Abstract
We give a sieving algorithm for finding pairs of consecutive smooth numbers that utilizes solutions to the Prouhet-Tarry-Escott (PTE) problem. Any such solution induces two degree-n polynomials, a(x) and b(x), that differ by a constant integer C and completely split into linear factors in \(\mathbb {Z}[x]\). It follows that for any \(\ell \in \mathbb {Z}\) such that \(a(\ell ) \equiv b(\ell ) \equiv 0 \bmod {C}\), the two integers \(a(\ell )/C\) and \(b(\ell )/C\) differ by 1 and necessarily contain n factors of roughly the same size. For a fixed smoothness bound B, restricting the search to pairs of integers that are parameterized in this way increases the probability that they are B-smooth. Our algorithm combines a simple sieve with parametrizations given by a collection of solutions to the PTE problem.
The motivation for finding large twin smooth integers lies in their application to compact isogeny-based post-quantum protocols. The recent key exchange scheme B-SIDH and the recent digital signature scheme SQISign both require large primes that lie between two smooth integers; finding such a prime can be seen as a special case of finding twin smooth integers under the additional stipulation that their sum is a prime p.
When searching for cryptographic parameters with \(2^{240} \le p <2^{256}\), an implementation of our sieve found primes p where \(p+1\) and \(p-1\) are \(2^{15}\)-smooth; the smoothest prior parameters had a similar sized prime for which \(p-1\) and \(p+1\) were \(2^{19}\)-smooth. In targeting higher security levels, our sieve found a 376-bit prime lying between two \(2^{21}\)-smooth integers, a 384-bit prime lying between two \(2^{22}\)-smooth integers, and a 512-bit prime lying between two \(2^{28}\)-smooth integers. Our analysis shows that using previously known methods to find high-security instances subject to these smoothness bounds is computationally infeasible.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The elliptic curves that arise for \(n=10\) and \(n=12\) have Mordell-Weil-groups \(\mathbb {Z}/4\mathbb {Z}\times \mathbb {Z}/2\mathbb {Z}\times \mathbb {Z}\) resp. \(\mathbb {Z}/4\mathbb {Z}\times \mathbb {Z}/2\mathbb {Z}\times \mathbb {Z}\times \mathbb {Z}\). Thus there are eight torsion points in each case, and the non-torsion groups are generated by one resp. two non-torsion points.
- 2.
We assume that the smoothness bound is aggressive enough to make the smooth integers sparse.
- 3.
The total number of inputs required for this (including the ones which lead to non-integer polynomial values) depends on the PTE solution and associated constant in use, and can easily be computed via the CRT approach described before.
- 4.
It is beyond the scope of this work to make any statements about the probability of a prime sum, except to say that in practice we observe that twin smooth sums have a much higher probability of being prime than a random number of the same size.
References
Balog, A., Wooley, T.: On strings of consecutive integers with no large prime factors. J. Austral. Math. Soc. (Series A) 64, 266–276 (1998)
Bernstein, D.J.: Arbitrarily tight bounds on the distribution of smooth integers. In: Proceedings of the Millennial Conference on Number Theory, pp. 49–66 (2002)
Bernstein, D.J.: How to find smooth parts of integers (2004). http://cr.yp.to/papers.html#smoothparts
Bernstein, D.J., De Feo, L., Leroux, A., Smith, B.: Faster computation of isogenies of large prime degree. In: ANTS-XIV: Fourteenth Algorithmic Number Theory Symposium (2020). https://eprint.iacr.org/2020/341
Borwein, P.: The Prouhet-Tarry-Escott problem. In: Computational Excursions in Analysis and Number Theory, pp. 85–95. Springer, New York (2002). https://doi.org/10.1007/978-0-387-21652-2_11
Borwein, P., Ingalls, C.: The Prouhet-Tarry-Escott problem revisited. http://www.cecm.sfu.ca/personal/pborwein/PAPERS/P98.pdf
Caley, T.: The Prouhet-Tarry-Escott problem. Ph.D. thesis, University of Waterloo (2012)
Costello, C.: B-SIDH: supersingular isogeny Diffie-Hellman using twisted torsion. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 440–463. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_15
Crandall, R., Pomerance, C.B.: Prime Numbers: A Computational Perspective, vol. 182. Springer, New York (2006). https://doi.org/10.1007/0-387-28979-8
De Feo, L., Kohel, D., Leroux, A., Petit, C., Wesolowski, B.: SQISign: compact post-quantum signatures from quaternions and isogenies. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 64–93. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_3
Gloden, A.: Mehrgradige Gleichungen. Noordhoff (1944)
Granville, A.: Smooth numbers: computational number theory and beyond. Algorithmic Num. Theory Latt. Number Fields, Curves Cryptogr. 44, 267–323 (2008)
Hildebrand, A.: On a conjecture of Balog. Proc. Am. Math. Soc. 95(4), 517–523 (1985)
Jao, D., et al.: SIKE: Supersingular Isogeny Key Encapsulation (2017). Manuscript sike.org/
Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: PQCrypto, pp. 19–34 (2011)
Karp, R.M.: Reducibility among combinatorial problems. In: Jünger, M., et al. (eds.) 50 Years of Integer Programming 1958–2008, pp. 219–241. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-540-68279-0_8
Kleiman, H.: A note on the Tarry-Escott problem. J. Reine Angew. Math. 278(279), 48–51 (1975)
Lehmer, D.H.: On a problem of Störmer. Illinois J. Math. 8(1), 57–79 (1964)
Martin, G.: An asymptotic formula for the number of smooth values of a polynomial. J. Number Theory 93, 108–182 (2002)
Pomerance, C.: The Role of Smooth Numbers in Number Theoretic Algorithms. In: Chatterji, S.D. (ed.) Proceedings of the International Congress of Mathematicians, pp. 411–422. Birkhäuser Basel, Basel (1995). https://doi.org/10.1007/978-3-0348-9078-6_34
Rees, E., Smyth, C.: On the constant in the Tarry-Escott problem. In: Langevin, M., Waldschmidt, M. (eds.) Cinquante Ans de Polynômes Fifty Years of Polynomials. LNM, vol. 1415, pp. 196–208. Springer, Heidelberg (1990). https://doi.org/10.1007/BFb0084888
Shuwen, C.: The Prouhet-Tarry-Escott Problem. http://eslpower.org/TarryPrb.htm
Smyth, C.J.: Ideal 9th-order multigrades and Letac’s elliptic curve. Math. Comput. 57(196), 817–823 (1991)
Sorenson, J.P.: A fast algorithm for approximately counting smooth numbers. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 539–549. Springer, Heidelberg (2000). https://doi.org/10.1007/10722028_36
Størmer, C.: Quelques théorèmes sur l’équation de Pell \(x^2-dy^2=\pm 1\) et leurs applications. Christiania Videnskabens Selskabs Skrifter, Math. Nat. Kl, (2), 48 (1897)
The National Institute of Standards and Technology (NIST): Submission requirements and evaluation criteria for the post-quantum cryptography standardization process, December 2016. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf
Vélu, J.: Isogénies entre courbes elliptiques. C.R. Acad. Sc. Paris, Série A., 271, 238–241 (1971)
Wright, E.: On Tarry’s problem (I). Quart. J. Math. 1, 261–267 (1935)
Wróblewski, J., Choudhry, A.: Ideal solutions of the Tarry-Escott problem of degree eleven with applications to sums of thirteenth powers. Hardy-Ramanujan J., 31 2008
Acknowledgments
We thank Patrick Longa for his help with implementing the smoothness sieve in C, and Fabio Campos for running and overseeing some of our experiments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Costello, C., Meyer, M., Naehrig, M. (2021). Sieving for Twin Smooth Integers with Solutions to the Prouhet-Tarry-Escott Problem. In: Canteaut, A., Standaert, FX. (eds) Advances in Cryptology – EUROCRYPT 2021. EUROCRYPT 2021. Lecture Notes in Computer Science(), vol 12696. Springer, Cham. https://doi.org/10.1007/978-3-030-77870-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-77870-5_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-77869-9
Online ISBN: 978-3-030-77870-5
eBook Packages: Computer ScienceComputer Science (R0)
