DOCSLIB.ORG

The Distribution of Quadratic Residues and Non-Residues in the Goldwasser–Micali Type of Cryptosystem

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

J. Math. Cryptol. 8 (2014), 115–140 DOI 10.1515/jmc-2013-0001 © de Gruyter 2014 The distribution of quadratic residues and non-residues in the Goldwasser–Micali type of cryptosystem Benjamin Justus Communicated by Spyros Magliveras Abstract. We provide unconditional results and conditional ones under the assumption of GRH (Generalized Riemann Hypothesis) on the distribution of quadratic residues and quadratic non-residues in Z=N Z, where N pq is an RSA modulus used in the Gold- wasser–Micali cryptosystem. The paper alsoD discusses cryptographic implications of the results obtained. Keywords. Quadratic residuosity problem, Goldwasser–Micali cryptosystem, quadratic residues distribution. 2010 Mathematics Subject Classification. 94A60, 11A15. 1 Introduction Goldwasser and Micali in [6] introduced the concept of probabilistic encryption. In the same paper, they proved that their probabilistic public-key encryption scheme is secure based on the hardness of the quadratic residuosity problem. Given a composite integer N , and a positive integer a relative prime to N , the quadratic residuosity problem is to decide whether a is a quadratic residue or a quadratic non-residue modulo N (i.e. whether or not x2 a mod N has a solu- D tion). The modulus N in the Goldwasser–Micali cryptosystem is a typical RSA modulus used in the RSA cryptosystem. That is, N pq for odd distinct primes D p; q about the same size. The quadratic residuosity problem is known to be com- putationally hard if the factorization of N is not known, see Section 2. The prob- lem currently does not admit polynomial time solutions, and is listed as an open problem [1]. Given the difficulty of the quadratic residuosity problem, one could ask how the quadratic residues and quadratic non-residues are distributed in the Goldwasser– Micali cryptosystem. The following questions are not only interesting but also important in certain specialized cryptanalytic applications. 116 B. Justus (i) Given a pattern of quadratic residues and non-residues (a string containing consecutive residues or non-residues), how is the pattern distributed in the ring Z=N Z? (ii) Given a subset A (possibly sparse) of the ring Z=N Z, what is the proportion of quadratic residues and non-residues in the set A? (iii) Fix a square-free integer l. What is the density of the RSA moduli among the positive integer for which l is a quadratic residue (resp. quadratic non- residue)? With regard to question (i), there is a result of Davenport [4, 5] in the setting of finite field Fp Z=pZ where p is a large prime. Davenport considered the D problem of estimating the number of s consecutive quadratic residues (resp. non- residues) in Z=pZ. Davenport showed that the number of s consecutive quadratic residues (resp. non-residues) for large p is p  Os.p /; 2s C where 3 < 1. The error terms derived by Davenport were later improved 4 Ä [2, 10] using Weil’s bound and made explicit. In this paper, we generalize Davenport’s result to the setting Z=N Z where N D pq. Let N . / be the Jacobi symbol to the modulus N . Clearly N .n/ 1 D N D ˙ if n is relative prime to N . For a given pattern of 1 of length s, we are inter- ˙ ested in counting the number of occurrences of the pattern in the sequence N .n/, s 0 n < N . Precisely, let .0; : : : ; s 1/ 1; 1 be a binary vector of length s. Ä 2 ¹ º Consider the set ® ¯ D 0 n < N N .n i/ i for all 0 i s 1 : WD Ä W C D Ä Ä The theorem we prove is Theorem 1.1. Let N pq where p; q are distinct odd prime numbers satisfying D 1 < p; q cN 1=2 for a fixed c > 0. Let s be a positive integer satisfying 1 s 1 Ä 1 Äs Ä . 2 ı/ log2 N where 0 < ı < 2 . Then for any .0; : : : ; s 1/ 1; 1 , we have 2 ¹ º N 1 2 D O.N 2 log N /: j j D 2s C The implied constant depends only ı and c. Quadratic residues distribution 117 Our treatment of the theorem allows generalization to the case where N is square-free and the error term in the theorem can be made explicit in terms of s. One immediate consequence of Theorem 1.1 is that for a suitable length s, the pattern of ( 1) derived from the Jacobi symbol of length s tends to a uniform dis- ˙ tribution. Another application of the theorem is a connection of how the pattern distribution can be used to describe the complexity of predicting cryptographically strong pseudorandom bit generators whose constructions are based on the Legen- dre and Jacobi symbols [3]. The method used in the proof of Theorem 1.1 however does not allow us to ob- tain a similar asymptotic result in the study of the pattern distribution of quadratic residues and non-residues modulo N . The principal difficulty here is our inability of bounding non-trivially character sums of the type X XX p.f .n; i//q.f .n; j //; n i j ¤ where f .x; y/ is a certain type of polynomial in ZŒx; y. With regard to question (ii), we consider in this paper two types of A. The first type of A consists of arithmetic sequences whose distribution can be studied using analytic theory of L-functions. Such instances include for example the sequence of prime numbers, the sequence of square-free integers, etc. In Section 4, we prove a simplest result in this direction: Theorem 1.2. Let N pq where p; q are distinct odd primes. Let 0 < ı 1. Define the sets D Ä A ® prime l < N ı l is quadratic residue mod N ¯; WD W NA ® prime l < N ı l is quadratic non-residue mod N ¯: WD W Then under the assumption of GRH, we have ı N ı A O.N 2 log N /; j j D 4ı log N C ı 3N ı NA O.N 2 log N /: j j D 4ı log N C The implied constants depend only on ı. We should remark that the assumption of GRH is necessary in order to have the desired asymptotic result. Without the assumption of GRH, the error terms based on the current state of the zero-free region of Dirichlet L-functions are as large as ı 1=2 N C , see Proposition 4.1. 118 B. Justus The second type of A we consider is a subinterval or a union of subintervals in Œ1; N . We start with the case of a single subinterval. For a subinterval ŒQ; Q C H Œ1; N where H is a positive integer, consider the sets  A ®n Q < n Q H; n is quadratic residue mod N ¯; WD W Ä C NA ®n Q < n Q H; n is quadratic non-residue mod N ¯: WD W Ä C Since there are about 1=4 quadratic residues and 3=4 quadratic non-residues in Z=N Z, one could expect the same proportions of residues and non-residues hold true for an interval inside Œ1; N if one believes the residues (resp. non-residues) are uniformly distributed. Indeed, we have the following result. Proposition 1.3. Let N pq where p; q are distinct odd primes. Let c1; c2 be D 1=2 1=4 ı positive real numbers such that 1 < p; q c1N and H c2N C . Then we have Ä 2 1 1 2ı A H O H 1 4ı ; j j D 4 C C 2 3 1 2ı NA H O H 1 4ı j j D 4 C C 1 for every 0 < ı . The implied constants depend only on ı, c1 and c2. Ä 2 Recently Heath-Brown [7] discovered a mean-value character sum estimate which includes the original Burgess bound as a special case. The advantage of Heath-Brown’s mean-value estimate lies in the fact that one is now able to bound non-trivially on average character sums whose ranges are as small as N pro- vided there are sufficiently many of them. We make this precise in the following theorem. Let I .Q ;Q H , 1 k J be a collection of disjoint subintervals k D k k C k Ä Ä inside the interval Œ1; N . Consider the sets J ° [ ± A n I I n is quadratic residue mod N ; WD 2 WD k W k 1 D J ° [ ± NA n I I n is quadratic non-residue mod N : WD 2 WD k W k 1 D Theorem 1.4. Let N pq where p; q are distinct odd prime numbers satisfying 1=2 D 1 < p; q cN . Let positive real numbers ı; ı1; ı2 be given such that 0 < ı 1 Ä Ä , 0 < ı1; ı2 < 1, and 0 < ı1 ı2 1. Suppose for large N , 4 C Ä ı1 ı2 H c1N ; 1 k J;J c2N ; k Ä Ä Quadratic residues distribution 119 where c1; c2 > 0. Then we have 1 2 A I O I 1 ı ; j j D 4j j C j j 3 2 NA I O I 1 ı j j D 4j j C j j provided the following conditions hold: ı2 1 ı ı1 > 2ı; ı1 : C 3 4.1 ı/ C 1 ı The implied constants depend only on ı; ı1; ı2; c1; c2. Question (iii) set out in the introduction can be viewed as an inverse scenario of question (ii).
Recommended publications
  • Chapter 9 Quadratic Residues

    Chapter 9 Quadratic Residues

    Chapter 9 Quadratic Residues 9.1 Introduction Definition 9.1. We say that a 2 Z is a quadratic residue mod n if there exists b 2 Z such that a ≡ b2 mod n: If there is no such b we say that a is a quadratic non-residue mod n. Example: Suppose n = 10. We can determine the quadratic residues mod n by computing b2 mod n for 0 ≤ b < n. In fact, since (−b)2 ≡ b2 mod n; we need only consider 0 ≤ b ≤ [n=2]. Thus the quadratic residues mod 10 are 0; 1; 4; 9; 6; 5; while 3; 7; 8 are quadratic non-residues mod 10. Proposition 9.1. If a; b are quadratic residues mod n then so is ab. Proof. Suppose a ≡ r2; b ≡ s2 mod p: Then ab ≡ (rs)2 mod p: 9.2 Prime moduli Proposition 9.2. Suppose p is an odd prime. Then the quadratic residues coprime to p form a subgroup of (Z=p)× of index 2. Proof. Let Q denote the set of quadratic residues in (Z=p)×. If θ :(Z=p)× ! (Z=p)× denotes the homomorphism under which r 7! r2 mod p 9–1 then ker θ = {±1g; im θ = Q: By the first isomorphism theorem of group theory, × jkerθj · j im θj = j(Z=p) j: Thus Q is a subgroup of index 2: p − 1 jQj = : 2 Corollary 9.1. Suppose p is an odd prime; and suppose a; b are coprime to p. Then 1. 1=a is a quadratic residue if and only if a is a quadratic residue.
  • Number Theory Summary

    Number Theory Summary

    YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467: Cryptography and Computer Security Handout #11 Professor M. J. Fischer November 13, 2017 Number Theory Summary Integers Let Z denote the integers and Z+ the positive integers. Division For a 2 Z and n 2 Z+, there exist unique integers q; r such that a = nq + r and 0 ≤ r < n. We denote the quotient q by ba=nc and the remainder r by a mod n. We say n divides a (written nja) if a mod n = 0. If nja, n is called a divisor of a. If also 1 < n < jaj, n is said to be a proper divisor of a. Greatest common divisor The greatest common divisor (gcd) of integers a; b (written gcd(a; b) or simply (a; b)) is the greatest integer d such that d j a and d j b. If gcd(a; b) = 1, then a and b are said to be relatively prime. Euclidean algorithm Computes gcd(a; b). Based on two facts: gcd(0; b) = b; gcd(a; b) = gcd(b; a − qb) for any q 2 Z. For rapid convergence, take q = ba=bc, in which case a − qb = a mod b. Congruence For a; b 2 Z and n 2 Z+, we write a ≡ b (mod n) iff n j (b − a). Note a ≡ b (mod n) iff (a mod n) = (b mod n). + ∗ Modular arithmetic Fix n 2 Z . Let Zn = f0; 1; : : : ; n − 1g and let Zn = fa 2 Zn j gcd(a; n) = 1g. For integers a; b, define a⊕b = (a+b) mod n and a⊗b = ab mod n.
  • Lecture 10: Quadratic Residues

    Lecture 10: Quadratic Residues

    Lecture 10: Quadratic residues Rajat Mittal IIT Kanpur n Solving polynomial equations, anx + ··· + a1x + a0 = 0 , has been of interest from a long time in mathematics. For equations up to degree 4, we have an explicit formula for the solutions. It has also been shown that no such explicit formula can exist for degree higher than 4. What about polynomial equations modulo p? Exercise 1. When does the equation ax + b = 0 mod p has a solution? This lecture will focus on solving quadratic equations modulo a prime number p. In other words, we are 2 interested in solving a2x +a1x+a0 = 0 mod p. First thing to notice, we can assume that every coefficient ai can only range between 0 to p − 1. In the assignment, you will show that we only need to consider equations 2 of the form x + a1x + a0 = 0. 2 Exercise 2. When will x + a1x + a0 = 0 mod 2 not have a solution? So, for further discussion, we are only interested in solving quadratic equations modulo p, where p is an odd prime. For odd primes, inverse of 2 always exists. 2 −1 2 −2 2 x + a1x + a0 = 0 mod p , (x + 2 a1) = 2 a1 − a0 mod p: −1 −2 2 Taking y = x + 2 a1 and b = 2 a1 − a0, 2 2 Exercise 3. solving quadratic equation x + a1x + a0 = 0 mod p is same as solving y = b mod p. The small amount of work we did above simplifies the original problem. We only need to solve, when a number (b) has a square root modulo p, to solve quadratic equations modulo p.
  • Consecutive Quadratic Residues and Quadratic Nonresidue Modulo P

    Consecutive Quadratic Residues and Quadratic Nonresidue Modulo P

    Consecutive Quadratic Residues And Quadratic Nonresidue Modulo p N. A. Carella Abstract: Let p be a large prime, and let k log p. A new proof of the existence of ≪ any pattern of k consecutive quadratic residues and quadratic nonresidues is introduced in this note. Further, an application to the least quadratic nonresidues np modulo p shows that n (log p)(log log p). p ≪ 1 Introduction Given a prime p 2, a nonzero element u F is called a quadratic residue, equiva- ≥ ∈ p lently, a square modulo p whenever the quadratic congruence x2 u 0mod p is solvable. − ≡ Otherwise, it called a quadratic nonresidue. A finite field Fp contains (p + 1)/2 squares = u2 mod p : 0 u < p/2 , including zero. The quadratic residues are uniformly R { ≤ } distributed over the interval [1,p 1]. Likewise, the quadratic nonresidues are uniformly − distributed over the same interval. Let k 1 be a small integer. This note is concerned with the longest runs of consecutive ≥ quadratic residues and consecutive quadratic nonresidues (or any pattern) u, u + 1, u + 2, . , u + k 1, (1) − in the finite field F , and large subsets F . Let N(k,p) be a tally of the number of p A ⊂ p sequences 1. Theorem 1.1. Let p 2 be a large prime, and let k = O (log p) be an integer. Then, the ≥ finite field Fp contains k consecutive quadratic residues (or quadratic nonresidues or any pattern). Furthermore, the number of k tuples has the asymptotic formulas p 1 k 1 (i) N(k,p)= 1 1+ O , if k 1.
  • STORY of SQUARE ROOTS and QUADRATIC RESIDUES

    STORY of SQUARE ROOTS and QUADRATIC RESIDUES

    CHAPTER 6: OTHER CRYPTOSYSTEMS and BASIC CRYPTOGRAPHY PRIMITIVES A large number of interesting and important cryptosystems have already been designed. In this chapter we present several other of them in order to illustrate other principles and techniques that can be used to design cryptosystems. Part I At first, we present several cryptosystems security of which is based on the fact that computation of square roots and discrete logarithms is in general unfeasible in some Public-key cryptosystems II. Other cryptosystems and groups. cryptographic primitives Secondly, we discuss one of the fundamental questions of modern cryptography: when can a cryptosystem be considered as (computationally) perfectly secure? In order to do that we will: discuss the role randomness play in the cryptography; introduce the very fundamental definitions of perfect security of cryptosystem; present some examples of perfectly secure cryptosystems. Finally, we will discuss, in some details, such very important cryptography primitives as pseudo-random number generators and hash functions . IV054 1. Public-key cryptosystems II. Other cryptosystems and cryptographic primitives 2/65 FROM THE APPENDIX MODULAR SQUARE ROOTS PROBLEM The problem is to determine, given integers y and n, such an integer x that y = x 2 mod n. Therefore the problem is to find square roots of y modulo n STORY of SQUARE ROOTS Examples x x 2 = 1 (mod 15) = 1, 4, 11, 14 { | } { } x x 2 = 2 (mod 15) = and { | } ∅ x x 2 = 3 (mod 15) = { | } ∅ x x 2 = 4 (mod 15) = 2, 7, 8, 13 { | } { } x x 2 = 9 (mod 15) = 3, 12 QUADRATIC RESIDUES { | } { } No polynomial time algorithm is known to solve the modular square root problem for arbitrary modulus n.
  • Phatak Primality Test (PPT)

    Phatak Primality Test (PPT)

    PPT : New Low Complexity Deterministic Primality Tests Leveraging Explicit and Implicit Non-Residues A Set of Three Companion Manuscripts PART/Article 1 : Introducing Three Main New Primality Conjectures: Phatak’s Baseline Primality (PBP) Conjecture , and its extensions to Phatak’s Generalized Primality Conjecture (PGPC) , and Furthermost Generalized Primality Conjecture (FGPC) , and New Fast Primailty Testing Algorithms Based on the Conjectures and other results. PART/Article 2 : Substantial Experimental Data and Evidence1 PART/Article 3 : Analytic Proofs of Baseline Primality Conjecture for Special Cases Dhananjay Phatak ([email protected]) and Alan T. Sherman2 and Steven D. Houston and Andrew Henry (CSEE Dept. UMBC, 1000 Hilltop Circle, Baltimore, MD 21250, U.S.A.) 1 No counter example has been found 2 Phatak and Sherman are affiliated with the UMBC Cyber Defense Laboratory (CDL) directed by Prof. Alan T. Sherman Overall Document (set of 3 articles) – page 1 First identification of the Baseline Primality Conjecture @ ≈ 15th March 2018 First identification of the Generalized Primality Conjecture @ ≈ 10th June 2019 Last document revision date (time-stamp) = August 19, 2019 Color convention used in (the PDF version) of this document : All clickable hyper-links to external web-sites are brown : For example : G. E. Pinch’s excellent data-site that lists of all Carmichael numbers <10(18) . clickable hyper-links to references cited appear in magenta. Ex : G.E. Pinch’s web-site mentioned above is also accessible via reference [1] All other jumps within the document appear in darkish-green color. These include Links to : Equations by the number : For example, the expression for BCC is specified in Equation (11); Links to Tables, Figures, and Sections or other arbitrary hyper-targets.
  • Chapter 21: Is -1 a Square Modulo P? Is 2?

    Chapter 21: Is -1 a Square Modulo P? Is 2?

    Chapter 21 Is −1 a Square Modulo p? Is 2? In the previous chapter we took various primes p and looked at the a’s that were quadratic residues and the a’s that were nonresidues. For example, we made a table of squares modulo 13 and used the table to see that 3 and 12 are QRs modulo 13, while 2 and 5 are NRs modulo 13. In keeping with all of the best traditions of mathematics, we now turn this problem on its head. Rather than taking a particular prime p and listing the a’s that are QRs and NRs, we instead fix an a and ask for which primes p is a a QR. To make it clear exactly what we’re asking, we start with the particular value a = −1. The question that we want to answer is as follows: For which primes p is −1 a QR? We can rephrase this question in other ways, such as “For which primes p does 2 (the) congruence x ≡ −1 (mod p) have a solution?” and “For which primes p is −1 p = 1?” As always, we need some data before we can make any hypotheses. We can answer our question for small primes in the usual mindless way by making a table of 12; 22; 32;::: (mod p) and checking if any of the numbers are congruent to −1 modulo p. So, for example, −1 is not a square modulo 3, since 12 ̸≡ −1 (mod 3) and 22 ̸≡ −1 (mod 3), while −1 is a square modulo 5, since 22 ≡ −1 (mod 5).
  • MULTIPLICATIVE SEMIGROUPS RELATED to the 3X + 1 PROBLEM

    MULTIPLICATIVE SEMIGROUPS RELATED to the 3X + 1 PROBLEM

    MULTIPLICATIVE SEMIGROUPS RELATED TO THE 3x +1 PROBLEM ANA CARAIANI Abstract. Recently Lagarias introduced the Wild semigroup, which is inti- mately connected to the 3x +1Conjecture. Applegate and Lagarias proved a weakened form of the 3x +1 Conjecture while simultaneously characterizing the Wild semigroup through the Wild Number Theorem. In this paper, we consider a generalization of the Wild semigroup which leads to the statement of a weak qx+1 conjecture for q any prime. We prove our conjecture for q =5 together with a result analogous to the Wild Number Theorem. Next, we look at two other classes of variations of the Wild semigroup and prove a general statement of the same type as the Wild Number Theorem. 1. Introduction The 3x +1iteration is given by the function on the integers x for x even T (x)= 2 3x+1 for x odd. ! 2 The 3x +1 conjecture asserts that iteration of this function, starting from any positive integer n, eventually reaches the integer 1. This is a famous unsolved problem. Farkas [2] formulated a semigroup problem which represents a weakening of the 3x +1conjecture. He associated to this iteration the multiplicative semigroup W generated by all the rationals n for n 1. We’ll call this the 3x +1semigroup, T (n) ≥ following the nomenclature in [1]. This generating set is easily seen to be 2n +1 G = : n 0 2 3n +2 ≥ ∪{ } ! " because the iteration can be written T (2n + 1) = 3n +2and T (2n)=n. Farkas observes that 1= 1 2 W and that if T (n) W then n = n T (n) W .
  • UC San Diego Electronic Theses and Dissertations

    UC San Diego Electronic Theses and Dissertations

    UC San Diego UC San Diego Electronic Theses and Dissertations Title Norm-Euclidean Galois fields Permalink https://escholarship.org/uc/item/359664zv Author McGown, Kevin Joseph Publication Date 2010 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITY OF CALIFORNIA, SAN DIEGO Norm-Euclidean Galois Fields A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Mathematics by Kevin Joseph McGown Committee in charge: Professor Harold Stark, Chair Professor Wee Teck Gan Professor Ronald Graham Professor Russell Impagliazzo Professor Cristian Popescu 2010 Copyright Kevin Joseph McGown, 2010 All rights reserved. The dissertation of Kevin Joseph McGown is ap- proved, and it is acceptable in quality and form for publication on microfilm and electronically: Chair University of California, San Diego 2010 iii DEDICATION To my wife iv TABLE OF CONTENTS Signature Page . iii Dedication . iv Table of Contents . v List of Tables . vii Acknowledgements . viii Vita . ix Abstract of the Dissertation . x 1 Introduction . 1 1.1 First Notions . 1 1.2 History . 2 1.3 Open Problems . 4 1.4 Main Results . 5 2 Preliminaries . 11 2.1 Algebraic Number Fields . 11 2.2 Dirichlet Characters . 13 2.3 Residue Symbols in Number Fields . 15 2.4 Class Field Theory . 15 2.5 Zeta Functions and L-Functions . 17 2.6 Number Fields with Class Number One . 19 2.7 Heilbronn's Criterion . 21 3 Norm-Euclidean Galois Fields . 22 3.1 Conditions for the Failure of the Euclidean Property . 22 3.2 An Algorithm and Some Computations .
  • Some Aspects and Applications of the Riemann Hypothesis Over Finite Fields

    Some Aspects and Applications of the Riemann Hypothesis Over Finite Fields

    SOME ASPECTS AND APPLICATIONS OF THE RIEMANN HYPOTHESIS OVER FINITE FIELDS E. KOWALSKI Abstract. We give a survey of some aspects of the Riemann Hypothe- sis over finite fields, as it was proved by Deligne, and its applications to analytic number theory. In particular, we concentrate on the formalism leading to Deligne's Equidistribution Theorem. 1. Introduction The goal of this survey is to present some aspects of the Riemann Hy- pothesis over finite fields. The context is Deligne's celebrated work ([5], [6]) and its applications, and the text is roughly split in two parts. In the first part, we try to introduce and motivate the framework in which the powerful formalism of ´etalecohomology and the Riemann Hypothesis operate, em- phasizing aspects leading to Deligne's remarkable Equidistribution Theorem. The second part (starting in Section 5) is a discussion of this theorem, which involves naturally \families" of exponential sums and L-functions over finite fields, and of some (mostly) recent applications of the Riemann Hypoth- esis and Deligne's theorem, concluding with a short list of open problems (emphasizing general, \philosophical" issues, rather than specific questions). This is written with a target audience of readers who are not experts in algebraic geometry, in particular analytic number theorists. We use a few basic examples as references, notably Gauss sums, Kloosterman sums (and their average Sato-Tate distribution) and the very simple { but enlighten- ing { case of finite (zero-dimensional) algebraic varieties. The emphasis is throughout in situations which, at least at first sight, are not immediately or obviously analogue to the classical Riemann Hypothesis for the Riemann zeta and Dirichlet L-functions.
  • Zetapack: a System for the Computation of Zeta and L-Functions with Mathematica

    Zetapack: a System for the Computation of Zeta and L-Functions with Mathematica

    ZetaPack: A system for the computation of zeta and L-functions with Mathematica Kevin A. Broughan Version: 6th July 2007 2 Contents Contents 3 0.1 Preface . 9 0.2 Description . 9 0.3 Installation . 9 0.4 Acknowledgements . 10 0.5 Dedication . 10 1 Zeta and L-functions 11 1.1 Introduction . 11 1.2 Classes of zeta and L-functions . 12 1.2.1 The Selberg class . 12 1.2.2 Properties of the Selberg Class . 13 1.2.3 Selberg's conjectures . 14 1.2.4 Consequences of the Selberg de nitions and conjectures . 15 1.2.5 Functions in the Selberg class . 15 1.2.6 Dokchitser L-functions . 15 1.2.7 Functions in the Dokchitser class . 16 1.3 Automorphic forms for GL(n; R) ............................. 16 1.3.1 Iwasawa decomposition . 16 1.3.2 Algebras of di erential operators . 17 1.3.3 The power function . 17 1.3.4 Maass forms . 18 1.3.5 Fourier expansions . 18 1.3.6 Jacquet's Whittaker function . 19 1.3.7 Hecke operators . 20 1.3.8 Godement-Jacquet L-function . 21 1.3.9 Functional equation . 22 1.4 Dictionaries . 23 1.5 ZetaPack functions . 23 1.6 The L-function data type . 24 2 A database of elementary Dirichlet Series 27 2.1 Introduction . 27 2.2 Multiplicative Functions . 27 3 4 CONTENTS 2.3 Database summary . 29 2.4 Operations on Dirichlet series . 31 2.5 Inverting a Riemann zeta related Dirichlet series . 32 2.6 Euler Products . 33 2.7 Evaluating the Riemann zeta function .
  • ON CERTAIN CHARACTER SUMS OVER Fq[T] 1. Introduction In

    ON CERTAIN CHARACTER SUMS OVER Fq[T] 1. Introduction In

    PROCEEDINGS OF THE AMERICAN MATHEMATICAL SOCIETY Volume 126, Number 3, March 1998, Pages 647{652 S 0002-9939(98)04582-1 ON CERTAIN CHARACTER SUMS OVER Fq[T ] CHIH-NUNG HSU (Communicated by Dennis A. Hejhal) Abstract. Let Fq be the finite field with q elements and let A denote the ring of polynomials in one variable with coefficients in Fq .LetPbe a monic polynomial irreducible in A. We obtain a bound for the least degree of a monic polynomial irreducible in A (q odd) which is a quadratic non-residue modulo P . We also find a bound for the least degree of a monic polynomial irreducible in A which is a primitive root modulo P . 1. Introduction In [1], on the assumption of the Extended Riemann Hypothesis, Ankeny proved that the least positive quadratic non-residue of the prime k is O((log k)2)andthe ν(k 1) ν(k 1) 2 least positive primitive root (mod k)isO (2 − log k(log 2 − log k)) ,where ν(k 1) denotes the number of distinct prime{ factors of k 1. } − − Let Fq be the finite field with q elements and let A denote the ring of polynomials in one variable with coefficients in Fq.LetPbe a monic irreducible in A.Inthis note, we establish the following results: (1) When q is odd, the least degree of a monic irreducible in A which is a quadratic non-residue modulo P is less than 2 + 2 logq(1 + deg P ) (corollary 2:2). In fact, this result is deduced from a more general situation (proposition 2:1).