841 research outputs found
On the complexity of computing with zero-dimensional triangular sets
We study the complexity of some fundamental operations for triangular sets in
dimension zero. Using Las-Vegas algorithms, we prove that one can perform such
operations as change of order, equiprojectable decomposition, or quasi-inverse
computation with a cost that is essentially that of modular composition. Over
an abstract field, this leads to a subquadratic cost (with respect to the
degree of the underlying algebraic set). Over a finite field, in a boolean RAM
model, we obtain a quasi-linear running time using Kedlaya and Umans' algorithm
for modular composition. Conversely, we also show how to reduce the problem of
modular composition to change of order for triangular sets, so that all these
problems are essentially equivalent. Our algorithms are implemented in Maple;
we present some experimental results
A Fast Large-Integer Extended GCD Algorithm and Hardware Design for Verifiable Delay Functions and Modular Inversion
The extended GCD (XGCD) calculation, which computes Bézout coefficients ba, bb such that ba ∗ a0 + bb ∗ b0 = GCD(a0, b0), is a critical operation in many cryptographic applications. In particular, large-integer XGCD is computationally dominant for two applications of increasing interest: verifiable delay functions that square binary quadratic forms within a class group and constant-time modular inversion for elliptic curve cryptography. Most prior work has focused on fast software implementations. The few works investigating hardware acceleration build on variants of Euclid’s division-based algorithm, following the approach used in optimized software. We show that adopting variants of Stein’s subtraction-based algorithm instead leads to significantly faster hardware. We quantify this advantage by performing a large-integer XGCD accelerator design space exploration comparing Euclid- and Stein-based algorithms for various application requirements. This exploration leads us to an XGCD hardware accelerator that is flexible and efficient, supports fast average and constant-time evaluation, and is easily extensible for polynomial GCD. Our 16nm ASIC design calculates 1024-bit XGCD in 294ns (8x faster than the state-of-the-art ASIC) and constant-time 255-bit XGCD for inverses in the field of integers modulo the prime 2255−19 in 85ns (31× faster than state-of-the-art software). We believe our design is the first high-performance ASIC for the XGCD computation that is also capable of constant-time evaluation. Our work is publicly available at https://github.com/kavyasreedhar/sreedhar-xgcd-hardware-ches2022
Efficient implementation of the Hardy-Ramanujan-Rademacher formula
We describe how the Hardy-Ramanujan-Rademacher formula can be implemented to
allow the partition function to be computed with softly optimal
complexity and very little overhead. A new implementation
based on these techniques achieves speedups in excess of a factor 500 over
previously published software and has been used by the author to calculate
, an exponent twice as large as in previously reported
computations.
We also investigate performance for multi-evaluation of , where our
implementation of the Hardy-Ramanujan-Rademacher formula becomes superior to
power series methods on far denser sets of indices than previous
implementations. As an application, we determine over 22 billion new
congruences for the partition function, extending Weaver's tabulation of 76,065
congruences.Comment: updated version containing an unconditional complexity proof;
accepted for publication in LMS Journal of Computation and Mathematic
Quantum resource estimates for computing elliptic curve discrete logarithms
We give precise quantum resource estimates for Shor's algorithm to compute
discrete logarithms on elliptic curves over prime fields. The estimates are
derived from a simulation of a Toffoli gate network for controlled elliptic
curve point addition, implemented within the framework of the quantum computing
software tool suite LIQ. We determine circuit implementations for
reversible modular arithmetic, including modular addition, multiplication and
inversion, as well as reversible elliptic curve point addition. We conclude
that elliptic curve discrete logarithms on an elliptic curve defined over an
-bit prime field can be computed on a quantum computer with at most qubits using a quantum circuit of at most Toffoli gates. We are able to classically simulate the
Toffoli networks corresponding to the controlled elliptic curve point addition
as the core piece of Shor's algorithm for the NIST standard curves P-192,
P-224, P-256, P-384 and P-521. Our approach allows gate-level comparisons to
recent resource estimates for Shor's factoring algorithm. The results also
support estimates given earlier by Proos and Zalka and indicate that, for
current parameters at comparable classical security levels, the number of
qubits required to tackle elliptic curves is less than for attacking RSA,
suggesting that indeed ECC is an easier target than RSA.Comment: 24 pages, 2 tables, 11 figures. v2: typos fixed and reference added.
ASIACRYPT 201
Resolving zero-divisors using Hensel lifting
Algorithms which compute modulo triangular sets must respect the presence of
zero-divisors. We present Hensel lifting as a tool for dealing with them. We
give an application: a modular algorithm for computing GCDs of univariate
polynomials with coefficients modulo a radical triangular set over the
rationals. Our modular algorithm naturally generalizes previous work from
algebraic number theory. We have implemented our algorithm using Maple's RECDEN
package. We compare our implementation with the procedure RegularGcd in the
RegularChains package.Comment: Shorter version to appear in Proceedings of SYNASC 201
Symmetry Detection of Rational Space Curves from their Curvature and Torsion
We present a novel, deterministic, and efficient method to detect whether a
given rational space curve is symmetric. By using well-known differential
invariants of space curves, namely the curvature and torsion, the method is
significantly faster, simpler, and more general than an earlier method
addressing a similar problem. To support this claim, we present an analysis of
the arithmetic complexity of the algorithm and timings from an implementation
in Sage.Comment: 25 page
A comprehensive analysis of constant-time polynomial inversion for post-quantum cryptosystems
Post-quantum cryptosystems have currently seen a surge in interest thanks to the current standardization initiative by the U.S.A. National Institute of Standards and Technology (NIST). A common primitive in post-quantum cryptosystems, in particular in code-based ones, is the computation of the inverse of a binary polynomial in a binary polynomial ring. In this work, we analyze, realize in software, and benchmark a broad spectrum of binary polynomial inversion algorithms, targeting operand sizes which are relevant for the current second round candidates in the NIST standardization process. We evaluate advantages and shortcomings of the different inversion algorithms, including their capability to run in constant-time, thus preventing timing side-channel attacks
- …