Results 1  10
of
47
Elliptic Curves And Primality Proving
 Math. Comp
, 1993
"... The aim of this paper is to describe the theory and implementation of the Elliptic Curve Primality Proving algorithm. ..."
Abstract

Cited by 203 (22 self)
 Add to MetaCart
(Show Context)
The aim of this paper is to describe the theory and implementation of the Elliptic Curve Primality Proving algorithm.
Using Secure Coprocessors
, 1994
"... The views and conclusions in this document are those of the authors and do not necessarily represent the official policies or endorsements of any of the research sponsors. How do we build distributed systems that are secure? Cryptographic techniques can be used to secure the communications between p ..."
Abstract

Cited by 165 (8 self)
 Add to MetaCart
(Show Context)
The views and conclusions in this document are those of the authors and do not necessarily represent the official policies or endorsements of any of the research sponsors. How do we build distributed systems that are secure? Cryptographic techniques can be used to secure the communications between physically separated systems, but this is not enough: we must be able to guarantee the privacy of the cryptographic keys and the integrity of the cryptographic functions, in addition to the integrity of the security kernel and access control databases we have on the machines. Physical security is a central assumption upon which secure distributed systems are built; without this foundation even the best cryptosystem or the most secure kernel will crumble. In this thesis, I address the distributed security problem by proposing the addition of a small, physically secure hardware module, a secure coprocessor, to standard workstations and PCs. My central axiom is that secure coprocessors are able to maintain the privacy of the data they process. This thesis attacks the distributed security problem from multiple sides. First, I analyze the security properties of existing system components, both at the hardware and
Subquadratictime factoring of polynomials over finite fields
 Math. Comp
, 1998
"... Abstract. New probabilistic algorithms are presented for factoring univariate polynomials over finite fields. The algorithms factor a polynomial of degree n over a finite field of constant cardinality in time O(n 1.815). Previous algorithms required time Θ(n 2+o(1)). The new algorithms rely on fast ..."
Abstract

Cited by 78 (10 self)
 Add to MetaCart
Abstract. New probabilistic algorithms are presented for factoring univariate polynomials over finite fields. The algorithms factor a polynomial of degree n over a finite field of constant cardinality in time O(n 1.815). Previous algorithms required time Θ(n 2+o(1)). The new algorithms rely on fast matrix multiplication techniques. More generally, to factor a polynomial of degree n over the finite field Fq with q elements, the algorithms use O(n 1.815 log q) arithmetic operations in Fq. The new “baby step/giant step ” techniques used in our algorithms also yield new fast practical algorithms at superquadratic asymptotic running time, and subquadratictime methods for manipulating normal bases of finite fields. 1.
New PublicKey Schemes Based on Elliptic Curves over the Ring Z_n
, 1991
"... Three new trapdoor oneway functions are proposed that are based on elliptic curves over the ring Z_n. The first class of functions is a naive construction, which can be used only in a digital signature scheme, and not in a publickey cryptosystem. The second, preferred class of function, does not s ..."
Abstract

Cited by 51 (0 self)
 Add to MetaCart
Three new trapdoor oneway functions are proposed that are based on elliptic curves over the ring Z_n. The first class of functions is a naive construction, which can be used only in a digital signature scheme, and not in a publickey cryptosystem. The second, preferred class of function, does not suffer from this problem and can be used for the same applications as the RSA trapdoor oneway function, including zeroknowledge identification protocols. The third class of functions has similar properties to the Rabin trapdoor oneway functions. Although the security of these proposed schemes is based on the difficulty of factoring n, like the RSA and Rabin schemes, these schemes seem to be more secure than those schemes from the viewpoint of attacks without factoring such as low multiplier attacks.
Practical ZeroKnowledge Proofs: Giving Hints and Using Deficiencies
 JOURNAL OF CRYPTOLOGY
, 1994
"... New zeroknowledge proofs are given for some numbertheoretic problems. All of the problems are in NP, but the proofs given here are much more efficient than the previously known proofs. In addition, these proofs do not require the prover to be superpolynomial in power. A probabilistic polynomial t ..."
Abstract

Cited by 31 (0 self)
 Add to MetaCart
(Show Context)
New zeroknowledge proofs are given for some numbertheoretic problems. All of the problems are in NP, but the proofs given here are much more efficient than the previously known proofs. In addition, these proofs do not require the prover to be superpolynomial in power. A probabilistic polynomial time prover with the appropriate trapdoor knowledge is sufficient. The proofs are perfect or statistical zeroknowledge in all cases except one.
Open Problems in Number Theoretic Complexity, II
"... this paper contains a list of 36 open problems in numbertheoretic complexity. We expect that none of these problems are easy; we are sure that many of them are hard. This list of problems reflects our own interests and should not be viewed as definitive. As the field changes and becomes deeper, new ..."
Abstract

Cited by 30 (0 self)
 Add to MetaCart
this paper contains a list of 36 open problems in numbertheoretic complexity. We expect that none of these problems are easy; we are sure that many of them are hard. This list of problems reflects our own interests and should not be viewed as definitive. As the field changes and becomes deeper, new problems will emerge and old problems will lose favor. Ideally there will be other `open problems' papers in future ANTS proceedings to help guide the field. It is likely that some of the problems presented here will remain open for the forseeable future. However, it is possible in some cases to make progress by solving subproblems, or by establishing reductions between problems, or by settling problems under the assumption of one or more well known hypotheses (e.g. the various extended Riemann hypotheses, NP 6= P; NP 6= coNP). For the sake of clarity we have often chosen to state a specific version of a problem rather than a general one. For example, questions about the integers modulo a prime often have natural generalizations to arbitrary finite fields, to arbitrary cyclic groups, or to problems with a composite modulus. Questions about the integers often have natural generalizations to the ring of integers in an algebraic number field, and questions about elliptic curves often generalize to arbitrary curves or abelian varieties. The problems presented here arose from many different places and times. To those whose research has generated these problems or has contributed to our present understanding of them but to whom inadequate acknowledgement is given here, we apologize. Our list of open problems is derived from an earlier `open problems' paper we wrote in 1986 [AM86]. When we wrote the first version of this paper, we feared that the problems presented were so difficult...
An analysis of Shanks’s algorithm for computing square roots in finite fields
 in Proc. 5th Conf. Canadian Number Theory Assoc
, 1999
"... Abstract We rigorously analyze Shanks's algorithm for computing square roots modulo a prime number. The initialization always requires two exponentiations. Averaged over all primes and possible inputs, the body of the algorithm requires 8/3 additional multiplications. We obtain exact values for ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
(Show Context)
Abstract We rigorously analyze Shanks's algorithm for computing square roots modulo a prime number. The initialization always requires two exponentiations. Averaged over all primes and possible inputs, the body of the algorithm requires 8/3 additional multiplications. We obtain exact values for the mean and variance of the number of additional multiplications for a fixed prime, and finally show that the distribution is asymptotically normal.
Constructing nonresidues in finite fields and the extended Riemann hypothesis
 Math. Comp
, 1991
"... Abstract. We present a new deterministic algorithm for the problem of constructing kth power nonresidues in finite fields Fpn,wherepis prime and k is a prime divisor of pn −1. We prove under the assumption of the Extended Riemann Hypothesis (ERH), that for fixed n and p →∞, our algorithm runs in pol ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We present a new deterministic algorithm for the problem of constructing kth power nonresidues in finite fields Fpn,wherepis prime and k is a prime divisor of pn −1. We prove under the assumption of the Extended Riemann Hypothesis (ERH), that for fixed n and p →∞, our algorithm runs in polynomial time. Unlike other deterministic algorithms for this problem, this polynomialtime bound holds even if k is exponentially large. More generally, assuming the ERH, in time (n log p) O(n) we can construct a set of elements