in saying that the first step consists of reducing to the diagonal case, that is, to Legendre equations of the type ax 2 + by 2 + cz 2 = 0. As we will see in Section 4.2, this is a good idea in theory, but disastrous in practice: the determinant of the new equation

Abstract not found

you have obtained prior permission, you may not download an entire issue of a journal or multiple copies of articles, and you may use content in the JSTOR archive only for your personal, non-commercial use. Please contact the publisher regarding any further use of this work. Publisher contact information may be obtained at.

To any field K we associate an entailment relation in the sense of Scott [12]. In this way we can interpret an abstract propositional theory representing a generic valuation ring of a field, and obtain a simple effective proof of Dedekind's Prague theorem [5,6]. Keywords: Valuations, Entailment relations. AMS class.: 13A10, 13B25, 54H99 1 Introduction To any field K we associate a relation ` between finite sets of non zero elements of K which satisfy the three conditions of an entailment relation in the sense of Scott [12], and some further simple conditions. In this way, we can give constructive sense of a generic valuation ring of a field. Alternatively, this can be seen as a generalisation of the notion of integral element, and this notion can be used to prove that a given element is integral. As an example, we present a simple effective proof of Dedekind's Prague theorem. 2 Valuations Let K be a field, that is a commutative ring in which any element is 0 or is invertible. We write...

Abstract. This is the second part of a two part paper. In this part, we evaluate the previously unevaluated local densities at dyadic places which appear in the density theorem stated in the first part. For this purpose we introduce an invariant, the level, attached to a pair of ramified quadratic extensions of a dyadic local field. This invariant measures how close the fields are in their arithmetic properties and may be of interest independent of its application here. 1.

Abstract. Let k be a number field andOthe ring of integers. In the previous paper [T06] we study the Dirichlet series counting discriminants of cubic algebras ofOand derive some density theorems on distributions of the discriminants by using the theory of zeta functions of prehomogeneous vector spaces. In this paper we consider these objects under imposing finite number of splitting conditions at non-archimedean places. Especially the explicit formulae of residues at s = 1 and 5/6 under the conditions are given. 1.

In his lost notebook, Ramanujan defined a parameter λn by a certain quotient of Dedekind eta-functions at the argument q = exp(−π √ n/3). He then recorded a table of several values of λn. To prove these values (and others), we develop several methods, which include modular equations, the modular j-invariant, Kronecker’s limit formula, Ramanujan’s “cubic theory ” of elliptic functions, and an empirical process. 1. Introduction. On the top of the page 212 in his lost notebook, Ramanujan defined the function λn by (1.1)

We review the arguments in favor of using so-called "strong primes" in the RSA public-key cryptosystem. There are two types of such arguments: those that say that strong primes are needed to protect against factoring attacks, and those that say that strong primes are needed to protect against "cycling" attacks (based on repeated encryption).