An efficient solution of the congruence x2+ky2=m (modn)

Authors:
John M. Pollard;Claus P. Schnorr
Affiliations:
-;Univ. Frankfurt, Frankfurt, W. Germany
Venue:
IEEE Transactions on Information Theory
Year:
1987

Citing 0
Cited 15

Simple algebras are difficult

STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Zero-knowledge proofs of identity and veracity of transaction receipts

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Intractable problems in number theory (invited talk)

CRYPTO '88 Proceedings on Advances in cryptology
Can O.S.S. be repaired?: proposal for a new practical signature scheme

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Signature Schemes Based on 3rd Order Shift Registers

ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Weakness in Quaternion Signatures

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Attacks on the Birational Permutation Signature Schemes

CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
On the Length of Cryptographic Hash-Values Used in Identification Schemes

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
How to Break Shamir's Asymmetric Basis

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
A Twin Algorithm for Efficient Generation of Digital Signatures

INDOCRYPT '01 Proceedings of the Second International Conference on Cryptology in India: Progress in Cryptology
Efficient solution of rational conics

Mathematics of Computation
Cryptanalysis of Patarin's 2-round public key system with S boxes (2R)

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Spreading alerts quietly and the subgroup escape problem

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
A security analysis of uniformly-layered rainbow: revisiting sato-araki's non-commutative approach to ong-schnorr-shamir signature towards post quantum paradigm

PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography

Quantified Score

Hi-index	754.84

Visualization

Abstract

The equation of the title arose in the proposed signature scheme of Ong-Schnorr-Shamir. The large integersn, kandmare given and we are asked to find any solutionx, y. It was believed that this task was of similar difficulty to that of factoring the modulusn;we show that, on the contrary, a solution can easily be found ifkandmare relatively prime ton. Under the assumption of the generalized Riemann hypothesis, a solution can be found by a probabilistic algorithm inO(log n)^{2}|loglog|k||)arithmetical steps onO(log n)-bit integers. The algorithm can be extended to solve the equationX^{2} + KY^{2} = M pmod{n}for quadratic integersK, M in {bf Z}[sqrt{d}]and to solve in integers the equationx^{3} + ky_{3} + k^{2}z^{3} - 3kxyz = m pmod{n}.