A. K. Lenstra and H. Lenstra, "Algorithms in number theory", pp. 673--717 in Handbook of Theoretical Computer Science, A: Algorithms and Complexity (edited by J. Van Leeuwen), MIT Press, Cambridge, MA, 1990.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....1 and 2 where not explicitly stated in [Y] 2 The new method The intuition behind the method is that if some patterns in the binary representation of the exponent reappear, then we don t have to recompute their contribution, if we already stored it. The method is similar to the m ary method [L], with two differences. First, in the m ary method we may do some precomputations, which are not used later, while in the new method we precompute exactly those subexponents that we are about to use. Second, we do not bound our precomputations to a fixed predetermined length. Rather our algorithm ....

A.K. Lenstra, and H.W. Lenstra, Jr.: "Algorithms in Number Theory," Technical Report 87-008, Univ. of Chicago, Dept. of CS, May 1987

....one cannot prove (for any fixed f3) that there are infinitely many elliptic curves over F2 (as r, and the coe ficien[s , vary) of Balmost prime order. Because of results of Deuring [3] Waterhouse i lO] and Schoof [17] on the distribution of this order (see also Lenstra s Proposirion r in [11]) ve know that for large n the orders of the elliptic curves over F2 at, ose to being uniformly distributed among the even numbers N which satisfy . 2 11 2v = 2 2 (more precisely, to be sure there is an E with a given . one must take N closer to 2 1, i.e. IN 2 11 ....

Lenstra A. K. and Lenstra H. W., 3'r., "Algorithms in number theory," Technical Report $7-008, lniv. Civicago, $7.

....semi ring. The successive squaring technique does not seem applicable to these problems since the technique does not compute all the intermediate configurations. The REACHABILITY and t REAcHABILITY problems for (USRING, LINEAR) SDSs appear to be closely related to the discrete logarithm problem [63]. 5.4 Factorization of SDS The idea behind the factorization of a given SDS is to relate it to SDS considered over simpler graphs. Accordingly, the term relation has to be made precise which results in defining what a morphism between SDS is: Definition 5.1 Let [ z,a] and [Fy, be two SDS. An ....

A. K. Lenstra and H. W. Lenstra, Jr. Algorithms in Number Theory. in Handbook of Theoretical Computer Science, Vol. A, Edited by J. van Leeuwen, MIT Press, 1990.

....width jI j = 2 there can be at most 15 integers N with gcd(N; S) In particular, in any interval of width 2 contained in [T ; 2T ] there are at most 15 strongly s smooth numbers. Providing good bounds on the number of smooth integers in short intervals is a long standing open problem [15]. Most bounds on the density of smooth integers make use of analytic tools. In contrast, our bounds are derived by purely algebraic (and algorithmic) means. 4. GENERALIZED CRT LIST DECODING Common integer factoring algorithms such as the quadratic sieve [15] and the number eld sieve [16] work ....

....is a long standing open problem [15] Most bounds on the density of smooth integers make use of analytic tools. In contrast, our bounds are derived by purely algebraic (and algorithmic) means. 4. GENERALIZED CRT LIST DECODING Common integer factoring algorithms such as the quadratic sieve [15] and the number eld sieve [16] work by searching for smooth integers. However, rather than searching for smooth integers in a given interval, these algorithms search for integers x 2 [ B; B] such that f(x) is s smooth. Here f(x) is some low degree polynomial and B and s are some prede ned ....

[Article contains additional citation context not shown here]

A. Lenstra, H.W. Lenstra Jr., \Algorithms in Number Theory", in Handbook of Theoretical Computer Science (Volume A: Algorithms and Complexity), ch. 12, pp. 673-715, 1990.

....1 : 1 mapping between two sets of equal cardinality. Another class of one way functions which come up sometime, are those having the trapdoor property. Rather than formally introducing this class, let us present the canonical example: Example 3. 6: There is a randomized polynomial time algorithm ([LeL] and the references therein) to test whether a given number is prime or not. The expected run time of this algorithm on an n digit number is polynomial in n. By the prime number theorem (and in fact, even by older estimates of Tchebyshef, e.g. HW] about one out of any n integers with n digits ....

....of the form x = g k for some integer k. This k is the discrete log of x (to base g) While it is easy to evaluate g k , given g; k, it is believed to be computationally infeasible to find k given x and g. More on computation in finite fields and computational number theory, can be found in [LeL]. Remark 3.8: Technically we need to assume in the definition of one way functions, that M is run on f(x) concatenated with a string of n 1 0 s, to allow M run in time polynomial in n; because the length jf(x)j may be much smaller than n = jxj: The applications of one way functions to ....

A. K. Lenstra and H. W. Lenstra Jr., Algorithms in Number Theory, in Handbook of Theoretical Computer Science, vol. A, (J. van Leeuwen ed.), The MIT Press/Elsevier, (1990) 673 - 715.

....section we review some basic number theoretic and computational facts. For a more extensive review of elementary number theory see [121] 105] or [8] An excellent overview of the problems of factoring integers, testing primality, and computing discrete logarithms also appears in this volume [103]. It is apparently the case that it is dramatically easier to tell whether a given number is prime or composite than it is to factor a given composite number into its constituent prime factors; this di erence in computational diculty is the basis for many cryptosystems. Finding large prime ....

A. K. Lenstra and H. W. Lenstra, Jr. Algorithms in number theory. In this volume, NorthHolland, 1989.

....issues. We treat general issues first and then explain the two computations separately. Note that while we are are only interested in the case of SL 2 (K) for K a prime field, the extension of these methods to arbitrary finite fields is straightforward using algorithms such as those described in [Le]. In this section p shall denote an odd prime, and K = F p the field of p elements. 4.1 Working in the base field Section 2 shows that the representations of SL 2 (p) essentially occur as p representations of size p. Thus, we must as a matter of practicality limit ourselves to primes on the ....

A. K. Lenstra and H. Lenstra. Algorithms in number theory. In Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity, ed. J. Van Leeuwen, MIT Press, Cambridge, MA, 673-717, 1990.

....using digital signatures, so it is not possible that a single entity simulates the behavior of n authorities whose public keys are commonly known to the observers. 4 If this O(l) search method is considered too slow for a large scale election, Shanks baby step giant step algorithm (see, e.g. LL90, Section 3.1] can be applied to nd T in O( p l) time using O( p lk) bits of storage. 10 respect to at most n t malicious authorities is inherited from the robustness of the key generation and decryption protocols. Finally, vote duplication is prevented due to the fact that the proofs of ....

A. K. Lenstra and H. W. Lenstra, Jr. Algorithms in number theory. In J. van Leeuwen, editor, Handbook of Theoretical Computer Science, pages 673-715. Elsevier Science Publishers B.V., Amsterdam, 1990.

....contains several primes of medium size whose product is greater than some large bound ( BBHM00, Th. 4] This prevents the success of the following discrete log algorithm: First determine a multiple of ord ff using a method similar to Pollard s p Gamma 1 factorization method ( Pol75] see also [LL90]) Then apply the PohligHellman algorithm. The first step does not succeed in our situation because of a combinatorical explosion since ord ff has several primes of medium size. Namely, for finding a multiple of the B smooth integer ord ff one needs O(B Delta ln m= ln B) group operations, ....

....succeed in our situation because of a combinatorical explosion since ord ff has several primes of medium size. Namely, for finding a multiple of the B smooth integer ord ff one needs O(B Delta ln m= ln B) group operations, provided that an upper bound m for the element order ord ff is known (see [LL90]) 4.2 Constructing Good Orders of Algebraic Number Fields We consider briefly the special case n = 2. Imaginary quadratic number fields always have regulator R = 1, thus large class numbers h (if the discriminant has large absolute value) In [BBHM00] it was shown why their maximal orders are ....

A.K. Lenstra and H.W. Lenstra Jr. Algorithms in number theory. In J. van Leeuwen, editor, Handbook of theoretical computer science. Volume A. Algorithms and Complexity, chapter 12, pages 673--715. Elsevier, 1990.

....p ord P ) This algorithm becomes impractical if ord P 2 90 since it needs more than 2 45 bytes of storage, i.e. more than 2 15 GByte. If we however limit the memory amount to some feasible value, then the expected running time increases dramatically. 2 The Pollard Rho algorithm (see [9], 5] has the same asymptotic running time as the Babystep Giantstep Algorithm, but requires only constant storage space. Thus only the number of group additions which has to be performed induces a practical limit. Assuming that we can perform a group addition in a microsecond, it becomes ....

....of hP i. If the order of P is smooth, then these problems can be solved easily. Therefore not ord P should fulfill the bounds given above, but the largest prime factor of ord P . In other words, we require that ord P is almost a prime or even a prime itself. Any index calculus method (see [9]) consists of two stages: a (time consuming) precomputation stage, where one collects relations between group elements and solves a linear system, and a solution stage, where individual DL problems can be solved quickly. The precomputation stage is well suited for distributed computation. If one ....

A.K. Lenstra, H.W. Lenstra, Jr.: Algorithms in Number Theory, in: J. Leeuwen, Algorithms and Complexity, Elsevier Science Publishers, 1990.

....Superpolylogarithmic Subexponential Functions Alan T. Sherman Computer Science Department University of Maryland Baltimore County Baltimore, Maryland 21228 and Institute for Advanced Computer Studies University of Maryland College Park College Park, Maryland 20742 June 21, 1990 (revised April 1, 1991) Abstract A superpolylogarithmic subexponential function is any function that asymptotically grows faster than any polynomial of any logarithm but slower than any exponential. We present a recently discovered nineteenth century manuscript about these ....

....Superpolylogarithmic Subexponential Functions Alan T. Sherman Computer Science Department University of Maryland Baltimore County Baltimore, Maryland 21228 and Institute for Advanced Computer Studies University of Maryland College Park College Park, Maryland 20742 June 21, 1990 (revised April 1, 1991) Abstract A superpolylogarithmic subexponential function is any function that asymptotically grows faster than any polynomial of any logarithm but slower than any exponential. We present a recently discovered nineteenth century manuscript about these functions, which ....

[Article contains additional citation context not shown here]

Lenstra, A. K.; and H. W. Lenstra Jr., "Algorithms in number theory" in Handbook of Theoretical Computer Science, A. Meyer, M. Nivat, M. Patterson, and D. Perrin, eds., North-Hollad (Amsterdam), to appear.

....and their big O asymptotic efficiency. O notation measures how fast an algorithm is; it gives an upper bound on the number of operations (to order of magnitude) in terms of n, the number to be factored, and p, a prime factor of n. For textbook treatment of factoring algorithms, see [41] 42] [47], and [11] for a detailed explanation of big O notation, see [22] Factoring algorithms come in two flavors, special purpose and general purpose; the efficiency of the former depends on the unknown factors, whereas the efficiency of the latter depends on the number to be factored. Special ....

....same relation to these systems as factoring does to RSA: the security of these systems rests on the assumption that discrete logs are difficult to compute. The discrete log problem has received much attention in recent years; descriptions of some of the most efficient algorithms can be found in [47], 21] and [33] The best discrete log problems have expected running times similar to that of the best factoring algorithms. Rivest [72] has analyzed the expected time to solve discrete log both in terms of computing power and money. 4.10 Which is easier, factoring or discrete log The ....

A.K. Lenstra and H.W. Lenstra Jr. Algorithms in number theory. In J. van Leeuwen, editor, Handbook of Theoretical Computer Science, MIT Press/Elsevier, Amsterdam, 1990.

.... that have a subexponential expected running time: the continued fraction algorithm, the class group method, the quadratic sieve algorithms, the elliptic curve algorithm, the number field sieve, Dixon s random squares algorithm, Vallee s two thirds algorithm, and Seysen s class group algorithm (cf. [9]) Only for the last three algorithms a rigorous analysis of the expected running time has been given, for Seysen s algorithm under the assumption of the generalized Riemann hypothesis. These three algorithms tend to be less practical than the other algorithms mentioned above, although for the ....

A.K. Lenstra, H.W. Lenstra, Jr., "Algorithms in number theory," to appear in: J. van Leeuwen, A. Meyer, M. Nivat, M. Paterson, D. Perrin (eds), Handbook of theoretical computer science, North-Holland, Amsterdam.

No context found.

A. K. Lenstra and H. Lenstra, "Algorithms in number theory", pp. 673--717 in Handbook of Theoretical Computer Science, A: Algorithms and Complexity (edited by J. Van Leeuwen), MIT Press, Cambridge, MA, 1990.

No context found.

A.K. Lenstra, H.W. Lenstra, Jr., Algorithms in number theory, in J. van Leeuwen, Handbook of theoretical computer science, Elsevier Science Publishers B.V., 1990, pp. 673--715.

No context found.

A.K. Lenstra, H.W. Lenstra, Jr., Algorithms in number theory, in J. van Leeuwen (ed.), Handbook of theoretical computer science, Elsevier Science Publishers B.V., 1990, pp. 673-- 715.

No context found.

A.K. Lenstra, H.W. Lenstra, jr.: Algorithms in Number Theory. In: J. van Leeuwen (ed.): Handbook of Theoretical Computer Science. Volume A. Amsterdam: Elsevier Science Publishers 1990.

No context found.

Lenstra AK and Lenstra HW Jr, Algorithms in Number Theory, in Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity , Elsevier, New York ()

No context found.

A. Lenstra and H. W. Lenstra Jr. Algorithms in Number Theory. In Handbook of Theoretical Computer Science (Volume A: Algorithms and Complexity) , ch. 12, pp. 673--715, 1990.

No context found.

A. K. Lenstra and H. W. Lenstra, Jr. Algorithms in number theory. In Jan van Leeuwen, editor, Handbook of Theoretical Computer Science (Volume A: Algorithms and Complexity), chapter 12, pages 673--715. Elsevier and MIT Press, 1990.

No context found.

A.K. Lenstra and H.W. Lenstra Jr. Algorithms in number theory. In J. van Leeuwen, editor, Handbook of Theoretical Computer Science, MIT Press/Elsevier, Amsterdam, 1990.

No context found.

A.K. Lenstra, H.W. Lenstra, Jr., Algorithms in number theory, in J. van Leeuwen (ed.), Handbook of theoretical computer science, Elsevier Science Publishers B.V., 1990, pp. 673-- 715.

No context found.

A.K. Lenstra and H.W. Lenstra Jr. Algorithms in number theory. In J. van Leeuwen, editor, Handbook of Theoretical Computer Science, MIT Press/Elsevier, Amsterdam, 1990.

No context found.

A. K. Lenstra and H. W. Lenstra. Algorithms in number theory. In L. van Leeuwen, editor, Handbook of Theoretical Computer Science, volume A, chapter 12, pages 673--715. Elsevier, 1990.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC