The problem of factoring integers in polynomial time with the help of an (infinitely powerful) oracle who answers arbitrary questions with yes or no is considered. The goal is to minimize the number of oracle questions. Let N be a given composite n-bit integer to be factored, where n = dlog 2 Ne. The trivial method of asking for the bits of the smallest prime factor of N requires n/2 questions in the worst case. A non-trivial algorithm of Rivest and Shamir requires only n/3 questions for the special case where N is the product of two n/2-bit primes. In this paper, a polynomial-time oracle factoring algorithm for general integers is presented which, for any ffl ? 0, asks at most ffln oracle questions for sufficiently large N , thus solving an open problem posed by Rivest and Shamir. Based on a plausible conjecture related to Lenstra's conjecture on the running time of the elliptic curve factoring algorithm it is shown that the algorithm fails with probability at most N ...

This paper is dedicated to the memory of the cat Ceilidh. Abstract. We present efficient compression algorithms for subgroups of multiplicative groups of finite fields, we use our compression algorithms to construct efficient public key cryptosystems called T2 and CEILIDH, we disprove some conjectures, and we use the theory of algebraic tori to give a better understanding of our cryptosystems, the Lucas-based, XTR and Gong-Harn cryptosystems, and conjectured generalizations. 1.

. A result on finite abelian groups is first proved and then used to solve problems in finite fields. Particularly, all finite fields that have normal bases generated by general Gauss periods are characterized and it is shown how to find normal bases of low complexity. Dedicated to Professor Chao Ko on his 90th birthday. 1. Introduction and main results We first prove a result on finite abelian groups. We use the standard notation < S, K > for the subgroup generated by the elements in S and K together, and G/K, or G K , for the quotient group of G by K. Theorem 1.1. Let G be any finite abelian group. Let S be a subset and K a subgroup of G such that G =< S, K >. Then, for any direct product G = G 1# G 2# # G t , there is a subgroup H of the form H = H 1# H 2# # H t , H i #G i , 1 # i # t, such that G =< S, H > and G H # = G K . Next we apply this theorem to some problems in finite fields that arise in the work of Feisel et al [7] on constructing normal bases ...

In this paper, a new factorization algorithm is presented, which finds a prime factor p of an integer n in time (D log n) , if 4p 1 = Db where D and b are integers. Hence this algorithm will factor a number efficiently, if it has a prime factor p such that 4p-1 is a product of a small integer and a square. Such primes should be avoided when we select the RSA secret keys. Some generalizations of the algorithm are discussed in the paper as well.