Results 1 
9 of
9
Colluding Attacks to a Payment Protocol and Two Signature Exchange Schemes
 In: ASIACRYPT 2004, LNCS 3329
, 2004
"... Abstract. An untraceable fair network payment protocol is proposed by Wang in Asiacrypt’03, which employs the existent techniques of the offline untraceable cash and a new technique called restrictive confirmation signature scheme (RCSS). It is claimed that the fair payment protocol has both the fai ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
Abstract. An untraceable fair network payment protocol is proposed by Wang in Asiacrypt’03, which employs the existent techniques of the offline untraceable cash and a new technique called restrictive confirmation signature scheme (RCSS). It is claimed that the fair payment protocol has both the fairness such that the buyer obtains the digital goods if and only if the merchant gains the digital cash and the untraceability and unlinkability such that no one can tell who is the original owner of the money. In this paper we show that the fairness is breached under a simple colluding attack, by which a dishonest merchant can obtain the digital money without the buyer obtaining the goods. We also apply the attack to some of the schemes of fair exchange of digital signatures proposed by Ateniese in ACM CCS’99. Our study shows that two of them are subjected to the attack. A countermeasure against the attack is proposed for the fair exchange of digital signatures. However, we are unable to fix the fair payment protocol if the untraceability and unlinkability are the required features. 1
Sharp Transitions in Making Squares
, 2006
"... In many integer factoring algorithms, one produces a sequence of integers (created in a pseudorandom way), and wishes to determine a subsequence whose product is a square. A good model for how this sequence is generated is the following process introduced by Pomerance in his 1994 invited ICM lectur ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
In many integer factoring algorithms, one produces a sequence of integers (created in a pseudorandom way), and wishes to determine a subsequence whose product is a square. A good model for how this sequence is generated is the following process introduced by Pomerance in his 1994 invited ICM lecture: Select integers a1, a2,..., at random from the interval [1, x], until some subsequence products to a square. Estimating the expected stopping time of this process turns out to be a central problem in developing heuristic running time estimates for integer factoring algorithms. Also, if one knows how long the other parts of the algorithm take, one can use such stopping time estimates to determine the optimal choice of algorithm parameters that minimizes the running time. Here we determine this expected stopping time up to a constant factor, which improves previous estimates due to Pomerance (1994) and Schroeppel (1985), who showed that this stopping time lies in an interval [y0, y 1+o(1) 0], for an appropriate y0 = y0(x). Thus our result significantly tightens this interval to [y0, cy0], for a small positive constant c, and comes close to proving a sharp threshold for the montone property of having a square dependence in a random sequence of integers. Our proof uses the first and second moment methods and analytical estimates on smooth numbers.
Folding and Unfolding Bloom Filters An offLine Planing and onLine Optimisation
"... Last decade is characterised by the convergence of pervasive technologies including wireless communication, smart devices and the Internet. The resulting Internet of the things enables notonly users but also things to access resource anywhere, ..."
Abstract
 Add to MetaCart
Last decade is characterised by the convergence of pervasive technologies including wireless communication, smart devices and the Internet. The resulting Internet of the things enables notonly users but also things to access resource anywhere,
Wild and Wooley Numbers
, 2005
"... The wild integer semigroup W(Z) consists of the integers in the multiplicative semigroup generated by { 3n+2 1 ..."
Abstract
 Add to MetaCart
The wild integer semigroup W(Z) consists of the integers in the multiplicative semigroup generated by { 3n+2 1
Product of Integers in an Interval, Modulo Squares
"... We prove a conjecture of Irving Kaplansky which asserts that between any pair of consecutive positive squares there is a set of distinct integers whose product is twice a square. Along similar lines, our main theorem asserts that if prime p divides some integer in [z, z +3 # z/2 + 1) (with z # 1 ..."
Abstract
 Add to MetaCart
We prove a conjecture of Irving Kaplansky which asserts that between any pair of consecutive positive squares there is a set of distinct integers whose product is twice a square. Along similar lines, our main theorem asserts that if prime p divides some integer in [z, z +3 # z/2 + 1) (with z # 11) then there is a set of integers in the interval whose product is p times a square. This is probably best possible, because it seems likely that there are arbitrarily large counterexamples if we shorten the interval to [z, z +3 # z/2). AMS Subject Classification: 05E05 the electronic journal of combinatorics 8 (2001), #R5 1 1.
Product of Integers in an Interval, Modulo Squares
"... : We prove a conjecture of Irving Kaplansky which asserts that between any pair of consecutive positive squares there is a set of distinct integers whose product is twice a square. This follows from our main theorem which asserts that if prime p divides some integer in [z; z + 3 p z=2 + 1) (with z ..."
Abstract
 Add to MetaCart
: We prove a conjecture of Irving Kaplansky which asserts that between any pair of consecutive positive squares there is a set of distinct integers whose product is twice a square. This follows from our main theorem which asserts that if prime p divides some integer in [z; z + 3 p z=2 + 1) (with z 11) then there is a set of integers in the interval whose product is p times a square. This is essentially best possible because it seems that arbitrarily large counterexamples would exist if we shorten the interval to [z; z + 3 p z). 1. Introduction In several modern algorithms, such as the quadratic sieve, one gradually constructs a set of integers, and tries to efficiently find a (nonempty) subset whose product is a square. Recently researchers have been analyzing when it is likely that there is a subset of a given set whose product is a square. In [2] Pomerance shows that if we randomly select exp( p (2 + ffl) log x log log x) integers up to x then, with probability ! 1 as x !1, ...
Primality Testing, Integer Factorization, and Discrete Logarithms
, 2000
"... this paper is to survey some historical and modern methods for primality testing, integer factorization, and the discrete logarithm problem, and point out some theoretical questions related to the algorithms. Our main concern will be the rigourosity of the running time bounds and the error estimates ..."
Abstract
 Add to MetaCart
this paper is to survey some historical and modern methods for primality testing, integer factorization, and the discrete logarithm problem, and point out some theoretical questions related to the algorithms. Our main concern will be the rigourosity of the running time bounds and the error estimates of the algorithms, as well as the analysis of the algorithms on the average (over the inputs).
Draft. Aimed at Math. Comp. I’m rewriting [8] in light of this. HOW TO FIND SMOOTH PARTS OF INTEGERS
"... Abstract. Let P be a finite set of primes, and let S be a finite sequence of positive integers. This paper presents an algorithm to find the largest Psmooth divisor of each integer in S. The algorithm takes time b(lg b) 2+o(1), where b is the total number of bits in P and S. A previous algorithm by ..."
Abstract
 Add to MetaCart
Abstract. Let P be a finite set of primes, and let S be a finite sequence of positive integers. This paper presents an algorithm to find the largest Psmooth divisor of each integer in S. The algorithm takes time b(lg b) 2+o(1), where b is the total number of bits in P and S. A previous algorithm by the author takes time b(lg b) 3+o(1) to find all the factors from P of each integer in S; a variant by Franke, Kleinjung, Morain, and Wirth usually takes time b(lg b) 2+o(1) to find the largest Psmooth divisor of each integer in S; the algorithm in this paper always takes time b(lg b) 2+o(1) to find the largest Psmooth divisor of each integer in S. Positive integer x batch time b(lg b) 3+o(1) (Bernstein 2000)