873 research outputs found
Computing the Characteristic Polynomial of a Finite Rank Two Drinfeld Module
Motivated by finding analogues of elliptic curve point counting techniques,
we introduce one deterministic and two new Monte Carlo randomized algorithms to
compute the characteristic polynomial of a finite rank-two Drinfeld module. We
compare their asymptotic complexity to that of previous algorithms given by
Gekeler, Narayanan and Garai-Papikian and discuss their practical behavior. In
particular, we find that all three approaches represent either an improvement
in complexity or an expansion of the parameter space over which the algorithm
may be applied. Some experimental results are also presented
Signing on a Postcard
We investigate the problem of signing short messages using a scheme that minimizes the total length of the original message and the appended signature. This line of research was motivated by several postal services interested by stamping machines capable of producing digital signatures. Although several message recovery schemes exist, their security is questionable. This paper proposes variants of DSA and ECDSA allowing partial recovery: the signature is appended to a truncated message and the discarded bytes are recovered by the verification algorithm
On sets of irreducible polynomials closed by composition
Let be a set of monic degree polynomials over a finite field
and let be the compositional semigroup generated by . In this
paper we establish a necessary and sufficient condition for to be
consisting entirely of irreducible polynomials. The condition we deduce depends
on the finite data encoded in a certain graph uniquely determined by the
generating set . Using this machinery we are able both to show
examples of semigroups of irreducible polynomials generated by two degree
polynomials and to give some non-existence results for some of these sets in
infinitely many prime fields satisfying certain arithmetic conditions
A faster pseudo-primality test
We propose a pseudo-primality test using cyclic extensions of . For every positive integer , this test achieves the
security of Miller-Rabin tests at the cost of Miller-Rabin
tests.Comment: Published in Rendiconti del Circolo Matematico di Palermo Journal,
Springe
An efficient quantum algorithm for the hidden subgroup problem in extraspecial groups
Extraspecial groups form a remarkable subclass of p-groups. They are also
present in quantum information theory, in particular in quantum error
correction. We give here a polynomial time quantum algorithm for finding hidden
subgroups in extraspecial groups. Our approach is quite different from the
recent algorithms presented in [17] and [2] for the Heisenberg group, the
extraspecial p-group of size p3 and exponent p. Exploiting certain nice
automorphisms of the extraspecial groups we define specific group actions which
are used to reduce the problem to hidden subgroup instances in abelian groups
that can be dealt with directly.Comment: 10 page
Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks
Group Diffie-Hellman schemes for password-based key exchange are designed to provide a pool of players communicating over a public network, and sharing just a human-memorable password, with a session key (e.g, the key is used for multicast data integrity and confidentiality) . The fundamental security goal to achieve in this scenario is security against dictionary attacks. While solutions have been proposed to solve this problem no formal treatment has ever been suggested. In this paper, we define a security model and then present a protocol with its security proof in both the random oracle model and the ideal-cipher model
Algorithms for zero-dimensional ideals using linear recurrent sequences
Inspired by Faug\`ere and Mou's sparse FGLM algorithm, we show how using
linear recurrent multi-dimensional sequences can allow one to perform
operations such as the primary decomposition of an ideal, by computing the
annihilator of one or several such sequences.Comment: LNCS, Computer Algebra in Scientific Computing CASC 201
Computing the endomorphism ring of an ordinary elliptic curve over a finite field
We present two algorithms to compute the endomorphism ring of an ordinary
elliptic curve E defined over a finite field F_q. Under suitable heuristic
assumptions, both have subexponential complexity. We bound the complexity of
the first algorithm in terms of log q, while our bound for the second algorithm
depends primarily on log |D_E|, where D_E is the discriminant of the order
isomorphic to End(E). As a byproduct, our method yields a short certificate
that may be used to verify that the endomorphism ring is as claimed.Comment: 16 pages (minor edits
Complexity of Decoding Positive-Rate Reed-Solomon Codes
The complexity of maximal likelihood decoding of the Reed-Solomon codes
is a well known open problem. The only known result in this
direction states that it is at least as hard as the discrete logarithm in some
cases where the information rate unfortunately goes to zero. In this paper, we
remove the rate restriction and prove that the same complexity result holds for
any positive information rate. In particular, this resolves an open problem
left in [4], and rules out the possibility of a polynomial time algorithm for
maximal likelihood decoding problem of Reed-Solomon codes of any rate under a
well known cryptographical hardness assumption. As a side result, we give an
explicit construction of Hamming balls of radius bounded away from the minimum
distance, which contain exponentially many codewords for Reed-Solomon code of
any positive rate less than one. The previous constructions only apply to
Reed-Solomon codes of diminishing rates. We also give an explicit construction
of Hamming balls of relative radius less than 1 which contain subexponentially
many codewords for Reed-Solomon code of rate approaching one
A Machine-Checked Formalization of the Generic Model and the Random Oracle Model
Most approaches to the formal analyses of cryptographic protocols make the perfect cryptography assumption, i.e. the hypothese that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing the key. Ideally, one would prefer to rely on a weaker hypothesis on the computational cost of gaining information about the plaintext pertaining to a ciphertext without knowing the key. Such a view is permitted by the Generic Model and the Random Oracle Model which provide non-standard computational models in which one may reason about the computational cost of breaking a cryptographic scheme. Using the proof assistant Coq, we provide a machine-checked account of the Generic Model and the Random Oracle Mode
- âŠ