Results 1  10
of
14
PolynomialTime Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
 SIAM J. on Computing
, 1997
"... A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. ..."
Abstract

Cited by 1278 (4 self)
 Add to MetaCart
A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. This paper considers factoring integers and finding discrete logarithms, two problems which are generally thought to be hard on a classical computer and which have been used as the basis of several proposed cryptosystems. Efficient randomized algorithms are given for these two problems on a hypothetical quantum computer. These algorithms take a number of steps polynomial in the input size, e.g., the number of digits of the integer to be factored.
The Bit Extraction Problem or tResilient Functions
, 1985
"... \Gamma We consider the following adversarial situation. Let n, m and t be arbitrary integers, and let f : f0; 1g n 7! f0; 1g m be a function. An adversary, knowing the function f , sets t of the n input bits, while the rest (n \Gamma t input bits) are chosen at random (independently and with un ..."
Abstract

Cited by 172 (11 self)
 Add to MetaCart
\Gamma We consider the following adversarial situation. Let n, m and t be arbitrary integers, and let f : f0; 1g n 7! f0; 1g m be a function. An adversary, knowing the function f , sets t of the n input bits, while the rest (n \Gamma t input bits) are chosen at random (independently and with uniform probability distribution). The adversary tries to prevent the outcome of f from being uniformly distributed in f0; 1g m . The question addressed is for what values of n, m and t does the adversary necessarily fail in biasing the outcome of f : f0; 1g n 7! f0; 1g m , when being restricted to set t of the input bits of f . We present various lower and upper bounds on m's allowing an affirmative answer. These bounds are relatively close for t n=3 and for t 2n=3. Our results have applications in the fields of faulttolerance and cryptography. 1. INTRODUCTION The bit extraction problem formulated above The bit extraction problem was suggested by Brassard and Robert [BRref] and by V...
A new look at independence
"... The concentration of measure phenomenon in product spaces is a farreaching abstract generalization of the classical exponential inequalities for sums of independent random variables. We attempt to explain in the simplest possible terms the basic concepts underlying this phenomenon, the basic method ..."
Abstract

Cited by 111 (0 self)
 Add to MetaCart
The concentration of measure phenomenon in product spaces is a farreaching abstract generalization of the classical exponential inequalities for sums of independent random variables. We attempt to explain in the simplest possible terms the basic concepts underlying this phenomenon, the basic method to prove concentration inequalities, and the meaning of several of the most useful inequalities.
Expansion of Product Replacement Graphs
 Combinatorica
, 2001
"... . We establish a connection between the expansion coefficient of the product replacement graph \Gamma k (G) and the minimal expansion coefficient of a Cayley graph of G with k generators. In particular, we show that the product replacement graphs \Gamma k \Gamma PSL(2; p) \Delta form an expander ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
. We establish a connection between the expansion coefficient of the product replacement graph \Gamma k (G) and the minimal expansion coefficient of a Cayley graph of G with k generators. In particular, we show that the product replacement graphs \Gamma k \Gamma PSL(2; p) \Delta form an expander family, under assumption that all Cayley graphs of PSL(2; p), with at most k generators are expanders. This gives a new explanation of the outstanding performance of the product replacement algorithm and supports the speculation that all product replacement graphs are expanders [LP,P3].
Design and Analysis of PasswordBased Key Derivation Functions,” CTRSA 2005. A Glossary In this section we recall formal definitions for some of the notions used throughout this work. In the next section we introduce new definitions for key derivation fu
"... Abstract. A passwordbased key derivation function (KDF) – a function that derives cryptographic keys from a password – is necessary in many security applications. Like any passwordbased schemes, such KDFs are subject to key search attacks (often called dictionary attacks). Salt and iteration coun ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Abstract. A passwordbased key derivation function (KDF) – a function that derives cryptographic keys from a password – is necessary in many security applications. Like any passwordbased schemes, such KDFs are subject to key search attacks (often called dictionary attacks). Salt and iteration count are used in practice to significantly increase the workload of such attacks. These techniques have also been specified in widely adopted industry standards such as PKCS and IETF. Despite the importance and widespread usage, there has been no formal security analysis on existing constructions. In this paper, we propose a general security framework for passwordbased KDFs and introduce two security definitions each capturing a different attacking scenario. We study the most commonly used construction H (c) (p�s) and prove that the iteration count c, when fixed, does have an effect of stretching the password p by log 2 c bits. We then analyze the two standardized KDFs in PKCS#5. We show that both are secure if the adversary cannot influence the parameters but subject to attacks otherwise. Finally, we propose a new passwordbased KDF that is provably secure even when the adversary has full control of the parameters.
A Sieve Auxiliary Function
, 1995
"... . In the sieve theories of RosserIwaniec and DiamondHalberstam Richert, the upper and lower bound sieve functions (F and f , respectively) satisfy a coupled system of differentialdifference equations with retarded arguments. To aid in the study of these functions, Iwaniec introduced a conjugate d ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
(Show Context)
. In the sieve theories of RosserIwaniec and DiamondHalberstam Richert, the upper and lower bound sieve functions (F and f , respectively) satisfy a coupled system of differentialdifference equations with retarded arguments. To aid in the study of these functions, Iwaniec introduced a conjugate differencedifferential equation with an advanced argument, and gave a solution, q, which is analytic in the right halfplane. The analysis of the bounding sieve functions, F and f , is facilitated by an adjoint integral innerproduct relation which links the local behaviour of F \Gamma f with that of the sieve auxiliary function, q. In addition, q plays a fundamental role in determining the sieving limit of the combinatorial sieve, and hence in determining the boundary conditions of the sieve functions, F and f . The sieve auxiliary function, q, has been tabulated previously, but these data were not supported by numerical analysis, due to the prohibitive presence of highorder partial deriva...
Quantum and Arithmetical Chaos
, 2003
"... Summary. The lectures are centered around three selected topics of quantum chaos: the Selberg trace formula, the twopoint spectral correlation functions of Riemann zeta function zeros, and of the Laplace–Beltrami operator for the modular group. The lectures cover a wide range of quantum chaos appli ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Summary. The lectures are centered around three selected topics of quantum chaos: the Selberg trace formula, the twopoint spectral correlation functions of Riemann zeta function zeros, and of the Laplace–Beltrami operator for the modular group. The lectures cover a wide range of quantum chaos applications and can serve as a nonformal introduction to mathematical methods of quantum chaos.
The Similarities (and Differences) between Polynomials and Integers
, 1994
"... The purpose of this paper is to examine the two domains of the integers and the polynomials, in an attempt to understand the nature of complexity in these very basic situations. Can we formalize the integer algorithms which shed light on the polynomial domain, and vice versa? When will the casti ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
The purpose of this paper is to examine the two domains of the integers and the polynomials, in an attempt to understand the nature of complexity in these very basic situations. Can we formalize the integer algorithms which shed light on the polynomial domain, and vice versa? When will the casting of one in the other speed up an existing algorithm? Why do some problems not lend themselves to this kind of speedup? We give several simple and natural theorems that show how problems in one domain can be embedded in the other, and we examine the complexitytheoretic consequences of these embeddings. We also prove several results on the impossibility of solving integer problems by mimicking their polynomial counterparts. 1 Introduction It is a fact frequently remarked upon that polynomials and integers share a number of characteristics. Usually the Fast Fourier Transform is then Supported by NSF grants DMS8807202 and CCR9204630. y Supported by NSF grant CCR9207797. 1 giv...
Probabilistic and Constructive Methods in Harmonic Analysis and Additive Number Theory
, 1994
"... We give several applications of the probabilistic method in harmonic analysis and additive number theory. We also give efficient constructions in place of previous probabilistic (existential) proofs. 1. Using the probabilistic method we prove that there exist integers p 1 ; : : : ; p N 0 for which ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
We give several applications of the probabilistic method in harmonic analysis and additive number theory. We also give efficient constructions in place of previous probabilistic (existential) proofs. 1. Using the probabilistic method we prove that there exist integers p 1 ; : : : ; p N 0 for which fi fi fi fi fi fi min x N X j=1 p j cos jx fi fi fi fi fi fi = O(s 1=3 ); as s !1, where s = P N j=1 p j . This improves a result of Odlyzko who proved a similar inequality with the right hand side replaced by O((s log s) 1=3 ). 2. Similarly we prove that there are frequencies 1 ! \Delta \Delta \Delta ! N 2 f1; : : : ; cNg, for c = 2, for which fi fi fi fi fi fi min x N X j=1 cos j x fi fi fi fi fi fi = O(N 1=2 ) and that this is impossible for smaller values of the positive constant c. 3. The previous result is used to prove easily a theorem of Erdos and Tur'an about the density of finite integer sequences with the property that any two elements have a different sum...
The Future of Social Computing Networks
"... The globalization of the world economy has had cascading effects not only in the shift of manufacturing plants to lowwage countries but also in unprecedented migration of people across nations and from the countryside to towns in search for higher quality of life. Consequently, designers of social ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
The globalization of the world economy has had cascading effects not only in the shift of manufacturing plants to lowwage countries but also in unprecedented migration of people across nations and from the countryside to towns in search for higher quality of life. Consequently, designers of social computing networks face the challenge of providing services to communities that are in a state of transition or have needs that are different from those addressed by national networks. This apart, pressures of modern age have caused disruption in traditional institutions, including that of the family, and one hopes that emerging social computing networks will fulfill in part the space that was occupied earlier by peopletopeople interactions. On the other side of the issue is the question of what value is to be associated with a given social network and how it may be designed to increase this value. This requires research on several fronts related to the very nature of social computing networks [122] (for example, should a network be considered an aggregate of individual agents or as a society of networks where patterns of relationships amongst individuals are more important than their attributes), and technological problems related to the