James McKee

Ordinary abelian varieties having small embedding degree

Miyaji, Nakabayashi and Takano (MNT) gave families of group orders of ordinary elliptic curves with embedding degree suitable for pairing applications. In this paper we generalise their results by giving families corresponding to non-prime group orders. We also consider the case of ordinary abelian varieties of dimension 2. We give families of group orders with embedding degrees 5, 10 and 12.

Tunable balancing of RSA

We propose a key generation method for RSA moduli which allows the cost of the public operations (encryption/verifying) and the private operations (decryption/signing) to be balanced according to the application requirements. Our method is a generalisation of using small public exponents and small Chinese remainder (CRT) private exponents. Our results are most relevant in the case where the cost of private operations must be optimised. We give methods for which the cost of private operations is the same as the previous fastest methods, but where the public operations are significantly faster. The paper gives an analysis of the security of keys generated by our method, and a new birthday attack on low Hamming-weight private exponents.

The Probability that the Number of Points on an Elliptic Curve over a Finite Field is Prime

The paper gives a formula for the probability that a randomly chosen elliptic curve over a finite field has a prime number of points. Two heuristic arguments in support of the formula are given as well as experimental evidence. The paper also gives a formula for the probability that a randomly chosen elliptic curve over a finite field has kq points where k is a small number and q is a prime.

Salem Numbers, Pisot Numbers, Mahler Measure, and Graphs

We use graphs to define sets of Salem and Pisot numbers and prove that the union of these sets is closed, supporting a conjecture of Boyd that the set of all Salem and Pisot numbers is closed. We find all trees that define Salem numbers. We show that for all integers n the smallest known element of the nth derived set of the set of Pisot numbers comes from a graph. We define the Mahler measure of a graph and find all graphs of Mahler measure less than ½ (1+√5). Finally, we list all small Salem numbers known to be definable using a graph.

There are Salem Numbers of Every Trace

We show that there are Salem numbers of every trace. The nontrivial part of this result is for Salem numbers of negative trace. The proof has two main ingredients. The first is a novel construction, using pairs of polynomials whose zeros interlace on the unit circle, of polynomials of specified negative trace having one factor a Salem polynomial, with any other factors being cyclotomic. The second is an upper bound for the exponent of a maximal torsion coset of an algebraic torus in a variety defined over the rationals. This second result, which may be of independent interest, enables us to refine our construction to avoid getting cyclotomic factors, giving a Salem polynomial of any specified trace, with a trace-dependent bound for its degree. We show also how our interlacing construction can be easily adapted to produce Pisot polynomials, giving a simpler, and more explicit, construction for Pisot numbers of arbi- trary trace than previously known.

Speeding Fermat's factoring method

A factoring method is presented which, heuristically, splits composite n in O(n 1/4+ ∈) steps. There are two ideas: an integer approximation to √(q/p) provides an O(n 1/2+ ∈) algorithm in which n is represented as the difference of two rational squares; observing that if a prime m divides a square, then m 2 divides that square, a heuristic speed-up to O(n 1/4+ ∈) steps is achieved. The method is well-suited for use with small computers: the storage required is negligible, and one never needs to work with numbers larger than n itself.

Salem Numbers of Trace -2 and Traces of Totally Positive Algebraic Integers

Until recently, no Salem numbers were known of trace below -1. In this paper we provide several examples of trace -2, including an explicit infinite family. We establish that the minimal degree for a Salem number of trace -2 is 20, and exhibit all Salem numbers of degree 20 and trace -2. Indeed there are just two examples.

Subtleties in the Distribution of the Numbers of Points on Elliptic Curves Over a Finite Prime Field

Three questions concerning the distribution of the numbers of points on elliptic curves over a finite prime field are considered. First, the previously published bounds for the distribution are tightened slightly. Within these bounds, there are wild fluctuations in the distribution, and some heuristics are discussed (supported by numerical evidence) which suggest that numbers of points with no large prime divisors are unusually prevalent. Finally, allowing the prime field to vary while fixing the field of fractions of the endomorphism ring of the curve, the order of magnitude of the average order of the number of divisors of the number of points is determined, subject to assumptions about primes in quadratic progressions. There are implications for factoring integers by Lenstra’s elliptic curve method. The heuristics suggest that (i) the subtleties in the distribution actually favour the elliptic curve method, and (ii) this gain is transient, dying away as the factors to be found tend to infinity.

Constructing

An n-ary k-radius sequence is a finite sequence of elements taken from an alphabet of size n such that any two distinct elements of the alphabet occur within distance k of each other somewhere in the sequence. These sequences were introduced by Jaromczyk and Lonc to model a caching strategy for computing certain functions on large data sets such as medical images. Let f_k(n) be the shortest length of any k-radius sequence. We improve on earlier estimates for f_k(n) by using tilings and logarithms. The main result is that f_k(n) ~ n^2/(2k) as n tends to infinity whenever a certain tiling of Z^r exists. In particular this result holds for infinitely many k, including all k < 195 and all k such that k+1 or 2k+1 is prime. For certain k, in particular when 2k+1 is prime, we get a sharper error term using the theory of logarithms.

k

We construct minimal polynomials of totally positive algebraic integers of small absolute trace by consideration of their reductions modulo auxiliary polynomials. Many new examples of such polynomials of minimal absolute trace (for given degree) are found. The computations are pushed to degrees that previously were unattainable, and one consequence is that the new examples form the majority of all those known. As an application, we produce a new bound for the Schur-Siegel-Smyth trace problem.