Papers by Michael John Jacobson, Jr.
Lecture Notes in Computer Science, 2006
Performance Evaluation, 2012
Anonymous network communication protocols provide privacy for Internetbased communication. In thi... more Anonymous network communication protocols provide privacy for Internetbased communication. In this paper, we focus on the performance and scalability of anonymity protocols. In particular, we develop performance models for two anonymity protocols from the prior literature (Buses and Taxis), as well as our own newly proposed protocol (Motorcycles). Using a combination of experimental implementation, simulation, and analysis, we show that: (1) the message latency of the Buses protocol is O(N 2 ), scaling quadratically with the number of participants; (2) the message latency of the Taxis protocol is O(N ), scaling linearly with the number of participants; and (3) the message latency of the Motorcycles protocol is O(log 2 N ), scaling logarithmically with the number of participants. Motorcycles can provide scalable anonymous network communication, without compromising the strength of anonymity provided by Buses or Taxis.
IEEE Transactions on Computers, 2008
PhD diss., Technische …, 1999
Page 1. SUBEXPONENTIAL CLASS GROUP COMPUTATION IN QUADRATIC ORDERS (ABSTRACT) MICHAEL JOHN JACOBS... more Page 1. SUBEXPONENTIAL CLASS GROUP COMPUTATION IN QUADRATIC ORDERS (ABSTRACT) MICHAEL JOHN JACOBSON, JR. In 1989, the rst subexponential algorithm for computing the class group of an imaginary ...
CMS Books in Mathematics, 2009
Lecture Notes in Computer Science, 2009
Hash Functions I.- Practical Collisions for SHAMATA-256.- Improved Cryptanalysis of the Reduced G... more Hash Functions I.- Practical Collisions for SHAMATA-256.- Improved Cryptanalysis of the Reduced Grostl Compression Function, ECHO Permutation and AES Block Cipher.- Cryptanalyses of Narrow-Pipe Mode of Operation in AURORA-512 Hash Function.- Miscellaneous Techniques.- More on Key Wrapping.- Information Theoretically Secure Multi Party Set Intersection Re-visited.- Real Traceable Signatures.- Hash Functions II.- Cryptanalysis of Hash Functions with Structures.- Cryptanalysis of the LANE Hash Function.- Practical Pseudo-collisions for Hash Functions ARIRANG-224/384.- Hardware Implementation and Cryptanalysis.- A More Compact AES.- Optimization Strategies for Hardware-Based Cofactorization.- More on the Security of Linear RFID Authentication Protocols.- Differential Fault Analysis of Rabbit.- An Improved Recovery Algorithm for Decayed AES Key Schedule Images.- Block Ciphers.- Cryptanalysis of the Full MMB Block Cipher.- Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis.- Improved Integral Attacks on MISTY1.- New Results on Impossible Differential Cryptanalysis of Reduced-Round Camellia-128.- Modes of Operation.- Format-Preserving Encryption.- BTM: A Single-Key, Inverse-Cipher-Free Mode for Deterministic Authenticated Encryption.- Implementation of Public Key Cryptography.- On Repeated Squarings in Binary Fields.- Highly Regular m-Ary Powering Ladders.- An Efficient Residue Group Multiplication for the ? T Pairing over .- Compact McEliece Keys from Goppa Codes.- Hash Functions and Stream Ciphers.- Herding, Second Preimage and Trojan Message Attacks beyond Merkle-Damgard.- Cryptanalysis of Dynamic SHA(2).- A New Approach for FCSRs.- New Cryptanalysis of Irregularly Decimated Stream Ciphers.
Journal of Cryptographic Engineering, 2020
We present an algorithm that unconditionally computes a representation of the unit group of a num... more We present an algorithm that unconditionally computes a representation of the unit group of a number field of discriminant ∆ K , given a full-rank subgroup as input, in asymptotically fewer bit operations than the baby-step giant-step algorithm. If the input is assumed to represent the full unit group, for example, under the assumption of the Generalized Riemann Hypothesis, then our algorithm can unconditionally certify its correctness in expected time O(∆ n/(4n+2)+ǫ K) = O(∆ 1/4−1/(8n+4)+ǫ K) where n is the unit rank.
Advances in Mathematics of Communications, 2013
A significant amount of effort has been devoted to improving divisor arithmetic on low-genus hype... more A significant amount of effort has been devoted to improving divisor arithmetic on low-genus hyperelliptic curves via explicit versions of generic algorithms. Moderate and high genus curves also arise in cryptographic applications, for example, via the Weil descent attack on the elliptic curve discrete logarithm problem, but for these curves, the generic algorithms are to date the most efficient available. Nagao [21] described how some of the techniques used in deriving efficient explicit formulas can be used to speed up divisor arithmetic using Cantor's algorithm on curves of arbitrary genus. In this paper, we describe how Nagao's methods, together with a sub-quadratic complexity partial extended Euclidean algorithm using the half-gcd algorithm can be applied to improve arithmetic in the degree zero divisor class group. We present numerical results showing which combination of techniques is more efficient for hyperelliptic curves over F 2 n of various genera.
Mathematics of Computation, 1997
We present new algorithms for computing orders of elements, discrete logarithms, and structures o... more We present new algorithms for computing orders of elements, discrete logarithms, and structures of finite abelian groups. We estimate the computational complexity and storage requirements, and we explicitly determine the O O -constants and Ω \Omega -constants. We implemented the algorithms for class groups of imaginary quadratic orders and present a selection of our experimental results. Our algorithms are based on a modification of Shanks’ baby-step giant-step strategy, and have the advantage that their computational complexity and storage requirements are relative to the actual order, discrete logarithm, or size of the group, rather than relative to an upper bound on the group order.
We present a method for tabulating all cubic function fields over Fq(t) whose discriminant D has ... more We present a method for tabulating all cubic function fields over Fq(t) whose discriminant D has either odd degree or even degree and the leading coefficient of −3D is a non-square in F∗q, up to a given bound B on deg(D). Our method is based on a generalization of Belabas ’ method for tabulating cubic number fields. The main theoretical ingredient is a generalization of a theorem of Davenport and Heilbronn to cubic function fields, along with a reduction theory for binary cubic forms that provides an efficient way to compute equivalence classes of binary cubic forms. The algorithm requires O(B4qB) field operations as B → ∞. The algorithm, examples and numerical data for q = 5, 7, 11, 13 are included. 1
We present a method for tabulating all cubic function fields over Fq(t) whose discriminant D has ... more We present a method for tabulating all cubic function fields over Fq(t) whose discriminant D has either odd degree or even degree and the leading coefficient of −3D is a non-square in F∗q, up to a given bound B on deg(D). Our method is based on a generalization of Belabas ’ method for tabulating cubic number fields. The main theoretical ingredient is a generalization of a theorem of Davenport and Heilbronn to cubic function fields, along with a reduction theory for binary cubic forms that provides an efficient way to compute equivalence classes of binary cubic forms. The algorithm requires O(B4qB) field operations as B → ∞. The algorithm, examples and numerical data for q = 5, 7, 11, 13 are included. 1
Series on Coding Theory and Cryptology, 2007
Series on Coding Theory and Cryptology, 2007
Open Book Series, 2020
We present novel explicit formulas for arithmetic in the divisor class group of a C 3,4 curve. Ou... more We present novel explicit formulas for arithmetic in the divisor class group of a C 3,4 curve. Our formulas handle all cases of inputs and outputs without having to fall back on a generic method. We also improve on the most commonly occurring case by reducing the number of required field inversions to one at the cost of a small number of additional field operations, resulting in running times that are between 11 and 21% faster than the prior state of the art depending on the field size, and even more for small field sizes when nontypical cases frequently arise.
Progress in Cryptology – INDOCRYPT 2018, 2018
We propose an algorithm for computing an isogeny between two elliptic curves E1, E2 defined over ... more We propose an algorithm for computing an isogeny between two elliptic curves E1, E2 defined over a finite field such that there is an imaginary quadratic order O satisfying O ≃ End(Ei) for i = 1, 2. This concerns ordinary curves and supersingular curves defined over Fp (the latter used in the recent CSIDH proposal). Our algorithm has heuristic asymptotic run time e O √ log(|∆|) and requires polynomial quantum memory and e O √ log(|∆|) classical memory, where ∆ is the discriminant of O. This asymptotic complexity outperforms all other available method for computing isogenies. We also show that a variant of our method has asymptotic run time eÕ √ log(|∆|) while requesting only polynomial memory (both quantum and classical).
Experimental Mathematics, 2018
We present a variety of numerical data related to the growth of terms in aliquot sequences, itera... more We present a variety of numerical data related to the growth of terms in aliquot sequences, iterations of the function s(n) = σ(n) − n. First, we compute the geometric mean of the ratio s k (n)/s k−1 (n) of kth iterates for n ≤ 2 37 and k = 1,. .. , 10. Second, we extend the computation of numbers not in the range of s(n) (called untouchable) by Pollack and Pomerance [2016] to the bound of 2 40 and use these data to compute the geometric mean of the ratio of consecutive terms limited to terms in the range of s(n). Third, we give an algorithm to compute k-untouchable numbers (k − 1st iterates of s(n) but not kth iterates) along with some numerical data. Finally, inspired by earlier work of Devitt [1976], we estimate the growth rate of terms in aliquot sequences using a Markov chain model based on data extracted from thousands of sequences.
LMS Journal of Computation and Mathematics, 2016
In this paper, we present novel algorithms for finding small relations and ideal factorizations i... more In this paper, we present novel algorithms for finding small relations and ideal factorizations in the ideal class group of an order in an imaginary quadratic field, where both the norms of the prime ideals and the size of the coefficients involved are bounded. We show how our methods can be used to improve the computation of large-degree isogenies and endomorphism rings of elliptic curves defined over finite fields. For these problems, we obtain improved heuristic complexity results in almost all cases and significantly improved performance in practice. The speed-up is especially high in situations where the ideal class group can be computed in advance.
Mathematics of Computation, 2015
We present an improved algorithm for tabulating class groups of imaginary quadratic fields of bou... more We present an improved algorithm for tabulating class groups of imaginary quadratic fields of bounded discriminant. Our method uses classical class number formulas involving theta-series to compute the group orders unconditionally for all ∆ ≡ 1 (mod 8). The group structure is resolved using the factorization of the group order. The 1 mod 8 case was handled using the methods of [JRW06], including the batch verification method based on the Eichler-Selberg trace formula to remove dependence on the Extended Riemann Hypothesis. Our new method enabled us to extend the previous bound of |∆| < 2 • 10 11 to 2 40. Statistical data in support of a variety conjectures is presented, along with new examples of class groups with exotic structures.
Advances in Mathematics of Communications, 2014
We present an analysis of Bernstein's batch integer smoothness test when applied to the case of p... more We present an analysis of Bernstein's batch integer smoothness test when applied to the case of polynomials over a finite field F q. We compare the performance of our algorithm with the standard method based on distinct degree factorization from both an analytical and a practical point of view. Our results show that the batch test offers no advantage asymptotically, and that it offers practical improvements only in a few rare cases.
Uploads
Papers by Michael John Jacobson, Jr.