The Rabin cryptosystem revisited

The Rabin public-key cryptosystem is revisited with a focus on the problem of identifying the encrypted message unambiguously for any pair of primes. In particular, a deterministic scheme using quartic reciprocity is described that works for primes congruent 5 modulo 8, a case that was still open. Both theoretical and practical solutions are presented. The Rabin signature is also reconsidered and a deterministic padding mechanism is proposed.Comment: minor review + introduction of a deterministic scheme using quartic reciprocity that works for primes congruent 5 modulo

Fermat quotients: Exponential sums, value set and primitive roots

For a prime $p$ and an integer $u$ with $\gcd(u,p)=1$, we define Fermat quotients by the conditions $$q_p(u) \equiv \frac{u^{p-1} -1}{p} \pmod p, \qquad 0 \le q_p(u) \le p-1.$$ D. R. Heath-Brown has given a bound of exponential sums with $N$ consecutive Fermat quotients that is nontrivial for $N\ge p^{1/2+\epsilon}$ for any fixed $\epsilon>0$. We use a recent idea of M. Z. Garaev together with a form of the large sieve inequality due to S. Baier and L. Zhao, to show that on average over $p$ one can obtain a nontrivial estimate for much shorter sums starting with $N\ge p^{\epsilon}$. We also obtain lower bounds on the image size of the first $N$ consecutive Fermat quotients and use it to prove that there is a positive integer $n\le p^{3/4 + o(1)}$ such that $q_p(n)$ is a primitive root modulo $p$

Computing the cardinality of CM elliptic curves using torsion points

Let E be an elliptic curve having complex multiplication by a given quadratic order of an imaginary quadratic field K. The field of definition of E is the ring class field Omega of the order. If the prime p splits completely in Omega, then we can reduce E modulo one the factors of p and get a curve Ep defined over GF(p). The trace of the Frobenius of Ep is known up to sign and we need a fast way to find this sign. For this, we propose to use the action of the Frobenius on torsion points of small order built with class invariants a la Weber, in a manner reminiscent of the Schoof-Elkies-Atkin algorithm for computing the cardinality of a given elliptic curve modulo p. We apply our results to the Elliptic Curve Primality Proving algorithm (ECPP).Comment: Revised and shortened version, including more material using discriminants of curves and division polynomial