Randomness Extraction in finite fields F p
|
|
- Hilda Owen
- 6 years ago
- Views:
Transcription
1 Randomness Extraction in finite fields F n Abdoul Aziz Ciss École doctorale de Mathématiques et d Informatique, Université Cheikh Anta Dio de Dakar, Sénégal BP: 5005, Dakar Fann abdoul.ciss@ucad.edu.sn, Abstract. Many technics for randomness extraction over finite fields was roosed by various authors such as Fouque et al. and Carneti et al.. At eurocryt 09, these revious works was imroved by Chevalier et al., over a finite field F, where is a rime. But their aers don t study the case where the field is not rime such as binary fields. In this aer, we resent a deterministic extractor for a multilicative subgrou of F n, where is a rime. In articular, we show that the k-first F -coefficients of a random element in a subgrou of F n are indistinguishable from a random bit-string of the same length. Hence, under the Decisional Diffie- Hellman assumtion over binary fields, one can deterministically derive a uniformly random bit-string from a Diffie-Hellman key exchange in the standard model. Over F, Chevalier et al. use the Polya-Vinogradov inequality to bound incomlete character sums but over F n we use Winterhof inequality to bound incomlete character sums. Our roosition is a good deterministic extractor even if the length of its outut is less than those one can have with the leftover hash lemma and universal hash functions. Our extractor can be used in any crytograhic rotocol or encrytion schemes. Keywords: Finite fields, Polya-Vinogradov inequality, Winterhof inequality, exonential sums, incomlete character sums, Deterministic extractor, Decisional Diffie-Hellman, random bit-string, key exchange, leftover hash lemma. 1 Introduction In many crytograhic rotocols and crytograhic schemes, it is necessary to be able to derive a random bit-string from a random element in a grou. This is the case for Diffie-Hellman key exchange [8] which is the most famous rotocol that allows arties to agree on a common random element in a cyclic subgrou H of a grou G, generated by an element g of rime order q. The security of the Diffie-Hellman exchange relies on the Diffie-Hellman assumtion (DDH) [], which states that there is no efficient algorithm that can distinguish the two distributions (g a, g b, g ab ) and (g a, g b, g c ) in G 3, where 1 a, b, c q are chosen at random. Under the DDH assumtion, one can agree on a random rivate element. Hence, one has to derive a random-looking bit-string from this random element. Different aroaches were roosed to solve this roblem.
2 Abdoul Aziz ciss One classical way to transform a random grou-element to a random-looking bit-string is to aly a hash function to the Diffie-Hellman grou-element but the indistinguishability is roved under the random oracle model [1]. An alternative method to hash functions, secure under the standard model, is to use a randomness extractor. In 1998, Boneh et al. roose in [4], to extract the least or the most significant bits of the Diffie-Hellman element. In 1999, Håstad et al., [1], via the Leftover Hash Lemma, roose a robabilistic randomness extractor that can extract entroy from any random source which has sufficient min-entroy. This technic, with its variants [10, 1], requires the use of hash or seudorandom functions and an extra erfect randomness, which is a lack for ractical use. In 000, Carneti et al. [5] show that, in a statistical sense, the k most significant bits of g xy is indistinguishable from a random bit-string of length k, given the k most significant bits of g x and g y. But, in 001, Boneh et al. observe that this technic cannot be used in ractice because in most rotocols, the adversary learns all of g x and g y. In 008, Fouque et al. show in [9], under the DDH assumtion that k least significant bits or the most significant bits of a random element in a subgrou of Z are indistinguishable from a random bit-string of the same length. To rove this, the authors bound the statistical distance by evaluating the L 1 norm, using exonential sums. In 009, at Eurocryt, Chevalier et al. [6] study a quite simle deterministic extractor from random Diffie-Hellman elements defined over a rime order multilicative subgrou G of Z and over the grou of oints of an ellitic curve. They uer-bound the L norm and use some classical results on exonential sums to rove their results. They imrove at the same time the results in [9]. But their works include only rime fields. In this aer, we extend the above result of Chevalier et al. to non rime finite fields: F n, with a rime and a ositive integer n greater than 1. The extension of the work of Chevalier et al. on ellitic curves over non rime finite fields was already done in [7]. Here, we resent a quite simle deterministic extractor, denoted Ext k for a multilicative subgrou G of a finite field F n. In articular for binary finite fields F n, we show under the DDH assumtion that the k-first F -coefficients (the k least significant bits) of a random grou-element in a subgrou of F n, are indistinguishable from a random bit-string of the same length. This aroach is somewhat similar to those of [7] for deterministic randomness extractor in ellitic curves. Over F, Chevalier et al. use the Polya- Vinogradov inequality to bound incomlete character sums [14] but over F n we use Winterhof inequality to bound incomlete character sums [0]. The aer is organized as follows : In section 1, we recall some definitions and results about randomness extraction and character sums. In section, we resent and give an analysis of our extractor. We finish by giving a natural alication of our extractor to the Diffie-Hellman key exchange in F n.
3 Randomness Extraction in finite fields F n 3 Preliminaries In this section, we introduce some definitions and results about entroy and randomness extraction..1 Deterministic extractor Definition 1 (Collision robability). Let S be a finite set and X be an S- valued random variable. The collision robability of X, denoted by Col(X), is the robability Col(X) = s S Pr[X = s]. If X and X are identically distributed random variables on S, the collision robability of X is interreted as Col(X) = Pr[X = X ]. Definition (Statistical distance). Let S be a finite set. If X and Y are S-valued random variables, then the statistical distance (X, Y ) between X and Y is defined as (X, Y ) = 1 Pr[X = s] Pr[Y = s]. s S Definition 3. Let U S be a random variable uniformly distributed on S and δ 1 a ositive real number. Then a random variable X on S is said to be δ-uniform if (X, U S ) δ Lemma 1. Let S be a finite set and let (α x ) be a sequence of real numbers. Then, ( α x ) α S x. (1) Proof. This inequality is a direct consequence of Cauchy-Schwartz inequality: α x = 1. α x αx S αx. The result can be deduced easily. 1 Corollary 1. If X is an S-valued random variable then 1 Col(X), () S Lemma. Let X be a random variable over a finite set S of size S and ϵ = (X, U S ) be the statistical distance between X and U S, where U S is a uniformly distributed random variable over S. Then, Col(X) 1 + 4ϵ. S
4 4 Abdoul Aziz ciss Proof. If ϵ = 0, then the result is an easy consequence of Equation. Let suose that ϵ 0 and define q x = Pr[X = x] 1/ S /ϵ. Then x q x = 1 and by Equation 1, we have 1 S qx = 1 (Col(X) 1/ S ). 4ϵ The lemma can be deduced easily. ( ) (Pr[X = x] 1/ S ) 4ϵ = 1 4ϵ Pr[X = x] 1/ S Definition 4. Let S and T be two finite sets. Let Ext be a function Ext : S T. We say that Ext is a deterministic (T, δ)-extractor for S if Ext(U S ) is δ- uniform on T. That is (Ext(U S ), U T ) δ. For more information on extractors, see [16, 18].. Character sums In the following, we recall some fundamental results on character sums. We denote by e the character on F such that, for all y F, e (y) = e iπy C, and by ψ the additive character in F n such that for all x F n, ψ(x) = e (Tr(x)) where Tr(x) = x + x x n 1 is the trace of x F n to F. Lemma 3. Let ψ be an additive character of F n and let G be a multilicative subgrou of F n. Consider the following Gauss sum T (a, G) = x G ψ(ax). Then, max T (a, G) n. a F n Proof. See [14] or [17]. Lemma 4. Let V be an additive subgrou of F n et let ψ be an additive character of F n. Then, ψ(yz) n. Proof. See [0] for the roof. y F n z V For more details on character sums see [14, 15].
5 Randomness Extraction in finite fields F n 5.3 Leftover Hash Lemma In this subsection, we recall the Leftover Hash Lemma [13, 1]. It is the most famous randomness extractor but it requires the use of universal hash functions. Definition 5 (Guessing robability). Let X be a random variable taking values on a set V of size N, the guessing robability γ(x) of X is defined to be γ(x) = max{p [X = v] : v V}. Definition 6 (Universal hash function families). Let H = {h i } i be a family of efficiently comutable hash functions h i : {0, 1} n {0, 1} k, for i {0, 1} d. We say that H is a universal hash function family if for every x y in {0, 1} n, Pr i {0,1} d[h i (x) = h i (y)] 1/ k. Theorem 1 (Leftover Hash Lemma). Let H be a universal hash function family from {0, 1} n to {0, 1} k, keyed by i {0, 1} d. Let i denote a random variable with uniform distribution over {0, 1} d, let U k be a random variable uniformly distributed in {0, 1} k, and let A be a random variable taking values in {0, 1} n, with i and A mutually indeendent. Let γ = γ(a), then Proof. See [19] k γ ( i, h i (A), i, U k ). The Leftover Hash Lemma extracts nearly all of the entroy available whatever the randomness sources are, but it needs to invest few additional truly random bits. To circumvent this roblem, we roose a deterministic extractor which is not otimal. 3 Randomness extraction in F n In this section, we roose and rove the security of a simle deterministic randomness extractor for a subgrou G of F n. The main theorem of this section states that the k-first coefficients of a random element in G are close to a truly random grou-element in F k. Our aroach is somewhat similar to those in [7] related to randomness extraction in ellitic curves defined over F n. In fact, we use the Gaussian exonential sums to bound the statistical distance. Consider the finite field F n, where is rime and n is a ositive integer. Then F n is a n-dimensional vector sace over F. Let {α 1, α,..., α n } be a basis of F n over F. That means, every element x in F n can be reresented in the form x = x 1 α 1 + x α x n α n, where x i F n. Let G be a subgrou of F n. The extractor Ext k, for a given random element x of G, oututs the k-first F -coefficients of x.
6 6 Abdoul Aziz ciss Definition 7. Let G F be a multilicative subgrou of order q and let k be n a ositive integer less than n. The extractor Ext k is defined as a function Ext k : G F k x (x 1, x,..., x k ), where x is reresented as x = x 1 α 1 + x α x n α n. The following theorem shows that Ext k is a good randomness extractor. Theorem. Let G F n be a multilicative subgrou of order q. Then (n+k) (Ext k (U G ), U F k q ), q where 1 < k < n is a ositive integer, U G is a random variable uniformly distributed in G and U F k is the uniform distribution in F k. Proof. Let us define the sets M = {(x k+1 α k+1 + x k+ α k x n α n ), x i F } F n, and A = {(x, y) G / m M, x y = m}. Let us construct the characteristic function 1 (x,y,m) = 1 n a F q ψ(a(x y m)), which is equal to 1 if x y = m and 0 otherwise. Then the size of the set A is given by A = 1 n x G y G m M a F n ψ(a(x y m)).
7 Randomness Extraction in finite fields F n 7 Therefore, Col(Ext k (U G )) = A G = A q 1 = q n ψ(a(x y m)) x G y G m M a F n = 1 k + 1 q n ψ(a(x y m)) x G y G m M a F n = 1 k + 1 q n ( ) ψ(ax) ψ( ay) ψ( am) m M a F n = 1 k + 1 q n x G 1 k + 1 q n R where R = max a F T (a, G).. n Since y G T (a, G).T ( a, G) ψ( am) a F n m M ψ( am), a F n m M R n, by Lemma 3, and a F n m M ψ( am) n, by Lemma 4, we have the following inequalities: Therefore, Hence, Col(Ext k (U G )) 1 k + n q (Ext k (U G ), U F k ) k 1 k + n q. (n+k) (Ext k (U G ), U F k ). q For non binary field, we have the following corollary. Corollary. Let > be a rime and let G F be a multilicative subgrou n of order q with q = r and = m. If e > 1 is a ositive integer and k > 1 is a ositive integer such that r e mn k, m then Ext k is a (U G, 1 e ) deterministic randomness extractor.
8 8 Abdoul Aziz ciss Proof. Since k r e mn m, we have m(n + k) r e m(n+k) r e m(n+k) r 1 e Hence (ext k (U G ), U F k ) e. For binary fields, we obtain the following lemma. (n+k) q e. Lemma 5. Let G F be a multilicative subgrou of order q with q = r. If n e > 1 is a ositive integer and and k > 1 is a ositive integer such that k r e n, then Ext k is a (U G, 1 e ) deterministic randomness extractor. Proof. We have k t e n (n+k) r e. Since = and r 1 q < r, we deduce that (n+k) r n+k r 1 1 e n+k q 1 e. e. Therefore, Remark 1. We have the same results as above if the extractor Ext k oututs the k-last F -coefficients of a given random element in a multilicative subgrou G of F n. 4 Alications Our extractor can extract entroy from any random element in a grou G. Hence, an obvious alication of the extractor Ext k is key derivation from a random Diffie-Hellman element in a DDH grou G F n. After a Diffie-Hellman key exchange, arties agree on a common random element in G which is indistinguishable from a uniformly distributed element in G, under the DDH assumtion. However, it does not suffice since they want a uniformly distributed bit-string for symmetric schemes. Thus, one have to extract the entroy from this random Diffie-Hellman element by means of a randomness extractor. For examle, suose that we want a 56-bits symmetric key from a random Diffie-Hellman key exchange is a subgrou G of F n with a security bound of e = 80 as in the Leftover Hash Lemma. Then, one has to take the rime n = 811 and consider a subgrou G of rime order q with q = r = 615. We obtain exactly a erfectly random 56-bit string with the security bound 80. Note that the subgrou G has only q elements with 615 q < 616. As in [10] for rime field, the large q is the main drawback here for non rime field because q is greater than n. In the following table we give the size of q = G,( with = and e = 80) knowing the size n(= rime) of the field F n and k (the length of the outut of the extractor).
9 Conclusion Randomness Extraction in finite fields F n 9 k (key)\\n (rime) q = 404 q = 549 q = 654 q = q = 43 q = 581 q = 686 q = 75 4 q = 448 q = 597 q = 70 q = q = 468 q = 615 q = 718 q = 783 This aer extends the study of the existence of randomness extractors for a subgrou G of a finite rime field Z to a field of the form F n where is a rime and n > 1 an integer. The extractor denoted by Ext k, for a given random element in a subgrou G of F n, oututs k-first (res. k-last) F -coefficients of this element. Our extractor works for any finite field F n where the DDH assumtion holds. Hence, we show that if q is large we can derive random bitstring. In general, they can be used in any crytograhic rotocol which requires to extract a random bit-string from a random grou-element. As in Fouque et al. [10] for rime field, the large q is the main drawback here for non rime field because q is grater than n. Hence, as further work it will be interesting to imrove the bound roosed in this aer. References 1. M. Bellare and P. Rogaway. Random oracles are ractical : A Paradigm for designing efficient rotocols. In V. Ashby, editor, ACM CCS 93, ages ACM Press, Nov D. Boneh. The decision Diffie-Hellman roblem. In Third Algorithmic Number Theory Symosium (ANTS), vol.143 of LNCS. Sringer, D. Boneh and I. Sharlinski. On the unredictability of bits of the ellitic curve Diffie-Hellman scheme. In J. Kilian, editor, CRYPTO 001, vol. 139 of LNCS, ages Sringer, Aug D. Boneh and R. Venkatesan. Hardness of comuting the most significant bits of secret keys in Diffie-Hellman and related schemes. In N. Koblitz, editor, CRYPTO 96, vol of LNCS, ages Sringer, Aug R. Carneti, J. Friedlander, S. Koyagin, M. Larsen, D. Lieman and I. Sharlinski. On the Statistical Proerties of Diffie-Hellman Distributions. Israel Journal of Mathematics, vol. 10, ages 3-46, C. Chevalier, P. Fouque, D. Pointcheval and S. Zimmer, Otimal Randomness Extraction from a Diffie-Hellman Element, Advances in Crytology - Eurocryt 09, vol of LNCS, ages , Sringer-Verlag, A. A. Ciss and D. Sow. On Randomness Extraction in Ellitic Curves. In A. Nitaj and D. Pointcheval, editors. Africacryt 011, vol of LNCS, ages Sringer-Verlag, W. Diffie, M. Hellman, New Directions in Crytograhy, IEEE Transactions On Information Theory, vol., no.6, , P.A. Fouque, D. Pointcheval, J. Stern, and S. Zimmer. Hardness of distinguishing the MSB or the LSB of secret keys in Diffie-Hellman schemes. In M. Bugliesi, B. Preneel, V. Sassone, and I. Wegener, editors, ICALP 006, Part II, vol. 405 of LNCS, ages ACM, 008.
10 10 Abdoul Aziz ciss 10. P. A. Fouque, D. Pointcheval, S. Zimmer. HMAC is a good randomness extractor and alications to TLS. In M. Abe and V. D. Gligor, editors, ASIACCS, ages 1-3. ACM, Y. Dodis, R. Gennaro, J. Håstad, H. Krawczyk, and T. Rabin, Randomness extraction and key derivation using the CBC, cascade and HMAC modes. In Matthew K. Franklin, editor, Advances in Crytology - CRYPTO 004, volume 3150 of LNCS, ages Sringer R. Genaro, H. Krawczyk, and T. Rabin. Secure Hashed Diffie-Hellman on non- DDH grous. In C. Cachin and J. Camenisch, editors, Eurocryt 004, volume 307 of LNCS, ages Sringer, May J. Håstad, R. Imagliazzo, L. Levin, and M. Luby, A seudorandom generator from any one-way function, SIAM Journal on Comuting, Vol. 8, no.4, , S. V. Koyagin and I. Sharlinski. Character Sums With Exonential Functions and Their Alications. Cambridge University Press, Cambridge, R. Lidl and H. Niederreiter. Finite Fields. Cambridge University Press, R. Shaltiel, Recent Develoments in Exlicit Constructions of Extractors, Bulletin of the EATCS 77 (00), 67 95; I. Sharlinski. Bounds of Gauss Sums in Finite Fields. Proceedings of the American Mathmatical Society, vol 13, ages AMS L. Trevisan and S. Vadhan, Extracting Randomness from Samlable Distributions, IEEE Symosium on Foundations of Comuter Science, 3 4, V. Shou A Comutational Introduction to Number Theory and Algebra Cambridge University Press, Cambridge A. Winterhof. Incomlete Additive Character Sums and Alications. In D. Jungnickel and H. Niederreiter, editors. Finite Fields and Alications, ages Sringer-Velag 001.
arxiv: v1 [cs.cr] 2 Feb 2015
Randomness Extraction over Bilinear Character Sums Boudjou T. Hortense,Universite de Maroua-Cameroon ; Dr Abdoul Aziz Ciss, Ecole Polytechnique de Thies-Senegal Setember 7, 08 arxiv:50.00433v [cs.cr] Feb
More informationTwo-sources Randomness Extractors for Elliptic Curves
Two-sources Randomness Extractors for Elliptic Curves Abdoul Aziz Ciss Laboratoire de Traitement de l Information et Systèmes Intelligents, École Polytechnique de Thiès, Sénégal aaciss@ept.sn Abstract.
More informationHardness of Distinguishing the MSB or LSB of Secret Keys in Diffie-Hellman Schemes
Hardness of Distinguishing the MSB or LSB of Secret Keys in Diffie-Hellman Schemes Pierre-Alain Fouque, David Pointcheval, Jacques Stern, and Sébastien Zimmer CNRS-École normale supérieure Paris, France
More informationOn the Unpredictability of Bits of the Elliptic Curve Diffie Hellman Scheme
On the Unredictability of Bits of the Ellitic Curve Diffie Hellman Scheme Dan Boneh 1 and Igor E. Sharlinski 2 1 Deartment of Comuter Science, Stanford University, CA, USA dabo@cs.stanford.edu 2 Deartment
More informationOptimal Randomness Extraction from a Diffie-Hellman Element
Optimal Randomness Extraction from a Diffie-Hellman Element Céline Chevalier, Pierre-Alain Fouque, David Pointcheval, and Sébastien Zimmer École Normale Supérieure, CNRS-INRIA, Paris, France {Celine.Chevalier,Pierre-Alain.Fouque,David.Pointcheval,
More information1. Introduction. 2. Background of elliptic curve group. Identity-based Digital Signature Scheme Without Bilinear Pairings
Identity-based Digital Signature Scheme Without Bilinear Pairings He Debiao, Chen Jianhua, Hu Jin School of Mathematics Statistics, Wuhan niversity, Wuhan, Hubei, China, 43007 Abstract: Many identity-based
More informationCDH/DDH-Based Encryption. K&L Sections , 11.4.
CDH/DDH-Based Encrytion K&L Sections 8.3.1-8.3.3, 11.4. 1 Cyclic grous A finite grou G of order q is cyclic if it has an element g of q. { 0 1 2 q 1} In this case, G = g = g, g, g,, g ; G is said to be
More informationCryptography. Lecture 8. Arpita Patra
Crytograhy Lecture 8 Arita Patra Quick Recall and Today s Roadma >> Hash Functions- stands in between ublic and rivate key world >> Key Agreement >> Assumtions in Finite Cyclic grous - DL, CDH, DDH Grous
More informationCryptanalysis of Pseudorandom Generators
CSE 206A: Lattice Algorithms and Alications Fall 2017 Crytanalysis of Pseudorandom Generators Instructor: Daniele Micciancio UCSD CSE As a motivating alication for the study of lattice in crytograhy we
More informationImproved Hidden Vector Encryption with Short Ciphertexts and Tokens
Imroved Hidden Vector Encrytion with Short Cihertexts and Tokens Kwangsu Lee Dong Hoon Lee Abstract Hidden vector encrytion HVE) is a articular kind of redicate encrytion that is an imortant crytograhic
More informationA Public-Key Cryptosystem Based on Lucas Sequences
Palestine Journal of Mathematics Vol. 1(2) (2012), 148 152 Palestine Polytechnic University-PPU 2012 A Public-Key Crytosystem Based on Lucas Sequences Lhoussain El Fadil Communicated by Ayman Badawi MSC2010
More informationElliptic Curves and Cryptography
Ellitic Curves and Crytograhy Background in Ellitic Curves We'll now turn to the fascinating theory of ellitic curves. For simlicity, we'll restrict our discussion to ellitic curves over Z, where is a
More informationApproximating min-max k-clustering
Aroximating min-max k-clustering Asaf Levin July 24, 2007 Abstract We consider the roblems of set artitioning into k clusters with minimum total cost and minimum of the maximum cost of a cluster. The cost
More informationElementary Analysis in Q p
Elementary Analysis in Q Hannah Hutter, May Szedlák, Phili Wirth November 17, 2011 This reort follows very closely the book of Svetlana Katok 1. 1 Sequences and Series In this section we will see some
More informationLattice Attacks on the DGHV Homomorphic Encryption Scheme
Lattice Attacks on the DGHV Homomorhic Encrytion Scheme Abderrahmane Nitaj 1 and Tajjeeddine Rachidi 2 1 Laboratoire de Mathématiques Nicolas Oresme Université de Caen Basse Normandie, France abderrahmanenitaj@unicaenfr
More informationAn Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security
An extended abstract of this aer aears in the Proceedings of the 35th Annual Crytology Conference (CRYPTO 2015), Part I, Rosario ennaro and Matthew Robshaw (Eds.), volume 9215 of Lecture Notes in Comuter
More informationStrongly Unforgeable Signatures Based on Computational Diffie-Hellman
Strongly Unforgeable Signatures Based on Computational Diffie-Hellman Dan Boneh 1, Emily Shen 1, and Brent Waters 2 1 Computer Science Department, Stanford University, Stanford, CA {dabo,emily}@cs.stanford.edu
More informationEfficient Cryptosystems From 2 k -th Power Residue Symbols
Efficient Crytosystems From 2 k -th Power Residue Symbols Marc Joye and Benoît Libert Technicolor 975 avenue des Chams Blancs, 35576 Cesson-Sévigné Cedex, France {marc.joye,benoit.libert}@technicolor.com
More information#A37 INTEGERS 15 (2015) NOTE ON A RESULT OF CHUNG ON WEIL TYPE SUMS
#A37 INTEGERS 15 (2015) NOTE ON A RESULT OF CHUNG ON WEIL TYPE SUMS Norbert Hegyvári ELTE TTK, Eötvös University, Institute of Mathematics, Budaest, Hungary hegyvari@elte.hu François Hennecart Université
More informationDeterministic Extractors For Small-Space Sources
Deterministic Extractors For Small-Sace Sources Jesse Kam Deartment of Comuter Science University of Texas Austin, T 7871 kam@cs.utexas.edu Salil Vadhan Division of Engineering and Alied Sciences Harvard
More informationCS 6260 Some number theory. Groups
Let Z = {..., 2, 1, 0, 1, 2,...} denote the set of integers. Let Z+ = {1, 2,...} denote the set of ositive integers and = {0, 1, 2,...} the set of non-negative integers. If a, are integers with > 0 then
More informationMaxisets for μ-thresholding rules
Test 008 7: 33 349 DOI 0.007/s749-006-0035-5 ORIGINAL PAPER Maxisets for μ-thresholding rules Florent Autin Received: 3 January 005 / Acceted: 8 June 006 / Published online: March 007 Sociedad de Estadística
More informationON THE SET a x + b g x (mod p) 1 Introduction
PORTUGALIAE MATHEMATICA Vol 59 Fasc 00 Nova Série ON THE SET a x + b g x (mod ) Cristian Cobeli, Marian Vâjâitu and Alexandru Zaharescu Abstract: Given nonzero integers a, b we rove an asymtotic result
More informationA Modified Menezes-Vanstone Elliptic Curve Multi-Keys Cryptosystem
A Modified Menezes-Vanstone Ellitic Curve Multi-Keys Crytosystem By K.H. Rahouma Electrical Technology Deartment Technical College in Riyadh Riyadh, Kingdom of Saudi Arabia E-mail: kamel_rahouma@yahoo.com
More informationDimension Characterizations of Complexity Classes
Dimension Characterizations of Comlexity Classes Xiaoyang Gu Jack H. Lutz Abstract We use derandomization to show that sequences of ositive sace-dimension in fact, even ositive k-dimension for suitable
More informationRobustness of classifiers to uniform l p and Gaussian noise Supplementary material
Robustness of classifiers to uniform l and Gaussian noise Sulementary material Jean-Yves Franceschi Ecole Normale Suérieure de Lyon LIP UMR 5668 Omar Fawzi Ecole Normale Suérieure de Lyon LIP UMR 5668
More informationTanja Lange Technische Universiteit Eindhoven
Crytanalysis Course Part I Tanja Lange Technische Universiteit Eindhoven 28 Nov 2016 with some slides by Daniel J. Bernstein Main goal of this course: We are the attackers. We want to break ECC and RSA.
More informationCongruences and exponential sums with the sum of aliquot divisors function
Congruences and exonential sums with the sum of aliquot divisors function Sanka Balasuriya Deartment of Comuting Macquarie University Sydney, SW 209, Australia sanka@ics.mq.edu.au William D. Banks Deartment
More informationA secure approach for embedding message text on an elliptic curve defined over prime fields, and building 'EC-RSA-ELGamal' Cryptographic System
International Journal of Comuter Science an Information Security (IJCSIS), Vol. 5, No. 6, June 7 A secure aroach for embeing message tet on an ellitic curve efine over rime fiels, an builing 'EC-RSA-ELGamal'
More informationAN IMPROVED BABY-STEP-GIANT-STEP METHOD FOR CERTAIN ELLIPTIC CURVES. 1. Introduction
J. Al. Math. & Comuting Vol. 20(2006), No. 1-2,. 485-489 AN IMPROVED BABY-STEP-GIANT-STEP METHOD FOR CERTAIN ELLIPTIC CURVES BYEONG-KWEON OH, KIL-CHAN HA AND JANGHEON OH Abstract. In this aer, we slightly
More informationSums of independent random variables
3 Sums of indeendent random variables This lecture collects a number of estimates for sums of indeendent random variables with values in a Banach sace E. We concentrate on sums of the form N γ nx n, where
More informationOn the normality of p-ary bent functions
Noname manuscrit No. (will be inserted by the editor) On the normality of -ary bent functions Ayça Çeşmelioğlu Wilfried Meidl Alexander Pott Received: date / Acceted: date Abstract In this work, the normality
More informationAn Investigation of Some Forward Security Properties for PEKS and IBE
An Investigation of Some Forward Security Proerties for PEKS and IBE Qiang Tang APSIA grou, SnT, University of Luxemourg 6, rue Richard Coudenhove-Kalergi, L-359 Luxemourg qiang.tang@uni.lu Astract. In
More informationPredicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products
Predicate Encrytion Suorting Disjunctions, Polynomial Equations, and Inner Products Jonathan Katz jkatz@cs.umd.edu Amit Sahai sahai@cs.ucla.edu Brent Waters bwaters@csl.sri.com Abstract Predicate encrytion
More information#A64 INTEGERS 18 (2018) APPLYING MODULAR ARITHMETIC TO DIOPHANTINE EQUATIONS
#A64 INTEGERS 18 (2018) APPLYING MODULAR ARITHMETIC TO DIOPHANTINE EQUATIONS Ramy F. Taki ElDin Physics and Engineering Mathematics Deartment, Faculty of Engineering, Ain Shams University, Cairo, Egyt
More informationPredicate Privacy in Encryption Systems
Predicate Privacy in Encrytion Systems Emily Shen MIT eshen@csail.mit.edu Elaine Shi CMU/PARC eshi@arc.com December 24, 2008 Brent Waters UT Austin bwaters@cs.utexas.edu Abstract Predicate encrytion is
More informationEfficient Cryptosystems From 2 k -th Power Residue Symbols
Published in Journal of Crytology, 30(2:519 549, 2017. Efficient Crytosystems From 2 k -th Power Residue Symbols Fabrice Benhamouda 1, Javier Herranz 2, Marc Joye 3, and Benoît Libert 4, 1 ES Paris, CRS,
More informationQUADRATIC RECIPROCITY
QUADRATIC RECIPROCITY JORDAN SCHETTLER Abstract. The goals of this roject are to have the reader(s) gain an areciation for the usefulness of Legendre symbols and ultimately recreate Eisenstein s slick
More informationEfficient Pseudorandom Generators Based on the DDH Assumption
In Public Key Cryptography PKC 07, Vol. 4450 of Lecture Notes in Computer Science, Springer-Verlag, 2007. pp. 426-441. Efficient Pseudorandom Generators Based on the DDH Assumption Reza Rezaeian Farashahi
More informationQUADRATIC RECIPROCITY
QUADRATIC RECIPROCITY JORDAN SCHETTLER Abstract. The goals of this roject are to have the reader(s) gain an areciation for the usefulness of Legendre symbols and ultimately recreate Eisenstein s slick
More informationBent Functions of maximal degree
IEEE TRANSACTIONS ON INFORMATION THEORY 1 Bent Functions of maximal degree Ayça Çeşmelioğlu and Wilfried Meidl Abstract In this article a technique for constructing -ary bent functions from lateaued functions
More information#A6 INTEGERS 15A (2015) ON REDUCIBLE AND PRIMITIVE SUBSETS OF F P, I. Katalin Gyarmati 1.
#A6 INTEGERS 15A (015) ON REDUCIBLE AND PRIMITIVE SUBSETS OF F P, I Katalin Gyarmati 1 Deartment of Algebra and Number Theory, Eötvös Loránd University and MTA-ELTE Geometric and Algebraic Combinatorics
More informationEfficient Cryptosystems From 2 k -th Power Residue Symbols
Efficient Crytosystems From k -th Power Residue Symbols Fabrice Benhamouda, Javier Herranz, Marc Joye 3, and Benoît Libert 4, ENS Paris, CNRS, INRIA, and PSL 45 rue d Ulm, 7530 Paris Cedex 06, France fabrice.benhamouda@ens.fr
More informationMultiplicative group law on the folium of Descartes
Multilicative grou law on the folium of Descartes Steluţa Pricoie and Constantin Udrişte Abstract. The folium of Descartes is still studied and understood today. Not only did it rovide for the roof of
More informationarxiv:math/ v2 [math.nt] 21 Oct 2004
SUMS OF THE FORM 1/x k 1 + +1/x k n MODULO A PRIME arxiv:math/0403360v2 [math.nt] 21 Oct 2004 Ernie Croot 1 Deartment of Mathematics, Georgia Institute of Technology, Atlanta, GA 30332 ecroot@math.gatech.edu
More informationp-adic Measures and Bernoulli Numbers
-Adic Measures and Bernoulli Numbers Adam Bowers Introduction The constants B k in the Taylor series exansion t e t = t k B k k! k=0 are known as the Bernoulli numbers. The first few are,, 6, 0, 30, 0,
More informationarxiv: v1 [cs.it] 27 May 2015
RELATIVE GENERALIZED HAMMING WEIGHTS OF CYCLIC CODES JUN ZHANG AND KEQIN FENG arxiv:1505.07277v1 [cs.it] 27 May 2015 Abstract. Relative generalized Hamming weights (RGHWs) of a linear code resect to a
More informationLinear diophantine equations for discrete tomography
Journal of X-Ray Science and Technology 10 001 59 66 59 IOS Press Linear diohantine euations for discrete tomograhy Yangbo Ye a,gewang b and Jiehua Zhu a a Deartment of Mathematics, The University of Iowa,
More informationMarch 4, :21 WSPC/INSTRUCTION FILE FLSpaper2011
International Journal of Number Theory c World Scientific Publishing Comany SOLVING n(n + d) (n + (k 1)d ) = by 2 WITH P (b) Ck M. Filaseta Deartment of Mathematics, University of South Carolina, Columbia,
More informationON LINEAR COMPLEXITY OF GENERALIZED SHRINKING-MULTIPLEXING GENERATOR
Journal of Basic and Alied Research International 4(1): 8 17, 015 O LIEAR COMPLEXITY OF GEERALIZED SHRIKIG-MULTIPLEXIG GEERATOR ZHAETA. TASHEVA 1* 1 Faculty of Artillery, AAD and CIS, ational Military
More informationExtractors and the Leftover Hash Lemma
6.889 New Developments in Cryptography March 8, 2011 Extractors and the Leftover Hash Lemma Instructors: Shafi Goldwasser, Yael Kalai, Leo Reyzin, Boaz Barak, and Salil Vadhan Lecturer: Leo Reyzin Scribe:
More informationSecure and Practical Identity-Based Encryption
Secure and Practical Identity-Based Encryption David Naccache Groupe de Cyptographie, Deṕartement d Informatique École Normale Supérieure 45 rue d Ulm, 75005 Paris, France david.nacache@ens.fr Abstract.
More informationBOUNDS FOR THE SIZE OF SETS WITH THE PROPERTY D(n) Andrej Dujella University of Zagreb, Croatia
GLASNIK MATMATIČKI Vol. 39(59(2004, 199 205 BOUNDS FOR TH SIZ OF STS WITH TH PROPRTY D(n Andrej Dujella University of Zagreb, Croatia Abstract. Let n be a nonzero integer and a 1 < a 2 < < a m ositive
More informationCryptography Assignment 3
Crytograhy Assignment Michael Orlov orlovm@cs.bgu.ac.il) Yanik Gleyzer yanik@cs.bgu.ac.il) Aril 9, 00 Abstract Solution for Assignment. The terms in this assignment are used as defined in [1]. In some
More informationAn Estimate For Heilbronn s Exponential Sum
An Estimate For Heilbronn s Exonential Sum D.R. Heath-Brown Magdalen College, Oxford For Heini Halberstam, on his retirement Let be a rime, and set e(x) = ex(2πix). Heilbronn s exonential sum is defined
More informationSQUARES IN Z/NZ. q = ( 1) (p 1)(q 1)
SQUARES I Z/Z We study squares in the ring Z/Z from a theoretical and comutational oint of view. We resent two related crytograhic schemes. 1. SQUARES I Z/Z Consider for eamle the rime = 13. Write the
More informationOn Z p -norms of random vectors
On Z -norms of random vectors Rafa l Lata la Abstract To any n-dimensional random vector X we may associate its L -centroid body Z X and the corresonding norm. We formulate a conjecture concerning the
More informationCERIAS Tech Report The period of the Bell numbers modulo a prime by Peter Montgomery, Sangil Nahm, Samuel Wagstaff Jr Center for Education
CERIAS Tech Reort 2010-01 The eriod of the Bell numbers modulo a rime by Peter Montgomery, Sangil Nahm, Samuel Wagstaff Jr Center for Education and Research Information Assurance and Security Purdue University,
More informationConvex Optimization methods for Computing Channel Capacity
Convex Otimization methods for Comuting Channel Caacity Abhishek Sinha Laboratory for Information and Decision Systems (LIDS), MIT sinhaa@mit.edu May 15, 2014 We consider a classical comutational roblem
More informationThe Twist-AUgmented technique for key exchange
The Twist-AUgmented technique for key exchange Olivier Chevassut, Pierre-Alain Fouque, Pierrick Gaudry, David Pointcheval To cite this version: Olivier Chevassut, Pierre-Alain Fouque, Pierrick Gaudry,
More informationHENSEL S LEMMA KEITH CONRAD
HENSEL S LEMMA KEITH CONRAD 1. Introduction In the -adic integers, congruences are aroximations: for a and b in Z, a b mod n is the same as a b 1/ n. Turning information modulo one ower of into similar
More informationAnalysis of some entrance probabilities for killed birth-death processes
Analysis of some entrance robabilities for killed birth-death rocesses Master s Thesis O.J.G. van der Velde Suervisor: Dr. F.M. Sieksma July 5, 207 Mathematical Institute, Leiden University Contents Introduction
More informationImproved Capacity Bounds for the Binary Energy Harvesting Channel
Imroved Caacity Bounds for the Binary Energy Harvesting Channel Kaya Tutuncuoglu 1, Omur Ozel 2, Aylin Yener 1, and Sennur Ulukus 2 1 Deartment of Electrical Engineering, The Pennsylvania State University,
More informationON THE LEAST SIGNIFICANT p ADIC DIGITS OF CERTAIN LUCAS NUMBERS
#A13 INTEGERS 14 (014) ON THE LEAST SIGNIFICANT ADIC DIGITS OF CERTAIN LUCAS NUMBERS Tamás Lengyel Deartment of Mathematics, Occidental College, Los Angeles, California lengyel@oxy.edu Received: 6/13/13,
More information2 IEICE TRANS. FUNDAMENTALS, VOL.E82 A, NO.1 JANUARY 1999 exist another trace of ellitic curves which is reduced to at most 6, seriously low, degree e
IEICE TRANS. FUNDAMENTALS, VOL.E82 A, NO.1 JANUARY 1999 1 PAPER New exlicit conditions of ellitic curve traces for FR-reduction Atsuko MIYAJI y, Member, Masaki NAKABAYASHI y, and Shunzou TAKANO yy, Nonmembers
More informationDIRICHLET S THEOREM ON PRIMES IN ARITHMETIC PROGRESSIONS. 1. Introduction
DIRICHLET S THEOREM ON PRIMES IN ARITHMETIC PROGRESSIONS INNA ZAKHAREVICH. Introduction It is a well-known fact that there are infinitely many rimes. However, it is less clear how the rimes are distributed
More informationVarious Proofs for the Decrease Monotonicity of the Schatten s Power Norm, Various Families of R n Norms and Some Open Problems
Int. J. Oen Problems Comt. Math., Vol. 3, No. 2, June 2010 ISSN 1998-6262; Coyright c ICSRS Publication, 2010 www.i-csrs.org Various Proofs for the Decrease Monotonicity of the Schatten s Power Norm, Various
More informationApplicable Analysis and Discrete Mathematics available online at HENSEL CODES OF SQUARE ROOTS OF P-ADIC NUMBERS
Alicable Analysis and Discrete Mathematics available online at htt://efmath.etf.rs Al. Anal. Discrete Math. 4 (010), 3 44. doi:10.98/aadm1000009m HENSEL CODES OF SQUARE ROOTS OF P-ADIC NUMBERS Zerzaihi
More informationAuthor(s)Emura, Keita; Miyaji, Atsuko; Omote, International Conference on Availabi Reliability and Security, ARES 492
JAIST Reosi htts://dsacej Title A Dynamic Attribute-Based Grou Sign and its Alication in an Anonymous the Collection of Attribute Statisti Author(s)Emura, Keita; Miyaji, Atsuko; Omote, Citation International
More informationOutline. EECS150 - Digital Design Lecture 26 Error Correction Codes, Linear Feedback Shift Registers (LFSRs) Simple Error Detection Coding
Outline EECS150 - Digital Design Lecture 26 Error Correction Codes, Linear Feedback Shift Registers (LFSRs) Error detection using arity Hamming code for error detection/correction Linear Feedback Shift
More informationBilinear Entropy Expansion from the Decisional Linear Assumption
Bilinear Entroy Exansion from the Decisional Linear Assumtion Lucas Kowalczyk Columbia University luke@cs.columbia.edu Allison Bisho Lewko Columbia University alewko@cs.columbia.edu Abstract We develo
More information2 Asymptotic density and Dirichlet density
8.785: Analytic Number Theory, MIT, sring 2007 (K.S. Kedlaya) Primes in arithmetic rogressions In this unit, we first rove Dirichlet s theorem on rimes in arithmetic rogressions. We then rove the rime
More information2 Asymptotic density and Dirichlet density
8.785: Analytic Number Theory, MIT, sring 2007 (K.S. Kedlaya) Primes in arithmetic rogressions In this unit, we first rove Dirichlet s theorem on rimes in arithmetic rogressions. We then rove the rime
More informationANALYTIC NUMBER THEORY AND DIRICHLET S THEOREM
ANALYTIC NUMBER THEORY AND DIRICHLET S THEOREM JOHN BINDER Abstract. In this aer, we rove Dirichlet s theorem that, given any air h, k with h, k) =, there are infinitely many rime numbers congruent to
More informationFor q 0; 1; : : : ; `? 1, we have m 0; 1; : : : ; q? 1. The set fh j(x) : j 0; 1; ; : : : ; `? 1g forms a basis for the tness functions dened on the i
Comuting with Haar Functions Sami Khuri Deartment of Mathematics and Comuter Science San Jose State University One Washington Square San Jose, CA 9519-0103, USA khuri@juiter.sjsu.edu Fax: (40)94-500 Keywords:
More informationThe Twist-AUgmented Technique for Key Exchange
The Twist-AUgmented Technique for Key Exchange Olivier Chevassut 1, Pierre-Alain Fouque 2, Pierrick Gaudry 3, and David Pointcheval 2 1 Lawrence Berkeley National Lab. Berkeley, CA, USA OChevassut@lbl.gov
More informationMATH342 Practice Exam
MATH342 Practice Exam This exam is intended to be in a similar style to the examination in May/June 2012. It is not imlied that all questions on the real examination will follow the content of the ractice
More informationEötvös Loránd University Faculty of Informatics. Distribution of additive arithmetical functions
Eötvös Loránd University Faculty of Informatics Distribution of additive arithmetical functions Theses of Ph.D. Dissertation by László Germán Suervisor Prof. Dr. Imre Kátai member of the Hungarian Academy
More informationRobust hamiltonicity of random directed graphs
Robust hamiltonicity of random directed grahs Asaf Ferber Rajko Nenadov Andreas Noever asaf.ferber@inf.ethz.ch rnenadov@inf.ethz.ch anoever@inf.ethz.ch Ueli Peter ueter@inf.ethz.ch Nemanja Škorić nskoric@inf.ethz.ch
More informationSpeeding up the Scalar Multiplication on Binary Huff Curves Using the Frobenius Map
International Journal of Algebra, Vol. 8, 2014, no. 1, 9-16 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ija.2014.311117 Speeding up the Scalar Multiplication on Binary Huff Curves Using the
More informationOn p-adic elliptic logarithms and p-adic approximation lattices
On -adic ellitic logarithms and -adic aroximation lattices Christian Wuthrich Aril 6, 006 Abstract Let E be an ellitic curve over Q and let be a rime number. Based on numerical evidence, we formulate a
More informationElliptic Curves Spring 2015 Problem Set #1 Due: 02/13/2015
18.783 Ellitic Curves Sring 2015 Problem Set #1 Due: 02/13/2015 Descrition These roblems are related to the material covered in Lectures 1-2. Some of them require the use of Sage, and you will need to
More informationk- price auctions and Combination-auctions
k- rice auctions and Combination-auctions Martin Mihelich Yan Shu Walnut Algorithms March 6, 219 arxiv:181.3494v3 [q-fin.mf] 5 Mar 219 Abstract We rovide for the first time an exact analytical solution
More informationMATH 2710: NOTES FOR ANALYSIS
MATH 270: NOTES FOR ANALYSIS The main ideas we will learn from analysis center around the idea of a limit. Limits occurs in several settings. We will start with finite limits of sequences, then cover infinite
More informationThen we characterize primes and composite numbers via divisibility
International Journal of Advanced Mathematical Sciences, 2 (1) (2014) 1-7 c Science Publishing Cororation www.scienceubco.com/index.h/ijams doi: 10.14419/ijams.v2i1.1587 Research Paer Then we characterize
More informationOn Nonlinear Polynomial Selection and Geometric Progression (mod N) for Number Field Sieve
On onlinear Polynomial Selection and Geometric Progression (mod ) for umber Field Sieve amhun Koo, Gooc Hwa Jo, and Soonhak Kwon Email: komaton@skku.edu, achimheasal@nate.com, shkwon@skku.edu Det. of Mathematics,
More informationDistributed Rule-Based Inference in the Presence of Redundant Information
istribution Statement : roved for ublic release; distribution is unlimited. istributed Rule-ased Inference in the Presence of Redundant Information June 8, 004 William J. Farrell III Lockheed Martin dvanced
More informationAdvanced Cryptography Midterm Exam
Advanced Crytograhy Midterm Exam Solution Serge Vaudenay 17.4.2012 duration: 3h00 any document is allowed a ocket calculator is allowed communication devices are not allowed the exam invigilators will
More informationSets of Real Numbers
Chater 4 Sets of Real Numbers 4. The Integers Z and their Proerties In our revious discussions about sets and functions the set of integers Z served as a key examle. Its ubiquitousness comes from the fact
More informationDISCRIMINANTS IN TOWERS
DISCRIMINANTS IN TOWERS JOSEPH RABINOFF Let A be a Dedekind domain with fraction field F, let K/F be a finite searable extension field, and let B be the integral closure of A in K. In this note, we will
More informationAn Overview of Witt Vectors
An Overview of Witt Vectors Daniel Finkel December 7, 2007 Abstract This aer offers a brief overview of the basics of Witt vectors. As an alication, we summarize work of Bartolo and Falcone to rove that
More informationTowards understanding the Lorenz curve using the Uniform distribution. Chris J. Stephens. Newcastle City Council, Newcastle upon Tyne, UK
Towards understanding the Lorenz curve using the Uniform distribution Chris J. Stehens Newcastle City Council, Newcastle uon Tyne, UK (For the Gini-Lorenz Conference, University of Siena, Italy, May 2005)
More informationCombinatorics of topmost discs of multi-peg Tower of Hanoi problem
Combinatorics of tomost discs of multi-eg Tower of Hanoi roblem Sandi Klavžar Deartment of Mathematics, PEF, Unversity of Maribor Koroška cesta 160, 000 Maribor, Slovenia Uroš Milutinović Deartment of
More informationGENERICITY OF INFINITE-ORDER ELEMENTS IN HYPERBOLIC GROUPS
GENERICITY OF INFINITE-ORDER ELEMENTS IN HYPERBOLIC GROUPS PALLAVI DANI 1. Introduction Let Γ be a finitely generated grou and let S be a finite set of generators for Γ. This determines a word metric on
More informationExamples from Elements of Theory of Computation. Abstract. Introduction
Examles from Elements of Theory of Comutation Mostafa Ghandehari Samee Ullah Khan Deartment of Comuter Science and Engineering University of Texas at Arlington, TX-7609, USA Tel: +(87)7-5688, Fax: +(87)7-784
More informationReal Analysis 1 Fall Homework 3. a n.
eal Analysis Fall 06 Homework 3. Let and consider the measure sace N, P, µ, where µ is counting measure. That is, if N, then µ equals the number of elements in if is finite; µ = otherwise. One usually
More informationOn Isoperimetric Functions of Probability Measures Having Log-Concave Densities with Respect to the Standard Normal Law
On Isoerimetric Functions of Probability Measures Having Log-Concave Densities with Resect to the Standard Normal Law Sergey G. Bobkov Abstract Isoerimetric inequalities are discussed for one-dimensional
More information#A47 INTEGERS 15 (2015) QUADRATIC DIOPHANTINE EQUATIONS WITH INFINITELY MANY SOLUTIONS IN POSITIVE INTEGERS
#A47 INTEGERS 15 (015) QUADRATIC DIOPHANTINE EQUATIONS WITH INFINITELY MANY SOLUTIONS IN POSITIVE INTEGERS Mihai Ciu Simion Stoilow Institute of Mathematics of the Romanian Academy, Research Unit No. 5,
More informationQuantum and Classical Coin-Flipping Protocols based on Bit-Commitment and their Point Games
Quantum and Classical Coin-Fliing Protocols based on Bit-Commitment and their Point Games Ashwin Nayak, Jamie Sikora, Levent Tunçel Follow-u work to a aer that will aear on the arxiv on Monday Berkeley
More informationDECIMATIONS OF L-SEQUENCES AND PERMUTATIONS OF EVEN RESIDUES MOD P
DECIMATIONS OF L-SEQUENCES AND PERMUTATIONS OF EVEN RESIDUES MOD P JEAN BOURGAIN, TODD COCHRANE, JENNIFER PAULHUS, AND CHRISTOPHER PINNER Abstract. Goresky and Klaer conjectured that for any rime > 13
More information