Results 1  10
of
16
The Generation of Random Numbers That Are Probably Prime
 Journal of Cryptology
, 1988
"... In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected ..."
Abstract

Cited by 23 (0 self)
 Add to MetaCart
(Show Context)
In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomial time. Therefore, factoring would be easy if Rabin's test systematically failed with a 25% probability on each composite integer (which, of course, it does not). The second observation is more fundamental because is it _not_ restricted to primality testing: it has consequences for the entire field of probabilistic algorithms. The failure probability when using a probabilistic algorithm for the purpose of testing some property is compared with that when using it for the purpose of obtaining a random element hopefully having this property. More specifically, we investigate the question of how reliable Rabin's test is when used to _generate_ a random integer that is probably prime, rather than to _test_ a specific integer for primality.
Key words: factorization, false witnesses, primality testing, probabilistic algorithms, Rabin's test.
The elliptic curve discrete logarithm problem and equivalent hard . . .
, 2008
"... We define ..."
(Show Context)
Finite field polynomial multiplication in the frequency domain with application to elliptic curve cryptography
 In Proceedings of the 21th International Symposium on Computer and Information Sciences (ISCIS 2006), volume 4263 of Lecture Notes in Computer Science (LNCS
, 2006
"... Abstract. We introduce an efficient method for computing Montgomery products of polynomials in the frequency domain. The discrete Fourier transform (DFT) based method originally proposed for integer multiplication provides an extremely efficient method with the best asymptotic complexity, i.e. O(m l ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce an efficient method for computing Montgomery products of polynomials in the frequency domain. The discrete Fourier transform (DFT) based method originally proposed for integer multiplication provides an extremely efficient method with the best asymptotic complexity, i.e. O(m log m log log m), for multiplication of mbit integers or (m − 1) st degree polynomials. However, the original DFT method bears significant overhead due to the conversions between the time and the frequency domains which makes it impractical for short operands as used in many applications. In this work, we introduce DFT modular multiplication which performs the entire modular multiplication (including the reduction step) in the frequency domain, and thus eliminates costly back and forth conversions. We show that, especially in computationally constrained platforms, multiplication of finite field elements may be achieved more efficiently in the frequency domain than in the time domain for operand sizes relevant to elliptic curve cryptography (ECC). To the best of our knowledge, this is the first work that proposes the use of frequency domain arithmetic for ECC and shows that it can be efficient. Key Words: Finite field multiplication, DFT, elliptic curve cryptography. 1
MOV attack in various subgroups on elliptic curves
 Illinois Journal of Mathematics
"... ..."
(Show Context)
Frequency Domain Finite Field Arithmetic for Elliptic Curve Cryptography
, 2007
"... The discrete Fourier transform (DFT) based method originally proposed for integer multiplication provides an extremely efficient method with the best asymptotic complexity, i.e. O(m log m log log m), for multiplication of mbit integers or (m − 1) st degree polynomials. Unfortunately, this method be ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
The discrete Fourier transform (DFT) based method originally proposed for integer multiplication provides an extremely efficient method with the best asymptotic complexity, i.e. O(m log m log log m), for multiplication of mbit integers or (m − 1) st degree polynomials. Unfortunately, this method bears significant overhead due to the conversions between the time and frequency domains. This makes the original DFT based method impractical for small operands, e.g. less than 1000 bits in length as used in many applications. In this work, we investigate the application of the number theoretic transform (NTT), which found many applications in digital signal processing, to finite field multiplication with an emphasis on elliptic curve cryptography (ECC). Furthermore, we introduce an efficient algorithm for computing Montgomery products of polynomials in the frequency domain. Our algorithm performs the entire modular multiplication (including the reduction step) in the frequency domain, and thus eliminates costly back and forth conversions improving upon the straightforward NTT approach. We show that, especially in computationally constrained platforms, multiplication of finite field elements may be achieved more efficiently in the frequency domain than in the time domain for operand sizes relevant to elliptic curve cryptography (ECC). This paper is an expanded version of the earlier paper [22] on the same topic which, for the first time, proposes the use of frequency domain arithmetic for ECC and shows that it can be efficient.
unknown title
, 803
"... The elliptic curve discrete logarithm problem and equivalent hard problems for elliptic divisibility sequences ..."
Abstract
 Add to MetaCart
The elliptic curve discrete logarithm problem and equivalent hard problems for elliptic divisibility sequences
THE 2CORE OF A RANDOM INHOMOGENEOUS HYPERGRAPH
, 2013
"... Dedicated to Mom and Dad, whom I love dearly and have supported me throughout life. This support has enabled all of my own accomplishments, including this dissertation. I also have heartfelt thanks to those who have acted as very special teachers and mentors to me: Robert Cassola, Victor Reiner, an ..."
Abstract
 Add to MetaCart
(Show Context)
Dedicated to Mom and Dad, whom I love dearly and have supported me throughout life. This support has enabled all of my own accomplishments, including this dissertation. I also have heartfelt thanks to those who have acted as very special teachers and mentors to me: Robert Cassola, Victor Reiner, and Robin Pemantle. In a very real way, their wisdom and enthusiasm has positively shaped who I am. I aspire to achieve the same talent and ability. ii
NEW POLYNOMIALS PRODUCING ABSOLUTE PSEUDOPRIMES WITH ANY NUMBER OF PRIME FACTORS
, 2007
"... Abstract. In this paper, we introduce a certain method to construct polynomials producing many absolute pseudoprimes. By this method, we give new polynomials producing absolute pseudoprimes with any fixed number of prime factors which can be viewed as a generalization of Chernick’s result. By the si ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. In this paper, we introduce a certain method to construct polynomials producing many absolute pseudoprimes. By this method, we give new polynomials producing absolute pseudoprimes with any fixed number of prime factors which can be viewed as a generalization of Chernick’s result. By the similar method, we give another type of polynomials producing many absolute pseudoprimes. As concrete examples, we tabulate the counts of such numbers of our forms. 1.
THE LEAST INERT PRIME IN A REAL QUADRATIC FIELD
"... Abstract. In this paper, we prove that for any positive fundamental discriminant D> 1596, there is always at least one prime p ≤ D 0.45 such that the Kronecker symbol (D/p) = −1. This improves a result of Granville, Mollin and Williams, where they showed that the least inert prime p in a real qu ..."
Abstract
 Add to MetaCart
Abstract. In this paper, we prove that for any positive fundamental discriminant D> 1596, there is always at least one prime p ≤ D 0.45 such that the Kronecker symbol (D/p) = −1. This improves a result of Granville, Mollin and Williams, where they showed that the least inert prime p in a real quadratic field of discriminant D> 3705 is at most √ D/2. We use a “smoothed ” version of the Pólya–Vinogradov inequality, which is very useful for numerically explicit estimates. 1.