Bibliography entries

\bib{1960/-afips-17}
\yr 1960
\book AFIPS conference proceedings, volume 17: 1960 Western Joint Computer Conference
\issn 0095--6880
\endref

\bib{1966/-afips-28}
\yr 1966
\book AFIPS conference proceedings, volume 28: 1966 Spring Joint Computer Conference
\publ Spartan Books
\publaddr Washington
\endref

\bib{1966/-afips-29}
\yr 1966
\book AFIPS conference proceedings, volume 29: 1966 Fall Joint Computer Conference
\publ Spartan Books
\publaddr Washington
\endref

\bib{1968/-afips-33}
\yr 1968
\book AFIPS conference proceedings, volume 33, part one: 1968 Fall Joint Computer Conference, December 9--11, 1968, San Francisco, California
\publ Thompson Book Company
\publaddr Washington
\endref

\bib{1968/-rc22}
\yr 1968
\paper Algolprocedures voor het berekenen van een inwendig product in dubbele precisie
\paperinfo RC-Informatie nr. 22, Technische Hogeschool Eindhoven
\endref

\bib{1969/-rc21}
\yr 1969
\paper ALGOL procedures voor het rekenen in dubbele lengte
\paperinfo RC-Informatie nr. 21, Technische Hogeschool Eindhoven
\endref

\bib{1971/-icm-3}
\yr 1971
\mr 54:5
\book Actes du congr\`es international des math\'ematiciens, tome 3
\publ Gauthier-Villars \'Editeur
\publaddr Paris
\endref

\bib{1976/-focs}
\yr 1976
\mr 56:1766
\book 17th annual symposium on foundations of computer science
\publ IEEE Computer Society
\publaddr Long Beach, California
\endref

\bib{1977/-focs}
\yr 1977
\mr 57:18173
\book 18th annual symposium on foundations of computer science
\publ IEEE Computer Society
\publaddr Long Beach, California
\endref

\bib{1979/-focs}
\yr 1979
\mr 82a:68004
\book 20th annual symposium on foundations of computer science
\publ IEEE Computer Society
\publaddr New York
\endref

\bib{1982/-focs}
\yr 1982
\mr 85k:68007
\book 23rd annual symposium on foundations of computer science
\publ IEEE Computer Society
\publaddr New York
\endref

\bib{1985/-rennes}
\yr 1985
\mr 87f:00021
\book Colloque d'alg\`ebre
\publ Universit\'e de Rennes I
\endref

\bib{1985/-ieee754}
\yr 1985
\book IEEE standard for binary floating-point arithmetic
\bookinfo Standard 754--1985
\publ Institute of Electrical and Electronics Engineers
\publaddr New York
\endref

\bib{1985/-stoc}
\yr 1985
\book Proceedings of the 17th annual ACM symposium on theory of computing
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1986/-stoc}
\yr 1986
\isbn 0--89791--193--8
\book Proceedings of the 18th annual ACM symposium on theory of computing
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1987/-journees}
\yr 1987
\mr 87m:11003
\book Journ\'ees arithm\'etiques de Besan\c con
\bookinfo Ast\'erisque 147--148
\publ Soci\'et\'e Math\'e\-matique de France
\publaddr Paris
\endref

\bib{1989/-issac}
\yr 1989
\book International symposium on symbolic and algebraic computation, ISSAC '89, Portland, Oregon, USA, July 17--19, 1989
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1991/ecma-48}
\yr 1991
\book Standard ECMA--48: control functions for coded character sets
\edition 5th
\publ European Computer Manufacturers Association
\url http://www.ecma-international.org/publications/files/ecma-st/Ecma-048.pdf
\endref

\bib{1992/-finding-a-balance}
\yr 1992
\book Finding a balance: computer software, intellectual property and the challenge of technological change
\publ Office of Technology Assessment
\publaddr Washington
\url http://www.wws.princeton.edu/~ota/disk1/1992/9215_n.html
\endref

\bib{1995/-sha}
\yr 1995
\book Secure hash standard
\bookinfo Federal Information Processing Standard 180-1
\publ National Institute of Standards and Technology
\publaddr Washington
\endref

\bib{1996/-focs}
\yr 1996
\isbn 0--8186--7594--2
\book 37th annual symposium on foundations of computer science
\publ Institute of Electrical and Electronics Engineers
\publaddr New York
\endref

\bib{1997/-focs}
\yr 1997
\isbn 0--8186--8197--7
\book 38th annual symposium on foundations of computer science
\publ IEEE Computer Society Press
\publaddr Los Alamitos
\endref

\bib{1997/-soda}
\yr 1997
\isbn 0--89871--390--0
\mr 97k:68011
\book Proceedings of the eighth annual ACM-SIAM symposium on discrete algorithms: held in New Orleans, LA, January 5--7, 1997
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1998/-stoc}
\yr 1998
\isbn 0--89791--962--9
\mr 2001d:68026
\book Proceedings of the 30th annual ACM symposium on theory of computing
\publ Association for Computing Machinery
\url http://www.acm.org/pubs/contents/proceedings/stoc/276698/
\endref

\bib{1999/-stoc}
\yr 1999
\isbn 1--58113--067--8
\mr 2001f:68004
\book Annual ACM symposium on theory of computing: proceedings of the 31st symposium (STOC '99) held in Atlanta, GA, May 1--4, 1999
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{2000/-dss}
\yr 2000
\book Digital signature standard (DSS)
\bookinfo Federal Information Processing Standard 186-2
\publ National Institute of Standards and Technology
\publaddr Washington
\url http://csrc.nist.gov/publications/fips/
\endref

\bib{2000/-stoc}
\yr 2000
\isbn 1--58113--184--4
\book Proceedings of the 32nd annual ACM symposium on theory of computing
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{2002/-sha}
\yr 2002
\book Secure hash standard
\bookinfo Federal Information Processing Standard 180-2
\publ National Institute of Standards and Technology
\publaddr Washington
\url http://csrc.nist.gov/publications/fips/
\endref

\bib{2004/-intel-optimization}
\yr 2004
\book IA-32 Intel architecture optimization: reference manual
\publ Intel Corporation
\url http://www.intel.com/design/pentium4/manuals/index_new.htm
\endref

\bib{2004/-amd-25112}
\yr 2004
\book Software optimization guide for AMD Athlon 64 and AMD Opteron processors
\publ Advanced Micro Devices
\url http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/25112.PDF
\endref

\bib{2005/-freescale-7450}
\yr 2005
\book MPC7450 RISC microprocessor family reference manual
\publ Freescale Semiconductor
\url http://www.freescale.com/files/32bit/doc/ref_manual/MPC7450UM.pdf
\endref

\bib{1995/abrash}
\yr 1995
\isbn 188357708X
\by Michael Abrash
\book Zen of graphics programming
\publ Coriolis Group
\publaddr Scottsdale, Arizona
\endref

\bib{1979/adleman}
\yr 1979
\by Leonard M. Adleman
\paper A subexponential algorithm for the discrete logarithm problem with applications to cryptography
\inbook \cite{1979/-focs}
\pages 55--60
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1979/adleman
\endref

\bib{1991/adleman}
\yr 1991
\by Leonard M. Adleman
\paper Factoring numbers using singular integers
\inbook \cite{1991/awerbuch}
\pages 64--71
\endref

Some wild speculation on NFS performance in practice: ``Where is the crossover? A naive approach to this question is to ignore the o(1)'s ... 123 decimal digits. However, this may be far too optimistic because it appears that the o(1)'s actually favor the old algorithms. ... It seems possible that the new algorithms may begin to overtake the old ones only on numbers of about 330 decimal digits or so [because at that point QS needs smoothness of numbers] between 165 and 200 decimal digits [while NFS needs smoothness of numbers] of about 188 decimal digits.'' One of the reasons that these figures are bogus is that the 188-digit numbers are chosen to factor into at least two pieces.

\bib{1994/adleman-ffs}
\yr 1994
\mr 96d:11135
\by Leonard M. Adleman
\paper The function field sieve
\inbook \cite{1994/adleman-ants}
\pages 108--121
\seenewer \cite{1999/adleman}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/adleman-ffs
\endref

\bib{1993/adleman}
\yr 1993
\mr 94e:11140
\by Leonard M. Adleman
\by Jonathan DeMarrais
\paper A subexponential algorithm for discrete logarithms over all finite fields
\jour Mathematics of Computation
\issn 0025--5718
\vol 61
\pages 1--15
\seeolder \cite{1994/adleman-subexp}
\endref

\bib{1994/adleman-subexp}
\yr 1994
\mr 95d:94013
\by Leonard M. Adleman
\by Jonathan DeMarrais
\paper A subexponential algorithm for discrete logarithms over all finite fields
\inbook \cite{1994/stinson-book}
\pages 147--158
\seenewer \cite{1993/adleman}
\endref

It is possible to improve the running time in several ways. Sparse matrix methods can be used to find some dependencies[Wi]. A better bound on q in Algorithm I can be argued heuristically. Smoothness of norms can be tested using the `elliptic curve methods' [Le]. The integer factoring done in various parts can probably be avoided if necessary or `L[1/3]' methods can be used (e.g. [AH, LLMP]). The use of Algorithm II can perhaps be avoided altogether by adopting [sic] Algorithm I to a more general setting. Alternatively the `L[1/3,c]' method of Coppersmith [Co] might be adapted for the case n >= p.

\bib{1994/adleman-largegenus}
\yr 1994
\mr 96b:11078
\by Leonard M. Adleman
\by Jonathan DeMarrais
\by Ming-Deh Huang
\paper A subexponential algorithm for discrete logarithms over the rational subgroup of the Jacobians of large genus hyperelliptic curves over finite fields
\inbook \cite{1994/adleman-ants}
\seenewer \cite{1999/adleman-largegenus}
\pages 28--40
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/adleman-largegenus
\endref

\bib{1994/adleman-ants}
\yr 1994
\isbn 3--540--58691--1
\mr 95j:11119
\editor Leonard M. Adleman
\editor Ming-Deh Huang
\book Algorithmic number theory: first international symposium, ANTS-I, Ithaca, NY, USA, May 6--9, 1994, proceedings
\series Lecture Notes in Computer Science
\seriesvol 877
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1999/adleman}
\yr 1999
\by Leonard M. Adleman
\by Ming-Deh Huang
\paper Function field sieve method for discrete logarithms over finite fields
\jour Information and Computation
\issn 0890--5401
\vol 151
\pages 5--16
\seeolder \cite{1994/adleman-ffs}
\endref

\bib{1992/adleman}
\yr 1992
\isbn 3--540--55308--8
\mr 93g:11128
\by Leonard M. Adleman
\by Ming-Deh A. Huang
\book Primality testing and abelian varieties over finite fields
\series Lecture Notes in Mathematics
\seriesvol 1512
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1977/adleman}
\yr 1977
\mr 58:19339
\by Leonard M. Adleman
\by Kenneth Manders
\by Gary Miller
\paper On taking roots in finite fields
\inbook \cite{1977/-focs}
\pages 175--178
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1977/adleman
\endref

\bib{1994/adleman-problems}
\yr 1994
\by Leonard M. Adleman
\by Kevin S. McCurley
\paper Open problems in number theoretic complexity, II
\inbook \cite{1994/adleman-ants}
\pages 291--322
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/adleman-problems
\endref

\bib{1983/adleman}
\yr 1983
\mr 84e:10008
\by Leonard M. Adleman
\by Carl Pomerance
\by Robert S. Rumely
\paper On distinguishing prime numbers from composite numbers
\jour Annals of Mathematics
\issn 0003--486X
\vol 117
\pages 173--206
\endref

\bib{2004/adoba}
\yr 2004
\by Bernard Adoba
\by Joshua Tseng
\by Jesse Walker
\by Venkat Rangan
\by Franco Travostino
\paper Securing block storage protocols over IP
\also RFC 3723
\url http://www.ietf.org/rfc/rfc3723.txt
\endref

\bib{1997/afanassiev}
\yr 1997
\by Valentine Afanassiev
\by Christian Gehrmann
\by Ben Smeets
\paper Fast message authentication using efficient polynomial evaluation
\inbook \cite{1997/biham}
\pages 190--204
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1997/afanassiev
\endref

\bib{1977/agarwal}
\yr 1977
\by Ramesh C. Agarwal
\by James W. Cooley
\paper New algorithms for digital convolution
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 25
\pages 392--410
\endref

\bib{preprint/agashe}
\by A. Agashe
\by K. Lauter
\by R. Venkatesan
\paper Constructing elliptic curves with a known number of points over a prime field
\url http://research.microsoft.com/~klauter/
\endref

\bib{2002/agrawal}
\yr 2002
\by Manindra Agrawal
\by Neeraj Kayal
\by Nitin Saxena
\paper PRIMES is in P
\url http://www.cse.iitk.ac.in/news/primality.html
\endref

\bib{1973/aho-stoc5}
\yr 1973
\by Alfred V. Aho (chairman)
\book Proceedings of fifth annual ACM symposium on theory of computing: Austin, Texas, April 30--May 2, 1973
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1975/aho}
\yr 1975
\mr 51:7393
\by Alfred V. Aho
\by Margaret J. Corasick
\paper Efficient string matching: an aid to bibliographic search
\jour Communications of the ACM
\issn 0001--0782
\vol 18
\pages 333--340
\url http://www.win.tue.nl/~watson/2R080/opdracht/p333-aho-corasick.pdf
\endref

\bib{1974/aho}
\yr 1974
\isbn 0--201--00029--6
\by Alfred V. Aho
\by John E. Hopcroft
\by Jeffrey D. Ullman
\book The design and analysis of computer algorithms
\publ Addison-Wesley
\publaddr Reading
\endref

\bib{1993/aiello}
\yr 1993
\by Walter Aiello
\by M. V. Subbarao
\paper A conjecture in addition chains related to Scholz's conjecture
\jour Mathematics of Computation
\issn 0025--5718
\vol 61
\pages 17--23
\endref

\bib{2001/akishita-simultaneous}
\yr 2001
\by Toru Akishita
\paper Fast simultaneous scalar multiplication on elliptic curve with Montgomery form
\inbook \cite{2001/vaudenay-sac2001}
\pages 255--268
\endref

\bib{1988/alexi}
\yr 1988
\mr 89j:11120
\by Werner Alexi
\by Benny Chor
\by Oded Goldreich
\by Claus P. Schnorr
\paper RSA and Rabin functions: certain parts are as hard as the whole
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 17
\pages 194--209
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1988/alexi
\endref

\bib{1994/alford}
\yr 1994
\mr 95k:11114
\by W. R. Alford
\by Andrew Granville
\by Carl Pomerance
\paper There are infinitely many Carmichael numbers
\jour Annals of Mathematics
\issn 0003--486X
\vol 139
\pages 703--722
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/alford
\endref

\bib{1995/alford}
\yr 1995
\mr 96k:11152
\by W. R. Alford
\by Carl Pomerance
\paper Implementing the self-initializing quadratic sieve on a distributed network
\inbook \cite{1995/vanderpoorten}
\pages 163--174
\endref

\bib{2000/allan}
\yr 2000
\by David W. Allan
\by Neil Ashby
\by Clifford C. Hodge
\paper The science of timekeeping
\paperinfo Agilent application note 1289
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 2000/allan
\endref

\bib{2001/alster-pkccnt}
\yr 2001
\editor Kazimierz Alster
\editor Jerzy Urbanowicz
\editor Hugh C. Williams
\isbn 3--11--017046--9
\mr 2002h:94001
\book Public-key cryptography and computational number theory: proceedings of the international conference held in Warsaw, September 11--15, 2000
\publ Walter de Gruyter
\publaddr Berlin
\endref

\bib{1994/anderson-book}
\yr 1994
\isbn 3--540--58108--1
\mr 97b:94004
\editor Ross Anderson
\book Fast software encryption
\series Lecture Notes in Computer Science
\seriesvol 809
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1976/anderssen-book}
\yr 1976
\isbn 0--7022--1213--X
\editor Robert S. Anderssen
\editor Richard P. Brent
\book The complexity of computational problem solving
\publ University of Queensland Press
\publaddr Brisbane
\url http://web.comlab.ox.ac.uk/oucl/work/richard.brent/pub/pub031.html
\endref

\bib{1994/andrews}
\yr 1994
\isbn 0--8218--5173--X
\editor George E. Andrews
\editor David M. Bressoud
\editor L. Alayne Parson
\book The Rademacher legacy to mathematics: Papers from the Centenary Conference in Honor of Hans Rademacher held at the Pennsylvania State University, University Park, Pennsylvania, July 21--25, 1992
\series Contemporary Mathematics
\seriesvol 166
\publ American Mathematical Society
\publaddr Providence
\endref

\bib{1952/ankeny}
\yr 1952
\mr 13,538c
\by N. C. Ankeny
\paper The least quadratic non residue
\jour Annals of Mathematics
\issn 0003--486X
\vol 55
\pages 65--72
\endref

\bib{2005/antipa-accelerated}
\yr 2005
\by Adrian Antipa
\by Daniel Brown
\by Robert Gallant
\by Rob Lambert
\by Ren\'e Struik
\by Scott Vanstone
\paper Accelerated verification of ECDSA signatures
\url http://www.cacr.math.uwaterloo.ca/techreports/2005/tech_reports2005.html
\endref

\bib{2003/antipa}
\yr 2003
\mr 2171928
\by Adrian Antipa
\by Daniel Brown
\by Alfred Menezes
\by Ren\'e Struik
\by Scott Vanstone
\paper Validation of elliptic curve public keys
\inbook \cite{2003/desmedt-pkc2003}
\pages 211--223
\endref

\bib{1979/antoniou}
\yr 1979
\isbn 0070021171
\by Andreas Antoniou
\book Digital filters: analysis and design
\publ McGraw-Hill
\publaddr New York
\endref

\bib{1968/apostolatos}
\yr 1968
\by N. Apostolatos
\by U. Kulisch
\by R. Krawczyk
\by B. Lortz
\by K. Nickel
\by H.-W. Wippermann
\paper The algorithmic language Triplex-ALGOL 60
\jour Numerische Mathematik
\issn 0029--599X
\vol 11
\pages 175--180
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1968/apostolatos
\endref

\bib{1970/apostol}
\yr 1970
\mr 40:4241
\by Tom M. Apostol
\paper Resultants of cyclotomic polynomials
\jour Proceedings of the American Mathematical Society
\issn 0002--9939
\vol 24
\pages 457--462
\endref

\bib{1970/arlazarov}
\yr 1970
\mr 42:4441
\by V. L. Arlazarov
\by E. A. Dinic
\by M. A. Kronrod
\by I. A. Farad\v zev
\paper On economical construction of the transitive closure of an oriented graph
\jour Soviet Mathematics Doklady
\issn 0197--6788
\vol 11
\pages 1209--1210
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1970/arlazarov
\endref

\bib{1994/artin-book}
\yr 1994
\isbn 3--540--57214--7
\mr 95i:00037
\editor Michael Artin
\editor Manspeter Kraft
\editor Reinhold Remmert
\book Duration and change
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1966/artjuhov}
\yr 1966
\mr 35:4153
\by M. M. Artjuhov
\paper Certain criteria for primality of numbers connected with the little Fermat theorem
\jour Acta Arithmetica
\issn 0065--1036
\vol 12
\pages 355--364
\endref

\bib{1996/asano}
\yr 1996
\isbn 3--540--62048--6
\mr 98k:68001
\editor Tetsuo Asano
\editor Yoshihide Igarashi
\editor Hiroshi Nagamochi
\editor Satoru Miyano
\editor Subhash Suri
\book Algorithms and computation: Papers from the 7th international symposium (ISAAC '96) held in Osaka, December 16--18, 1996
\series Lecture Notes in Computer Science
\seriesvol 1178
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1993/ashby}
\yr 1993
\editor Victoria Ashby
\book First ACM conference on computer and communications security
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1996/atici}
\yr 1996
\mr 98g:94021
\by Mustafa Atici
\by Douglas R. Stinson
\paper Universal hashing and multiple authentication
\inbook \cite{1996/koblitz}
\pages 15--30
\url http://link.springer.de/link/service/series/0558/bibs/1109/11090016.htm
\endref

\bib{1965/atkin}
\yr 1965
\mr 34:2547
\by A. O. L. Atkin
\paper On pseudo-squares
\jour Proceedings of the London Mathematical Society, Third Series
\issn 0024--6115
\vol 14a
\pages 22--27
\endref

\bib{1998/atkin}
\yr 1998
\mr 98k:11183
\by A. O. L. Atkin
\paper Intelligent primality test offer
\inbook \cite{1998/buell}
\pages 1--11
\endref

\bib{2004/atkin-primesieves}
\yr 2004
\by A. O. L. Atkin
\by Daniel J. Bernstein
\paper Prime sieves using binary quadratic forms
\jour Mathematics of Computation
\issn 0025--5718
\vol 73
\pages 1023--1030
\url https://cr.yp.to/papers.html#primesieves
\endref

\bib{1982/atkin}
\yr 1982
\mr 84d:10013
\by A. O. L. Atkin
\by Richard G. Larson
\paper On a primality test of Solovay and Strassen
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 11
\pages 789--791
\endref

\bib{1993/atkin-ecpp}
\yr 1993
\mr 93m:11136
\by A. O. L. Atkin
\by Francois Morain
\paper Elliptic curves and primality proving
\jour Mathematics of Computation
\issn 0025--5718
\vol 61
\pages 29--68
\url http://www.lix.polytechnique.fr/~morain/Articles/articles.english.html
\endref

\bib{1993/atkin}
\yr 1993
\mr 93k:11115
\by A. O. L. Atkin
\by Francois Morain
\paper Finding suitable curves for the elliptic curve method of factorization
\jour Mathematics of Computation
\issn 0025--5718
\vol 60
\pages 399--405
\endref

\bib{1995/atkins}
\yr 1995
\mr 97b:94019
\by Derek Atkins
\by Michael Graff
\by Arjen K. Lenstra
\by Paul C. Leyland
\paper The magic words are squeamish ossifrage (extended abstract)
\inbook \cite{1995/pieprzyk}
\pages 263--277
\endref

\bib{2000/augot}
\yr 2000
\mr 2001m:94061
\by Daniel Augot
\by Lancelot Pecquet
\paper A Hensel lifting to replace factorization in list-decoding of algebraic-geometric and Reed-Solomon codes
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 46
\pages 2605--2614
\endref

\bib{1983/auslander}
\yr 1983
\by Louis Auslander
\by Ephraim Feig
\by Shmuel Winograd
\paper New algorithms for the multidimensional discrete Fourier transform
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 31
\pages 388--403
\endref

\bib{2004/avanzi-aspects}
\yr 2004
\by Roberto M. Avanzi
\paper Aspects of hyperelliptic curves over large prime fields in software implementations
\inbook \cite{2004/joye-ches2004}
\pages 148--162
\endref

\bib{2005/avanzi-ehcc19}
\yr 2005
\mr 2162735
\by Roberto M. Avanzi
\paper Generic algorithms for computing discrete logarithms
\inbook \cite{2005/cohen-ehcc}
\pages 477--494
\endref

\bib{2004/avanzi-paffs}
\yr 2004
\by Roberto M. Avanzi
\by Preda Mih\u ailescu
\paper Generic efficient arithmetic algorithms for PAFFs (processor adequate finite fields) and related algebraic structures (extended abstract)
\inbook \cite{2004/matsui-sac2003}
\pages 320--334
\endref

\bib{1961/avizienis}
\yr 1961
\mr 24:B1263
\by Algirdas A. Avizienis
\paper Signed-digit number representations for fast parallel arithmetic
\jour IRE Transactions on Electronic Computers
\issn 0367--9950
\vol 10
\pages 389--400
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1961/avizienis
\endref

\bib{1991/awerbuch}
\yr 1991
\editor Baruch Awerbuch
\book Proceedings of the 23rd annual ACM symposium on the theory of computing
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1985/bach}
\yr 1985
\by Eric Bach
\book Analytic methods in the analysis and design of number-theoretic algorithms
\phdthesis
\publ MIT Press
\endref

\bib{1990/bach}
\yr 1990
\mr 92a:11149
\by Eric Bach
\paper Intractable problems in number theory
\inbook \cite{1990/goldwasser}
\pages 77--93
\endref

\bib{1991/bach}
\yr 1991
\mr 92a:11151
\by Eric Bach
\paper Toward a theory of Pollard's rho method
\jour Information and Computation
\issn 0890--5401
\vol 90
\pages 139--155
\endref

\bib{1990/bach-cba}
\yr 1990
\by Eric Bach
\by James Driscoll
\by Jeffrey Shallit
\paper Factor refinement
\inbook \cite{1990/johnson-soda}
\pages 201--211
\seenewer \cite{1993/bach-cba}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1990/bach-cba
\endref

\bib{1993/bach-cba}
\yr 1993
\mr 94m:11148
\by Eric Bach
\by James Driscoll
\by Jeffrey Shallit
\paper Factor refinement
\jour Journal of Algorithms
\issn 0196--6774
\vol 15
\pages 199--222
\seeolder \cite{1990/bach-cba}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1993/bach-cba
\endref

\bib{1993/bach-generating}
\yr 1993
\mr 93k:11089
\by Eric Bach
\by Lorenz Huelsbergen
\paper Statistical evidence for small generating sets
\jour Mathematics of Computation
\issn 0025--5718
\vol 61
\pages 69--82
\url http://www.jstor.org/sici?sici=0025-5718(199307)61:203<69:SEFSGS>2.0.CO;2-3
\endref

\bib{1984/bach}
\yr 1984
\by Eric Bach
\by Gary Miller
\by Jeffrey Shallit
\paper Sums of divisors, perfect numbers, and factoring
\inbook \cite{1984/demillo-stoc}
\pages 183--190
\seenewer \cite{1986/bach}
\endref

\bib{1986/bach}
\yr 1986
\mr 87k:11139
\by Eric Bach
\by Gary Miller
\by Jeffrey Shallit
\paper Sums of divisors, perfect numbers, and factoring
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 15
\pages 1143--1154
\seeolder \cite{1984/bach}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/bach
\endref

\bib{1996/bach-semismooth}
\yr 1996
\mr 98a:11123
\by Eric Bach
\by Ren\'e Peralta
\paper Asymptotic semismoothness probabilities
\jour Mathematics of Computation
\issn 0025--5718
\vol 65
\pages 1701--1715
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1996/bach-semismooth
\endref

\bib{1989/bach}
\yr 1989
\mr 89k:11127
\by Eric Bach
\by Jeffrey Shallit
\paper Factoring with cyclotomic polynomials
\jour Mathematics of Computation
\issn 0025--5718
\vol 52
\pages 201--219
\endref

\bib{1996/bach-book}
\yr 1996
\mr 97e:11157
\isbn 0--262--02405--5
\by Eric Bach
\by Jeffrey Shallit
\book Algorithmic number theory, volume 1: efficient algorithms
\publ MIT Press
\publaddr Cambridge, Massachusetts
\url http://www.math.uwaterloo.ca/~shallit/ant.html
\endref

\bib{1993/bach-powers}
\yr 1993
\mr 94d:11103
\by Eric Bach
\by Jonathan Sorenson
\paper Sieve algorithms for perfect power testing
\jour Algorithmica
\issn 0178--4617
\vol 9
\pages 313--328
\endref

\bib{1996/bach-bounds}
\yr 1996
\mr 97a:11143
\by Eric Bach
\by Jonathan Sorenson
\paper Explicit bounds for primes in residue classes
\jour Mathematics of Computation
\issn 0025--5718
\vol 65
\pages 1717--1735
\endref

\bib{2001/bailey-extensions}
\yr 2001
\by Daniel V. Bailey
\by Christof Paar
\paper Efficient arithmetic in finite field extensions with application in elliptic curve cryptography
\jour Journal of Cryptology
\issn 0933--2790
\vol 14
\pages 153--176
\endref

\bib{1988/bailey}
\yr 1988
\mr 88m:11114
\by David H. Bailey
\paper The computation of $\pi$ to 29,360,000 decimal digits using Borweins' quartically convergent algorithm
\jour Mathematics of Computation
\issn 0025--5718
\vol 50
\pages 283--296
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1988/bailey
\endref

\bib{1989/bailey}
\yr 1989
\by David H. Bailey
\paper FFTs in external or hierarchical memory
\paperinfo NASA RNR Technical Report RNR--89--004
\url http://www.nas.nasa.gov/Research/Reports/Techreports/1989/rnr-89-004-abstract.html
\seenewer \cite{1990/bailey}
\endref

\bib{1990/bailey}
\yr 1990
\by David H. Bailey
\paper FFTs in external or hierarchical memory
\jour Journal of Supercomputing
\issn 0920--8542
\vol 4
\pages 23--35
\seeolder \cite{1989/bailey}
\endref

\bib{1991/bailey}
\yr 1991
\mr 92f:65162
\by David H. Bailey
\by Paul N. Swarztrauber
\paper The fractional Fourier transform and applications
\jour SIAM Review
\issn 1095--7200
\vol 33
\pages 389--404
\url http://www.scd.ucar.edu/css/staff/pauls/papers/FFFT/FFFT.html
\endref

\bib{1980/baillie}
\yr 1980
\mr 81j:10005
\by Robert Baillie
\by Samuel S. Wagstaff, Jr.
\paper Lucas pseudoprimes
\jour Mathematics of Computation
\issn 0025--5718
\vol 35
\pages 1391--1417
\endref

\bib{1977/baker}
\yr 1977
\mr 58:16543
\by Alan Baker
\paper The theory of linear forms in logarithms
\inbook \cite{1977/baker-book}
\pages 1--27
\endref

\bib{1977/baker-book}
\yr 1977
\isbn 0--12--074350--7
\mr 56:15573
\editor Alan Baker
\editor David W. Masser
\book Transcendence theory: advances and applications: proceedings of a conference held at the University of Cambridge, Cambridge, January--February, 1976
\publ Academic Press
\publaddr London
\endref

\bib{1998/balasubramanian}
\yr 1998
\mr 99e:11012
\by R. Balasubramanian
\by D. S. Ramana
\paper Atkin's theorem on pseudo-squares
\jour Institut Math\'e\-matique, Publications, Nouvelle S\'erie
\issn 0350--1302
\vol 63
\pages 21--25
\endref

\bib{1987/balog}
\yr 1987
\mr 88g:11061
\by Antal Balog
\paper On the distribution of integers having no large prime factor
\inbook \cite{1987/-journees}
\pages 27--31
\endref

\bib{1992/balog}
\yr 1992
\mr 92h:11075
\by Antal Balog
\by Carl Pomerance
\paper The distribution of smooth numbers in arithmetic progressions
\jour Proceedings of the American Mathematical Society
\issn 0002--9939
\vol 115
\pages 33--43
\endref

\bib{2006/barua-indocrypt}
\yr 2006
\editor Rana Barua
\editor Tanja Lange
\book Progress in Cryptology---INDOCRYPT 2006, 7th International Conference on Cryptology in India, Kolkata, India, December 11--13, 2006, Proceedings
\series Lecture Notes in Computer Science
\seriesvol 4329
\publ Springer
\isbn 3--540--49767--6
\endref

\bib{1977/bays}
\yr 1977
\mr 56:5405
\by Carter Bays
\by Richard H. Hudson
\paper The segmented sieve of Eratosthenes and primes in arithmetic progressions to $10^{12}$
\jour BIT
\issn 0006--3835
\vol 17
\pages 121--127
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1977/bays
\endref

\bib{1986/beame}
\yr 1986
\by Paul W. Beame
\by Stephen A. Cook
\by H. James Hoover
\paper Log depth circuits for division and related problems
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 15
\pages 994--1003
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/beame
\endref

\bib{1978/beard}
\yr 1978
\by James K. Beard
\paper An inplace self reordering FFT
\inbook \cite{1978/yarlagadda}
\pages 632--633
\endref

\bib{1995/beaver}
\yr 1995
\by Donald Beaver
\paper Factoring: the DNA solution
\inbook \cite{1995/pieprzyk}
\pages 419--423
\endref

\bib{1972/beeler}
\yr 1972
\by Michael Beeler
\by R. William Gosper
\by Richard Schroeppel
\book HAKMEM
\bookinfo Artificial Intelligence Memo No.~239
\publ Massachusetts Institute of Technology
\url http://www.inwap.com/pdp10/\allowbreak hbaker/hakmem/hakmem.html
\endref

\bib{1976/belaga}
\yr 1976
\mr 53:13141
\by Edward G. Belaga
\paper The additive complexity of a natural number
\jour Soviet Mathematics Doklady
\issn 0197--6788
\vol 17
\pages 5--9
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1976/belaga
\endref

\bib{2000/bellare-book}
\yr 2000
\isbn 3--540--67907--3
\mr 2002c:94002
\editor Mihir Bellare
\book Advances in cryptology---CRYPTO 2000: proceedings of the 20th Annual International Cryptology Conference held in Santa Barbara, CA, August 20--24, 2000
\series Lecture Notes in Computer Science
\seriesvol 1880
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1996/bellare-hmac}
\yr 1996
\by Mihir Bellare
\by Ran Canetti
\by Hugo Krawczyk
\paper Keying hash functions for message authentication
\url http://www-cse.ucsd.edu/~mihir/\allowbreak papers/hmac.html
\seeolder \cite{1996/bellare-hmac-draft}
\endref

\bib{1996/bellare-hmac-draft}
\yr 1996
\by Mihir Bellare
\by Ran Canetti
\by Hugo Krawczyk
\paper Keying hash functions for message authentication
\inbook \cite{1996/koblitz}
\pages 16--30
\seenewer \cite{1996/bellare-hmac}
\endref

\bib{1996/bellare-cascade}
\yr 1996
\by Mihir Bellare
\by Ran Canetti
\by Hugo Krawczyk
\paper Pseudorandom functions revisited: the cascade construction and its concrete security
\url http://www-cse.ucsd.edu/~mihir/papers/cascade.html
\seeolder \cite{1996/bellare-cascade-draft}
\endref

\bib{1996/bellare-cascade-draft}
\yr 1996
\by Mihir Bellare
\by Ran Canetti
\by Hugo Krawczyk
\paper Pseudorandom functions revisited: the cascade construction and its concrete security
\inbook \cite{1996/-focs}
\pages 514--523
\seenewer \cite{1996/bellare-cascade}
\endref

\bib{2000/bellare-modes}
\yr 2000
\by Mihir Bellare
\by Anand Desai
\by Eron Jokipii
\by Phillip Rogaway
\paper A concrete security treatment of symmetric encryption: analysis of the DES modes of operation
\url http://www.cs.ucdavis.edu/~rogaway/papers/sym-enc-abstract.html
\endref

\bib{1994/bellare-incremental}
\yr 1994
\by Mihir Bellare
\by Oded Goldreich
\by Shafi Goldwasser
\paper Incremental cryptography: the case of hashing and signing
\inbook \cite{1994/desmedt}
\pages 216--233
\url http://www-cse.ucsd.edu/~mihir/papers/incremental.html
\endref

\bib{2004/bellare-verification}
\yr 2004
\by Mihir Bellare
\by Oded Goldreich
\by Anton Mityagin
\paper The power of verification queries in message authentication and authenticated encryption
\url http://eprint.iacr.org/2004/309
\endref

\bib{1995/bellare-xor}
\yr 1995
\by Mihir Bellare
\by Roch Gu\'erin
\by Phillip Rogaway
\paper XOR MACs: new methods for message authentication using finite pseudorandom functions
\url http://www-cse.ucsd.edu/~mihir/papers/xormacs.html
\seeolder \cite{1995/bellare-xor-draft}
\endref

\bib{1995/bellare-xor-draft}
\yr 1995
\by Mihir Bellare
\by Roch Gu\'erin
\by Phillip Rogaway
\paper XOR MACs: new methods for message authentication using finite pseudorandom functions
\inbook \cite{1995/coppersmith-book}
\pages 15--28
\seenewer \cite{1995/bellare-xor}
\endref

\bib{1994/bellare-cbc-draft}
\yr 1994
\by Mihir Bellare
\by Joe Kilian
\by Phillip Rogaway
\paper The security of cipher block chaining
\inbook \cite{1994/desmedt}
\pages 341--358
\seenewer \cite{2000/bellare-cbc}
\endref

\bib{2000/bellare-cbc}
\yr 2000
\by Mihir Bellare
\by Joe Kilian
\by Phillip Rogaway
\paper The security of the cipher block chaining message authentication code
\jour Journal of Computer and System Sciences
\issn 0022--0000
\vol 61
\pages 362--399
\url http://www-cse.ucsd.edu/~mihir/papers/cbc.html
\seeolder \cite{1994/bellare-cbc-draft}
\endref

\bib{2000/bellare-backwards}
\yr 2000
\by Mihir Bellare
\by Ted Krovetz
\by Phillip Rogaway
\paper Luby-Rackoff backwards: increasing security by making block ciphers non-invertible
\url http://www.cs.ucdavis.edu/~krovetz/
\endref

\bib{1993/bellare}
\yr 1993
\by Mihir Bellare
\by Phillip Rogaway
\paper Random oracles are practical: a paradigm for designing efficient protocols
\inbook \cite{1993/ashby}
\pages 62--73
\endref

\bib{1996/bellare-sigs}
\yr 1996
\by Mihir Bellare
\by Phillip Rogaway
\paper The exact security of digital signatures: how to sign with RSA and Rabin
\url http://www-cse.ucsd.edu/~mihir/papers/exactsigs.html
\seeolder \cite{1996/bellare-sigs-draft}
\endref

\bib{1996/bellare-sigs-draft}
\yr 1996
\by Mihir Bellare
\by Phillip Rogaway
\paper The exact security of digital signatures: how to sign with RSA and Rabin
\inbook \cite{1996/maurer}
\pages 399--416
\seenewer \cite{1996/bellare-sigs}
\endref

\bib{2004/bellare-chap4}
\yr 2004
\by Mihir Bellare
\by Phillip Rogaway
\paper Introduction to modern cryptography, chapter 4: symmetric encryption
\url http://www-cse.ucsd.edu/users/mihir/cse207/m-se.pdf
\endref

\bib{2004/bellare-games}
\yr 2004
\by Mihir Bellare
\by Phillip Rogaway
\paper The game-playing technique
\url http://eprint.iacr.org/2004/331
\endref

\bib{2005/bellare-chap5}
\yr 2005
\by Mihir Bellare
\by Phillip Rogaway
\paper Introduction to modern cryptography, chapter 5: symmetric encryption
\url http://www.cse.ucsd.edu/users/mihir/cse107/
\endref

\bib{1990/bender}
\yr 1990
\mr 91d:11154
\by Andreas Bender
\by Guy Castagnoli
\paper On the implementation of elliptic curve cryptosystems
\inbook \cite{1990/brassard-book}
\pages 186--192
\endref

\bib{1999/bender}
\yr 1999
\mr 2000i:65064
\by Edward A. Bender
\by E. Rodney Canfield
\paper An approximate probabilistic model for structured Gaussian elimination
\jour Journal of Algorithms
\issn 0196--6774
\vol 31
\pages 271--290
\endref

\bib{1998/bender}
\yr 1998
\mr 99c:11156
\by Renet Lovorn Bender
\by Carl Pomerance
\paper Rigorous discrete logarithm computations in finite fields via smooth polynomials
\inbook \cite{1998/buell}
\pages 221--232
\endref

\bib{1986/bengelloun}
\yr 1986
\by S. A. Bengelloun
\paper An incremental primal sieve
\jour Acta Informatica
\issn 0001--5903
\vol 23
\pages 119--125
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/bengelloun
\endref

\bib{2002/bennett}
\yr 2002
\isbn 1--56881--126--8
\mr 2003h:11004
\editor M. A. Bennett
\editor B. C. Berndt
\editor N. Boston
\editor H. G. Diamond
\editor A. J. Hildebrand
\editor W. Philipp
\book Number theory for the millennium. I: papers from the conference held at the University of Illinois at Urbana-Champaign, Urbana, IL, May 21--26, 2000
\publ A. K. Peters
\publaddr Natick, Massachusetts
\endref

\bib{2005/bentahar-equivalence}
\yr 2005
\by Kamel Bentahar
\paper The equivalence between the DHP and DLP for elliptic curves used in practical applications, revisited
\url http://eprint.iacr.org/2005/307
\endref

\bib{1994/bergeron}
\yr 1994
\mr 95m:11144
\by Fran\c cois Bergeron
\by Jean Berstel
\by Sre\v cko Brlek
\paper Efficient computation of addition chains
\jour Journal de Th\'eorie des Nombres de Bordeaux
\issn 1246--7405
\vol 6
\pages 21-38
\url http://almira.math.u-bordeaux.fr/jtnb/1994-1/jtnb6-1.html
\endref

\bib{1989/bergeron}
\yr 1989
\by Fran\c cois Bergeron
\by Jean Berstel
\by Sre\v cko Brlek
\by C. Duroc
\paper Addition chains using continued fractions
\jour Journal of Algorithms
\issn 0196--6774
\vol 10
\pages 403--412
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1989/bergeron
\endref

\bib{1968/bergland-real}
\yr 1968
\by Glenn D. Bergland
\paper A fast Fourier transform algorithm for real-valued series
\jour Communications of the ACM
\issn 0001--0782
\vol 11
\pages 703--710
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1968/bergland-real
\endref

\bib{1968/bergland-8}
\yr 1968
\mr 37:2485
\by Glenn D. Bergland
\paper A fast Fourier transform algorithm using base $8$ iterations
\jour Mathematics of Computation
\issn 0025--5718
\vol 22
\pages 275--279
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1968/bergland-8
\endref

\bib{1967/berlekamp}
\yr 1967
\mr 36:2314
\by Elwyn R. Berlekamp
\paper Factoring polynomials over finite fields
\jour Bell System Technical Journal
\issn 0005--8580
\vol 46
\pages 1853--1859
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1967/berlekamp
\endref

\bib{1968/berlekamp}
\yr 1968
\mr 38:6873
\by Elwyn R. Berlekamp
\book Algebraic coding theory
\publ McGraw-Hill
\publaddr New York
\endref

\bib{1970/berlekamp}
\yr 1970
\mr 43:1948
\by Elwyn R. Berlekamp
\paper Factoring polynomials over large finite fields
\jour Mathematics of Computation
\issn 0025--5718
\vol 24
\pages 713--735
\endref

\bib{1975/benderskii}
\yr 1975
\mr 52:12397
\by Ju. V. Bernderski\u\i
\paper Fast computations
\jour Doklady Akademii Nauk SSSR
\issn 0002--3264
\vol 223
\pages 1041--1043
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1975/benderskii
\endref

\bib{1996/berndt}
\yr 1996
\isbn 0--8176--3933--0
\mr 97c:11001
\by Bruce C. Berndt
\by Harold G. Diamond
\by Adolf J. Hildebrand
\book Analytic number theory, volume 2
\publ Birkhauser
\publaddr Boston
\endref

\bib{1987/bernstein}
\yr 1987
\by Daniel J. Bernstein
\paper New fast algorithms for $\pi$ and $e$
\paperinfo paper for the Westinghouse competition, distributed widely at the Ramanujan Centenary Conference
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1987/bernstein
\endref

\bib{1994/bernstein}
\yr 1994
\by Daniel J. Bernstein
\paper A non-iterative $2$-adic statement of the $3N+1$ conjecture
\jour Proceedings of the American Mathematical Society
\issn 0002--9939
\vol 121
\pages 405--408
\url https://cr.yp.to/papers.html
\endref

\bib{1995/bernstein-thesis}
\yr 1995
\by Daniel J. Bernstein
\book Detecting perfect powers in essentially linear time, and other studies in computational number theory
\phdthesis
\publ University of California at Berkeley
\endref

\bib{1995/bernstein-mmecrt}
\yr 1995
\by Daniel J. Bernstein
\paper Multidigit modular multiplication with the explicit Chinese remainder theorem
\inbook \cite{1995/bernstein-thesis}
\url https://cr.yp.to/papers.html
\endref

\bib{1995/bernstein-mlnfs}
\yr 1995
\by Daniel J. Bernstein
\paper The multiple-lattice number field sieve
\inbook \cite{1995/bernstein-thesis}
\url https://cr.yp.to/papers.html
\endref

\bib{1996/bernstein-fiall}
\yr 1996
\by Daniel J. Bernstein
\paper Fast ideal arithmetic via lazy localization
\inbook \cite{1996/cohen}
\pages 27--34
\url https://cr.yp.to/papers.html
\endref

\bib{1998/bernstein-compose}
\yr 1998
\by Daniel J. Bernstein
\paper Composing power series over a finite ring in essentially linear time
\jour Journal of Symbolic Computation
\issn 0747--7171
\vol 26
\pages 339--341
\url https://cr.yp.to/papers.html
\endref

\bib{1998/bernstein-powers}
\yr 1998
\mr 98j:11121
\by Daniel J. Bernstein
\paper Detecting perfect powers in essentially linear time
\jour Mathematics of Computation
\issn 0025--5718
\vol 67
\pages 1253--1283
\url https://cr.yp.to/papers.html
\endref

\bib{1999/bernstein-hash127-abs}
\yr 1999
\by Daniel J. Bernstein
\paper Guaranteed message authentication faster than MD5 (abstract)
\url https://cr.yp.to/papers.html#hash127-abs
\endref

\bib{1999/bernstein-stretch}
\yr 1999
\by Daniel J. Bernstein
\paper How to stretch random functions: the security of protected counter sums
\jour Journal of Cryptology
\issn 0933--2790
\vol 12
\pages 185--192
\url https://cr.yp.to/papers.html
\endref

\bib{2001/bernstein-schimmler}
\yr 2001
\by Daniel J. Bernstein
\paper An introduction to Schimmler sorting
\url https://cr.yp.to/talks.html#2001.05.14
\endref

\bib{2001/bernstein-nfscircuit}
\yr 2001
\by Daniel J. Bernstein
\paper Circuits for integer factorization: a proposal
\url https://cr.yp.to/papers.html
\endref

\bib{2001/bernstein-sortedsums}
\yr 2001
\by Daniel J. Bernstein
\paper Enumerating solutions to $p(a)+q(b)=r(c)+s(d)$
\jour Mathematics of Computation
\issn 0025--5718
\vol 70
\pages 389--394
\url https://cr.yp.to/papers.html
\endref

\bib{2001/bernstein-nsa}
\yr 2001
\by Daniel J. Bernstein
\paper The NSA sieving circuit
\url https://cr.yp.to/talks.html#2001.05.07
\endref

\bib{2002/bernstein-psi}
\yr 2002
\by Daniel J. Bernstein
\paper Arbitrarily tight bounds on the distribution of smooth integers
\inbook \cite{2002/bennett}
\pages 49--66
\url https://cr.yp.to/papers.html#psi
\endref

\bib{2004/bernstein-cachetiming}
\yr 2004
\by Daniel J. Bernstein
\paper Cache-timing attacks on AES
\url https://cr.yp.to/papers.html#cachetiming
\id cd9faae9bd5308c440df50fc26a517b4
\endref

\bib{2004/bernstein-focus}
\yr 2004
\by Daniel J. Bernstein
\paper Doubly focused enumeration of locally square polynomial values
\inbook \cite{2004/vanderpoorten}
\pages 69--76
\url http://\allowbreak cr.yp.to/papers.html#focus
\id b4795a4f12863c26de5b7afe9296ffd8
\endref

\bib{2005/bernstein-dcba}
\yr 2005
\by Daniel J. Bernstein
\paper Factoring into coprimes in essentially linear time
\jour Journal of Algorithms
\issn 0196--6774
\vol 54
\pages 1--30
\url https://cr.yp.to/papers.html#dcba
\id f32943f0bb67a9317d4021513f9eee5a
\endref

\bib{2005/bernstein-poly1305}
\yr 2005
\by Daniel J. Bernstein
\paper The Poly1305-AES message-authentication code
\inbook \cite{2005/gilbert-fse2005}
\pages 32--49
\url https://cr.yp.to/papers.html#poly1305
\id 0018d9551b5546d97c340e0dd8cb5750
\endref

\bib{1996/bernstein-3x1conjmap}
\yr 1996
\by Daniel J. Bernstein
\by Jeffery C. Lagarias
\paper The $3x+1$ conjugacy map
\jour Canadian Journal of Mathematics
\issn 0008--414X
\vol 48
\pages 1154--1169
\url https://cr.yp.to/papers.html
\endref

\bib{1993/bernstein}
\yr 1993
\by Daniel J. Bernstein
\by Arjen K. Lenstra
\paper A general number field sieve implementation
\inbook \cite{1993/lenstra-book}
\pages 103--126
\endref

\bib{preprint/bernstein-powers2}
\by Daniel J. Bernstein
\by Hendrik W. Lenstra, Jr.
\by Jonathan Pila
\paper Detecting perfect powers by factoring into coprimes
\url https://cr.yp.to/papers.html#powers2
\id bbd41ce71e527d3c06295aadccf60979
\endref

\bib{preprint/bernstein-sigs}
\by Daniel J. Bernstein
\paper A secure public-key signature system with extremely fast verification
\paperinfo accepted by {\it Journal of Cryptology}, but withdrawn to be incorporated into author's {\it High-speed cryptography} book
\url https://cr.yp.to/papers.html#sigs
\endref

\bib{preprint/bernstein-unipat}
\by Daniel J. Bernstein
\paper A simple universal pattern-matching automaton
\paperinfo submitted for publication
\url https://cr.yp.to/papers.html
\endref

\bib{preprint/bernstein-logfloor}
\by Daniel J. Bernstein
\paper Computing logarithm floors in essentially linear time
\url https://cr.yp.to/\allowbreak papers.html#\allowbreak logfloor
\id 97bbdc1ce6aff974c789eab21b9cfba1
\endref

\bib{preprint/bernstein-logagm}
\by Daniel J. Bernstein
\paper Computing logarithm intervals with the arithmetic-geometric-mean iteration
\url https://cr.yp.to/\allowbreak papers.html#\allowbreak logagm
\id 8f92b1e3ec7918d37b28b9efcee5e97f
\endref

\bib{preprint/bernstein-prime2004}
\by Daniel J. Bernstein
\paper Distinguishing prime numbers from composite numbers: the state of the art in 2004
\paperinfo submitted
\url https://cr.yp.to/\allowbreak papers.html#\allowbreak prime2004
\id d72f09ae5b05f41a53e2237c53f5f276
\endref

\bib{preprint/bernstein-dcba}
\by Daniel J. Bernstein
\paper Factoring into coprimes in essentially linear time
\paperinfo to appear
\jour Journal of Algorithms
\issn 0196--6774
\url https://cr.yp.to/papers.html
\id f32943f0bb67a9317d4021513f9eee5a
\endref

\bib{preprint/bernstein-zmult}
\by Daniel J. Bernstein
\paper Faster multiplication of integers
\paperinfo draft
\endref

\bib{preprint/bernstein-sqroot}
\by Daniel J. Bernstein
\paper Faster square roots in annoying finite fields
\paperinfo to be incorporated into author's {\it High-speed cryptography} book
\url https://cr.yp.to/papers.html#sqroot
\endref

\bib{preprint/bernstein-multapps}
\by Daniel J. Bernstein
\paper Fast multiplication and its applications
\paperinfo to appear in Buhler-Stevenhagen {\it Algorithmic number theory} book
\url http://\allowbreak cr.yp.to/papers.html#multapps
\id 8758803e61822d485d54251b27b1a20d
\endref

\bib{preprint/bernstein-hash127}
\by Daniel J. Bernstein
\paper Floating-point arithmetic and message authentication
\paperinfo to be incorporated into author's {\it High-speed cryptography} book
\url https://cr.yp.to/papers.html#hash127
\id dabadd3095644704c5cbe9690ea3738e
\endref

\bib{preprint/bernstein-sf}
\by Daniel J. Bernstein
\paper How to find small factors of integers
\paperinfo accepted to Mathematics of Computation; now being revamped
\url https://cr.yp.to/papers.html
\endref

\bib{preprint/bernstein-smoothparts}
\by Daniel J. Bernstein
\paper How to find smooth parts of integers
\paperinfo draft
\url https://cr.yp.to/papers.html#smoothparts
\id 201a045d5bb24f43f0bd0d97fcf5355a
\endref

\bib{preprint/bernstein-m3}
\by Daniel J. Bernstein
\paper Multidigit multiplication for mathematicians
\url https://cr.yp.to/papers.html
\endref

\bib{preprint/bernstein-pippenger}
\by Daniel J. Bernstein
\paper Pippenger's exponentiation algorithm
\paperinfo to be incorporated into author's {\it High-speed cryptography} book
\url https://cr.yp.to/papers.html
\endref

\bib{preprint/bernstein-aks}
\by Daniel J. Bernstein
\paper Proving primality after Agrawal-Kayal-Saxena
\url http://\allowbreak cr.yp.to/\allowbreak papers.html#aks
\endref

\bib{preprint/bernstein-quartic}
\by Daniel J. Bernstein
\paper Proving primality in essentially quartic random time
\paperinfo submitted
\url https://cr.yp.to/papers.html#quartic
\id 43f1d5199196c0593c1e8442af682180
\endref

\bib{preprint/bernstein-rwtight}
\by Daniel J. Bernstein
\paper Proving tight security for standard Rabin-Williams signatures
\paperinfo to be incorporated into author's {\it High-speed cryptography} book
\url https://cr.yp.to/papers.html#rwtight
\id c30057d690a8fb42af6a5172b5da9006
\endref

\bib{preprint/bernstein-smallheight}
\by Daniel J. Bernstein
\paper Reducing lattice bases to find small-height values of univariate polynomials
\paperinfo to appear in Buhler-Stevenhagen {\it Algorithmic number theory} book
\url https://cr.yp.to/papers.html#smallheight
\id 82f82c041b7e2bdce94a5e1f94511773
\endref

\bib{preprint/bernstein-fastnewton}
\by Daniel J. Bernstein
\paper Removing redundancy in high-precision Newton iteration
\paperinfo draft
\url https://cr.yp.to/papers.html#fastnewton
\id def7f1e35fb654671c6f767b16b93d50
\endref

\bib{preprint/bernstein-scaledmod}
\by Daniel J. Bernstein
\paper Scaled remainder trees
\paperinfo draft
\url https://cr.yp.to/papers.html#scaledmod
\id e2b8da026cf72d01d97e20cf2874f278
\endref

\bib{preprint/bernstein-abccong}
\by Daniel J. Bernstein
\paper Sharper ABC-based bounds for congruent polynomials
\jour Journal de Th\'eorie des Nombres de Bordeaux
\issn 1246--7405
\paperinfo to appear
\url https://cr.yp.to/papers.html#abccong
\id 1d9e079cee20138de8e119a99044baa3
\endref

\bib{preprint/bernstein-cachesieving}
\by Daniel J. Bernstein
\paper Sieving in cache
\paperinfo draft
\url https://cr.yp.to/papers.html#cachesieving
\endref

\bib{preprint/bernstein-securitywcs}
\by Daniel J. Bernstein
\paper Stronger security bounds for Wegman-Carter-Shoup authenticators
\url https://cr.yp.to/papers.html#securitywcs
\id 2d603727f69542f30f7da2832240c1ad
\endref

\bib{preprint/bernstein-c3}
\by Daniel J. Bernstein
\paper The complexity of complex convolution
\paperinfo draft
\endref

\bib{preprint/bernstein-meecrt}
\by Daniel J. Bernstein
\by Jonathan P. Sorenson
\paper Modular exponentiation via the explicit Chinese remainder theorem
\paperinfo submitted
\url https://cr.yp.to/papers.html#meecrt
\endref

\bib{2002/berrizbeitia}
\yr 2002
\by Pedro Berrizbeitia
\paper Sharpening {\it PRIMES is in P} for a large family of numbers
\url http://arxiv.org/abs/math.NT/0211334
\endref

\bib{1985/beth}
\yr 1985
\isbn 3--540--16076--0
\mr 86m:94003
\editor Thomas Beth
\editor Norbert Cot
\editor Ingemar Ingemarsson
\book Advances in cryptology: EUROCRYPT '84
\series Lecture Notes in Computer Science
\seriesvol 209
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2000/biehl-elliptic}
\yr 2000
\by Ingrid Biehl
\by Bernd Meyer
\by Volker M\"uller
\paper Differential fault attacks on elliptic curve cryptosystems (extended abstract)
\inbook \cite{2000/bellare-book}
\pages 131--146
\url http://lecturer.ukdw.ac.id/vmueller/publications.php
\endref

\bib{1997/bierbrauer}
\yr 1997
\mr 98d:94041
\by J\"urgen Bierbrauer
\paper Universal hashing and geometric codes
\jour Designs, Codes and Cryptography
\issn 0925--1022
\vol 11
\pages 207--221
\url http://www.math.mtu.edu/~jbierbra/
\endref

\bib{1998/bierbrauer}
\yr 1998
\mr 99c:94025
\by J\"urgen Bierbrauer
\paper Authentication via algebraic-geometric codes
\jour Rendiconti del Circolo Matematico di Palermo. Serie II. Supplemento
\vol 51
\pages 139--152
\url http://www.math.mtu.edu/~jbierbra/
\endref

\bib{1994/bierbrauer}
\yr 1994
\by J\"urgen Bierbrauer
\by Thomas Johansson
\by Gregory Kabatianskii
\by Ben Smeets
\paper On families of hash functions via geometric codes and concatenation
\inbook \cite{1994/stinson-book}
\pages 331--342
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/bierbrauer
\endref

\bib{1997/biham}
\yr 1997
\isbn 3--540--63247--6
\editor Eli Biham
\book Fast Software Encryption '97
\series Lecture Notes in Computer Science
\seriesvol 1267
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1994/bini}
\yr 1994
\isbn 0--8176--3786--9
\mr 95k:65003
\by Dario Bini
\by Victor Y. Pan
\book Polynomial and matrix computations, volume 1: fundamental algorithms
\publ Birkh\"auser
\publaddr Boston
\endref

\bib{1999/biryukov}
\yr 1999
\by Alex Biryukov
\by David Wagner
\paper Slide attacks
\inbook \cite{1999/knudsen}
\pages 245--259
\url http://www.cs.berkeley.edu/~daw/papers/
\endref

\bib{2004/black}
\yr 2004
\by John Black
\by Shai Halevi
\by Alejandro Hevia
\by Hugo Krawczyk
\by Ted Krovetz
\by Phillip Rogaway
\paper UMAC: message authentication code using universal hashing
\url http://www.cs.ucdavis.edu/~rogaway/umac/index.html
\endref

\bib{1999/black}
\yr 1999
\by John Black
\by Shai Halevi
\by Hugo Krawczyk
\by Ted Krovetz
\by Phillip Rogaway
\paper UMAC: fast and secure message authentication
\inbook \cite{1999/wiener}
\pages 216--233
\url http://www.cs.ucdavis.edu/~rogaway/umac/
\endref

\bib{1984/blake}
\yr 1984
\mr 86h:11109
\by Ian F. Blake
\by Ryoh Fuji-Hara
\by Ronald C. Mullin
\by Scott A. Vanstone
\paper Computing logarithms in finite fields of characteristic two
\jour SIAM Journal on Algebraic and Discrete Methods
\issn 0196--5212
\vol 5
\pages 276--285
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1984/blake
\endref

\bib{2000/blake}
\yr 2000
\isbn 0--521--65374--6
\mr 1 771 549
\by Ian F. Blake
\by Gadiel Seroussi
\by Nigel P. Smart
\book Elliptic curves in cryptography
\publ Cambridge University Press
\publaddr Cambridge
\endref

\bib{1985/blakley}
\yr 1985
\isbn 3--540--15658--5
\mr 86j:94003
\editor G. R. Blakley
\editor David Chaum
\book Advances in cryptology: CRYPTO '84
\series Lecture Notes in Computer Science
\seriesvol 196
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1996/bleichenbacher-thesis}
\yr 1996
\by Daniel Bleichenbacher
\book Efficiency and security of cryptosystems based on number theory
\phdthesis
\publ ETH Z\"urich
\url http://www.bell-labs.com/user/bleichen/diss/thesis.html
\endref

\bib{2004/bleichenbacher}
\yr 2004
\by Daniel Bleichenbacher
\paper Compressing Rabin signatures
\inbook \cite{2004/okamoto-ctrsa}
\pages 126--128
\endref

\bib{2000/bleichenbacher}
\yr 2000
\mr 2001b:94030
\by Daniel Bleichenbacher
\by Phong Q. Nguyen
\paper Noisy polynomial interpolation and noisy Chinese remaindering
\inbook \cite{2000/preneel}
\pages 53--69
\url http://www.di.ens.fr/~pnguyen/pub.html
\endref

\bib{2004/bloemer}
\yr 2004
\by Johannes Bloemer
\by Jorge Guajardo Merchan
\by Volker Krummel
\paper Provably secure masking of AES
\url http://eprint.iacr.org/2004/101/
\endref

\bib{1968/bluestein}
\yr 1968
\by Leo I. Bluestein
\paper A linear filtering approach to the computation of the discrete Fourier transform
\jour IEEE Northeast Electronics Research and Engineering Meeting
\vol 10
\pages 218--219
\endref

\bib{1970/bluestein}
\yr 1970
\by Leo I. Bluestein
\paper A linear filtering approach to the computation of discrete Fourier transform
\jour IEEE Transactions on Audio and Electroacoustics
\vol 18
\pages 451--455
\endref

\bib{1986/blum}
\yr 1986
\mr 87k:65007
\by Lenore Blum
\by Manuel Blum
\by Michael Shub
\paper A simple unpredictable pseudo-random number generator
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 15
\pages 364--383
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/blum
\endref

\bib{1984/blum}
\yr 1984
\mr 86a:68021
\by Manuel Blum
\by Silvio Micali
\paper How to generate cryptographically strong sequences of pseudorandom bits
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 13
\pages 850--864
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1984/blum
\endref

\bib{1995/bocharova}
\yr 1995
\mr 97m:94013
\by Irina E. Bocharova
\by Boris D. Kudryashov
\paper Fast exponentiation in cryptography
\inbook \cite{1995/cohen}
\pages 146--157
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1995/bocharova
\endref

\bib{1996/boender}
\yr 1996
\mr 97m:11155
\by Henk Boender
\by Herman J. J. te Riele
\paper Factoring integers with large-prime variations of the quadratic sieve
\jour Experimental Mathematics
\issn 1058--6458
\vol 5
\pages 257--273
\endref

\bib{1993/denboer}
\yr 1993
\by Bert den Boer
\paper A simple and key-economical unconditional authentication scheme
\jour Journal of Computer Security
\issn 0926--227X
\vol 2
\pages 65--71
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1993/denboer
\endref

\bib{2000/boneh-crt}
\yr 2000
\by Dan Boneh
\paper Finding smooth integers in short intervals using CRT decoding
\inbook \cite{2000/-stoc}
\pages 265--272
\seenewer \cite{2002/boneh-crt}
\endref

\bib{2002/boneh-crt}
\yr 2002
\mr 1 912 302
\by Dan Boneh
\paper Finding smooth integers in short intervals using CRT decoding
\jour Journal of Computer and System Sciences
\issn 0022--0000
\vol 64
\pages 768--784
\url http://crypto.stanford.edu/~dabo/abstracts/CRTdecode.html
\seeolder \cite{2000/boneh-crt}
\endref

\bib{2003/boneh-book}
\yr 2003
\isbn 3--540--40674--3
\mr 2005d:94151
\editor Dan Boneh
\book Advances in cryptology: CRYPTO 2003, 23rd annual international cryptology conference, Santa Barbara, California, USA, August 17--21, 2003, proceedings
\series Lecture Notes in Computer Science
\seriesvol 2729
\publ Springer
\publaddr Berlin
\endref

\bib{2000/boneh}
\yr 2000
\mr 2002g:94034
\by Dan Boneh
\by Glenn Durfee
\paper Cryptanalysis of RSA with private key $d$ less than $N^{0.292}$
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 46
\pages 1339--1349
\url http://theory.stanford.edu/~gdurf/publications.html
\endref

\bib{1999/boneh}
\yr 1999
\by Dan Boneh
\by Glenn Durfee
\by Nick Howgrave-Graham
\paper Factoring $N=p^r q$ for large $r$
\inbook \cite{1999/wiener}
\pages 326--337
\url http://crypto.stanford.edu/~dabo/abstracts/prq.html
\endref

\bib{1956/bordewijk}
\yr 1956
\mr 18:171b
\by J. L. Bordewijk
\paper Inter-reciprocity applied to electrical networks
\jour Applied Scientific Research B: Electrophysics, Acoustics, Optics, Mathematical Methods
\vol 6
\pages 1--74
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1956/bordewijk
\endref

\bib{1974/borodin}
\yr 1974
\mr 51:7365
\by Allan Borodin
\by Robert T. Moenck
\paper Fast modular transforms
\jour Journal of Computer and System Sciences
\issn 0022--0000
\vol 8
\pages 366--386
\also older version, not a subset, in \cite{1972/moenck}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1974/borodin
\endref

\bib{1975/borodin}
\yr 1975
\mr 57:8145
\by Allan Borodin
\by Ian Munro
\book The computational complexity of algebraic and numeric problems
\publ Elsevier
\publaddr New York
\endref

\bib{1987/borwein}
\yr 1987
\isbn 0--471--83138--7
\mr 89a:11134
\by Jonathan M. Borwein
\by Peter B. Borwein
\book Pi and the AGM
\publ Wiley
\publaddr New York
\endref

\bib{1988/borwein}
\yr 1988
\by Jonathan M. Borwein
\by Peter B. Borwein
\paper On the complexity of familiar functions and numbers
\jour SIAM Review
\issn 1095--7200
\vol 30
\pages 589--601
\endref

\bib{2000/borwein}
\yr 2000
\mr 2001h:11110
\by Jonathan M. Borwein
\by David M. Bradley
\by Richard E. Crandall
\paper Computational strategies for the Riemann zeta function
\jour Journal of Computational and Applied Mathematics
\issn 0377--0427
\vol 121
\pages 247--296
\url http://www.sciencedirect.com/science/article/B6TYH-4118GDF-F/1/64371ba75fa0e923ba6b231779fb0673
\endref

\bib{1990/bos}
\yr 1990
\by Jurjen Bos
\by Matthijs Coster
\paper Addition chain heuristics
\inbook \cite{1990/brassard-book}
\pages 400--407
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1990/bos
\endref

\bib{1985/bosma}
\yr 1985
\by Wieb Bosma
\paper Primality testing using elliptic curves
\paperinfo Technical Report 85--12
\publ Amsterdam
\endref

\bib{2000/bosma-book}
\yr 2000
\isbn 3--540--67695--3
\mr 2002d:11002
\editor Wieb Bosma
\book Algorithmic number theory: ANTS-IV
\series Lecture Notes in Computer Science
\seriesvol 1838
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1995/bosma-ecm}
\yr 1995
\mr 96d:11134
\by Wieb Bosma
\by Arjen K. Lenstra
\paper An implementation of the elliptic curve integer factorization method
\inbook \cite{1995/bosma-book}
\pages 119--136
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1995/bosma-ecm
\endref

\bib{1995/bosma-laws}
\yr 1995
\mr 96f:11079
\by Wieb Bosma
\by Hendrik W. Lenstra, Jr.
\paper Complete systems of two addition laws for elliptic curves
\jour Journal of Number Theory
\issn 0022--314X
\vol 53
\pages 229--240
\endref

\bib{1990/bosma-summary}
\yr 1990
\by Wieb Bosma
\by Marc-Paul van der Hulst
\paper Faster primality testing: extended abstract
\inbook \cite{1990/quisquater}
\pages 652--656
\endref

\bib{1990/bosma}
\yr 1990
\by Wieb Bosma
\by Marc-Paul van der Hulst
\book Primality proving with cyclotomy
\bookinfo Ph.D. thesis
\publ Universiteit van Amsterdam
\endref

\bib{1995/bosma-book}
\yr 1995
\isbn 0--7923--3501--5
\mr 96c:00019
\editor Wieb Bosma
\editor Alf J. van der Poorten
\book Computational algebra and number theory: CANT2
\publ Kluwer Academic Publishers
\publaddr Dordrecht
\endref

\bib{1997/bosselaers}
\yr 1997
\by Antoon Bosselaers
\paper Even faster hashing on the Pentium
\url http://www.esat.kuleuven.ac.be/~bosselae/publications.html
\endref

\bib{1994/bosselaers-library}
\yr 1994
\by Antoon Bosselaers
\by Ren\'e Govaerts
\by Joos Vandewalle
\paper A fast and flexible software library for large integer arithmetic
\inbook \cite{1994/macq}
\pages 82--89
\url http://www.esat.kuleuven.ac.be/~bosselae/publications.html
\endref

\bib{1994/bosselaers-reduction}
\yr 1994
\by Antoon Bosselaers
\by Ren\'e Govaerts
\by Joos Vandewalle
\paper Comparison of three modular reduction functions
\inbook \cite{1994/stinson-book}
\pages 175--186
\url http://www.esat.kuleuven.ac.be/~bosselae/publications.html
\endref

\bib{1996/bosselaers}
\yr 1996
\by Antoon Bosselaers
\by Ren\'e Govaerts
\by Joos Vandewalle
\paper Fast hashing on the Pentium
\inbook \cite{1996/koblitz}
\pages 298--312
\url http://www.esat.kuleuven.ac.be/~bosselae/publications.html
\endref

\bib{2004/bostan}
\yr 2004
\by Alin Bostan
\by Gr\'egoire Lecerf
\by Bruno Salvy
\by \'Eric Schost
\by Bernd Wiebelt
\paper Complexity issues in bivariate polynomial factorization
\inbook \cite{2004/gutierrez-issac}
\pages 42--49
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 2004/bostan
\endref

\bib{2003/bostan}
\yr 2003
\by Alin Bostan
\by Gr\'egoire Lecerf
\by \'Eric Schost
\paper Tellegen's principle into practice
\inbook \cite{2003/hong-issac}
\pages 37--44
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 2003/bostan
\endref

\bib{1989/boyar}
\yr 1989
\by Joan Boyar
\paper Inferring sequences produced by a linear congruential generator missing low-order bits
\jour Journal of Cryptology
\issn 0933--2790
\vol 1
\pages 177--184
\endref

\bib{2001/boyd-book}
\yr 2001
\isbn 3--540--42987--5
\mr 2003d:94001
\book Advances in cryptology---ASIACRYPT 2001: proceedings of the 7th international conference on the theory and application of cryptology and information security held on the Gold Coast, December 9--13, 2001
\editor Colin Boyd
\series Lecture Notes in Computer Science
\seriesvol 2248
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1983/brassard}
\yr 1983
\by Gilles Brassard
\paper On computationally secure authentication tags requiring short secret shared keys
\inbook \cite{1983/chaum}
\pages 79--86
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1983/brassard
\endref

\bib{1990/brassard-book}
\yr 1990
\isbn 0--387--97317--6
\mr 91b:94002
\editor Gilles Brassard
\book Advances in cryptology---CRYPTO '89
\series Lecture Notes in Computer Science
\seriesvol 435
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1988/brassard}
\yr 1988
\isbn 0--13--023243--2
\mr 90j:68002
\by Gilles Brassard
\by Paul Bratley
\book Algorithmics: theory and practice
\publ Prentice-Hall
\publaddr Englewood Cliffs, New Jersey
\endref

\bib{1939/brauer}
\yr 1939
\mr 1,40a
\by Alfred Brauer
\paper On addition chains
\jour Bulletin of the American Mathematical Society
\issn 0273--0979
\vol 45
\pages 736--739
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1939/brauer
\endref

\bib{1995/bremner}
\yr 1995
\mr 96g:11024
\by Andrew Bremner
\paper On sums of three cubes
\inbook \cite{1995/dilcher}
\pages 87--91
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1995/bremner
\endref

\bib{1969/brenner}
\yr 1969
\by Norman M. Brenner
\paper Fast Fourier transform of externally stored data
\jour IEEE Transactions on Audio and Electroacoustics
\vol 17
\pages 128--132
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1969/brenner
\endref

\bib{1970/brent-carry}
\yr 1970
\by Richard P. Brent
\paper On the addition of binary numbers
\jour IEEE Transactions on Computers
\issn 0018--9340
\vol 19
\pages 758--759
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1970/brent-carry
\endref

\bib{1973/brent}
\yr 1973
\mr 48:8360
\by Richard P. Brent
\paper The first occurrence of large gaps between successive primes
\jour Mathematics of Computation
\issn 0025--5718
\vol 27
\pages 959--963
\url http://web.comlab.ox.ac.uk/oucl/work/richard.brent/pub/pub019.html
\endref

\bib{1974/brent}
\yr 1974
\mr 58:31996
\by Richard P. Brent
\paper The parallel evaluation of general arithmetic expressions
\jour Journal of the ACM
\issn 0004--5411
\vol 21
\pages 201--206
\url http://web.comlab.ox.ac.uk/oucl/work/richard.brent/pub/pub022.html
\endref

\bib{1976/brent-elementary}
\yr 1976
\mr 52:16111
\by Richard P. Brent
\paper Fast multiple-precision evaluation of elementary functions
\jour Journal of the ACM
\issn 0004--5411
\vol 23
\pages 242--251
\url http://web.comlab.ox.ac.uk/oucl/work/richard.brent/pub/pub034.html
\endref

\bib{1976/brent-zero}
\yr 1976
\mr 54:11843
\by Richard P. Brent
\paper Multiple-precision zero-finding methods and the complexity of elementary function evaluation
\inbook \cite{1976/traub}
\pages 151--176
\url http://web.comlab.ox.ac.uk/oucl/work/richard.brent/pub/pub028.html
\endref

\bib{1976/brent-arithmetic}
\yr 1976
\by Richard P. Brent
\paper The complexity of multiple-precision arithmetic
\inbook \cite{1976/anderssen-book}
\url http://web.comlab.ox.ac.uk/oucl/work/richard.brent/pub/pub032.html
\pages 126--165
\endref

\bib{1980/brent-cycles}
\yr 1980
\mr 82a:10017
\by Richard P. Brent
\paper An improved Monte Carlo factorization algorithm
\jour BIT
\issn 0006--3835
\vol 20
\pages 176--184
\endref

\bib{1986/brent}
\yr 1986
\by Richard P. Brent
\paper Some integer factorization algorithms using elliptic curves
\jour Australian Computer Science Communications
\issn 0157--3055
\vol 8
\pages 149--163
\endref

\bib{1990/brent}
\yr 1990
\mr 91h:11148
\by Richard P. Brent
\paper Parallel algorithms for integer factorisation
\inbook \cite{1990/loxton}
\pages 26--37
\endref

\bib{1999/brent}
\yr 1999
\mr 99e:11154
\by Richard P. Brent
\paper Factorization of the tenth Fermat number
\jour Mathematics of Computation
\issn 0025--5718
\vol 68
\pages 429--451
\endref

\bib{1980/brent-gcd}
\yr 1980
\mr 82d:65033
\by Richard P. Brent
\by Fred G. Gustavson
\by David Y. Y. Yun
\paper Fast solution of Toeplitz systems of equations and computation of Pad\'e approximants
\jour Journal of Algorithms
\issn 0196--6774
\vol 1
\pages 259--295
\url http://web.comlab.ox.ac.uk/oucl/work/richard.brent/pub/pub059.html
\endref

\bib{1978/brent}
\yr 1978
\mr 58:25090
\by Richard P. Brent
\by H. T. Kung
\paper Fast algorithms for manipulating formal power series
\jour Journal of the ACM
\issn 0004--5411
\vol 25
\pages 581--595
\endref

\bib{1980/brent-gamma}
\yr 1980
\mr 82g:10002
\by Richard P. Brent
\by Edwin M. McMillan
\paper Some new algorithms for high-precision computation of Euler's constant
\jour Mathematics of Computation
\issn 0025--5718
\vol 34
\pages 305--312
\url http://web.comlab.ox.ac.uk/oucl/work/richard.brent/pub/pub049.html
\endref

\bib{1981/brent}
\yr 1981
\mr 83h:10014
\by Richard P. Brent
\by John M. Pollard
\paper Factorization of the eighth Fermat number
\jour Mathematics of Computation
\issn 0025--5718
\vol 36
\pages 627--630
\endref

\bib{1977/bresenham}
\yr 1977
\by Jack Bresenham
\paper A linear algorithm for incremental digital display of circular arcs
\jour Communications of the ACM
\issn 0001--0782
\vol 20
\pages 100--106
\endref

\bib{1989/bressoud}
\yr 1989
\isbn 0--387--97040--1
\mr 91e:11150
\by David M. Bressoud
\book Factorization and primality testing
\publ Springer-Verlag
\publaddr New York
\endref

\bib{1993/brickell-book}
\yr 1993
\isbn 3--540--57340--2, 0--387--57340--2
\mr 95b:94001
\editor Ernest F. Brickell
\book Advances in cryptology---CRYPTO '92: 12th annual international cryptology conference, Santa Barbara, California, USA, August 16--20, 1992, proceedings
\series Lecture Notes in Computer Science
\seriesvol 740
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1993/brickell-exp}
\yr 1993
\by Ernest F. Brickell
\by Daniel M. Gordon
\by Kevin S. McCurley
\by David B. Wilson
\paper Fast exponentiation with precomputation (extended abstract)
\inbook \cite{1993/rueppel}
\pages 200--207
\seenewer \cite{1995/brickell-exp}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1993/brickell-exp
\endref

\bib{1995/brickell-exp}
\yr 1995
\by Ernest F. Brickell
\by Daniel M. Gordon
\by Kevin S. McCurley
\by David B. Wilson
\paper Fast exponentiation with precomputation: algorithms and lower bounds
\url http://research.microsoft.com/~dbwilson/bgmw/
\seeolder \cite{1993/brickell-exp}
\endref

\bib{1983/brickell-logs}
\yr 1983
\by Ernest F. Brickell
\by J. H. Moore
\paper Some remarks on the Herlestam-Johannesson algorithm for computing logarithms over GF$(2^p)$
\inbook \cite{1983/chaum}
\pages 15--19
\endref

At the 1981 IEEE Symposium on Information Theory, T. Herlestam and R. Johannesson presented a heurestic [sic] method for computing logarithms over GF(2^p). They reported computing logarithms over GF(2^{31}) with surprisingly few iterations and claimed that the running time of their algorithm was polynomial in p.

\bib{1988/brigham}
\yr 1988
\isbn 0--13--307505--2
\by E. Oran Brigham
\book The fast Fourier transform and its applications
\publ Prentice-Hall
\publaddr Englewood Cliffs, New Jersey
\endref

\bib{1981/brillhart}
\yr 1981
\mr 84f:10009
\by John Brillhart
\paper Fermat's factoring method and its variants
\jour Congressus Numerantium
\issn 0384--9864
\vol 32
\pages 29--48
\endref

\bib{1975/brillhart}
\yr 1975
\mr 52:5546
\by John Brillhart
\by Derrick H. Lehmer
\by John L. Selfridge
\paper New primality criteria and factorizations of $2^m\pm 1$.
\jour Mathematics of computation
\issn 0025--5718
\vol 29
\pages 620--647
\endref

\bib{1994/bronson}
\yr 1994
\mr 95k:11165
\by Nathan D. Bronson
\by Duncan A. Buell
\paper Congruential sieves on FPGA computers
\inbook \cite{1994/gautschi}
\pages 547--551
\endref

\bib{1994/browkin}
\yr 1994
\mr 94g:11021
\by Jerzy Browkin
\by Juliusz Brzez\'inski
\paper Some remarks on the $abc$-conjecture
\jour Mathematics of Computation
\issn 0025--5718
\vol 62
\pages 931--939
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/browkin
\endref

\bib{1998/brownawell}
\yr 1998
\mr 98h:11092
\by W. Dale Brownawell
\paper Transcendence in positive characteristic
\inbook \cite{1998/murty}
\pages 317--332
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1998/brownawell
\endref

\bib{2000/brown-prime}
\yr 2000
\by Michael Brown
\by Darrel Hankerson
\by Julio L\'opez
\by Alfred Menezes
\paper Software implementation of the NIST elliptic curves over prime fields
\url http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-56.ps
\seenewer \cite{2001/brown-prime}
\endref

\bib{2001/brown-prime}
\yr 2001
\mr 1907102
\by Michael Brown
\by Darrel Hankerson
\by Julio L\'opez
\by Alfred Menezes
\paper Software implementation of the NIST elliptic curves over prime fields
\inbook \cite{2001/naccache-ctrsa}
\pages 250--265
\seeolder \cite{2000/brown-prime}
\endref

\bib{2003/brumley}
\yr 2003
\by David Brumley
\by Dan Boneh
\paper Remote timing attacks are practical
\url http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
\endref

\bib{1978/bruun}
\yr 1978
\by Georg Bruun
\paper $z$-transform DFT filters and FFTs
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 26
\pages 56--63
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1978/bruun
\endref

\bib{1990/buchmann}
\yr 1990
\mr 92g:11125
\by Johannes A. Buchmann
\paper A subexponential algorithm for the determination of class groups and regulators of algebraic number fields
\inbook \cite{1990/goldstein}
\pages 27--41
\endref

\bib{1991/buchmann}
\yr 1991
\mr 92m:11150
\by Johannes A. Buchmann
\by Stephan D\"ullmann
\paper A probabilistic class group and regulator algorithm and its implementation
\inbook \cite{1991/petho}
\pages 53--72
\endref

\bib{1999/buchmann-refinement}
\yr 1999
\mr 99e:11155
\by Johannes A. Buchmann
\by Friedrich Eisenbrand
\paper On factor refinement in number fields
\jour Mathematics of Computation
\issn 0025--5718
\vol 68
\pages 345--350
\url http://www.ams.org/journal-getitem?pii=S0025571899010236
\endref

\bib{1996/buchmann}
\yr 1996
\mr 97h:11140
\by Johannes A. Buchmann
\by Christine S. Hollinger
\paper On smooth ideals in number fields
\jour Journal of Number Theory
\issn 0022--314X
\vol 59
\pages 82--87
\endref

\bib{1999/buchmann}
\yr 1999
\mr 2000a:11177
\by Johannes A. Buchmann
\by Michael J. Jacobson, Jr.
\by Stefan Neis
\by Patrick Theobald
\by Damian Weber
\paper Sieving methods for class group computation
\inbook \cite{1999/matzat}
\pages 3--10
\endref

\bib{1994/buchmann-integers}
\yr 1994
\mr 96m:11092
\by Johannes A. Buchmann
\by Hendrik W. Lenstra, Jr.
\paper Approximating rings of integers in number fields
\jour Journal de Th\'eorie des Nombres de Bordeaux
\issn 1246--7405
\vol 6
\pages 221--260
\endref

\bib{1994/buchmann}
\yr 1994
\mr 95e:11132
\by Johannes A. Buchmann
\by J. Loho
\by Joerg Zayer
\paper An implementation of the general number field sieve (extended abstract)
\inbook \cite{1994/stinson-book}
\pages 159--165
\endref

Zayer and Loho, students of Buchmann, started another implementation in 1992.03 and finished the first version in 1993.01. They used it to factor a 134-digit special number (in about 3.5 10^15 cycles on an unspecified computer) and a 49-digit general number (in about 2% as much time).

The authors were aware of my previous work when they started theirs. They were aware of my previous 158-digit NFS factorization before they completed any NFS factorizations. They were aware of my previously published paper when they wrote this paper. Yet, incredibly, the authors of this paper failed to even mention my work.

\bib{1937/buchstab}
\yr 1937
\by Aleksandr A. Buchstab
\paper Asymptotic estimates of a general number theoretic function
\jour Matematicheski{\u\i} Sbornik
\issn 0368--8666
\vol 44
\pages 1239--1246
\endref

\bib{1949/buchstab}
\yr 1949
\mr 11,84b
\by Aleksandr A. Buchstab
\paper On those numbers in an arithmetic progression all prime factors of which are small in order of magnitude
\jour Doklady Akademii Nauk SSSR
\issn 0002--3264
\vol 67
\pages 5--8
\endref

\bib{2004/buell-ants6}
\yr 2004
\isbn 3--540--22156--5
\editor Duncan A. Buell
\book Algorithmic number theory: 6th international symposium, ANTS-VI, Burlington, VT, USA, June 2004, proceedings
\series Lecture Notes in Computer Science
\seriesvol 3076
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1998/buell}
\yr 1998
\mr 98g:11001
\editor Duncan A. Buell
\editor Jeremy T. Teitelbaum
\book Computational perspectives on number theory
\publ American Mathematical Society
\publaddr Providence
\endref

\bib{1997/buergisser}
\yr 1997
\isbn 3--540--60582--7
\mr 99c:68002
\by Peter B\"urgisser
\by Michael Clausen
\by Mohammed Amin Shokrollahi
\book Algebraic complexity theory
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1996/bugeaud}
\yr 1996
\by Yann Bugeaud
\by Michel Laurent
\paper Minoration effective de la distance $p$-adique entre puissances de nombres alg\'ebriques
\jour Journal of Number Theory
\issn 0022--314X
\vol 61
\pages 311--342
\url http://www-irma.u-strasbg.fr/~bugeaud/publi.html
\endref

\bib{1998/buhler}
\yr 1998
\isbn 3--540--64657--4
\mr 2000g:11002
\editor Joe P. Buhler
\book Algorithmic number theory: ANTS-III
\series Lecture Notes in Computer Science
\seriesvol 1423
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1993/buhler}
\yr 1993
\by Joe P. Buhler
\by Hendrik W. Lenstra, Jr.
\by Carl Pomerance
\paper Factoring integers with the number field sieve
\inbook \cite{1993/lenstra-book}
\pages 50--94
\endref

\bib{1998/burnikel}
\yr 1998
\by Christoph Burnikel
\by Joachim Ziegler
\book Fast recursive division
\bookinfo MPI research report I-98-1-022
\url http://data.mpi-sb.mpg.de/\allowbreak internet/reports.nsf/\allowbreak NumberView/\allowbreak 1998-1-022
\endref

\bib{1988/burrus}
\yr 1988
\by C. Sidney Burrus
\paper Unscrambling for fast DFT algorithms
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 36
\pages 1086--1087
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1988/burrus
\endref

\bib{1981/burrus}
\yr 1981
\by C. Sidney Burrus
\by Peter W. Eschenbacher
\paper An in-place, in-order prime factor FFT algorithm
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 29
\pages 806--817
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1981/burrus
\endref

\bib{1982/calmet}
\yr 1982
\isbn 3--540--11607--9
\mr 83k:68003
\editor Jacques Calmet
\book Computer algebra: EUROCAM '82
\series Lecture Notes in Computer Science
\seriesvol 144
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1986/calmet}
\yr 1986
\isbn 0387167765
\editor Jacques Calmet
\book Algebraic algorithms and error-correcting codes 3
\series Lecture Notes in Computer Science
\seriesvol 229
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1991/campbell}
\yr 1991
\by Larry Campbell
\paper Tenex hackery
\url http://groups-beta.google.com/group/alt.folklore.computers/msg/00d243bb0caa9f69?dmode=source
\endref

\bib{1982/canfield}
\yr 1982
\mr 85g:11082
\by E. Rodney Canfield
\paper The asymptotic behavior of the Dickman-de Bruijn function
\jour Congressus Numerantium
\issn 0384--9864
\vol 35
\pages 139--148
\endref

\bib{1983/canfield}
\yr 1983
\mr 85j:11012
\by E. Rodney Canfield
\by Paul Erd\H os
\by Carl Pomerance
\paper On a problem of Oppenheim concerning ``factorisatio numerorum''
\jour Journal of Number Theory
\issn 0022--314X
\vol 17
\pages 1--28
\endref

\bib{1989/cantor}
\yr 1989
\mr 90f:11100
\by David G. Cantor
\paper On arithmetical algorithms over finite fields
\jour Journal of Combinatorial Theory, Series A
\issn 0097--3165
\vol 50
\pages 285--300
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1989/cantor
\endref

\bib{1991/cantor}
\yr 1991
\mr 92i:68068
\by David G. Cantor
\by Erich Kaltofen
\paper On fast multiplication of polynomials over arbitrary algebras
\jour Acta Informatica
\issn 0001--5903
\vol 28
\pages 693--701
\url http://www.math.ncsu.edu/~kaltofen/bibliography/
\endref

\bib{1987/carlsson}
\yr 1987
\by Svante Carlsson
\paper Average-case results on heapsort
\jour BIT
\issn 0006--3835
\vol 27
\pages 2--17
\endref

\bib{1987/car}
\yr 1987
\mr 88g:11090
\by Mireille Car
\paper Th\'eor\`emes de densit\'e dans ${\bf F}_q[x]$
\jour Acta Arithmetica
\issn 0065--1036
\vol 48
\pages 145--165
\endref

\bib{1988/caron}
\yr 1988
\by T. R. Caron
\by Robert D. Silverman
\paper Parallel implementation of the quadratic sieve
\jour Journal of Supercomputing
\issn 0920--8542
\vol 1
\pages 273--290
\endref

\bib{1979/carter}
\yr 1979
\by J. Lawrence Carter
\by Mark N. Wegman
\paper Universal classes of hash functions
\jour Journal of Computer and System Sciences
\issn 0022--0000
\vol 18
\pages 143--154
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1979/carter
\endref

\bib{1985/caviness}
\yr 1985
\isbn 3--540--15984--3
\mr 87a:68007
\editor Bob F. Caviness
\book Proceedings of EUROCAL '85, volume 2
\series Lecture Notes in Computer Science
\seriesvol 204
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2003/atluri-acmccs}
\yr 2003
\by Vijay Atluri (program chair)
\by Trent Jaeger (program chair)
\book Proceedings of the 10th ACM conference on Computer and communications security
\isbn 1--58113--738--9
\publ ACM Press
\endref

\bib{1973/chamayou}
\yr 1973
\mr 49:1725
\by Jean-Marie-Fran\c cois Chamayou
\paper A probabilistic approach to a differential-difference equation arising in analytic number theory
\jour Mathematics of Computation
\issn 0025--5718
\vol 27
\pages 197--203
\endref

\bib{1967/chartres-310}
\yr 1967
\by B. A. Chartres
\paper Algorithm 310: prime number generator 1
\jour Communications of the ACM
\issn 0001--0782
\vol 10
\pages 569
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1967/chartres-310
\endref

\bib{1967/chartres-311}
\yr 1967
\by B. A. Chartres
\paper Algorithm 311: prime number generator 2
\jour Communications of the ACM
\issn 0001--0782
\vol 10
\pages 570
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1967/chartres-311
\endref

\bib{1995/chatterji}
\yr 1995
\isbn 3--7643--5153--5
\mr 97c:00049
\editor Srishti D. Chatterji
\book Proceedings of the International Congress of Mathematicians
\publ Birkhauser Verlag
\publaddr Basel
\endref

\bib{1984/chaum}
\yr 1984
\isbn 0--306--41637--9
\mr 86f:94001
\editor David Chaum
\book Advances in cryptology: Crypto 83
\publ Plenum Press
\publaddr New York
\endref

\bib{1983/chaum}
\yr 1983
\isbn 0--306--41366--3
\mr 84j:94004
\editor David Chaum
\editor Ronald L. Rivest
\editor Alan T. Sherman
\book Advances in cryptology: proceedings of Crypto 82
\publ Plenum Press
\publaddr New York
\endref

\bib{1990/cheer}
\yr 1990
\mr 90j:11091
\by Angela Y. Cheer
\by Daniel A. Goldston
\paper A differential delay equation arising from the sieve of Eratosthenes
\jour Mathematics of Computation
\issn 0025--5718
\vol 55
\pages 129--141
\endref

\bib{2003/cheng}
\yr 2003
\by Qi Cheng
\paper Primality proving via one round in ECPP and one iteration in AKS
\url http://www.cs.ou.edu/~qcheng/pub.html
\endref

\bib{2004/cheng-digits}
\yr 2004
\by Qi Cheng
\paper On the bounded sum-of-digits discrete logarithm problem in finite fields
\url http://www.cs.ou.edu/~qcheng/pub.html
\endref

\bib{2004/cheng-codes}
\yr 2004
\by Qi Cheng
\by Daqing Wan
\paper On the list and bounded distance decodibility of Reed-Solomon codes (extended abstract)
\url http://www.cs.ou.edu/~qcheng/pub.html
\endref

\bib{2002/chen-setuid}
\yr 2002
\by Hao Chen
\by David Wagner
\by Drew Dean
\paper Setuid Demystified
\url http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf
\endref

\bib{2000/chiou-luc}
\yr 2000
\by S. Y. Chiou
\by C. S. Laih
\paper An efficient algorithm for computing the Luc chain
\jour IEE Proceedings on Computers and Digital Techniques
\vol 147
\pages 263--265
\endref

\bib{1955/chowla}
\yr 1955
\mr 17,127l
\by Sarvadaman D. Chowla
\by William E. Briggs
\paper On the number of positive integers $\le x$ all of whose prime factors are $\le y$
\jour Proceedings of the American Mathematical Society
\issn 0002--9939
\vol 6
\pages 558--562
\endref

\bib{1947/chowla}
\yr 1947
\mr 9,332d
\by Sarvadaman D. Chowla
\by T. Vijayaraghavan
\paper On the largest prime divisors of numbers
\jour Journal of the Indian Mathematical Society
\issn 0019--5839
\vol 11
\pages 31--37
\endref

\bib{1986/chudnovsky}
\yr 1986
\mr 88h:11094
\by David V. Chudnovsky
\by Gregory V. Chudnovsky
\paper Sequences of numbers generated by addition in formal groups and new primality and factorization tests
\jour Advances in Applied Mathematics
\vol 7
\pages 385--434
\endref

\bib{1990/chudnovsky}
\yr 1990
\mr 92g:11122
\by David V. Chudnovsky
\by Gregory V. Chudnovsky
\paper Computer algebra in the service of mathematical physics and number theory
\inbook \cite{1990/chudnovsky-book}
\pages 109--232
\endref

\bib{1987/chudnovsky}
\yr 1987
\editor David V. Chudnovsky
\editor Gregory V. Chudnovsky
\editor Harvey Cohn
\editor Melvyn B. Nathanson
\book Number theory
\series Lecture Notes in Mathematics
\seriesvol 1240
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1990/chudnovsky-book}
\yr 1990
\isbn 0--8247--8341--7
\mr 91e:00020
\editor David V. Chudnovsky
\editor Richard D. Jenks
\book Computers in mathematics
\series Lecture Notes in Pure and Applied Mathematics
\seriesvol 125
\publ Marcel Dekker
\publaddr New York
\endref

\bib{1903/cipolla}
\yr 1903
\by Michele Cipolla
\paper Un metodo per la risoluzione della congruenza di secondo grado
\jour Rendiconto dell'Accademia delle Scienze Fisiche e Matematiche Napoli
\issn 0370--3568
\vol 9
\pages 154--163
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1903/cipolla
\endref

\bib{1989/clausen}
\yr 1989
\mr 91f:68081
\by Michael Clausen
\paper Fast generalized Fourier transforms
\jour Theoretical Computer Science
\issn 0304--3975
\vol 67
\pages 55--63
\endref

\bib{1996/clegg}
\yr 1996
\by Matthew Clegg
\by Jeffery Edmonds
\by Russell Impagliazzo
\paper Using the Groebner basis algorithm to find proofs of unsatisfiability
\url http://www.cs.yorku.ca/~jeff/research/
\endref

\bib{1967/cochran}
\yr 1967
\by William T. Cochran
\by James W. Cooley
\by David L. Favin
\by Howard D. Helms
\by Reginald A. Kaenel
\by William W. Lang
\by George C. Maling, Jr.
\by David E. Nelson
\by Charles M. Rader
\by Peter D. Welch
\paper What is the fast Fourier transform?
\jour IEEE Transactions on Audio and Electroacoustics
\vol 15
\pages 45--55
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1967/cochran
\endref

\bib{1995/cohen}
\yr 1995
\isbn 3--540--60114--7
\mr 97k:68003
\editor Girard Cohen
\editor Marc Giusti
\editor Teo Mora
\book Applied algebra, algebraic algorithms and error-correcting codes
\series Lecture Notes in Computer Science
\seriesvol 948
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1993/cohen}
\yr 1993
\isbn 3--5440--55640--0
\mr 94i:11105
\by Henri Cohen
\book A course in computational algebraic number theory
\series Graduate Texts in Mathematics
\seriesvol 138
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1996/cohen}
\yr 1996
\isbn 3--540--61581--4
\mr 97k:11001
\editor Henri Cohen
\book Algorithmic number theory: second international symposium, ANTS-II, Talence, France, May 18--23, 1996, proceedings
\series Lecture Notes in Computer Science
\seriesvol 1122
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2005/cohen-ehcc}
\yr 2005
\editor Henri Cohen
\editor Gerhard Frey
\book Handbook of elliptic and hyperelliptic curve cryptography
\publ CRC Press
\isbn 1--58488--518--1
\endref

\bib{1985/cohen}
\yr 1985
\mr 87a:11133
\by Henri Cohen
\by Arjen K. Lenstra
\book Implementation of a new primality test
\bookinfo CWI Reports CS R8505
\publ Stichting Mathematisch Centrum, Centrum voor Wiskunde en Informatica
\publaddr Amsterdam
\seenewer \cite{1987/cohen}
\endref

\bib{1987/cohen}
\yr 1987
\mr 88c:11080
\by Henri Cohen
\by Arjen K. Lenstra
\paper Implementation of a new primality test
\jour Mathematics of Computation
\issn 0025--5718
\vol 48
\pages 103--121
\seeolder \cite{1985/cohen}
\endref

\bib{1984/cohen}
\yr 1984
\mr 86g:11078
\by Henri Cohen
\by Hendrik W. Lenstra, Jr.
\paper Primality testing and Jacobi sums
\jour Mathematics of Computation
\issn 0025--5718
\vol 42
\pages 297--330
\endref

\bib{1989/cole}
\yr 1989
\mr 90k:68056
\by Richard Cole
\by Uzi Vishkin
\paper Faster optimal parallel prefix sums and list ranking
\jour Information and Computation
\issn 0890--5401
\vol 81
\pages 334--352
\endref

\bib{1974/collins}
\yr 1974
\by George E. Collins
\paper Quantifier elimination for real closed fields by cylindrical algebraic decomposition: preliminary report
\jour SIGSAM Bulletin
\issn 0163--5825
\vol 8
\pages 80--90
\endref

\bib{1994/conn}
\yr 1994
\mr 95g:11128
\by W. Conn
\by Leonid N. Vaserstein
\paper On sums of three integral cubes
\inbook \cite{1994/andrews}
\pages 285--294
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/conn
\endref

\bib{1997/contini}
\yr 1997
\by Scott P. Contini
\book Factoring integers with the self-initializing quadratic sieve
\mathesis
\publ University of Georgia
\endref

\bib{1966/cook}
\yr 1966
\by Stephen A. Cook
\book On the minimum computation time of functions
\phdthesis
\publ Department of Mathematics, Harvard University
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1966/cook
\endref

\bib{1967/cooley}
\yr 1967
\by James W. Cooley
\by Peter A. W. Lewis
\by Peter D. Welch
\paper Historical notes on the fast Fourier transform
\jour IEEE Transactions on Audio and Electroacoustics
\vol 15
\pages 76--79
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1967/cooley
\endref

\bib{1965/cooley}
\yr 1965
\mr 31:2843
\by James W. Cooley
\by John W. Tukey
\paper An algorithm for the machine calculation of complex Fourier series
\jour Mathematics of Computation
\issn 0025--5718
\vol 19
\pages 297--301
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1965/cooley
\endref

\bib{1984/coppersmith-ffs}
\yr 1984
\mr 85h:65041
\by Don Coppersmith
\paper Fast evaluation of logarithms in fields of characteristic two
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 30
\pages 587--594
\endref

\bib{1986/coppersmith-survey}
\yr 1986
\mr 88c:11078
\by Don Coppersmith
\paper Factoring and discrete logarithms
\jour Congressus Numerantium
\issn 0384--9864
\vol 54
\pages 213--216
\endref

\bib{1987/coppersmith}
\yr 1987
\mr 88c:94019
\by Don Coppersmith
\paper Cryptography
\jour IBM Journal of Research and Development
\issn 0018--8646
\vol 31
\pages 244--248
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1987/coppersmith
\endref

\bib{1990/coppersmith}
\yr 1990
\mr 90h:11024
\by Don Coppersmith
\paper Fermat's last theorem (case 1) and the Wieferich criterion
\jour Mathematics of Computation
\issn 0025--5718
\vol 54
\pages 895--902
\endref

\bib{1993/coppersmith-nfs}
\yr 1993
\mr 94h:11111
\by Don Coppersmith
\paper Modifications to the number field sieve
\jour Journal of Cryptology
\issn 0933--2790
\vol 6
\pages 169--180
\endref

\bib{1993/coppersmith-lanczos}
\yr 1993
\mr 94i:65044
\by Don Coppersmith
\paper Solving linear equations over GF(2): block Lanczos algorithm
\jour Linear Algebra and its Applications
\issn 0024--3795
\vol 192
\pages 33--60
\endref

\bib{1994/coppersmith-wiedemann}
\yr 1994
\mr 94c:11124
\by Don Coppersmith
\paper Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm
\jour Mathematics of Computation
\issn 0025--5718
\vol 62
\pages 333--350
\endref

\bib{1995/coppersmith-book}
\yr 1995
\isbn 3--540--60221--6
\editor Don Coppersmith
\book Advances in cryptology---CRYPTO '95
\series Lecture Notes in Computer Science
\seriesvol 963
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1996/coppersmith-2}
\yr 1996
\mr 97h:94009
\by Don Coppersmith
\paper Finding a small root of a bivariate integer equation; factoring with high bits known
\inbook \cite{1996/maurer}
\seenewer \cite{1997/coppersmith}
\pages 178--189
\endref

\bib{1996/coppersmith-1}
\yr 1996
\mr 97h:94008
\by Don Coppersmith
\paper Finding a small root of a univariate modular equation
\inbook \cite{1996/maurer}
\seenewer \cite{1997/coppersmith}
\pages 155--165
\endref

\bib{1997/coppersmith}
\yr 1997
\mr 99b:94027
\by Don Coppersmith
\paper Small solutions to polynomial equations, and low exponent RSA vulnerabilities
\jour Journal of Cryptology
\issn 0933--2790
\vol 10
\pages 233--260
\seeolder \cite{1996/coppersmith-1} and \cite{1996/coppersmith-2}
\endref

\bib{2001/coppersmith}
\yr 2001
\mr 2003f:11034
\by Don Coppersmith
\paper Finding small solutions to small degree polynomials
\inbook \cite{2001/silverman}
\pages 20--31
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 2001/coppersmith
\endref

\bib{1985/coppersmith-2127}
\yr 1985
\mr 87b:11125
\by Don Coppersmith
\by James H. Davenport
\paper An application of factoring
\jour Journal of Symbolic Computation
\issn 0747--7171
\vol 1
\pages 241--243
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1985/coppersmith-2127
\endref

\bib{2004/coppersmith}
\yr 2004
\by Don Coppersmith
\by Nick Howgrave-Graham
\by S. V. Nagaraj
\paper Divisors in residue classes, constructively
\url http://eprint.iacr.org/2004/339
\endref

\bib{1986/coppersmith}
\yr 1986
\mr 87g:11167
\by Don Coppersmith
\by Andrew M. Odlyzko
\by Richard Schroeppel
\paper Discrete logarithms in GF$(p)$
\jour Algorithmica
\issn 0178--4617
\vol 1
\pages 1--15
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/coppersmith
\endref

\bib{2000/coron-fdh}
\yr 2000
\mr 2002e:94109
\by Jean-S\'ebastien Coron
\paper On the exact security of Full Domain Hash
\inbook \cite{2000/bellare-book}
\pages 229--235
\url http://www.eleves.ens.fr/\allowbreak home/\allowbreak coron/\allowbreak publications/\allowbreak publications.html
\endref

\bib{2002/coron-pss}
\yr 2002
\by Jean-S\'ebastien Coron
\paper Optimal security proofs for PSS and other signature schemes
\inbook \cite{2002/knudsen-book}
\pages 272--287
\url http://www.eleves.ens.fr/\allowbreak home/\allowbreak coron/\allowbreak publications/\allowbreak publications.html
\endref

\bib{2002/coron-pdh}
\yr 2002
\by Jean-S\'ebastien Coron
\paper Security proof for partial-domain hash signature schemes
\inbook \cite{2002/yung-book}
\pages 613--626
\url http://www.gemplus.com/\allowbreak smart/\allowbreak r_d/\allowbreak publications/
\endref

\bib{1993/couveignes}
\yr 1993
\by Jean-Marc Couveignes
\paper Computing a square root for the number field sieve
\inbook \cite{1993/lenstra-book}
\pages 95--102
\endref

\bib{1996/couveignes}
\yr 1996
\by Jean-Marc Couveignes
\paper Computing $\ell$-isogenies using the $p$-torsion
\inbook \cite{1996/cohen}
\pages 59--65
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1996/couveignes
\endref

\bib{1996/cowie}
\yr 1996
\by James Cowie
\by Bruce Dodson
\by R.-Marije Elkenbracht-Huizing
\by Arjen K. Lenstra
\by Peter L. Montgomery
\by Joerg Zayer
\paper A World Wide number field sieve factoring record: on to 512 bits
\inbook \cite{1996/kim}
\pages 382--394
\endref

\bib{1985/cozzens}
\yr 1985
\mr 86k:94005
\by John H. Cozzens
\by Larry A. Finkelstein
\paper Computing the discrete Fourier transform using residue number systems in a ring of algebraic integers
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 31
\pages 580--588
\endref

\bib{1994/crandall}
\yr 1994
\mr 94c:11123
\by Richard Crandall
\by Barry Fagin
\paper Discrete weighted transforms and large-integer arithmetic
\jour Mathematics of Computation
\issn 0025--5718
\vol 62
\pages 305--324
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/crandall
\endref

\bib{2001/crandall-book}
\yr 2001
\isbn 0--387--94777--9
\mr 2002a:11007
\by Richard Crandall
\by Carl Pomerance
\book Prime numbers. A computational perspective
\publ Springer-Verlag
\publaddr New York
\endref

\bib{1986/creutzburg}
\yr 1986
\by R. Creutzburg
\by M. Tasche
\paper Number-theoretic transforms of prescribed length
\jour Mathematics of Computation
\issn 0025--5718
\vol 47
\pages 693--701
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/creutzburg
\endref

\bib{1999/daemen}
\yr 1999
\by Joan Daemen
\by Vincent Rijmen
\paper Resistance against implementation attacks: a comparative study of the AES proposals
\url http://csrc.nist.gov/CryptoToolkit/aes/round1/pubcmnts.htm
\endref

\bib{2002/daemen}
\yr 2002
\mr 1986943
\by Joan Daemen
\by Vincent Rijmen
\book The design of Rijndael: AES---the advanced encryption standard
\publ Springer-Verlag
\isbn 3--540--42580--2
\endref

\bib{1991/damgard}
\yr 1991
\isbn 3--540--53587--X
\editor Ivan B. Damg\aa rd
\book Advances in cryptology: EUROCRYPT '90
\series Lecture Notes in Computer Science
\seriesvol 473
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2003/damgard}
\yr 2003
\by Ivan B. Damg\aa rd
\by Gudmund Skovbjerg Frandsen
\paper An extended quadratic Frobenius primality test with average and worst case error estimates
\url http://www.brics.dk/RS/03/9/index.html
\endref

\bib{1970/danielsson}
\yr 1970
\by Per E. Danielsson
\paper Incremental curve generation
\jour IEEE Transactions on Computers
\issn 0018--9340
\vol 19
\pages 783--793
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1970/danielsson
\endref

\bib{1995/darmon}
\yr 1995
\mr 96e:11042
\by Henri Darmon
\by Andrew Granville
\paper On the equations $z^m=F(x,y)$ and $Ax^p+By^q=Cz^r$
\jour Bulletin of the London Mathematical Society
\issn 0024--6093
\vol 27
\pages 513--543
\url http://www.math.mcgill.ca/~darmon/pub/pub.html
\endref

\bib{1997/darnell}
\yr 1997
\isbn 3--540--63927--6
\mr 99g:94019
\editor Michael Darnell
\book Cryptography and coding: proceedings of the 6th IMA International Conference held at the Royal Agricultural College, Cirencester, December 17--19, 1997
\series Lecture Notes in Computer Science
\seriesvol 1355
\publ Springer-Verlag
\endref

\bib{1992/david}
\yr 1992
\isbn 0--8176--3622--6
\mr 98d:11006
\editor Sinnou David
\book S\'eminaire de Th\'eorie des Nombres, Paris, 1989--90
\series Progress in Mathematics
\seriesvol 102
\publ Birkh\"auser
\publaddr Boston
\endref

\bib{1991/davies}
\yr 1991
\isbn 3--540--54620--0
\mr 94b:94003
\by Donald W. Davies
\book Advances in cryptology---EUROCRYPT '91: proceedings of the workshop on the theory and application of cryptographic techniques held in Brighton, April 8--11, 1991
\series Lecture Notes in Computer Science
\seriesvol 547
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1984/davis}
\yr 1984
\mr 86j:11128
\by James A. Davis
\by Diane B. Holdridge
\paper Factorization using the quadratic sieve algorithm
\inbook \cite{1984/chaum}
\pages 103--113
\endref

\bib{1985/davis-2}
\yr 1985
\mr 86f:11098
\by James A. Davis
\by Diane B. Holdridge
\paper New results on integer factorizations
\jour Congressus Numerantium
\issn 0384--9864
\vol 46
\pages 65--78
\endref

\bib{1988/davis}
\yr 1988
\mr 90b:11139
\by James A. Davis
\by Diane B. Holdridge
\paper Factorization of large integers on a massively parallel computer
\inbook \cite{1988/guenther}
\pages 235--243
\endref

\bib{1985/davis-1}
\yr 1985
\mr 87f:11105
\by James A. Davis
\by Diane B. Holdridge
\by Gustavus J. Simmons
\paper Status report on factoring (at the Sandia National Laboratories)
\inbook \cite{1985/beth}
\pages 183--215
\endref

\bib{1951/debruijn-1}
\yr 1951
\mr 13,724e
\by Nicolaas G. de Bruijn
\paper On the number of positive integers $\le x$ and free of prime factors $>y$
\jour Indagationes Mathematicae
\issn 0019--3577
\vol 13
\pages 50--60
\endref

\bib{1951/debruijn-2}
\yr 1951
\mr 13,326f
\by Nicolaas G. de Bruijn
\paper The asymptotic behaviour of a function occurring in the theory of primes
\jour Journal of the Indian Mathematical Society
\issn 0019--5839
\vol 15
\pages 25--32
\endref

\bib{1966/debruijn}
\yr 1966
\mr 34:5770
\by Nicolaas G. de Bruijn
\paper On the number of positive integers $\le x$ and free of prime factors $>y$. II
\jour Indagationes Mathematicae
\issn 0019--3577
\vol 28
\pages 239--247
\endref

\bib{2005/decanniere}
\yr 2005
\by Christophe De Canni\`ere
\by Joseph Lano
\by Bart Preneel
\paper Comments on the rediscovery of time memory data tradeoffs
\url http://www.ecrypt.eu.org/stream/
\endref

\bib{1971/dekker}
\yr 1971
\mr 45:8056
\by Theodorus J. Dekker
\paper A floating-point technique for extending the available precision
\jour Numerische Mathematik
\issn 0029--599X
\vol 18
\pages 224--242
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1971/dekker
\endref

\bib{1979/dekoninck}
\yr 1979
\mr 81k:10065
\by Jean-Marie De Koninck
\by Douglas Hensley
\paper Sums taken over $n\le x$ with prime factors $\le y$ of $z^{\Omega(n)}$, and their derivatives with respect to $z$
\jour Journal of the Indian Mathematical Society
\issn 0019--5839
\vol 42
\pages 353--365
\endref

\bib{1996/deleglise}
\yr 1996
\mr 96d:11139
\by Marc Del\'eglise
\by Jo\"el Rivat
\paper Computing $\pi(x)$: the Meissel, Lehmer, Lagarias, Miller, Odlyzko method
\jour Mathematics of Computation
\issn 0025--5718
\vol 65
\pages 235--245
\url http://www.ams.org/jourcgi/jour-getitem?pii=S0025571896006746
\endref

\bib{1985/delladora}
\yr 1985
\by Jean Della Dora
\by Claire DiCrescenzo
\by Dominique Duval
\paper About a new method for computing in algebraic number fields
\inbook \cite{1985/caviness}
\pages 289--290
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1985/delladora
\endref

\bib{1984/demillo-stoc}
\yr 1984
\isbn 0--89791--133--4
\mr 87g:68005
\editor Richard A. DeMillo
\book Proceedings of the sixteenth annual ACM symposium on theory of computing. Held in Washington, D.C., April 30--May 2, 1984
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1978/demillo}
\yr 1978
\isbn 0--12--210350--5
\editor Richard A. DeMillo
\editor David P. Dobkin
\editor Anita K. Jones
\editor Richard J. Lipton
\book Foundations of secure computation
\publ Academic Press
\publaddr New York
\endref

\bib{1994/denny}
\yr 1994
\mr 95d:11170
\by Thomas F. Denny
\by Bruce Dodson
\by Arjen K. Lenstra
\by Mark S. Manasse
\paper On the factorization of RSA-120
\inbook \cite{1994/stinson-book}
\pages 166--174
\endref

\bib{1996/denny}
\yr 1996
\mr 98k:11184
\by Thomas F. Denny
\by Volker Mueller
\paper On the reduction of composed relations from the number field sieve
\inbook \cite{1996/cohen}
\pages 75--90
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1996/denny
\endref

\bib{1995/derooij}
\yr 1995
\mr 1 479 665
\by Peter de Rooij
\paper Efficient exponentiation using precomputation and vector addition chains
\inbook \cite{1995/desantis}
\pages 389--399
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1995/derooij
\endref

\bib{1995/desantis}
\yr 1995
\isbn 3--540--60176--7
\mr 98h:94001
\editor Alfredo De Santis
\book Advances in cryptology: EUROCRYPT '94
\series Lecture Notes in Computer Science
\seriesvol 950
\publ Springer
\publaddr Berlin
\endref

\bib{1986/desmedt}
\yr 1986
\by Yvo Desmedt
\paper Unconditionally secure authentication schemes and practical and theoretical consequences
\inbook \cite{1986/williams}
\pages 42--55
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/desmedt
\endref

\bib{1994/desmedt}
\yr 1994
\editor Yvo Desmedt
\book Advances in cryptology---CRYPTO '94
\series Lecture Notes in Computer Science
\seriesvol 839
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2003/desmedt-pkc2003}
\yr 2003
\isbn 3--540--00324--X
\by Yvo Desmedt
\book Public Key Cryptography---PKC 2003, 6th international workshop on theory and practice in public key cryptography, Miami, FL, USA, January 6--8, 2003, proceedings
\series Lecture Notes in Computer Science
\seriesvol 2567
\publ Springer
\publaddr Berlin
\endref

\bib{1930/dickman}
\yr 1930
\by K. Dickman
\paper On the frequency of numbers containing primes of a certain relative magnitude
\jour Arkiv f\"or Matematik, Astronomi och Fysik
\issn 0365--4133
\vol 22
\pages 1--14
\endref

\bib{2003/diem-ghs}
\yr 2003
\mr 2004a:14030
\by Claus Diem
\paper The GHS attack in odd characteristic
\jour Journal of the Ramanujan Mathematical Society
\vol 18
\pages 1--32
\url http://www.math.uni-leipzig.de/~diem/preprints
\endref

\bib{1988/diffie}
\yr 1988
\by Whitfield Diffie
\paper The first ten years of public-key cryptography
\jour Proceedings of the IEEE
\issn 0018--9219
\vol 76
\pages 560--577
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1988/diffie
\endref

\bib{1976/diffie}
\yr 1976
\mr 55:10141
\by Whitfield Diffie
\by Martin Hellman
\paper New directions in cryptography
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 22
\pages 644--654
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1976/diffie
\endref

\bib{2002/diks}
\yr 2002
\editor Krzysztof Diks
\editor Wojciech Ritter
\book Mathematical foundations of computer science 2002: 27th international symposium, MFCS 2002, Warsaw, Poland, 26--30.08.2002: proceedings
\series Lecture Notes in Computer Science
\seriesvol 2420
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1995/dilcher}
\yr 1995
\isbn 0--8218--0312--3
\mr 96c:11003
\editor Karl Dilcher
\book Number theory: Proceedings of the Fourth Conference of the Canadian Number Theory Association held at Dalhousie University, Halifax, Nova Scotia, July 2--8, 1994
\series CMS Conference Proceedings
\seriesvol 15
\publ American Mathematical Society
\publaddr Providence
\endref

\bib{1981/dixon}
\yr 1981
\mr 82a:10010
\by John D. Dixon
\paper Asymptotically fast factorization of integers
\jour Mathematics of Computation
\issn 0025--5718
\vol 36
\pages 255--260
\endref

\bib{1982/dixon}
\yr 1982
\mr 83m:65025
\by John D. Dixon
\paper Exact solution of linear equations using $p$-adic expansions
\jour Numerische Mathematik
\issn 0029--599X
\vol 40
\pages 137--141
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1982/dixon
\endref

\bib{1996/dobbertin}
\yr 1996
\by Hans Dobbertin
\paper Cryptanalysis of MD5 compress
\url http://www.cs.ucsd.edu/users/bsy/dobbertin.ps
\endref

\bib{2005/doche-ehcc13}
\yr 2005
\mr 2162729
\by Christophe Doche
\by Tanja Lange
\paper Arithmetic of elliptic curves
\inbook \cite{2005/cohen-ehcc}
\pages 267--302
\endref

\bib{2005/doche-ehcc15}
\yr 2005
\mr 2162731
\by Christophe Doche
\by Tanja Lange
\paper Arithmetic of special curves
\inbook \cite{2005/cohen-ehcc}
\pages 355--387
\endref

\bib{1995/dodson}
\yr 1995
\mr 98d:11156
\by Bruce Dodson
\by Arjen K. Lenstra
\paper NFS with four large primes: an explosive experiment
\inbook \cite{1995/coppersmith-book}
\pages 372--385
\endref

\bib{1962/dorn}
\yr 1962
\by W. S. Dorn
\paper Generalizations of Horner's rule for polynomial evaluation
\jour IBM Journal of Research and Development
\issn 0018--8646
\vol 6
\pages 239--245
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1962/dorn
\endref

\bib{1981/downey}
\yr 1981
\mr 82h:68064
\by Peter Downey
\by Benton Leong
\by Ravi Sethi
\paper Computing sequences with addition chains
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 10
\pages 638--646
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1981/downey
\endref

\bib{1978/dubois}
\yr 1978
\by Eric Dubois
\by Anastasios N. Venetsanopoulos
\paper A new algorithm for the radix-$3$ FFT
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 26
\pages 222--225
\endref

\bib{1986/duhamel}
\yr 1986
\mr 87e:94006
\by Pierre Duhamel
\paper Implementation of ``split-radix'' FFT algorithms for complex, real, and real-symmetric data
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 34
\pages 285--295
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/duhamel
\endref

\bib{1984/duhamel}
\yr 1984
\by Pierre Duhamel
\by H. Hollmann
\paper Split-radix FFT algorithm
\jour Electronics Letters
\issn 0013--5194
\vol 20
\pages 14--16
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1984/duhamel
\endref

\bib{1990/duhamel}
\yr 1990
\mr 91a:94004
\by Pierre Duhamel
\by Martin Vetterli
\paper Fast Fourier transforms: a tutorial review and a state of the art
\jour Signal Processing
\issn 0165--1684
\vol 19
\pages 259--299
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1990/duhamel
\endref

\bib{1996/dunten}
\yr 1996
\mr 97g:11141
\by Brian Dunten
\by Julie Jones
\by Jonathan Sorenson
\paper A space-efficient fast prime number sieve
\jour Information Processing Letters
\issn 0020--0190
\vol 59
\pages 79--84
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1996/dunten
\endref

\bib{2000/durfee}
\yr 2000
\mr 2002h:94052
\by Glenn Durfee
\by Phong Q. Nguyen
\paper Cryptanalysis of the RSA schemes with short secret exponent from Asiacrypt '99
\inbook \cite{2000/okamoto}
\pages 14--29
\url http://theory.stanford.edu/~gdurf/publications.html
\endref

\bib{1998/eikenberry}
\yr 1998
\by Shauna M. Meyer Eikenberry
\by Jonathan P. Sorenson
\paper Efficient algorithms for computing the Jacobi symbol
\jour Journal of Symbolic Computation
\issn 0747--7171
\vol 26
\pages 509--523
\endref

\bib{1996/ekl}
\yr 1996
\mr 97a:11050
\by Randy L. Ekl
\paper Equal sums of four seventh powers
\jour Mathematics of Computation
\issn 0025--5718
\vol 65
\pages 1755--1756
\endref

\bib{1998/ekl}
\yr 1998
\mr 98m:11023
\by Randy L. Ekl
\paper New results in equal sums of like powers
\jour Mathematics of Computation
\issn 0025--5718
\vol 67
\pages 1309--1315
\endref

\bib{1984/elgamal-log-draft}
\yr 1984
\mr 86j:11129
\by Taher ElGamal
\paper A subexponential-time algorithm for computing discrete logarithms over GF$(p^2)$
\inbook \cite{1984/chaum}
\pages 275--292
\seenewer \cite{1985/elgamal-log}
\endref

\bib{1985/elgamal-sigs-draft}
\yr 1985
\mr 87b:94037
\by Taher ElGamal
\paper A public key cryptosystem and a signature scheme based on discrete logarithms
\inbook \cite{1985/blakley}
\pages 10--18
\seenewer \cite{1985/elgamal-sigs}
\endref

\bib{1985/elgamal-sigs}
\yr 1985
\mr 86j:94045
\by Taher ElGamal
\paper A public key cryptosystem and a signature scheme based on discrete logarithms
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 31
\pages 469--472
\seeolder \cite{1985/elgamal-sigs-draft}
\endref

\bib{1985/elgamal-log}
\yr 1985
\mr 86j:11130
\by Taher ElGamal
\paper A subexponential-time algorithm for computing discrete logarithms over GF$(p^2)$
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 31
\pages 473--481
\seeolder \cite{1984/elgamal-log-draft}
\endref

\bib{1986/elgamal-logs}
\yr 1986
\mr 87k:11143
\by Taher ElGamal
\paper On computing logarithms over finite fields
\inbook \cite{1986/williams}
\pages 396--402
\endref

\bib{1996/elkenbracht-3}
\yr 1996
\mr 98g:11142
\by R.-Marije Elkenbracht-Huizing
\paper A multiple polynomial general number field sieve
\inbook \cite{1996/cohen}
\pages 99--114
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1996/elkenbracht-3
\endref

\bib{1996/elkenbracht-2}
\yr 1996
\mr 98a:11182
\by R.-Marije Elkenbracht-Huizing
\paper An implementation of the number field sieve
\jour Experimental Mathematics
\issn 1058--6458
\vol 5
\pages 231--253
\endref

\bib{1996/elkenbracht-1}
\yr 1996
\mr 97i:11121
\by R.-Marije Elkenbracht-Huizing
\paper Historical background of the number field sieve factoring method
\jour Nieuw Archief voor Wiskunde Series 4
\issn 0028--9825
\vol 14
\pages 375--389
\endref

\bib{1997/elkenbracht}
\yr 1997
\by R.-Marije Elkenbracht-Huizing
\book Factoring integers with the number field sieve
\phdthesis
\publ University of Leiden
\endref

\bib{1996/elkenbracht-4}
\yr 1996
\mr 2000e:11157
\by R.-Marije Elkenbracht-Huizing
\by Peter L. Montgomery
\by Robert D. Silverman
\by R. K. Wackerbarth
\by Samuel S. Wagstaff, Jr.
\paper The number field sieve on many computers
\inbook \cite{1999/gupta}
\pages 81--85
\endref

\bib{1988/elkies}
\yr 1988
\mr 89h:11012
\by Noam D. Elkies
\paper On $A^4+B^4+C^4=D^4$
\jour Mathematics of Computation
\issn 0025--5718
\vol 51
\pages 825--835
\endref

\bib{1969/ennola}
\yr 1969
\mr 39:5492
\by Veikko Ennola
\paper On numbers with small prime divisors
\jour Annales Academiae Scientiarum Fennicae Series A I
\issn 1239--629X
\vol 440
\endref

\bib{1960/erdos}
\yr 1960
\mr 22:12085
\by Paul Erd\H os
\paper Remarks on number theory III: On addition chains
\jour Acta Arithmetica
\issn 0065--1036
\vol 6
\pages 77--81
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1960/erdos
\endref

\bib{1966/erdos}
\yr 1966
\mr 35:2836
\by Paul Erd\H os
\by Jack H. van Lint
\paper On the number of positive integers $\le x$ and free of prime factors $>y$
\jour Simon Stevin
\issn 0037--5454
\vol 40
\pages 73--76
\endref

\bib{1960/estrin}
\yr 1960
\by Gerald Estrin
\paper Organization of computer systems---the fixed plus variable structure computer
\inbook \cite{1960/-afips-17}
\pages 33--40
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1960/estrin
\endref

\bib{1761/euler}
\yr 1761
\by Leonhard Euler
\paper Observationes de Comparatione Arcuum Curvarum Irrectificabilium
\jour Novi commentarii scientiarum Petropolitanae
\vol 6
\pages 58--84
\also Enestr\"om 252
\url http://math.dartmouth.edu/~euler/pages/E252.html
\endref

\bib{1987/evans}
\yr 1987
\mr 88g:11093
\by David M. W. Evans
\paper An improved digit-reversal permutation algorithm for the fast Fourier and Hartley transforms
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 35
\pages 1120--1125
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1987/evans
\endref

\bib{1989/evans}
\yr 1989
\by David M. W. Evans
\paper A second improved digit-reversal permutation algorithm for fast transforms
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 37
\pages 1288--1291
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1989/evans
\endref

\bib{1981/even}
\yr 1981
\editor Shimon Even
\editor Oded Kariv
\book Automata, langauges and programming
\series Lecture Notes in Computer Science
\seriesvol 115
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1967/fainleb}
\yr 1967
\mr 46:5265
\by A. S. Fa\u\i nle\u\i b
\paper The estimate from below of the quantity of numbers with small prime divisors
\jour Doklady Akademii Nauk UzSSR
\issn 0134--4307
\pages 3--5
\endref

\bib{1975/faltin}
\yr 1975
\mr 52:362
\by F. Faltin
\by Nick Metropolis
\by Bertram Ross
\by Gian-Carlo Rota
\paper The real numbers as a wreath product
\jour Advances in Mathematics
\issn 0001--8708
\vol 16
\pages 278--304
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1975/faltin
\endref

\bib{1992/feigenbaum}
\yr 1992
\isbn 3--540--55188--3
\editor Joan Feigenbaum
\book Advances in cryptology---CRYPTO '91
\series Lecture Notes in Computer Science
\seriesvol 576
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1992/fellows}
\yr 1992
\mr 93e:68032
\by Michael R. Fellows
\by Neal Koblitz
\paper Self-witnessing polynomial-time complexity and prime factorization
\jour Designs, Codes and Cryptography
\issn 0925--1022
\vol 2
\pages 231--235
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1992/fellows
\endref

\bib{1992/ferguson}
\yr 1992
\by David E. Ferguson
\paper Bit-Tree: a data structure for fast file processing
\jour Communications of the ACM
\issn 0001--0782
\vol 35
\pages 114--120
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1992/ferguson
\endref

\bib{2003/ferguson-practical}
\yr 2003
\by Niels Ferguson
\by Bruce Schneier
\book Practical cryptography
\publ Wiley
\isbn 0471223573
\endref

\bib{2003/ferguson}
\yr 2003
\by Niels Ferguson
\by Doug Whiting
\by Bruce Schneier
\by John Kelsey
\by Stefan Lucks
\by Tadayoshi Kohno
\paper Helix: fast encryption and authentication in a single cryptographic primitive
\inbook \cite{2003/johansson-fse}
\pages 330--346
\url http://www.macfergus.com/helix/
\endref

\bib{1982/ferguson}
\yr 1982
\mr 84b:65138
\by Warren E. Ferguson Jr.
\paper A simple derivation of Glassman's general $N$ fast Fourier transform
\jour Computers \& Mathematics with Applications
\issn 0898--1221
\vol 8
\pages 401--411
\endref

\bib{1991/ferre}
\yr 1991
\by Ricardo Ferr\'e
\paper Discrete convolution with modulo operations
\jour Applied Mathematics Letters
\issn 0893--9659
\vol 4
\pages 13--17
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1991/ferre
\endref

\bib{1987/fiat}
\yr 1987
\mr 88m:94023
\by Amos Fiat
\by Adi Shamir
\paper How to prove yourself: practical solutions to identification and signature problems
\inbook \cite{1987/odlyzko-book}
\pages 186--194
\endref

\bib{1993/fich}
\yr 1993
\by Faith E. Fich
\paper The complexity of computation on the parallel random access machine
\inbook \cite{1993/reif}
\pages 843--899
\endref

\bib{1985/fich}
\yr 1985
\by Faith E. Fich
\by Martin Tompa
\paper The parallel complexity of exponentiating polynomials over finite fields
\inbook \cite{1985/-stoc}
\pages 38--47
\seenewer \cite{1988/fich}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1985/fich
\endref

\bib{1988/fich}
\yr 1988
\mr 90c:12001
\by Faith E. Fich
\by Martin Tompa
\paper The parallel complexity of exponentiating polynomials over finite fields
\jour Journal of the ACM
\issn 0004--5411
\vol 35
\pages 651--667
\seeolder \cite{1985/fich}
\endref

\bib{1972/fiduccia-matrix}
\yr 1972
\mr 52:12398
\by Charles M. Fiduccia
\paper On obtaining upper bounds on the complexity of matrix multiplication
\inbook \cite{1972/miller}
\pages 31--40
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1972/fiduccia-matrix
\endref

\bib{1972/fiduccia-fft}
\yr 1972
\by Charles M. Fiduccia
\paper Polynomial evaluation via the division algorithm: the fast Fourier transform revisited
\inbook \cite{1972/rosenberg}
\pages 88--93
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1972/fiduccia-fft
\endref

\bib{1973/fiduccia-matrix}
\yr 1973
\by Charles M. Fiduccia
\book On the algebraic complexity of matrix multiplication
\phdthesis
\publ Brown University
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1973/fiduccia-matrix
\endref

\bib{1977/fiduccia}
\yr 1977
\mr 58:3675
\by Charles M. Fiduccia
\by Yechezkel Zalcstein
\paper Algebras having linear multiplicative complexities
\jour Journal of the ACM
\issn 0004--5411
\vol 24
\pages 311--331
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1977/fiduccia
\endref

\bib{1974/fischer}
\yr 1974
\mr 53:4612
\by Michael J. Fischer
\by Michael S. Paterson
\paper String-matching and other products
\inbook \cite{1974/karp}
\pages 113--125
\endref

\bib{1965/fischer}
\yr 1965
\by Patrick C. Fischer
\paper Generation of primes by a one-dimensional real-time iterative array
\jour Journal of the ACM
\issn 0004--5411
\vol 12
\pages 388--394
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1965/fischer
\endref

\bib{1997/fischlin}
\yr 1997
\mr 1 603 072
\by Roger Fischlin
\by Claus P. Schnorr
\paper Stronger security proofs for RSA and Rabin bits
\inbook \cite{1997/fumy}
\pages 267--279
\seenewer \cite{2000/fischlin}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1997/fischlin
\endref

\bib{2000/fischlin}
\yr 2000
\mr 2001m:94045
\by Roger Fischlin
\by Claus P. Schnorr
\paper Stronger security proofs for RSA and Rabin bits
\jour Journal of Cryptology
\issn 0933--2790
\vol 13
\pages 221--244
\seeolder \cite{1997/fischlin}
\endref

\bib{1964/floyd}
\yr 1964
\by Robert W. Floyd
\paper Algorithm 245: Treesort3
\jour Communications of the ACM
\issn 0001--0782
\vol 7
\pages 701
\endref

\bib{2004/fog}
\yr 2004
\by Agner Fog
\book How to optimize for the Pentium family of microprocessors
\url http://www.agner.org/assem/
\endref

\bib{2003/fong-inversion}
\yr 2003
\by Kenny Fong
\by Darrel Hankerson
\by Julio L\'opez
\by Alfred Menezes
\paper Field inversion and point halving revisited
\url http://www.cacr.math.uwaterloo.ca/techreports/2003/tech_reports2003.html
\seenewer \cite{2004/fong-inversion}
\endref

\bib{2003/fong-inversion}
\yr 2003
\by Kenny Fong
\by Darrel Hankerson
\by Julio L\'opez
\by Alfred Menezes
\paper Field inversion and point halving revisited
\url http://www.cacr.math.uwaterloo.ca/techreports/2003/tech_reports2003.html
\seenewer \cite{2004/fong-inversion}
\endref

\bib{2004/fong-inversion}
\yr 2004
\by Kenny Fong
\by Darrel Hankerson
\by Julio L\'opez
\by Alfred Menezes
\paper Field inversion and point halving revisited
\jour IEEE Transactions on Computers
\issn 0018--9340
\vol 53
\pages 1047--1059
\seeolder \cite{2003/fong-inversion}
\endref

\bib{1985/fouvry}
\yr 1985
\mr 86g:11052
\by \'Etienne Fouvry
\paper Th\'eor\`eme de Brun-Titchmarsh: application au th\'eor\`eme de Fermat
\jour Inventiones Mathematicae
\issn 0020--9910
\vol 79
\pages 383--407
\endref

\bib{1991/fouvry}
\yr 1991
\mr 93c:11074
\by \'Etienne Fouvry
\by G\'erald Tenenbaum
\paper Entiers sans grand facteur premier en progressions arithmetiques
\jour Proceedings of the London Mathematical Society, Third Series
\issn 0024--6115
\vol 63
\pages 449--494
\endref

\bib{1996/fouvry}
\yr 1996
\mr 97h:11098
\by \'Etienne Fouvry
\by G\'erald Tenenbaum
\paper R\'epartition statistique des entiers sans grand facteur premier dans les progressions arithm\'etiques
\jour Proceedings of the London Mathematical Society, Third Series
\issn 0024--6115
\vol 72
\pages 481--514
\endref

\bib{2005/franke-ecm}
\yr 2005
\by Jens Franke
\by Thorsten Kleinjung
\by Christof Paar
\by Jan Pelzl
\by Christine Priplata
\by Martin Simka
\by Colin Stahlke
\paper An efficient hardware architecture for factoring integers with the elliptic curve method
\paperinfo Workshop Record of SHARCS 2005
\pages 51--62
\url http://www.best.tuke.sk/simka/pub.html
\endref

\bib{preprint/franke}
\by Jens Franke
\by T. Kleinjung
\by Fran\c cois Morain
\by T. Wirth
\paper Proving the primality of very large numbers with fastECPP
\url http://www.lix.polytechnique.fr/Labo/Francois.Morain/Articles/large.ps.gz
\endref

\bib{1998/frey-disguise}
\yr 1998
\by Gerhard Frey
\paper How to disguise an elliptic curve (Weil descent)
\url http://www.cacr.math.uwaterloo.ca/conferences/1998/ecc98/slides.html
\endref

\bib{2005/frey-ehcc22}
\yr 2005
\mr 2162738
\by Gerhard Frey
\by Tanja Lange
\paper Transfer of discrete logarithms
\inbook \cite{2005/cohen-ehcc}
\pages 529--543
\endref

\bib{1972/friedlander}
\yr 1972
\mr 45:8627
\by John B. Friedlander
\paper On the number of ideals free from large prime divisors
\jour Journal f\"ur die Reine und Angewandte Mathematik
\issn 0075--4102
\vol 255
\pages 1--7
\endref

\bib{1973/friedlander}
\yr 1973
\mr 49:4957
\by John B. Friedlander
\paper Integers without large prime factors
\jour Indagationes Mathematicae
\issn 0019--3577
\vol 35
\pages 443--451
\endref

\bib{1976/friedlander}
\yr 1976
\mr 54:5139
\by John B. Friedlander
\paper Integers free from large and small primes
\jour Proceedings of the London Mathematical Society, Third Series
\issn 0024--6115
\vol 33
\pages 565--576
\endref

\bib{1981/friedlander}
\yr 1981
\mr 83b:10052
\by John B. Friedlander
\paper Integers without large prime factors. II
\jour Acta Arithmetica
\issn 0065--1036
\vol 39
\pages 53--57
\endref

\bib{1984/friedlander}
\yr 1984
\mr 86d:11072
\by John B. Friedlander
\paper Integers without large prime factors. III
\jour Archiv der Mathematik
\issn 0003--889X
\vol 43
\pages 32--36
\endref

\bib{1993/friedlander}
\yr 1993
\mr 95b:11086
\by John B. Friedlander
\by Andrew Granville
\paper Smoothing ``smooth'' numbers
\jour Philosophical Transactions of the Royal Society of London Series A
\issn 0962--8428
\vol 345
\pages 339--347
\url http://www.math.uga.edu/~andrew/agpapers.html
\endref

\bib{1987/friedlander}
\yr 1987
\mr 88d:11084
\by John B. Friedlander
\by Jeffrey C. Lagarias
\paper On the distribution in short intervals of integers having no large prime factor
\jour Journal of Number Theory
\issn 0022--314X
\vol 25
\pages 249--273
\endref

\bib{1997/frigo}
\yr 1997
\by Matteo Frigo
\by Steven G. Johnson
\book The fastest Fourier transform in the West
\bookinfo Technical Report MIT-LCS-TR-728
\url http://theory.lcs.mit.edu/~athena/papers.html
\endref

\bib{1998/frigo}
\yr 1998
\by Matteo Frigo
\by Steven G. Johnson
\paper FFTW: an adaptive software architecture for the FFT
\url http://www.fftw.org
\endref

``I confirm your results,'' Frigo wrote back on 1997.09.19. ``On my Pentium 120, your code takes 452us for the 512 single-precision transform. ... FFTW takes 820us in the same conditions.''

Yet Frigo and Johnson failed to mention my work in their subsequent FFTW paper. For years their web site continued to make the false statement that FFTW was ``typically faster than all other publicly available DFT software.'' I have a web page discussing the Frigo-Johnson benchmarks in more detail.

The authors can make a reasonable argument that FFTW is useful despite its inferior performance on the most popular CPUs. But it's simply dishonest of them to pretend that FFTW provides state-of-the-art performance.

\bib{1991/froehlich}
\yr 1991
\isbn 0--521--36664--X
\mr 94d:11078
\by Albrecht Fr\"ohlich
\by Martin J. Taylor
\book Algebraic number theory
\publ Cambridge University Press
\publaddr Cambridge
\endref

\bib{1988/frye}
\yr 1988
\by Roger E. Frye
\paper Finding $95800^4+217519^4+414560^4=422481^4$ on the Connection Machine
\inbook \cite{1988/martin}
\pages 106--116
\endref

\bib{1997/fumy}
\yr 1997
\isbn 3--540--62975--0
\editor Walter Fumy
\book Advances in cryptology: EUROCRYPT '97
\series Lecture Notes in Computer Science
\seriesvol 1233
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2001/gallant}
\yr 2001
\mr 2003h:14043
\by Robert P. Gallant
\by Robert J. Lambert
\by Scott A. Vanstone
\paper Faster point multiplication on elliptic curves with efficient endomorphisms
\inbook \cite{2001/kilian-crypto2001}
\pages 190--200
\endref

\bib{2000/galway}
\yr 2000
\by William F. Galway
\paper Dissecting a sieve to cut its need for space
\inbook \cite{2000/bosma-book}
\pages 297--312
\endref

\bib{2001/galway}
\yr 2001
\by William F. Galway
\book Analytic computation of the prime-counting function
\phdthesis
\publ University of Illinois at Urbana-Champaign
\url http://www.math.uiuc.edu/~galway/PhD_Thesis/
\endref

\bib{2000/gao}
\yr 2000
\by Shuhong Gao
\by Joachim von zur Gathen
\by Daniel Panario
\by Victor Shoup
\paper Algorithms for exponentiation in finite fields
\jour Journal of Symbolic Computation
\issn 0747--7171
\vol 29
\pages 879--889
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 2000/gao
\endref

\bib{1992/gao}
\yr 1992
\mr 93j:12003
\by Shuhong Gao
\by Hendrik W. Lenstra, Jr.
\paper Optimal normal bases
\jour Designs, Codes and Cryptography
\issn 0925--1022
\vol 2
\pages 315--323
\url http://www.math.clemson.edu/~sgao/pub.html
\endref

\bib{1964/gardiner}
\yr 1964
\mr 31:119
\by Verna L. Gardiner
\by R. B. Lazarus
\by Paul R. Stein
\paper Solutions of the diophantine equation $x^3+z^3=z^3-d$
\jour Mathematics of Computation
\issn 0025--5718
\vol 18
\pages 408--413
\url http://links.jstor.org/sici?sici=0025-5718(196407)18:87<408:SOTDE>2.0.CO;2-Q
\endref

\bib{1977/gardner}
\yr 1977
\by Martin Gardner
\paper A new kind of cipher that would take millions of years to break
\jour Scientific American
\pages 120--124
\endref

\bib{1986/vonzurgathen}
\yr 1986
\mr 88f:68055
\by Joachim von zur Gathen
\paper Representations and parallel computations for rational functions
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 15
\pages 432--452
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/vonzurgathen
\endref

\bib{1997/vonzurgathen}
\yr 1997
\mr 99c:68123
\by Joachim von zur Gathen
\by Michael N\"ocker
\paper Exponentiation in finite fields: theory and practice
\inbook \cite{1997/mora}
\pages 88--133
\url http://math-www.uni-paderborn.de/~aggathen/Publications/publications.html
\endref

\bib{1866/gauss-3}
\yr 1866
\by Carl F. Gauss
\book Werke, Band 3
\publ K\"oniglichen Gesellschaft der Wissenschaften
\publaddr G\"ottingen
\url http://134.76.163.65/agora_docs/41929TABLE_OF_CONTENTS.html
\endref

\bib{1994/gautschi}
\yr 1994
\isbn 0--8218--0291--7
\mr 95j:00014
\editor Walter Gautschi
\book Mathematics of Computation 1943--1993: a half-century of computational mathematics
\publ American Mathematical Society
\publaddr Providence
\endref

\bib{1992/geddes}
\yr 1992
\isbn 0--7923--9259--0
\mr 96a:68049
\by Keith O. Geddes
\by Stephen R. Czapor
\by G. Labahn
\book Algorithms for computer algebra
\publ Kluwer
\publaddr Boston
\endref

\bib{1994/ge}
\yr 1994
\mr 94i:11107
\by Guoqiang Ge
\paper Recognizing units in number fields
\jour Mathematics of Computation
\issn 0025--5718
\vol 63
\pages 377--387
\url http://links.jstor.org/\allowbreak sici?\allowbreak sici=\allowbreak 0025-5718\allowbreak (199407)\allowbreak 63:\allowbreak 207\allowbreak <377:RUINF>\allowbreak 2.0.CO;2-8
\endref

\bib{1966/gentleman}
\yr 1966
\by W. Morven Gentleman
\by Gordon Sande
\paper Fast Fourier transforms---for fun and profit
\inbook \cite{1966/-afips-29}
\pages 563--578
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1966/gentleman
\endref

\bib{1983/gerver}
\yr 1983
\mr 85c:11122
\by Joseph L. Gerver
\paper Factoring large numbers with a quadratic sieve
\jour Mathematics of Computation
\issn 0025--5718
\vol 41
\pages 287--294
\endref

\bib{1989/gianni}
\yr 1989
\isbn 3--540--51084--2
\mr 90i:00005
\editor Patrizia Gianni
\book Symbolic and algebraic computation: proceedings of the international symposium (ISSAC '88) held in Rome, July 4--8, 1988
\series Lecture Notes in Computer Science
\seriesvol 358
\publ Springer
\publaddr Berlin
\endref

\bib{1974/gilbert}
\yr 1974
\mr 55:5306
\by Edgar N. Gilbert
\by F. Jessie MacWilliams
\by Neil J. A. Sloane
\paper Codes which detect deception
\jour Bell System Technical Journal
\issn 0005--8580
\vol 53
\pages 405--424
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1974/gilbert
\endref

\bib{2005/gilbert-fse2005}
\yr 2005
\isbn 3--540--26541--4
\editor Henri Gilbert
\editor Helena Handschuh
\book Fast software encryption: 12th international workshop, FSE 2005, Paris, France, February 21--23, 2005, revised selected papers
\series Lecture Notes in Computer Science
\seriesvol 3557
\publ Springer
\endref

\bib{1970/gillett}
\yr 1970
\mr 42:3052
\by John R. Gillett
\paper On the largest prime divisors of ideals in fields of degree $n$
\jour Duke Mathematical Journal
\issn 0012--7094
\vol 37
\pages 589--600
\endref

\bib{1987/gillman-writing}
\yr 1987
\isbn 0--88385--443--0
\by Leonard Gillman
\book Writing mathematics well
\publ Mathematical Association of America
\endref

\bib{1984/gilmer}
\yr 1984
\isbn 0--226--29391--2
\mr 85e:20058
\by Robert Gilmer
\book Commutative semigroup rings
\publ University of Chicago
\publaddr Chicago, Illinois
\endref

\bib{1970/glassman}
\yr 1970
\mr 40:6804
\by J. A. Glassman
\paper A generalization of the fast Fourier transform
\jour IEEE Transactions on Computers
\issn 0018--9340
\vol 19
\pages 105--116
\endref

\bib{1987/gleason}
\yr 1987
\isbn 0--8218--0110--4
\mr 89c:00042
\editor Andrew M. Gleason
\book Proceedings of the International Congress of Mathematicians, volume 1
\publ American Mathematical Society
\publaddr Providence
\endref

\bib{1994/goettfert}
\yr 1994
\mr 94g:11110
\by Rainer G\"ottfert
\paper An acceleration of the Niederreiter factorization algorithm in characteristic 2
\jour Mathematics of Computation
\issn 0025--5718
\vol 62
\pages 831--839
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/goettfert
\endref

\bib{1969/goldfeld}
\yr 1969
\mr 39:5493
\by Morris Goldfeld
\paper On the number of primes $p$ for which $p+a$ has a large prime factor
\jour Mathematika
\issn 0025--5793
\vol 16
\pages 23--27
\endref

\bib{1970/goldman}
\yr 1970
\mr 42:93
\by Jay Goldman
\by Gian-Carlo Rota
\paper On the foundations of combinatorial theory IV: finite vector spaces and Eulerian generating functions
\jour Studies in Applied Mathematics
\issn 0022--2526
\vol 49
\pages 239--258
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1970/goldman
\endref

\bib{1999/goldreich-book}
\yr 1999
\isbn 3--540--64766--X
\mr 2000f:94029
\by Oded Goldreich
\book Modern cryptography, probabilistic proofs and pseudorandomness
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1986/goldreich}
\yr 1986
\by Oded Goldreich
\by Shafi Goldwasser
\by Silvio Micali
\paper How to construct random functions
\jour Journal of the ACM
\issn 0004--5411
\vol 33
\pages 210--217
\endref

\bib{1999/goldreich-draft}
\yr 1999
\mr 2001i:68050
\by Oded Goldreich
\by Dana Ron
\by Madhu Sudan
\paper Chinese remaindering with errors
\inbook \cite{1999/-stoc}
\pages 225--234
\seenewer \cite{2000/goldreich}
\url http://theory.lcs.mit.edu/~madhu/papers.html
\endref

\bib{2000/goldreich}
\yr 2000
\mr 2001k:11005
\by Oded Goldreich
\by Dana Ron
\by Madhu Sudan
\paper Chinese remaindering with errors
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 46
\pages 1330--1338
\seeolder \cite{1999/goldreich-draft}
\url http://theory.lcs.mit.edu/~madhu/papers.html
\endref

\bib{1990/goldstein}
\yr 1990
\isbn 0--8176--3493--2
\mr 91k:11104
\editor Catherine Goldstein
\book S\'eminaire de Th\'eorie des Nombres, Paris 1988--1989
\publ Birkhauser
\publaddr Boston
\endref

\bib{1990/goldwasser}
\yr 1990
\isbn 3--540--97196--3, 0--387--97196--3
\mr 90j:94003
\editor Shafi Goldwasser
\book Advances in cryptology---CRYPTO '88: proceedings
\series Lecture Notes in Computer Science
\seriesvol 403
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1986/goldwasser}
\yr 1986
\by Shafi Goldwasser
\by Joe Kilian
\paper Almost all primes can be quickly certified
\inbook \cite{1986/-stoc}
\pages 316--329
\seenewer \cite{1999/goldwasser}
\endref

\bib{1999/goldwasser}
\yr 1999
\mr 2002e:11182
\by Shafi Goldwasser
\by Joe Kilian
\paper Primality testing using elliptic curves
\jour Journal of the ACM
\issn 0004--5411
\vol 46
\pages 450--472
\seeolder \cite{1986/goldwasser}
\endref

\bib{1988/goldwasser}
\yr 1988
\mr 89e:94009
\by Shafi Goldwasser
\by Silvio Micali
\by Ronald L. Rivest
\paper A digital signature scheme secure against adaptive chosen-message attacks
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 17
\pages 281--308
\url http://theory.lcs.mit.edu/\allowbreak ~rivest/\allowbreak publications.html
\endref

\bib{1994/golliver}
\yr 1994
\mr 96a:11142
\by Roger A. Golliver
\by Arjen K. Lenstra
\by Kevin S. McCurley
\paper Lattice sieving and trial division
\inbook \cite{1994/adleman-ants}
\pages 18--27
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/golliver
\endref

\bib{1951/good}
\yr 1951
\mr 13,363e
\by Irving J. Good
\paper Random motion on a finite abelian group
\jour Proceedings of the Cambridge Philosophical Society
\issn 0305--0041
\vol 47
\pages 756--762
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1951/good
\endref

\bib{1958/good}
\yr 1958
\mr 21:1674
\by Irving J. Good
\paper The interaction algorithm and practical Fourier analysis
\jour Journal of the Royal Statistical Society, Series B
\issn 1369--7412
\vol 20
\pages 361--372
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1958/good
\endref

\bib{1971/good}
\yr 1971
\by Irving J. Good
\paper The relationship between two fast Fourier transforms
\jour IEEE Transactions on Computers
\issn 0018--9340
\vol 20
\pages 310--317
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1971/good
\endref

\bib{1968/good}
\yr 1968
\by Irving J. Good
\by R. F. Churchhouse
\paper The Riemann hypothesis and pseudorandom features of the M\"obius sequence
\jour Mathematics of Computation
\issn 0025--5718
\vol 22
\pages 857--861
\endref

\bib{1993/gordon}
\yr 1993
\mr 94d:11104
\by Daniel M. Gordon
\paper Discrete logarithms in GF$(p)$ using the number field sieve
\jour SIAM Journal on Discrete Mathematics
\issn 1095--7146
\vol 6
\pages 124--138
\endref

\bib{1998/gordon}
\yr 1998
\mr 99g:94014
\by Daniel M. Gordon
\paper A survey of fast exponentiation methods
\jour Journal of Algorithms
\issn 0196--6774
\vol 27
\pages 129--146
\url http://www.ccrwest.org/gordon/dan.html
\endref

\bib{1993/gordon-logs}
\yr 1993
\by Daniel M. Gordon
\by Kevin S. McCurley
\paper Massively parallel computation of discrete logarithms
\inbook \cite{1993/brickell-book}
\pages 312--323
\endref

\bib{1990/gosper}
\yr 1990
\mr 91h:11154
\by William Gosper
\paper Strip mining in the abandoned orefields of nineteenth century mathematics
\inbook \cite{1990/chudnovsky-book}
\pages 261--284
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1990/gosper
\endref

\bib{1998/goss-style}
\yr 1998
\by David Goss
\paper Some hints on mathematical style
\url http://www.math.ohio-state.edu/~goss/style.html
\endref

\bib{1997/graham}
\yr 1997
\isbn 3--540--61032--4
\mr 97f:00032
\editor Ronald L. Graham
\editor Jaroslav Ne\v set\v ril
\book The mathematics of Paul Erd\H os. I
\series Algorithms and Combinatorics
\seriesvol 13
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1978/graham}
\yr 1978
\mr 80d:68051
\by Ronald L. Graham
\by Andrew C. Yao
\by Frances F. Yao
\paper Addition chains with multiplicative cost
\jour Discrete Mathematics
\issn 0012--365X
\vol 23
\pages 115--119
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1978/graham
\endref

\bib{1998/grantham}
\yr 1998
\by Jon Grantham
\paper A probable prime test with high confidence
\jour Journal of Number Theory
\issn 0022--314X
\vol 72
\pages 32--47
\url http://www.pseudoprime.com/jgpapers.html
\endref

\bib{2001/grantham}
\yr 2001
\by Jon Grantham
\paper Frobenius pseudoprimes
\jour Mathematics of Computation
\issn 0025--5718
\vol 70
\pages 873--891
\url http://www.pseudoprime.com/pseudo.html
\endref

\bib{1989/granville}
\yr 1989
\mr 92h:11076
\by Andrew Granville
\paper On positive integers $\le x$ with prime factors $\le t\log x$
\inbook \cite{1989/mollin}
\pages 403--422
\url http://www.math.uga.edu/~andrew/agpapers.html
\endref

\bib{1990/granville-fermat}
\yr 1990
\mr 92k:11036
\by Andrew Granville
\paper Some conjectures related to Fermat's last theorem
\inbook \cite{1990/mollin}
\pages 177--192
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1990/granville-fermat
\endref

\bib{1991/granville-2}
\yr 1991
\mr 92m:11095
\by Andrew Granville
\paper On pairs of coprime integers with no large prime factors
\jour Expositiones Mathematicae
\issn 0723--0869
\vol 9
\pages 335--350
\endref

\bib{1991/granville-tetra}
\yr 1991
\mr 92b:11070
\by Andrew Granville
\paper The lattice points of an $n$-dimensional tetrahedron
\jour Aequationes Mathematicae
\issn 0001--9054
\vol 41
\pages 234--241
\url http://www.math.uga.edu/~andrew/agpapers.html
\endref

\bib{1993/granville-1}
\yr 1993
\mr 94f:11091
\by Andrew Granville
\paper Integers, without large prime factors, in arithmetic progressions. I
\jour Acta Mathematica
\issn 0001--5962
\vol 170
\pages 255--273
\url http://www.math.uga.edu/~andrew/agpapers.html
\endref

\bib{1993/granville-2}
\yr 1993
\mr 94k:11104
\by Andrew Granville
\paper Integers, without large prime factors, in arithmetic progressions. II
\jour Philosophical Transactions of the Royal Society of London Series A
\issn 0962--8428
\vol 345
\pages 349--362
\url http://www.math.uga.edu/~andrew/agpapers.html
\endref

\bib{2005/granville-easy}
\yr 2005
\by Andrew Granville
\paper It is easy to determine whether a given integer is prime
\jour Bulletin of the American Mathematical Society
\issn 0273--0979
\vol 42
\pages 3--38
\also online in 2004
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 2005/granville-easy
\endref

Sections 1, 2, and 3A are introductory. The author mischaracterizes both P and NP, making the common mistake of equating ``certificate'' and ``proof.'' Footnote 2, in context, makes the absurd claim that computers that ``will be built for the next century'' will not factor difficult 400-digit numbers.

Section 3B discusses the speed of the AKS algorithm. The author credits polynomial-time exponentiation to ``computer scientists.'' When I saw this in a draft of the paper, I asked for a definition of ``computer scientists,'' and pointed to computations by Legendre in 1785 and Brauer in 1939. The author added footnote 22 saying that Legendre computed high powers mod p in 1785. This makes it sound as if Legendre considered only prime fields; in fact, the computation I pointed to was in a higher-degree finite field.

Footnote 23 (inserted at my suggestion) avoids the common mistake discussed in my logfloor paper.

Section 4 proves that the AKS algorithm correctly detects primality. Lemma 4.3 is incorrectly credited to ``Agrawal, Kayal, Saxena ... inspired by remarks of Hendrik Lenstra''; Macaj came up with the idea at the same time as Agrawal, and Macaj posted it before anyone else did, so it's inexcusable to fail to credit Macaj.

(Whether to give any credit to Agrawal is a more difficult issue. The community certainly wants to encourage people to publish quickly and to pay attention to the latest news from everyone else. On the other hand, Agrawal had the idea before Macaj posted it; the community certainly doesn't want to discourage people from writing up their apparently-new ideas. So I give credit to both Macaj and Agrawal.)

Section 5 uses the Bombieri-Vinogradov theorem and the Brun-Titchmarsh theorem to prove Goldfeld's theorem on the distribution of prime divisors of shifted primes. (This taste of analytic-number-theory proofs is unusual for AKS expositions.) Goldfeld's theorem was essential for the original AKS polynomial-time run-time bound; after Macaj, polynomial-time AKS is easy, but Goldfeld's theorem still improves the AKS exponent.

Section 6 presents the AKS-Berrizbeitia-Cheng-Bernstein primality-proving algorithm (the simplified version from Section 2 of my paper, not the fancy version in Section 3 with huge constant-factor improvements) and outlines a proof that it has limiting exponent 4. The author says that he believes ``that it is only a matter of time'' before this algorithm catches up to ECPP-type algorithms in practice; but I see no reason to believe that the extra constraint of provable speed is compatible with the highest possible practical performance.

I don't like how the author suppressed my hypothesis that v-1 is a unit. He's implicitly using the fact that e, being larger than (2d log n)^2, is at least 2, but this argument fails if the theorem is modified as suggested in subsequent sections of the paper.

Section 7 presents the AKS-Lenstra-Pomerance algorithm and outlines the proof that it has limiting exponent 6. I disagree with the author's statement that limiting exponent 6 is ``as fast as can be hoped for'' among deterministic algorithms of this type; one can hope to somehow construct an irreducible polynomial in x that's also a polynomial in x^k for some growing k, and then apply Berrizbeitia-type twists.

Section 8, ``Minor improvements and tempting ideas,'' presents the x^k substitution (no longer relevant post-Berrizbeitia), Voloch's use of negative powers (saving a factor of about 6 post-Berrizbeitia), Lenstra's use of Minkowski's theorem, Voloch's use of the ABC theorem, and a few random observations. The author states that Voloch's use of the ABC theorem improves the lower bounds on the group size (and thus the upper bounds on run time); in fact, Voloch never improved upon the obvious lower bound (4+o(1))^e. (I achieved (4.27...+o(1))^e with ABC, but this took more work. The author neglects to cite my paper.) The author also states that the ABC techniques can be combined with Voloch's use of negative powers; in fact, nobody knows how to combine the techniques for any useful parameter range. The record was (5.828...+o(1))^e with negative powers and is still (5.828...+o(1))^e with negative powers and ABC.

Page 7 looks ahead to Section 8:

Bernstein reckons that these and other ideas result in a speed up by a factor of about two million, although, he cautions, ``two million times faster is not necessarily fast.''

Someone appears to have swept through the bibliography and systematically replaced useful information (specifically, URLs) with often-incorrect information (specifically, the phrase ``to appear''). See the devil's guide to citing the literature for further ideas along these lines.

\bib{1980/gregory}
\yr 1980
\isbn 0--89874--240--4
\mr 83f:65061
\by Robert T. Gregory
\book Error-free computation: why it is needed and methods for doing it
\publ Robert E. Krieger Publishing Company
\publaddr New York
\endref

\bib{1978/gries}
\yr 1978
\by David Gries
\by Jayadev Misra
\paper A linear sieve algorithm for finding prime numbers
\jour Communications of the ACM
\issn 0001--0782
\vol 21
\pages 999--1003
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1978/gries
\endref

\bib{1986/grupp-diff}
\yr 1986
\mr 87k:11101
\by Frieder Grupp
\paper On difference-differential equations in the theory of sieves
\jour Journal of Number Theory
\issn 0022--314X
\vol 24
\pages 154--173
\endref

\bib{1986/grupp-sieve}
\yr 1986
\mr 87f:11071
\by Frieder Grupp
\by Hans-Egon Richert
\paper The functions of the linear sieve
\jour Journal of Number Theory
\issn 0022--314X
\vol 22
\pages 208--239
\endref

\bib{1988/guenther}
\yr 1988
\isbn 3--540--50251--3
\mr 90a:94002
\by Christoph G. G\"unther
\book Advances in cryptology: EUROCRYPT '88
\series Lecture Notes in Computer Science
\seriesvol 330
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1991/guillou}
\yr 1991
\by Louis Claude Guillou
\by Jean-Jacques Quisquater
\paper Precautions taken against various potential attacks in ISO/IEC DIS 9796
\inbook \cite{1991/damgard}
\pages 465--473
\endref

\bib{1995/guillou}
\yr 1995
\isbn 3--540--59409--4
\mr 96f:94001
\editor Louis C. Guillou
\editor Jean-Jacques Quisquater
\book Advances in cryptology---EUROCRYPT '95 (Saint-Malo, 1995)
\series Lecture Notes in Computer Science
\seriesvol 921
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1999/gupta}
\yr 1999
\isbn 0--8218--0964--4
\mr 99k:11005
\editor Rajiv Gupta
\editor Kenneth S. Williams
\book Number theory
\publ American Mathematical Society
\publaddr Providence
\endref

\bib{1999/guruswami}
\yr 1999
\mr 2000j:94033
\by Venkatesan Guruswami
\by Madhu Sudan
\paper Improved decoding of Reed-Solomon and algebraic-geometry codes
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 45
\pages 1757--1767
\url http://theory.lcs.mit.edu/~madhu/bib.html
\endref

\bib{2004/gutierrez-issac}
\yr 2004
\isbn 1--58113--827--X
\editor Jamie Gutierrez
\book Proceedings of the 2004 international symposium on symbolic and algebraic computation
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1994/guy}
\yr 1994
\by Richard K. Guy
\book Unsolved problems in number theory
\edition 2nd
\publ Springer-Verlag
\publaddr New York
\endref

\bib{1968/gwehenberger}
\yr 1968
\by Gernot Gwehenberger
\paper Anwendung einer bin\"aren Verweiskettenmethode beim Aufbau von Listen
\jour Elektronische Rechenanlagen
\vol 10
\pages 223--226
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1968/gwehenberger
\endref

\bib{1989/hafner-pic}
\yr 1989
\mr 91f:11090
\by James L. Hafner
\by Kevin S. McCurley
\paper A rigorous subexponential algorithm for computation of class groups
\jour Journal of the American Mathematical Society
\issn 0894--0347
\vol 2
\pages 837--850
\url http://links.jstor.org/sici?sici=0894-0347(198910)2:4<837:ARSAFC>2.0.CO;2-D
\endref

\bib{1989/hafner-ecm}
\yr 1989
\mr 91g:11157
\by James L. Hafner
\by Kevin S. McCurley
\paper On the distribution of running times of certain integer factoring algorithms
\jour Journal of Algorithms
\issn 0196--6774
\vol 10
\pages 531--556
\endref

\bib{1987/hager}
\yr 1987
\by William W. Hager
\paper A modified fast Fourier transform for polynomial evaluation and the Jenkins-Traub algorithm
\jour Numerische Mathematik
\issn 0029--599X
\vol 50
\pages 253--261
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1987/hager
\endref

\bib{1997/haible}
\yr 1997
\by Bruno Haible
\by Thomas Papanikolaou
\book Fast multiprecision evaluation of series of rational numbers
\bookinfo Technical Report TI-7/97
\publ Darmstadt University of Technology
\url http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/papanik/Welcome.html
\seenewer \cite{1998/haible}
\endref

\bib{1998/haible}
\yr 1998
\mr 2000i:11197
\by Bruno Haible
\by Thomas Papanikolaou
\paper Fast multiprecision evaluation of series of rational numbers
\inbook \cite{1998/buhler}
\pages 338--350
\seeolder \cite{1997/haible}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1998/haible
\endref

\bib{1970/halberstam}
\yr 1970
\mr 42:4509
\by Heini Halberstam
\paper On integers all of whose prime factors are small
\jour Proceedings of the London Mathematical Society, Third Series
\issn 0024--6115
\vol 21
\pages 102--107
\endref

\bib{1997/halevi-mmh}
\yr 1997
\by Shai Halevi
\by Hugo Krawczyk
\paper MMH: software message authentication in the Gbit/second rates
\inbook \cite{1997/biham}
\pages 172--189
\url http://www.research.ibm.com/people/s/\allowbreak shaih/pubs/mmh.html
\endref

\bib{2003/halevi}
\yr 2003
\by Shai Halevi
\by Phil Rogaway
\paper A tweakable enciphering mode
\url http://www.research.ibm.com/people/s/shaih/pubs/hr03.html
\endref

\bib{1933/hall}
\yr 1933
\by Marshall Hall
\paper Quadratic residues in factorization
\jour Bulletin of the American Mathematical Society
\issn 0273--0979
\vol 39
\pages 758--763
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1933/hall
\endref

\bib{2000/hankerson-2-draft}
\yr 2000
\by Darrel Hankerson
\by Julio Lopez Hernandez
\by Alfred Menezes
\paper Software implementation of elliptic curve cryptography over binary fields
\url http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-42.ps
\seenewer \cite{2000/hankerson-2}
\endref

\bib{2000/hankerson-2}
\yr 2000
\by Darrel Hankerson
\by Julio Lopez Hernandez
\by Alfred Menezes
\paper Software implementation of elliptic curve cryptography over binary fields
\inbook \cite{2000/koc-ches2000}
\pages 1--24
\seeolder \cite{2000/hankerson-2-draft}
\endref

\bib{2004/hankerson}
\yr 2004
\isbn 0--387--95273--X
\mr 2054891
\by Darrel Hankerson
\by Alfred Menezes
\by Scott Vanstone
\book Guide to elliptic curve cryptography
\publ Springer
\publaddr New York
\endref

\bib{2004/hanrot-middle}
\yr 2004
\by Guillaume Hanrot
\by Michel Quercia
\by Paul Zimmermann
\paper The middle product algorithm I
\jour Applicable Algebra in Engineering, Communication, and Computing
\vol 14
\pages 415--438
\url http://springerlink.metapress.com/link.asp?id=57p2fta5k71085wm
\endref

The Hanrot-Quercia-Zimmermann paper, submitted in July 2000 and revised in November 2003, presents worse algorithms for every operation it considers: reciprocals, 2+o(1); quotients, 2.5+o(1); square roots, 3+o(1). This paper fails to mention my work, even though Zimmermann knew about my results in September 1999. (``Richard Brent told me you found a very fast way to compute a n-bit square root,'' Zimmermann wrote to me. I wrote back giving full details of my 1.83333...+o(1) square-root algorithm and mentioning that I also had speedups in division and exponentiation.) This paper also doesn't mention that (for example) Schoenhage, Grotefeld, and Vetter had announced 2+o(1) for reciprocals in 1994.

The authors also fail to realize that the ``middle product'' is simply the high part of the product modulo x^(2n)-1, and can thus be computed in the usual way with three size-2n FFTs. One can pointlessly complicate this algorithm, and prevent it from being applied analogously to integers, by changing an FFT to a reversed inverse FFT and changing an inverse FFT to a reversed FFT; the result is ``Algorithm MP-FFT'' in Section 1.3 of this paper.

\bib{2004/hanrot-newton}
\yr 2004
\by Guillaume Hanrot
\by Paul Zimmermann
\paper Newton iteration revisited
\url http://www.loria.fr/~zimmerma/papers/
\endref

\bib{1979/hardy}
\yr 1979
\isbn 0--19--853170--2
\mr 81i:10002
\by Godfrey H. Hardy
\by E. M. Wright
\book An introduction to the theory of numbers
\edition 5th
\publ Oxford University Press
\endref

\bib{1981/harman}
\yr 1981
\mr 91h:11093
\by Glyn Harman
\paper Short intervals containing numbers without large prime factors
\jour Mathematical Proceedings of the Cambridge Philosophical Society
\issn 0305--0041
\vol 109
\pages 1--5
\endref

\bib{1936/hasse}
\yr 1936
\by Helmut Hasse
\paper Zur Theorie der abstrakten elliptischen Funktionenk\"orper I, II, III
\jour Journal f\"ur die Reine und Angewandte Mathematik
\issn 0075--4102
\pages 55--62, 69--88, 193--208
\endref

\bib{1988/hastad}
\yr 1988
\mr 89e:68049
\by Johan H\r astad
\paper Solving simultaneous modular equations of low degree
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 17
\pages 336--341
\url http://www.nada.kth.se/~johanh/papers.html
\endref

\bib{1985/hastad}
\yr 1985
\by Johan H\r astad
\by Adi Shamir
\paper The cryptographic security of truncated linearly related variables
\inbook \cite{1985/-stoc}
\pages 356--362
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1985/hastad
\endref

\bib{1973/hazlewood}
\yr 1973
\mr 49:2615
\by D. G. Hazlewood
\paper On integers all of whose prime factors are small
\jour Bulletin of the London Mathematical Society
\issn 0024--6093
\vol 5
\pages 159--163
\endref

\bib{1975/hazlewood}
\yr 1975
\mr 51:10256
\by D. G. Hazlewood
\paper On $k$-free integers with small prime factors
\jour Proceedings of the American Mathematical Society
\issn 0002--9939
\vol 52
\pages 40--44
\endref

\bib{1977/hazlewood}
\yr 1977
\mr 56:2941
\by D. G. Hazlewood
\paper On ideals having only small prime factors
\jour Rocky Mountain Journal of Mathematics
\issn 0035--7596
\vol 7
\pages 753--768
\endref

\bib{1992/heath-brown-searching}
\yr 1992
\mr 98f:11025
\by D. R. Heath-Brown
\paper Searching for solutions of $x^3+y^3+z^3=k$
\inbook \cite{1992/david}
\pages 71--76
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1992/heath-brown-searching
\endref

\bib{1992/heathbrown}
\yr 1992
\by D. R. Heath-Brown
\paper The density of zeros of forms for which weak approximation fails
\jour Mathematics of Computation
\issn 0025--5718
\vol 59
\pages 613--623
\endref

\bib{1993/heath-brown-solving}
\yr 1993
\mr 94f:11132
\by D. R. Heath-Brown
\by W. M. Lioen
\by H. J. J. te Riele
\jour Mathematics of Computation
\issn 0025--5718
\vol 61
\pages 235--244
\url http://links.jstor.org/sici?sici=0025-5718(199307)61:203<235:OSTDEO>2.0.CO;2-H
\endref

\bib{1994/hegland}
\yr 1994
\mr 96e:65082
\by Markus Hegland
\paper A self-sorting in-place fast Fourier transform algorithm suitable for vector and parallel processing
\jour Numerische Mathematik
\issn 0029--599X
\vol 68
\pages 507--547
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/hegland
\endref

\bib{1979/hehner}
\yr 1979
\mr 80h:68027
\by Eric C. R. Hehner
\by R. Nigel Horspool
\paper A new representation of the rational numbers for fast easy arithmetic
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 8
\pages 124--134
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1979/hehner
\endref

\bib{1986/heideman}
\yr 1986
\mr 87e:94007
\by Michael T. Heideman
\by C. Sidney Burrus
\paper On the number of multiplications necessary to compute a length-$2^n$ FFT
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 34
\pages 91--95
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/heideman
\endref

\bib{1985/heideman}
\yr 1985
\mr 87f:01018
\by Michael T. Heideman
\by Don H. Johnson
\by C. Sidney Burrus
\paper Gauss and the history of the fast Fourier transform
\jour Archive for History of Exact Sciences
\issn 0003--9519
\vol 34
\pages 265--277
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1985/heideman
\endref

\bib{1971/heindel}
\yr 1971
\by Lee E. Heindel
\by Ellis Horowitz
\paper On decreasing the computing time for modular arithmetic
\inbook \cite{1971/hennie}
\pages 126--128
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1971/heindel
\endref

\bib{1996/helleseth}
\yr 1996
\mr 98g:94028
\by Tor Helleseth
\by Thomas Johansson
\paper Universal hash functions from exponential sums over finite fields and Galois rings
\inbook \cite{1996/koblitz}
\pages 31--44
\url http://link.springer.de/link/service/series/0558/bibs/1109/11090031.htm
\endref

\bib{1983/hellman}
\yr 1983
\by Martin E. Hellman
\by J. M. Reyneri
\paper Fast computation of discrete logarithms in GF$(q)$
\inbook \cite{1983/chaum}
\pages 3--13
\endref

\bib{1971/hennie}
\yr 1971
\by Fred C. Hennie (chairman)
\book 12th annual symposium on switching and automata theory
\publ IEEE Computer Society
\publaddr Northridge
\endref

\bib{1984/hensley}
\yr 1984
\mr 85i:11071
\by Douglas Hensley
\paper The sum of $\alpha^{\Omega(n)}$ over integers $n\le x$ with all prime factors between $\alpha$ and $y$
\jour Journal of Number Theory
\issn 0022--314X
\vol 18
\pages 206--212
\endref

\bib{1985/hensley}
\yr 1985
\mr 87e:11110
\by Douglas Hensley
\paper The number of positive integers $\le x$ and free of prime factors $>y$
\jour Journal of Number Theory
\issn 0022--314X
\vol 21
\pages 286--298
\endref

\bib{1986/hensley}
\yr 1986
\mr 87f:11065
\by Douglas Hensley
\paper A property of the counting function of integers with no large prime factors
\jour Journal of Number Theory
\issn 0022--314X
\vol 22
\pages 46--74
\endref

\bib{1993/higham-writing}
\yr 1993
\isbn 0--89871--314--5
\mr 94f:00005
\by Nicholas J. Higham
\book Handbook of writing for the mathematical sciences
\edition 1st
\publ Society for Industrial and Applied Mathematics
\seenewer \cite{1998/higham-writing}
\endref

\bib{1998/higham-writing}
\yr 1998
\isbn 0--89871--420--6
\mr 99g:00017
\by Nicholas J. Higham
\book Handbook of writing for the mathematical sciences
\edition 2nd
\publ Society for Industrial and Applied Mathematics
\seeolder \cite{1993/higham-writing}
\endref

\bib{1984/hildebrand}
\yr 1984
\mr 87a:11086
\by Adolf Hildebrand
\paper Integers free of large prime factors and the Riemann hypothesis
\jour Mathematika
\issn 0025--5793
\vol 31
\pages 258--271
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1984/hildebrand
\endref

\bib{1985/hildebrand}
\yr 1985
\mr 86f:11066
\by Adolf Hildebrand
\paper Integers free of large prime divisors in short intervals
\jour Quarterly Journal of Mathematics
\issn 0033--5606
\vol 36
\pages 57--69
\endref

\bib{1986/hildebrand-local}
\yr 1986
\mr 87k:11099
\by Adolf Hildebrand
\paper On the local behavior of $\Psi(x,y)$
\jour Transactions of the American Mathematical Society
\issn 0002--9947
\vol 297
\pages 729--751
\endref

\bib{1986/hildebrand-rho}
\yr 1986
\mr 87d:11066
\by Adolf Hildebrand
\paper On the number of positive integers $\le x$ and free of prime factors $>y$
\jour Journal of Number Theory
\issn 0022--314X
\vol 22
\pages 289--307
\endref

\bib{1987/hildebrand}
\yr 1987
\mr 88d:11085
\by Adolf Hildebrand
\paper On the number of prime factors of integers without large prime divisors
\jour Journal of Number Theory
\issn 0022--314X
\vol 25
\pages 81--106
\endref

\bib{1990/hildebrand}
\yr 1990
\mr 92f:11123
\by Adolf Hildebrand
\paper The asymptotic behavior of the solutions of a class of differential-difference equations
\jour Journal of the London Mathematical Society
\issn 0024--6107
\vol 42
\pages 11--31
\endref

\bib{1986/hildebrand-rankin}
\yr 1986
\mr 87f:11066
\by Adolf Hildebrand
\by G\'erald Tenenbaum
\paper On integers free of large prime factors
\jour Transactions of the American Mathematical Society
\issn 0002--9947
\vol 296
\pages 265--290
\endref

\bib{1993/hildebrand-survey}
\yr 1993
\mr 95d:11116
\by Adolf Hildebrand
\by G\'erald Tenenbaum
\paper Integers without large prime factors
\jour Journal de Th\'eorie des Nombres de Bordeaux
\issn 1246--7405
\vol 5
\pages 411--484
\endref

\bib{2002/hirvensalo}
\yr 2002
\by Mika Hirvensalo
\by Juhani Karhum\"aki
\paper Computing partial information out of intractable one---the first digit of $2^n$ at base $3$ as an example
\inbook \cite{2002/diks}
\pages 319--327
\endref

\bib{1972/hoffman}
\yr 1972
\isbn 0--919628--06--0
\mr 48:8247
\editor Frederick Hoffman
\editor Roy B. Levow
\editor R. S. D. Thomas
\book Proceedings of the third Southeastern conference on combinatorics, graph theory, and computing
\series Congressus Numerantium
\seriesvol 6
\publ Utilitas Mathematica
\publaddr Winnipeg, Manitoba
\endref

\bib{2003/hong-issac}
\yr 2003
\isbn 1--58113--641--2
\editor Hoon Hong
\book Proceedings of the 2003 international symposium on symbolic and algebraic computation
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1973/hopcroft-duality-draft}
\yr 1973
\mr 56:17201
\by John E. Hopcroft
\by J. Musinski
\paper Duality applied to the complexity of matrix multiplications and other bilinear forms
\inbook \cite{1973/aho-stoc5}
\pages 73--87
\seenewer \cite{1973/hopcroft-duality}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1973/hopcroft-duality-draft
\endref

\bib{1973/hopcroft-duality}
\yr 1973
\mr 56:17201
\by John E. Hopcroft
\by J. Musinski
\paper Duality applied to the complexity of matrix multiplications and other bilinear forms
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 2
\pages 159--173
\seeolder \cite{1973/hopcroft-duality-draft}
\endref

\bib{1972/horowitz}
\yr 1972
\mr 47:4413
\by Ellis Horowitz
\paper A fast method for interpolation using preconditioning
\jour Information Processing Letters
\issn 0020--0190
\vol 1
\pages 157--163
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1972/horowitz
\endref

\bib{2003/housley}
\yr 2003
\by Russell Housley
\paper Using AES CCM mode with IPsec ESP
\url ftp://ftp.isi.edu/internet-drafts/draft-ietf-ipsec-ciph-aes-ccm-05.txt
\endref

\bib{1997/howgrave-graham}
\yr 1997
\mr 99j:94049
\by Nicholas Howgrave-Graham
\paper Finding small roots of univariate modular equations revisited
\inbook \cite{1997/darnell}
\pages 131--142
\endref

\bib{1998/howgrave-graham}
\yr 1998
\by Nicholas Howgrave-Graham
\book Computational mathematics inspired by RSA
\phdthesis
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1998/howgrave-graham
\endref

\bib{2001/howgrave-graham}
\yr 2001
\mr 2003h:11160
\by Nicholas Howgrave-Graham
\paper Approximate integer common divisors
\inbook \cite{2001/silverman}
\pages 51--66
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 2001/howgrave-graham
\endref

\bib{1985/huang}
\yr 1985
\by Ming-Deh A. Huang
\paper Riemann hypothesis and finding roots over finite fields
\inbook \cite{1985/-stoc}
\pages 121--130
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1985/huang
\endref

\bib{1991/huang}
\yr 1991
\mr 92j:68057
\by Ming-Deh A. Huang
\paper Generalized Riemann hypothesis and factoring polynomials over finite fields
\jour Journal of Algorithms
\issn 0196--6774
\vol 12
\pages 464--481
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1991/huang
\endref

\bib{1997/hunter}
\yr 1997
\mr 98c:11093
\by Simon Hunter
\by Jonathan Sorenson
\paper Approximating the number of integers free of large prime factors
\jour Mathematics of Computation
\issn 0025--5718
\vol 66
\pages 1729--1741
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1997/hunter
\endref

\bib{1975/hyafil}
\yr 1975
\by L. Hyafil
\by H. T. Kung
\paper The complexity of parallel evaluation of linear recurrence
\inbook \cite{1975/rounds-stoc7}
\pages 12--22
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1975/hyafil
\endref

\bib{1987/itoh}
\yr 1987
\by Toshiya Itoh
\paper Efficient probabilistic algorithm for solving quadratic equations over finite fields
\jour Electronics Letters
\issn 0013--5194
\vol 23
\pages 869--870
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1987/itoh
\endref

\bib{1989/itoh}
\yr 1989
\mr 91i:11190
\by Toshiya Itoh
\paper An efficient probabilistic algorithm for solving quadratic equation over finite fields
\jour Electronics and Communications in Japan, Part III; Fundamental Electronic Science
\vol 72
\pages 88--96
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1989/itoh
\endref

\bib{1979/iwaniec}
\yr 1979
\mr 80j:10047
\by Henryk Iwaniec
\by Matti Jutila
\paper Primes in short intervals
\jour Arkiv f\"or Matematik
\vol 17
\pages 167--176
\endref

\bib{1999/jacobson}
\yr 1999
\mr 99i:11120
\by Michael J. Jacobson, Jr.
\paper Applying sieving to the computation of quadratic class groups
\jour Mathematics of Computation
\issn 0025--5718
\vol 68
\pages 859--867
\endref

\bib{1993/jaeschke}
\yr 1993
\mr 94d:11004
\by Gerhard Jaeschke
\paper On strong pseudoprimes to several bases
\jour Mathematics of Computation
\issn 0025--5718
\vol 61
\pages 915--926
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1993/jaeschke
\endref

\bib{1975/-icm-2}
\yr 1975
\isbn 0--919558--04--6
\mr 54:8
\editor Ralph D. James
\book Proceedings of the international congress of mathematicians, volume 2
\publ Canadian Mathematical Congress
\publaddr Montreal
\endref

\bib{1993/jebelean}
\yr 1993
\mr 93m:68092
\by Tudor Jebelean
\paper An algorithm for exact division
\jour Journal of Symbolic Computation
\issn 0747--7171
\vol 15
\pages 169--180
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1993/jebelean
\endref

\bib{1997/jebelean}
\yr 1997
\by Tudor Jebelean
\paper Practical integer division with Karatsuba complexity
\inbook \cite{1997/kuechlin-book}
\pages 339--341
\endref

\bib{1994/johansson}
\yr 1994
\mr 94j:94014
\by Thomas Johansson
\paper A shift register construction of unconditionally secure authentication codes
\jour Designs, Codes and Cryptography
\issn 0925--1022
\vol 4
\pages 69--81
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/johansson
\endref

\bib{1997/johansson}
\yr 1997
\by Thomas Johansson
\paper Bucket hashing with a small key size
\inbook \cite{1997/fumy}
\pages 149--162
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1997/johansson
\endref

\bib{2003/johansson-fse}
\yr 2003
\isbn 3--540--20449--0
\editor Thomas Johansson
\book Fast software encryption: 10th international workshop, FSE 2003, Lund, Sweden, February 24--26, 2003, revised papers
\series Lecture Notes in Computer Science
\seriesvol 2887
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1990/johnson-soda}
\yr 1990
\isbn 0--89871--251--3
\editor David S. Johnson
\book Proceedings of the first annual ACM-SIAM symposium on discrete algorithms, January 22--24, 1990, San Francisco, California
\publ Society for Industrial and Applied Mathematics
\publaddr Philadelphia
\endref

\bib{1987/johnson}
\yr 1987
\isbn 0--12--386870--X
\mr 88h:68002
\by David S. Johnson
\by Takao Nishizeki
\by Akihiro Nozaki
\by Herbert S. Wilf
\book Discrete algorithms and complexity
\publ Academic Press
\publaddr Boston
\endref

\bib{1983/johnson}
\yr 1983
\by Howard W. Johnson
\by C. Sidney Burrus
\paper The design of optimal DFT algorithms using dynamic programming
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 31
\pages 378--387
\endref

\bib{1984/johnson}
\yr 1984
\by Howard W. Johnson
\by C. Sidney Burrus
\paper An in-order, in-place radix-$2$ FFT
\inbook \cite{1984/white}
\pages 28A.2.1--28A.2.4
\endref

\bib{1985/johnson}
\yr 1985
\by Howard W. Johnson
\by C. Sidney Burrus
\paper On the structure of efficient DFT algorithms
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 33
\pages 248--254
\endref

\bib{1984/jones}
\yr 1984
\mr 86e:65063
\by Christopher B. Jones
\paper A significance rule for multiple-precision arithmetic
\jour ACM Transactions on Mathematical Software
\issn 0098--3500
\vol 10
\pages 97--107
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1984/jones
\endref

\bib{1965/jordan}
\yr 1965
\mr 32:2392
\by James H. Jordan
\paper The divisibility of Gaussian integers by large Gaussian primes
\jour Duke Mathematical Journal
\issn 0012--7094
\vol 32
\pages 503--509
\endref

\bib{2003/joux}
\yr 2003
\by Antoine Joux
\by Reynald Lercier
\paper Improvements to the general number field sieve for discrete logarithms in prime fields. A comparison with the Gaussian integer method
\jour Mathematics of Computation
\issn 0025--5718
\vol 72
\pages 953--967
\url http://www.ams.org/mcom/2003-72-242/S0025-5718-02-01482-5/home.html
\endref

\bib{1997/joye}
\yr 1997
\by Marc Joye
\by Fran\c cois Koeune
\by Jean-Jacques Quisquater
\book Takagi/Naito's algorithm revisited
\bookinfo Technical Report CG-1997/3
\publ UCL Crypto Group
\publaddr Louvain-la-Neuve
\url http://www.dice.ucl.ac.be/~fkoeune/LLL.html
\endref

\bib{2004/joye-ches2004}
\yr 2004
\editor Marc Joye
\editor Jean-Jacques Quisquater
\book Cryptographic hardware and embedded systems---CHES 2004: 6th international workshop, Cambridge, MA, USA, August 11--13, 2004, proceedings
\series Lecture Notes in Computer Science
\seriesvol 3156
\isbn 3--540--22666--4
\publ Springer
\endref

\bib{2003/joye-ladder}
\yr 2003
\by Marc Joye
\by Sung-Ming Yen
\paper The Montgomery powering ladder
\inbook \cite{2003/kaliski-ches2002}
\pages 291--302
\url http://www.gemplus.com/smart/rd/publications/pdf/JY03mont.pdf
\endref

\bib{1998/kaczorowski}
\yr 1998
\mr 99g:11111
\by Jerzy Kaczorowski
\by Alberto Perelli
\paper On the distribution in short intervals of products of a prime and integers from a given set
\jour Mathematical Proceedings of the Cambridge Philosophical Society
\issn 0305--0041
\vol 124
\pages 1--14
\endref

\bib{1965/kahan}
\yr 1965
\by William M. Kahan
\paper Further remarks on reducing truncation errors
\jour Communications of the ACM
\issn 0001--0782
\vol 8
\pages 40
\endref

\bib{1997/kaliski-crypto1997}
\yr 1997
\editor Burton S. Kaliski Jr.
\book Advances in cryptology---CRYPTO '97: 17th annual international cryptology conference, Santa Barbara, California, USA, August 17--21, 1997, proceedings
\series Lecture Notes in Computer Science
\seriesvol 1294
\publ Springer
\isbn 3--540--63384--7
\mr 99a:94041
\endref

\bib{2003/kaliski-ches2002}
\yr 2003
\isbn 3--540--00409--2
\editor Burton S. Kaliski Jr.
\editor \c Cetin Kaya Ko\c c
\editor Christof Paar
\book Cryptographic hardware and embedded systems---CHES 2002, 4th international workshop, Redwood Shores, CA, USA, August 13--15, 2002, revised papers
\series Lecture Notes in Computer Science
\seriesvol 2523
\publ Springer-Verlag
\endref

\bib{1995/kaliski}
\yr 1995
\by Burt Kaliski
\by Matthew Robshaw
\paper The secure use of RSA
\jour CryptoBytes
\vol 1.3
\pages 7--13
\endref

\bib{1993/kalorkoti}
\yr 1993
\mr 94e:68088
\by K. Kalorkoti
\paper Inverting polynomials and formal power series
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 22
\pages 552--559
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1993/kalorkoti
\endref

\bib{1985/kaltofen}
\yr 1985
\mr 88b:12001
\by Erich Kaltofen
\paper Sparse Hensel lifting
\inbook \cite{1985/caviness}
\pages 4--17
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1985/kaltofen
\endref

\bib{1999/kaltofen}
\yr 1999
\mr 2000b:65093
\by Erich Kaltofen
\by Austin A. Lobo
\paper Distributed matrix-free solution of large sparse linear systems over finite fields
\jour Algorithmica
\issn 0178--4617
\vol 24
\pages 331--348
\url http://www.math.ncsu.edu/~kaltofen/bibliography
\endref

\bib{1998/kaltofen}
\yr 1998
\mr 99m:68097
\by Erich Kaltofen
\by Victor Shoup
\paper Subquadratic-time factoring of polynomials over finite fields
\jour Mathematics of Computation
\issn 0025--5718
\vol 67
\pages 1179--1197
\url http://www.ams.org/journal-getitem?pii=S0025571898009442
\endref

\bib{1989/kaltofen}
\yr 1989
\by Erich Kaltofen
\by Thomas Valente
\by Noriko Yui
\paper An improved Las Vegas primality test
\inbook \cite{1989/-issac}
\pages 26--33
\url http://portal.acm.org/citation.cfm?doid=74540.74545
\endref

\bib{1987/kaminski}
\yr 1987
\mr 89f:68033
\by Michael Kaminski
\paper A linear time algorithm for residue computation and a fast algorithm for division with a sparse divisor
\jour Journal of the ACM
\issn 0004--5411
\vol 34
\pages 968--984
\endref

\bib{1988/kaminski-cyclo}
\yr 1988
\mr 89k:68066
\by Michael Kaminski
\paper An algorithm for polynomial multiplication that does not depend on the ring constants
\jour Journal of Algorithms
\issn 0196--6774
\vol 9
\pages 137--147
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1988/kaminski-cyclo
\endref

\bib{1988/kaminski-transpose}
\yr 1988
\mr 89m:68061
\by Michael Kaminski
\by David G. Kirkpatrick
\by Nader H. Bshouty
\paper Addition requirements for matrix and transposed matrix products
\jour Journal of Algorithms
\issn 0196--6774
\vol 9
\pages 354--364
\endref

\bib{1999/kanemitsu}
\yr 1999
\isbn 0--7923--5952--6
\mr 2000j:11005
\by Shigeru Kanemitsu
\by Kalman Gy\"ory
\book Number theory and its applications
\series Developments in Mathematics
\seriesvol 2
\publ Kluwer Academic Publishers
\publaddr Dordrecht
\endref

\bib{2002/kantor}
\yr 2002
\mr 2003a:20026
\by William M. Kantor
\by \'Akos Seress
\paper Prime power graphs for groups of Lie type
\jour Journal of Algebra
\vol 247
\pages 370--434
\url http://dx.doi.org/10.1006/jabr.2001.9016
\endref

\bib{1963/karatsuba}
\yr 1963
\by Anatoly A. Karatsuba
\by Y. Ofman
\paper Multiplication of multidigit numbers on automata
\jour Soviet Physics Doklady
\issn 0038--5689
\vol 7
\pages 595--596
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1963/karatsuba
\endref

\bib{1999/karatsuba}
\yr 1999
\mr 2000e:65030
\by Ekatharine A. Karatsuba
\paper Fast evaluation of hypergeometric functions by FEE
\inbook \cite{1999/papamichael}
\pages 303--314
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1999/karatsuba
\endref

\bib{1994/karp}
\yr 1994
\by Alan H. Karp
\by Peter Markstein
\book High-precision division and square root
\bookinfo Technical Report HPL-93-42(R.1)
\url http://www.hpl.hp.com/techreports/93/HPL-93-42.html
\seenewer \cite{1997/karp}
\endref

\bib{1997/karp}
\yr 1997
\mr 1 671 702
\by Alan H. Karp
\by Peter Markstein
\paper High-precision division and square root
\jour ACM Transactions on Mathematical Software
\issn 0098--3500
\vol 23
\pages 561--589
\url http://www.hpl.hp.com/\allowbreak personal/\allowbreak Alan_Karp/\allowbreak publications/\allowbreak publications.html
\seeolder \cite{1994/karp}
\endref

\bib{1972/karp}
\yr 1972
\by Richard M. Karp (chairman)
\book 13th annual symposium on switching and automata theory
\publ IEEE Computer Society
\publaddr Northridge
\endref

\bib{1974/karp}
\yr 1974
\isbn 0--8218--1327--7
\mr 50:3631
\editor Richard M. Karp
\book Complexity of computation
\series SIAM-AMS Proceedings
\seriesvol 7
\publ American Mathematical Society
\publaddr Providence, Rhode Island
\endref

\bib{1987/karp}
\yr 1987
\by Richard M. Karp
\by Michael O. Rabin
\paper Efficient randomized pattern-matching algorithms
\jour IBM Journal of Research and Development
\issn 0018--8646
\vol 31
\pages 249--260
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1987/karp
\endref

\bib{2003/katz-sigs}
\yr 2003
\by Jonathan Katz
\by Nan Wang
\paper Efficiency improvements for signature schemes with tight security reductions
\url http://www.cs.umd.edu/~jkatz/papers.html
\inbook \cite{2003/atluri-acmccs}
\pages 155--164
\endref

\bib{1963/keller}
\yr 1963
\mr 29:3445
\by Herbert B. Keller
\by J. R. Swenson
\paper Experiments on the lattice problem of Gauss
\jour Mathematics of Computation
\issn 0025--5718
\vol 17
\pages 223--230
\endref

\bib{2000/kelsey}
\yr 2000
\by John Kelsey
\by Bruce Schneier
\by David Wagner
\by Chris Hall
\paper Side channel cryptanalysis of product ciphers
\jour Journal of Computer Security
\issn 0926--227X
\vol 8
\pages 141--158
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 2000/kelsey
\endref

\bib{1980/keys}
\yr 1980
\mr 82a:94012
\by R. G. Keys
\paper An algorithm for computing the $N$th roots of unity in bit-reversed order
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 28
\pages 762--763
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1980/keys
\endref

\bib{1996/khajah}
\yr 1996
\mr 98d:11160
\by H. G. Khajah
\by Eduardo L. Ortiz
\paper On a differential-delay equation arising in number theory
\jour Applied Numerical Mathematics
\issn 0168--9274
\vol 21
\pages 431--437
\endref

\bib{2001/kilian-crypto2001}
\yr 2001
\mr 2003d:94002
\isbn 3--540--42456--3
\editor Joe Kilian
\book Advances in cryptology: CRYPTO 2001, 21st annual international cryptology conference, Santa Barbara, California, USA, August 19--23, 2001, proceedings
\series Lecture Notes in Computer Science
\seriesvol 2139
\publ Springer
\endref

\bib{1996/kim}
\yr 1996
\isbn 3--540--61872--4
\mr 98g:94001
\editor Kwangjo Kim
\editor Tsutomu Matsumoto
\book Advances in cryptology---ASIACRYPT '96: international conference on the theory and applications of cryptology and information security, Kyongju, Korea, November 3--7, 1996, proceedings
\series Lecture Notes in Computer Science
\seriesvol 1163
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1998/kirrinnis}
\yr 1998
\by Peter Kirrinnis
\paper Partial fraction decomposition in $\C(z)$ and simultaneous Newton iteration for factorization in $\C[z]$
\jour Journal of Complexity
\issn 0885--064X
\vol 14
\pages 378--444
\url http://www.idealibrary.com/retrieve/doi/10.1006/jcom.1998.0481
\endref

\bib{1999/kleiman-writing}
\yr 1999
\by Steven L. Kleiman
\paper Writing a math Phase Two paper
\url http://www.mit.edu/afs/athena.mit.edu/course/other/mathp2/www/piil.html
\endref

\bib{1979/knight}
\yr 1979
\by William R. Knight
\by R. Kaiser
\paper A simple fixed-point error bound for the fast Fourier transform
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 27
\pages 615--620
\endref

\bib{1999/knudsen}
\yr 1999
\isbn 354066226X
\editor Lars Knudsen
\book Fast software encryption: 6th international workshop, FSE'99, Rome, Italy, March 1999: proceedings
\series Lecture Notes in Computer Science
\seriesvol 1636
\publ Springer-Verlag
\publaddr Berlin
\url http://link.springer.de/link/service/series/0558/tocs/t1636.htm
\endref

\bib{2002/knudsen-book}
\yr 2002
\isbn 3--540--43553--0
\editor Lars Knudsen
\book Advances in cryptology---EUROCRYPT 2002: proceedings of the 21st International Annual Conference on the Theory and Applications of Cryptographic Techniques held in Amsterdam, April 28--May 2, 2002
\series Lecture Notes in Computer Science
\seriesvol 2332
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1969/knuth-2}
\yr 1969
\mr 44:3531
\by Donald E. Knuth
\book The art of computer programming, volume 2: seminumerical algorithms
\edition 1st
\printing 1st
\publ Addison-Wesley
\publaddr Reading
\seenewer \cite{1971/knuth-2}
\endref

\bib{1971/knuth-gcd}
\yr 1971
\mr 54:11839
\by Donald E. Knuth
\paper The analysis of algorithms
\inbook \cite{1971/-icm-3}
\pages 269--274
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1971/knuth-gcd
\endref

\bib{1971/knuth-2}
\yr 1971
\mr 44:3531
\by Donald E. Knuth
\book The art of computer programming, volume 2: seminumerical algorithms
\edition 1st
\printing 2nd
\publ Addison-Wesley
\publaddr Reading
\seeolder \cite{1969/knuth-2}
\seenewer \cite{1981/knuth-2}
\endref

\bib{1973/knuth-3}
\yr 1973
\mr 56:4281
\isbn 0--201--03803--X
\by Donald E. Knuth
\book The art of computer programming, volume 3: sorting and searching
\edition 1st
\publ Addison-Wesley
\publaddr Reading
\seenewer \cite{1998/knuth-3}
\endref

\bib{1974/knuth-goto}
\yr 1974
\by Donald E. Knuth
\paper Structured programming with go to statements
\jour Computing Surveys
\vol 6
\pages 261--301
\endref

\bib{1981/knuth-2}
\yr 1981
\isbn 0--201--03822--6
\mr 83i:68003
\by Donald E. Knuth
\book The art of computer programming, volume 2: seminumerical algorithms
\edition 2nd
\publ Addison-Wesley
\publaddr Reading
\seeolder \cite{1971/knuth-2}
\seenewer \cite{1997/knuth-2}
\endref

\bib{1997/knuth-2}
\yr 1997
\isbn 0--201--89684--2
\by Donald E. Knuth
\book The art of computer programming, volume 2: seminumerical algorithms
\edition 3rd
\publ Addison-Wesley
\publaddr Reading
\seeolder \cite{1981/knuth-2}
\endref

\bib{1998/knuth-3}
\yr 1998
\isbn 0--201--89685--0
\by Donald E. Knuth
\book The art of computer programming, volume 3: sorting and searching
\edition 2nd
\publ Addison-Wesley
\publaddr Reading
\seeolder \cite{1973/knuth-3}
\endref

\bib{2000/knuth-analysis}
\yr 2000
\mr 2001c:68066
\isbn 1--57586--212--3
\editor Donald E. Knuth
\book Selected papers on analysis of algorithms
\publ CSLI Publications
\publaddr Stanford
\endref

\bib{1989/knuth-writing}
\yr 1989
\isbn 0--88385--063--X
\by Donald E. Knuth
\by Tracy Larrabee
\by Paul M. Roberts
\book Mathematical writing
\publ Mathematical Association of America
\url http://www-cs-faculty.stanford.edu/~knuth/klr.html
\endref

\bib{1981/knuth-transpose}
\yr 1981
\by Donald E. Knuth
\by Christos H. Papadimitriou
\paper Duality in addition chains
\jour Bulletin of the European Association for Theoretical Computer Science
\issn 0252--9742
\vol 13
\pages 2--4
\also reprinted in \cite[chapter 31]{2000/knuth-analysis}
\endref

\bib{1976/knuth}
\yr 1976
\mr 58:16485
\by Donald E. Knuth
\by Luis Trabb Pardo
\paper Analysis of a simple factorization algorithm
\jour Theoretical Computer Science
\issn 0304--3975
\vol 3
\pages 321--348
\endref

\bib{1987/koblitz}
\yr 1987
\mr 88b:94017
\by Neal Koblitz
\paper Elliptic curve cryptosystems
\jour Mathematics of Computation
\issn 0025--5718
\vol 48
\pages 203--209
\endref

\bib{1994/koblitz-book}
\yr 1994
\isbn 0--387--94293--9
\mr 95h:94023
\by Neal Koblitz
\book A course in number theory and cryptography
\edition 2nd
\publ Springer-Verlag
\publaddr New York
\endref

\bib{1994/koblitz-survey}
\yr 1994
\mr 96f:11163
\by Neal Koblitz
\paper Number theory and cryptography
\inbook \cite{1994/artin-book}
\pages 211--236
\endref

\bib{1996/koblitz}
\yr 1996
\editor Neal Koblitz
\book Advances in cryptology---CRYPTO '96
\series Lecture Notes in Computer Science
\seriesvol 1109
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2004/koblitz}
\yr 2004
\by Neal Koblitz
\by Alfred J. Menezes
\paper Another look at ``provable security''
\url http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/provable.pdf
\endref

\bib{2005/koblitz-provable}
\yr 2005
\by Neal Koblitz
\by Alfred J. Menezes
\paper Another look at ``provable security''
\url http://eprint.iacr.org/2004/152/
\paperinfo revised 4 May 2005
\seenewer \cite{2007/koblitz-provable}
\endref

\bib{2006/koblitz-provable}
\yr 2006
\by Neal Koblitz
\by Alfred J. Menezes
\paper Another look at ``provable security''. II
\url http://eprint.iacr.org/2006/229
\inbook \cite{2006/barua-indocrypt}
\pages 148--175
\endref

\bib{2007/koblitz-provable}
\yr 2007
\by Neal Koblitz
\by Alfred J. Menezes
\paper Another look at ``provable security''
\jour Journal of Cryptology
\issn 0933--2790
\issn 0933--2790
\vol 20
\pages 3--37
\seeolder \cite{2005/koblitz-provable}
\endref

\bib{1995/koc}
\yr 1995
\mr 96e:68046
\by \c Cetin Kaya Ko\c c
\paper Analysis of sliding window techniques for exponentiation
\jour Computers \& Mathematics with Applications
\issn 0898--1221
\vol 30
\pages 17--24
\endref

\bib{2000/koc-ches2000}
\yr 2000
\isbn 3--540--42521--7
\by \c Cetin Kaya Ko\c c
\by Christof Paar
\book Cryptographic hardware and embedded systems---CHES 2000: Proceedings of the 2nd International Workshop held in Worcester, MA, USA, August 2000
\series Lecture Notes in Computer Science
\vol 1965
\publ Springer
\endref

\bib{1996/kocher}
\yr 1996
\by Paul C. Kocher
\paper Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems
\inbook \cite{1996/koblitz}
\pages 104--113
\url http://www.cryptography.com/timingattack/paper.html
\endref

\bib{1999/koeune}
\yr 1999
\by Fran\c cois Koeune
\by Jean-Jacques Quisquater
\paper A timing attack against Rijndael
\url http://www.dice.ucl.ac.be/crypto/techreports.html
\endref

\bib{1974/kogge}
\yr 1974
\mr 49:6552
\by Peter M. Kogge
\paper Parallel solution of recurrence problems
\jour IBM Journal of Research and Development
\issn 0018--8646
\vol 18
\pages 138--148
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1974/kogge
\endref

\bib{1973/kogge}
\yr 1973
\by Peter M. Kogge
\by Harold S. Stone
\paper A parallel algorithm for the efficient solution of a general class of recurrence equations
\jour IEEE Transactions on Computers
\issn 0018--9340
\vol 22
\pages 786--793
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1973/kogge
\endref

\bib{2004/kohno-cwc}
\yr 2004
\by Tadayoshi Kohno
\by John Viega
\by Doug Whiting
\paper CWC: a high-performance conventional authenticated encryption mode
\url http://www.cs.ucsd.edu/users/tkohno/papers/CWC/
\endref

\bib{1977/kolba}
\yr 1977
\by Dean P. Kolba
\by Thomas W. Parks
\paper A prime factor FFT algorithm using high-speed convolution
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 25
\pages 281--294
\endref

\bib{1992/kollerstrom}
\yr 1992
\by Nick Kollerstrom
\paper Thomas Simpson and ``Newton's method of approximation'': an enduring myth
\jour British Journal for the History of Science
\vol 1992
\pages 347--354
\url http://www.ucl.ac.uk/sts/nk/newtonapprox.htm
\endref

\bib{1997/konyagin}
\yr 1997
\mr 98a:11184
\by Sergei Konyagin
\by Carl Pomerance
\paper On primes recognizable in deterministic polynomial time
\inbook \cite{1997/graham}
\pages 176--198
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1997/konyagin
\endref

\bib{1997/koyama}
\yr 1997
\mr 97m:11041
\by Kenji Koyama
\by Yukio Tsuruoka
\by Hiroshi Sekigawa
\paper On searching for solutions of the Diophantine equation $x^3+y^3+z^3=n$
\jour Mathematics of Computation
\issn 0025--5718
\vol 66
\pages 841--851
\url http://www.ams.org/journal-getitem?pii=S0025571897008302
\endref

\bib{1997/krantz-writing}
\yr 1997
\isbn 0--8218--0635--1
\by Steven G. Krantz
\book A primer of mathematical writing
\publ American Mathematical Society
\endref

\bib{1989/krause}
\yr 1989
\by Uwe Krause
\book Anzahl der Ideale $a$ mit $Na\le x$ und Primteilern $p$ mit $Np\le y$
\bookinfo Diplomarbeit
\publ Philipps-Universit\"at Marburg
\endref

\bib{1990/krause}
\yr 1990
\mr 91i:11165
\by Uwe Krause
\paper Absch\"atzungen f\"ur die Funktion $\Psi_K(x,y)$ in algebraischen Zahl\-k\"orpern
\jour Manuscripta Mathematica
\issn 0025--2611
\vol 69
\pages 319--331
\endref

\bib{1994/krawczyk}
\yr 1994
\by Hugo Krawczyk
\paper LFSR-based hashing and authentication
\inbook \cite{1994/desmedt}
\pages 129--139
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/krawczyk
\endref

\bib{1995/krawczyk}
\yr 1995
\by Hugo Krawczyk
\paper New hash functions for message authentication
\inbook \cite{1995/guillou}
\pages 301--310
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1995/krawczyk
\endref

\bib{1998/krawczyk}
\yr 1998
\isbn 3--540--64892--5
\mr 99i:94059
\editor Hugo Krawczyk
\book Advances in cryptology: CRYPTO '98
\series Lecture Notes in Computer Science
\seriesvol 1462
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1977/krishnamurthy}
\yr 1977
\mr 57:7963
\by E. V. Krishnamurthy
\paper Matrix processors using $p$-adic arithmetic for exact linear computations
\jour IEEE Transactions on Computers
\issn 0018--9340
\vol 26
\pages 633--639
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1977/krishnamurthy
\endref

\bib{1987/kronsjo}
\yr 1987
\isbn 0--471--91201--8
\mr 90e:68003
\by Lydia I. Kronsj\"o
\book Algorithms: their complexity and efficiency
\edition 2nd
\publ Wiley
\publaddr New York
\endref

\bib{2000/krovetz-polyr}
\yr 2000
\by Ted Krovetz
\by Phillip Rogaway
\paper Fast universal hashing with small keys and no preprocessing: the PolyR construction
\url http://www.cs.ucdavis.edu/~rogaway/papers/poly.htm
\endref

\bib{2000/krovetz-thesis}
\yr 2000
\by Theodore Krovetz
\book Software-optimized universal hashing and message authentication
\phdthesis
\publ University of California at Davis
\url http://www.cs.ucdavis.edu/~rogaway/umac/
\endref

\bib{1975/kuck}
\yr 1975
\mr 52:4707
\by David J. Kuck
\by Kiyoshi Maruyama
\paper Time bounds on the parallel evaluation of arithmetic expressions
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 4
\pages 147--162
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1975/kuck
\endref

\bib{1997/kuechlin-book}
\yr 1997
\isbn 0--89791--875--4
\editor Wolfgang Kuechlin
\book Symbolic and algebraic computation: ISSAC '97
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1991/kuechlin}
\yr 1991
\by Wolfgang Kuechlin
\by David Lutz
\by Nicholas Nevin
\paper Integer multiplication in PARSAC-2 on stock microprocessors
\inbook \cite{1991/mattson}
\pages 206--217
\endref

\bib{2001/kuhn-rho}
\yr 2001
\by Fabian Kuhn
\by Rene Struik
\paper Random walks revisited: extensions of Pollard's rho algorithm for computing multiple discrete logarithms
\url http://www.distcomp.ethz.ch/publications.html
\inbook \cite{2001/vaudenay-sac2001}
\pages 212--229
\endref

\bib{1974/kung}
\yr 1974
\mr 50:3536
\by H. T. Kung
\paper On computing reciprocals of power series
\jour Numerische Mathematik
\issn 0029--599X
\vol 22
\pages 341--348
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1974/kung
\endref

\bib{1999/kurosawa}
\yr 1999
\by Kaoru Kurosawa
\by Wakaha Ogata
\paper Efficient Rabin-type digital signature scheme
\jour Designs, Codes and Cryptography
\issn 0925--1022
\vol 16
\pages 53--64
\endref

\bib{2002/kutz-lucas}
\yr 2002
\by Martin Kutz
\paper Lower bounds for Lucas chains
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 31
\pages 1896--1908
\url http://www.mpi-sb.mpg.de/~mkutz/publications.html
\endref

\bib{1987/lagarias}
\yr 1987
\mr 88k:11095
\by Jeffrey C. Lagarias
\by Andrew M. Odlyzko
\paper Computing $\pi(x)$: an analytic method
\jour Journal of Algorithms
\issn 0196--6774
\vol 8
\pages 173--191
\url http://www.dtc.umn.edu/~odlyzko/doc/algorithms.html
\endref

\bib{1991/lai}
\yr 1991
\by Xuejia Lai
\by James L. Massey
\by Sean Murphy
\paper Markov ciphers and differential cryptanalysis
\inbook \cite{1991/davies}
\pages 17--38
\endref

\bib{1991/lamacchia-log}
\yr 1991
\mr 92j:11148
\by Brian A. LaMacchia
\by Andrew M. Odlyzko
\paper Computation of discrete logarithms in prime fields
\jour Designs, Codes and Cryptography
\issn 0925--1022
\vol 1
\pages 47--62
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1991/lamacchia-log
\endref

\bib{1991/lamacchia-linear}
\yr 1991
\by Brian A. LaMacchia
\by Andrew M. Odlyzko
\paper Solving large sparse linear systems over finite fields
\inbook \cite{1991/menezes}
\pages 109--133
\endref

\bib{1996/lamarca-thesis}
\yr 1996
\by Anthony LaMarca
\book Caches and algorithms
\phdthesis
\url http://www.lamarca.org/anthony/caches.html
\endref

\bib{1996/lamarca-heaps}
\yr 1996
\mr 1 652 903
\by Anthony LaMarca
\by Richard E. Ladner
\paper The influence of caches on the performance of heaps
\jour The ACM Journal of Experimental Algorithmics
\issn 1084--6654
\vol 1
\url http://www.lamarca.org/anthony/caches.html
\endref

\bib{1997/lamarca-sorting}
\yr 1997
\mr 1 447 684
\by Anthony LaMarca
\by Richard E. Ladner
\paper The influence of caches on the performance of sorting
\inbook \cite{1997/-soda}
\seenewer \cite{1999/lamarca-sorting}
\url http://www.lamarca.org/anthony/caches.html
\endref

\bib{1999/lamarca-sorting}
\yr 1999
\mr 99k:68037
\by Anthony LaMarca
\by Richard E. Ladner
\paper The influence of caches on the performance of sorting
\jour Journal of Algorithms
\issn 0196--6774
\vol 31
\pages 66--104
\seeolder \cite{1997/lamarca-sorting}
\url http://www.lamarca.org/anthony/caches.html
\endref

\bib{1996/lambert}
\yr 1996
\by Robert Lambert
\book Computational aspects of discrete logarithms
\phdthesis
\url http://www.cacr.math.uwaterloo.ca/techreports/2000/lambert-thesis.ps
\endref

\bib{1994/lam-exp}
\yr 1994
\by K. Y. Lam
\by L. C. K. Hui
\paper On the efficiency of $SS(l)$ square-and-multiply exponentiation algorithms
\jour Electronics Letters
\issn 0013--5194
\vol 30
\pages 2115--2116
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/lam-exp
\endref

\bib{1966/lander}
\yr 1966
\by Leon J. Lander
\by Thomas R. Parkin
\paper Equal sums of biquadrates
\jour Mathematics of Computation
\issn 0025--5718
\vol 20
\pages 450--451
\endref

\bib{1967/lander-euler}
\yr 1967
\mr 36:3721
\by Leon J. Lander
\by Thomas R. Parkin
\paper A counterexample to Euler's sum of powers conjecture
\jour Mathematics of Computation
\issn 0025--5718
\vol 21
\pages 101--103
\endref

\bib{1967/lander-survey}
\yr 1967
\mr 36:5060
\by Leon J. Lander
\by Thomas R. Parkin
\by John L. Selfridge
\paper A survey of equal sums of like powers
\jour Mathematics of Computation
\issn 0025--5718
\vol 21
\pages 446--459
\endref

\bib{1984/lang}
\yr 1984
\by Hans-Werner Lang
\by Manfred Schimmler
\by Hartmut Schmeck
\by Heiko Schr\"oder
\book Systolic sorting on a mesh-connected network
\bookinfo report 8405
\publ Christian-Albrechts-Universit\"at Kiel
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1984/lang
\endref

\bib{1957/leech}
\yr 1957
\by John Leech
\paper Some solutions of Diophantine equations
\jour Proceedings of the Cambridge Philosophical Society
\issn 0305--0041
\vol 53
\pages 778--780
\endref

\bib{1785/legendre}
\yr 1785
\by Adrien-Marie Legendre
\paper Recherches d'analyse ind\'etermin\'ee
\jour Histoire de L'Acad\'emie Royale des Sciences
\pages 465--559
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1785/legendre
\endref

\bib{1927/lehmer}
\yr 1927
\by Derrick H. Lehmer
\paper Tests for primality by the converse of Fermat's theorem
\jour Bulletin of the American Mathematical Society
\issn 0273--0979
\vol 33
\pages 327--340
\endref

\bib{1928/lehmer}
\yr 1928
\by Derrick H. Lehmer
\paper The mechanical combination of linear forms
\jour American Mathematical Monthly
\issn 0002--9890
\vol 35
\pages 114--121
\url http://links.jstor.org/sici?sici=0002-9890(192803)35:3<114:TMCOLF>2.0.CO;2-Z
\endref

\bib{1930/lehmer}
\yr 1930
\by Derrick H. Lehmer
\paper An extended theory of Lucas' functions
\jour Annals of Mathematics
\issn 0003--486X
\vol 31
\pages 419--448
\endref

\bib{1938/lehmer}
\yr 1938
\by Derrick H. Lehmer
\paper Euclid's algorithm for large numbers
\jour American Mathematical Monthly
\issn 0002--9890
\vol 45
\pages 227--233
\url http://links.jstor.org/sici?sici=0002-9890(193804)45:4<227:EAFLN>2.0.CO;2-Y
\endref

\bib{1954/lehmer}
\yr 1954
\mr 16,113e
\by Derrick H. Lehmer
\paper A sieve problem on ``pseudo-squares''
\jour Mathematical Tables and Other Aids to Computation
\issn 0891--6837
\vol 8
\pages 241--242
\url http://links.jstor.org/sici?sici=0891-6837(195410)8:48<237:N>2.0.CO;2-R
\endref

\bib{1969/lehmer}
\yr 1969
\mr 40:84
\by Derrick H. Lehmer
\paper Computer technology applied to the theory of numbers
\inbook \cite{1969/leveque}
\pages 117--151
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1969/lehmer
\endref

\bib{1976/lehmer}
\yr 1976
\mr 54:5093
\by Derrick H. Lehmer
\paper Strong Carmichael numbers
\jour Journal of the Australian Mathematical Society Series A
\vol 21
\pages 508--510
\endref

\bib{1990/lehmer-survey}
\yr 1990
\mr 91j:11111
\by Derrick H. Lehmer
\paper Factorization then and now
\inbook \cite{1990/chudnovsky-book}
\pages 311--320
\endref

\bib{1970/lehmer}
\yr 1970
\mr 42:5889
\by Derrick H. Lehmer
\by Emma Lehmer
\by Daniel Shanks
\paper Integer sequence having prescribed quadratic character
\jour Mathematics of Computation
\issn 0025--5718
\vol 24
\pages 433--451
\url http://links.jstor.org/\allowbreak sici?sici=\allowbreak 0025-5718\allowbreak (197004)\allowbreak 24:\allowbreak 110\allowbreak <433:\allowbreak ISHPQC>\allowbreak 2.0.CO;2-G
\endref

\bib{1931/lehmer}
\yr 1931
\by Derrick H. Lehmer
\by R. E. Powers
\paper On factoring large numbers
\jour Bulletin of the American Mathematical Society
\issn 0273--0979
\vol 37
\pages 770--776
\endref

\bib{1983/lempel}
\yr 1983
\mr 84c:68031
\by Abraham Lempel
\by Gadiel Seroussi
\by Shmuel Winograd
\paper On the complexity of multiplication in finite fields
\jour Theoretical Computer Science
\issn 0304--3975
\vol 22
\pages 285--296
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1983/lempel
\endref

\bib{1988/lenstra}
\yr 1988
\mr 90a:11152
\by Arjen K. Lenstra
\paper Fast and rigorous factorization under the generalized Riemann hypothesis
\jour Indagationes Mathematicae
\issn 0019--3577
\vol 50
\pages 443--454
\endref

\bib{1998/lenstra-rsa}
\yr 1998
\by Arjen K. Lenstra
\paper Generating RSA moduli with a predetermined portion
\inbook \cite{1998/ohta}
\pages 1--10
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1998/lenstra-rsa
\endref

\bib{1990/lenstra-survey}
\yr 1990
\by Arjen K. Lenstra
\by Hendrik W. Lenstra, Jr.
\paper Algorithms in number theory
\inbook \cite{1990/vanleeuwen}
\pages 673--715
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1990/lenstra-survey
\endref

\bib{1993/lenstra-book}
\yr 1993
\isbn 3--540--57013--6
\mr 96m:11116
\editor Arjen K. Lenstra
\editor Hendrik W. Lenstra, Jr.
\book The development of the number field sieve
\series Lecture Notes in Mathematics
\seriesvol 1554
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1982/lenstra-lll}
\yr 1982
\mr 84a:12002
\by Arjen K. Lenstra
\by Hendrik W. Lenstra, Jr.
\by L\'aszl\'o Lov\'asz
\paper Factoring polynomials with rational coefficients
\jour Mathematische Annalen
\issn 0025--5831
\vol 261
\pages 515--534
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1982/lenstra-lll
\endref

\bib{1993/lenstra-2512}
\yr 1993
\mr 93k:11116
\by Arjen K. Lenstra
\by Hendrik W. Lenstra, Jr.
\by Mark S. Manasse
\by John M. Pollard
\paper The factorization of the ninth Fermat number
\jour Mathematics of Computation
\issn 0025--5718
\vol 61
\pages 319--349
\endref

\bib{1993/lenstra-nfs}
\yr 1993
\by Arjen K. Lenstra
\by Hendrik W. Lenstra, Jr.
\by Mark S. Manasse
\by John M. Pollard
\paper The number field sieve
\inbook \cite{1993/lenstra-book}
\pages 11--42
\endref

\bib{1990/lenstra}
\yr 1990
\mr 91i:11182
\by Arjen K. Lenstra
\by Mark S. Manasse
\paper Factoring by electronic mail
\inbook \cite{1990/quisquater}
\pages 355--371
\endref

\bib{1994/lenstra}
\yr 1994
\mr 95a:11107
\by Arjen K. Lenstra
\by Mark S. Manasse
\paper Factoring with two large primes
\jour Mathematics of Computation
\issn 0025--5718
\vol 63
\pages 785--798
\endref

\bib{2000/lenstra}
\yr 2000
\by Arjen K. Lenstra
\by Adi Shamir
\paper Analysis and optimization of the TWINKLE factoring device
\inbook \cite{2000/preneel}
\pages 35--52
\endref

\bib{2002/lenstra}
\yr 2002
\by Arjen K. Lenstra
\by Adi Shamir
\by Jim Tomlinson
\by Eran Tromer
\paper Analysis of Bernstein's factorization circuit
\url http://www.cryptosavvy.com
\endref

\bib{2001/lenstra}
\yr 2001
\by Arjen K. Lenstra
\by Eric R. Verheul
\paper Selecting cryptographic key sizes
\paperinfo to appear
\jour Journal of Cryptology
\issn 0933--2790
\url http://www.cryptosavvy.com/Joc.ps
\endref

\bib{1983/lenstra}
\yr 1983
\mr 86f:90106
\by Hendrik W. Lenstra, Jr.
\paper Integer programming with a fixed number of variables
\jour Mathematics of Operations Research
\issn 0364--765X
\vol 8
\pages 538--548
\endref

\bib{1984/lenstra}
\yr 1984
\mr 85b:11118
\by Hendrik W. Lenstra, Jr.
\paper Divisors in residue classes
\jour Mathematics of Computation
\issn 0025--5718
\vol 42
\pages 331--340
\url http://www.jstor.org/sici?sici=0025-5718(198401)42:165<331:DIRC>2.0.CO;2-6
\endref

\bib{1985/lenstra-galois}
\yr 1985
\mr 87g:11171
\by Hendrik W. Lenstra, Jr.
\paper Galois theory and primality testing
\inbook \cite{1985/reiner}
\pages 169--189
\endref

\bib{1987/lenstra-ecnta}
\yr 1987
\mr 89d:11114
\by Hendrik W. Lenstra, Jr.
\paper Elliptic curves and number-theoretic algorithms
\inbook \cite{1987/gleason}
\url https://openaccess.leidenuniv.nl/dspace/bitstream/1887/3822/1/346_080.pdf
\pages 99--120
\endref

\bib{1987/lenstra-fiec}
\yr 1987
\mr 89g:11125
\by Hendrik W. Lenstra, Jr.
\paper Factoring integers with elliptic curves
\jour Annals of Mathematics
\issn 0003--486X
\vol 126
\pages 649--673
\url http://links.jstor.org/sici?sici=0003-486X(198711)2:126:3<649:FIWEC>2.0.CO;2-V
\endref

\bib{1993/lenstra-hecm}
\yr 1993
\mr 94m:11107
\by Hendrik W. Lenstra, Jr.
\by Jonathan Pila
\by Carl Pomerance
\paper A hyperelliptic smoothness test, I
\jour Philosophical Transactions of the Royal Society of London Series A
\issn 0962--8428
\vol 345
\pages 397--408
\url http://links.jstor.org/sici?sici=0962-8428(19931115)345:1676<397:AHSTI>2.0.CO;2-P
\endref

\bib{2002/lenstra-hecm}
\yr 2002
\mr 2003f:11190
\by Hendrik W. Lenstra, Jr.
\by Jonathan Pila
\by Carl Pomerance
\paper A hyperelliptic smoothness test, II
\jour Proceedings of the London Mathematical Society
\vol 84
\pages 105--146
\url http://www.journals.cambridge.org/jid_PLM
\endref

\bib{1992/lenstra}
\yr 1992
\mr 92m:11145
\by Hendrik W. Lenstra, Jr.
\by Carl Pomerance
\paper A rigorous time bound for factoring integers
\jour Journal of the American Mathematical Society
\issn 0894--0347
\vol 5
\pages 483--516
\url http://links.jstor.org/sici?sici=0894-0347(199207)5:3<483:ARTBFF>2.0.CO;2-S
\endref

\bib{1982/lenstra-book}
\yr 1982
\isbn 90--6196--248--X
\mr 84c:10002
\editor Hendrik W. Lenstra, Jr.
\editor Robert Tijdeman
\book Computational methods in number theory I
\series Mathematical Centre Tracts
\seriesvol 154
\publ Mathematisch Centrum
\publaddr Amsterdam
\endref

\bib{1982/lenstra-book2}
\yr 1982
\isbn 90--6196--249--8
\mr 84d:10004
\editor Hendrik W. Lenstra, Jr.
\editor Robert Tijdeman
\book Computational methods in number theory II
\series Mathematical Centre Tracts
\seriesvol 155
\publ Mathematisch Centrum
\publaddr Amsterdam
\endref

\bib{1995/lercier}
\yr 1995
\mr 96h:11060
\by Reynald Lercier
\by Fran\c cois Morain
\paper Counting the number of points on elliptic curves over finite fields: strategies and performances
\inbook \cite{1995/guillou}
\pages 79--94
\endref

\bib{1969/leveque}
\yr 1969
\mr 39:1388
\editor William J. Leveque
\book Studies in number theory
\series MAA Studies in Mathematics
\seriesvol 6
\publ Prentice-Hall
\publaddr Englewood Cliffs, New Jersey
\endref

\bib{1985/levin}
\yr 1985
\by Leonid Levin
\paper One-way functions and pseudorandom generators
\inbook \cite{1985/-stoc}
\pages 363--365
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1985/levin
\endref

\bib{1971/lewis-book}
\yr 1971
\isbn 0--8218--1420--6
\mr 47:3286
\editor Donald J. Lewis
\book 1969 Number Theory Institute
\series Proceedings of Symposia in Pure Mathematics
\seriesvol 20
\publ American Mathematical Society
\publaddr Providence, Rhode Island
\endref

\bib{1997/lidl}
\yr 1997
\isbn 0--521--39231--4
\mr 97i:11115
\by Rudolf Lidl
\by Harald Niederreiter
\book Finite fields
\edition 2nd
\series Encyclopedia of Mathematics and its Applications
\seriesvol 20
\publ Cambridge University Press
\publaddr Cambridge
\endref

\bib{1994/lim}
\yr 1994
\by Chae Hoon Lim
\by Pil Joong Lee
\paper More flexible exponentiation with precomputation
\inbook \cite{1994/desmedt}
\pages 95--107
\endref

\bib{1997/lim-recovery}
\yr 1997
\by Chae Hoon Lim
\by Pil Joong Lee
\paper A key recovery attack on discrete log-based schemes using a prime order subgroup
\inbook \cite{1997/kaliski-crypto1997}
\pages 249--263
\url http://dasan.sejong.ac.kr/~chlim/english_pub.html
\endref

\bib{1997/lindhurst}
\yr 1997
\by Scott Lindhurst
\book Computing roots in finite fields and groups, with a jaunt through sums of digits
\phdthesis
\publ University of Wisconsin at Madison
\url http://members.aol.com/SokobanMac/scott/papers/papers.html
\endref

\bib{1999/lindhurst}
\yr 1999
\mr 2000b:11140
\by Scott Lindhurst
\paper An analysis of Shanks's algorithm for computing square roots in finite fields
\inbook \cite{1999/gupta}
\pages 231--242
\url http://members.aol.com/SokobanMac/scott/papers/papers.html
\endref

\bib{1981/linnainmaa}
\yr 1981
\mr 82h:68041
\by Seppo Linnainmaa
\paper Software for doubled-precision floating-point computations
\jour ACM Transactions on Mathematical Software
\issn 0098--3500
\vol 7
\pages 272--283
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1981/linnainmaa
\endref

\bib{1998/lin}
\yr 1998
\isbn 981--3083--92--1
\mr 2000g:68006
\editor Xuemin Lin
\book Computing theory '98
\publ Springer-Verlag
\publaddr Singapore
\endref

\bib{1981/lipson}
\yr 1981
\isbn 0--201--04115--4
\mr 83f:00005
\by John D. Lipson
\book Elements of algebra and algebraic computing
\publ Addison-Wesley
\publaddr Reading
\endref

\bib{1983/loos}
\yr 1983
\mr 85b:11123
\by R\"udiger Loos
\paper Computing rational zeros of integral polynomials by $p$-adic expansion
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 12
\pages 286--293
\endref

\bib{2000/lopez}
\yr 2000
\by Julio L\'opez
\by Ricardo Dahab
\paper Performance of elliptic curve cryptosystems
\url http://www.dcc.unicamp.br/ic-tr-ftp/2000/00-08.ps.gz
\endref

\bib{1990/loxton}
\yr 1990
\isbn 0--521--39877--0
\mr 90m:11003
\editor John H. Loxton
\book Number theory and cryptography
\series London Mathematical Society Lecture Note Series
\seriesvol 154
\publ Cambridge University Press
\publaddr Cambridge
\endref

\bib{1983/loxton}
\yr 1983
\by John H. Loxton
\by Alf J. van der Poorten
\paper Multiplicative dependence in number fields
\jour Acta Arithmetica
\issn 0065--1036
\vol 42
\pages 291--302
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1983/loxton
\endref

\bib{1988/luby}
\yr 1988
\by Michael Luby
\by Charles Rackoff
\paper How to construct pseudorandom permutations from pseudorandom functions
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 17
\pages 373--386
\endref

\bib{1876/lucas}
\yr 1876
\by Edouard Lucas
\paper Sur la recherche des grands nombres premiers
\jour Association Fran\c caise pour l'Avacement des Sciences. Comptes Rendus
\vol 5
\pages 61--68
\endref

\bib{1877/lucas}
\yr 1877
\by Edouard Lucas
\paper Consid\'erations nouvelles sur la th\'eorie des nombres premiers et sur la division g\'eom\'etrique de la circonf\'erence en parties \'egales
\jour Association Fran\c caise pour l'Avacement des Sciences. Comptes Rendus
\vol 6
\pages 159--167
\endref

\bib{1986/lueneburg}
\yr 1986
\by Heinz L\"uneburg
\paper On a little but useful algorithm
\inbook \cite{1986/calmet}
\pages 296--301
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/lueneburg
\endref

\bib{1995/lukes}
\yr 1995
\mr 96m:11082
\by Richard F. Lukes
\by C. D. Patterson
\by Hugh C. Williams
\paper Numerical sieving devices: their history and some applications
\jour Nieuw Archief voor Wiskunde Series 4
\issn 0028--9825
\vol 13
\pages 113--139
\url https://cr.yp.to/bib/entries.html#1995/lukes
\endref

\bib{1996/lukes}
\yr 1996
\mr 96e:11010
\by Richard F. Lukes
\by C. D. Patterson
\by Hugh C. Williams
\paper Some results on pseudosquares
\jour Mathematics of Computation
\issn 0025--5718
\vol 65
\pages 361--372
\url http://www.ams.org/\allowbreak jourcgi/\allowbreak jour-getitem?pii=S0025571896006783
\endref

\bib{1956/lupanov}
\yr 1956
\by O. B. Lupanov
\paper On rectifier and contact-rectifier circuits
\jour Doklady Akademii Nauk SSSR
\issn 0002--3264
\vol 111
\pages 1171--1174
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1956/lupanov
\endref

\bib{2002/macaj}
\yr 2002
\by Martin Macaj
\paper Some remarks and questions about the AKS algorithm and related conjecture
\url http://thales.doa.fmph.uniba.sk/macaj/aksremarks.pdf
\endref

\bib{1977/macnaghten}
\yr 1977
\by A. M. Macnaghten
\by Charles A. R. Hoare
\paper Fast Fourier transform free from tears
\jour The Computer Journal
\issn 0010--4620
\vol 20
\pages 78--83
\endref

\bib{1994/macq}
\yr 1994
\isbn 90--71048--10--1
\by Benoit Macq
\book Proceedings of the 15th Symposium on Information Theory in the Benelux
\endref

\bib{1977/mairson}
\yr 1977
\by Harry G. Mairson
\paper Some new upper bounds on the generation of prime numbers
\jour Communications of the ACM
\issn 0001--0782
\vol 20
\pages 664--669
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1977/mairson
\endref

\bib{1992/manstavicius}
\yr 1992
\mr 93m:11091
\by Eugenijus Manstavi\v cius
\paper Semigroup elements free of large prime factors
\inbook \cite{1992/schweiger}
\pages 135--153
\endref

\bib{1989/marsaglia}
\yr 1989
\mr 90h:65124
\by George Marsaglia
\by Arif Zaman
\by John C. W. Marsaglia
\paper Numerical solution of some classical differential-difference equations
\jour Mathematics of Computation
\issn 0025--5718
\vol 53
\pages 191--201
\url http://www.jstor.org/sici?sici=0025-5718(198907)53:187<191:NSOSCD>2.0.CO;2-V
\endref

\bib{1983/martens-ext1}
\yr 1983
\by Jean-Bernard Martens
\paper Number theoretic transforms for the calculation of convolutions
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 31
\pages 969--978
\endref

\bib{1984/martens-crt}
\yr 1984
\mr 86a:11050
\by Jean-Bernard Martens
\paper Convolution algorithms, based on the CRT (Chinese remainder theorem)
\jour Signal Processing
\issn 0165--1684
\vol 6
\pages 279--292
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1984/martens-crt
\endref

\bib{1984/martens}
\yr 1984
\mr 86b:94004
\by Jean-Bernard Martens
\paper Recursive cyclotomic factorization---a new algorithm for calculating the discrete Fourier transform
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 32
\pages 750--761
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1984/martens
\endref

\bib{1983/martens-ext3}
\yr 1983
\mr 85m:94016
\by Jean-Bernard Martens
\by Marc C. Vanwormhoudt
\paper Convolution of long integer sequences by means of number theoretic transforms over residue class polynomial rings
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 31
\pages 1125--1134
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1983/martens-ext3
\endref

\bib{1983/martens-ext2}
\yr 1983
\by Jean-Bernard Martens
\by Marc C. Vanwormhoudt
\paper Convolution using a conjugate symmetry property for number theoretic transforms over rings of regular integers
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 31
\pages 1121--1125
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1983/martens-ext2
\endref

\bib{1988/martin}
\yr 1988
\by Joanne L. Martin
\by Stephen F. Lundstrom
\book Supercomputing '88: proceedings, volume 2
\publ IEEE Computer Society Press
\publaddr Silver Spring, Maryland
\endref

\bib{1973/maruyama}
\yr 1973
\by Kiyoshi Maruyama
\paper On the parallel evaluation of polynomials
\jour IEEE Transactions on Computers
\issn 0018--9340
\vol 22
\pages 2--5
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1973/maruyama
\endref

\bib{2004/matsui-sac2003}
\yr 2004
\editor Mitsuru Matsui
\editor Robert Zuccherato
\book Selected areas in cryptography: 10th annual international workshop, SAC 2003, Ottawa, Canada, August 14--15, 2003, revised papers
\isbn 3--540--21370--8
\publ Springer
\series Lecture Notes in Computer Science
\seriesvol 3006
\endref

\bib{1986/matsumura}
\yr 1986
\isbn 0--521--25916--9
\mr 88h:13001
\by Hideyuki Matsumura
\book Commutative ring theory
\series Cambridge Studies in Advanced Mathematics
\seriesvol 8
\publ Cambridge University Press
\publaddr Cambridge
\endref

\bib{1991/mattson}
\yr 1991
\isbn 3--540--54522--0
\mr 94b:68002
\editor Harold F. Mattson, Jr.
\editor Teo Mora
\editor Thammavaram R. N. Rao
\book Applied algebra, algebraic algorithms and error-correcting codes 9
\series Lecture Notes in Computer Science
\seriesvol 539
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1999/matzat}
\yr 1999
\isbn 3--540--64670--1
\mr 99h:00020
\editor B. Heinrich Matzat
\editor Gert-Martin Greuel
\editor Gerhard Hiss
\book Algorithmic algebra and number theory
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1998/maurer-writing}
\yr 1998
\by Stephen B. Maurer
\paper A short guide to writing mathematics
\url http://www.swarthmore.edu/NatSci/smaurer1/WriteGuide/
\endref

\bib{1994/maurer-equivalence}
\yr 1994
\by Ueli M. Maurer
\paper Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms
\inbook \cite{1994/desmedt}
\pages 271--281
\url http://www.crypto.ethz.ch/~maurer/publications.html
\endref

\bib{1996/maurer}
\yr 1996
\isbn 3--540--61186--X
\mr 97g:94002
\editor Ueli M. Maurer
\book Advances in cryptology---EUROCRYPT '96: Proceedings of the Fifteenth International Conference on the Theory and Application of Cryptographic Techniques held in Saragossa, May 12--16, 1996
\series Lecture Notes in Computer Science
\seriesvol 1070
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2002/maurer}
\yr 2002
\by Ueli M. Maurer
\paper Indistinguishability of random systems
\inbook \cite{2002/knudsen-book}
\pages 110--133
\endref

\bib{1977/mccarthy}
\yr 1977
\mr 55:1811
\by Daniel P. McCarthy
\paper The optimal algorithm to evaluate $x^n$ using elementary multiplication methods
\jour Mathematics of Computation
\issn 0025--5718
\vol 31
\pages 251--256
\endref

\bib{1986/mccarthy}
\yr 1986
\mr 87e:68046
\by Daniel P. McCarthy
\paper Effect of improved multiplication efficiency on exponentiation algorithms derived from addition chains
\jour Mathematics of Computation
\issn 0025--5718
\vol 46
\pages 603--608
\endref

\bib{1991/mccarthy}
\yr 1991
\by Dennis D. McCarthy
\paper Astronomical time
\jour Proceedings of the IEEE
\issn 0018--9219
\vol 79
\pages 915--920
\url http://www.cl.cam.ac.uk/~mgk25/volatile/astronomical-time.pdf
\endref

\bib{1990/mccurley}
\yr 1990
\mr 92d:11133
\by Kevin S. McCurley
\paper The discrete logarithm problem
\inbook \cite{1990/pomerance-book}
\pages 49--74
\endref

\bib{1996/mccurley-internet}
\yr 1996
\by Kevin S. McCurley
\paper Cryptography and the Internet: lessons and challenges
\inbook \cite{1996/kim}
\pages 50--56
\endref

I have recently started receiving a tremendous amount of email whose purpose is to advertise a product. ... Future attacks can be limited through the use of protocols that require payment in order to consume some resource. The scalability of payment systems is likely to be the deciding factor in their effectiveness.

\bib{2002/mcgrew}
\yr 2002
\by David A. McGrew
\paper Counter mode security: analysis and recommendations
\url http://www.mindspring.com/~dmcgrew/ctr-security.pdf
\endref

\bib{2002/mcgrew-1928}
\yr 2002
\by David A. Mcgrew
\paper RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
\url http://www.vpnc.org/ietf-ipsec/02.ipsec/msg01928.html
\endref

\bib{2004/mcgrew-gcm}
\yr 2004
\by David A. McGrew
\by John Viega
\paper The security and performance of the Galois/counter mode of operation
\url http://eprint.iacr.org/2004/193/
\endref

\bib{1993/mcilroy}
\yr 1993
\by Peter M. McIlroy
\by Keith Bostic
\by M. Douglas McIlroy
\paper Engineering radix sort
\jour Computing Systems
\issn 0895--6340
\vol 6
\pages 5--27
\url http://www.bostic.com/keith.html
\endref

\bib{1996/mckee-euler}
\yr 1996
\mr 97f:11010
\by James McKee
\paper Turning Euler's factoring method into a factoring algorithm
\jour Bulletin of the London Mathematical Society
\issn 0024--6093
\vol 28
\pages 351--355
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1996/mckee-euler
\endref

\bib{1996/mckee-deterministic}
\yr 1996
\by James McKee
\by Richard Pinch
\paper Old and new deterministic factoring algorithms
\inbook \cite{1996/cohen}
\pages 217--224
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1996/mckee-deterministic
\endref

\bib{2005/menezes-hmqv}
\yr 2005
\by Alfred Menezes
\paper Another look at HMQV
\url http://eprint.iacr.org/2005/205
\endref

\bib{1996/menezes}
\yr 1996
\isbn 0--8493--8523--7
\mr 99g:94015
\by Alfred J. Menezes
\by Paul C. van Oorschot
\by Scott A. Vanstone
\book Handbook of applied cryptography
\publ CRC Press
\publaddr Boca Raton, Florida
\url http://cacr.math.uwaterloo.ca/hac
\endref

\bib{1991/menezes}
\yr 1991
\isbn 3--540--54508--5
\mr 94b:94002
\editor Alfred J. Menezes
\editor Scott A. Vanstone
\book Advances in cryptology: CRYPTO '90
\series Lecture Notes in Computer Science
\seriesvol 537
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1979/merkle}
\yr 1979
\by Ralph Merkle
\book Secrecy, authentication, and public key systems
\phdthesis
\publ Stanford University
\endref

\bib{1990/merkle}
\yr 1990
\by Ralph Merkle
\paper A fast software one-way hash function
\jour Journal of Cryptology
\issn 0933--2790
\vol 3
\pages 43--58
\endref

\bib{1983/merz}
\yr 1983
\mr 85g:65128
\by Gerhard Merz
\paper Fast Fourier transform algorithms with applications
\inbook \cite{1983/werner}
\pages 249--278
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1983/merz
\endref

\bib{1996/meyer}
\yr 1996
\by Shauna M. Meyer
\by Jonathan P. Sorenson
\paper Efficient algorithms for computing the Jacobi symbol
\inbook \cite{1996/cohen}
\pages 225--239
\seenewer \cite{1998/eikenberry}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1996/meyer
\endref

\bib{1980/mignotte}
\yr 1980
\mr 81b:12022
\by Maurice Mignotte
\paper Calcul des racines $d$-i\`emes dans un corps fini
\jour Comptes Rendus des S\'eances de l'Acad\'emie des Sciences
\issn 0151--0509
\vol 290
\pages A205--A206
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1980/mignotte
\endref

\bib{1994/mihailescu}
\yr 1994
\mr 95j:11122
\by Preda Mihailescu
\paper Fast generation of provable primes using search in arithmetic progressions
\inbook \cite{1994/desmedt}
\pages 282--293
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/mihailescu
\endref

\bib{1998/mihailescu}
\yr 1998
\mr 2000j:11195
\by Preda Mih\u ailescu
\paper Cyclotomy primality proving---recent developments
\inbook \cite{1998/buhler}
\pages 95--110
\endref

\bib{preprint/mihailescu}
\by Preda Mih\u ailescu
\by Roberto M. Avanzi
\paper Efficient ``quasi''-deterministic primality test improving AKS
\url http://www-math.uni-paderborn.de/~preda/
\endref

\bib{1975/miller}
\yr 1975
\by Gary L. Miller
\paper Riemann's hypothesis and tests for primality
\inbook \cite{1975/rounds-stoc7}
\pages 234--239
\seenewer \cite{1976/miller}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1975/miller
\endref

\bib{1976/miller}
\yr 1976
\by Gary L. Miller
\paper Riemann's hypothesis and tests for primality
\jour Journal of Computer and System Sciences
\issn 0022--0000
\vol 13
\pages 300--317
\seeolder \cite{1975/miller}
\endref

\bib{1972/miller}
\yr 1972
\isbn 0306307073
\mr 51:9575
\editor Raymond E. Miller
\editor James W. Thatcher
\book Complexity of computer computations
\publ Plenum Press
\publaddr New York
\endref

\bib{1986/miller}
\yr 1986
\mr 88b:68040
\by Victor S. Miller
\paper Use of elliptic curves in cryptography
\inbook \cite{1986/williams}
\pages 417--426
\endref

\bib{1987/mish}
\yr 1987
\editor Frederick C. Mish
\book Webster's ninth new collegiate dictionary
\publ Merriam-Webster
\publaddr Springfield, Massachusetts
\endref

\bib{1981/misra}
\yr 1981
\by Jayadev Misra
\paper An exercise in program explanation
\jour ACM Transactions on Programming Languages and Systems
\issn 0164--0925
\vol 3
\pages 104--109
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1981/misra
\endref

\bib{1973/moenck}
\yr 1973
\by Robert T. Moenck
\paper Fast computation of GCDs
\inbook \cite{1973/aho-stoc5}
\pages 142--151
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1973/moenck
\endref

\bib{1972/moenck}
\yr 1972
\by Robert T. Moenck
\by Allan Borodin
\paper Fast modular transforms via division
\inbook \cite{1972/karp}
\pages 90--96
\also newer version, not a superset, in \cite{1974/borodin}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1972/moenck
\endref

\bib{1989/mollin}
\yr 1989
\isbn 0--7923--0149--8
\mr 92c:11002
\editor Richard A. Mollin
\book Number theory and applications
\publ Kluwer
\publaddr Dordrecht
\endref

\bib{1990/mollin}
\yr 1990
\isbn 3--11--011723--1
\mr 92a:11001
\editor Richard A. Mollin
\book Number theory
\publ Walter de Gruyter
\publaddr Berlin
\endref

\bib{1980/monier}
\yr 1980
\mr 82a:68078
\by Louis Monier
\paper Evaluation and comparison of two efficient probabilistic primality testing algorithms
\jour Theoretical Computer Science
\issn 0304--3975
\vol 12
\pages 97--108
\endref

\bib{1971/montgomery}
\yr 1971
\mr 49:2616
\by Hugh L. Montgomery
\book Topics in multiplicative number theory
\series Lecture Notes in Mathematics
\seriesvol 227
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1985/montgomery}
\yr 1985
\mr 86e:11121
\by Peter L. Montgomery
\paper Modular multiplication without trial division
\jour Mathematics of Computation
\issn 0025--5718
\vol 44
\pages 519--521
\endref

\bib{1987/montgomery}
\yr 1987
\mr 88e:11130
\by Peter L. Montgomery
\paper Speeding the Pollard and elliptic curve methods of factorization
\jour Mathematics of Computation
\issn 0025--5718
\vol 48
\pages 243--264
\url http://links.jstor.org/sici?sici=0025-5718(198701)48:177<243:STPAEC>2.0.CO;2-3
\endref

\bib{1992/montgomery}
\yr 1992
\by Peter L. Montgomery
\book An FFT extension of the elliptic curve method of factorization
\phdthesis
\publ University of California at Los Angeles
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1992/montgomery
\endref

\bib{1992/montgomery-lucas}
\yr 1992
\by Peter L. Montgomery
\paper Evaluating recurrences of form $X_{m+n}=f(X_m,X_n,X_{m-n})$ via Lucas chains
\url ftp://ftp.cwi.nl/pub/pmontgom/Lucas.ps.gz
\endref

\bib{1993/montgomery}
\yr 1993
\by Peter L. Montgomery
\paper Small geometric progressions modulo $n$
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1993/montgomery
\endref

\bib{1994/montgomery-survey}
\yr 1994
\mr 96b:11161
\by Peter L. Montgomery
\paper A survey of modern integer factorization algorithms
\jour CWI Quarterly
\issn 0922--5366
\vol 7
\pages 337--366
\endref

\bib{1994/montgomery-sqrt}
\yr 1994
\mr 96a:11148
\by Peter L. Montgomery
\paper Square roots of products of algebraic numbers
\inbook \cite{1994/gautschi}
\pages 567--571
\endref

\bib{1995/montgomery}
\yr 1995
\mr 97c:11115
\by Peter L. Montgomery
\paper A block Lanczos algorithm for finding dependencies over GF$(2)$
\inbook \cite{1995/guillou}
\pages 106--120
\endref

\bib{1997/montgomery}
\yr 1997
\mr 98k:11182
\by Peter L. Montgomery
\by Stefania Cavallar
\by Herman te Riele
\paper A new world record for the special number field sieve factoring method
\jour CWI Quarterly
\issn 0922--5366
\vol 10
\pages 105--107
\endref

\bib{1990/montgomery}
\yr 1990
\mr 90j:11142
\by Peter L. Montgomery
\by Robert D. Silverman
\paper An FFT extension to the $P-1$ factoring algorithm
\jour Mathematics of Computation
\issn 0025--5718
\vol 54
\pages 839--854
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1990/montgomery
\endref

\bib{1988/morain}
\yr 1988
\by Fran\c cois Morain
\paper Implementation of the Atkin-Goldwasser-Kilian primality testing algorithm
\paperinfo Research Report 911
\publ INRIA
\url http://www.lix.polytechnique.fr/~morain/Articles/articles.english.html
\endref

\bib{1990/morain-front}
\yr 1990
\by Fran\c cois Morain
\paper Atkin's test: news from the front
\inbook \cite{1990/quisquater}
\pages 626--635
\endref

We make an attempt to compare the speed of some primality testing algorithms for certifying 100-digit prime numbers.

\bib{1998/morain}
\yr 1998
\mr 2000i:11190
\by Fran\c cois Morain
\paper Primality proving using elliptic curves: an update
\inbook \cite{1998/buhler}
\pages 111--127
\url http://www.lix.polytechnique.fr/~morain/\allowbreak Articles/\allowbreak articles.english.html
\endref

\bib{2004/morain-ants}
\yr 2004
\by Fran\c cois Morain
\paper Proving the primality of very large numbers with fastECPP
\url http://www.lix.polytechnique.fr/Labo/Francois.Morain/Articles/ants-slidesx4.ps.gz
\endref

\bib{1990/morain}
\yr 1990
\mr 91i:11189
\by Fran\c cois Morain
\by Jorge Olivos
\paper Speeding up the computations on an elliptic curve using addition-subtraction chains
\jour RAIRO Informatique Th\'eorique et Applications
\issn 0296--1598
\issn 0988--3754
\vol 24
\pages 531--543
\url http://ultralix.polytechnique.fr/~morain/Articles/articles.english.html
\endref

\bib{1989/mora}
\yr 1989
\isbn 3--540--51083--4
\mr 90d:94002
\editor Teo Mora
\book Applied algebra, algebraic algorithms and error-correcting codes: proceedings of the sixth international conference (AAECC-6) held in Rome, July 4--8, 1988
\series Lecture Notes in Computer Science
\seriesvol 357
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1997/mora}
\yr 1997
\isbn 3--540--63163--1
\mr 99b:94002
\editor Teo Mora
\editor Harold Mattson
\book Applied algebra, algebraic algorithms and error-correcting codes
\series Lecture Notes in Computer Science
\seriesvol 1255
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1992/moree}
\yr 1992
\mr 93h:11127
\by Pieter Moree
\paper An interval result for the number field $\psi(x,y)$ function
\jour Manuscripta Mathematica
\issn 0025--2611
\vol 76
\pages 437--450
\endref

\bib{1993/moree-squares}
\yr 1993
\mr 94g:11069
\by Pieter Moree
\paper On the number of $y$-smooth natural numbers $\le x$ representable as a sum of two integer squares
\jour Manuscripta Mathematica
\issn 0025--2611
\vol 80
\pages 199--211
\endref

\bib{1993/moree-thesis}
\yr 1993
\mr 96e:11114
\by Pieter Moree
\book Psixyology and Diophantine equations
\bookinfo Dissertation
\publ Rijksuniversiteit te Leiden
\publaddr Leiden
\url http://web.inter.nl.net/hcc/J.Moree/linkind2.htm
\endref

\bib{1997/moree}
\yr 1997
\mr 98m:11096
\by Pieter Moree
\paper A generalization of the Buchstab equation
\jour Manuscripta Mathematica
\issn 0025--2611
\vol 94
\pages 267--270
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1997/moree
\endref

\bib{1990/moret}
\yr 1990
\isbn 0--8053--8008--6
\by Bernard M. E. Moret
\by Henry D. Shapiro
\book Algorithms from P to NP, volume 1: design and efficiency
\publ Benjamin/Cummings
\publaddr Redwood City, CA
\endref

\bib{1968/morrison}
\yr 1968
\by Donald R. Morrison
\paper PATRICIA: practical algorithm to retrieve information coded in alphanumeric
\jour Journal of the ACM
\issn 0004--5411
\vol 15
\pages 514--534
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1968/morrison
\endref

\bib{1975/morrison}
\yr 1975
\mr 51:8017
\by Michael A. Morrison
\by John Brillhart
\paper A method of factoring and the factorization of $F_7$
\jour Mathematics of Computation
\issn 0025--5718
\vol 29
\pages 183--205
\endref

\bib{2000/mueller}
\yr 2000
\mr 2002h:11140
\by Siguna M\"uller
\paper On probable prime testing and the computation of square roots mod $n$
\inbook \cite{2000/bosma-book}
\pages 423--437
\seenewer \cite{2003/mueller}
\endref

\bib{2001/mueller}
\yr 2001
\mr 2003j:11148
\by Siguna M\"uller
\paper A probable prime test with very high confidence for $n\equiv 1\bmod 4$
\inbook \cite{2001/boyd-book}
\pages 87--106
\endref

\bib{2003/mueller}
\yr 2003
\mr 1982973
\by Siguna M\"uller
\paper A probable prime test with very high confidence for $n\equiv 3\bmod 4$
\jour Journal of Cryptology
\issn 0933--2790
\vol 16
\pages 117--139
\seeolder \cite{2000/mueller}
\endref

\bib{1994/mullen}
\yr 1994
\isbn 0--8218--5183--7
\mr 95c:11002
\editor Gary L. Mullen
\editor Peter Jau-Shyong Shiue
\book Finite fields: theory, applications, and algorithms
\publ American Mathematical Society
\publaddr Providence
\endref

\bib{1971/munro}
\yr 1971
\by Ian Munro
\by Michael Paterson
\paper Optimal algorithms for parallel polynomial evaluation
\inbook \cite{1971/hennie}
\pages 132--139
\seenewer \cite{1973/munro}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1971/munro
\endref

\bib{1973/munro}
\yr 1973
\mr 47:6127
\by Ian Munro
\by Michael Paterson
\paper Optimal algorithms for parallel polynomial evaluation
\jour Journal of Computer and System Sciences
\issn 0022--0000
\vol 7
\pages 189--198
\seeolder \cite{1971/munro}
\endref

\bib{1998/murphy-model}
\yr 1998
\by Brian Murphy
\paper Modelling the yield of number field sieve polynomials
\inbook \cite{1998/buhler}
\pages 137--150
\endref

\bib{1999/murphy}
\yr 1999
\by Brian Murphy
\book Polynomial selection for the number field sieve integer factorisation algorithm
\phdthesis
\url http://web.comlab.ox.ac.uk/oucl/work/richard.brent/students.html
\endref

\bib{1998/murphy-quadratic}
\yr 1998
\mr 2000i:11189
\by Brian Murphy
\by Richard P. Brent
\paper On quadratic polynomials for the number field sieve
\inbook \cite{1998/lin}
\pages 199--213
\endref

\bib{1998/murty}
\yr 1998
\isbn 0--8218--0606--8
\mr 98f:11002
\editor V. Kumar Murty
\editor Michel Waldschmidt
\book Number theory: papers on number theory from the International Conference on Discrete Mathematics and Number Theory held in Tiruchirapalli, January 3--6, 1996
\series Contemporary Mathematics
\seriesvol 210
\publ American Mathematical Society
\publaddr Providence, RI
\endref

\bib{2004/muzereau-equivalence}
\yr 2004
\by A. Muzereau
\by Nigel P. Smart
\by Frederik Vercauteren
\paper The equivalence between the DHP and DLP for elliptic curves used in practical applications
\jour LMS Journal of Computation and Mathematics
\vol 7
\pages 50--72
\url http://www.lms.ac.uk/jcm/7/lms2003-034/
\endref

\bib{2001/naccache-ctrsa}
\yr 2001
\isbn 3--540--41898--9
\mr 2003a:94039
\editor David Naccache
\book Topics in cryptology---CT-RSA 2001: Proceedings of the Cryptographers' Track at the RSA Conference held in San Francisco, CA, April 8--12, 2001
\series Lecture Notes in Computer Science
\seriesvol 2020
\publ Springer
\endref

\bib{1995/naccache}
\yr 1995
\by David Naccache
\by David M'raihi
\by William Wolfowicz
\by Adina di Porto
\paper Are crypto-accelerators really inevitable? 20 bit zero-knowledge in less than a second on simple 8-bit microcontrollers
\inbook \cite{1995/guillou}
\pages 404--409
\url http://link.springer.de/link/service/series/0558/bibs/0921/09210404.htm
\endref

\bib{1995/naeslund}
\yr 1995
\mr 96i:94022
\by Mats N\"aslund
\paper Universal hash functions & hard core bits
\inbook \cite{1995/guillou}
\pages 356--366
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1995/naeslund
\endref

\bib{1999/nakamula-survey}
\yr 1999
\mr 2001c:11134
\by Ken Nakamula
\paper A survey on the number field sieve
\inbook \cite{1999/kanemitsu}
\pages 263--272
\endref

\bib{1997/naor}
\yr 1997
\by Moni Naor
\by Omer Reingold
\paper Number-theoretic constructions of efficient pseudo-random functions
\inbook \cite{1997/-focs}
\pages 458--467
\url http://www.wisdom.weizmann.ac.il/~naor/onpub.html
\endref

\bib{1979/nathanson}
\yr 1979
\isbn 3--540--09559--4
\mr 81a:10004
\editor Melvyn B. Nathanson
\book Number theory, Carbondale 1979
\series Lecture Notes in Mathematics
\seriesvol 751
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1983/naur}
\yr 1983
\mr 85c:11123
\by Thorkil Naur
\paper New integer factorizations
\jour Mathematics of Computation
\issn 0025--5718
\vol 41
\pages 687--695
\endref

\bib{2001/nechvatal}
\yr 2001
\by James Nechvatal
\by Elaine Barker
\by Lawrence Bassham
\by William Burr
\by Morris Dworkin
\by James Foti
\by Edward Roback
\paper Report on the development of the Advanced Encryption Standard (AES)
\jour Journal of Research of the National Institute of Standards and Technology
\vol 106
\url http://nvl.nist.gov/pub/nistpubs/jres/106/3/cnt106-3.htm
\endref

\bib{1999/nechvatal}
\yr 1999
\by James Nechvatal
\by Elaine Barker
\by Donna Dodson
\by Morris Dworkin
\by James Foti
\by Edward Roback
\paper Status report on the first round of the development of the Advanced Encryption Standard
\jour Journal of Research of the National Institute of Standards and Technology
\vol 104
\url http://nvl.nist.gov/pub/nistpubs/jres/104/5/cnt104-5.htm
\endref

\bib{1999/nevelsteen}
\yr 1999
\by Wim Nevelsteen
\by Bart Preneel
\paper Software performance of universal hash functions
\inbook \cite{1999/stern}
\pages 24--41
\endref

\bib{1998/nguyen}
\yr 1998
\by Phong Q. Nguyen
\paper A Montgomery-like square root for the number field sieve
\inbook \cite{1998/buhler}
\pages 151--168
\endref

\bib{2000/nguyen}
\yr 2000
\by Phong Q. Nguyen
\by Jacques Stern
\paper Lattice reduction in cryptology: an update
\inbook \cite{2000/bosma-book}
\pages 85--112
\url http://www.di.ens.fr/~pnguyen/pub.html
\seenewer \cite{2001/nguyen}
\endref

\bib{2001/nguyen}
\yr 2001
\mr 1 903 893
\by Phong Q. Nguyen
\by Jacques Stern
\paper The two faces of lattices in cryptology
\inbook \cite{2001/silverman}
\pages 146--180
\url http://www.di.ens.fr/~pnguyen/pub.html
\seeolder \cite{2000/nguyen}
\endref

\bib{1971/nicholson}
\yr 1971
\mr 44:4112
\by Peter J. Nicholson
\paper Algebraic theory of finite Fourier transforms
\jour Journal of Computer and System Sciences
\issn 0022--0000
\vol 5
\pages 524--547
\endref

\bib{1985/nicolas-survey}
\yr 1985
\mr 87j:11143
\by Jean-Louis Nicolas
\paper Test de primalit\'e et m\'ethodes de factorisation
\inbook \cite{1985/-rennes}
\pages 148--162
\endref

\bib{1989/niederreiter}
\yr 1989
\by Harald Niederreiter
\paper The serial test for congruential pseudorandom numbers generated by inversions
\jour Mathematics of Computation
\issn 0025--5718
\vol 52
\pages 135--144
\endref

\bib{1995/niederreiter}
\yr 1995
\mr 95i:11145
\by Harald Niederreiter
\by Rainer G\"ottfert
\paper On a new factorization algorithm for polynomials over finite fields
\jour Mathematics of Computation
\issn 0025--5718
\vol 64
\pages 347--353
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1995/niederreiter
\endref

\bib{1993/nitaj}
\yr 1993
\mr 94k:11035
\by Abderrahmane Nitaj
\paper An algorithm for finding good $abc$-examples
\jour Comptes Rendus des S\'eances de l'Acad\'emie des Sciences, S\'erie I
\issn 0249--6291
\vol 317
\pages 811--815
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1993/nitaj
\endref

\bib{1971/norton}
\yr 1971
\mr 44:3948
\by Karl K. Norton
\book Numbers with small prime factors, and the least $k$th power non-residue
\publ American Mathematical Society
\publaddr Providence, Rhode Island
\endref

\bib{1980/nussbaumer}
\yr 1980
\mr 80m:94004
\by Henri J. Nussbaumer
\paper Fast polynomial transform algorithms for digital convolution
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 28
\pages 205--215
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1980/nussbaumer
\endref

\bib{1985/odlyzko}
\yr 1985
\mr 87g:11022
\by Andrew M. Odlyzko
\paper Discrete logarithms in finite fields and their cryptographic significance
\inbook \cite{1985/beth}
\pages 224--314
\endref

\bib{1987/odlyzko-book}
\yr 1987
\isbn 3--540--18047--8
\mr 88h:94004
\editor Andrew M. Odlyzko
\book Advances in cryptology---CRYPTO '86: proceedings of the conference on the theory and applications of cryptographic techniques held at the University of California, Santa Barbara, Calif., August 11--15, 1986
\series Lecture Notes in Computer Science
\seriesvol 263
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1994/odlyzko}
\yr 1994
\mr 95f:11107
\by Andrew M. Odlyzko
\paper Discrete logarithms and smooth polynomials
\inbook \cite{1994/mullen}
\pages 269--278
\url http://www.dtc.umn.edu/~odlyzko/doc/crypto.html
\endref

\bib{1995/odlyzko}
\yr 1995
\by Andrew M. Odlyzko
\paper The future of integer factorization
\jour CryptoBytes
\vol 1
\pages 5--12
\url http://www.research.att.com/~amo/doc/future.of.factoring.ps
\endref

\bib{1999/odlyzko-fields}
\yr 1999
\editor Andrew M. Odlyzko
\editor Gary Walsh
\editor Hugh Williams
\book Conference on the mathematics of public key cryptography: the Fields Institute for Research in the Mathematical Sciences, Toronto, Ontario, June 12--17, 1999
\bookinfo book of preprints distributed at the conference
\endref

\bib{2003/oechslin}
\yr 2003
\by Philippe Oechslin
\paper Making a faster cryptanalytic time-memory trade-off
\inbook \cite{2003/boneh-book}
\pages 617--630
\endref

\bib{1998/ohta}
\yr 1998
\isbn 3--540--65109--8
\mr 2000h:94002
\editor Kazuo Ohta
\editor Dingyi Pei
\book Advances in cryptology---ASIACRYPT'98: International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, October 18--22, 1998, proceedings
\series Lecture Notes in Computer Science
\seriesvol 1514
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2000/okamoto}
\yr 2000
\isbn 3--540--41404--5
\mr 2002d:94046
\editor Tatsuaki Okamoto
\book Advances in cryptology: ASIACRYPT 2000
\series Lecture Notes in Computer Science
\seriesvol 1976
\publ Springer
\publaddr Berlin
\endref

\bib{2004/okamoto-ctrsa}
\yr 2004
\isbn 3--540--20996--4
\mr 2005d:94157
\editor Tatsuaki Okamoto
\book Topics in cryptology---CT-RSA 2004: the cryptographers' track at the RSA Conference 2004, San Francisco, CA, USA, February 23--27, 2004, proceedings
\series Lecture Notes in Computer Science
\vol 2964
\publ Springer
\publaddr Berlin
\endref

\bib{1981/olivos}
\yr 1981
\mr 83h:68044
\by Jorge Olivos
\paper On vectorial addition chains
\jour Journal of Algorithms
\issn 0196--6774
\vol 2
\pages 13--21
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1981/olivos
\endref

\bib{2005/osvik-cache}
\yr 2005
\by Dag Arne Osvik
\by Adi Shamir
\by Eran Tromer
\paper Cache atacks and countermeasures: the case of AES (extended version)
\url http://www.wisdom.weizmann.ac.il/~tromer/
\endref

\bib{2002/page}
\yr 2002
\by Daniel Page
\paper Theoretical use of cache memory as a cryptanalytic side-channel
\url http://eprint.iacr.org/2002/169/
\endref

\bib{1998/panario}
\yr 1998
\mr 1 726 074
\by Daniel Panario
\by Xavier Gourdon
\by Philippe Flajolet
\paper An analytic approach to smooth polynomials over finite fields
\inbook \cite{1998/buhler}
\pages 226--236
\endref

\bib{1994/papadimitriou}
\yr 1994
\isbn 0201530821
\mr 95f:68082
\by Christos M. Papadimitriou
\book Computational complexity
\publ Addison-Wesley
\publaddr Reading, Massachusetts
\endref

\bib{1999/papamichael}
\yr 1999
\isbn 9810236263
\mr 2000c:00029
\editor Nicolas Papamichael
\editor Stephan Ruscheweyh
\editor Edward B. Saff
\book Computational methods and function theory 1997: proceedings of the third CMFT conference, 13--17 October 1997, Nicosia, Cyprus
\series Series in Approximations and Decompositions
\seriesvol 11
\publ World Scientific
\publaddr Singapore
\endref

\bib{1968/pease}
\yr 1968
\by Marshall C. Pease
\paper An adaptation of the fast Fourier transform for parallel processing
\jour Journal of the ACM
\issn 0004--5411
\vol 15
\pages 252--264
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1968/pease
\endref

\bib{2000/pelikan}
\yr 2000
\mr 2001g:11147
\by Jozsef Pelik\'an
\by J\'anos Pintz
\by Endre Szemer\'edi
\paper On the running time of the Adleman-Pomerance-Rumely primality test
\jour Publicationes Mathematicae Debrecen
\vol 56
\pages 523--534
\endref

\bib{1992/peralta}
\yr 1992
\mr 93c:11115
\by Ren\'e Peralta
\paper On the distribution of quadratic residues and nonresidues modulo a prime number
\jour Mathematics of Computation
\issn 0025--5718
\vol 58
\pages 433--440
\url http://links.jstor.org/sici?sici=0025-5718(199201)58:197<433:OTDOQR>2.0.CO;2-0
\endref

\bib{1993/peralta}
\yr 1993
\mr 95f:11108
\by Ren\'e Peralta
\paper A quadratic sieve on the $n$-dimensional cube
\inbook \cite{1993/brickell-book}
\pages 324--332
\endref

\bib{1986/peralta}
\yr 1986
\mr 87m:11125
\by Ren\'e C. Peralta
\paper A simple and fast probabilistic algorithm for computing square roots modulo a prime number
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 32
\pages 846--847
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/peralta
\endref

\bib{2005/percival-cache}
\yr 2005
\by Colin Percival
\paper Cache missing for fun and profit
\url http://www.daemonology.net/hyperthreading-considered-harmful/
\endref

\bib{1991/petho}
\yr 1991
\isbn 3--11--012394--0
\mr 92i:11131
\by Attila Petho
\by Michael E. Pohst
\by Hugh C. Williams
\by Horst G. Zimmer
\book Computational number theory
\publ Walter de Gruyter
\publaddr Berlin
\endref

\bib{2001/peyre}
\yr 2001
\mr 2001f:11100
\by Emmanuel Peyre
\by Yuri Tschinkel
\paper Tamagawa numbers of diagonal cubic surfaces, numerical evidence
\jour Mathematics of Computation
\issn 0025--5718
\vol 70
\pages 367--387
\endref

\bib{1972/pichat}
\yr 1972
\mr 48:3241
\by Mich\`ele Pichat
\paper Correction d'une somme en arithm\'etique \`a virgule flottante
\jour Numerische Mathematik
\issn 0029--599X
\vol 19
\pages 400--406
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1972/pichat
\endref

\bib{1986/pichler}
\yr 1986
\isbn 3--540--16468--5
\mr 87d:94003
\editor Franz Pichler
\book Advances in cryptology---EUROCRYPT '85: proceedings of a workshop on the theory and application of cryptographic techniques (EUROCRYPT '85) held in Linz, April 1985
\series Lecture Notes in Computer Science
\seriesvol 219
\publ Springer-Verlag
\endref

\bib{1995/pieprzyk}
\yr 1995
\isbn 3--540--59339--X
\mr 96h:94002
\editor Josef Pieprzyk
\editor Reihanah Safavi-Naini
\book Advances in cryptology---ASIACRYPT '94: 4th international conference on the theory and applications of cryptology, Wollongong, Australia, November 28--December 1, 1994, proceedings
\series Lecture Notes in Computer Science
\seriesvol 917
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2002/pierotti}
\yr 2002
\by Neal P. Pierotti
\paper Does Internet information count as a printed publication?
\jour IDEA: The Journal of Law and Technology
\vol 42
\pages 249--278
\url http://www.idea.piercelaw.edu/articles/42/42_2/3.Pierotti.pdf
\endref

\bib{1991/pila}
\yr 1991
\mr 93b:11096
\by Jonathan Pila
\paper Geometric postulation of a smooth function and the number of rational points
\jour Duke Mathematical Journal
\issn 0012--7094
\vol 63
\pages 449--463
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1991/pila
\endref

\bib{1989/pintz}
\yr 1989
\mr 90b:11141
\by J\'anos Pintz
\by William L. Steiger
\by Endre Szemer\'edi
\paper Infinite sets of primes with fast primality tests and quick generation of large primes
\jour Mathematics of Computation
\issn 0025--5718
\vol 53
\pages 399--406
\endref

\bib{1976/pippenger}
\yr 1976
\mr 58:3682
\by Nicholas Pippenger
\paper On the evaluation of powers and related problems (preliminary version)
\inbook \cite{1976/-focs}
\pages 258--263
\also newer version split into \cite{1979/pippenger} and \cite{1980/pippenger}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1976/pippenger
\endref

\bib{1979/pippenger}
\yr 1979
\mr 81e:05079
\by Nicholas Pippenger
\paper The minimum number of edges in graphs with prescribed paths
\jour Mathematical Systems Theory
\issn 0025--5661
\vol 12
\pages 325--346
\seeolder \cite{1976/pippenger}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1979/pippenger
\endref

\bib{1980/pippenger}
\yr 1980
\mr 82c:10064
\by Nicholas Pippenger
\paper On the evaluation of powers and monomials
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 9
\pages 230--250
\seeolder \cite{1976/pippenger}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1980/pippenger
\endref

\bib{1998/pitofsky}
\yr 1998
\by Robert Pitofsky
\paper Self regulation and antitrust
\url http://www.ftc.gov/speeches/pitofsky/self4.htm
\endref

\bib{1914/pocklington}
\yr 1914
\by Henry C. Pocklington
\paper The determination of the prime or composite nature of large numbers by Fermat's theorem
\jour Proceedings of the Cambridge Philosophical Society
\issn 0305--0041
\vol 18
\pages 29--30
\endref

\bib{1917/pocklington}
\yr 1917
\by Henry C. Pocklington
\paper The direct solution of the quadratic and cubic binomial congruences with prime moduli
\jour Proceedings of the Cambridge Philosophical Society
\issn 0305--0041
\vol 19
\pages 57--59
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1917/pocklington
\endref

\bib{1978/pohlig}
\yr 1978
\mr 58:4617
\by Stephen C. Pohlig
\by Martin E. Hellman
\paper An improved algorithm for computing logarithms over GF$(p)$ and its cryptographic significance
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 24
\pages 106--110
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1978/pohlig
\endref

\bib{1993/pohst}
\yr 1993
\isbn 3--7643--2913--0
\mr 94j:11132
\by Michael E. Pohst
\book Computational algebraic number theory
\publ Birkh\"auser
\publaddr Basel
\endref

\bib{1996/pohst}
\yr 1996
\by Michael E. Pohst
\by M. Sch\"ornig
\paper On integral basis reduction in global function fields
\inbook \cite{1996/cohen}
\pages 273--282
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1996/pohst
\endref

\bib{1989/pohst}
\yr 1989
\isbn 0--521--33060--2
\mr 92b:11074
\by Michael Pohst
\by Hans Zassenhaus
\book Algorithmic algebraic number theory
\publ Cambridge University Press
\publaddr Cambridge
\endref

\bib{1971/pollard}
\yr 1971
\mr 46:1120
\by John M. Pollard
\paper The fast Fourier transform in a finite field
\jour Mathematics of Computation
\issn 0025--5718
\vol 25
\pages 365--374
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1971/pollard
\endref

\bib{1974/pollard}
\yr 1974
\mr 50:6992
\by John M. Pollard
\paper Theorems on factorization and primality testing
\jour Proceedings of the Cambridge Philosophical Society
\issn 0305--0041
\vol 76
\pages 521--528
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1974/pollard
\endref

\bib{1975/pollard}
\yr 1975
\mr 52:13611
\by John M. Pollard
\paper A Monte Carlo method for factorization
\jour BIT
\issn 0006--3835
\vol 15
\pages 331--334
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1975/pollard
\endref

\bib{1976/pollard}
\yr 1976
\mr 54:7099
\by John M. Pollard
\paper Implementation of number-theoretic transforms
\jour Electronics Letters
\issn 0013--5194
\vol 12
\pages 378--379
\endref

\bib{1978/pollard-kangaroo}
\yr 1978
\mr 58:10684
\by John M. Pollard
\paper Monte Carlo methods for index computation mod $p$
\jour Mathematics of Computation
\issn 0025--5718
\vol 32
\pages 918--924
\endref

\bib{1993/pollard-cubic}
\yr 1993
\by John M. Pollard
\paper Factoring with cubic integers
\inbook \cite{1993/lenstra-book}
\pages 4--10
\endref

\bib{1993/pollard-lattice}
\yr 1993
\by John M. Pollard
\paper The lattice sieve
\inbook \cite{1993/lenstra-book}
\pages 43--49
\endref

\bib{2000/pollard}
\yr 2000
\by John M. Pollard
\paper Kangaroos, Monopoly and discrete logarithms
\jour Journal of Cryptology
\issn 0933--2790
\vol 13
\pages 437--447
\endref

\bib{1981/pomerance-recent}
\yr 1981
\mr 83h:10015
\by Carl Pomerance
\paper Recent developments in primality testing
\jour The Mathematical Intelligencer
\vol 3
\pages 97--105
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1981/pomerance-recent
\endref

\bib{1982/pomerance}
\yr 1982
\mr 84i:10005
\by Carl Pomerance
\paper Analysis and comparison of some integer factoring algorithms
\inbook \cite{1982/lenstra-book}
\pages 89--139
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1982/pomerance
\endref

\bib{1984/pomerance}
\yr 1984
\by Carl Pomerance
\paper Are there counter-examples to the Baillie -- PSW primality test?
\url http://www.pseudoprime.com/pseudo.html
\endref

\bib{1985/pomerance}
\yr 1985
\mr 87d:11098
\by Carl Pomerance
\paper The quadratic sieve factoring algorithm
\inbook \cite{1985/beth}
\pages 169--182
\endref

\bib{1987/pomerance}
\yr 1987
\mr 88m:11109
\by Carl Pomerance
\paper Fast, rigorous factorization and discrete logarithm algorithms
\inbook \cite{1987/johnson}
\pages 119--143
\endref

\bib{1987/pomerance-short}
\yr 1987
\mr 88b:11088
\by Carl Pomerance
\paper Very short primality proofs
\jour Mathematics of Computation
\issn 0025--5718
\vol 48
\pages 315--322
\endref

\bib{1990/pomerance-book}
\yr 1990
\isbn 0--8218--0155--4
\mr 91k:11113
\editor Carl Pomerance
\book Cryptology and computational number theory
\publ American Mathematical Society
\publaddr Providence
\endref

\bib{1990/pomerance-survey}
\yr 1990
\mr 92b:11089
\by Carl Pomerance
\paper Factoring
\inbook \cite{1990/pomerance-book}
\pages 27--47
\endref

\bib{1994/pomerance}
\yr 1994
\mr 96c:11143
\by Carl Pomerance
\paper The number field sieve
\inbook \cite{1994/gautschi}
\pages 465--480
\endref

\bib{1995/pomerance-survey}
\yr 1995
\mr 97m:11156
\by Carl Pomerance
\paper The role of smooth numbers in number-theoretic algorithms
\inbook \cite{1995/chatterji}
\pages 411--422
\endref

\bib{1996/pomerance-survey}
\yr 1996
\mr 97f:11100
\by Carl Pomerance
\paper A tale of two sieves
\jour Notices of the American Mathematical Society
\issn 0002--9920
\vol 43
\pages 1473--1485
\endref

\bib{1996/pomerance-dep}
\yr 1996
\mr 97k:11174
\by Carl Pomerance
\paper Multiplicative independence for random integers
\inbook \cite{1996/berndt}
\pages 703--711
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1996/pomerance-dep
\endref

\bib{1980/pomerance-pseudo}
\yr 1980
\mr 82g:10030
\by Carl Pomerance
\by John L. Selfridge
\by Samuel S. Wagstaff, Jr.
\paper The pseudoprimes to $25\cdot 10^9$
\jour Mathematics of Computation
\issn 0025--5718
\vol 35
\pages 1003--1026
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1980/pomerance-pseudo
\endref

\bib{1992/pomerance}
\yr 1992
\by Carl Pomerance
\by J. W. Smith
\paper Reduction of huge, sparse matrices over finite fields via created catastrophes
\jour Experimental Mathematics
\issn 1058--6458
\vol 1
\pages 89--94
\endref

\bib{1988/pomerance}
\yr 1988
\mr 89f:11168
\by Carl Pomerance
\by J. W. Smith
\by Randy Tuler
\paper A pipeline architecture for factoring large integers with the quadratic sieve algorithm
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 17
\pages 387--403
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1988/pomerance
\endref

If it runs as quickly and is as inexpensive as we think, then 144-digit numbers can be factored in a year with a budget of $10,000,000.

\bib{1984/pomerance-ideas}
\yr 1984
\by Carl Pomerance
\by J. W. Smith
\by Samuel S. Wagstaff, Jr.
\paper New ideas for factoring large integers
\inbook \cite{1984/chaum}
\pages 81--85
\endref

This is an extended abstract which summarizes papers [3], [4], and [5]. They describe improvements in the continued fraction factorization algorithm (CFRAC) and a special processor designed to execute this algorithm swiftly. The ideas in these papers will permit one to factor a 100 decimal digit integer in about a month on a processor which would cost about $1,000,000. Therefore, moduli for RSA cryptosystems should be chosen somewhat larger than 100 digits to be secure.

\bib{1995/pomerance-cyclo}
\yr 1995
\mr 96e:11163
\by Carl Pomerance
\by Jonathan Sorenson
\paper Counting the integers factorable via cyclotomic methods
\jour Journal of Algorithms
\issn 0196--6774
\vol 19
\pages 250--265
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1995/pomerance-cyclo
\endref

\bib{1983/pomerance}
\yr 1983
\mr 85c:11124
\by Carl Pomerance
\by Samuel S. Wagstaff, Jr.
\paper Implementation of the continued fraction integer factoring algorithm
\jour Congressus Numerantium
\issn 0384--9864
\vol 37
\pages 99--118
\endref

\bib{1991/ponder}
\yr 1991
\mr 92f:68079
\by Carl G. Ponder
\paper Parallel multiplication and powering of polynomials
\jour Journal of Symbolic Computation
\issn 0747--7171
\vol 11
\pages 307--320
\endref

\bib{1955/prachar}
\yr 1955
\mr 16:904h
\by Karl Prachar
\paper \"Uber die Anzahl der Teiler einer nat\"urlichen Zahl, welche die Form $p-1$ haben
\jour Monatshefte f\"ur Mathematik
\issn 0026--9255
\vol 59
\pages 91--97
\endref

\bib{1995/preneel-fse}
\yr 1995
\isbn 3--540--60590--8
\editor Bart Preneel
\book Fast software encryption: second international workshop, Leuven, Belgium, 14--16 December 1994, proceedings
\series Lecture Notes in Computer Science
\seriesvol 1008
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2000/preneel}
\yr 2000
\isbn 3--540--67517--5
\mr 2001b:94028
\editor Bart Preneel
\book Advances in cryptology---EUROCRYPT 2000: proceedings of the 19th International Annual Conference on the Theory and Application of Cryptographic Techniques held in Bruges, May 14--18, 2000
\series Lecture Notes in Computer Science
\seriesvol 1807
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1999/preneel}
\yr 1999
\by Bart Preneel
\by Paul van Oorschot
\paper On the security of iterated message authentication codes
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\pages 188--199
\url http://www.scs.carleton.ca/~paulv/papers/pubs.html
\endref

\bib{1995/preneel}
\yr 1995
\by Bart Preneel
\by Paul C. van Oorschot
\paper MDx-MAC and building fast MACs from hash functions
\inbook \cite{1995/coppersmith-book}
\pages 1--14
\url http://www.esat.kuleuven.ac.be/~cosicart/pub95.html
\endref

\bib{1996/preneel}
\yr 1996
\by Bart Preneel
\by Paul C. van Oorschot
\paper On the security of two MAC algorithms
\inbook \cite{1996/maurer}
\pages 19--32
\url http://www.esat.kuleuven.ac.be/~cosicart/pub96.html
\endref

\bib{1982/preuss}
\yr 1982
\by Robert D. Preuss
\paper Very fast computation of the radix-$2$ discrete Fourier transform
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 30
\pages 595--607
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1982/preuss
\endref

\bib{1981/pritchard}
\yr 1981
\mr 82c:10011
\by Paul Pritchard
\paper A sublinear additive sieve for finding prime numbers
\jour Communications of the ACM
\issn 0001--0782
\vol 24
\pages 18--23
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1981/pritchard
\endref

\bib{1982/pritchard}
\yr 1982
\mr 84g:10015
\by Paul Pritchard
\paper Explaining the wheel sieve
\jour Acta Informatica
\issn 0001--5903
\vol 17
\pages 477--485
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1982/pritchard
\endref

\bib{1983/pritchard}
\yr 1983
\mr 85h:11080
\by Paul Pritchard
\paper Fast compact prime number sieves (among others)
\jour Journal of Algorithms
\issn 0196--6774
\vol 4
\pages 332--344
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1983/pritchard
\endref

\bib{1984/pritchard}
\yr 1984
\by Paul Pritchard
\paper Some negative results concerning prime number generators
\jour Communications of the ACM
\issn 0001--0782
\vol 27
\pages 53--57
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1984/pritchard
\endref

\bib{1987/pritchard}
\yr 1987
\by Paul Pritchard
\paper Linear prime-number sieves: a family tree
\jour Science of Computer Programming
\issn 0167--6423
\vol 9
\pages 17--35
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1987/pritchard
\endref

\bib{1994/pritchard}
\yr 1994
\by Paul Pritchard
\paper Improved incremental prime number sieves
\inbook \cite{1994/adleman-ants}
\pages 280--288
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/pritchard
\endref

\bib{2003/proos-quantum}
\yr 2003
\by John Proos
\by Christof Zalka
\paper Shor's discrete logarithm quantum algorithm for elliptic curves
\url http://www.cacr.math.uwaterloo.ca/techreports/2003/tech_reports2003.html
\endref

\bib{1990/quisquater}
\yr 1990
\isbn 3--540--53433--4
\mr 91h:94003
\editor Jean-Jacques Quisquater
\editor J. Vandewalle
\book Advances in cryptology---EUROCRYPT '89: workshop on the theory and application of cryptographic techniques, Houthalen, Belgium, April 10--13, 1989, proceedings
\series Lecture Notes in Computer Science
\seriesvol 434
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1969/rabiner}
\yr 1969
\by Lawrence R. Rabiner
\by R. W. Schafer
\by Charles M. Rader
\paper The chirp-$z$ transform algorithm
\jour IEEE Transactions on Audio and Electroacoustics
\vol 17
\pages 86--92
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1969/rabiner
\endref

\bib{1976/rabin}
\yr 1976
\mr 57:4603
\by Michael O. Rabin
\paper Probabilistic algorithms
\inbook \cite{1976/traub-algo}
\pages 21--39
\endref

\bib{1978/rabin}
\yr 1978
\by Michael O. Rabin
\paper Digitalized signatures
\inbook \cite{1978/demillo}
\pages 155--168
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1978/rabin
\endref

\bib{1979/rabin}
\yr 1979
\by Michael O. Rabin
\book Digitalized signatures and public-key functions as intractable as factorization
\bookinfo Technical Report 212
\publ MIT Laboratory for Computer Science
\url http://ncstrl.mit.edu/Dienst/UI/2.0/Describe/ncstrl.mit_lcs/MIT/LCS/TR-212
\endref

\bib{1980/rabin}
\yr 1980
\by Michael O. Rabin
\paper Probabilistic algorithm for testing primality
\jour Journal of Number Theory
\issn 0022--314X
\vol 12
\pages 128--138
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1980/rabin
\endref

\bib{1981/rabin}
\yr 1981
\by Michael O. Rabin
\paper Fingerprinting by random polynomials
\paperinfo Harvard Aiken Computational Laboratory TR-15-81
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1981/rabin
\endref

\bib{1968/rader}
\yr 1968
\by Charles M. Rader
\paper Discrete Fourier transforms when the number of samples is prime
\jour Proceedings of the IEEE
\issn 0018--9219
\vol 56
\pages 1107--1108
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1968/rader
\endref

\bib{1976/rader}
\yr 1976
\by Charles M. Rader
\by N. M. Brenner
\paper A new principle for fast Fourier transformation
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 24
\pages 264--266
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1976/rader
\endref

\bib{1949/ramaswami}
\yr 1949
\mr 10,597b
\by V. Ramaswami
\paper The number of positive integers $\le x$ and free of prime divisors $>x^c$, and a problem of S. S. Pillai
\jour Duke Mathematical Journal
\issn 0012--7094
\vol 16
\pages 99--109
\endref

\bib{1985/ramirez}
\yr 1985
\mr 87j:94002
\by Robert W. Ramirez
\book The FFT: fundamentals and concepts
\publ Prentice-Hall
\publaddr Englewood Cliffs, New Jersey
\endref

\bib{1938/rankin}
\yr 1938
\by Robert A. Rankin
\paper The difference between consecutive prime numbers
\jour Journal of the London Mathematical Society
\issn 0024--6107
\vol 13
\pages 242--247
\endref

\bib{1970/rao}
\yr 1970
\by Thammavarapu R. N. Rao
\by Avtar K. Trehan
\paper Binary logic for residue arithmetic using magnitude index
\jour IEEE Transactions on Computers
\issn 0018--9340
\vol 19
\pages 752--757
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1970/rao
\endref

\bib{1993/reif}
\yr 1993
\isbn 1--55860--135--X
\mr 94c:68086
\editor John H. Reif
\book Synthesis of parallel algorithms
\publ Morgan Kaufman
\publaddr San Mateo, California
\endref

\bib{1985/reiner}
\yr 1985
\isbn 3--540--15674--7
\mr 86g:16003
\editor I. Reiner
\editor K. W. Roggenkamp
\book Orders and their applications: proceedings of the conference held in Oberwolfach, June 3--9, 1984
\series Lecture Notes in Mathematics
\seriesvol 1142
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1992/ribenboim}
\yr 1992
\mr 93f:13014
\by Paulo Ribenboim
\paper Fields: algebraically closed and others
\jour Manuscripta Mathematica
\issn 0025--2611
\vol 75
\pages 115--150
\endref

\bib{1989/teriele}
\yr 1989
\mr 90h:11111
\by Herman te Riele
\by Walter Lioen
\by Dik Winter
\paper Factoring with the quadratic sieve on large vector computers
\jour Journal of Computational and Applied Mathematics
\issn 0377--0427
\vol 27
\pages 267--278
\endref

\bib{1991/teriele}
\yr 1991
\mr 92i:11132
\by Herman te Riele
\by Walter Lioen
\by Dik Winter
\paper Factorization beyond the googol with MPQS on a single computer
\jour CWI Quarterly
\issn 0922--5366
\vol 4
\pages 69--72
\endref

\bib{1985/riesel-modern}
\yr 1985
\mr 87c:11122
\by Hans Riesel
\paper Modern factorization methods
\jour BIT
\issn 0006--3835
\vol 25
\pages 205--222
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1985/riesel-modern
\endref

\bib{1985/riesel-book}
\yr 1985
\isbn 0--8176--3291--3
\mr 88k:11002
\by Hans Riesel
\book Prime numbers and computer methods for factorization
\edition 1st
\publ Birkhauser
\publaddr Boston
\seenewer \cite{1994/riesel-book}
\endref

\bib{1994/riesel-book}
\yr 1994
\isbn 0817637435
\mr 95h:11142
\by Hans Riesel
\book Prime numbers and computer methods for factorization
\edition 2nd
\series Progress in Mathematics
\seriesvol 126
\publ Birkhauser
\publaddr Boston
\seeolder \cite{1985/riesel-book}
\endref

\bib{1995/rius}
\yr 1995
\by Juan M. Rius
\by R. De Porrata-D\`oria
\paper New FFT bit-reversal algorithm
\jour IEEE Transactions on Signal Processing
\issn 1053--587X
\vol 43
\pages 991--994
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1995/rius
\endref

\bib{1992/rivest}
\yr 1992
\by Ronald L. Rivest
\paper The MD5 message-digest algorithm
\paperinfo Request For Comments 1321
\url http://theory.lcs.mit.edu/~rivest/rfc1321.txt
\endref

\bib{1986/rivest}
\yr 1986
\mr 851 581
\by Ronald L. Rivest
\by Adi Shamir
\paper Efficient factoring based on partial information
\inbook \cite{1986/pichler}
\pages 31--34
\endref

\bib{1978/rivest}
\yr 1978
\by Ronald L. Rivest
\by Adi Shamir
\by Leonard M. Adleman
\paper A method for obtaining digital signatures and public-key cryptosystems
\jour Communications of the ACM
\issn 0001--0782
\vol 21
\pages 120--126
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1978/rivest
\endref

\bib{1958/robertson}
\yr 1958
\by James E. Robertson
\paper A new class of digital division methods
\jour IRE Transactions on Electronic Computers
\issn 0367--9950
\vol 7
\pages 218--222
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1958/robertson
\endref

\bib{1989/rodriguez}
\yr 1989
\by Jeffrey J. Rodr\'iguez
\paper An improved FFT digit-reversal algorithm
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 37
\pages 1298--1300
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1989/rodriguez
\endref

\bib{1995/rogaway}
\yr 1995
\by Phillip Rogaway
\paper Bucket hashing and its application to fast message authentication
\inbook \cite{1995/coppersmith-book}
\pages 29--42
\seenewer \cite{1999/rogaway}
\endref

\bib{1999/rogaway}
\yr 1999
\by Phillip Rogaway
\paper Bucket hashing and its application to fast message authentication
\jour Journal of Cryptology
\issn 0933--2790
\vol 12
\pages 91--115
\seeolder \cite{1995/rogaway}
\url http://www.cs.ucdavis.edu/~rogaway/papers/
\endref

\bib{1994/rogaway-seal}
\yr 1994
\by Phillip Rogaway
\by Don Coppersmith
\paper A software-optimized encryption algorithm
\inbook \cite{1994/anderson-book}
\pages 56--63
\seenewer \cite{1998/rogaway-seal}
\endref

\bib{1998/rogaway-seal}
\yr 1998
\by Phillip Rogaway
\by Don Coppersmith
\paper A software-optimized encryption algorithm
\jour Journal of Cryptology
\issn 0933--2790
\vol 11
\pages 273--287
\seeolder \cite{1994/rogaway-seal}
\url http://www.cs.ucdavis.edu/~rogaway/papers/
\endref

\bib{1972/rosenberg}
\yr 1972
\mr 50:1553
\by Arnold L. Rosenberg (chairman)
\book Fourth annual ACM symposium on theory of computing
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1991/rosenstiel}
\yr 1991
\by E. Rosenstiel
\by J. A. Dardis
\by C. R. Rosenstiel
\paper The four least solutions in distinct positive integers of the Diophantine equation $s=x^3+y^3=z^3+w^3=u^3+v^3=m^3+n^3$
\jour Bulletin of the Institute of Mathematics and its Applications
\issn 0905--5628
\vol 27
\pages 155--157
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1991/rosenstiel
\endref

\bib{1962/rosser}
\yr 1962
\mr 25:1139
\by J. Barkley Rosser
\by Lowell Schoenfeld
\paper Approximate formulas for some functions of prime numbers
\jour Illinois Journal of Mathematics
\issn 0019--2082
\vol 6
\pages 64--94
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1962/rosser
\endref

\bib{2000/roth}
\yr 2000
\mr 2000j:94036
\by Ron M. Roth
\by Gitit Ruckenstein
\paper Efficient decoding of Reed-Solomon codes beyond half the minimum distance
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 46
\url http://www.cs.technion.ac.il/~ronny/
\endref

\bib{1975/rounds-stoc7}
\yr 1975
\by William C. Rounds (chairman)
\book Proceedings of seventh annual ACM symposium on theory of computing: Albuquerque, New Mexico, May 5--7, 1975
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1988/royden}
\yr 1988
\by Halsey L. Royden
\book Real analysis
\edition 3rd
\publ Macmillan
\publaddr New York
\endref

\bib{1993/rueppel}
\yr 1993
\isbn 3--540--56413--6
\mr 94e:94002
\editor Rainer A. Rueppel
\book Advances in cryptology: EUROCRYPT '92
\series Lecture Notes in Computer Science
\seriesvol 658
\publ Springer
\publaddr Berlin
\endref

\bib{1989/saias}
\yr 1989
\mr 90f:11080
\by \'Eric Saias
\paper Sur le nombre des entiers sans grand facteur premier
\jour Journal of Number Theory
\issn 0022--314X
\vol 32
\pages 78--99
\endref

\bib{1992/saias}
\yr 1992
\mr 93d:11096
\by \'Eric Saias
\paper Entiers sans grand ni petit facteur premier. I
\jour Acta Arithmetica
\issn 0065--1036
\vol 61
\pages 347--374
\endref

\bib{1993/saias}
\yr 1993
\mr 94c:11089
\by \'Eric Saias
\paper Entiers sans grand ni petit facteur premier. II
\jour Acta Arithmetica
\issn 0065--1036
\vol 63
\pages 287--312
\endref

\bib{1995/saias}
\yr 1995
\mr 96g:11113
\by \'Eric Saias
\paper Entiers sans grand ni petit facteur premier. III
\jour Acta Arithmetica
\issn 0065--1036
\vol 71
\pages 351--379
\endref

\bib{1976/salamin}
\yr 1976
\mr 53:7928
\by Eugene Salamin
\paper Computation of $\pi$ using arithmetic-geometric mean
\jour Mathematics of Computation
\issn 0025--5718
\vol 30
\pages 565--570
\endref

\bib{2004/saunders}
\yr 2004
\by David Saunders
\by Zhendong Wan
\paper Smith normal form of dense integer matrices, fast algorithms into practice
\inbook \cite{2004/gutierrez-issac}
\pages 274--281
\url http://www.eecis.udel.edu/~wan/
\endref

\bib{1986/schimmler}
\yr 1986
\by Manfred Schimmler
\book Sorting on a three dimensional cube grid
\bookinfo report 8604
\publ Christian-Albrechts-Universit\"at Kiel
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/schimmler
\endref

\bib{1987/schimmler}
\yr 1987
\by Manfred Schimmler
\book Fast sorting on the instruction systolic array
\bookinfo report 8709
\publ Christian-Albrechts-Universit\"at Kiel
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1987/schimmler
\endref

\bib{1992/schirokauer}
\yr 1992
\by Oliver Schirokauer
\book On pro-finite groups and on discrete logarithms
\phdthesis
\publ University of California at Berkeley
\endref

\bib{1993/schirokauer}
\yr 1993
\mr 95c:11156
\by Oliver Schirokauer
\paper Discrete logarithms and local units
\jour Philosophical Transactions of the Royal Society of London Series A
\issn 0962--8428
\vol 345
\pages 409--423
\url http://www.jstor.org/sici?sici=0962-8428(19931115)345:1676<409:DLALU>2.0.CO;2-1
\endref

\bib{1996/schirokauer}
\yr 1996
\mr 98i:11109
\by Oliver Schirokauer
\by Damian Weber
\by Thomas Denny
\paper Discrete logarithms: the effectiveness of the index calculus method
\inbook \cite{1996/cohen}
\pages 337--361
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1996/schirokauer
\endref

\bib{1996/schneier}
\yr 1996
\isbn 0--471--12845--7
\by Bruce Schneier
\book Applied cryptography: protocols, algorithms, and source code in C
\edition 2nd
\publ Wiley
\publaddr New York
\endref

\bib{2000/schneier}
\yr 2000
\isbn 0471253111
\by Bruce Schneier
\book Secrets and lies: digital security in a networked world
\publ Wiley
\publaddr New York
\endref

\bib{1982/schnorr}
\yr 1982
\mr 83g:10003
\by Claus P. Schnorr
\paper Refined analysis and improvements on some factoring algorithms
\jour Journal of Algorithms
\issn 0196--6774
\vol 3
\pages 101--127
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1982/schnorr
\endref

\bib{1994/schnorr}
\yr 1994
\mr 95j:90064
\by Claus P. Schnorr
\by M. Euchner
\paper Lattice basis reduction: improved practical algorithms and solving subset sum problems
\jour Mathematical Programming
\issn 0025--5610
\vol 66
\pages 181--199
\endref

\bib{1984/schnorr}
\yr 1984
\mr 85d:11106
\by Claus P. Schnorr
\by Hendrik W. Lenstra, Jr.
\paper A Monte Carlo factoring algorithm with linear storage
\jour Mathematics of Computation
\issn 0025--5718
\vol 43
\pages 289--311
\endref

\bib{1986/schnorr}
\yr 1986
\by Claus P. Schnorr
\by Adi Shamir
\paper An optimal sorting algorithm for mesh-connected computers
\inbook \cite{1986/-stoc}
\pages 255--261
\endref

\bib{1966/schoenhage}
\yr 1966
\mr 34:8676
\by Arnold Sch\"onhage
\paper Multiplikation gro\ss er Zahlen
\jour Computing
\issn 0010--485X
\vol 1
\pages 182--196
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1966/schoenhage
\endref

\bib{1971/schoenhage-gcd}
\yr 1971
\by Arnold Sch\"onhage
\paper Schnelle Berechnung von Kettenbruchentwicklugen
\jour Acta Informatica
\issn 0001--5903
\vol 1
\pages 139--144
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1971/schoenhage-gcd
\endref

\bib{1975/schoenhage}
\yr 1975
\mr 57:18229
\by Arnold Sch\"onhage
\paper A lower bound for the length of addition chains
\jour Theoretical Computer Science
\issn 0304--3975
\vol 1
\pages 1--12
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1975/schoenhage
\endref

\bib{1977/schoenhage}
\yr 1977
\by Arnold Sch\"onhage
\mr 55:9604
\paper Schnelle Multiplikation von Polynomen \"uber K\"orpern der Charakteristik $2$
\jour Acta Informatica
\issn 0001--5903
\vol 7
\pages 395--398
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1977/schoenhage
\endref

\bib{1982/schoenhage}
\yr 1982
\mr 83m:68064
\by Arnold Sch\"onhage
\paper Asymptotically fast algorithms for the numerical multiplication and division of polynomials with complex coefficients
\inbook \cite{1982/calmet}
\pages 3--15
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1982/schoenhage
\endref

\bib{1991/schoenhage}
\yr 1991
\by Arnold Sch\"onhage
\paper Fast reduction and composition of binary quadratic forms
\inbook \cite{1991/watt-issac}
\pages 128--133
\endref

\bib{2000/schoenhage}
\yr 2000
\mr 2001c:68069
\by Arnold Sch\"onhage
\paper Variations on computing reciprocals of power series
\jour Information Processing Letters
\issn 0020--0190
\vol 74
\pages 41--46
\endref

\bib{1994/schoenhage}
\yr 1994
\isbn 3--411--16891--9
\mr 96c:68043
\by Arnold Sch\"onhage
\by Andreas F. W. Grotefeld
\by Ekkehart Vetter
\book Fast algorithms: a multitape Turing machine implementation
\publ Bibliographisches Institut
\publaddr Mannheim
\endref

\bib{1971/schoenhage-mult}
\yr 1971
\mr 45:1431
\by Arnold Sch\"onhage
\by Volker Strassen
\paper Schnelle Multiplikation gro\ss er Zahlen
\jour Computing
\issn 0010--485X
\vol 7
\pages 281--292
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1971/schoenhage-mult
\endref

\bib{1994/schoenhage-exact}
\yr 1994
\mr 96d:68109
\by Arnold Sch\"onhage
\by Ekkehart Vetter
\paper A new approach to resultant computations and other algorithms with exact division
\inbook \cite{1994/vanleeuwen}
\pages 448--459
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/schoenhage-exact
\endref

\bib{1982/schoof}
\yr 1982
\mr 85g:11118b
\by Ren\'e J. Schoof
\paper Quadratic fields and factorization
\inbook \cite{1982/lenstra-book2}
\pages 235--286
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1982/schoof
\endref

\bib{1985/schoof}
\yr 1985
\mr 86e:11122
\by Ren\'e J. Schoof
\paper Elliptic curves over finite fields and the computation of square roots mod $p$
\jour Mathematics of Computation
\issn 0025--5718
\vol 44
\pages 483--494
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1985/schoof
\endref

\bib{1995/schoof}
\yr 1995
\by Ren\'e J. Schoof
\paper Counting points on elliptic curves over finite fields
\jour Journal de Th\'eorie des Nombres de Bordeaux
\issn 1246--7405
\vol 7
\pages 219--254
\url http://almira.math.u-bordeaux.fr/jtnb/1995-1/schoof.ps
\endref

\bib{1979/schroeppel}
\yr 1979
\mr 82b:68039
\by Richard Schroeppel
\by Adi Shamir
\paper A $T\cdot S^2=O(2^n)$ time/space tradeoff for certain NP-complete problems
\inbook \cite{1979/-focs}
\pages 328--336
\seenewer \cite{1981/schroeppel}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1979/schroeppel
\endref

\bib{1981/schroeppel}
\yr 1981
\mr 83a:90116
\by Richard Schroeppel
\by Adi Shamir
\paper A $T=O(2^{n/2})$, $S=O(2^{n/4})$ algorithm for certain NP-complete problems
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 10
\pages 456--464
\seeolder \cite{1979/schroeppel}
\endref

\bib{1992/schweiger}
\yr 1992
\isbn 90--6764--094--8
\mr 93g:11005
\editor Fritz Schweiger
\editor Eugenijus Manstavi\v cius
\book New trends in probability and statistics, volume 2
\publ VSP
\publaddr Utrecht
\endref

\bib{1995/scott}
\yr 1995
\by Michael Scott
\paper Fast machine code for modular multiplication
\url http://www.compapp.dcu.ie/research/CA_Working_Papers/wp95.html
\endref

\bib{1983/sedgewick}
\yr 1983
\isbn 0--201--06672--6
\mr 86k:68037
\by Robert Sedgewick
\book Algorithms
\publ Addison-Wesley
\publaddr Reading
\endref

\bib{1988/sedgewick}
\yr 1988
\isbn 0--201--06673--4
\by Robert Sedgewick
\book Algorithms
\edition 2nd
\publ Addison-Wesley
\publaddr Reading
\endref

\bib{1975/selfridge}
\yr 1975
\mr 51:5461
\by John L. Selfridge
\by Marvin C. Wunderlich
\paper An efficient algorithm for testing large numbers for primality
\jour Congressus Numerantium
\issn 0384--9864
\vol 12
\pages 109--120
\endref

\bib{1995/semaev}
\yr 1995
\mr 96b:11162
\by Igor A. Semaev
\paper An algorithm for discrete logarithms over an arbitrary finite field
\jour Discrete Mathematics and Applications
\issn 0924--9265
\vol 5
\pages 107--116
\endref

\bib{1987/seysen}
\yr 1987
\mr 88d:11129
\by Martin Seysen
\paper A probabilistic factorization algorithm with quadratic forms of negative discriminant
\jour Mathematics of Computation
\issn 0025--5718
\vol 48
\pages 757--780
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1987/seysen
\endref

\bib{1981/shamir}
\yr 1981
\by Adi Shamir
\paper On the generation of cryptographically strong pseudorandom sequences
\inbook \cite{1981/even}
\pages 544--550
\endref

\bib{1971/shanks}
\yr 1971
\mr 47:4932
\by Daniel Shanks
\paper Class number, a theory of factorization, and genera
\inbook \cite{1971/lewis-book}
\pages 415--440
\endref

\bib{1973/shanks}
\yr 1973
\mr 51:8072
\by Daniel Shanks
\paper Five number-theoretic algorithms
\inbook \cite{1973/thomas}
\pages 51--70
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1973/shanks
\endref

\bib{1992/shirriff}
\yr 1992
\by Ken Shirriff
\by Curt Welch
\by Andrew Kinsman
\paper Decoding a VCR controller code
\jour Cryptologia
\vol 16
\pages 227--234
\url http://www.righto.com/papers/vcr.html
\endref

\bib{1998/shokrollahi-draft}
\yr 1998
\mr 1 731 580
\by Mohammed Amin Shokrollahi
\by Hal Wasserman
\paper Decoding algebraic-geometric codes beyond the error-correction bound
\inbook \cite{1998/-stoc}
\pages 241--248
\seenewer \cite{1999/shokrollahi}
\endref

\bib{1999/shokrollahi}
\yr 1999
\mr 99m:94057
\by Mohammed Amin Shokrollahi
\by Hal Wasserman
\paper List decoding of algebraic-geometric codes
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 45
\pages 432--437
\seeolder \cite{1998/shokrollahi-draft}
\endref

\bib{1994/shoup-irred}
\yr 1994
\by Victor Shoup
\paper Fast construction of irreducible polynomials over finite fields
\jour Journal of Symbolic Computation
\issn 0747--7171
\vol 17
\pages 371--391
\url http://shoup.net/papers
\endref

\bib{1996/shoup-mac-draft}
\yr 1996
\by Victor Shoup
\paper On fast and provably secure message authentication based on universal hashing
\inbook \cite{1996/koblitz}
\pages 313--328
\seenewer \cite{1996/shoup-mac}
\endref

\bib{1996/shoup-mac}
\yr 1996
\by Victor Shoup
\paper On fast and provably secure message authentication based on universal hashing
\url http://www.shoup.net/papers
\seeolder \cite{1996/shoup-mac-draft}
\endref

\bib{2004/shoup-games}
\yr 2004
\by Victor Shoup
\paper Sequences of games: a tool for taming complexity in security proofs
\url http://eprint.iacr.org/2004/332
\endref

\bib{1972/sieveking}
\yr 1972
\mr 47:1257
\by Malte Sieveking
\paper An algorithm for division of powerseries
\jour Computing
\issn 0010--485X
\vol 10
\pages 153--156
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1972/sieveking
\endref

\bib{1982/silverman}
\yr 1982
\by Joseph H. Silverman
\paper Integer points and the rank of Thue elliptic curves
\jour Inventiones Mathematicae
\issn 0020--9910
\vol 66
\pages 395--404
\endref

\bib{1983/silverman}
\yr 1983
\by Joseph H. Silverman
\paper Integer points on curves of genus $1$
\jour Journal of the London Mathematical Society
\issn 0024--6107
\vol 28
\pages 1--7
\endref

\bib{1997/silverman}
\yr 1997
\mr 97f:11040
\by Joseph H. Silverman
\paper Computing canonical heights with little (or no) factorization
\jour Mathematics of Computation
\issn 0025--5718
\vol 66
\pages 787--805
\url http://www.ams.org/journal-getitem?pii=S0025571897008120
\endref

\bib{2001/silverman}
\yr 2001
\isbn 3--540--42488--1
\mr 2002m:11002
\editor Joseph H. Silverman
\book Cryptography and lattices: proceedings of the 1st International Conference (CaLC 2001) held in Providence, RI, March 29--30, 2001
\series Lecture Notes in Computer Science
\seriesvol 2146
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1987/silverman}
\yr 1987
\mr 88c:11079
\by Robert D. Silverman
\paper The multiple polynomial quadratic sieve
\jour Mathematics of Computation
\issn 0025--5718
\vol 48
\pages 329--339
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1987/silverman
\endref

\bib{1991/silverman}
\yr 1991
\mr 92j:11152
\by Robert D. Silverman
\paper Massively distributed computing and factoring large integers
\jour Communications of the ACM
\issn 0001--0782
\vol 34
\pages 94--103
\endref

\bib{2000/silverman}
\yr 2000
\by Robert D. Silverman
\book A cost-based security analysis of symmetric and asymmetric key lengths
\bookinfo Bulletin 13
\publ RSA Laboratories
\publaddr Bedford, Massachusetts
\url http://www.rsasecurity.com/rsalabs/bulletins/index.html
\endref

\bib{1993/silverman}
\yr 1993
\mr 93k:11117
\by Robert D. Silverman
\by Samuel S. Wagstaff, Jr.
\paper A practical analysis of the elliptic curve factoring algorithm
\jour Mathematics of Computation
\issn 0025--5718
\vol 61
\pages 445--462
\endref

\bib{1740/simpson}
\yr 1740
\by Thomas Simpson
\book Essays on several curious and useful subjects in speculative and mix'd mathematics, illustrated by a variety of examples
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1740/simpson
\endref

\bib{1967/singleton-tapes}
\yr 1967
\by Richard C. Singleton
\paper A method for computing the fast Fourier transform with auxiliary memory and limited high-speed storage
\jour IEEE Transactions on Audio and Electroacoustics
\vol 15
\pages 91--97
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1967/singleton-tapes
\endref

\bib{1967/singleton-vm}
\yr 1967
\by Richard C. Singleton
\paper On computing the fast Fourier transform
\jour Communications of the ACM
\issn 0001--0782
\vol 10
\pages 647--654
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1967/singleton-vm
\endref

\bib{1969/singleton-356}
\yr 1969
\by Richard C. Singleton
\paper Algorithm 356: a prime number generator using the treesort principle
\jour Communications of the ACM
\issn 0001--0782
\vol 12
\pages 563
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1969/singleton-356
\endref

\bib{1969/singleton-357}
\yr 1969
\by Richard C. Singleton
\paper Algorithm 357: an efficient prime number generator
\jour Communications of the ACM
\issn 0001--0782
\vol 12
\pages 563--564
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1969/singleton-357
\endref

\bib{1969/singleton-mixed}
\yr 1969
\by Richard C. Singleton
\paper An algorithm for computing the mixed radix fast Fourier transform
\jour IEEE Transactions on Audio and Electroacoustics
\vol 17
\pages 93--103
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1969/singleton-mixed
\endref

\bib{2000/smart-comparison-draft}
\yr 2000
\by Nigel P. Smart
\paper A comparison of different finite fields for use in elliptic curve cryptosystems
\seenewer \cite{2001/smart-comparison}
\url http://www.cs.bris.ac.uk/Publications/pub_info.jsp?id=1000458
\endref

\bib{2001/smart-comparison}
\yr 2001
\by Nigel P. Smart
\paper A comparison of different finite fields for elliptic curve cryptosystems
\seeolder \cite{2000/smart-comparison-draft}
\jour Computers and Mathematics with Applications
\vol 42
\pages 91--100
\mr 2002c:94033
\endref

\bib{1990/smedley}
\yr 1990
\by Trevor J. Smedley
\paper Detecting algebraic dependencies between unnested radicals: extended abstract
\inbook \cite{1990/watanabe-issac}
\pages 292--293
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1990/smedley
\endref

\bib{1989/smith}
\yr 1989
\isbn 0--534--91572--8
\mr 91h:68002
\by Jeffrey D. Smith
\book Design and analysis of algorithms
\publ PWS-Kent
\publaddr Boston
\endref

\bib{1983/smith}
\yr 1983
\mr 86d:94020
\by J. W. Smith
\by Samuel S. Wagstaff, Jr.
\paper How to crack an RSA cryptosystem
\jour Congressus Numerantium
\issn 0384--9864
\vol 40
\pages 367--373
\endref

\bib{2000/snyder}
\yr 2000
\mr 2001g:11033
\by Noah Snyder
\paper An alternate proof of Mason's theorem
\jour Elemente der Mathematik
\issn 0013--6018
\vol 55
\pages 93--94
\url http://www.springerlink.com/openurl.asp?genre=article&issn=0013-6018&volume=55&issue=3&spage=93
\endref

\bib{2001/solinas}
\yr 2001
\by Jerome A. Solinas
\paper Low-weight binary representations for pairs of integers
\url http://www.cacr.math.uwaterloo.ca/techreports/2001/corr2001-41.ps
\endref

\bib{1977/solovay}
\yr 1977
\mr 55:2732
\by Robert M. Solovay
\by Volker Strassen
\paper A fast Monte-Carlo test for primality
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 6
\pages 84--85
\endref

\bib{1986/sorensen}
\yr 1986
\by Henrik V. Sorensen
\by Michael T. Heideman
\by C. Sidney Burrus
\paper On computing the split-radix FFT
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 34
\pages 152--156
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/sorensen
\endref

\bib{1994/sorenson-gcd}
\yr 1994
\mr 94k:11135
\by Jonathan Sorenson
\paper Two fast GCD algorithms
\jour Journal of Algorithms
\issn 0196--6774
\vol 16
\pages 110--144
\endref

\bib{1999/sorenson}
\yr 1999
\by Jonathan P. Sorenson
\paper A sublinear-time parallel algorithm for integer modular exponentiation
\inbook \cite{1999/odlyzko-fields}
\endref

\bib{2000/sorenson}
\yr 2000
\mr 2002e:11123
\by Jonathan P. Sorenson
\paper A fast algorithm for approximately counting smooth numbers
\inbook \cite{2000/bosma-book}
\pages 539--549
\endref

\bib{1994/sorenson-sieves}
\yr 1994
\mr 95h:11097
\by Jonathan P. Sorenson
\by Ian Parberry
\paper Two fast parallel prime number sieves
\jour Information and Computation
\issn 0890--5401
\vol 144
\pages 115--130
\endref

\bib{1994/spafford}
\yr 1994
\by Eugene H. Spafford
\paper UNIX and security: the influences of history
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/spafford
\endref

Section 3.2 talks about real security holes, such as buffer overflows. It blames these bugs on the inexperienced students who wrote many UNIX tools, and on the lack of testing of those tools. But I see no evidence that buffer overflows are less common in, e.g., tested software from Microsoft.

Section 3.3 talks about an extremely narrow class of security holes.

Section 4 repeats the unjustified advice to limit the number of machines with a compiler.

Appendix B is a typical list of fourteen recommendations for sysadmins, along with the unjustified assertion that these recommendations ``can make a significant improvement in your overall UNIX system security.''

This paper isn't useful for those of us who want invulnerable software.

\bib{1949/specht}
\yr 1949
\mr 11,500f
\by Wilhelm Specht
\paper Zahlenfolgen mit endlich vielen Primteilern
\jour Bayerische Akademie der Wissenschaften, Mathematisch-naturwissenschaftliche Klasse, Sitzungsberichte
\pages 149--169
\endref

\bib{2007/srinathan-indocrypt}
\yr 2007
\editor Kanna Srinathan
\editor Chandrasekaran Pandu Rangan
\editor Moti Yung
\book INDOCRYPT 2007
\publ Springer
\series Lecture Notes in Computer Science
\seriesvol 4859
\endref

\bib{2003/stam-thesis}
\yr 2003
\by Martijn Stam
\book Speeding up subgroup cryptosystems
\phdthesis
\publ Technische Universiteit Eindhoven
\url http://www.cs.bris.ac.uk/Publications/pub_by_author.jsp?id=137272
\endref

\bib{2001/stam-xtr}
\yr 2001
\mr 2003h:94049
\by Martijn Stam
\by Arjen K. Lenstra
\paper Speeding up XTR
\inbook \cite{2001/boyd-book}
\pages 125--143
\endref

\bib{1991/stasinski}
\yr 1991
\by Ryszard Stasi\'nski
\paper The techniques of the generalized fast Fourier transform algorithm
\jour IEEE Transactions on Signal Processing
\issn 1053--587X
\vol 39
\pages 1058--1069
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1991/stasinski
\endref

\bib{1973/steenrod-writing}
\yr 1973
\isbn 0--8218--0055--8
\by Norman E. Steenrod
\by Paul R. Halmos
\by Menahem M. Schiffer
\by Jean E. Dieudonne
\book How to write mathematics
\publ American Mathematical Society
\endref

\bib{2004/stehle}
\yr 2004
\by Damien Stehl\'e
\by Paul Zimmermann
\paper A binary recursive gcd algorithm
\inbook \cite{2004/buell-ants6}
\pages 411--425
\endref

\bib{1990/stephens}
\yr 1990
\by A. J. Stephens
\by Hugh C. Williams
\paper An open architecture number sieve
\inbook \cite{1990/loxton}
\pages 38--75
\endref

\bib{1999/stern}
\yr 1999
\isbn 3--540--65889--0
\mr 2000i:94001
\editor Jacques Stern
\book Advances in cryptology: EUROCRYPT '99
\series Lecture Notes in Computer Science
\seriesvol 1592
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1986/stewart}
\yr 1986
\mr 87k:11077
\by C. L. Stewart
\by Robert Tijdeman
\paper On the Oesterl\'e-Masser conjecture
\jour Monatshefte f\"ur Mathematik
\issn 0026--9255
\vol 102
\pages 251--257
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/stewart
\endref

\bib{1991/stewart}
\yr 1991
\mr 92k:11037
\by C. L. Stewart
\by Kunrui Yu
\paper On the $abc$ conjecture
\jour Mathematische Annalen
\issn 0025--5831
\vol 291
\pages 225--230
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1991/stewart
\endref

\bib{1890/stieltjes}
\yr 1890
\by Thomas Jan Stieltjes
\paper Sur la th\'eorie des nombres
\jour Annales de la Facult\'e des Sciences de Toulouse
\issn 0240--2963
\vol 4
\pages 1--103
\endref

\bib{1992/stinson-mac-draft}
\yr 1992
\by Douglas R. Stinson
\paper Universal hashing and authentication codes
\inbook \cite{1992/feigenbaum}
\pages 74--85
\seenewer \cite{1994/stinson-mac}
\endref

\bib{1994/stinson-book}
\yr 1994
\isbn 3--540--57766--1, 0--387--57766--1
\mr 95b:94002
\editor Douglas R. Stinson
\book Advances in cryptology---CRYPTO '93: 13th annual international cryptology conference, Santa Barbara, California, USA, August 22--26, 1993, proceedings
\series Lecture Notes in Computer Science
\seriesvol 773
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1994/stinson-mac}
\yr 1994
\by Douglas R. Stinson
\paper Universal hashing and authentication codes
\jour Designs, Codes and Cryptography
\issn 0925--1022
\vol 4
\pages 369--380
\seeolder \cite{1992/stinson-mac-draft}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/stinson-mac
\endref

\bib{1995/stinson-book}
\yr 1995
\mr 96k:94015
\isbn 0--8493--8521--0
\by Douglas R. Stinson
\book Cryptography: theory and practice
\publ CRC Press
\publaddr Boca Raton, Florida
\endref

\bib{1966/stockham}
\yr 1966
\by Thomas G. Stockham, Jr.
\paper High-speed convolution and correlation
\inbook \cite{1966/-afips-28}
\pages 229--233
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1966/stockham
\endref

\bib{1984/stockmeyer}
\yr 1984
\mr 85g:68018
\by Larry Stockmeyer
\by Uzi Vishkin
\paper Simulation of parallel random access machines by circuits
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 13
\pages 409--422
\endref

\bib{1973/stone}
\yr 1973
\mr 48:12792
\by Harold S. Stone
\paper An efficient parallel algorithm for the solution of a tridiagonal linear system of equations
\jour Journal of the ACM
\issn 0004--5411
\vol 20
\pages 27--38
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1973/stone
\endref

\bib{1998/storjohann}
\yr 1998
\mr 99j:65074
\by Arne Storjohann
\paper Computing Hermite and Smith normal forms of triangular integer matrices
\jour Linear Algebra and its Applications
\issn 0024--3795
\vol 282
\pages 25--45
\url http://dx.doi.org/10.1016/S0024-3795(98)10012-5
\endref

\bib{1969/strassen}
\yr 1969
\mr 40:2223
\by Volker Strassen
\paper Gaussian elimination is not optimal
\jour Numerische Mathematik
\issn 0029--599X
\vol 13
\pages 354--356
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1969/strassen
\endref

\bib{1973/strassen}
\yr 1973
\mr 48:3296
\by Volker Strassen
\paper Die Berechnungskomplexit\"at von elementarsymmetrischen Funktionen und von Interpolationskoeffizienten
\jour Numerische Mathematik
\issn 0029--599X
\vol 20
\pages 238--251
\endref

\bib{1975/strassen}
\yr 1975
\mr 54:14442
\by Volker Strassen
\paper Some results in algebraic complexity theory
\inbook \cite{1975/-icm-2}
\pages 497--501
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1975/strassen
\endref

\bib{1981/strassen}
\yr 1981
\by Volker Strassen
\paper The computational complexity of continued fractions
\inbook \cite{1981/wang}
\pages 51--67
\seenewer \cite{1983/strassen}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1981/strassen
\endref

\bib{1983/strassen}
\yr 1983
\mr 84b:12004
\by Volker Strassen
\paper The computational complexity of continued fractions
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 12
\pages 1--27
\seeolder \cite{1981/strassen}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1983/strassen
\endref

\bib{1964/straus}
\yr 1964
\by Ernst G. Straus
\paper Addition chains of vectors (problem 5125)
\jour American Mathematical Monthly
\issn 0002--9890
\vol 70
\pages 806--808
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1964/straus
\endref

\bib{1989/subbarao}
\yr 1989
\mr 93a:11105
\by M. V. Subbarao
\paper Addition chains---some results and problems
\inbook \cite{1989/mollin}
\pages 555--574
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1989/subbarao
\endref

\bib{1997/sudan}
\yr 1997
\mr 98f:94024
\by Madhu Sudan
\paper Decoding of Reed Solomon codes beyond the error-correction bound
\jour Journal of Complexity
\issn 0885--064X
\vol 13
\pages 180--193
\url http://theory.lcs.mit.edu/~madhu/bib.html
\endref

\bib{1979/swanson-type}
\yr 1979
\isbn 0--8218--0053--1
\mr 80i:00003
\by Ellen Swanson
\book Mathematics into type
\publ American Mathematical Society
\endref

\bib{1853/sylvester}
\yr 1853
\by James J. Sylvester
\paper On a fundamental rule in the algorithm of continued fractions
\jour Philosophical Magazine
\vol 6
\pages 297--299
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1853/sylvester
\endref

\bib{1996/takagi}
\yr 1996
\mr 1 615 209
\by Tsuyoshi Takagi
\by Shozo Naito
\paper The multi-variable modular polynomial and its applications to cryptography
\inbook \cite{1996/asano}
\pages 386--396
\url http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/ttakagi/Veroeffentlichungen_link.htm
\endref

\bib{1993/tate}
\yr 1993
\by Stephen R. Tate
\paper Newton iteration and integer division
\inbook \cite{1993/reif}
\pages 539--572
\endref

\bib{1994/taylor}
\yr 1994
\by Richard Taylor
\paper An integrity check value algorithm for stream ciphers
\inbook \cite{1994/stinson-book}
\pages 40--48
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/taylor
\endref

\bib{1995/taylor}
\yr 1995
\by Richard Taylor
\paper Near optimal unconditionally secure authentication
\inbook \cite{1995/desantis}
\pages 244--253
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1995/taylor
\endref

\bib{1989/teitelbaum}
\yr 1989
\mr 91g:14061
\by Jeremy T. Teitelbaum
\paper On the computational complexity of the resolution of plane curve singularities
\inbook \cite{1989/gianni}
\pages 285--292
\seenewer \cite{1990/teitelbaum}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1989/teitelbaum
\endref

\bib{1990/teitelbaum}
\yr 1990
\mr 91g:14061
\by Jeremy T. Teitelbaum
\paper On the computational complexity of the resolution of plane curve singularities
\jour Mathematics of Computation
\issn 0025--5718
\vol 54
\pages 797--837
\seeolder \cite{1989/teitelbaum}
\url http://links.jstor.org/\allowbreak sici?\allowbreak sici=\allowbreak 0025-5718\allowbreak (199004)\allowbreak 54:\allowbreak 190\allowbreak <797:\allowbreak TCCOTR>\allowbreak 2.0.CO;\allowbreak 2-R
\endref

\bib{1991/temperton}
\yr 1991
\mr 92a:65358
\by Clive Temperton
\paper Self-sorting in-place fast Fourier transforms
\jour SIAM Journal on Scientific and Statistical Computing
\issn 0196--5204
\vol 12
\pages 808--823
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1991/temperton
\endref

\bib{1993/tenenbaum}
\yr 1993
\mr 95d:11119
\by G\'erald Tenenbaum
\paper Cribler les entiers sans grand facteur premier
\jour Philosophical Transactions of the Royal Society of London Series A
\issn 0962--8428
\vol 345
\pages 377--384
\endref

\bib{2001/teske-kangaroo}
\yr 2001
\by Edlyn Teske
\paper Computing discrete logarithms with the parallelized kangaroo method
\url http://www.cacr.math.uwaterloo.ca/techreports/2001/tech_reports2001.html
\seenewer \cite{2003/teske-kangaroo}
\endref

\bib{2001/teske-survey-draft}
\yr 2001
\by Edlyn Teske
\paper Square-root algorithms for the discrete logarithm problem (a survey)
\url http://www.cacr.math.uwaterloo.ca/techreports/2001/corr2001-07.ps
\seenewer \cite{2001/teske-survey}
\endref

\bib{2001/teske-survey}
\yr 2001
\mr 2003c:11156
\by Edlyn Teske
\paper Square-root algorithms for the discrete logarithm problem (a survey)
\url http://www.cacr.math.uwaterloo.ca/~eteske/publications.html
\inbook \cite{2001/alster-pkccnt}
\pages 283--301
\endref

\bib{2003/teske-kangaroo}
\yr 2003
\mr 2004h:11112
\by Edlyn Teske
\paper Computing discrete logarithms with the parallelized kangaroo method
\jour Discrete Applied Mathematics
\vol 130
\pages 61--82
\seeolder \cite{2001/teske-kangaroo}
\endref

\bib{1973/thomas}
\yr 1973
\isbn 0--919628--07--2
\mr 50:3517
\editor R. S. D. Thomas
\editor Hugh C. Williams
\book Proceedings of the second Manitoba conference on numerical mathematics
\series Congressus Numerantium
\seriesvol 7
\publ Utilitas Mathematica
\publaddr Winnipeg, Manitoba
\endref

\bib{1991/thomborson}
\yr 1991
\by Clark D. Thomborson
\book V.42bis and other Ziv-Lempel variants
\bookinfo Computer Science Technical Report 91--02
\publ University of Minnesota
\publaddr Duluth
\seenewer \cite{1992/thomborson}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1991/thomborson
\endref

\bib{1992/thomborson}
\yr 1992
\by Clark D. Thomborson
\paper The V.42bis standard for data-compressing modems
\jour IEEE Micro
\issn 0272--1732
\vol 12
\pages 41--53
\url http://www.cs.auckland.ac.nz/~cthombor/Vita/vita.html
\seeolder \cite{1991/thomborson}
\endref

\bib{1977/thompson}
\yr 1977
\by C. D. Thompson
\by H. T. Kung
\paper Sorting on a mesh-connected parallel computer
\jour Communications of the ACM
\issn 0001--0782
\vol 20
\pages 263--271
\endref

\bib{1973/thurber}
\yr 1973
\mr 48:8429
\by Edward G. Thurber
\paper On addition chains $l(mn)\le l(n)-b$ and lower bounds for $c(r)$
\jour Duke Mathematical Journal
\issn 0012--7094
\vol 40
\pages 907--913
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1973/thurber
\endref

\bib{1976/thurber}
\yr 1976
\mr 55:5570
\by Edward G. Thurber
\paper Addition chains and solutions of $l(2n)=l(n)$ and $l(2^n-1)=n+l(n)-1$
\jour Discrete Mathematics
\issn 0012--365X
\vol 16
\pages 279--289
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1976/thurber
\endref

\bib{1999/thurber}
\yr 1999
\by Edward G. Thurber
\paper Efficient generation of minimal length addition chains
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 28
\pages 1247--1263
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1999/thurber
\endref

\bib{1989/tolimieri}
\yr 1989
\isbn 0--387--97118--1
\mr 93i:65131
\by Richard Tolimieri
\by Myoung An
\by Chao Lu
\book Algorithms for discrete Fourier transform and convolution
\publ Springer-Verlag
\publaddr New York
\endref

\bib{1891/tonelli}
\yr 1891
\by Alberto Tonelli
\paper Bemerkung \"uber die Aufl\"osung quadratischer Congruenzen
\jour Nachrichten der Akademie der Wissenschaften in G\"ottingen
\issn 0065--5295
\pages 344--346
\url http://134.76.163.65/agora_docs/55753TABLE_OF_CONTENTS.html
\endref

\bib{1963/toom}
\yr 1963
\by Andrei L. Toom
\paper The complexity of a scheme of functional elements realizing the multiplication of integers
\jour Soviet Mathematics Doklady
\issn 0197--6788
\vol 3
\pages 714--716
\endref

\bib{1976/traub-algo}
\yr 1976
\mr 54:14417
\book Algorithms and complexity: new directions and recent results
\editor Joseph F. Traub
\publ Academic Press
\publaddr New York
\endref

\bib{1976/traub}
\yr 1976
\mr 52:15938
\by Joseph F. Traub
\book Analytic computational complexity
\publ Academic Press
\publaddr New York
\endref

\bib{1987/tsao}
\yr 1987
\mr 88h:65255
\by Nai-Kuan Tsao
\paper The equivalence of decimation in time and decimation in frequency in FFT computations
\jour Journal of the Franklin Institute
\issn 0016--0032
\vol 324
\pages 43--63
\endref

\bib{2003/tsunoo}
\yr 2003
\by Yukiyasu Tsunoo
\by Teruo Saito
\by Tomoyasu Suzaki
\by Maki Shigeri
\by Hiroshi Miyauchi
\paper Cryptanalysis of DES implemented on computers with cache
\inbook \cite{2003/walter-ches}
\pages 62--76
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 2003/tsunoo
\endref

\bib{2001/tsuruoka-lucas}
\yr 2001
\by Yukio Tsuruoka
\paper Computing short Lucas chains for elliptic curve cryptosystems
\jour IEICE Transactions on Fundamentals
\vol E84-A(5)
\pages 1227--1233
\endref

\bib{1950/turing}
\yr 1950
\mr 12,208c
\by Alan M. Turing
\paper Computing machinery and intelligence
\jour MIND
\issn 0026--4423
\vol 59
\pages 433--460
\endref

\bib{1982/turk}
\yr 1982
\mr 84f:10006
\by Johannes W. M. Turk
\paper Fast arithmetic operations on numbers and polynomials
\inbook \cite{1982/lenstra-book}
\pages 43--54
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1982/turk
\endref

\bib{1991/tygar}
\yr 1991
\by J. D. Tygar
\by Bennet S. Yee
\paper Strongbox: a system for self-securing programs
\url http://www.cs.ucsd.edu/~bsy/papers.html
\endref

\bib{1969/uhrich}
\yr 1969
\by Mark L. Uhrich
\paper Fast Fourier transforms without sorting
\jour IEEE Transactions on Audio and Electroacoustics
\vol 17
\pages 170--172
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1969/uhrich
\endref

\bib{1939/uspensky}
\yr 1939
\mr 1,38d
\by J. V. Uspensky
\by Max A. Heaslet
\book Elementary number theory
\publ McGraw-Hill
\publaddr New York
\endref

\bib{1991/vallee}
\yr 1991
\mr 91i:11183
\by Brigitte Vall\'ee
\paper Generation of elements with small modular squares and provably fast integer factoring algorithms
\jour Mathematics of Computation
\issn 0025--5718
\vol 56
\pages 823--849
\endref

\bib{1989/vallee}
\yr 1989
\mr 90k:11168
\by Brigitte Vall\'ee
\by Marc Girault
\by Philippe Toffin
\paper How to guess $\ell$th roots modulo $n$ by reducing lattice bases
\inbook \cite{1989/mora}
\pages 427--442
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1989/vallee
\endref

\bib{1969/vandelune}
\yr 1969
\mr 40:1050
\by Jan van de Lune
\by Evert Wattel
\paper On the numerical solution of a differential-difference equation arising in analytic number theory
\jour Mathematics of Computation
\issn 0025--5718
\vol 23
\pages 417--421
\endref

\bib{1999/vanderhoeven}
\yr 1999
\mr 99h:65046
\by Joris van der Hoeven
\paper Fast evaluation of holonomic functions
\jour Theoretical Computer Science
\issn 0304--3975
\vol 210
\pages 199--215
\url http://www.math.u-psud.fr/~vdhoeven/
\endref

\bib{2001/vanderhoeven}
\yr 2001
\mr 2002j:30037
\by Joris van der Hoeven
\paper Fast evaluation of holonomic functions near and in regular singularities
\jour Journal of Symbolic Computation
\issn 0747--7171
\vol 31
\pages 717--743
\url http://www.math.u-psud.fr/~vdhoeven/
\endref

\bib{1995/vanderpoorten}
\yr 1995
\isbn 981--02--2334--X
\mr 96i:11103
\by Alf J. van der Poorten
\by Igor Shparlinski
\by Horst G. Zimmer
\book Number-theoretic and algebraic methods in computer science: NTAMCS '93
\publ World Scientific Publishing
\publaddr River Edge
\endref

\bib{2004/vanderpoorten}
\yr 2004
\isbn 0--8218--3353--7
\mr 2005b:11003
\editor Alf van der Poorten
\editor Andreas Stein
\book High primes and misdemeanours: lectures in honour of the 60th birthday of Hugh Cowie Williams
\publ American Mathematical Society
\publaddr Providence
\endref

\bib{1990/vanleeuwen}
\yr 1990
\isbn 0--444--88071--2
\mr 92d:68001
\editor Jan van Leeuwen
\book Handbook of theoretical computer science, volume A: algorithms and complexity
\publ Elsevier
\publaddr Amsterdam
\endref

\bib{1994/vanleeuwen}
\yr 1994
\isbn 3--540--58434--X
\mr 96c:68002
\editor Jan van Leeuwen
\book Algorithms---ESA '94: second annual European symposium, Utrecht, The Netherlands, September 26--28, 1994, proceedings
\series Lecture Notes in Computer Science
\seriesvol 855
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1992/vanloan}
\yr 1992
\isbn 0--89871--285--8
\mr 93a:65186
\by Charles van Loan
\book Computational frameworks for the fast Fourier transform
\publ Society for Industrial and Applied Mathematics
\publaddr Philadelphia
\endref

\bib{1999/vanoorschot}
\yr 1999
\by Paul C. van Oorschot
\by Michael Wiener
\paper Parallel collision search with cryptanalytic applications
\jour Journal of Cryptology
\issn 0933--2790
\vol 12
\pages 1--28
\url http://members.rogers.com/paulv/papers/pubs.html
\endref

\bib{1983/vanstone}
\yr 1983
\mr 84h:12029
\by Scott A. Vanstone
\paper The discrete logarithm problem
\jour Congressus Numerantium
\issn 0384--9864
\vol 37
\pages 119--133
\endref

\bib{1994/vanstone}
\yr 1994
\by Scott A. Vanstone
\by Robert J. Zuccherato
\paper Using four-prime RSA in which some of the bits are specified
\jour Electronics Letters
\issn 0013--5194
\vol 30
\pages 2118--2119
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/vanstone
\endref

\bib{1990/vantilburg}
\yr 1990
\by Johan van Tilburg
\paper On the McEliece public-key cryptosystem
\inbook \cite{1990/goldwasser}
\pages 119--131
\endref

If the first k bits of e are 0, i.e., if Qe = 0 where the matrix Q selects the first k bits, and if QC is invertible, then m = (QC)^(-1)Qc. More generally, if P is a permutation matrix such that QPe = 0, and if QPC is invertible, then m = (QPC)^{-1)QPc.

McEliece suggested trying random permutation matrices P. This paper suggests moving quickly from one matrix P to another matrix P' by swaps. This paper cites Lee and Brickell for an independent simultaneous discovery of the same idea.

This paper also mentions one way to slightly reduce the McEliece public key size.

\bib{2001/vaudenay-sac2001}
\yr 2001
\editor Serge Vaudenay
\editor Amr M. Youssef
\book Selected areas in cryptography: 8th annual international workshop, SAC 2001, Toronto, Ontario, Canada, August 16--17, 2001, revised papers
\series Lecture Notes in Computer Science
\seriesvol 2259
\isbn 3--540--43066--0
\publ Springer
\mr 2004k:94066
\endref

\bib{1978/velu}
\yr 1978
\by Jacques V\'elu
\paper Tests for primality under the Riemann hypothesis
\jour SIGACT
\vol 10
\pages 58--59
\endref

\bib{1989/vetterli-split}
\yr 1989
\mr 89k:94007
\by Martin Vetterli
\by Pierre Duhamel
\paper Split-radix algorithms for length-$p^m$ DFT's
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 37
\pages 57--64
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1989/vetterli-split
\endref

\bib{1984/vetterli}
\yr 1984
\mr 85m:65128
\by Martin Vetterli
\by Henri J. Nussbaumer
\paper Simple FFT and DCT algorithms with reduced number of operations
\jour Signal Processing
\issn 0165--1684
\vol 6
\pages 262--278
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1984/vetterli
\endref

\bib{2001/viega}
\yr 2001
\isbn 020172152X
\by John Viega
\by Gary McGraw
\book Building secure software: how to avoid security problems the right way
\publ Addison-Wesley
\publaddr Reading
\endref

\bib{1993/vishkin}
\yr 1993
\by Uzi Vishkin
\paper Advanced parallel prefix-sums, list ranking and connectivity
\inbook \cite{1993/reif}
\pages 215--257
\endref

\bib{preprint/voloch}
\by Jos\'e Felipe Voloch
\paper On some subgroups of the multiplicative group of finite rings
\jour Journal de Th\'eorie des Nombres de Bordeaux
\issn 1246--7405
\paperinfo to appear
\url http://www.ma.utexas.edu/users/voloch/preprint.html
\endref

\bib{1987/wagstaff}
\yr 1987
\mr 88i:11098
\by Samuel S. Wagstaff, Jr.
\by J. W. Smith
\paper Methods of factoring large integers
\inbook \cite{1987/chudnovsky}
\pages 281--303
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1987/wagstaff
\endref

\bib{1993/waldschmidt}
\yr 1993
\by Michel Waldschmidt
\paper Minorations de combinaisons lin\'eaires de logarithmes de nombres alg\'ebriques
\jour Canadian Journal of Mathematics
\issn 0008--414X
\vol 45
\pages 176--224
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1993/waldschmidt
\endref

\bib{1990/walker}
\yr 1990
\by James S. Walker
\paper A new bit reversal algorithm
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 38
\pages 1472--1473
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1990/walker
\endref

\bib{1992/walker}
\yr 1992
\by John Walker
\book The hacker's diet: how to lose weight and hair through stress and poor nutrition
\url http://www.fourmilab.ch/hackdiet/
\endref

\bib{2003/walter-ches}
\yr 2003
\isbn 3--540--40833--9
\editor Colin D. Walter
\editor Cetin K. Koc
\editor Christof Paar
\book Cryptographic hardware and embedded systems---CHES 2003
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{1999/wang-lucas}
\yr 1999
\by C. T. Wang
\by C. C. Chang
\by Chu-Hsing Lin
\paper A method for computing Lucas sequences
\jour Computers and Mathematics with Applications
\vol 38
\pages 187--196
\url http://islab.cis.thu.edu.tw/files/teacher/92.pdf
\endref

\bib{1980/wang-gcd}
\yr 1980
\by Paul S. Wang
\paper The EEZ-GCD algorithm
\jour SIGSAM Bulletin
\issn 0163--5825
\vol 14
\pages 50--60
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1980/wang-gcd
\endref

\bib{1981/wang}
\yr 1981
\isbn 0--89791--047--8
\editor Paul S. Wang
\book SYM-SAC '81: proceedings of the 1981 ACM Symposium on Symbolic and Algebraic Computation, Snowbird, Utah, August 5--7, 1981
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{2004/wang}
\yr 2004
\by Xiaoyun Wang
\by Dengguo Feng
\by Xuejia Lai
\by Hongbo Yu
\paper Collisions for hash functions MD4, MD5, HAVAL--128 and RIPEMD
\url http://eprint.iacr.org/2004/199/
\endref

\bib{1948/ward}
\yr 1948
\by Morgan Ward
\paper Euler's problem on sums of three fourth powers
\jour Duke Mathematical Journal
\issn 0012--7094
\vol 15
\pages 827--837
\endref

\bib{1990/watanabe-issac}
\yr 1990
\isbn 0--201--54892--5
\editor Shunro Watanabe
\editor Morio Nagata
\book Proceedings of the international symposium on symbolic and algebraic computation '90
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1991/watt-issac}
\yr 1991
\isbn 0--89791--437--6
\editor Stephen M. Watt
\book Proceedings of the 1991 international symposium on symbolic and algebraic computation, July 15--17, 1991, Bonn, West Germany
\publ Association for Computing Machinery
\publaddr New York
\endref

\bib{1995/weber}
\yr 1995
\by Damian Weber
\paper An implementation of the general number field sieve to compute discrete logarithms mod $p$
\inbook \cite{1995/guillou}
\pages 95--105
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1995/weber
\endref

\bib{1996/weber}
\yr 1996
\mr 98k:11186
\by Damian Weber
\paper Computing discrete logarithms with the general number field sieve
\inbook \cite{1996/cohen}
\pages 391--403
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1996/weber
\endref

\bib{1998/weber}
\yr 1998
\mr 99i:94057
\by Damian Weber
\by Thomas Denny
\paper The solution of McCurley's discrete log challenge
\inbook \cite{1998/krawczyk}
\pages 458--471
\endref

\bib{1993/wegener}
\yr 1993
\by Ingo Wegener
\paper Bottom-up-heapsort, a new variant of heapsort, beating, on average, quicksort (if $n$ is not very small)
\jour Theoretical Computer Science
\issn 0304--3975
\vol 118
\pages 81--98
\endref

\bib{1979/wegman}
\yr 1979
\by Mark N. Wegman
\by J. Lawrence Carter
\paper New classes and applications of hash functions
\inbook \cite{1979/-focs}
\pages 175--182
\seenewer \cite{1981/wegman}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1979/wegman
\endref

\bib{1981/wegman}
\yr 1981
\mr 82i:68017
\by Mark N. Wegman
\by J. Lawrence Carter
\paper New hash functions and their use in authentication and set equality
\jour Journal of Computer and System Sciences
\issn 0022--0000
\vol 22
\pages 265--279
\seeolder \cite{1979/wegman}
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1981/wegman
\endref

\bib{1948/weil}
\yr 1948
\mr 10:262c
\by Andr\'e Weil
\book Sur les courbes alg\'ebriques et les vari\'et\'es qui s'en d\'eduisent
\publ Hermann et Cie.
\publaddr Paris
\endref

\bib{1958/weinberger}
\yr 1958
\by Arnold Weinberger
\by J. L. Smith
\paper A logic for high-speed addition
\jour National Bureau of Standards Circular
\issn 0096--9648
\vol 591
\pages 3--12
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1958/weinberger
\endref

\bib{1983/werner}
\yr 1983
\isbn 90--277--1571--8
\mr 84h:65004
\editor Helmut Werner
\editor Luc Wuytack
\editor Esmond Ng
\editor Hans J. B\"unger
\book Computational aspects of complex analysis
\publ D. Reidel
\publaddr Dordrecht, Holland
\endref

\bib{1968/western}
\yr 1968
\by A. E. Western
\by J. C. P. Miller
\book Tables of indices and primitive roots
\publ Cambridge University Press
\endref

\bib{1995/wheeler}
\yr 1995
\by David J. Wheeler
\by Roger M. Needham
\paper TEA, a tiny encryption algorithm
\inbook \cite{1995/preneel-fse}
\pages 363--366
\endref

\bib{1984/white}
\yr 1984
\by Stanley A. White (chairman)
\book 1984 international conference on acoustics, speech, and signal processing
\publ Institute of Electrical and Electronics Engineers
\publaddr New York
\endref

\bib{1986/wiedemann}
\yr 1986
\mr 87g:11166
\by Douglas H. Wiedemann
\paper Solving sparse linear equations over finite fields
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 32
\pages 54--62
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1986/wiedemann
\endref

\bib{1999/wiener}
\yr 1999
\isbn 3--5540--66347--9
\mr 2000h:94003
\editor Michael Wiener
\book Advances in cryptology---CRYPTO '99
\series Lecture Notes in Computer Science
\seriesvol 1666
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2004/wiener-fullcost}
\yr 2004
\by Michael J. Wiener
\paper The full cost of cryptanalytic attacks
\jour Journal of Cryptology
\issn 0933--2790
\vol 17
\pages 105--124
\url http://www3.sympatico.ca/wienerfamily/Michael/
\endref

\bib{1986/wilf}
\yr 1986
\isbn 0--13--021973--8
\mr 88j:68073
\by Herbert S. Wilf
\book Algorithms and complexity
\publ Prentice-Hall
\publaddr Englewood Cliffs, New Jersey
\endref

\bib{1972/williams}
\yr 1972
\mr 51:320
\by Hugh C. Williams
\paper Some algorithms for solving $x^q\equiv N\pmod p$
\inbook \cite{1972/hoffman}
\pages 451--462
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1972/williams
\endref

\bib{1980/williams}
\yr 1980
\by Hugh C. Williams
\paper A modification of the RSA public-key encryption procedure
\jour IEEE Transactions on Information Theory
\issn 0018--9448
\vol 26
\pages 726--729
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1980/williams
\endref

\bib{1982/williams}
\yr 1982
\mr 83h:10016
\by Hugh C. Williams
\paper A $p+1$ method of factoring
\jour Mathematics of Computation
\issn 0025--5718
\vol 39
\pages 225--234
\endref

\bib{1984/williams-overview}
\yr 1984
\by Hugh C. Williams
\paper An overview of factoring
\inbook \cite{1984/chaum}
\pages 71--80
\endref

\bib{1984/williams-computer}
\yr 1984
\mr 85h:11079
\by Hugh C. Williams
\paper Factoring on a computer
\jour The Mathematical Intelligencer
\vol 6
\pages 29--36
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1984/williams-computer
\endref

\bib{1986/williams}
\yr 1986
\isbn 3--540--16463--4
\editor Hugh C. Williams
\book Advances in cryptology: CRYPTO '85
\series Lecture Notes in Computer Science
\seriesvol 218
\publ Springer
\publaddr Berlin
\endref

\bib{1978/williams}
\yr 1978
\by Hugh C. Williams
\by R. Holte
\paper Some observations on primality testing
\jour Mathematics of Computation
\issn 0025--5718
\vol 32
\pages 905--917
\endref

\bib{1976/williams}
\yr 1976
\mr 54:2574
\by Hugh C. Williams
\by J. S. Judd
\paper Some algorithms for prime testing using generalized Lehmer functions
\jour Mathematics of Computation
\issn 0025--5718
\vol 30
\pages 867--886
\endref

\bib{1994/williams}
\yr 1994
\mr 95m:11143
\by Hugh C. Williams
\by Jeffrey O. Shallit
\paper Factoring integers before computers
\inbook \cite{1994/gautschi}
\pages 481--531
\endref

\bib{1987/williams}
\yr 1987
\mr 88i:11099
\by Hugh C. Williams
\by Marvin C. Wunderlich
\paper On the parallel generation of the residues for the continued fraction factoring algorithm
\jour Mathematics of Computation
\issn 0025--5718
\vol 48
\pages 405--423
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1987/williams
\endref

\bib{1964/williams}
\yr 1964
\by John W. J. Williams
\paper Algorithm 232: Heapsort
\jour Communications of the ACM
\issn 0001--0782
\vol 7
\pages 347--348
\endref

\bib{1993/williams-root}
\yr 1993
\mr 93k:11003
\by Kenneth S. Williams
\by Kenneth Hardy
\paper A refinement of H. C. Williams' $q$th root algorithm
\jour Mathematics of Computation
\issn 0025--5718
\vol 61
\pages 475--483
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1993/williams-root
\endref

\bib{1996/winkler}
\yr 1996
\isbn 3--211--82759--5
\mr 97j:68063
\by Franz Winkler
\book Polynomial algorithms in computer algebra
\publ Springer-Verlag
\publaddr Wien
\endref

\bib{1968/winograd}
\yr 1968
\by Shmuel Winograd
\paper A new algorithm for inner product
\jour IEEE Transactions on Computers
\issn 0018--9340
\vol 17
\pages 693--694
\endref

\bib{1970/winograd}
\yr 1970
\mr 41:4778
\by Shmuel Winograd
\paper On the number of multiplications necessary to compute certain functions
\jour Communications on Pure and Applied Mathematics
\issn 0010--3640
\vol 23
\pages 165--179
\endref

\bib{1978/winograd}
\yr 1978
\by Shmuel Winograd
\paper On computing the discrete Fourier transform
\jour Mathematics of Computation
\issn 0025--5718
\vol 32
\pages 175--199
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1978/winograd
\endref

\bib{1979/winograd}
\yr 1979
\mr 80e:68080
\by Shmuel Winograd
\paper On the multiplicative complexity of the discrete Fourier transform
\jour Advances in Mathematics
\issn 0001--8708
\vol 32
\pages 83--117
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1979/winograd
\endref

\bib{1980/winograd}
\yr 1980
\isbn 0--89871--163--0
\mr 81k:68039
\by Shmuel Winograd
\book Arithmetic complexity of computations
\series CBMS-NSF Regional Conference Series in Applied Mathematics
\seriesvol 33
\publ Society for Industrial and Applied Mathematics
\publaddr Philadelphia
\endref

\bib{1995/wirth}
\yr 1995
\by Niklaus Wirth
\paper A plea for lean software
\jour IEEE Computer
\vol 28
\pages 64--68
\url http://www-inst.eecs.berkeley.edu/~maratb/readings.html
\endref

\bib{1961/wood}
\yr 1961
\by T. C. Wood
\paper Algorithm 35: sieve
\jour Communications of the ACM
\issn 0001--0782
\vol 4
\pages 151
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1961/wood
\endref

\bib{1979/wunderlich}
\yr 1979
\by Marvin C. Wunderlich
\paper A running time analysis of Brillhart's continued fraction factoring method
\inbook \cite{1979/nathanson}
\pages 328--342
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1979/wunderlich
\endref

\bib{1984/wunderlich}
\yr 1984
\by Marvin C. Wunderlich
\paper Factoring numbers on the massively parallel computer
\inbook \cite{1984/chaum}
\pages 87--102
\endref

The Massively Parallel Processor (MPP) is a high speed parallel bit processor which has been designed and built by Goodyear Aeronautics for NASA. ... This computer system represents a major departure from the single processor, stored program concept which has dominated the computer industry for the past 30 years. ... 16,384 individual processing elements (PE's) which are arranged in a 128 x 128 bit plane. Each processor has its own memory consisting of 1024 bits ... 16,384 divisions [of 120-bit numbers by 20-bit numbers] can be done in 241,100 nano-seconds.

\bib{1985/wunderlich}
\yr 1985
\mr 86d:11104
\by Marvin C. Wunderlich
\paper Implementing the continued fraction factoring algorithm on parallel machines
\jour Mathematics of Computation
\issn 0025--5718
\vol 44
\pages 251--260
\endref

\bib{1993/xuan}
\yr 1993
\mr 94j:11095
\by Ti Zuo Xuan
\paper On the asymptotic behavior of the Dickman-de Bruijn function
\jour Mathematische Annalen
\issn 0025--5831
\vol 297
\pages 519--533
\endref

\bib{1995/xuan}
\yr 1995
\mr 96c:11106
\by Ti Zuo Xuan
\paper Integers with no large prime factors
\jour Acta Arithmetica
\issn 0065--1036
\vol 69
\pages 303--327
\endref

\bib{1999/xuan}
\yr 1999
\mr 2000d:11110
\by Ti Zuo Xuan
\paper On smooth integers in short intervals under the Riemann hypothesis
\jour Acta Arithmetica
\issn 0065--1036
\vol 88
\pages 327--332
\endref

\bib{1991/yacobi}
\yr 1991
\mr 1 102 485
\by Yacov Yacobi
\paper Exponentiating faster with addition chains
\inbook \cite{1991/damgard}
\pages 222--229
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1991/yacobi
\endref

\bib{1976/yao}
\yr 1976
\mr 52:16128
\by Andrew C. Yao
\paper On the evaluation of powers
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 5
\pages 100--103
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1976/yao
\endref

\bib{1982/yao}
\yr 1982
\by Andrew C. Yao
\paper Theory and applications of trapdoor functions
\inbook \cite{1982/-focs}
\pages 80--91
\endref

\bib{1978/yarlagadda}
\yr 1978
\by Rao Yarlagadda (chairman)
\book 1978 international conference on acoustics, speech, and signal processing
\publ Institute of Electrical and Electronics Engineers
\publaddr New York
\endref

\bib{1973/yau-crt}
\yr 1973
\by Stephen Sik-Sang Yau
\by Yu-Cheng Liu
\paper Error correction in redundant residue number systems
\jour IEEE Transactions on Computers
\issn 0018--9340
\vol 22
\pages 5--11
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1973/yau-crt
\endref

\bib{1968/yavne}
\yr 1968
\by R. Yavne
\paper An economical method for calculating the discrete Fourier transform
\inbook \cite{1968/-afips-33}
\pages 115--125
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1968/yavne
\endref

\bib{1991/yong}
\yr 1991
\by Angelo A. Yong
\paper A better FFT bit-reversal algorithm without tables
\jour IEEE Transactions on Signal Processing
\issn 1053--587X
\vol 39
\pages 2365--2367
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1991/yong
\endref

\bib{1988/young}
\yr 1988
\mr 89b:11012
\by Jeff Young
\by Duncan A. Buell
\paper The twentieth Fermat number is composite
\jour Mathematics of Computation
\issn 0025--5718
\vol 50
\pages 261--263
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1988/young
\endref

\bib{1995/ypma}
\yr 1995
\mr 97b:01003
\by Tjalling J. Ypma
\paper Historical development of the Newton-Raphson method
\jour SIAM Review
\issn 1095--7200
\vol 37
\pages 531--551
\endref

\bib{1979/yun}
\yr 1979
\mr 80e:68129
\by David Y. Y. Yun
\paper Uniform bounds for a class of algebraic mappings
\jour SIAM Journal on Computing
\issn 0097--5397
\vol 8
\pages 348--356
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1979/yun
\endref

\bib{1983/yun}
\yr 1983
\mr 85a:65049
\by David Y. Y. Yun
\paper On the use of a class of algebraic mappings techniques for some problems in complex analysis
\inbook \cite{1983/werner}
\pages 361--377
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1983/yun
\endref

\bib{2002/yung-book}
\yr 2002
\isbn 3--540--44050--X
\editor Moti Yung
\book Advances in cryptology---CRYPTO 2002: 22nd annual international cryptology conference, Santa Barbara, California, USA, August 2002, proceedings
\series Lecture Notes in Computer Science
\seriesvol 2442
\publ Springer-Verlag
\publaddr Berlin
\endref

\bib{2006/yung-pkc2006}
\yr 2006
\isbn 978--3--540--33851--2
\editor Moti Yung
\editor Yevgeniy Dodis
\editor Aggelos Kiayias
\editor Tal Malkin
\book 9th international conference on theory and practice in public-key cryptography, New York, NY, USA, April 24--26, 2006, proceedings
\series Lecture Notes in Computer Science
\seriesvol 3958
\publ Springer
\endref

\bib{1983/zajta}
\yr 1983
\by Aurel J. Zajta
\paper Solutions of the diophantine equation $A^4+B^4=C^4+D^4$
\jour Mathematics of Computation
\issn 0025--5718
\vol 41
\pages 635--659
\endref

\bib{1991/zantema}
\yr 1991
\mr 92i:68064
\by Hans Zantema
\paper Minimizing sums of addition chains
\jour Journal of Algorithms
\issn 0196--6774
\vol 12
\pages 281--307
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1991/zantema
\endref

\bib{1998/zhou}
\yr 1998
\by Feng Zhou
\by Peter Kornerup
\jour The Journal of VLSI Signal Processing
\vol 20
\pages 219--232
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1998/zhou
\endref

These claims are patently absurd. The size-16 claim contradicts a 1973 theorem of Morgenstern. The size-64 claim contradicts Figure 1 of this paper, which obviously has many more than 234 additions.

After half an hour with this paper I've found several blatant errors and no new ideas. I get the feeling that the authors didn't make even a minimal effort to write software to check their claims.

When I contacted one of the authors, he said that he was ``quite certain'' in his figures because he had received no objections from the reviewers or from other readers. Evidently the authors thought that it was the referees' responsibility, rather than the authors' responsibility, to ensure the correctness of the paper, even though verification is generally much more time-consuming for referees than for authors. If there hadn't been a refereeing system, perhaps the authors would have been more careful and would have caught their own mistakes.

\bib{1970/zobrist}
\yr 1970
\by Albert L. Zobrist
\paper A hashing method with applications for game playing
\paperinfo Technical Report 88, Computer Sciences Department, University of Wisconsin
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1970/zobrist
\endref

\bib{1979/zohar}
\yr 1979
\mr 81a:94011
\by Shalhav Zohar
\paper A prescription of Winograd's discrete Fourier transform algorithm
\jour IEEE Transactions on Acoustics, Speech, and Signal Processing
\issn 0096--3518
\vol 27
\pages 409--421
\endref

\bib{1994/zuras}
\yr 1994
\by Dan Zuras
\paper More on squaring and multiplying large integers
\jour IEEE Transactions on Computers
\issn 0018--9340
\vol 43
\pages 899--908
\url https://cr.yp.to/\allowbreak bib/\allowbreak entries.html#\allowbreak 1994/zuras
\endref