Showing papers on "Prime (order theory) published in 2002"

New Product Search Over Time: Past Ideas in Their Prime?

Abstract: This study is an investigation of how the age of the knowledge that firms search affects how innovative they are. Two seemingly contradictory propositions are examined: (1) old knowledge hurts by m...

Applications of Multilinear Forms to Cryptography.

Abstract: We study the problem of finding efficiently computable non-degenerate multilinear maps from G1 to G2, where G1 and G2 are groups of the same prime order, and where computing discrete logarithms in G1 is hard. We present several applications to cryptography, explore directions for building such maps, and give some reasons to believe that finding examples with n > 2 may be difficult.

The Insecurity of the Digital Signature Algorithm with Partially Known Nonces

Abstract: We present a polynomial-time algorithm that provably recovers the signer's secret DSA key when a few consecutive bits of the random nonces k (used at each signature generation) are known for a number of DSA signatures at most linear in log q (q denoting as usual the small prime of DSA), under a reasonable assumption on the hash function used in DSA. For most significant or least significant bits, the number of required bits is about log1/2 q , but can be decreased to log log q with a running time qO(1/log log q) subexponential in log q , and even further to two in polynomial time if one assumes access to ideal lattice basis reduction, namely an oracle for the lattice closest vector problem for the infinity norm. For arbitrary consecutive bits, the attack requires twice as many bits. All previously known results were only heuristic, including those of Howgrave-Graham and Smart who recently introduced that topic. Our attack is based on a connection with the hidden number problem (HNP) introduced at Crypto '96 by Boneh and Venkatesan in order to study the bit-security of the Diffie--Hellman key exchange. The HNP consists, given a prime number q , of recovering a number ? ? Fq such that for many known random t ? Fq a certain approximation of t ? is known. To handle the DSA case, we extend Boneh and Venkatesan's results on the HNP to the case where t has not necessarily perfectly uniform distribution, and establish uniformity statements on the DSA signatures, using exponential sum techniques. The efficiency of our attack has been validated experimentally, and illustrates once again the fact that one should be very cautious with the pseudo-random generation of the nonce within DSA.

Mutually unbiased bases

Abstract: After a brief review of the notion of a full set of mutually unbiased bases in an N-dimensional Hilbert space, we summarize the work of Wootters and Fields (W K Wootters and B C Fields, Ann Phys191, 363 (1989)) which gives an explicit construction for such bases for the case N=pr, where p is a prime Further, we show how, by exploiting certain freedom in the Wootters-Fields construction, the task of explicitly writing down such bases can be simplified for the case when p is an odd prime In particular, we express the results entirely in terms of the character vectors of the cyclic group G of order p We also analyse the connection between mutually unbiased bases and the representations of G

Uniform distribution of Heegner points

Abstract: Let E be a (modular!) elliptic curve over Q, of conductor N . Let K denote an imaginary quadratic field of discriminant D, with (N ,D) = 1. If p is a prime, then there exists a unique Zp-extension K∞/K such that Gal(K/Q) acts nontrivially on Gal(K∞/K ). The field K∞ is called the anticyclotomic Zp-extension of K . Let E(K∞ ) denote the Mordell-Weil group of E over K∞. Then a fundamental conjecture of Mazur [Maz] predicts that the size of E(K∞ ) is controlled by the prime factorization of N in K . Equivalently, Mazur’s conjecture relates the size of the Mordell-Weil group to the sign in the functional equation of certain L-series. The conjecture was verified by Greenberg, Rohrlich, and Rubin, in what Mazur calls the exceptional case, when E has complex multiplication by K . More generally, they settled the conjecture for certain abelian varieties with complex multiplication. For a discussion of this CM case, we refer the reader to [Gre], [Roh], and [Rub]. Our goal in this paper is to treat the generic case, which occurs either when E has no CM, or when the field of complexmultiplications is distinct from K . Under certain conditions on E and K , Mazur’s conjecture predicts that the group E(K∞ ) is finitely generated; our main result asserts that this is in fact the case, at least when p is an ordinary prime for E, or when the class number of K is prime to p. The main new ingredient we introduce is that of equidistribution, following ideas used by Ferrero andWashington to study the cyclotomicμ-invariant. More precisely, we show that theHeegner points associated to definite quaternion algebras are uniformly distributed on the components of a certain curve X , and that the elements of a certain Galois group act independently, in a suitable sense. This, combined with a special value formula due to Gross, allows us to conclude that the special values of anticyclotomic L-functions are almost always nonzero, so that the statement about the Mordell-Weil groups follows from the machinery of Euler systems as developed by Bertolini and Darmon [BD].

Cyclic Designs with Block Size 4 and Related Optimal Optical Orthogonal Codes

Abstract: We prove the existence of a cyclic (4p, 4, 1)-BIBD—and hence, equivalently, that of a cyclic (4, 1)-GDD of type 4p—for any prime p \equiv 1 \pmod 6 such that (p−1)/6 has a prime factor q not greater than 19. This was known only for qe2, i.e., for p \equiv 1 \pmod 12. In this case an explicit construction was given for p \equiv 13 \pmod 24. Here, such an explicit construction is also realized for p \equiv 1 \pmod 24. We also give a strong indication about the existence of a cyclic (4p 4, 1)-BIBD for any prime p \equiv 1 \pmod 6, p>7. The existence is guaranteed for p>(2q3−3q2+1)2+3q2 where q is the least prime factor of (p−1)/6. Finally, we prove, giving explicit constructions, the existence of a cyclic (4, 1)-GDD of type 6p for any prime p>5 and the existence of a cyclic (4, 1)-GDD of type 8p for any prime p \equiv 1 \pmod 6. The result on GDD's with group size 6 was already known but our proof is new and very easy. All the above results may be translated in terms of optimal optical orthogonal codes of weight four with λe1.

Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products

Abstract: We present a new protocol for efficient distributed computation modulo a shared secret. We further present a protocol to distributively generate a random shared prime or safe prime that is much more efficient than previously known methods. This allows one to distributively compute shared RSA keys, where the modulus is the product of two safe primes, much more efficiently than was previously known.

Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products.

Abstract: We present a new protocol for efficient distributed computation modulo a shared secret. We further present a protocol to distributively generate a random shared prime or safe prime that is much more efficient than previously known methods. This allows to distributively compute shared RSA keys, where the modulus is the product of two safe primes, much more efficiently than was previously known.

Cryptanalysis of RSA with small prime difference

Abstract: We show that choosing an RSA modulus with a small difference of its prime factors yields improvements on the small private exponent attacks of Wiener and Boneh-Durfee.

A matching advantage for dynamic human faces.

Abstract: In a series of three experiments, we used a sequential matching task to explore the impact of non-rigid facial motion on the perception of human faces. Dynamic prime images, in the form of short video sequences, facilitated matching responses relative to a single static prime image. This advantage was observed whenever the prime and target showed the same face but an identity match was required across expression (experiment 1) or view (experiment 2). No facilitation was observed for identical dynamic prime sequences when the matching dimension was shifted from identity to expression (experiment 3). We suggest that the observed dynamic advantage, the first reported for non-degraded facial images, arises because the matching task places more emphasis on visual working memory than typical face recognition tasks. More specifically, we believe that representational mechanisms optimised for the processing of motion and/or change-over-time are established and maintained in working memory and that such ‘dynamic r...

Incomplete reduction in modular arithmetic

Abstract: The authors describe a novel method for obtaining fast software implementations of the arithmetic operations in the finite field GF(p) with an arbitrary prime modulus p of arbitrary length. The most important feature of the method is that it avoids bit-level operations which are slow on microprocessors and performs word-level operations which are significantly faster. The proposed method has applications in public-key cryptographic algorithms defined over the finite field GF(p), most notably the elliptic curve digital signature algorithm.

A DPA Attack against the Modular Reduction within a CRT Implementation of RSA

Abstract: Published DPA attack scenarios against the RSA implementation exploit the possibility of predicting intermediate data during a straight-forward square-multiply exponentiation algorithm. An implementation of RSA using CRT (Chinese Remainder Theorem) prevents the pre-calculation of intermediate results during the exponentiation algorithm by an attacker. In this paper, we present a DPA attack that uses byte-wise hypotheses on the remainder after the modular reduction with one of the primes. Instead of using random input data this attack uses k series of input data with an equidistant step distance of 1, 256, (256)2,.., (256)k. The basic assumption of this DPA attack named MRED ("Modular Reduction on Equidistant Data") is that the distance of the input data equals the distance of the intermediate data after the modular reduction at least for a subgroup of single measurements. A function Fk that is composed of the k DPA results is used for the approximation of a multiple of the prime. Finally the gcd gives the prime. The number of DPA calculations increases linear to the number of bytes of the prime to be attacked. MRED is demonstrated using simulated measurement data. The practical efficiency is assessed. If the applicability of this attack is limited due to padding formats in RSA signature applications, the least significant bytes of the remainder after the modular reduction step can still be revealed. Multiplicative message blinding can protect the reduction modulo a secret prime against MRED.

New nonbinary sequences with ideal two-level autocorrelation

Abstract: We find new families of nonbinary sequences of period p/sup n/-1 with symbols from a finite field F/sub p/ for any prime p/spl ges/3. The sequences have two-level ideal autocorrelation and are generalizations of previously found ternary sequences with ideal autocorrelation. Difference sets with parameters ((p/sup n/-1)/(p-1), (p/sup n-1/-1)/(p-1), (p/sup n-2/-1)/(p-1)) can also be derived from these sequences in a natural way.

Maximal prime subgraph decomposition of Bayesian networks

Abstract: The authors present a method for decomposition of Bayesian networks into their maximal prime subgraphs. The correctness of the method is proven and results relating the maximal prime subgraph decomposition (MPD) to the maximal complete subgraphs of the moral graph of the original Bayesian network are presented. The maximal prime subgraphs of a Bayesian network can be organized as a tree which can be used as the computational structure for LAZY propagation. We also identify a number of tasks performed on Bayesian networks that can benefit from MPD. These tasks are: divide and conquer triangulation, hybrid propagation algorithms combining exact and approximative inference techniques, and incremental construction of junction trees. We compare the proposed algorithm with standard algorithms for decomposition of undirected graphs into their maximal prime subgraphs. The discussion shows that the proposed algorithm is simpler, more easy to comprehend, and it has the same complexity as the standard algorithms.

Aspects of mutually unbiased bases in odd-prime-power dimensions

Abstract: We rephrase the Wootters-Fields construction [W. K. Wootters and B. C. Fields, Ann. Phys. 191, 363 (1989)] of a full set of mutually unbiased bases in a complex vector space of dimensions ${N=p}^{r},$ where p is an odd prime, in terms of the character vectors of the cyclic group G of order p. This form may be useful in explicitly writing down mutually unbiased bases for ${N=p}^{r}.$

Higher Derivations and a Theorem By Herstein

Abstract: In this paper we extend to the higher derivations a well-known result proved by Herstein concerning derivations in prime rings. We prove results which imply that every Jordan higher derivation of a 2-torsion-free semiprime ring is a higher derivation.

Supersingular elliptic curves, theta series and weight two modular forms

Abstract: This paper deals with two subjects and their interaction. The first is the problem of spanning spaces of modular forms by theta series. The second is the commutative algebraic properties of Hecke modules arising in the arithmetic theory of modular forms. Let p be a prime, and let B denote the quaternion algebra over Q that is ramified at p and ∞ and at no other places. If L is a left ideal in a maximal order of B then L is a rank four Z-module equipped in a natural way with a positive definite quadratic form [6, §1]. (We shall say that L is a rank four quadratic space, and remark that the isomorphism class of L as a quadratic space depends only on the left ideal class of L in its maximal order.) Eichler [5] proved that the theta series of L is a weight two modular form on Γ0(p), and that as L ranges over a collection of left ideal class representatives of all left ideals in all maximal orders of B these theta series span the vector space of weight two modular forms on Γ0(p) over Q. In this paper we strengthen this result as follows: if L is as above, then the q-expansion of its theta series Θ(L) has constant term equal to one and all other coefficients equal to even integers. Suppose that f is a modular form whose qexpansion coefficients are even integers, except perhaps for its constant term, which we require merely to be an integer. It follows from Eichler’s theorem that f may be written as a linear combination of Θ(L) (with L ranging over a collection of left ideals of maximal orders of B) with rational coefficients. We show that in fact these coefficients can be taken to be integers. Let T denote the Z-algebra of Hecke operators acting on the space of weight two modular forms on Γ0(p). The proof that we give of our result hinges on analyzing the structure of a certain T-module X . We can say what X is: it is the free Zmodule of divisors supported on the set of singular points of the (reducible, nodal) curve X0(p) in characteristic p. The key properties of X , which imply the above result on theta series, are that the natural map T −→ EndT(X ) is an isomorphism, and that furthermore X is locally free of rank one in a Zariski neighbourhood of the Eisenstein ideal of T. We remark that it is comparatively easy to prove the analogous statements after tensoring with Q, for they then follow from the fact that X is a faithful T-module. Indeed, combining this with the semi-simplicity of the Q-algebra T⊗Z Q, one deduces that X ⊗Z Q is a free T⊗Z Q-module of rank one, and in particular that the map T⊗Z Q −→ EndT⊗ZQ(X ⊗Z Q) is an isomorphism.

Combinatorics of Nonnegative Matrices

Abstract: Matrices and Configurations Ryser classes Nonnegative matrices and extremal combinatorial problems Asymptotic methods in the study of nonnegative matrices Totally indecomposable, chainable, and prime matrices Sequences of nonnegative matrices Bibliography Index.

On p-adic Point Counting Algorithms for Elliptic Curves over Finite Fields

Abstract: Let p be a prime and let q := pN. Let E be an elliptic curve over Fq. We are interested in efficient algorithms to compute the order of the group E(Fq) of Fq-rational points of E. An l-adic algorithm, known as the SEA algorithm, computes #E(Fq) with O((log q)4+?) bit operations (with fast arithmetic) and O((log q)2) memory. In this article, we survey recent advances in p-adic algorithms. For a fixed small p, the computational complexity of the known fastest p-adic point counting algorithm is O(N3+?) in time and O(N2) in space. If we accept some precomputation depending only on p and N or a certain restriction on N, the time complexity is reduced to O(N2.5+?) still with O(N2) space requirement.

Prime and radical submodules of modules over commutative rings

Abstract: In this paper, unless otherwise stated, all rings are commutative with identity and all modules are unital. We give sufficient conditions to ensure that a submodule has a module-reduced primary decomposition. In general, the radical of a primary submodule is not prime and the radical does not split intersections of submodules, as is valid in the ideal case. We study sufficient conditions for which these properties hold in the module setting. These conditions involve dimension arguments, consideration of finitely generated modules, and the spectrum of a given prime ideal. Further, we consider the computational problem of finding a Grobner basis of both the colon and the radical of a submodule. A characterization of the elements of the colon is given, along with a method of computing the radical of a submodule in certain cases.

Linear complexity over F/sub p/ and trace representation of Lempel-Cohn-Eastman sequences

Abstract: In this article, the linear complexity over F/sub p/ of Lempel-Cohn-Eastman (1977) sequences of period p/sup m/-1 for an odd prime p is determined. For p=3,5, and 7, the exact closed-form expressions for the linear complexity over F/sub p/ of LCE sequences of period p/sup m/-1 are derived. Further, the trace representations for LCE sequences of period p/sup m/-1 for p=3 and 5 are found by computing the values of all Fourier coefficients in F/sub p/ for the sequences.

Power transmission device

Abstract: PROBLEM TO BE SOLVED: To reduce a shock of a gearshift in an apparatus comprising a plurality of prime motors. SOLUTION: A transmission in the apparatus comprising a first prime motor (engine) 1 and a second prime motor (motor) 2 as driving forces is characterized by having a configuration such that fluctuations in the number of revolutions of the first prime motor (engine) 1 are made to be reverse to fluctuations in the number of revolutions of the second prime motor (motor) 2 when a first gear is shifted to a second gear. The transmission is also characterized in that, when the first gear is shifted to the second gear, torque that cancels inertial torque of the prime motor (engine) 1 is controlled so as to be output to the other prime motor (motor) 2.

Method of providing decision automation

Abstract: A method of rule processing includes defining/entering attributes, enumerations, and/or relationships; packaging the definitions in a reduced canonical form suitable for propositional logic manipulation using zero-suppressed binary decision diagrams (Zdd) to produce a prime Zdd; and/or (iii) executing the rule by applying a series of user inputs to the prime Zdd to determine a result that preferably includes conflict and selection advice to guide the user to satisfaction. Elective events, such as but not limited to the display of messages or the performance of calculations, may optionally be packaged along with the prime rule or components thereof, and presented during execution to help guide the end user to satisfaction or compliancy when choosing among possible selections. The invention automates determination of a complex rule having a combinatorial exploded number of rule components, or a combinatorial number of possible outcomes, exceeding computational capacity of present day computing systems.

M-injective modules and prime m-ideals

Abstract: For a left R-module M, we identify certain submodules of M that play a role analogous to that of prime ideals in the ring R. Using this definition, we investigate conditions on the module M which imply that there is a one-to-one correspondence between isomorphism classes of indecomposable M-injective modules and “prime M-ideals”.

Links of prime ideals

Abstract: We exhibit the elementary but somewhat surprising property that most direct links of prime ideals in Gorenstein rings are equimultiple ideals. It leads to the construction of a bountiful set of Cohen--Macaulay Rees algebras.

Asymptotic variation of L functions of one-variable exponential sums

Abstract: Let d>2 and let p be a prime coprime to d. Let Z_pbar be the ring of integers of Q_pbar. Suppose f(x) is a degree-d polynomial over Qbar and Z_pbar. Let P be a prime ideal over p in the ring of integers of Q(f), where Q(f) is the number field generated by coefficients of f in Qbar. Let A^d be the dimension-d affine space over Qbar, identified with the space of coefficients of degree-d monic polynomials. Let NP(f mod P) denote the p-adic Newton polygon of L(f mod P;T). Let HP(A^d) denote the p-adic Hodge polygon of A^d. We prove that there is a Zariski dense open subset U defined over Q in A^d such that for every geometric point f(x) in U(Qbar) we have lim_{p-->oo} NP(f mod P) = HP(A^d), where P is any prime ideal in the ring of integers of Q(f) lying over p. This proves a conjecture of Daqing Wan.