Splitting full matrix algebras over algebraic number fields

Let K be an algebraic number field of degree d and discriminant D over Q. Let A be an associative algebra over K given by structure constants such that A is isomorphic to the algebra M_n(K) of n by n matrices over K for some positive integer n. Suppose that d, n and D are bounded. Then an isomorphism of A with M_n(K) can be constructed by a polynomial time ff-algorithm. (An ff-algorithm is a deterministic procedure which is allowed to call oracles for factoring integers and factoring univariate polynomials over finite fields.) As a consequence, we obtain a polynomial time ff-algorithm to compute isomorphisms of central simple algebras of bounded degree over K.Comment: 15 pages; Theorem 2 and Lemma 8 correcte

Geometry of abstraction in quantum computation

Quantum algorithms are sequences of abstract operations, performed on non-existent computers. They are in obvious need of categorical semantics. We present some steps in this direction, following earlier contributions of Abramsky, Coecke and Selinger. In particular, we analyze function abstraction in quantum computation, which turns out to characterize its classical interfaces. Some quantum algorithms provide feasible solutions of important hard problems, such as factoring and discrete log (which are the building blocks of modern cryptography). It is of a great practical interest to precisely characterize the computational resources needed to execute such quantum algorithms. There are many ideas how to build a quantum computer. Can we prove some necessary conditions? Categorical semantics help with such questions. We show how to implement an important family of quantum algorithms using just abelian groups and relations.Comment: 29 pages, 42 figures; Clifford Lectures 2008 (main speaker Samson Abramsky); this version fixes a pstricks problem in a diagra

Fast Arithmetics in Artin-Schreier Towers over Finite Fields

An Artin-Schreier tower over the finite field F_p is a tower of field extensions generated by polynomials of the form X^p - X - a. Following Cantor and Couveignes, we give algorithms with quasi-linear time complexity for arithmetic operations in such towers. As an application, we present an implementation of Couveignes' algorithm for computing isogenies between elliptic curves using the p-torsion.Comment: 28 pages, 4 figures, 3 tables, uses mathdots.sty, yjsco.sty Submitted to J. Symb. Compu

Hard isogeny problems over RSA moduli and groups with infeasible inversion

We initiate the study of computational problems on elliptic curve isogeny graphs defined over RSA moduli. We conjecture that several variants of the neighbor-search problem over these graphs are hard, and provide a comprehensive list of cryptanalytic attempts on these problems. Moreover, based on the hardness of these problems, we provide a construction of groups with infeasible inversion, where the underlying groups are the ideal class groups of imaginary quadratic orders. Recall that in a group with infeasible inversion, computing the inverse of a group element is required to be hard, while performing the group operation is easy. Motivated by the potential cryptographic application of building a directed transitive signature scheme, the search for a group with infeasible inversion was initiated in the theses of Hohenberger and Molnar (2003). Later it was also shown to provide a broadcast encryption scheme by Irrer et al. (2004). However, to date the only case of a group with infeasible inversion is implied by the much stronger primitive of self-bilinear map constructed by Yamakawa et al. (2014) based on the hardness of factoring and indistinguishability obfuscation (iO). Our construction gives a candidate without using iO.Comment: Significant revision of the article previously titled "A Candidate Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the constructions by giving toy examples, added "The Parallelogram Attack" (Sec 5.3.2). 54 pages, 8 figure

Computing the Characteristic Polynomial of a Finite Rank Two Drinfeld Module

Motivated by finding analogues of elliptic curve point counting techniques, we introduce one deterministic and two new Monte Carlo randomized algorithms to compute the characteristic polynomial of a finite rank-two Drinfeld module. We compare their asymptotic complexity to that of previous algorithms given by Gekeler, Narayanan and Garai-Papikian and discuss their practical behavior. In particular, we find that all three approaches represent either an improvement in complexity or an expansion of the parameter space over which the algorithm may be applied. Some experimental results are also presented