We consider the asymptotic complexity of algorithms to manipulate matrix groups over finite fields. Groups are given by a list of generators. Some of the rudimentary tasks such as membership testing and computing the order are not expected to admit polynomial-time solutions due to number theoretic obstacles such as factoring integers and discrete logarithm. While these and other “abelian obstacles ” persist, we demonstrate that the “nonabelian normal structure ” of matrix groups over finite fields can be mapped out in great detail by polynomial-time randomized (Monte Carlo) algorithms. The methods are based on statistical results on finite simple groups. We indicate the elements of a project under way towards a more complete “recognition” of such groups in polynomial time. In particular, under a now plausible hypothesis, we are able to determine the names of all nonabelian composition factors of a matrix group over a finite field. Our context is actually far more general than matrix groups: most of the algorithms work for “black-box groups ” under minimal assumptions. In a black-box group, the group elements are encoded by strings of uniform length, and the group operations are performed by a “black box.”

Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to be done in the area. We hope to show that the study of algorithms not only increases our understanding of algebraic number fields but also stimulates our curiosity about them. The discussion is concentrated of three topics: the determination of Galois groups, the determination of the ring of integers of an algebraic number field, and the computation of the group of units and the class group of that ring of integers. 1.

. In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the function field sieve. We also provide a sketch of the some of the cryptographic schemes whose security depends on the intractibility of the discrete logarithm problem. 1 Introduction Let G be a cyclic group generated by an element t. The discrete logarithm problem in G is to compute for any b 2 G the least non-negative integer e such that t e = b. In this case, we write log t b = e. Our purpose, in this paper, is to survey recent work on the discrete logarithm problem. Our approach is twofold. On the one hand, we consider the problem from a purely theoretical perspective. Indeed, the algorithms that have been developed to solve it not only explore the fundamental nature of one of the basic s...

. This paper is a survey of recent advances in discrete logarithm algorithms. Improved estimates for smooth integers and smooth polynomials are also discussed. 1. Introduction If G denotes a group (written multiplicatively), and hgi the cyclic subgroup generated by g 2 G, then the discrete logarithm problem for G is to find, given g 2 G and y 2 hgi, the smallest nonnegative integer x such that y = g x . This integer x is called the discrete logarithm of y to the base g, and is written x = log g y. The discrete log problem has been studied by number theorists for a long time. The main reason for the intense current interest in it, though, is that many public key cryptosystems depend for their security on the assumption that it is hard, at least for suitably chosen groups. With the proposed adoption of the NIST digital signature algorithm [28] (based on the ElGamal [10] and Schnorr [35] proposals), even more attention is likely to be drawn to this area. There are already several su...

Abstract. We study a generalized version of the index calculus method for the discrete logarithm problem in Fq, whenq = p n, p is a small prime and n →∞. The database consists of the logarithms of all irreducible polynomials of degree between given bounds; the original version of the algorithm uses lower bound equal to one. We show theoretically that the algorithm has the same asymptotic running time as the original version. The analysis shows that the best upper limit for the interval coincides with the one for the original version. The lower limit for the interval remains a free variable of the process. We provide experimental results that indicate practical values for that bound. We also give heuristic arguments for the running time of the Waterloo variant and of the Coppersmith method with our generalized database. 1.

Abstract. We consider the largest degrees that occur in the decomposi-tion of polynomials over finite fields into irreducible factors. We expand the range of applicability of the Dickman function as an approximation for the number of smooth polynomials, which provides precise estimates for the discrete logarithm problem. In addition, we characterize the dis-tribution of the two largest degrees of irreducible factors, a problem relevant to polynomial factorization. As opposed to most earlier treat-ments, our methods are based on a combination of exact descriptions by generating functions and a specific complex asymptotic method. 1

Given a finite field F q of order q, and g a primitive element of F q , the discrete logarithm base g of an arbitrary, non-zero y 2 F q is that integer x, 0 x q \Gamma 2, such that g x = y in F q . The security of many real-world cryptographic schemes depends on the difficulty of computing discrete logarithms in large finite fields. This thesis is a survey of the discrete logarithm problem in finite fields, including: some cryptographic applications (password authentication, the Diffie-Hellman key exchange, and the ElGamal public-key cryptosystem and digital signature scheme); Niederreiter's proof of explicit formulas for the discrete logarithm; and algorithms for computing discrete logarithms (especially Shank's algorithm, Pollard's ae-method, the Pohlig-Hellman algorithm, Coppersmith's algorithm in fields of order 2 n , and the Gaussian integers method for fields of prime order). This abstract accurately represents the content of the candidate's thesis. I recommend its publicat...