Consider the pseudorandom number generator where we are given the modulus , the initial value and the exponent . One case of particular interest is when the modulus is of the form , where are different primes of the same magnitude. It is known from work of the first and third authors that for moduli , if the period of the sequence exceeds , then the sequence is uniformly distributed. We show rigorously that for almost all choices of it is the case that for almost all choices of , the period of the power generator exceeds . And so, in this case, the power generator is uniformly distributed.
We also give some other cryptographic applications, namely, to ruling-out the cycling attack on the RSA cryptosystem and to so-called time-release crypto.
The principal tool is an estimate related to the Carmichael function , the size of the largest cyclic subgroup of the multiplicative group of residues modulo . In particular, we show that for any , we have for all integers with , apart from at most exceptions.
Let be an even integer, . The resultant of the polynomials and is known as Wendt's determinant of order . We prove that among the prime divisors of only those which divide or can be larger than , where and is the th Lucas number, except when and . Using this estimate we derive criteria for the nonsolvability of Fermat's congruence.
The algorithm is a structure-preserving algorithm for computing the spectrum of symplectic matrices. Any symplectic matrix can be reduced to symplectic butterfly form. A symplectic matrix in butterfly form is uniquely determined by parameters. Using these parameters, we show how one step of the symplectic algorithm for can be carried out in arithmetic operations compared to arithmetic operations when working on the actual symplectic matrix. Moreover, the symplectic structure, which will be destroyed in the numerical process due to roundoff errors when working with a symplectic (butterfly) matrix, will be forced by working just with the parameters.
A systematic search for optimal lattice rules of specified trigonometric degree over the hypercube has been undertaken. The search is restricted to a population of lattice rules . This includes those where the dual lattice may be generated by points for each of which . The underlying theory, which suggests that such a restriction might be helpful, is presented. The general character of the search is described, and, for , and , , a list of -optimal rules is given. It is not known whether these are also optimal rules in the general sense; this matter is discussed.
Let 2$">, an -th primitive root of 1, mod a prime number, a primitive root modulo and . We study the Jacobi sums , , where is the least nonnegative integer such that mod . We exhibit a set of properties that characterize these sums, some congruences they satisfy, and a MAPLE program to calculate them. Then we use those results to show how one can construct families , , of irreducible polynomials of Gaussian periods, , of degree , where is a suitable set of primes mod . We exhibit examples of such families for several small values of , and give a MAPLE program to construct more of them.
A sequence of integers in an interval of length is called admissible if for each prime there is a residue class modulo the prime which contains no elements of the sequence. The maximum number of elements in an admissible sequence in an interval of length is denoted by . Hensley and Richards showed that \pi (x)$"> for large enough . We increase the known bounds on the set of satisfying and find smaller values of such that \pi (x)$">. We also find values of satisfying 2\pi (x/2)$">. This shows the incompatibility of the conjecture with the prime -tuples conjecture.
This paper concerns the Rayleigh-Ritz method for computing an approximation to an eigenspace of a general matrix from a subspace that contains an approximation to . The method produces a pair that purports to approximate a pair , where is a basis for and . In this paper we consider the convergence of as the sine of the angle between and approaches zero. It is shown that under a natural hypothesis--called the uniform separation condition--the Ritz pairs converge to the eigenpair . When one is concerned with eigenvalues and eigenvectors, one can compute certain refined Ritz vectors whose convergence is guaranteed, even when the uniform separation condition is not satisfied. An attractive feature of the analysis is that it does not assume that has distinct eigenvalues or is diagonalizable.
Using a carefully optimized segmented sieve and an efficient checking algorithm, the Goldbach conjecture has been verified and is now known to be true up to . The program was distributed to various workstations. It kept track of maximal values of the smaller prime in the minimal partition of the even numbers, where a minimal partition is a representation with being composite for all . The maximal prime needed in the considered interval was found to be 5569 and is needed for the partition 389965026819938 = 5569 + 389965026814369.
Let be a product of two distinct primes and . We show that for almost all exponents with the RSA pairs are uniformly distributed modulo when runs through
- the group of units modulo (that is, as in the classical RSA scheme);
- the set of -products , , where are selected at random (that is, as in the recently introduced RSA scheme with precomputation).
We examine the problem of factoring the th cyclotomic polynomial, over , and distinct primes. Given the traces of the roots of we construct the coefficients of in time . We demonstrate a deterministic algorithm for factoring in time when has precisely two irreducible factors. Finally, we present a deterministic algorithm for computing the sum of the irreducible factors of in time .
In this paper we tabulate all strong pseudoprimes (spsp's) to the first ten prime bases which have the form with odd primes and There are in total 44 such numbers, six of which are also spsp(31), and three numbers are spsp's to both bases 31 and 37. As a result the upper bounds for and are lowered from 28- and 29-decimal-digit numbers to 22-decimal-digit numbers, and a 24-decimal-digit upper bound for is obtained. The main tools used in our methods are the biquadratic residue characters and cubic residue characters. We propose necessary conditions for to be a strong pseudoprime to one or to several prime bases. Comparisons of effectiveness with both Jaeschke's and Arnault's methods are given.
In this article, we prove the convergence of a splitting scheme of high order for a reaction-diffusion system of the form where is an matrix whose spectrum is included in 0 \}$">. This scheme is obtained by applying a Richardson extrapolation to a Strang formula.
Consider a differential equation with and , where is a Lie algebra of the matricial Lie group . Every can be mapped to by the matrix exponential map with .
Most numerical methods for solving ordinary differential equations (ODEs) on Lie groups are based on the idea of representing the approximation of the exact solution , , by means of exact exponentials of suitable elements of the Lie algebra, applied to the initial value . This ensures that .
When the exponential is difficult to compute exactly, as is the case when the dimension is large, an approximation of plays an important role in the numerical solution of ODEs on Lie groups. In some cases rational or polynomial approximants are unsuitable and we consider alternative techniques, whereby is approximated by a product of simpler exponentials.
In this paper we present some ideas based on the use of the Strang splitting for the approximation of matrix exponentials. Several cases of and are considered, in tandem with general theory. Order conditions are discussed, and a number of numerical experiments conclude the paper.
In this paper, we enumerate all number fields of degree of discriminant smaller than in absolute value containing a quintic field having one real place. For each one of the (resp. found fields of signature (resp. the field discriminant, the quintic field discriminant, a polynomial defining the relative quadratic extension, the corresponding relative discriminant, the corresponding polynomial over , and the Galois group of the Galois closure are given.
In a supplementary section, we give the first coincidence of discriminant of (resp. nonisomorphic fields of signature (resp. .
The present paper is a continuation of an earlier work by the author. We propose some new definitions of -adic continued fractions. At the end of the paper we give numerical examples illustrating these definitions. It turns out that for every if then has a periodic continued fraction expansion. The same is not true in for some larger values of
A set of primes involving numbers such as , where and , is defined. An algorithm for computing discrete logs in the finite field of order with is suggested. Its heuristic expected running time is for , where as , , and . At present, the most efficient algorithm for computing discrete logs in the finite field of order for general is Schirokauer's adaptation of the Number Field Sieve. Its heuristic expected running time is for . Using rather than general does not enhance the performance of Schirokauer's algorithm. The definition of the set and the algorithm suggested in this paper are based on a more general congruence than that of the Number Field Sieve. The congruence is related to the resultant of integer polynomials. We also give a number of useful identities for resultants that allow us to specify this congruence for some .
We consider sequences of matrices with a block structure spectrally distributed as an -variate matrix-valued function , and, for any , we suppose that is a linear and positive operator. For every fixed we approximate the matrix in a suitable linear space of matrices by minimizing the Frobenius norm of when ranges over . The minimizer is denoted by . We show that only a simple Korovkin test over a finite number of polynomial test functions has to be performed in order to prove the following general facts:
- 1.
- the sequence is distributed as ,
- 2.
- the sequence is distributed as the constant function (i.e. is spectrally clustered at zero).