Fast integer multiplication using generalized Fermat primes

For almost 35 years, Sch{\"o}nhage-Strassen's algorithm has been the fastest algorithm known for multiplying integers, with a time complexity O(n $\times$ log n $\times$ log log n) for multiplying n-bit inputs. In 2007, F{\"u}rer proved that there exists K > 1 and an algorithm performing this operation in O(n $\times$ log n $\times$ K log n). Recent work by Harvey, van der Hoeven, and Lecerf showed that this complexity estimate can be improved in order to get K = 8, and conjecturally K = 4. Using an alternative algorithm, which relies on arithmetic modulo generalized Fermat primes, we obtain conjecturally the same result K = 4 via a careful complexity analysis in the deterministic multitape Turing model

Generalised Mersenne Numbers Revisited

Generalised Mersenne Numbers (GMNs) were defined by Solinas in 1999 and feature in the NIST (FIPS 186-2) and SECG standards for use in elliptic curve cryptography. Their form is such that modular reduction is extremely efficient, thus making them an attractive choice for modular multiplication implementation. However, the issue of residue multiplication efficiency seems to have been overlooked. Asymptotically, using a cyclic rather than a linear convolution, residue multiplication modulo a Mersenne number is twice as fast as integer multiplication; this property does not hold for prime GMNs, unless they are of Mersenne's form. In this work we exploit an alternative generalisation of Mersenne numbers for which an analogue of the above property --- and hence the same efficiency ratio --- holds, even at bitlengths for which schoolbook multiplication is optimal, while also maintaining very efficient reduction. Moreover, our proposed primes are abundant at any bitlength, whereas GMNs are extremely rare. Our multiplication and reduction algorithms can also be easily parallelised, making our arithmetic particularly suitable for hardware implementation. Furthermore, the field representation we propose also naturally protects against side-channel attacks, including timing attacks, simple power analysis and differential power analysis, which is essential in many cryptographic scenarios, in constrast to GMNs.Comment: 32 pages. Accepted to Mathematics of Computatio

Parallel Integer Polynomial Multiplication

We propose a new algorithm for multiplying dense polynomials with integer coefficients in a parallel fashion, targeting multi-core processor architectures. Complexity estimates and experimental comparisons demonstrate the advantages of this new approach

Elliptic periods for finite fields

We construct two new families of basis for finite field extensions. Basis in the first family, the so-called elliptic basis, are not quite normal basis, but they allow very fast Frobenius exponentiation while preserving sparse multiplication formulas. Basis in the second family, the so-called normal elliptic basis are normal basis and allow fast (quasi linear) arithmetic. We prove that all extensions admit models of this kind

Faster polynomial multiplication over finite fields

Let p be a prime, and let M_p(n) denote the bit complexity of multiplying two polynomials in F_p[X] of degree less than n. For n large compared to p, we establish the bound M_p(n) = O(n log n 8^(log^* n) log p), where log^* is the iterated logarithm. This is the first known F\"urer-type complexity bound for F_p[X], and improves on the previously best known bound M_p(n) = O(n log n log log n log p)

Algorithmic counting of nonequivalent compact Huffman codes

It is known that the following five counting problems lead to the same integer sequence~$f_t(n)$: the number of nonequivalent compact Huffman codes of length~$n$ over an alphabet of $t$ letters, the number of `nonequivalent' canonical rooted $t$-ary trees (level-greedy trees) with $n$~leaves, the number of `proper' words, the number of bounded degree sequences, and the number of ways of writing $1= \frac{1}{t^{x_1}}+ \dots + \frac{1}{t^{x_n}}$ with integers $0 \leq x_1 \leq x_2 \leq \dots \leq x_n$. In this work, we show that one can compute this sequence for \textbf{all} $n<N$ with essentially one power series division. In total we need at most $N^{1+\varepsilon}$ additions and multiplications of integers of $cN$ bits, $c<1$, or $N^{2+\varepsilon}$ bit operations, respectively. This improves an earlier bound by Even and Lempel who needed $O(N^3)$ operations in the integer ring or $O(N^4)$ bit operations, respectively

A Fast Algorithm for Computing the p-Curvature

We design an algorithm for computing the $p$-curvature of a differential system in positive characteristic $p$. For a system of dimension $r$ with coefficients of degree at most $d$, its complexity is \softO (p d r^\omega) operations in the ground field (where $\omega$ denotes the exponent of matrix multiplication), whereas the size of the output is about $p d r^2$. Our algorithm is then quasi-optimal assuming that matrix multiplication is (\emph{i.e.} $\omega = 2$). The main theoretical input we are using is the existence of a well-suited ring of series with divided powers for which an analogue of the Cauchy--Lipschitz Theorem holds.Comment: ISSAC 2015, Jul 2015, Bath, United Kingdo