Efficient algorithms for pairing-based cryptosystems

We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics.We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm, the latter technique being also useful in contexts other than that of pairing-based cryptography

Quench protection analysis in accelerator magnets, a review of the tools

As accelerator magnets see the increase of their magnetic field and stored energy, quench protection becomes a critical part of the magnet design. Due to the complexity of the quench phenomenon interweaving magnetic, electrical and thermal analysis, the use of numerical codes is a key component of the process. In that respect, we propose here a review of several tools commonly used in the magnet design community.Comment: 4 pages, Contribution to WAMSDO 2013: Workshop on Accelerator Magnet, Superconductor, Design and Optimization; 15 - 16 Jan 2013, CERN, Geneva, Switzerlan

Arithmetic circuits: the chasm at depth four gets wider

In their paper on the "chasm at depth four", Agrawal and Vinay have shown that polynomials in m variables of degree O(m) which admit arithmetic circuits of size 2^o(m) also admit arithmetic circuits of depth four and size 2^o(m). This theorem shows that for problems such as arithmetic circuit lower bounds or black-box derandomization of identity testing, the case of depth four circuits is in a certain sense the general case. In this paper we show that smaller depth four circuits can be obtained if we start from polynomial size arithmetic circuits. For instance, we show that if the permanent of n*n matrices has circuits of size polynomial in n, then it also has depth 4 circuits of size n^O(sqrt(n)*log(n)). Our depth four circuits use integer constants of polynomial size. These results have potential applications to lower bounds and deterministic identity testing, in particular for sums of products of sparse univariate polynomials. We also give an application to boolean circuit complexity, and a simple (but suboptimal) reduction to polylogarithmic depth for arithmetic circuits of polynomial size and polynomially bounded degree

Computing zeta functions of arithmetic schemes

We present new algorithms for computing zeta functions of algebraic varieties over finite fields. In particular, let X be an arithmetic scheme (scheme of finite type over Z), and for a prime p let zeta_{X_p}(s) be the local factor of its zeta function. We present an algorithm that computes zeta_{X_p}(s) for a single prime p in time p^(1/2+o(1)), and another algorithm that computes zeta_{X_p}(s) for all primes p < N in time N (log N)^(3+o(1)). These generalise previous results of the author from hyperelliptic curves to completely arbitrary varieties.Comment: 23 pages, to appear in the Proceedings of the London Mathematical Societ

Algorithms on Ideal over Complex Multiplication order

We show in this paper that the Gentry-Szydlo algorithm for cyclotomic orders, previously revisited by Lenstra-Silverberg, can be extended to complex-multiplication (CM) orders, and even to a more general structure. This algorithm allows to test equality over the polarized ideal class group, and finds a generator of the polarized ideal in polynomial time. Also, the algorithm allows to solve the norm equation over CM orders and the recent reduction of principal ideals to the real suborder can also be performed in polynomial time. Furthermore, we can also compute in polynomial time a unit of an order of any number field given a (not very precise) approximation of it. Our description of the Gentry-Szydlo algorithm is different from the original and Lenstra- Silverberg's variant and we hope the simplifications made will allow a deeper understanding. Finally, we show that the well-known speed-up for enumeration and sieve algorithms for ideal lattices over power of two cyclotomics can be generalized to any number field with many roots of unity.Comment: Full version of a paper submitted to ANT