This paper describes algorithms for constructing a Hall n-subgroup H of a finite soluble group G and the normaliser No(H). If G has composition length n, then H and No(H ) can be constructed using O(n ~ log IGI) and O(n ~ log IGI) group multiplications, respectively. These algorithms may be used to construct other important subgroups such as Carter subgroups, system normalisers and relative sys...

For the two last decades, electronic authentication has been an important topic. The first applications were digital signatures to mimic handwritten signatures for digital documents. Then, Chaum wanted to create an electronic version of money, with similar properties, namely bank certification and users’ anonymity. Therefore, he proposed the concept of blind signatures. For all those problems, ...

is the exponentiation operation. Moreover, if h = gx then we say that x is the discrete logarithm of h on basis g, and write x = logg h. The discrete logarithm assumption in a cyclic finite group G of order p is that given a generator g of G and a randomly generated element h of G, it is computationally infeasible to find logg h. To formalize this, we need to define infeasibility. Thus, more fo...

These are notes for a lecture given at CIRM in 2014, for the Journées Nationales du Calcul Formel . We explain the basic algorithms based on combining congruences for solving the integer factorization and the discrete logarithm problems. We highlight two particular situations where the interaction with symbolic computation is visible: the use of Gröbner basis in Joux's algorithm for discrete lo...

This can be a significantly harder problem. For example, say we are using a randomized (Las Vegas) algorithm. If β lies in 〈α〉 then we are guaranteed to eventually find logα β, but if not, we will never find it and it may be impossible to tell whether we are just very unlucky or β 6∈ 〈α〉. On the other hand, with a deterministic algorithm such as the baby-steps giant-steps method, we can unequiv...

Interval-valued computing is a relatively new computing paradigm. It uses finitely many interval segments over the unit interval in a computation as data structure. The satisfiability of Quantified Boolean formulae and other hard problems, like integer factorization, can be solved in an effective way by its massive parallelism. The discrete logarithm problem plays an important role in practice,...

Proof systems for knowledge of discrete logarithms are an important primitive in cryptography. We identify the basic underlying techniques, generalize these techniques to prove linear relations among discrete logarithms, and propose a notation for describing complex and general statements about knowledge of discrete logarithms. This notation leads directly to a method for constructing eecient p...

The discrete logarithm problem forms the basis of numerous cryptographic systems. The most eeective attack on the discrete logarithm problem in the multiplicative group of a nite eld is via the index calculus, but no such method is known for elliptic curve discrete logarithms. Indeed, Miller 23] has given a brief heuristic argument as to why no such method can exist. IN this note we give a deta...

We call a simple abelian variety over Fp super-isolated if its (Fp-rational) isogeny class contains no other varieties. The motivation for considering these varieties comes from concerns about isogeny based attacks on the discrete log problem. We heuristically estimate that the number of super-isolated elliptic curves over Fp with prime order and p ≤ N , is roughly Θ̃( √ N). In contrast, we prov...

Abstract. Fix a strictly positive measure W on the d-dimensional torus T. For an integer N ≥ 1, denote by W x , x = (x1, . . . , xd), 0 ≤ xi < N , the W measure of the cube [x/N, (x+1)/N), where 1 is the vector with all components equal to 1. In dimension 1, we prove that the hydrodynamic behavior of a superposition of independent random walks, in which a particle jumps from x/N to one of its n...