We give good non-quadraticity measures for the values of logarithm at specific rational points by modifying Beukers' double integral. The two-dimensional version of the saddle method, which we call -saddle method, is applied.
In this paper, we present several baby-step giant-step algorithms for the low hamming weight discrete logarithm problem. In this version of the discrete log problem, we are required to find a discrete logarithm in a finite group of order approximately , given that the unknown logarithm has a specified number of 1's, say , in its binary representation. Heiman and Odlyzko presented the first algorithms for this problem. Unpublished improvements by Coppersmith include a deterministic algorithm with complexity , and a Las Vegas algorithm with complexity
.
We perform an average-case analysis of Coppersmith's deterministic algorithm. The average-case complexity achieves only a constant factor speed-up over the worst-case. Therefore, we present a generalized version of Coppersmith's algorithm, utilizing a combinatorial set system that we call a splitting system. Using probabilistic methods, we prove a new existence result for these systems that yields a (nonuniform) deterministic algorithm with complexity . We also present some explicit constructions for splitting systems that make use of perfect hash families.
This paper is concerned with algorithms for computing in the divisor class group of a nonsingular plane curve of the form which has only one point at infinity. Divisors are represented as ideals, and an ideal reduction algorithm based on lattice reduction is given. We obtain a unique representative for each divisor class and the algorithms for addition and reduction of divisors run in polynomial time. An algorithm is also given for solving the discrete logarithm problem when the curve is defined over a finite field.
Iterative substructuring methods, also known as Schur complement methods, form an important family of domain decomposition algorithms. They are preconditioned conjugate gradient methods where solvers on local subregions and a solver on a coarse mesh are used to construct the preconditioner. For conforming finite element approximations of , it is known that the number of conjugate gradient steps required to reduce the residual norm by a fixed factor is independent of the number of substructures, and that it grows only as the logarithm of the dimension of the local problem associated with an individual substructure. In this paper, the same result is established for similar iterative methods for low-order Nédélec finite elements, which approximate in two dimensions. Results of numerical experiments are also provided.
We introduce a generalization of the Hardy-Littlewood maximal operator, the natural maximal operator , in some sense the maximal operator which most naturally commutes pointwise with the logarithm on . This commutation reveals the behavior of to directly correspond to that of ; the boundedness of is an immediate consequence.
We consider Pollard's rho method for discrete logarithm computation. Usually, in the analysis of its running time the assumption is made that a random walk in the underlying group is simulated. We show that this assumption does not hold for the walk originally suggested by Pollard: its performance is worse than in the random case. We study alternative walks that can be efficiently applied to compute discrete logarithms. We introduce a class of walks that lead to the same performance as expected in the random case. We show that this holds for arbitrarily large prime group orders, thus making Pollard's rho method for prime group orders about faster than before.
We study a generalized version of the index calculus method for the discrete logarithm problem in , when , is a small prime and . The database consists of the logarithms of all irreducible polynomials of degree between given bounds; the original version of the algorithm uses lower bound equal to one. We show theoretically that the algorithm has the same asymptotic running time as the original version. The analysis shows that the best upper limit for the interval coincides with the one for the original version. The lower limit for the interval remains a free variable of the process. We provide experimental results that indicate practical values for that bound. We also give heuristic arguments for the running time of the Waterloo variant and of the Coppersmith method with our generalized database.
Let be a random unitary matrix with distribution given by Haar measure on the unitary group. Using explicit moment calculations, a general criterion is given for linear combinations of traces of powers of to converge to a Gaussian limit as . By Fourier analysis, this result leads to central limit theorems for the measure on the circle that places a unit mass at each of the eigenvalues of . For example, the integral of this measure against a function with suitably decaying Fourier coefficients converges to a Gaussian limit without any normalisation. Known central limit theorems for the number of eigenvalues in a circular arc and the logarithm of the characteristic polynomial of are also derived from the criterion. Similar results are sketched for Haar distributed orthogonal and symplectic matrices.