Cryptology and Computational Number Theory (Boulder, Colorado, August 1989) 41 R
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Fast Tabulation of Challenge Pseudoprimes Andrew Shallue and Jonathan Webster
THE OPEN BOOK SERIES 2 ANTS XIII Proceedings of the Thirteenth Algorithmic Number Theory Symposium Fast tabulation of challenge pseudoprimes Andrew Shallue and Jonathan Webster msp THE OPEN BOOK SERIES 2 (2019) Thirteenth Algorithmic Number Theory Symposium msp dx.doi.org/10.2140/obs.2019.2.411 Fast tabulation of challenge pseudoprimes Andrew Shallue and Jonathan Webster We provide a new algorithm for tabulating composite numbers which are pseudoprimes to both a Fermat test and a Lucas test. Our algorithm is optimized for parameter choices that minimize the occurrence of pseudoprimes, and for pseudoprimes with a fixed number of prime factors. Using this, we have confirmed that there are no PSW-challenge pseudoprimes with two or three prime factors up to 280. In the case where one is tabulating challenge pseudoprimes with a fixed number of prime factors, we prove our algorithm gives an unconditional asymptotic improvement over previous methods. 1. Introduction Pomerance, Selfridge, and Wagstaff famously offered $620 for a composite n that satisfies (1) 2n 1 1 .mod n/ so n is a base-2 Fermat pseudoprime, Á (2) .5 n/ 1 so n is not a square modulo 5, and j D (3) Fn 1 0 .mod n/ so n is a Fibonacci pseudoprime, C Á or to prove that no such n exists. We call composites that satisfy these conditions PSW-challenge pseudo- primes. In[PSW80] they credit R. Baillie with the discovery that combining a Fermat test with a Lucas test (with a certain specific parameter choice) makes for an especially effective primality test[BW80]. -
500 Natural Sciences and Mathematics
500 500 Natural sciences and mathematics Natural sciences: sciences that deal with matter and energy, or with objects and processes observable in nature Class here interdisciplinary works on natural and applied sciences Class natural history in 508. Class scientific principles of a subject with the subject, plus notation 01 from Table 1, e.g., scientific principles of photography 770.1 For government policy on science, see 338.9; for applied sciences, see 600 See Manual at 231.7 vs. 213, 500, 576.8; also at 338.9 vs. 352.7, 500; also at 500 vs. 001 SUMMARY 500.2–.8 [Physical sciences, space sciences, groups of people] 501–509 Standard subdivisions and natural history 510 Mathematics 520 Astronomy and allied sciences 530 Physics 540 Chemistry and allied sciences 550 Earth sciences 560 Paleontology 570 Biology 580 Plants 590 Animals .2 Physical sciences For astronomy and allied sciences, see 520; for physics, see 530; for chemistry and allied sciences, see 540; for earth sciences, see 550 .5 Space sciences For astronomy, see 520; for earth sciences in other worlds, see 550. For space sciences aspects of a specific subject, see the subject, plus notation 091 from Table 1, e.g., chemical reactions in space 541.390919 See Manual at 520 vs. 500.5, 523.1, 530.1, 919.9 .8 Groups of people Add to base number 500.8 the numbers following —08 in notation 081–089 from Table 1, e.g., women in science 500.82 501 Philosophy and theory Class scientific method as a general research technique in 001.4; class scientific method applied in the natural sciences in 507.2 502 Miscellany 577 502 Dewey Decimal Classification 502 .8 Auxiliary techniques and procedures; apparatus, equipment, materials Including microscopy; microscopes; interdisciplinary works on microscopy Class stereology with compound microscopes, stereology with electron microscopes in 502; class interdisciplinary works on photomicrography in 778.3 For manufacture of microscopes, see 681. -
Reproducibility and Pseudo-Determinism in Log-Space
Reproducibility and Pseudo-determinism in Log-Space by Ofer Grossman S.B., Massachusetts Institute of Technology (2017) Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering and Computer Science at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY May 2020 c Massachusetts Institute of Technology 2020. All rights reserved. Author...................................................................... Department of Electrical Engineering and Computer Science May 15, 2020 Certified by.................................................................. Shafi Goldwasser RSA Professor of Electrical Engineering and Computer Science Thesis Supervisor Accepted by................................................................. Leslie A. Kolodziejski Professor of Electrical Engineering and Computer Science Chair, Department Committee on Graduate Students 2 Reproducibility and Pseudo-determinism in Log-Space by Ofer Grossman Submitted to the Department of Electrical Engineering and Computer Science on May 15, 2020, in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering and Computer Science Abstract Acuriouspropertyofrandomizedlog-spacesearchalgorithmsisthattheiroutputsareoften longer than their workspace. This leads to the question: how can we reproduce the results of a randomized log space computation without storing the output or randomness verbatim? Running the algorithm again with new -
Fault-Tolerant Distributed Computing in Full-Information Networks
Fault-Tolerant Distributed Computing in Full-Information Networks Shafi Goldwasser∗ Elan Pavlov Vinod Vaikuntanathan∗ CSAIL, MIT MIT CSAIL, MIT Cambridge MA, USA Cambridge MA, USA Cambridge MA, USA December 15, 2006 Abstract In this paper, we use random-selection protocols in the full-information model to solve classical problems in distributed computing. Our main results are the following: • An O(log n)-round randomized Byzantine Agreement (BA) protocol in a synchronous full-information n network tolerating t < 3+ faulty players (for any constant > 0). As such, our protocol is asymp- totically optimal in terms of fault-tolerance. • An O(1)-round randomized BA protocol in a synchronous full-information network tolerating t = n O( (log n)1.58 ) faulty players. • A compiler that converts any randomized protocol Πin designed to tolerate t fail-stop faults, where the n source of randomness of Πin is an SV-source, into a protocol Πout that tolerates min(t, 3 ) Byzantine ∗ faults. If the round-complexity of Πin is r, that of Πout is O(r log n). Central to our results is the development of a new tool, “audited protocols”. Informally “auditing” is a transformation that converts any protocol that assumes built-in broadcast channels into one that achieves a slightly weaker guarantee, without assuming broadcast channels. We regard this as a tool of independent interest, which could potentially find applications in the design of simple and modular randomized distributed algorithms. ∗Supported by NSF grants CNS-0430450 and CCF0514167. 1 1 Introduction The problem of how n players, some of who may be faulty, can make a common random selection in a set, has received much attention. -
Math 788M: Computational Number Theory (Instructor’S Notes)
Math 788M: Computational Number Theory (Instructor’s Notes) The Very Beginning: • A positive integer n can be written in n steps. • The role of numerals (now O(log n) steps) • Can we do better? (Example: The largest known prime contains 258716 digits and doesn’t take long to write down. It’s 2859433 − 1.) Running Time of Algorithms: • A positive integer n in base b contains [logb n] + 1 digits. • Big-Oh & Little-Oh Notation (as well as , , ∼, ) Examples 1: log (1 + (1/n)) = O(1/n) Examples 2: [logb n] + 1 log n Examples 3: 1 + 2 + ··· + n n2 These notes are for a course taught by Michael Filaseta in the Spring of 1996 and being updated for Fall of 2007. Computational Number Theory Notes 2 Examples 4: f a polynomial of degree k =⇒ f(n) = O(nk) Examples 5: (r + 1)π ∼ rπ • We will want algorithms to run quickly (in a small number of steps) in comparison to the length of the input. For example, we may ask, “How quickly can we factor a positive integer n?” One considers the length of the input n to be of order log n (corresponding to the number of binary digits n has). An algorithm runs in polynomial time if the number of steps it takes is bounded above by a polynomial in the length of the input. An algorithm to factor n in polynomial time would require that it take O (log n)k steps (and that it factor n). Addition and Subtraction (of n and m): • We are taught how to do binary addition and subtraction in O(log n + log m) steps. -
Number Theory
“mcs-ftl” — 2010/9/8 — 0:40 — page 81 — #87 4 Number Theory Number theory is the study of the integers. Why anyone would want to study the integers is not immediately obvious. First of all, what’s to know? There’s 0, there’s 1, 2, 3, and so on, and, oh yeah, -1, -2, . Which one don’t you understand? Sec- ond, what practical value is there in it? The mathematician G. H. Hardy expressed pleasure in its impracticality when he wrote: [Number theorists] may be justified in rejoicing that there is one sci- ence, at any rate, and that their own, whose very remoteness from or- dinary human activities should keep it gentle and clean. Hardy was specially concerned that number theory not be used in warfare; he was a pacifist. You may applaud his sentiments, but he got it wrong: Number Theory underlies modern cryptography, which is what makes secure online communication possible. Secure communication is of course crucial in war—which may leave poor Hardy spinning in his grave. It’s also central to online commerce. Every time you buy a book from Amazon, check your grades on WebSIS, or use a PayPal account, you are relying on number theoretic algorithms. Number theory also provides an excellent environment for us to practice and apply the proof techniques that we developed in Chapters 2 and 3. Since we’ll be focusing on properties of the integers, we’ll adopt the default convention in this chapter that variables range over the set of integers, Z. 4.1 Divisibility The nature of number theory emerges as soon as we consider the divides relation a divides b iff ak b for some k: D The notation, a b, is an abbreviation for “a divides b.” If a b, then we also j j say that b is a multiple of a. -
A Taste of Set Theory for Philosophers
Journal of the Indian Council of Philosophical Research, Vol. XXVII, No. 2. A Special Issue on "Logic and Philosophy Today", 143-163, 2010. Reprinted in "Logic and Philosophy Today" (edited by A. Gupta ans J.v.Benthem), College Publications vol 29, 141-162, 2011. A taste of set theory for philosophers Jouko Va¨an¨ anen¨ ∗ Department of Mathematics and Statistics University of Helsinki and Institute for Logic, Language and Computation University of Amsterdam November 17, 2010 Contents 1 Introduction 1 2 Elementary set theory 2 3 Cardinal and ordinal numbers 3 3.1 Equipollence . 4 3.2 Countable sets . 6 3.3 Ordinals . 7 3.4 Cardinals . 8 4 Axiomatic set theory 9 5 Axiom of Choice 12 6 Independence results 13 7 Some recent work 14 7.1 Descriptive Set Theory . 14 7.2 Non well-founded set theory . 14 7.3 Constructive set theory . 15 8 Historical Remarks and Further Reading 15 ∗Research partially supported by grant 40734 of the Academy of Finland and by the EUROCORES LogICCC LINT programme. I Journal of the Indian Council of Philosophical Research, Vol. XXVII, No. 2. A Special Issue on "Logic and Philosophy Today", 143-163, 2010. Reprinted in "Logic and Philosophy Today" (edited by A. Gupta ans J.v.Benthem), College Publications vol 29, 141-162, 2011. 1 Introduction Originally set theory was a theory of infinity, an attempt to understand infinity in ex- act terms. Later it became a universal language for mathematics and an attempt to give a foundation for all of mathematics, and thereby to all sciences that are based on mathematics. -
Fast Generation of RSA Keys Using Smooth Integers
1 Fast Generation of RSA Keys using Smooth Integers Vassil Dimitrov, Luigi Vigneri and Vidal Attias Abstract—Primality generation is the cornerstone of several essential cryptographic systems. The problem has been a subject of deep investigations, but there is still a substantial room for improvements. Typically, the algorithms used have two parts – trial divisions aimed at eliminating numbers with small prime factors and primality tests based on an easy-to-compute statement that is valid for primes and invalid for composites. In this paper, we will showcase a technique that will eliminate the first phase of the primality testing algorithms. The computational simulations show a reduction of the primality generation time by about 30% in the case of 1024-bit RSA key pairs. This can be particularly beneficial in the case of decentralized environments for shared RSA keys as the initial trial division part of the key generation algorithms can be avoided at no cost. This also significantly reduces the communication complexity. Another essential contribution of the paper is the introduction of a new one-way function that is computationally simpler than the existing ones used in public-key cryptography. This function can be used to create new random number generators, and it also could be potentially used for designing entirely new public-key encryption systems. Index Terms—Multiple-base Representations, Public-Key Cryptography, Primality Testing, Computational Number Theory, RSA ✦ 1 INTRODUCTION 1.1 Fast generation of prime numbers DDITIVE number theory is a fascinating area of The generation of prime numbers is a cornerstone of A mathematics. In it one can find problems with cryptographic systems such as the RSA cryptosystem. -
Complexity Theory
Complexity Theory Course Notes Sebastiaan A. Terwijn Radboud University Nijmegen Department of Mathematics P.O. Box 9010 6500 GL Nijmegen the Netherlands [email protected] Copyright c 2010 by Sebastiaan A. Terwijn Version: December 2017 ii Contents 1 Introduction 1 1.1 Complexity theory . .1 1.2 Preliminaries . .1 1.3 Turing machines . .2 1.4 Big O and small o .........................3 1.5 Logic . .3 1.6 Number theory . .4 1.7 Exercises . .5 2 Basics 6 2.1 Time and space bounds . .6 2.2 Inclusions between classes . .7 2.3 Hierarchy theorems . .8 2.4 Central complexity classes . 10 2.5 Problems from logic, algebra, and graph theory . 11 2.6 The Immerman-Szelepcs´enyi Theorem . 12 2.7 Exercises . 14 3 Reductions and completeness 16 3.1 Many-one reductions . 16 3.2 NP-complete problems . 18 3.3 More decision problems from logic . 19 3.4 Completeness of Hamilton path and TSP . 22 3.5 Exercises . 24 4 Relativized computation and the polynomial hierarchy 27 4.1 Relativized computation . 27 4.2 The Polynomial Hierarchy . 28 4.3 Relativization . 31 4.4 Exercises . 32 iii 5 Diagonalization 34 5.1 The Halting Problem . 34 5.2 Intermediate sets . 34 5.3 Oracle separations . 36 5.4 Many-one versus Turing reductions . 38 5.5 Sparse sets . 38 5.6 The Gap Theorem . 40 5.7 The Speed-Up Theorem . 41 5.8 Exercises . 43 6 Randomized computation 45 6.1 Probabilistic classes . 45 6.2 More about BPP . 48 6.3 The classes RP and ZPP . -
Representation Theory* Its Rise and Its Role in Number Theory
Representation Theory* Its Rise and Its Role in Number Theory Introduction By representation theory we understand the representation of a group by linear transformations of a vector space. Initially, the group is finite, as in the researches of Dedekind and Frobenius, two of the founders of the subject, or a compact Lie group, as in the theory of invariants and the researches of Hurwitz and Schur, and the vector space finite-dimensional, so that the group is being represented as a group of matrices. Under the combined influences of relativity theory and quantum mechanics, in the context of relativistic field theories in the nineteen-thirties, the Lie group ceased to be compact and the space to be finite-dimensional, and the study of infinite-dimensional representations of Lie groups began. It never became, so far as I can judge, of any importance to physics, but it was continued by mathematicians, with strictly mathematical, even somewhat narrow, goals, and led, largely in the hands of Harish-Chandra, to a profound and unexpectedly elegant theory that, we now appreciate, suggests solutions to classical problems in domains, especially the theory of numbers, far removed from the concerns of Dirac and Wigner, in whose papers the notion first appears. Physicists continue to offer mathematicians new notions, even within representation theory, the Virasoro algebra and its representations being one of the most recent, that may be as fecund. Predictions are out of place, but it is well to remind ourselves that the representation theory of noncompact Lie groups revealed its force and its true lines only after an enormous effort, over two decades and by one of the very best mathematical minds of our time, to establish rigorously and in general the elements of what appeared to be a somewhat peripheral subject. -
1914 Martin Gardner
ΠME Journal, Vol. 13, No. 10, pp 577–609, 2014. 577 THE PI MU EPSILON 100TH ANNIVERSARY PROBLEMS: PART II STEVEN J. MILLER∗, JAMES M. ANDREWS†, AND AVERY T. CARR‡ As 2014 marks the 100th anniversary of Pi Mu Epsilon, we thought it would be fun to celebrate with 100 problems related to important mathematics milestones of the past century. The problems and notes below are meant to provide a brief tour through some of the most exciting and influential moments in recent mathematics. No list can be complete, and of course there are far too many items to celebrate. This list must painfully miss many people’s favorites. As the goal is to introduce students to some of the history of mathematics, ac- cessibility counted far more than importance in breaking ties, and thus the list below is populated with many problems that are more recreational. Many others are well known and extensively studied in the literature; however, as our goal is to introduce people to what can be done in and with mathematics, we’ve decided to include many of these as exercises since attacking them is a great way to learn. We have tried to include some background text before each problem framing it, and references for further reading. This has led to a very long document, so for space issues we split it into four parts (based on the congruence of the year modulo 4). That said: Enjoy! 1914 Martin Gardner Few twentieth-century mathematical authors have written on such diverse sub- jects as Martin Gardner (1914–2010), whose books, numbering over seventy, cover not only numerous fields of mathematics but also literature, philosophy, pseudoscience, religion, and magic. -
The Quadratic Sieve Factoring Algorithm
The Quadratic Sieve Factoring Algorithm Eric Landquist MATH 488: Cryptographic Algorithms December 14, 2001 1 1 Introduction Mathematicians have been attempting to find better and faster ways to fac- tor composite numbers since the beginning of time. Initially this involved dividing a number by larger and larger primes until you had the factoriza- tion. This trial division was not improved upon until Fermat applied the factorization of the difference of two squares: a2 b2 = (a b)(a + b). In his method, we begin with the number to be factored:− n. We− find the smallest square larger than n, and test to see if the difference is square. If so, then we can apply the trick of factoring the difference of two squares to find the factors of n. If the difference is not a perfect square, then we find the next largest square, and repeat the process. While Fermat's method is much faster than trial division, when it comes to the real world of factoring, for example factoring an RSA modulus several hundred digits long, the purely iterative method of Fermat is too slow. Sev- eral other methods have been presented, such as the Elliptic Curve Method discovered by H. Lenstra in 1987 and a pair of probabilistic methods by Pollard in the mid 70's, the p 1 method and the ρ method. The fastest algorithms, however, utilize the− same trick as Fermat, examples of which are the Continued Fraction Method, the Quadratic Sieve (and it variants), and the Number Field Sieve (and its variants). The exception to this is the El- liptic Curve Method, which runs almost as fast as the Quadratic Sieve.