STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Zero-knowledge proofs of identity and veracity of transaction receipts
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Intractable problems in number theory (invited talk)
CRYPTO '88 Proceedings on Advances in cryptology
Can O.S.S. be repaired?: proposal for a new practical signature scheme
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Signature Schemes Based on 3rd Order Shift Registers
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Weakness in Quaternion Signatures
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Attacks on the Birational Permutation Signature Schemes
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
On the Length of Cryptographic Hash-Values Used in Identification Schemes
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
How to Break Shamir's Asymmetric Basis
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
A Twin Algorithm for Efficient Generation of Digital Signatures
INDOCRYPT '01 Proceedings of the Second International Conference on Cryptology in India: Progress in Cryptology
Efficient solution of rational conics
Mathematics of Computation
Cryptanalysis of Patarin's 2-round public key system with S boxes (2R)
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Spreading alerts quietly and the subgroup escape problem
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Hi-index | 754.84 |
The equation of the title arose in the proposed signature scheme of Ong-Schnorr-Shamir. The large integersn, kandmare given and we are asked to find any solutionx, y. It was believed that this task was of similar difficulty to that of factoring the modulusn;we show that, on the contrary, a solution can easily be found ifkandmare relatively prime ton. Under the assumption of the generalized Riemann hypothesis, a solution can be found by a probabilistic algorithm inO(log n)^{2}|loglog|k||)arithmetical steps onO(log n)-bit integers. The algorithm can be extended to solve the equationX^{2} + KY^{2} = M pmod{n}for quadratic integersK, M in {bf Z}[sqrt{d}]and to solve in integers the equationx^{3} + ky_{3} + k^{2}z^{3} - 3kxyz = m pmod{n}.