Results 1  10
of
21
It Is Easy to Determine Whether a Given Integer Is Prime
, 2004
"... The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic. It has engaged the industry and wisdom of ancient and modern geometers to such an extent that it would be super ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic. It has engaged the industry and wisdom of ancient and modern geometers to such an extent that it would be superfluous to discuss the problem at length. Nevertheless we must confess that all methods that have been proposed thus far are either restricted to very special cases or are so laborious and difficult that even for numbers that do not exceed the limits of tables constructed by estimable men, they try the patience of even the practiced calculator. And these methods do not apply at all to larger numbers... It frequently happens that the trained calculator will be sufficiently rewarded by reducing large numbers to their factors so that it will compensate for the time spent. Further, the dignity of the science itself seems to require that every possible means be explored for the solution of a problem so elegant and so celebrated... It is in the nature of the problem
Interpolation of ShiftedLacunary Polynomials (Extended Abstract)
"... Given a “black box” function to evaluate an unknown rational polynomial f ∈Q[x] at points modulo a prime p, we exhibit algorithms to compute the representation of the polynomial in the sparsest shifted power basis. That is, we determine the sparsity t∈Z>0, the shift α∈Q, the exponents 0≤e1< ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Given a “black box” function to evaluate an unknown rational polynomial f ∈Q[x] at points modulo a prime p, we exhibit algorithms to compute the representation of the polynomial in the sparsest shifted power basis. That is, we determine the sparsity t∈Z>0, the shift α∈Q, the exponents 0≤e1< e2<···<et, and the coefficients c1,...,ct∈Q\{0} such that f (x)=c1(x−α) e1 + c2(x−α) e2 +···+ct(x−α) et. The computed sparsity t is absolutely minimal over any shifted power basis. The novelty of our algorithm is that the complexity is polynomial in the (sparse) representation size and in particular is logarithmic in deg f. Our method combines previous celebrated results on sparse interpolation and computing sparsest shifts, and provides a way to handle polynomials with extremely high degree which are, in some sense, sparse in information. We give both an unconditional deterministic algorithm which is polynomialtime but has a rather high complexity, and a more practical probabilistic algorithm which relies on some unknown constants.
Efficient CMconstructions of elliptic curves over finite fields
 MATH. COMP.
, 2007
"... We present an algorithm that, on input of an integer N ≥ 1 together with its prime factorization, constructs a finite field F and an elliptic curve E over F for which E(F) hasorderN. Although it is unproved that this can be done for all N, a heuristic analysis shows that the algorithm has an expect ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
We present an algorithm that, on input of an integer N ≥ 1 together with its prime factorization, constructs a finite field F and an elliptic curve E over F for which E(F) hasorderN. Although it is unproved that this can be done for all N, a heuristic analysis shows that the algorithm has an expected run time that is polynomial in 2 ω(N) log N, whereω(N) isthe number of distinct prime factors of N. In the cryptographically relevant case where N is prime, an expected run time O((log N) 4+ε) can be achieved. We illustrate the efficiency of the algorithm by constructing elliptic curves with point groups of order N =10 2004 and N = nextprime(10 2004)=10 2004 +4863.
Cyclotomy primality proofs and their certificates. Mathematica Goettingensis
, 2006
"... Elle est à toi cette chanson Toi l’professeur qui sans façon, As ouvert ma petite thèse Quand mon espoir manquait de braise 1. To the memory of Manuel Bronstein ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Elle est à toi cette chanson Toi l’professeur qui sans façon, As ouvert ma petite thèse Quand mon espoir manquait de braise 1. To the memory of Manuel Bronstein
FINDING THE GROUP STRUCTURE OF ELLIPTIC CURVES OVER FINITE FIELDS
, 2005
"... We show that an algorithm of V. Miller to compute the group structure of an elliptic curve over a prime finite field runs in probabilistic polynomial time for almost all curves over the field. Important to our proof are estimates for some divisor sums. ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
We show that an algorithm of V. Miller to compute the group structure of an elliptic curve over a prime finite field runs in probabilistic polynomial time for almost all curves over the field. Important to our proof are estimates for some divisor sums.
ELLIPTIC PERIODS AND PRIMALITY PROVING (EXTENTED VERSION)
, 2009
"... We construct extension rings with fast arithmetic using isogenies between elliptic curves. As an application, we give an elliptic version of the AKS primality criterion. ..."
Abstract
 Add to MetaCart
(Show Context)
We construct extension rings with fast arithmetic using isogenies between elliptic curves. As an application, we give an elliptic version of the AKS primality criterion.
Primeless FactoringBased Cryptography –Solving the complexity bottlenecks of publickey encryption with ephemeral keys–
"... Abstract. Factoringbased publickey cryptosystems have an overall complexity which is dominated by the keyproduction algorithm, which requires the generation of prime numbers. This is most inconvenient in settings where the keygeneration is not an oneoff process, e.g., secure delegation of compu ..."
Abstract
 Add to MetaCart
Abstract. Factoringbased publickey cryptosystems have an overall complexity which is dominated by the keyproduction algorithm, which requires the generation of prime numbers. This is most inconvenient in settings where the keygeneration is not an oneoff process, e.g., secure delegation of computation or EKE passwordbased key exchange protocols. To this end, we extend the GoldwasserMicali (GM) cryptosystem to a provably secure system, denoted SIS, where the generation of primes is bypassed. By developing on the correct choice of the parameters of SIS, we align SIS’s security guarantees (i.e., resistance to factoring of moduli, etc.) to those of other wellknown factoringbased cryptosystems. Taking into consideration different possibilities to implement the fundamental operations, we explicitly compare and contrast the asymptotic complexity of wellknown publickey cryptosystems (e.g., GM and/or RSA) with that of SIS’s. The latter shows that once we are ready to accept an increase in the size of the moduli, SIS offers a generally lower asymptotic complexity than, e.g., GM or even RSA (when scaling correctly the number of encrypted bits). This would yield most significant speedups to applications like the aforementioned secure delegation of computation or protocols where a fresh key needs to be generated with every new session, e.g., EKE passwordbased key exchange protocols. 1