Results 1  10
of
10
The Generation of Random Numbers That Are Probably Prime
 Journal of Cryptology
, 1988
"... In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomia ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomial time. Therefore, factoring would be easy if Rabin's test systematically failed with a 25% probability on each composite integer (which, of course, it does not). The second observation is more fundamental because is it _not_ restricted to primality testing: it has consequences for the entire field of probabilistic algorithms. The failure probability when using a probabilistic algorithm for the purpose of testing some property is compared with that when using it for the purpose of obtaining a random element hopefully having this property. More specifically, we investigate the question of how reliable Rabin's test is when used to _generate_ a random integer that is probably prime, rather than to _test_ a specific integer for primality.
Key words: factorization, false witnesses, primality testing, probabilistic algorithms, Rabin's test.
Finite field polynomial multiplication in the frequency domain with application to elliptic curve cryptography
 In Proceedings of the 21th International Symposium on Computer and Information Sciences (ISCIS 2006), volume 4263 of Lecture Notes in Computer Science (LNCS
, 2006
"... Abstract. We introduce an efficient method for computing Montgomery products of polynomials in the frequency domain. The discrete Fourier transform (DFT) based method originally proposed for integer multiplication provides an extremely efficient method with the best asymptotic complexity, i.e. O(m l ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
Abstract. We introduce an efficient method for computing Montgomery products of polynomials in the frequency domain. The discrete Fourier transform (DFT) based method originally proposed for integer multiplication provides an extremely efficient method with the best asymptotic complexity, i.e. O(m log m log log m), for multiplication of mbit integers or (m − 1) st degree polynomials. However, the original DFT method bears significant overhead due to the conversions between the time and the frequency domains which makes it impractical for short operands as used in many applications. In this work, we introduce DFT modular multiplication which performs the entire modular multiplication (including the reduction step) in the frequency domain, and thus eliminates costly back and forth conversions. We show that, especially in computationally constrained platforms, multiplication of finite field elements may be achieved more efficiently in the frequency domain than in the time domain for operand sizes relevant to elliptic curve cryptography (ECC). To the best of our knowledge, this is the first work that proposes the use of frequency domain arithmetic for ECC and shows that it can be efficient. Key Words: Finite field multiplication, DFT, elliptic curve cryptography. 1
MOV attack in various subgroups on elliptic curves
 Illinois J. Math
"... Abstract. We estimate the probabilities that the MenezesOkamotoVanstone reduction of the discrete logarithm problem on an elliptic curve E to the discrete logarithm problem in a certain finite field succeeds for various groups on points on E. Our bounds imply that in all interesting cases these pr ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. We estimate the probabilities that the MenezesOkamotoVanstone reduction of the discrete logarithm problem on an elliptic curve E to the discrete logarithm problem in a certain finite field succeeds for various groups on points on E. Our bounds imply that in all interesting cases these probabilities are exponentially small. This extends results of Balasubramanian and Koblitz who have treated the instance in which the order of the group of points on E is prime. 1.
Frequency Domain Finite Field Arithmetic for Elliptic Curve Cryptography
, 2007
"... The discrete Fourier transform (DFT) based method originally proposed for integer multiplication provides an extremely efficient method with the best asymptotic complexity, i.e. O(m log m log log m), for multiplication of mbit integers or (m − 1) st degree polynomials. Unfortunately, this method be ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
The discrete Fourier transform (DFT) based method originally proposed for integer multiplication provides an extremely efficient method with the best asymptotic complexity, i.e. O(m log m log log m), for multiplication of mbit integers or (m − 1) st degree polynomials. Unfortunately, this method bears significant overhead due to the conversions between the time and frequency domains. This makes the original DFT based method impractical for small operands, e.g. less than 1000 bits in length as used in many applications. In this work, we investigate the application of the number theoretic transform (NTT), which found many applications in digital signal processing, to finite field multiplication with an emphasis on elliptic curve cryptography (ECC). Furthermore, we introduce an efficient algorithm for computing Montgomery products of polynomials in the frequency domain. Our algorithm performs the entire modular multiplication (including the reduction step) in the frequency domain, and thus eliminates costly back and forth conversions improving upon the straightforward NTT approach. We show that, especially in computationally constrained platforms, multiplication of finite field elements may be achieved more efficiently in the frequency domain than in the time domain for operand sizes relevant to elliptic curve cryptography (ECC). This paper is an expanded version of the earlier paper [22] on the same topic which, for the first time, proposes the use of frequency domain arithmetic for ECC and shows that it can be efficient.
A Post Processing Method for Quantum Prime Factorization Algorithm based on Randomized Approach
"... Abstract—Prime Factorization based on Quantum approach in two phases has been performed. The first phase has been achieved at Quantum computer and the second phase has been achieved at the classic computer (Post Processing). At the second phase the goal is to N r estimate the period r of equation x ..."
Abstract
 Add to MetaCart
Abstract—Prime Factorization based on Quantum approach in two phases has been performed. The first phase has been achieved at Quantum computer and the second phase has been achieved at the classic computer (Post Processing). At the second phase the goal is to N r estimate the period r of equation x ≡ 1 and to find the prime factors of the composite integer N in classic computer. In this paper we present a method based on Randomized Approach for estimation the period r with a satisfactory probability and the composite integer N will be factorized therefore with the Randomized Approach even the gesture of the period is not exactly the real period at least we can find one of the prime factors of composite N. Finally we present some important points for designing an Emulator for Quantum Computer Simulation.
NEW POLYNOMIALS PRODUCING ABSOLUTE PSEUDOPRIMES WITH ANY NUMBER OF PRIME FACTORS
, 2007
"... Abstract. In this paper, we introduce a certain method to construct polynomials producing many absolute pseudoprimes. By this method, we give new polynomials producing absolute pseudoprimes with any fixed number of prime factors which can be viewed as a generalization of Chernick’s result. By the si ..."
Abstract
 Add to MetaCart
Abstract. In this paper, we introduce a certain method to construct polynomials producing many absolute pseudoprimes. By this method, we give new polynomials producing absolute pseudoprimes with any fixed number of prime factors which can be viewed as a generalization of Chernick’s result. By the similar method, we give another type of polynomials producing many absolute pseudoprimes. As concrete examples, we tabulate the counts of such numbers of our forms. 1.
unknown title
, 803
"... The elliptic curve discrete logarithm problem and equivalent hard problems for elliptic divisibility sequences ..."
Abstract
 Add to MetaCart
The elliptic curve discrete logarithm problem and equivalent hard problems for elliptic divisibility sequences
Article electronically published on February 10, 2012 THE LEAST INERT PRIME IN A REAL QUADRATIC FIELD
"... Abstract. In this paper, we prove that for any positive fundamental discriminant D>1596, there is always at least one prime p ≤ D 0.45 such that the Kronecker symbol (D/p) =−1. This improves a result of Granville, Mollin and Williams, where they showed that the least inert prime p in a real quadrati ..."
Abstract
 Add to MetaCart
Abstract. In this paper, we prove that for any positive fundamental discriminant D>1596, there is always at least one prime p ≤ D 0.45 such that the Kronecker symbol (D/p) =−1. This improves a result of Granville, Mollin and Williams, where they showed that the least inert prime p in a real quadratic field of discriminant D>3705 is at most √ D/2. We use a “smoothed ” version of the Pólya–Vinogradov inequality, which is very useful for numerically explicit estimates. 1.
THE LEAST INERT PRIME IN A REAL QUADRATIC FIELD
"... Abstract. In this paper, we prove that for any positive fundamental discriminant D> 1596, there is always at least one prime p ≤ D 0.45 such that the Kronecker symbol (D/p) = −1. This improves a result of Granville, Mollin and Williams, where they showed that the least inert prime p in a real quadr ..."
Abstract
 Add to MetaCart
Abstract. In this paper, we prove that for any positive fundamental discriminant D> 1596, there is always at least one prime p ≤ D 0.45 such that the Kronecker symbol (D/p) = −1. This improves a result of Granville, Mollin and Williams, where they showed that the least inert prime p in a real quadratic field of discriminant D> 3705 is at most √ D/2. We use a “smoothed ” version of the Pólya–Vinogradov inequality, which is very useful for numerically explicit estimates. 1.