Showing papers on "Prime (order theory) published in 1985"
01 Dec 1985
TL;DR: This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2n), finding that in order to be safe from attacks using these algorithms, the value of n for which GF( 2n) is used in a cryptosystem has to be very large and carefully chosen.
Abstract: Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u ? GF(q) is that integer k, 1 ? k ? q-1, for which u = gk. The well-known problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2n). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF(2n) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF(2n) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF(2n) ought to be avoided in all cryptographic applications. On the other hand, the fields GF(p) with p prime appear to offer relatively high levels of security.
384 citations
101 citations
TL;DR: In this article, the authors verified the WeilTaniyama conjecture for the elliptic curve y2 = 4x3 28x + 25 with a triple zero at s = 1 and computed lim, L(s)/(s 1)3 to 28 decimal places, in accordance with the Birch-Swinnerton-Dyer conjecture.
Abstract: The elliptic curve y2 = 4x3 28x + 25 has rank 3 over Q. Assuming the WeilTaniyama conjecture for this curve, we show that its L-series L(s) has a triple zero at s = 1 and compute lim, _I L(s)/(s 1)3 to 28 decimal places; its value agrees with the product of the regulator and real period, in accordance with the Birch-Swinnerton-Dyer conjecture if III is trivial. The object of this note is to verify the conjecture of Birch and Swinnerton-Dyer numerically (to high accuracy) for the elliptic curve (1) E :y2 = 4x3 28x + 25. The conductor of E is 5077, which is apparently the smallest conductor for a curve of rank 3 over Q. Since previous accurate numerical verifications were done for modular curves of rank 0 or 1, and these can now be confirmed theoretically [2], [4], it seemed desirable to test the conjecture for a curve of larger rank. We assume some familiarity with the theory of elliptic curves; good references are [3] and [5]. 1. The Canonical Height Function. One of the main ingredients in the BirchSwinnerton-Dyer formula is the regulator, i.e., the determinant of the matrix expressing the canonical height pairing on E(Q) ? R with respect to a Z-basis of E(Q)/E(Q) torsIn this section we describe how to calculate the canonical height of a point P e E(Q). We first recall the definition. The global minimal model for E has the form (2) y2 +y=x3-7x+6, obtained by replacing y by 2y + 1 in (1) and dividing by 4; this equation has discriminant A\ = 5077. If P E E(Q), then the naive height of P is defined as (3) h(P) = logmax(lal, b), x(P) = a/b, b > 0, (a, b) = 1 (here it does not matter whether we use model (1) or (2) for E, as the x-coordinates are the same); the canonical height is the unique quadratic form h on E(Q) ? R such that h (P) h (P) is bounded, and the canonical height pairing is the associated bilinear form (P, P') = ((h(P + P') h(P) h(P')). The definition of h immediately implies the formula h (P) = limn n 2h (nP), but this is not convenient for calculations. A formula which is usable is (4) h (P) = logb + F(x(P)), Received March 20, 1984; revised June 11, 1984. 1980 Mathematics Subject Classification. Primary 14K07, 14G10. ?01985 American Mathematical Society 0025-5718/85 $1.00 + $.25 per page 473 This content downloaded from 157.55.39.215 on Tue, 30 Aug 2016 06:32:02 UTC All use subject to http://about.jstor.org/terms 474 JOE. P. BUHLER, BENEDICT H. GROSS AND DON B. ZAGIER where b denotes the denominator of x(P) as in (3) and F(x) is the real-valued function defined by 00 F(x) = log|x| + E 4-n-1logz, (5) n~~~~~~~~~~~~~~l=0 (5) ~+14 50 49 x4 + 14X2 50x + 49 x,1 Xn Xn 4x3 28xn+ 25 Near x = 0 the first two terms in (5) become infinite, but we can combine them to obtain 1 ~~~~~~~~~~~~00 (6) F(x)= log(x4 + 14X2-50x + 49) + E 4-n-1logz tt= 1 a formula which now makes sense for all x. Note that the formula relating xn+l to xn is the formula relating x(2P) to x(P) for P E E, so that xn = x(2 P). In particular, x,l > e3 = 1.946... for n > 1, where e1 < e2 < e3 denote the roots of the polynomial 4x3 28x + 25, so zn lies between 1 and 1.328 ... and log zn between 0 and 0.284.... Therefore the series in (5) or (6) converges very rapidly and we can calculate h ( P) to any desired degree of accuracy. Formula (4) is the specialization to our case of a general recipe of Tate [6] for computing heights; indeed, F(x(P)) is Tate's formula for the infinite component of ( P, P) while ord,(b)log p (p prime) gives the p-component of the canonical height (even for the prime p = 5077 of bad reduction, since the fiber of the Neron model at p is irreducible). However, Tate's result, although quoted in the literature, has not yet been published, so we give a direct proof of (4) in our case. By virtue of the definition, it will suffice to show that the expression on the right-hand side of (4) differs by a bounded amount from h (P) and is multiplied by 4 if P is replaced by 2P. By the formula already cited, replacing P by 2P replaces x(P) = a/b by x(2P) = a*/b*, where a* = a4 + 14a2b250ab3 + 49b4, b* = 4a3b28ab3 + 25b4. We claim that b* is the exact denominator of x(2P). Indeed, an elementary calculation with g.c.d.'s shows that (a*, b*) = 1 for any integers a, b with (a, b) = 1 unless a 92b (mod5077), in which case 50771(a*, b*). But this cannot happen here, since 4x3 28x + 25 = 4(x 92)2(x + 184) + 5077(20x 1227) would be divisible by 5077 but not by 50772 if x were 92 (mod 5077) and hence, could not be a square. (This is an elementary restatement of the fact that the Neron model at 5077 has only one component.) On the other hand, replacing P by 2P replaces xn, zn by x,n+1, Zn+ in (5), so
71 citations
TL;DR: An algorithm for computing discrete logarithms over GF (p^{2}) , where p is a prime, in subexponential time is described, which uses quadratic fields as the appropriate algebraic structure.
Abstract: An algorithm for computing discrete logarithms over GF (p^{2}) , where p is a prime, in subexponential time is described. The algorithm is similar to the Merkle-Adleman algorithm for computing logarithms over GF (p) , but it uses quadratic fields as the appropriate algebraic structure. It also makes use of the idea of a virtual spanning set due to Hellman and Reyneri for computing discrete logarithms over GF (p^{m}) , for m growing and p fixed.
66 citations
65 citations
57 citations
TL;DR: In this paper, the authors present polynomial-time algorithms for finding generators for a Sylow p-subgroup of a set of permutations of an n-set.
55 citations
TL;DR: In this paper, the difference between consecu~ve primes was discussed and the following theorem was established: the funct ion g(x) satisfies g (x) K log log x fox* every K > 0 and x>fzo(tC) for any A > 0 ~e$
Abstract: This paper discusses two problems which relate to the difference between consecu~ve primes. Let p. be the nth prime, and d. = p . + l p . . (1) We want to find a funct ion f(,~) such that d . 0 is a given constant and cl is a number which satisfies ~*((r, T) ~O, (4) provided the funct ion g(x) satisfies g(x) K loglog x fox* every K > 0 and x>fzo(tC). This paper establishes the following theorem and so improves on the above result. Theorem 1. Suppose that the estimate (4) hoZds and the est~mata N (or, T) 0 and q'z>0. For any A > 0 ~e$
44 citations
01 Jan 1985
TL;DR: In this paper, a necessary and sufficient condition is given to determine when the P-adic topology is equivalent, resp. linearly equivalent, to P-symbolic topology.
Abstract: For a prime ideal P of a commutative Noetherian ring R a necessary and sufficient condition is given to determine when the P-adic topology is equivalent, resp. linearly equivalent, to the P-symbolic topology. The last means that the symbolic Rees ring is a finitely generated module over the ordinary Rees ring of P. Then it is considered when the integral closure of all the powers of P are primary. 1. Introduction and main results. Let R denote a commutative Noetherian ring. For a prime ideal P of R we define P(n) = P"RP n R, the «th symbolic power of P. Note that P(n) is equal to the uniquely determined P-primary component of P". In (3, §7), R. Hartshorne writes: "A general question, whose solution is quite com- plicated, is to determine when the P-adic topology is equivalent to the P-symbolic topology." Here the P-symbolic topology denotes the topology defined by the symbolic powers P(n), « 3s 1, of P. In the following we shall give a complete solution to this problem. For an arbitrary ideal I oi R note that the sets Ass R/I" stabilize
41 citations
[...]
TL;DR: In this paper, the authors constructed rank p stably free non-free modules over (p + 2)-dimensional affine algebras over algebraically closed fields, wherep is any prime.
Abstract: In [Su. Prob. 3], Suslin had asked the following question: Let A be any affine algebra of dimension n over an algebraically closed field. What is the smallest integer m such that all stably free projective modules of rank bigger than m are free? All the examples in the literature of stably free non-free modules have rank less than or equal to (n 1)/2. The aim of this note is to construct examples of such modules of large rank. We construct rank p stably free non-free modules over (p + 2)-dimensional affine algebras over algebraically closed fields, wherep is any prime. These varieties are actually smooth and rational. Over C, these are trivial as holomorphic vector bundles. [Forp > 2, this is classical. Forp = 2, see [MS]]. So these are strictly algebraic examples. I had described this construction in [MK 1] and proved the result for p = 2. We will reproduce the construction with necessary modifications in this note. Let p be any prime number and k any field. Letf (x) be any polynomial of degree p over k. Letf (0) = a E k* and Fi (xo, xl) = F(xo,x1) = xP *f (x0 /x1 ). Also let
TL;DR: In this paper, an inequality is proved for the dimension of the vector space, which is valid for the case of homogeneous polynomials of degree n, where n is a natural number.
Abstract: Let be a field of characteristic 0, a homogeneous prime ideal of the ring () and the set of residues of homogeneous polynomials of degree ( is a natural number) in , taken modulo . In this paper an inequality is proved for the dimension of the vector space which is valid for .Bibliography: 6 titles.
01 Jan 1985
TL;DR: It is proven that if G is an abelian regular automorphism group of a projective plane of order n and if p is a prime dividing n exactly once, then a certain identity holds in the group algebra Fp|G|.
TL;DR: Polynomial-time algorithms are given for finding an element of G of order r, and for finding a Sylow r-subgroup of G if G is simple.
TL;DR: It is shown that prime length discrete Fourier transform algorithms developed by Winograd have considerable structure, and this can be exploited to develop a straightforward design procedure which does not use the Chinese remainder theorem and which includes any allowed permutations.
Abstract: This paper examines the structure of the prime length discrete Fourier transform algorithms that are developed by Winograd's approach. It is shown that those algorithms have considerable structure, and this can be exploited to develop a straightforward design procedure which does not use the Chinese remainder theorem and which includes any allowed permutations. This structure also allows the design of real-data programs and the improvement of the data transfer properties of the prime factor algorithm.
TL;DR: In this paper, when are all prime ideals in an ore extension goldie? Communications in Algebra: Vol. 13, No. 8, pp. 1743-1762.
Abstract: (1985). When are all prime ideals in an ore extension goldie? Communications in Algebra: Vol. 13, No. 8, pp. 1743-1762.
TL;DR: In this article, a finite group G having a faithful irreducible character χ for which χ(1) is prime to G ¦/χ (1), and assuming that the factors are not both even, G can be embedded in GL n ( Q ) in such a way that its normalizer therein splits over its centralizer.
TL;DR: The prime ideal theorem for distributive lattices (PIT) is shown to imply that any complete distributive Lattice with a compact unit has a prime element as mentioned in this paper, which is then used to deduce from PIT that every nontrivial ring with unit and every Wallman locale is spatial.
Abstract: The prime ideal theorem for distributive lattices (PIT) is shown to imply that any complete distributive lattice with a compact unit has a prime element, which is then used to deduce from PIT that (1) every nontrivial ring with unit has a prime ideal, and (2) every Wallman locale is spatial.
TL;DR: In this article, the minimal depth of all prime divisors of zero in R * was characterized, and a theory of asymptotic grade was developed to characterize the independence of elements and sequences in the local ring itself.
IBM1
TL;DR: Two possible means of cheating, depending on careless implementation of the SRA scheme, are presented, one will work if the prime p is such that p-1 has a small prime divisor, and the other has the names of the cards “TWO of CLUBS” chosen by the cheater.
Abstract: We review the “mental poker” scheme described by Shamir, Rivest and Adleman [SRA]. We present two possible means of cheating, depending on careless implementation of the SRA scheme. One will work if the prime p is such that p-1 has a small prime divisor. In the other scheme, the names of the cards “TWO OF CLUBS” have been extended by random-looking bits. chosen by the cheater.
Book•
01 Jan 1985
TL;DR: In a recent article as discussed by the authors, the authors describe what a mathematician does and why: "What does a mathematician do and why? Prime Numbers, Diophantine equations, and great problems of geometry and space".
Abstract: What does a mathematician do and why? Prime Numbers.- A lively activity: To do mathematics Diophantine equations.- Great problems of geometry and space.
TL;DR: Theorem 1.1.1 is achieved mainly by obtaining lower bounds for the numberof pairs of consecutive primitive roots in this paper, and Theorem 3.1 of [2] applies whenever (o{q-\)^ 16.
Abstract: 1.1 Suppose. q that (>7) is prime a power such thatq = 7 (mod 12) and a>(q -1) =£ 15. Then q belongs to C.For referenc ien regard to the complete proo of f Theorem A, we recordthat the case o f q # 7 (mod 12 is settle) d by Theorem 1. o1f [1] and Theorem1.1 of [2] while Theorem 3. o1f [1] applies whenever (o{q-\)^ 16.Theorem 1.1 is achieved mainly by obtaining lower bounds for the numberof pairs of consecutive primitive roots in
TL;DR: In this paper, the authors construct a right ordering (GC, <) on which the action of F is both faithful and pathologically o-2-transitive in the free lattice-ordered group G71.
Abstract: The free lattice-ordered group F. (of rank n) has been studied in two ways: via the Conrad representation on the various right orderings of the free group G71 (sharpened by Kopytov's observation that some one right ordering must by itself give a faithful representation), and via the Glass-McCleary representation as a pathologically o-2-transitive I-permutation group. Each kind of representation yields some results which cannot be obtained from the other. Here we construct a representation giving the best of both worlds-a right ordering (GC,, <) on which the action of F. is both faithful and pathologically o-2-transitive. This (GC, <) has no proper convex subgroups. The construction is explicit enough that variations of it can be utilized to get a great deal of information about the root system 9,, of prime subgroups of F.. All RX's with 1 < n < o are o-isomorphic. This common root system gf has only four kinds of branches (singleton, three-element, 9f, and 9'.,O), each of which occurs 2wo times. Each finite or countable chain having a largest element occurs as the chain of covering pairs of some root of Sf. 1. The Conrad representation has been used most extensively by Arora and McCleary [1], who studied centralizers of certain elements of F. The GlassMcCleary representation was exploited (and partially developed) by McCleary in [7], to which the present paper is a sequel. Familiarity with [7] (but not [1]) is assumed. The Conrad representation [2] proceeds as follows: Given any right ordering (GV, <) of the free group G,, the right regular representation T of G, preserves the order (but is not in general an i-permutation group). By the freeness of F on the free generating set x (which generates G, as a group), T can be extended to a unique i-homomorphism into A((G',, <)) (i.e., to a unique action on the chain (G,, ), namely WT =(V Awi)c = V AwjT. We shall refer to this as the natural action of F on (Gn, s). When this action is a representation (i.e., faithful), we shall call (G',, < ) a representing right ordering. Another kind of action of F is usual transitive action on the chain F/P of right cosets of a prime subgroup P (namely (Pf )w = P(fw)). When this action is a representation, P is called a representing subgroup of F,. Received by the editors February 21, 1984. 1980 Mathematics Subject Classification. Primary 06F15.
TL;DR: In this paper, it was shown that if p ≠ 7 the equations have a non-trivial solution in p-adic fields if n ≥ 13, and when n = 12 such a result fails for every prime p ≡ 1 (mod 3).
Abstract: We consider two additive cubic equationsin p-adic fields. Davenport and Lewis showed that the equations have a non-trivial solution in every p-adic field, if n ≥ 16, and need not have a solution in the 7-adic field, if n = 15. Here we prove that if p ≠ 7 the equations have a non-trivial solution in p-adic fields if n ≥ 13. When n = 12 such a result fails for every prime p ≡ 1 (mod 3).