Abstract: From the Publisher: This unique book explains the basic issues of classical and modern cryptography, and provides a self contained essential mathematical background in number theory, abstract algebra, and probability—with surveys of relevant parts of complexity theory and other things. A user-friendly, down-to-earth tone presents concretely motivated introductions to these topics. More detailed chapter topics include simple ciphers; applying ideas from probability; substitutions, transpositions, permutations; modern symmetric ciphers; the integers; prime numbers; powers and roots modulo primes; powers and roots for composite moduli; weakly multiplicative functions; quadratic symbols, quadratic reciprocity; pseudoprimes; groups; sketches of protocols; rings, fields, polynomials; cyclotomic polynomials, primitive roots; pseudo-random number generators; proofs concerning pseudoprimality; factorization attacks finite fields; and elliptic curves. For personnel in computer security, system administration, and information systems.

Abstract: An extension of serial (60)/parallel (50) Montgomery multiplication method (Figs. 1-2) with simultaneous reduction as previously implemented by the applicants, adapted innovatively to perform both in the prime number and in the GF(2 ) polynomial based number field, in such a way as to simplify the flow of operands, by performing a multiple anticipatory function (430) to enhance the previous modular multiplication procedure.

Abstract: A process is provided for searching in parallel for a plurality of prime number values simultaneously includes the steps of: randomly generating a plurality of k random odd numbers (wherein k is preferably more than 2, but could also be one or more) expressed as n 0,0 , n 1,0 , . . . n ((k−1)),0 , each number providing a prime number candidate; determining a plurality of y additional odd numbers based on each one of the randomly generated odd numbers n 0,0 , n 1,0 , . . . n (k−1),0 to provide additional prime number candidates thereby yielding a total number of prime number candidates; sieving the total number of prime number candidates by performing a small divisor test on each of the candidates in order to eliminate candidates revealed to be composite numbers by the small divisor test thereby yielding a sieved number s of candidates; and performing a first probabilistic primality test on each of the sieved number s of candidates, each of the plurality of s first primality tests including an associated exponentiation operation executed by an associated one of a plurality of s of the exponentiation units, the exponentiation operations being performed by the plurality of s exponentiation units substantially simultaneously in order to eliminate candidates revealed to be composite numbers by the primality test thereby yielding a remaining number r of candidates.

Abstract: Let p be a prime congruent to 1 modulo 4, and let t, u be rational integers such that (t + u∨p)/2 is the fundamental unit of the real quadratic field Q(∨p). The Ankeny-Artin-Chowla conjecture (AAC conjecture) asserts that p will not divide u. This is equivalent to the assertion that p will not divide B (p-1)/2 , where B n denotes the nth Bernoulli number. Although first published in 1952, this conjecture still remains unproved today. Indeed, it appears to be most difficult to prove. Even testing the conjecture can be quite challenging because of the size of the numbers t, u; for example, when p = 40094470441, then both t and u exceed 10 330 000 . In 1988 the AAC conjecture was verified by computer for all p < 10 9 . In this paper we describe a new technique for testing the AAC conjecture and we provide some results of a computer run of the method for all primes p up to 10 11 .

Abstract: Let E be an elliptic curve defined over the rationals. Koblitz conjectured that the number of primes p ? x such that the number of points |E(Fp)| on the curve over the finite field of p elements has prime order is asymptotic to CEx/(log x)2 for some constant CE. We consider curves without complex multiplication. Assuming the GRH (that is, the Riemann Hypothesis for Dedekind zeta functions) we prove that for »x/(log x)2 primes p ? x, the group order |E(Fp)| has at most 16 prime divisors. We also show (again, assuming the GRH) that for a random prime p, the group order |E(Fp)| has log log p prime divisors.

Abstract: A partition of the positive integer n into distinct parts is a decreasing sequence of positive integers whose sum is n, and the number of such partitions is denoted by Q(n). If we adopt the convention that Q(0) = 1, then we have the generating function

Abstract: Av ariation of the Complex Multiplication (CM) method for generating elliptic curves of known order over finite fields is proposed. We give heuristics and timing statistics in the mildly restricted setting of prime curve order. These may be seen to corroborate earlier work of Koblitz in the class number one setting. Our heuristics are based upon a recent conjecture by R. Gross and J. Smith on numbers of twin primes in algebraic number fields. Our variation precalculates class polynomials as a separate off-line process. Unlike the standard approach, which begins with a prime p and searches for an appropriate discriminant D, we choose a discriminant and then search for appropriate primes. Our on-line process is quick and can be compactly coded. In practice, elliptic curves with near prime order are used. Thus, our timing estimates and data can be regarded as upper estimates for practical purposes.

Abstract: Improved upper and lower bounds of the counting functions of the conceivable additive decomposition sets of the set of primes are established. Suppose that A + B = P', where P' differs from the set of primes in finitely many elements only and |A|, |B| ≥ 2. It is shown that the counting functions A(x) of A and B(x) of B, for sufficiently large x, satisfy x 1/2 (log x) -5 «A(x) « x 1/2 (log x) 4 . The same bounds hold for B(x). This immediately solves the ternary inverse Goldbach problem: there is no ternary additive decomposition A + B + C = P', where P' is as above and |A|, |B|, |C| ≥ 2. This considerably improves upon the previously known bounds: for any r ≥ 2, there exist positive constants c 1 and c 2 such that, for sufficiently large x, the following bounds hold: formula math. (Here log r x denotes the rth iterated logarithm.) The proof makes use of a combination of Montgomery's large sieve method and of Gallagher's larger sieve. This combined large sieve method may be of interest in its own right.

Abstract: Let p i , 2 < i < 5 be prime numbers. It is proved that all but « x 1 9 1 9 3 / 1 9 2 0 0 + , positive even integers N smaller than x can be represented as N = p 2 1 + p 3 2 + p 4 3 + p 5 4 .

Abstract: Nous donnons une solution a un probleme pose par Lagarias [5] en 1985, en determinant sous GRH la densite de l'ensemble des nombres premiers qui sont des diviseurs de termes de la suite {x n }∞ n=1 definie par x 0 = 3, x 1 = 1 et la relation de recurrence x n+1 = x n + x n-1 . Cela donne le premier exemple d'une suite de recurrence d'ordre 2 qui n'est pas'a torsion' pour laquelle on sait determiner la densite associee des diviseurs premiers.

Abstract: We present an Extended Quadratic Frobenius Primality Test (EQFT), which is related to the Miller-Rabin test and the Quadratic Frobenius test (QFT) by Grantham. EQFT is well-suited for generating large, random prime numbers since on a random input number, it takes time about equivalent to 2 Miller-Rabin tests, but has much smaller error probability. EQFT extends QFT by verifying additional algebraic properties related to the existence of elements of order 3 and 4. We obtain a simple closed expression that upper bounds the probability of acceptance for any input number. This in turn allows us to give strong bounds on the average-case behaviour of the test: consider the algorithm that repeatedly chooses random odd k bit numbers, subjects them to t iterations of our test and outputs the first one found that passes all tests. We obtain numeric upper bounds for the error probability of this algorithm as well as a general closed expression bounding the error. For instance, it is at most 2^{-143} for k=500, t=2 . Compared to earlier similar results for the Miller-Rabin test, the results indicates that our test in the average case has the effect of 9 Miller-Rabin tests, while only taking time equivalent to about 2 such tests. We also give bounds for the error in case a prime is sought by incremental search from a random starting point. While EQFT is slower than the average case on a small set of inputs, we present a variant that is always fast, i.e. takes time about 2 Miller-Rabin tests. The variant has slightly larger worst case error probability than EQFT, but still improves on previous proposed tests.

Abstract: It is shown that for each compactly generated totally disconnected locally compact group G , there is a finite number of prime numbers, p 1 , p 2 , …, p n , such that the scale function s : G → N satisfies s ( x ) = p 1 a 1 ( x ) p 2 a 2 ( x ) …, p n a n ( x ) , where x ∈ G .

Abstract: The sequence of numbers generated by the cyclotomic polynomials Φn(2) contains the Mersenne numbers 2p − 1 and the Fermat numbers 22 m + 1. Does an algorithm involving O(n) modular operations exist to test the primality of Φn(b)? 1. Cyclotomic polynomials Let n be a positive integer and let ζn be the complex number e2πi/n. The nth cyclotomic polynomial is, by definition

Abstract: Kawamoto [5, 6] proved that for any prime number $p$ and any $a \in \mathbf{Q}^{\times}$, the cyclic extenstion $\mathbf{Q}(\zeta_p, a^{1/p}) / \mathbf{Q}(\zeta_p)$ has a normal integral basis (NIB) if it is tame. We show that this property is peculier to the rationals $\mathbf{Q}$. Namely, we show that for a number field $K$ with $K eq \mathbf{Q}$, there exist infinitely many pairs $(p, a)$ of a prime number $p$ and $a \in K^{\times}$ for which $K(\zeta_p, a^{1/p}) / K(\zeta_p)$ is tame but has no NIB. Our result is an analogue of the theorem of Greither et al. [3] on Hilbert-Speiser number fields.

Abstract: Suppose that E: y 2 = x ( x + M )( x + N ) is an elliptic curve, where M N are rational numbers(≠0,±1),and are relatively prime.Let K be a number field of type (2，…，2) with degree 2 n . For arbitrary n , the structure of the torsion subgroup E ( K ) tors of the K -rational points (Mordell group) of E is completely determined here. Explicitly given are the classification, criteria and parameterization, as well as the groups E ( K ) tors themselves. The order of E ( K ) tors is also proved to be a power of 2 for any n . Besides, for any elliptic curve E over any number field F , it is shown that E ( L ) tors = E ( F ) tors holds for almost all extensions L/F of degree p(a prime number). These results have remarkably developed the recent results by Kwon about torsion subgroups over quadratic fields.

Abstract: We consider issues of computational complexity that arise in the study of quasi-periodic motions (Siegel discs) over the p-adic integers, where p is a prime number. These systems generate regular invertible dynamics over the integers modulo pk, for all k, and the main questions concern the computation of periods and orbit structure. For a specific family of polynomial maps, we identify conditions under which the cycle structure is determined solely by the number of Siegel discs and two integer parameters for each disc. We conjecture the minimal parametrization needed to achieve—for every odd prime p—a two-disc tessellation with maximal cycle length. We discuss the relevance of Cebotarev’s density theorem to the probabilistic description of these dynamical systems.