Results 1  10
of
24
PolynomialTime Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
 SIAM J. on Computing
, 1997
"... A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. ..."
Abstract

Cited by 1278 (4 self)
 Add to MetaCart
(Show Context)
A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. This paper considers factoring integers and finding discrete logarithms, two problems which are generally thought to be hard on a classical computer and which have been used as the basis of several proposed cryptosystems. Efficient randomized algorithms are given for these two problems on a hypothetical quantum computer. These algorithms take a number of steps polynomial in the input size, e.g., the number of digits of the integer to be factored.
Algorithms for Quantum Computation: Discrete Logarithms and Factoring
, 1994
"... A computer is generally considered to be a universal computational device; i.e., it is believed able to simulate any physical computational device with a cost in computation time of at most a polynomial factol: It is not clear whether this is still true when quantum mechanics is taken into consider ..."
Abstract

Cited by 1107 (5 self)
 Add to MetaCart
A computer is generally considered to be a universal computational device; i.e., it is believed able to simulate any physical computational device with a cost in computation time of at most a polynomial factol: It is not clear whether this is still true when quantum mechanics is taken into consideration. Several researchers, starting with David Deutsch, have developed models for quantum mechanical computers and have investigated their computational properties. This paper gives Las Vegas algorithms for finding discrete logarithms and factoring integers on a quantum computer that take a number of steps which is polynomial in the input size, e.g., the number of digits of the integer to be factored. These two problems are generally considered hard on a classical computer and have been used as the basis of several proposed cryptosystems. (We thus give the first examples of quantum cryptanulysis.)
Discrete logarithms in gf(p) using the number field sieve
 SIAM J. Discrete Math
, 1993
"... Recently, several algorithms using number field sieves have been given to factor a number n in heuristic expected time Ln[1/3; c], where Ln[v; c] = exp{(c + o(1))(log n) v (log log n) 1−v}, for n → ∞. In this paper we present an algorithm to solve the discrete logarithm problem for GF (p) with heur ..."
Abstract

Cited by 88 (1 self)
 Add to MetaCart
(Show Context)
Recently, several algorithms using number field sieves have been given to factor a number n in heuristic expected time Ln[1/3; c], where Ln[v; c] = exp{(c + o(1))(log n) v (log log n) 1−v}, for n → ∞. In this paper we present an algorithm to solve the discrete logarithm problem for GF (p) with heuristic expected running time Lp[1/3; 3 2/3]. For numbers of a special form, there is an asymptotically slower but more practical version of the algorithm.
Algorithms in algebraic number theory
 Bull. Amer. Math. Soc
, 1992
"... Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to ..."
Abstract

Cited by 53 (4 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to be done in the area. We hope to show that the study of algorithms not only increases our understanding of algebraic number fields but also stimulates our curiosity about them. The discussion is concentrated of three topics: the determination of Galois groups, the determination of the ring of integers of an algebraic number field, and the computation of the group of units and the class group of that ring of integers. 1.
Discrete Logarithms: the Effectiveness of the Index Calculus Method
, 1996
"... . In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the func ..."
Abstract

Cited by 34 (1 self)
 Add to MetaCart
. In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the function field sieve. We also provide a sketch of the some of the cryptographic schemes whose security depends on the intractibility of the discrete logarithm problem. 1 Introduction Let G be a cyclic group generated by an element t. The discrete logarithm problem in G is to compute for any b 2 G the least nonnegative integer e such that t e = b. In this case, we write log t b = e. Our purpose, in this paper, is to survey recent work on the discrete logarithm problem. Our approach is twofold. On the one hand, we consider the problem from a purely theoretical perspective. Indeed, the algorithms that have been developed to solve it not only explore the fundamental nature of one of the basic s...
Quantum algorithms for algebraic problems
, 2008
"... Quantum computers can execute algorithms that dramatically outperform classical computation. As the bestknown example, Shor discovered an efficient quantum algorithm for factoring integers, whereas factoring appears to be difficult for classical computers. Understanding what other computational pro ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
Quantum computers can execute algorithms that dramatically outperform classical computation. As the bestknown example, Shor discovered an efficient quantum algorithm for factoring integers, whereas factoring appears to be difficult for classical computers. Understanding what other computational problems can be solved significantly faster using quantum algorithms is one of the major challenges in the theory of quantum
An introduction to quantum complexity theory
 Collected Papers on Quantum Computation and Quantum Information Theory
, 2000
"... ..."
(Show Context)
FixedParameter Complexity and Cryptography
, 1993
"... . We discuss the issue of the parameterized computational complexity of a number of problems of interest in cryptography. We show that the problem of determining whether an ndigit number has a prime divisor less than or equal to n k can be solved in expected time f(k)n 3 by a randomized algo ..."
Abstract

Cited by 20 (11 self)
 Add to MetaCart
. We discuss the issue of the parameterized computational complexity of a number of problems of interest in cryptography. We show that the problem of determining whether an ndigit number has a prime divisor less than or equal to n k can be solved in expected time f(k)n 3 by a randomized algorithm that employs elliptic curve factorization techniques (this result depends on an unproved but plausible numbertheoretic conjecture). An analogous computational problem concerning discrete logarithms is directly relevant to some proposed cryptosystem implementations. Our result suggests caution about implementations which fix a parameter such as the size or Hamming weight of keys. We show that several parameterized problems of relevance to cryptography, including kSubset Sum, kPerfect Code, and kSubset Product are likely to be intractable with respect to fixedparameter complexity. In particular, we show that they cannot be solved in time f(k)n ff , where ff is independent...
Computational Aspects of Discrete Logarithms
, 1996
"... Integer factorization and discrete logarithm calculation are important to public key cryptography. The most efficient known methods for these problems require the solution of large sparse linear systems, modulo two for the factoring case, and modulo large primesfor the logarithm case. This thesis i ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
(Show Context)
Integer factorization and discrete logarithm calculation are important to public key cryptography. The most efficient known methods for these problems require the solution of large sparse linear systems, modulo two for the factoring case, and modulo large primesfor the logarithm case. This thesis is concerned with solving these equations modulo large primes. The methods typically used in this application are examined and compared, and improvements are suggested. A solution method derived from the bidiagonalization method of Golub and Kahan is developed, and shown to require onehalf the storage of the Lanczos method, onequarter less than the conjugate gradient method, and no more computation than either of these methods. It is expected that this method will become the method of choice for the solution modulo large primes of the equations involved in discrete logarithm calculation. The problem of breakdown for the general case of nonsymmetric and possibly singular matrices is considered, and new lookahead methods for orthogonal and conjugate Lanczos algorithms are derived. A unified treatment of the Lanczos algorithms, the conjugate gradient algorithm and the Wiedemann algorithm is given using an orthogonal polynomial approach. It is shown, in particular, that incurable breakdowns can be handled by such an approach. The conjugate gradient algorithm is shown to consist of coupled conjugate and orthogonal Lanczos iterations, linking it to the development given for Lanczos methods. An efficient integrated lookahead method is developed for the conjugate gradient algorithm.