Results 1 
6 of
6
Proving primality in essentially quartic random time
 Math. Comp
, 2003
"... Abstract. This paper presents an algorithm that, given a prime n, finds and verifies a proof of the primality of n in random time (lg n) 4+o(1). Several practical speedups are incorporated into the algorithm and discussed in detail. 1. ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
Abstract. This paper presents an algorithm that, given a prime n, finds and verifies a proof of the primality of n in random time (lg n) 4+o(1). Several practical speedups are incorporated into the algorithm and discussed in detail. 1.
On the list and bounded distance decodability of the ReedSolomon codes
 In Proc. FOCS 2004
, 2004
"... For an errorcorrecting code and a distance bound, the list decoding problem is to compute all the codewords within a given distance to a received message. The bounded distance decoding problem is to find one codeword if there is at least one codeword within the given distance, or to output the empt ..."
Abstract

Cited by 17 (7 self)
 Add to MetaCart
For an errorcorrecting code and a distance bound, the list decoding problem is to compute all the codewords within a given distance to a received message. The bounded distance decoding problem is to find one codeword if there is at least one codeword within the given distance, or to output the empty set if there is not. Obviously the bounded distance decoding problem is not as hard as the list decoding problem. For a ReedSolomon code [n, k]q, a simple counting argument shows that for any integer 0 < g < n, there exists at least one Hamming ball of radius n−g, which contains at least � � n g−k g /q many codewords. Let ˆg(n, k, q) be the smallest positive integer g such that � � n g−k g /q < 1. One knows that k ≤ ˆg(n, k, q) ≤ √ nk ≤ n. For the distance bound up to n − √ nk, it is well known that both the list and bounded distance decoding can be solved efficiently. For the distance bound between n − √ nk and n − ˆg(n, k, q), we do not know whether the ReedSolomon code is list, or bounded distance decodable, nor do we know whether there are polynomially many codewords in all balls of the radius. It is generally believed that the answers to both questions are no. There are public key cryptosystems proposed recently, whose security is based on the assumptions. In this paper, we prove: (1) List decoding can not be done for radius n − ˆg(n, k, q) or larger, otherwise the discrete logarithm over F q ˆg(n,k,q)−k is easy. (2) Let h and g be
On the bounded sumofdigits discrete logarithm problem in finite fields
 In Proc. of the 24th Annual International Cryptology Conference (CRYPTO
, 2004
"... Abstract. In this paper, we study the bounded sumofdigits discrete logarithm problem in finite fields. Our results concern primarily with fields Fqn where nq − 1. The fields are called Kummer extensions of Fq. It is known that we can efficiently construct an element g with order greater than 2 n ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. In this paper, we study the bounded sumofdigits discrete logarithm problem in finite fields. Our results concern primarily with fields Fqn where nq − 1. The fields are called Kummer extensions of Fq. It is known that we can efficiently construct an element g with order greater than 2 n in the fields. Let Sq(•) be the function from integers to the sum of digits in their qary expansions. We first present an algorithm that given g e (0 ≤ e < q n) finds e in random polynomial time, provided that Sq(e) < n. We then show that the problem is solvable in random polynomial time for most of the exponent e with Sq(e) < 1.32n, by exploring an interesting connection between the discrete logarithm problem and the problem of list decoding of ReedSolomon codes, and applying the GuruswamiSudan algorithm. As a side result, we obtain a sharper lower bound on the number of congruent polynomials generated by linear factors than the one based on StothersMason ABCtheorem. We also prove that in the field Fqq−1, the bounded sumofdigits discrete logarithm with respect to g can be computed in random time O(f(w) log 4 (q q−1)), where f is a subexponential function and w is the bound on the qary sumofdigits of the exponent, hence the problem is fixed parameter tractable. These results are shown to be generalized to ArtinSchreier extension Fpp where p is a prime. Since every finite field has an extension of reasonable degree which is a Kummer extension, our result reveals an unexpected property of the discrete logarithm problem, namely, the bounded sumofdigits discrete logarithm problem in any given finite field becomes polynomial time solvable in certain low degree extensions. 1
Voloch, Multiplicative order of Gauss periods
, 2007
"... We obtain a lower bound on the multiplicative order of Gauss periods which generate normal bases over finite fields. This bound improves the previous bound of J. von zur Gathen and I. E. Shparlinski. 1 ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We obtain a lower bound on the multiplicative order of Gauss periods which generate normal bases over finite fields. This bound improves the previous bound of J. von zur Gathen and I. E. Shparlinski. 1
ELLIPTIC PERIODS AND PRIMALITY PROVING (EXTENTED VERSION)
, 810
"... Abstract. We construct extension rings with fast arithmetic using isogenies between elliptic curves. As an application, we give an elliptic version of the AKS primality criterion. ..."
Abstract
 Add to MetaCart
Abstract. We construct extension rings with fast arithmetic using isogenies between elliptic curves. As an application, we give an elliptic version of the AKS primality criterion.