Abstract. This is the second in a series of papers where we combine the classical approach to exponential Diophantine equations (linear forms in logarithms, Thue equations, etc.) with a modular approach based on some of the ideas of the proof of Fermat’s Last Theorem. In this paper we use a general and powerful new lower bound for linear forms in three logarithms, together with a combination of classical, elementary and substantially improved modular methods to solve completely the Lebesgue-Nagell equation for D in the range 1 ≤ D ≤ 100. x 2 + D = y n, x, y integers, n ≥ 3, 1.

Abstract. A curve X over Q is modular if it is dominated by X1(N) for some N; if in addition the image of its jacobian in J1(N) is contained in the new subvariety of J1(N), then X is called a new modular curve. We prove that for each g ≥ 2, the set of new modular curves over Q of genus g is finite and computable. For the computability result, we prove an algorithmic version of the de Franchis-Severi Theorem. Similar finiteness results are proved for new modular curves of bounded gonality, for new modular curves whose jacobian is a quotient of J0(N) new with N divisible by a prescribed prime, and for modular curves (new or not) with levels in a restricted set. We study new modular hyperelliptic curves in detail. In particular, we find all new modular curves of genus 2 explicitly, and construct what might be the complete list of all new modular hyperelliptic curves of all genera. Finally we prove that for each field k of characteristic zero and g ≥ 2, the set of genus-g curves over k dominated by a Fermat curve is finite and computable. 1. Introduction. Let X1(N) be the usual modular curve over Q; see Section 3.1 for a definition. (All curves and varieties in this paper are smooth, projective, and geometrically integral, unless otherwise specified. When we write an affine equation for a curve, its smooth projective model is implied.) A curve X

In this paper we study the algorithmic problem of finding the ring of integers of a given algebraic number field. In practice, this problem is often considered to be wellsolved, but theoretical results indicate that it is intractable for number fields that are defined by equations with very large coefficients. Such fields occur in the number field sieve algorithm for factoring integers. Applying a variant of a standard algorithm for finding rings of integers, one finds a subring of the number field that one may view as the "best guess" one has for the ring of integers. This best guess is probably often correct. Our main concern is what can be proved about this subring. We show that it has a particularly transparent local structure, which is reminiscent of the structure of tamely ramified extensions of local fields. A major portion of the paper is devoted to the study of rings that are "tame" in our more general sense. As a byproduct, we prove complexity results that elaborate upon a ...

Abstract We demonstrate an average-case problem which is as hard as finding fl(n)-approximateshortest vectors in certain n-dimensional lattices in the worst case, where fl(n) = O(plog n).The previously best known factor for any class of lattices was fl(n) = ~O(n).To obtain our results, we focus on families of lattices having special algebraic structure. Specifically, we consider lattices that correspond to ideals in the ring of integers of an algebraicnumber field. The worst-case assumption we rely on is that in some `p length, it is hard to findapproximate shortest vectors in these lattices, under an appropriate form of preprocessing of the number field. Our results build upon prior works by Micciancio (FOCS 2002), Peikert andRosen (TCC 2006), and Lyubashevsky and Micciancio (ICALP 2006). For the connection factors fl(n) we achieve, the corresponding decisional promise problemson ideal lattices are not known to be NP-hard; in fact, they are in P. However, the search approximation problems still appear to be very hard. Indeed, ideal lattices are well-studiedobjects in computational number theory, and the best known algorithms for them seem to perform no better than the best known algorithms for general lattices.To obtain the best possible connection factor, we instantiate our constructions with infinite families of number fields having constant root discriminant. Such families are known to existand are computable, though no efficient construction is yet known. Our work motivates the search for such constructions. Even constructions of number fields having root discriminant upto O(n2/3-ffl) would yield connection factors better than the current best of ~O(n).

The Number Field Sieve (NFS) is the asymptotically fastest factoring algorithm known. It had spectacular successes in factoring numbers of a special form. Then the method was adapted for general numbers, and recently applied to the RSA-130 number [6], setting a new world record in factorization. The NFS has undergone several modifications since its appearance. One of these modifications concerns the last stage: the computation of the square root of a huge algebraic number given as a product of hundreds of thousands of small ones. This problem was not satisfactorily solved until the appearance of an algorithm by Peter Montgomery. Unfortunately, Montgomery only published a preliminary version of his algorithm [15], while a description of his own implementation can be found in [7]. In this paper, we present a variant of the algorithm, compare it with the original algorithm, and discuss its complexity.

Given a squarefree polynomial P 2 k 0 [x; y], k 0 a number eld, we construct a linear dierential operator that allows one to calculate the genus of the complex curve dened by P = 0 (when P is absolutely irreducible), the absolute factorization of P over the algebraic closure of k 0 , and calculate information concerning the Galois group of P over k 0 (x) as well as over k 0 (x).

Abstract. We present a new deterministic algorithm for the problem of constructing kth power nonresidues in finite fields Fpn,wherepis prime and k is a prime divisor of pn −1. We prove under the assumption of the Extended Riemann Hypothesis (ERH), that for fixed n and p →∞, our algorithm runs in polynomial time. Unlike other deterministic algorithms for this problem, this polynomial-time bound holds even if k is exponentially large. More generally, assuming the ERH, in time (n log p) O(n) we can construct a set of elements

Abstract. Let L = Q(α) be an abelian number field of degree n. Most algorithms for computing the lattice of subfields of L require the computation of all the conjugates of α. This is usually achieved by factoring the minimal polynomial mα(x)ofαover L. In practice, the existing algorithms for factoring polynomials over algebraic number fields can handle only problems of moderate size. In this paper we describe a fast probabilistic algorithm for computing the conjugates of α, which is based on p-adic techniques. Given mα(x) anda rational prime p which does not divide the discriminant disc(mα(x)) of mα(x), the algorithm computes the Frobenius automorphism of p in time polynomial in the size of p and in the size of mα(x). By repeatedly applying the algorithm to randomly chosen primes it is possible to compute all the conjugates of α. 1.

Abstract not found

We describe deterministic algorithms for solving the following algorithmic problems in quadratic orders: Computing fundamental unit and regulator, principal ideal testing, solving prime norm equations, computing the structure of the class group, computing the order of an ideal class and determining discrete logarithms in the class group. We also prove upper bounds for the time and space complexity of the algorithms.