Pseudopowers and primality proving

It has been known since the 1930s that so-called pseudosquares yield a very powerful machinery for the primality testing of large integers N. In fact, assuming reasonable heuristics (which have been confirmed for numbers to 2^80) this gives a deterministic primality test in time O((lg N)^(3+o(1))), which many believe to be best possible. In the 1980s D.H. Lehmer posed a question tantamount to whether this could be extended to pseudo r-th powers. Very recently, this was accomplished for r=3. In fact, the results obtained indicate that r=3 might lead to an even more powerful algorithm than r=2. This naturally leads to the challenge if and how anything can be achieved for r>3. The extension from r = 2 to r = 3 relied on properties of the arithmetic of the Eisenstein ring of integers Z[\zeta_3], including the Law of Cubic Reciprocity. In this paper we present a generalization of our result for any odd prime r. The generalization is obtained by studying the properties of Gaussian and Jacobi sums in cyclotomic ring of integers, which are tools from which the r-th power Eisenstein Reciprocity Law is derived, rather than from the law itself. While r=3 seems to lead to a more efficient algorithm than r=2, we show that extending to any r>3 does not appear to lead to any further improvements

Periodic Structure of the Exponential Pseudorandom Number Generator

We investigate the periodic structure of the exponential pseudorandom number generator obtained from the map $x\mapsto g^x\pmod p$ that acts on the set $\{1, \ldots, p-1\}$

Fixed points of the EM algorithm and nonnegative rank boundaries

Mixtures of $r$ independent distributions for two discrete random variables can be represented by matrices of nonnegative rank $r$. Likelihood inference for the model of such joint distributions leads to problems in real algebraic geometry that are addressed here for the first time. We characterize the set of fixed points of the Expectation-Maximization algorithm, and we study the boundary of the space of matrices with nonnegative rank at most $3$. Both of these sets correspond to algebraic varieties with many irreducible components.Comment: Published in at http://dx.doi.org/10.1214/14-AOS1282 the Annals of Statistics (http://www.imstat.org/aos/) by the Institute of Mathematical Statistics (http://www.imstat.org

Constructing suitable ordinary pairing-friendly curves: A case of elliptic curves and genus two hyperelliptic curves

One of the challenges in the designing of pairing-based cryptographic protocols is to construct suitable pairing-friendly curves: Curves which would provide e�cient implementation without compromising the security of the protocols. These curves have small embedding degree and large prime order subgroup. Random curves are likely to have large embedding degree and hence are not practical for implementation of pairing-based protocols. In this thesis we review some mathematical background on elliptic and hyperelliptic curves in relation to the construction of pairing-friendly hyper-elliptic curves. We also present the notion of pairing-friendly curves. Furthermore, we construct new pairing-friendly elliptic curves and Jacobians of genus two hyperelliptic curves which would facilitate an efficient implementation in pairing-based protocols. We aim for curves that have smaller values than ever before reported for di�erent embedding degrees. We also discuss optimisation of computing pairing in Tate pairing and its variants. Here we show how to e�ciently multiply a point in a subgroup de�ned on a twist curve by a large cofactor. Our approach uses the theory of addition chains. We also show a new method for implementation of the computation of the hard part of the �nal exponentiation in the calculation of the Tate pairing and its varian

Cryptographic Pairings: Efficiency and DLP security

This thesis studies two important aspects of the use of pairings in cryptography, efficient algorithms and security. Pairings are very useful tools in cryptography, originally used for the cryptanalysis of elliptic curve cryptography, they are now used in key exchange protocols, signature schemes and Identity-based cryptography. This thesis comprises of two parts: Security and Efficient Algorithms. In Part I: Security, the security of pairing-based protocols is considered, with a thorough examination of the Discrete Logarithm Problem (DLP) as it occurs in PBC. Results on the relationship between the two instances of the DLP will be presented along with a discussion about the appropriate selection of parameters to ensure particular security level. In Part II: Efficient Algorithms, some of the computational issues which arise when using pairings in cryptography are addressed. Pairings can be computationally expensive, so the Pairing-Based Cryptography (PBC) research community is constantly striving to find computational improvements for all aspects of protocols using pairings. The improvements given in this section contribute towards more efficient methods for the computation of pairings, and increase the efficiency of operations necessary in some pairing-based protocol

p-adic number theory and its applications in a cryptographic form

Imperial Users onl

Quantum algorithms for algebraic problems

Quantum computers can execute algorithms that dramatically outperform classical computation. As the best-known example, Shor discovered an efficient quantum algorithm for factoring integers, whereas factoring appears to be difficult for classical computers. Understanding what other computational problems can be solved significantly faster using quantum algorithms is one of the major challenges in the theory of quantum computation, and such algorithms motivate the formidable task of building a large-scale quantum computer. This article reviews the current state of quantum algorithms, focusing on algorithms with superpolynomial speedup over classical computation, and in particular, on problems with an algebraic flavor.Comment: 52 pages, 3 figures, to appear in Reviews of Modern Physic