Results 1 -
4 of
4
Computing Hilbert class polynomials with the Chinese Remainder Theorem
, 2010
"... We present a space-efficient algorithm to compute the Hilbert class polynomial HD(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(|D | 1/2+ɛ log P) space and has an expected running time of O ..."
Abstract
-
Cited by 13 (1 self)
- Add to MetaCart
We present a space-efficient algorithm to compute the Hilbert class polynomial HD(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(|D | 1/2+ɛ log P) space and has an expected running time of O(|D | 1+ɛ). We describe practical optimizations that allow us to handle larger discriminants than other methods, with |D | as large as 1013 and h(D) up to 106. We apply these results to construct pairing-friendly elliptic curves of prime order, using the CM method.
The MD6 hash function A proposal to NIST for SHA-3
, 2008
"... This report describes and analyzes the MD6 hash function and is part of our submission package for MD6 as an entry in the NIST SHA-3 hash function competition 1. Significant features of MD6 include: • Accepts input messages of any length up to 2 64 − 1 bits, and produces message digests of any desir ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
This report describes and analyzes the MD6 hash function and is part of our submission package for MD6 as an entry in the NIST SHA-3 hash function competition 1. Significant features of MD6 include: • Accepts input messages of any length up to 2 64 − 1 bits, and produces message digests of any desired size from 1 to 512 bits, inclusive, including
A GENERIC APPROACH TO SEARCHING FOR JACOBIANS
- MATHEMATICS OF COMPUTATION
, 2009
"... We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N 1/12) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over F p 2 and trace zero varieties over F p 3 with near-prime orders up to 372 bits in size. For p =2 61 − 1, the average time to find a group with 244-bit near-prime order is under an hour on a PC.
STRUCTURE COMPUTATION AND DISCRETE LOGARITHMS IN FINITE ABELIAN p-GROUPS
"... Abstract. We present a generic algorithm for computing discrete logarithms in a finite abelian p-group H, improving the Pohlig–Hellman algorithm and its generalization to noncyclic groups by Teske. We then give a direct method to compute a basis for H without using a relation matrix. The problem of ..."
Abstract
- Add to MetaCart
Abstract. We present a generic algorithm for computing discrete logarithms in a finite abelian p-group H, improving the Pohlig–Hellman algorithm and its generalization to noncyclic groups by Teske. We then give a direct method to compute a basis for H without using a relation matrix. The problem of computing a basis for some or all of the Sylow p-subgroups of an arbitrary finite abelian group G is addressed, yielding a Monte Carlo algorithm to compute the structure of G using O(|G | 1/2) group operations. These results also improve generic algorithms for extracting pth roots in G. 1.
