Results 1  10
of
36
Random Mapping Statistics
 IN ADVANCES IN CRYPTOLOGY
, 1990
"... Random mappings from a finite set into itself are either a heuristic or an exact model for a variety of applications in random number generation, computational number theory, cryptography, and the analysis of algorithms at large. This paper introduces a general framework in which the analysis of ..."
Abstract

Cited by 79 (6 self)
 Add to MetaCart
Random mappings from a finite set into itself are either a heuristic or an exact model for a variety of applications in random number generation, computational number theory, cryptography, and the analysis of algorithms at large. This paper introduces a general framework in which the analysis of about twenty characteristic parameters of random mappings is carried out: These parameters are studied systematically through the use of generating functions and singularity analysis. In particular, an open problem of Knuth is solved, namely that of finding the expected diameter of a random mapping. The same approach is applicable to a larger class of discrete combinatorial models and possibilities of automated analysis using symbolic manipulation systems ("computer algebra") are also briefly discussed.
Factoring by electronic mail
, 1990
"... In this paper we describe our distributed implementation of two factoring algorithms. the elliptic curve method (ecm) and the multiple polynomial quadratic sieve algorithm (mpqs). Since the summer of 1987. our ermimplementation on a network of MicroVAX processors at DEC’s Systems Research Center h ..."
Abstract

Cited by 52 (8 self)
 Add to MetaCart
In this paper we describe our distributed implementation of two factoring algorithms. the elliptic curve method (ecm) and the multiple polynomial quadratic sieve algorithm (mpqs). Since the summer of 1987. our ermimplementation on a network of MicroVAX processors at DEC’s Systems Research Center has factored several most and more wanted numbers from the Cunningham project. In the summer of 1988. we implemented the multiple polynomial quadratic sieve algorithm on rhe same network On this network alone. we are now able to factor any!@I digit integer, or to find 35 digit factors of numbers up to 150 digits long within one month. To allow an even wider distribution of our programs we made use of electronic mail networks For the distribution of the programs and for interprocessor communicatton. Even during the mitial stage of this experiment machines all over the United States and at various places in Europe and Ausnalia conhibuted 15 percent of the total factorization effort. At all the sites where our program is running we only use cycles that would otherwise have been idle. This shows that the enormous computational task of factoring 100 digit integers with the current algoritluns can be completed almost for free. Since we use a negligible fraction of the idle cycles of alI the machines on the worldwide elecnonic mail networks. we could factor 100 digit integers within a few days with a little more help.
On Random Walks For Pollard's Rho Method
 Mathematics of Computation
, 2000
"... . We consider Pollard's rho method for discrete logarithm computation. Usually, in the analysis of its running time the assumption is made that a random walk in the underlying group is simulated. We show that this assumption does not hold for the walk originally suggested by Pollard: its performa ..."
Abstract

Cited by 32 (5 self)
 Add to MetaCart
. We consider Pollard's rho method for discrete logarithm computation. Usually, in the analysis of its running time the assumption is made that a random walk in the underlying group is simulated. We show that this assumption does not hold for the walk originally suggested by Pollard: its performance is worse than in the random case. We study alternative walks that can be efficiently applied to compute discrete logarithms. We introduce a class of walks that lead to the same performance as expected in the random case. We show that this holds for arbitrarily large prime group orders, thus making Pollard's rho method for prime group orders about 20% faster than before. 1. Introduction Let G be a finite cyclic group, written multiplicatively, and generated by the group element g. We define the discrete logarithm problem (DLP) as follows: given a group element h, find the least nonnegative integer x such that h = g x . We write x = log g h and call it the discrete logarithm of h...
Faster Factoring of Integers of a Special Form
, 1996
"... . A speedup of Lenstra's Elliptic Curve Method of factorization is presented. The speedup works for integers of the form N = PQ^2 , where P is a prime sufficiently smaller than Q. The result is of interest to cryptographers, since integers with secret factorization of this form are being used in dig ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
. A speedup of Lenstra's Elliptic Curve Method of factorization is presented. The speedup works for integers of the form N = PQ^2 , where P is a prime sufficiently smaller than Q. The result is of interest to cryptographers, since integers with secret factorization of this form are being used in digital signatures. The algorithm makes use of what we call "Jacobi signatures". We believe these to be of independent interest. 1 Introduction It is not known how to efficiently factor a large integer N . Currently, the algorithm with best asymptotic complexity is the Number Field Sieve (see [6] ). For numbers below a certain size (currently believed to be about 120 integers), either the Quadratic Sieve [14] or the Elliptic Curve Method [7] are faster. Which of these algorithms to use depends on the size of N and of the smallest prime factor of N . When the size of the smallest factor is sufficiently smaller than p N , the Elliptic Curve Method is the fastest of the three. In this no...
A Survey of Modern Integer Factorization Algorithms
 CWI Quarterly
, 1994
"... Introduction An integer n ? 1 is said to be a prime number (or simply prime) if the only divisors of n are \Sigma1 and \Sigman. There are infinitely many prime numbers, the first four being 2, 3, 5, and 7. If n ? 1 and n is not prime, then n is said to be composite. The integer 1 is neither prime ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
Introduction An integer n ? 1 is said to be a prime number (or simply prime) if the only divisors of n are \Sigma1 and \Sigman. There are infinitely many prime numbers, the first four being 2, 3, 5, and 7. If n ? 1 and n is not prime, then n is said to be composite. The integer 1 is neither prime nor composite. The Fundamental Theorem of Arithmetic states that every positive integer can be expressed as a finite (perhaps empty) product of prime numbers, and that this factorization is unique except for the ordering of the factors. Table 1.1 has some sample factorizations. 1990 = 2 \Delta 5 \Delta 199 1995 = 3 \Delta 5 \Delta 7 \Delta 19 2000 = 2 4 \Delta 5 3 2005 = 5 \Delta 401
Short Proofs of Knowledge for Factoring
 in PKC 2000, Springer LNCS 1751
, 2000
"... . The aim of this paper is to design a proof of knowledge for the factorization of an integer n. We propose a statistical zeroknowledge protocol similar to proofs of knowledge of discrete logarithm a la Schnorr. The efficiency improvement in comparison with the previously known schemes can be compa ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
. The aim of this paper is to design a proof of knowledge for the factorization of an integer n. We propose a statistical zeroknowledge protocol similar to proofs of knowledge of discrete logarithm a la Schnorr. The efficiency improvement in comparison with the previously known schemes can be compared with the difference between the FiatShamir scheme and the Schnorr one. Furthermore, the proof can be made noninteractive. From a practical point of view, the improvement is dramatic: the size of such a noninteractive proof is comparable to the size of the integer n and the computational resources needed can be kept low; three modular exponentiations both for the prover and the verifier are enough to reach a high level of security. This paper appears in the proceedings of PKC2000, LNCS , Springer Verlag, 2000 1 Introduction Zeroknowledge (ZK) proofs have first been proposed in 1985 by Goldwasser, Micali and Rackoff [14]. Those proofs are interactive protocols between a prover who wan...
Answers To Frequently Asked Questions About Today's Cryptography
, 1993
"... this document, authentication will generally refer to the use of digital signatures, which play a function for digital documents similar to that played by handwritten signatures for printed documents: the signature is an unforgeable piece of data asserting that a named person wrote or otherwise agre ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
this document, authentication will generally refer to the use of digital signatures, which play a function for digital documents similar to that played by handwritten signatures for printed documents: the signature is an unforgeable piece of data asserting that a named person wrote or otherwise agreed to the document to which the signature is attached. The recipient, as well as a third party, can verify both that the document did indeed originate from the person whose signature is attached and that the document has not been altered since it was signed. A secure digital signature system thus consists of two parts: a method of signing a document such that forgery is infeasible, and a method of verifying that a signature was actually generated by whomever it represents. Furthermore, secure digital signatures cannot be repudiated; i.e., the signer of a document cannot later disown it by claiming it was forged.
Constructing PseudoRandom Permutations with a Prescribed Structure
 Jour. of Crypto
, 2000
"... We show how to construct pseudorandom permutations that satisfy a certain cycle restriction, for example that the permutation be cyclic (consisting of one cycle containing all the elements) or an involution (a selfinverse permutation) with no xed points. The construction can be based on any (unres ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
We show how to construct pseudorandom permutations that satisfy a certain cycle restriction, for example that the permutation be cyclic (consisting of one cycle containing all the elements) or an involution (a selfinverse permutation) with no xed points. The construction can be based on any (unrestricted) pseudorandom permutation. The resulting permutations are dened succinctly and their evaluation at a given point is ecient. Furthermore, they enjoy a fast forward property, i.e. it is possible to iterate them at a very small cost. 1
On the Iteration of Certain Quadratic Maps over GF(p)
"... We consider the properties of certain graphs based on iteration of the quadratic maps x ! x and x ! x 2 over a finite field GF(p). ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
We consider the properties of certain graphs based on iteration of the quadratic maps x ! x and x ! x 2 over a finite field GF(p).
Cycle detection using a stack
 Information Processing Letters
, 2004
"... We present an algorithm for detecting periodicity in sequences produced by repeated application of a given function. Our algorithm uses logarithmic memory with high probability, runs in linear time, and is guaranteed to stop within the second loop through the cycle. We also present a partitioning te ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
We present an algorithm for detecting periodicity in sequences produced by repeated application of a given function. Our algorithm uses logarithmic memory with high probability, runs in linear time, and is guaranteed to stop within the second loop through the cycle. We also present a partitioning technique that offers a time/memory tradeoff. Our algorithm is especially well suited for sequences where the cycle length is typically small compared to the length of the acyclic prefix.