A hidden number problem in small subgroups

Boneh and Venkatesan have proposed a polynomial time algorithm for recovering a hidden element , where is prime, from rather short strings of the most significant bits of the residue of modulo for several randomly chosen . González Vasco and the first author have recently extended this result to subgroups of of order at least for all and to subgroups of order at least for almost all . Here we introduce a new modification in the scheme which amplifies the uniformity of distribution of the multipliers and thus extend this result to subgroups of order at least for all primes . As in the above works, we give applications of our result to the bit security of the Diffie-Hellman secret key starting with subgroups of very small size, thus including all cryptographically interesting subgroups.

     

Elliptic curves with nonsplit mod representations

We calculate explicitly the -invariants of the elliptic curves corresponding to rational points on the modular curve by giving an expression defined over of the -function in terms of the function field generators and of the elliptic curve . As a result we exhibit infinitely many elliptic curves over with nonsplit mod representations.

     

Finite element superconvergence on Shishkin mesh for 2-D convection-diffusion problems

In this work, the bilinear finite element method on a Shishkin mesh for convection-diffusion problems is analyzed in the two-dimensional setting. A superconvergence rate in a discrete -weighted energy norm is established under certain regularity assumptions. This convergence rate is uniformly valid with respect to the singular perturbation parameter . Numerical tests indicate that the rate is sharp for the boundary layer terms. As a by-product, an -uniform convergence of the same order is obtained for the -norm. Furthermore, under the same regularity assumption, an -uniform convergence of order in the norm is proved for some mesh points in the boundary layer region.

     

Computing the multiplicative group of residue class rings

Let be a global field with maximal order and let be an ideal of . We present algorithms for the computation of the multiplicative group of the residue class ring and the discrete logarithm therein based on the explicit representation of the group of principal units. We show how these algorithms can be combined with other methods in order to obtain more efficient algorithms. They are applied to the computation of the ray class group modulo , where denotes a formal product of real infinite places, and also to the computation of conductors of ideal class groups and of discriminants and genera of class fields.

     

On the total number of prime factors of an odd perfect number

We say is perfect if , where denotes the sum of the positive divisors of . No odd perfect numbers are known, but it is well known that if such a number exists, it must have prime factorization of the form , where , , ..., are distinct primes and . We prove that if or for all , , then . We also prove as our main result that , where . This improves a result of Sayers given in 1986.

     

Continued fractions in local fields, II

The present paper is a continuation of an earlier work by the author. We propose some new definitions of -adic continued fractions. At the end of the paper we give numerical examples illustrating these definitions. It turns out that for every if then has a periodic continued fraction expansion. The same is not true in for some larger values of

     

Using the theory of cyclotomy to factor cyclotomic polynomials over finite fields

We examine the problem of factoring the th cyclotomic polynomial, over , and distinct primes. Given the traces of the roots of we construct the coefficients of in time . We demonstrate a deterministic algorithm for factoring in time when has precisely two irreducible factors. Finally, we present a deterministic algorithm for computing the sum of the irreducible factors of in time .

     

Predicting nonlinear pseudorandom number generators

Let be a prime and let and be elements of the finite field of elements. The inversive congruential generator (ICG) is a sequence of pseudorandom numbers defined by the relation . We show that if sufficiently many of the most significant bits of several consecutive values of the ICG are given, one can recover the initial value (even in the case where the coefficients and are not known). We also obtain similar results for the quadratic congruential generator (QCG), , where . This suggests that for cryptographic applications ICG and QCG should be used with great care. Our results are somewhat similar to those known for the linear congruential generator (LCG), , but they apply only to much longer bit strings. We also estimate limits of some heuristic approaches, which still remain much weaker than those known for LCG.

     

Point counting on Picard curves in large characteristic

We present an algorithm for computing the cardinality of the Jacobian of a random Picard curve over a finite field. If the underlying field is a prime field , the algorithm has complexity .