Advances in Cryptology - CRYPTO 2003: 23rd Annual by Adi Shamir, Eran Tromer (auth.), Dan Boneh (eds.)

By Adi Shamir, Eran Tromer (auth.), Dan Boneh (eds.)

Crypto 2003, the twenty third Annual Crypto convention, was once backed via the Int- nationwide organization for Cryptologic learn (IACR) in cooperation with the IEEE desktop Society Technical Committee on safeguard and privateness and the pc technological know-how division of the college of California at Santa Barbara. The convention got 169 submissions, of which this system committee chosen 34 for presentation. those court cases include the revised types of the 34 submissions that have been provided on the convention. those revisions haven't been checked for correctness, and the authors undergo complete accountability for the contents in their papers. Submissions to the convention characterize cutti- facet study within the cryptographic neighborhood around the world and canopy all parts of cryptography. Many top quality works couldn't be authorised. those works would certainly be released somewhere else. The convention software integrated invited lectures. Moni Naor spoke on cryptographic assumptions and demanding situations. Hugo Krawczyk spoke at the ‘SI- and-MAc’approachtoauthenticatedDi?e-HellmananditsuseintheIKEpro- cols. The convention application additionally incorporated the conventional rump consultation, chaired by means of Stuart Haber, that includes brief, casual talks on late-breaking study information. Assembling the convention application calls for assistance from many many folks. To all those that pitched in, i'm eternally on your debt. i want to ?rst thank the various researchers from around the world who submitted their paintings to this convention. with no them, Crypto couldn't exist. I thank Greg Rose, the final chair, for safeguarding me from innumerable logistical complications, and exhibiting nice generosity in assisting my e?orts.

Additional resources for Advances in Cryptology - CRYPTO 2003: 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17-21, 2003. Proceedings

Example text

The physical location of the emitter is near (or underneath) the group of bus lines to which it is attached. The counters and constants need to be set appropriately during device initialization. Note that if the device is custom-built for a specific factorization task then the circuit size can be reduced by hardwiring many of these values19 . The combined length of the counters is roughly 19 For sieving the rational side of NFS, it suffices to fix the smoothness bounds. Similarly for the preprocessing stage of Coppersmith’s Factorization Factory [6] .

Vn } is the set of all integer linear combinations of v1 , . . , vn . We call n the dimension of L, which we denote by dim(L). 34 J. Bl¨ omer and A. May The set B = {v1 , . . , vn } is called a basis of L, the (n×n)-matrix consisting of the row vectors v1 , . . , vn is called basis matrix. A basis of L can be transformed into another basis by applying an unimodular transformation to the basis matrix. The determinant det(L) is the absolute value of the determinant of a basis matrix. The famous L3 -lattice reduction algorithm of Lenstra, Lenstra and Lov´ asz [17] can be used to approximate a shortest vector.

1 Using the bounds X = N δ , Y = 4N α− 2 and Z = 3N 2 we obtain 1 4 det L(M ) = N 24 m (3τ 2 (2α−1)+4τ (δ+α+2)+δ+α+ 72 )(1+o(1)) . 1 m3 (12τ + 4)(1 + o(1)). Neglecting low An easy calculation shows that n = 24 order terms, our condition simplifies to 3τ 2 (2α − 1) + 4τ (δ + α − 1) + δ + α − The left hand side is minimized for the choice τ = in, we obtain the desired condition δ≤ 1 5 − 2α − 8 1 < 0. 2 2 1−δ−α 3 2α−1 . Plugging this value 36α2 + 12α − 15 , which concludes the proof. Combining Theorem 7 and Lemma 8, from the three vectors with norm smaller m we obtain three polynomials f1 (x, y, z), f2 (x, y, z) and f3 (x, y, z) than √ N dim L(m) 38 J.

