17,467 research outputs found
Close to Uniform Prime Number Generation With Fewer Random Bits
In this paper, we analyze several variants of a simple method for generating
prime numbers with fewer random bits. To generate a prime less than ,
the basic idea is to fix a constant , pick a
uniformly random coprime to , and choose of the form ,
where only is updated if the primality test fails. We prove that variants
of this approach provide prime generation algorithms requiring few random bits
and whose output distribution is close to uniform, under less and less
expensive assumptions: first a relatively strong conjecture by H.L. Montgomery,
made precise by Friedlander and Granville; then the Extended Riemann
Hypothesis; and finally fully unconditionally using the
Barban-Davenport-Halberstam theorem. We argue that this approach has a number
of desirable properties compared to previous algorithms.Comment: Full version of ICALP 2014 paper. Alternate version of IACR ePrint
Report 2011/48
Regular and almost universal hashing: an efficient implementation
Random hashing can provide guarantees regarding the performance of data
structures such as hash tables---even in an adversarial setting. Many existing
families of hash functions are universal: given two data objects, the
probability that they have the same hash value is low given that we pick hash
functions at random. However, universality fails to ensure that all hash
functions are well behaved. We further require regularity: when picking data
objects at random they should have a low probability of having the same hash
value, for any fixed hash function. We present the efficient implementation of
a family of non-cryptographic hash functions (PM+) offering good running times,
good memory usage as well as distinguishing theoretical guarantees: almost
universality and component-wise regularity. On a variety of platforms, our
implementations are comparable to the state of the art in performance. On
recent Intel processors, PM+ achieves a speed of 4.7 bytes per cycle for 32-bit
outputs and 3.3 bytes per cycle for 64-bit outputs. We review vectorization
through SIMD instructions (e.g., AVX2) and optimizations for superscalar
execution.Comment: accepted for publication in Software: Practice and Experience in
September 201
Can NSEC5 be practical for DNSSEC deployments?
NSEC5 is proposed modification to DNSSEC that simultaneously guarantees two security properties: (1) privacy against offline zone enumeration, and (2) integrity of zone contents, even if an adversary compromises the authoritative nameserver responsible for responding to DNS queries for the zone. This paper redesigns NSEC5 to make it both practical and performant. Our NSEC5 redesign features a new fast verifiable random function (VRF) based on elliptic curve cryptography (ECC), along with a cryptographic proof of its security. This VRF is also of independent interest, as it is being standardized by the IETF and being used by several other projects. We show how to integrate NSEC5 using our ECC-based VRF into the DNSSEC protocol, leveraging precomputation to improve performance and DNS protocol-level optimizations to shorten responses. Next, we present the first full-fledged implementation of NSEC5âextending widely-used DNS software to present a nameserver and recursive resolver that support NSEC5âand evaluate their performance under aggressive DNS query loads. Our performance results
indicate that our redesigned NSEC5 can be viable even for high-throughput scenarioshttps://eprint.iacr.org/2017/099.pdfFirst author draf
- âŠ