Results 1  10
of
1,346
Quantum Error Correction Via Codes Over GF(4)
, 1997
"... The problem of finding quantumerrorcorrecting codes is transformed into the problem of finding additive codes over the field GF(4) which are selforthogonal with respect to a certain trace inner product. Many new codes and new bounds are presented, as well as a table of upper and lower bounds on s ..."
Abstract

Cited by 311 (21 self)
 Add to MetaCart
(Show Context)
The problem of finding quantumerrorcorrecting codes is transformed into the problem of finding additive codes over the field GF(4) which are selforthogonal with respect to a certain trace inner product. Many new codes and new bounds are presented, as well as a table of upper and lower bounds on such codes of length up to 30 qubits.
A Gröbner free alternative for polynomial system solving
 Journal of Complexity
, 2001
"... Given a system of polynomial equations and inequations with coefficients in the field of rational numbers, we show how to compute a geometric resolution of the set of common roots of the system over the field of complex numbers. A geometric resolution consists of a primitive element of the algebraic ..."
Abstract

Cited by 107 (19 self)
 Add to MetaCart
(Show Context)
Given a system of polynomial equations and inequations with coefficients in the field of rational numbers, we show how to compute a geometric resolution of the set of common roots of the system over the field of complex numbers. A geometric resolution consists of a primitive element of the algebraic extension defined by the set of roots, its minimal polynomial and the parametrizations of the coordinates. Such a representation of the solutions has a long history which goes back to Leopold Kronecker and has been revisited many times in computer algebra. We introduce a new generation of probabilistic algorithms where all the computations use only univariate or bivariate polynomials. We give a new codification of the set of solutions of a positive dimensional algebraic variety relying on a new global version of Newton’s iterator. Roughly speaking the complexity of our algorithm is polynomial in some kind of degree of the system, in its height, and linear in the complexity of evaluation
Can Homomorphic Encryption be Practical?
"... Abstract. The prospect of outsourcing an increasing amount of data storage and management to cloud services raises many new privacy concerns for individuals and businesses alike. The privacy concerns can be satisfactorily addressed if users encrypt the data they send to the cloud. If the encryption ..."
Abstract

Cited by 80 (6 self)
 Add to MetaCart
(Show Context)
Abstract. The prospect of outsourcing an increasing amount of data storage and management to cloud services raises many new privacy concerns for individuals and businesses alike. The privacy concerns can be satisfactorily addressed if users encrypt the data they send to the cloud. If the encryption scheme is homomorphic, the cloud can still perform meaningful computations on the data, even though it is encrypted. In fact, we now know a number of constructions of fully homomorphic encryption schemes that allow arbitrary computation on encrypted data. In the last two years, solutions for fully homomorphic encryption have been proposed and improved upon, but it is hard to ignore the elephant in the room, namely efficiency – can homomorphic encryption ever be efficient enough to be practical? Certainly, it seems that all known fully homomorphic encryption schemes have a long way to go before they can be used in practice. Given this state of affairs, our contribution is twofold. First, we exhibit a number of realworld applications, in the medical, financial, and the advertising domains, which require only that the encryption scheme is “somewhat ” homomorphic. Somewhat homomorphic encryption schemes, which support a limited number of homomorphic operations, can be much faster, and more compact than fully homomorphic encryption schemes. Secondly, we show a proofofconcept implementation of the recent somewhat homomorphic encryption scheme of Brakerski and Vaikuntanathan, whose security relies on the “ring learning with errors ” (Ring LWE) problem. The system is very efficient, and has reasonably short ciphertexts. Our unoptimized implementation in magma enjoys comparable efficiency to even optimized pairingbased schemes with the same level of security and homomorphic capacity. We also show a number of applicationspecific optimizations to the encryption scheme, most notably the ability to convert between different message encodings in a ciphertext.
A new approach to the conjugacy problem in Garside groups
, 2008
"... The cycling operation endows the super summit set Sx of any element x of a Garside group G with the structure of a directed graph Γx. We establish that the subset Ux of Sx consisting of the circuits of Γx can be used instead of Sx for deciding conjugacy to x in G, yielding a faster and more practica ..."
Abstract

Cited by 67 (6 self)
 Add to MetaCart
The cycling operation endows the super summit set Sx of any element x of a Garside group G with the structure of a directed graph Γx. We establish that the subset Ux of Sx consisting of the circuits of Γx can be used instead of Sx for deciding conjugacy to x in G, yielding a faster and more practical solution to the conjugacy problem for Garside groups. Moreover, we present a probabilistic approach to the conjugacy search problem in Garside groups. The results are likely to have implications for the security of recently proposed cryptosystems based on the hardness of problems related to the conjugacy (search) problem in braid groups.
Computing the equidimensional decomposition of an algebraic closed set by means of lifting fibers
 J. Complexity
, 2000
"... We present a new probabilistic method for solving systems of polynomial equations and inequations. Our algorithm computes the equidimensional decomposition of the Zariski closure of the solution set of such systems. Each equidimensional component is encoded by a generic fiber, that is a finite set o ..."
Abstract

Cited by 63 (2 self)
 Add to MetaCart
We present a new probabilistic method for solving systems of polynomial equations and inequations. Our algorithm computes the equidimensional decomposition of the Zariski closure of the solution set of such systems. Each equidimensional component is encoded by a generic fiber, that is a finite set of points obtained from the intersection of the component with a generic transverse affine subspace. Our algorithm is incremental in the number of equations to be solved. Its complexity is mainly cubic in the maximum of the degrees of the solution sets of the intermediate systems counting multiplicities. Our method is designed for coefficient fields having characteristic zero or big enough with respect to the number of solutions. If the base field is the field of the rational numbers then the resolution is first performed modulo a random prime number after we have applied a random change of coordinates. Then we search for coordinates with small integers and lift the solutions up to the rational numbers. Our implementation is available within our package Kronecker from version 0.166, which is written in the Magma computer algebra system. 1
Classical and modular approaches to exponential Diophantine equations I. Fibonacci and Lucas perfect powers
 Annals of Math
"... Abstract. This is the second in a series of papers where we combine the classical approach to exponential Diophantine equations (linear forms in logarithms, Thue equations, etc.) with a modular approach based on some of the ideas of the proof of Fermat’s Last Theorem. In this paper we use a general ..."
Abstract

Cited by 60 (15 self)
 Add to MetaCart
(Show Context)
Abstract. This is the second in a series of papers where we combine the classical approach to exponential Diophantine equations (linear forms in logarithms, Thue equations, etc.) with a modular approach based on some of the ideas of the proof of Fermat’s Last Theorem. In this paper we use a general and powerful new lower bound for linear forms in three logarithms, together with a combination of classical, elementary and substantially improved modular methods to solve completely the LebesgueNagell equation for D in the range 1 ≤ D ≤ 100. x 2 + D = y n, x, y integers, n ≥ 3, 1.
Efficient and generalized pairing computation on Abelian varieties
, 2008
"... In this paper, we propose a new method for constructing a bilinear pairing over (hyper)elliptic curves, which we call the Rate pairing. This pairing is a generalization of the Ate and Atei pairing, and also improves efficiency of the pairing computation. Using the Rate pairing, the loop length in ..."
Abstract

Cited by 55 (3 self)
 Add to MetaCart
In this paper, we propose a new method for constructing a bilinear pairing over (hyper)elliptic curves, which we call the Rate pairing. This pairing is a generalization of the Ate and Atei pairing, and also improves efficiency of the pairing computation. Using the Rate pairing, the loop length in Miller’s algorithm can be as small as log(r 1/φ(k) ) for some pairingfriendly elliptic curves which have not reached this lower bound. Therefore we obtain from 29 % to 69 % savings in overall costs compared to the Atei pairing. On supersingular hyperelliptic curves of genus 2, we show that this approach makes the loop length in Miller’s algorithm shorter than that of the Ate pairing.
Converting PairingBased Cryptosystems from CompositeOrder Groups to PrimeOrder Groups
"... Abstract. We develop an abstract framework that encompasses the key properties of bilinear groups of composite order that are required to construct secure pairingbased cryptosystems, and we show how to use primeorder elliptic curve groups to construct bilinear groups with the same properties. In p ..."
Abstract

Cited by 54 (0 self)
 Add to MetaCart
Abstract. We develop an abstract framework that encompasses the key properties of bilinear groups of composite order that are required to construct secure pairingbased cryptosystems, and we show how to use primeorder elliptic curve groups to construct bilinear groups with the same properties. In particular, we define a generalized version of the subgroup decision problem and give explicit constructions of bilinear groups in which the generalized subgroup decision assumption follows from the decision DiffieHellman assumption, the decision linear assumption, and/or related assumptions in primeorder groups. We apply our framework and our primeorder group constructions to create more efficient versions of cryptosystems that originally required compositeorder groups. Specifically, we consider the BonehGohNissim encryption scheme, the BonehSahaiWaters traitor tracing system, and the KatzSahaiWaters attributebased encryption scheme. We give a security theorem for the primeorder group instantiation of each system, using assumptions of comparable complexity to those used in the compositeorder setting. Our conversion of the last two systems to primeorder groups answers a problem posed by Groth and Sahai.
Optimal Pairings
"... Abstract. In this paper we introduce the concept of an optimal pairing, which by definition can be computed using only log 2 r/ϕ(k) basic Miller iterations, with r the order of the groups involved and k the embedding degree. We describe an algorithm to construct optimal ate pairings on all parametri ..."
Abstract

Cited by 53 (0 self)
 Add to MetaCart
Abstract. In this paper we introduce the concept of an optimal pairing, which by definition can be computed using only log 2 r/ϕ(k) basic Miller iterations, with r the order of the groups involved and k the embedding degree. We describe an algorithm to construct optimal ate pairings on all parametrized families of pairing friendly elliptic curves. Finally, we conjecture that any nondegenerate pairing on an elliptic curve without efficiently computable endomorphisms different from powers of Frobenius requires at least log 2 r/ϕ(k) basic Miller iterations.