Imaginary quadratic orders with given prime factor of class number



Similar documents
SOME PROPERTIES OF EXTENSIONS OF SMALL DEGREE OVER Q. 1. Quadratic Extensions

15. Symmetric polynomials

Logics preserving degrees of truth from varieties of residuated lattices

Continued Fractions and the Euclidean Algorithm

Zero: If P is a polynomial and if c is a number such that P (c) = 0 then c is a zero of P.

Chapter 13: Basic ring theory

Quotient Rings and Field Extensions

Lecture 5 Principal Minors and the Hessian

Mathematics. ( : Focus on free Education) (Chapter 5) (Complex Numbers and Quadratic Equations) (Class XI)

minimal polyonomial Example

A number field is a field of finite degree over Q. By the Primitive Element Theorem, any number

a 1 x + a 0 =0. (3) ax 2 + bx + c =0. (4)

JUST THE MATHS UNIT NUMBER 1.8. ALGEBRA 8 (Polynomials) A.J.Hobson

Inner Product Spaces

SAT Math Facts & Formulas

FACTORING AFTER DEDEKIND

How To Prove The Dirichlet Unit Theorem

Elementary Number Theory and Methods of Proof. CSE 215, Foundations of Computer Science Stony Brook University

Number Theory Naoki Sato

CHAPTER SIX IRREDUCIBILITY AND FACTORIZATION 1. BASIC DIVISIBILITY THEORY

PUTNAM TRAINING POLYNOMIALS. Exercises 1. Find a polynomial with integral coefficients whose zeros include

4.1. COMPLEX NUMBERS

a 11 x 1 + a 12 x a 1n x n = b 1 a 21 x 1 + a 22 x a 2n x n = b 2.

Vector and Matrix Norms

As we have seen, there is a close connection between Legendre symbols of the form

MATH PROBLEMS, WITH SOLUTIONS

SOME PROPERTIES OF SYMBOL ALGEBRAS OF DEGREE THREE

GRE Prep: Precalculus

United Arab Emirates University College of Sciences Department of Mathematical Sciences HOMEWORK 1 SOLUTION. Section 10.1 Vectors in the Plane

4. How many integers between 2004 and 4002 are perfect squares?

ABSTRACT ALGEBRA: A STUDY GUIDE FOR BEGINNERS

Pythagorean Triples and Rational Points on the Unit Circle

Math Review. for the Quantitative Reasoning Measure of the GRE revised General Test

α = u v. In other words, Orthogonal Projection

4. BINARY QUADRATIC FORMS

Chapter 17. Orthogonal Matrices and Symmetries of Space

Lectures on the Dirichlet Class Number Formula for Imaginary Quadratic Fields. Tom Weston

TOPOLOGICAL DESIGN OF MULTIPLE VPNS OVER MPLS NETWORK Anotai Srikitja David Tipper

Unique Factorization

ECE 842 Report Implementation of Elliptic Curve Cryptography

CONTENTS 1. Peter Kahn. Spring 2007

1 = (a 0 + b 0 α) (a m 1 + b m 1 α) 2. for certain elements a 0,..., a m 1, b 0,..., b m 1 of F. Multiplying out, we obtain

7. Some irreducible polynomials

FACTORING IN QUADRATIC FIELDS. 1. Introduction. This is called a quadratic field and it has degree 2 over Q. Similarly, set

Copy in your notebook: Add an example of each term with the symbols used in algebra 2 if there are any.

Notes on Determinant

SYSTEMS OF PYTHAGOREAN TRIPLES. Acknowledgements. I would like to thank Professor Laura Schueller for advising and guiding me

SAT Math Must-Know Facts & Formulas

Factoring Polynomials and Solving Quadratic Equations

QUADRATIC EQUATIONS EXPECTED BACKGROUND KNOWLEDGE

Section 4.4 Inner Product Spaces

ASYMPTOTIC DIRECTION FOR RANDOM WALKS IN RANDOM ENVIRONMENTS arxiv:math/ v2 [math.pr] 11 Dec 2007

1 Gambler s Ruin Problem

3 1. Note that all cubes solve it; therefore, there are no more

How To Understand The Relation Between Quadratic And Binary Forms

Measuring relative phase between two waveforms using an oscilloscope

Factoring of Prime Ideals in Extensions

Linear Algebra I. Ronald van Luijk, 2012

P. Jeyanthi and N. Angel Benseera

Unified Lecture # 4 Vectors

Complex Conjugation and Polynomial Factorization

Zeros of a Polynomial Function

University of Lille I PC first year list of exercises n 7. Review

CONTINUED FRACTIONS AND PELL S EQUATION. Contents 1. Continued Fractions 1 2. Solution to Pell s Equation 9 References 12

Lecture 4: Partitioned Matrices and Determinants

SOME EXAMPLES OF INTEGRAL DEFINITE QUATERNARY QUADRATIC FORMS WITH PRIME DISCRIMINANT KI-ICHIRO HASHIMOTO

I. GROUPS: BASIC DEFINITIONS AND EXAMPLES

Factoring Polynomials

TOPIC 4: DERIVATIVES

Modern Algebra Lecture Notes: Rings and fields set 4 (Revision 2)

Factoring of Prime Ideals in Galois Extensions

MATRIX ALGEBRA AND SYSTEMS OF EQUATIONS. + + x 2. x n. a 11 a 12 a 1n b 1 a 21 a 22 a 2n b 2 a 31 a 32 a 3n b 3. a m1 a m2 a mn b m

1 Homework 1. [p 0 q i+j p i 1 q j+1 ] + [p i q j ] + [p i+1 q j p i+j q 0 ]

Lecture 13 - Basic Number Theory.

Factorization Methods: Very Quick Overview

MATH 304 Linear Algebra Lecture 20: Inner product spaces. Orthogonal sets.

Lecture 21 and 22: The Prime Number Theorem

SIMPLE MODELS OF TRANSMISSION LINE IN MATHCAD ENVIROMENTS PROSTE MODELE LINII DŁUGIEJ W ŚRODOWISKU MATHCAD

26 Ideals and Quotient Rings

Lecture L3 - Vectors, Matrices and Coordinate Transformations

More Properties of Limits: Order of Operations

6 EXTENDING ALGEBRA. 6.0 Introduction. 6.1 The cubic equation. Objectives

Introduction to Matrix Algebra

MATH Fundamental Mathematics IV

SOLUTIONS FOR PROBLEM SET 2

TRANSCENDENTAL NUMBERS

Number Theory Naoki Sato

MATH 423 Linear Algebra II Lecture 38: Generalized eigenvectors. Jordan canonical form (continued).

ILP Formulation and K-Shortest Path Heuristic for the RWA Problem with Allocation of Wavelength Converters

Undergraduate Notes in Mathematics. Arkansas Tech University Department of Mathematics

Matrix Algebra. Some Basic Matrix Laws. Before reading the text or the following notes glance at the following list of basic matrix algebra laws.

Polynomials. Jackie Nicholas Jacquie Hargreaves Janet Hunter

3. INNER PRODUCT SPACES

k, then n = p2α 1 1 pα k

Geometric Transformations

1 VECTOR SPACES AND SUBSPACES

COMMUTATIVE RINGS. Definition: A domain is a commutative ring R that satisfies the cancellation law for multiplication:

Transcription:

Imaginary quadratic orders with given rime factor of cass number Aexander Rostovtsev, St. Petersburg State Poytechnic University, rostovtsev@ss.stu.neva.ru Abstract Abeian cass grou C(D) of imaginary quadratic order with odd squarefree discriminant D is used in ubic key crytosystems, based on discrete ogarithm robem in cass grou and in crytosystems, based on isogenies of eitic curves. Discrete ogarithm robem in C(D) is hard if #C(D) is rime or has arge rime divisor. But no agorithms for generating such D are known. We roose robabiistic agorithm that gives discriminant of imaginary quadratic order with subgrou of given rime order. Agorithm is based on roerties of Hibert cass fied oynomia H D for eitic curve E( ) over fied of eements. Let trace of Frobenius endomorhism is T, discriminant of Frobenius endomorhism D = T 4 and je ( ( )). Then deg(h D ) = #C(O D ) and #C(D) 0 (mod ). If Diohantine equation D = T 4 with variabes < O( 4 D ), rime and T has soution ony for = 1, then cass number is rime. 1. Cass grou of imaginary quadratic order Let a, b, c and Q = (a, b, c) = {ax + bxy + cy } integra quadratic form of discriminant D = b 4ac. Form Q is ositive definite if D < 0 and a > 0. If variabes x, y run through, Q runs through subset of. Equivaent forms have equa sets of vaues (ossiby ermuted). It is sufficient to consider forms with (a, b, c) = 1, D is not erfect square and a > 1. If Q is ositive definite form, then Q(x, y) 0 and Q = 0 if and ony if x = 0 and y = 0. A considered forms are ositive definite. Equivaent forms have the same discriminant. Equivaence artitions set of forms with given discriminant into finite set of casses. For given D air (a, b) b D cometey defines the quadratic form: c =. 4a Product of integra matrices is integra matrix. Such matrix is invertibe if and ony if its discriminant is ±1. Matrix grou with integra eements contains subgrou SL ( ) with discriminant 1. Infinite grou SL ( ) is generated by ( ) matrices 0 1 ( ) S = 1 0 and 1 1 ( ) T = 0 1, n 1 n 0 1 T = for n. Forms (a, b, c) = {ax + bxy + cy } and (a, b, c ) = {a u + b uv + c v } are x equivaent if and ony if there exists matrix L SL ( ) such that ( ) = L u y ( v). Mutiying vector by matrix can be considered as transformation of coefficients

of the form. Aying matrices S, T to given ositive definite form, one can obtain uniquey defined reduced quadratic form (a, b, c) with roerties 1. 0 < a c;. a < b a; 3. if a = c then b > 0. Let D < 0 is discriminant of quadratic form. Define comex number ξ= D 1+ D for D 0 (mod 4) and ξ= for D 3 (mod 4). Imaginary quadratic order O D of discriminant D is ring [ξ]. Joining those two cases, we can write D+ D OD =. Fieds of fractions for quadratic orders of discriminant D and f D for integer conductor f are the same, but O O. Hence there exists maxima quadratic order for given fied of fractions. Order with squarefree discriminant is maxima. Idea of quadratic order is subset A O D such that if α, β A, then α ± β A, and αx A for arbitrary x O D. Idea A O D defines quotient ring O D /A, it is finite if A (0). Norm N(A) of nonzero idea A is #O D /A. Norm is the smaest ositive integer contained in A. Idea (α) = αo D for α O D is rincia. Generay idea of quadratic order is generated by two eements: A = a + (b + ξ), where a, b and there exists such c, that b 4ac = D. So there is one-to-one corresondence between non-zero ideas of O D and quadratic forms of discriminant D. We use short designation A = (a, b) instead of A = a + (b + ξ). N(a, b) = a. Set of ideas admits commutative and associative mutiication: (a + (b + ξ))(c + (d + ξ)) = ac + c (b + ξ) + a (d + ξ) + (b + ξ)(d + ξ)) (idea in the right side of the equation is generated by at most two eements). So set of ideas of order O D form commutative monoid with identity O D = (1). Norm of idea is mutiicative function: N(AB) = N(A)N(B). If idea cannot be reresented as roduct of two roer ideas, it is rime. Hence ideas with rime norm are the rime ones. Generay ring O D does not ossess unique factorization, for exame, 1= 37 = (1+ 0)(1 0) because rime idea is not necessary rincia. But each idea can be uniquey reresented as roduct of rime ideas, so O D is Dedekind domain. So (3) = (3,1+ 1)(3,1 1), (7) = (7,1+ 1)(7,1 1), (1+ 1) = (3,1+ 1)(7,1+ 1), (1 1) = (3,1 1)(7,1 1). D f D

Define idea equivaence: A B, if there exists air of non-zero quadratic integers α, β O D such that αa = βb. Hence a rincia non-zero ideas are equivaent. Equivaence artitions set of ideas into casses. Each cass can be reresented by reduced idea with the smaest norm. Equivaence of ideas corresonds to equivaence of quadratic forms, and there is bijection between reduced quadratic forms and reduced ideas. Mutiication of ideas induces mutiication in set of casses, and this set is Abeian grou C(D). Its identity eement is idea (1, 1) for odd D and (1, 0) for even D. If A is idea then A #C(D) is rincia idea. Reduced quadratic form (a, b, c) corresonds to idea (a, b) and has inverse (a, b, c) ony if a 1 and a c, otherwise (a, b) 1 = (a, b). Case a = 1 corresonds to identity in cass grou. In the case a = c quadratic form (a, b, a) has order two in cass grou. Notice that form (a, b, a) is ossibe if its discriminant D = b 4a = (b + a)(b a) is roduct of different integers (b a ±1 since a < b a). So cass number #C(D) is odd if D is rime or degree of rime. Imaginary quadratic orders have #C(D) = 1 for D {3, 4, 7, 8, 11, 1, 16, 19, 7, 8, 43, 67, 163}. There are no known effective agorithms for comuting #C(D). There exists estimation #C( D) = O( D ) and exicit formua for #C(D) as sum of infinite Dirichet s series. D. Shanks resented agorithm for comuting cass number with two stages. 1. Find aroximation for #C(D) and estimate search interva.. Search the cass number using giant ste baby ste agorithm. Exeriments show that artia sum S n of n first terms of Dirichet s series is #C( D) S near to #C(D) (error n is near to ogn #C( D) n ). So for n= O( 6 D ) comexity of each stage is O( 6 D ) and the whoe comexity is O( 6 D ). Any idea is roduct of rime ideas. Probabiity that an idea has rime divisor with sma norm is more than robabiity that rime divisor has arge norm. So we can take set of rime ideas with sma norms and try to reresent an idea as roduct of taken rime ideas. This eads to subexonentia agorithm for comuting cass number with comexity O(ex( c n D nn D ) [].. Moduar functions, eitic curves and cass fied oynomia Let L = ω 1 + ω be a attice in comex ane with basis [ω 1, ω ], Im(ω /ω 1 ) > 0. Then there exists quotient grou /L. Define equivaent attices: L M, if L = αm for some α *. Two attices with bases [ω 1, ω ] and [ω 1, ω ω ] coincide if and ony if a b = ( c d) 1 ω1 ω ω, a b ( c d) SL ( ). Due to

equivaence, attice can be defined by singe arameter τ: L = + τ, Im(τ) > 0. Matrix transforms arameter τ: a b ( ) () aτ+ b τ =. c d c τ+ d Since grou SL ( ) is generated by matrices S, T, arbitrary attice can be transformed to equivaent attice so that 1/ < Re(τ) 1/, Re(τ) + Im(τ) 1, 3 Im( τ). Moduar function f is defined as meromorhic function of comex variabe aτ+ b τ, that mas uer haf ane to ane so that f() τ = f for any cτ+ d matrix a b ( ) SL ( ) c d. Moduar functions for given attice form subfied in fied ((τ)) of meromorhic functions. In ractice for seeding-u the convergence of Laurent series for moduar function, usuay Fourier transform q = e πiτ is used instead of τ. The simest moduar function is j(q) = q 1 + 744 + ((q)) Laurent series with integer coefficients. Any moduar function is rationa function of j(q). Hence comex number j(τ) defines attice u to equivaence. Eitic curve E(K): Y Z + a 1 XYZ + a 3 YZ = X 3 + a X Z + a 4 XZ + a 6 Z 3 is set of oints (X, Y, Z) K\(0, 0, 0), satisfying this equations under equivaence (X, Y, Z) = (ux, uy, uz) for any u 0 and there is no oint on eitic curve such that a three artia derivatives are zero. Eitic curve oints form Abeian grou under addition with zero eement P = (0, 1, 0). Eitic X curve isomorhism can be defined as mutiication L Y, where matrix L is Z invertibe over K. Eitic curve over agebraicay cosed fied u to isomorhism can be determined by its invariant j K(a 1, a, a 3, a 4, a 6 ). If K =, then eitic curve as Abeian grou is isomorhic to quotient grou /L for some attice L, so there is bijection between attices and eitic curves. Eitic curve isomorhism corresonds to attice equivaence and eitic curve invariant j is the image of attice invariant j(τ) in fied K (this is ossibe ony if τ is eement of imaginary quadratic fied [3]). If fied characteristic is, then inear change of variabes gives a 1 0 or a 3 0 (but not both of them). If a 1 = 0, then j = 0. In crytograhic aications eitic curve E( ) is considered over finite fied of eements, 1. Frobenius ma π (,, ) XYZ = ( X, Y, Z )

kees the eitic curve equations, kees a oints over fied other oints (over agebraic cosure of fied and changes ). Frobenius ma satisfies equation π Tπ + = 0, where T is trace and D = T 4 < 0 is discriminant of this ma. Twisted curves have traces with the same absoute vaue and different signs. Number of eitic curve oints E( ) is finite and equas # E( ) = + 1 T. Discriminant D u to sign determines T and hence determines # E( ). D+ D Let OD = is imaginary quadratic order for given discriminant D of Frobenius ma, #C(D) is its cass number and {(a i, b i, c i )}, 1 i h D is set of reduced quadratic forms (or set of reduced ideas in cass grou). Let bi + D τ i =. Function j(τ) can be comuted with sma error for a i as artia a i sum of Laurent series. Irreducibe over (and [ D] ) Hibert cass fied oynomia is defined as # C( D) HD( X) = ( X j( τi)) [ X]. i= 1 Its roots are agebraic integers. Joining the root j of H D to or to [ D] gives fied extensions of the same degree, and [ D, j] is cass fied maxima unramified Abeian extension. Eitic curve over rime finite fied with trace T u to isomorhism and u to twisted curve is determined by its invariant j as a root of H D (X) (mod ). So to find j-invariant one needs comuting D, C(D), H D (X), factoring H D (X) (mod ) and taking a root as required j-invariant. This is common method for eitic curve generation with given and T. Theorem 1. Let is rime, is rime or degree of rime, and cass fied oynomia has no roots in. Eitic curve with j \ and Frobenius discriminant D = T 4 exists if cass number #C(D) has factor. Proof. Let q =, is rime or degree of rime. If cass fied oynomia H D (X) has a root j in, then H D (X) factors cometey over and there exists eitic curve E( ) with invariant j and Frobenius discriminant D = T 4. Back, if there is eitic curve E( ) with Frobenius discriminant D, then its invariant is a root of oynomia H D (X). Hence cass fied oynomia sits

cometey over. Since, cass fied oynomia gives searabe extension of fied of characteristic. Notice that if is rime and cass fied oynomia sits over, it may sit aready over rime fied. Then j and cass number ossiby has no factor. Theorem 1 can be exained in terms of quadratic orders. If D = T 4 then T + D T D we have factorization =. Reduction moduo gives D existence of D (mod ), so = 1. Idea ( ) sits as roduct of two rincia ideas. Hence idea () aso sits in O D as roduct of two rime ideas. Its factors can be rincia or not. Any idea owered by cass number becomes rincia. If factors of idea () are not rincia and is rime, then divides cass number. 3. Cass grou with subgrou of given rime order Cass grou of imaginary quadratic order is used in ubic key crytosystems of two tyes. The first one is based on discrete ogarithm robem directy in cass grou [1]. The second one is based on comuting isogenies between eitic curves [5] (number of ossibe j-invariants divides cass number for Frobenius discriminant). If cass number has argest rime divisor r, then comexity of comuting discrete ogarithms in cass grou does not exceed O( r ) due to Poard s agorithm [4]. So in crytograhic aications it is ikey that cass number is arge rime or it has arge rime divisor. To construct digita signature agorithm, simiar to DSS, it is necessary to comute rime cass number or its arge rime divisor. But there are no known effective methods for rime D to recognize rimaity of cass number. It is known that if D = f D, discriminant D has cass number 1, conductor f is odd D rime, then #C( D) = f f, where D is Jacobi symbo. So one can f f ± 1 obtain required rime divisor of grou order as =. But it is hard to find squarefree discriminant with given rime factor of cass number. Assume that cass fied oynomia has a root j, i.e. je ( ( )) for rime. Then Frobenius automorhism π 1 (x, y) = (x, y ) satisfies equation π 1 T 1 π 1 + = 0 with discriminant D 1 = T 1 4. Let αα, be roots of the equation. Then #E( ) = + 1 α α and # E( ) = + 1 α α. Frobenius ma

π ( xy, ) = ( x, y ) has discriminant D= ( α +α ) 4. According to theorem 1 imaginary quadratic order O D may have cass number with no factor. If is sma, set of ossibe traces T 1 is sma too. So it is not hard to test whether D has reresentation Exame 1. Consider eitic curve D= ( α +α ) 4. E( ) y + xy = x 3 + a x + a 6 (a, a 6 0), with invariant j = a 1 6, ma a a + 1 gives the twisted curve. If P = (x, y) E( ), then P = (x, x + y). Hence P = P if and ony if x = 0. Point (0, y) of order aways exists and corresonds equation y = a 6, 1 a y=. Point of order 4 exists, if equation P = (0, y) is sovabe for 6 E( ). For P = (u, v) we have equation λ u + v + λ + a = 0, λ=. This equation is u sovabe if and ony if a = 0. Notice that eitic curve E 1 ( ): y + xy = x 3 + a x +1 has oints if a = 1 and has 4 oints if a = 0, its Frobenius trace is ±1. Hence the curve E( ) has subgrou isomorhic to curve E 1 ( ) with the same a. Frobenius discriminant D = T 4 for curve E( ) is odd if trace T is odd. Let q = 11, T = 55, # E( 11) = q + 1 T = 1994 = 997, D = T 4q = 5167 is rime, #C(D) = 33. Comuting Hibert cass fied oynomia and reduction its coefficients moduo gives: H D = 1 + X + X 3 + X 5 + X 6 + X 7 + X 8 + X 9 + X 1 + X 13 + X 16 + X 1 + X 3 + X 6 + X 7 + X 9 + X 31 + X 33. Its factorization over is H D = (1 + X + X 4 + X 6 + X 7 + X 9 + X 11 )(1 + X + X 3 + X 4 + X 5 + X 7 + X 8 + X 10 + X 11 )(1 + X + X 4 + X 6 + X 9 + X 10 + X 11 ). A irreducibe divisors of cass fied oynomia over rime fied have degree 11 and factor cometey over fied 11. For discriminant D = T 4 11 cass number has factor 11. Simiary for any odd T = 1, 3,, 89 (T = 89 is maximum that gives D < 0) cass number has factor 11. Conversion of theorem 1 gives robabiistic agorithm that generates imaginary quadratic order with given rime factor of cass number. Agorithm 1. (Comutes discriminant of imaginary quadratic order that robaby has cass number with given rime factor ). 1. Choose sma rime (for exame, = ), comute D = T 4 < 0 for integer T reativey rime to. If =, then T must be odd.

. Find a eitic curves over and corresonding traces T 1 of Frobenius automorhisms π 1 (x, y) = (x, y ). Find roots αα, of corresonding equations for π 1. 3. For a different absoute traces T 1 test that D + 1 α α. 4. Return: D. Agorithm 1 gives true resut if there exists eitic curve E( ) with given trace T (this existence is not tested). And resut can be wrong if there is no such eitic curve. But if is sufficienty arge, robabiity of mistake is negigiby sma. Notice that D growths as exonentia of. So obtained discriminant for arge can be extremey arge. Exame. Discriminant D = 4540459391 = 97184015999 4 71 gives cass number 5 53 71, D = 3981659711 = 496033999 4 67 gives cass number 5 3 19 67. From theorem 1 we deduce Coroary. Let D < 0 is rime. Assume that exonentia Diohantine equation D = T 4 with three variabes,, T and rime, for < O( 4 D ) has soution ony for = 1. Then cass number #C(D) is rime. Proof. #C( D) = O( D ). If #C(D) is comosite, it has factor < #C( D) and there exists eitic curve E( ) with required Frobenius discriminant D = T 4. But Diohantine equation has no such soutions, so cass number must be rime. This agorithm can be used to deduce whether imaginary quadratic order has non-rime cass number: if reresentation D = T 4 for arge D exists, then cass number is robaby comosite and has factor. This observation can simify comutation of cass number with Shanks agorithm. Agorithm 1 can be generaized. Quadratic order O D has idea with norm if there exists quadratic form (, b, c) with discriminant D. So we have b 4 c = D. This idea is rincie if there exists reresentation 4 = A DB for integers A, B. Hence instead of equation D = T 4 we can consider equation D = T 4 S for integer S. Here again D is a square moduo. References 1. J. Buchmann and H. Wiiams. A key-exchange system based on imaginary quadratic fieds // Journa of Crytoogy, v. 1, 1988,. 107 118.

. H. Cohen. A Course in Comutationa Agebraic Number Theory, Sringer Verag, 1993. 3. S. Lang. Eitic functions, Sringer Verag, 1987. 4. J. Poard. Monte Caro methods for index comutation (mod ) // Mathematics of Comutation, v. 3, 1978,. 918 94. 5. A. Rostovtsev and A. Stobunov. Pubic key crytosystem based on isogenies // Crytoogy e-rint archive, reort 006/145, 006.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information