Results 1  10
of
91
The cyclic sieving phenomenon
 J. Combin. Theory Ser. A
"... Abstract. The cyclic sieving phenomenon is defined for generating functions of a set affording a cyclic group action, generalizing Stembridge’s q = −1 phenomenon. The phenomenon is shown to appear in various situations, involving qbinomial coefficients, PólyaRedfield theory, polygon dissections, n ..."
Abstract

Cited by 47 (15 self)
 Add to MetaCart
Abstract. The cyclic sieving phenomenon is defined for generating functions of a set affording a cyclic group action, generalizing Stembridge’s q = −1 phenomenon. The phenomenon is shown to appear in various situations, involving qbinomial coefficients, PólyaRedfield theory, polygon dissections, noncrossing partitions, finite reflection groups, and some finite field qanalogues. 1.
Approximate integer common divisors
 CaLC 2001, LNCS
, 2001
"... Abstract. We show that recent results of Coppersmith, Boneh, Durfee and HowgraveGraham actually apply in the more general setting of (partially) approximate common divisors. This leads us to consider the question of “fully ” approximate common divisors, i.e. where both integers are only known by ap ..."
Abstract

Cited by 27 (1 self)
 Add to MetaCart
Abstract. We show that recent results of Coppersmith, Boneh, Durfee and HowgraveGraham actually apply in the more general setting of (partially) approximate common divisors. This leads us to consider the question of “fully ” approximate common divisors, i.e. where both integers are only known by approximations. We explain the lattice techniques in both the partial and general cases. As an application of the partial approximate common divisor algorithm we show that a cryptosystem proposed by Okamoto actually leaks the private information directly from the public information in polynomial time. In contrast to the partial setting, our technique with respect to the general setting can only be considered heuristic, since we encounter the same “proof of algebraic independence ” problem as a subset of the above authors have in previous papers. This problem is generally considered a (hard) problem in lattice theory, since in our case, as in previous cases, the method still works extremely reliably in practice; indeed no counter examples have been obtained. The results in both the partial and general settings are far stronger than might be supposed from a continuedfraction standpoint (the way in which the problems were attacked in the past), and the determinant calculations admit a reasonably neat analysis. Keywords: Greatest common divisor, approximations, Coppersmith’s method, continued fractions, lattice attacks.
Congruences concerning Bernoulli numbers and Bernoulli polynomials
 Discrete Appl. Math
, 2000
"... Let {Bn(x)} denote Bernoulli polynomials. In this paper we generalize Kummer’s congruences by determining Bk(p−1)+b(x)=(k(p − 1) + b) (mod p n), where p is an odd prime, x is a pintegral rational number and p − 1 b. As applications we obtain explicit formulae for ∑p−1 x=1 (1=xk) (mod p 3); ∑ (p−1 ..."
Abstract

Cited by 26 (17 self)
 Add to MetaCart
Let {Bn(x)} denote Bernoulli polynomials. In this paper we generalize Kummer’s congruences by determining Bk(p−1)+b(x)=(k(p − 1) + b) (mod p n), where p is an odd prime, x is a pintegral rational number and p − 1 b. As applications we obtain explicit formulae for ∑p−1 x=1 (1=xk) (mod p 3); ∑ (p−1)=2 (1=x
Early Termination in Sparse Interpolation Algorithms
"... A probabilistic strategy, early termination, enables di#erent interpolation algorithms to adapt to the degree or the number of terms in the target polynomial when neither is supplied in the input. In addition to dense algorithms, we implement this strategy in sparse interpolation algorithms. Based o ..."
Abstract

Cited by 25 (13 self)
 Add to MetaCart
A probabilistic strategy, early termination, enables di#erent interpolation algorithms to adapt to the degree or the number of terms in the target polynomial when neither is supplied in the input. In addition to dense algorithms, we implement this strategy in sparse interpolation algorithms. Based on early termination, racing algorithms execute simultaneously a dense and a sparse algorithm. The racing algorithms can be embedded as the univariate interpolation substep within Zippel's multivariate method. In addition, we experimentally verify some heuristics of early termination, which make use of thresholds and postverification. Key words: Early termination, sparse polynomial, black box polynomial, interpolation, sparse interpolation, randomized algorithm, Chebyshev basis, Pochhammer basis, racing two algorithms, Zippel's algorithm, BenOr's and Tiwari's algorithm. Email addresses: kaltofen@math.ncsu.edu (Erich Kaltofen), ws2lee@scg.uwaterloo.ca (Wenshin Lee).
Cryptanalysis of the NTRU Signature Scheme (NSS) from Eurocrypt 2001
"... In 1996, a new cryptosystem called NTRU was introduced, related to the hardness of finding short vectors in specific lattices. At Eurocrypt 2001, the NTRU Signature Scheme (NSS), a signature scheme apparently related to the same hard problem, was proposed. In this paper, we show that the problem on ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
In 1996, a new cryptosystem called NTRU was introduced, related to the hardness of finding short vectors in specific lattices. At Eurocrypt 2001, the NTRU Signature Scheme (NSS), a signature scheme apparently related to the same hard problem, was proposed. In this paper, we show that the problem on which NSS relies is much easier than anticipated, and we describe an attack that allows ecient forgery of a signature on any message. Additionally, we demonstrate that a transcript of signatures leaks information about the secret key: using a correlation attack, it is possible to recover the key from a few tens of thousands of signatures. The attacks apply to the recently proposed parameter sets NSS2513SHA11, NSS3473SHA11, and NSS5033SHA11 in [2]. Following the attacks, NTRU researchers have investigated enhanced encoding/verification methods in [11].
Applications of the Brauer complex: card shuffling, permutation statistics, and dynamical systems
"... By algebraic group theory, there is a map from the semisimple conjugacy classes of a finite group of Lie type to the conjugacy classes of the Weyl group. Picking a semisimple class uniformly at random yields a probability measure on conjugacy classes of the Weyl group. Using the Brauer complex, it i ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
By algebraic group theory, there is a map from the semisimple conjugacy classes of a finite group of Lie type to the conjugacy classes of the Weyl group. Picking a semisimple class uniformly at random yields a probability measure on conjugacy classes of the Weyl group. Using the Brauer complex, it is proved that this measure agrees with a second measure on conjugacy classes of the Weyl group induced by a construction of Cellini using the affine Weyl group.
Secure Sessions from Weak Secrets
, 1998
"... Sometimes two parties who share a weak secret k such as a password wish to share a strong secret s such as a session key without revealing information about k to an active attacker. We assume that both parties can generate strong random numbers and forget secrets, and present three protocols for ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
Sometimes two parties who share a weak secret k such as a password wish to share a strong secret s such as a session key without revealing information about k to an active attacker. We assume that both parties can generate strong random numbers and forget secrets, and present three protocols for secure strong secret sharing, based on RSA, Di#eHellman, and ElGamal. As well as being simpler and quicker than their predecessors, our protocols also have slightly stronger security properties: in particular, they make no cryptographic use of s and so impose no subtle restrictions upon the use which is made of s by other protocols. 1
Computing The Dimension Of Dynamically Defined Sets I: E2 and Bounded . . .
"... We present a powerful approach to computing the Hausdorff dimension of certain conformally selfsimilar sets. We illustrate this method for the dimension dim H (E 2 ) of the set E 2 , consisting of those real numbers whose continued fraction expansions contain only the digits 1 or 2. A very striking ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
We present a powerful approach to computing the Hausdorff dimension of certain conformally selfsimilar sets. We illustrate this method for the dimension dim H (E 2 ) of the set E 2 , consisting of those real numbers whose continued fraction expansions contain only the digits 1 or 2. A very striking feature of this method is that the successive approximations converge to dim(E 2 ) at a superexponential rate.
Asymptotically optimal communication for torusbased cryptography
 In Advances in Cryptology (CRYPTO 2004), Springer LNCS 3152
, 2004
"... Abstract. We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based publickey system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
Abstract. We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based publickey system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct efficient ElGamal signature and encryption schemes in a subgroup of F ∗ qn in which the number of bits exchanged is only a φ(n)/n fraction of that required in traditional schemes, while the security offered remains the same. We also present a DiffieHellman key exchange protocol averaging only φ(n) log2 q bits of communication per key. For the cryptographically important cases of n = 30 and n = 210, we transmit a 4/5 and a 24/35 fraction, respectively, of the number of bits required in XTR [14] and recent CEILIDH [24] cryptosystems. 1