# Simon R. Blackburn's research while affiliated with Royal Holloway, University of London and other places

**What is this page?**

This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.

It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.

If you're a ResearchGate member, you can follow this page to keep up with this author's work.

If you are this author, and you don't want us to display this page anymore, please let us know.

It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.

If you're a ResearchGate member, you can follow this page to keep up with this author's work.

If you are this author, and you don't want us to display this page anymore, please let us know.

## Publications (101)

Let $p$ be a fixed prime. We show that the number of isomorphism classes of finite rings of order $p^n$ is $p^\alpha$, where $\alpha=\frac{4}{27}n^3+O(n^{5/2})$. This result was stated (with a weaker error term) by Kruse and Price in 1969; a problem with their proof was pointed out by Knopfmacher in 1973. We also show that the number of isomorphism...

Let n and ℓ be positive integers. Recent papers by Kreher, Stinson, and Veitch have explored variants of the problem of ordering the points in a triple system (such as a Steiner triple system [STS], directed triple system, or Mendelsohn triple system) on n points so that no block occurs in a segment of ℓ consecutive entries (thus the ordering is lo...

Recent papers by Kreher, Stinson and Veitch have explored variants of the problem of ordering the points in a triple system (such as a Steiner triple system, directed triple system or Mendelsohn triple system) so that no block occurs in a short segment of consecutive entries (so the ordering is locally block-avoiding). The paper describes a greedy...

There has been much recent interest in private information retrieval (PIR) in models where a database is stored across several servers using coding techniques from distributed storage, rather than being a simply replicated. In particular, a recent breakthrough result of Fazelli, Vardy, and Yaakobi introduces the notion of a PIR code and a PIR array...

Shah, Rashmi and Ramchandran recently considered a model for Private Information Retrieval (PIR) where a user wishes to retrieve one of several Ä-bit messages from a set of n non-colluding servers. Their security model is information-theoretic. Their paper is the first to consider a model for PIR in which the database is not necessarily replicated,...

Let π be a permutation of {1,2,…,n}. If we identify a permutation with its graph, namely the set of n dots at positions (i,π(i)), it is natural to consider the minimum L1 (Manhattan) distance, d(π), between any pair of dots. The paper computes the expected value (and higher moments) of d(π) when n→∞ and π is chosen uniformly, and settles a conjectu...

An inglenook puzzle is a classic shunting (switching) puzzle often found on model railway layouts. A collection of wagons sits in a fan of sidings with a limited length headshunt (lead track). The aim of the puzzle is to rearrange the wagons into a desired order (often a randomly chosen order). This article answers the question: When can you be sur...

There has been much recent interest in Private information Retrieval (PIR) in models where a database is stored across several servers using coding techniques from distributed storage, rather than being simply replicated. In particular, a recent breakthrough result of Fazelli, Vardy and Yaakobi introduces the notion of a PIR code and a PIR array co...

Shah, Rashmi and Ramchandran recently considered a model for Private Information Retrieval (PIR) where a user wishes to retrieve one of several $R$-bit messages from a set of $n$ non-colluding servers. Their security model is information-theoretic. Their paper is the first to consider a model for PIR in which the database is not necessarily replica...

We present a novel cryptanalysis of the Algebraic Eraser primitive. This key agreement scheme, based on techniques from permutation groups, matrix groups and braid groups, is proposed as an underlying technology for ISO/IEC 29167-20, which is intended for authentication of RFID tags. SecureRF, the company owning the trademark Algebraic Eraser, mark...

There has been much recent interest in Private information Retrieval (PIR) in models where a database is stored across several servers using coding techniques from distributed storage, rather than being simply replicated. In particular, a recent breakthrough result of Fazelli, Vardy and Yaakobi introduces the notion of a PIR array code, and uses th...

The Algebraic Eraser has been gaining prominence as SecureRF, the company commercializing the algorithm, increases its marketing reach. The scheme is claimed to be well-suited to IoT applications but a lack of detail in available documentation has hampered peer-review. Recently more details of the system have emerged after a tag authentication prot...

The Algebraic Eraser has been gaining prominence as SecureRF, the company commercializing the algorithm, increases its marketing reach. The scheme is claimed to be well-suited to IoT applications but a lack of detail in available documentation has hampered peer-review. Recently more details of the system have emerged after a tag authentication prot...

The Pearson distance has been advocated for improving the error performance
of noisy channels with unknown gain and offset. The Pearson distance can only
fruitfully be used for sets of $q$-ary codewords, called Pearson codes, that
satisfy specific properties. We will analyze constructions and properties of
optimal Pearson codes. We will compare the...

Anshel, Anshel, Goldfeld and Lemieaux introduced the Colored Burau Key
Agreement Protocol (CBKAP) as the concrete instantiation of their Algebraic
Eraser scheme. This scheme, based on techniques from permutation groups, matrix
groups and braid groups, is designed for lightweight environments such as RFID
tags and other IoT applications. It is propo...

K.A.S. Immink and J.H. Weber recently defined and studied a channel with both
gain and offset mismatch, modelling the behaviour of charge-leakage in flash
memory. They proposed a decoding measure for this channel based on minimising
Pearson distance (a notion from cluster analysis). The paper derives a formula
for maximum likelihood decoding for th...

Separable codes were defined by Cheng and Miao in 2011, motivated by
applications to the identification of pirates in a multimedia setting.
Combinatorially, $\overline{t}$-separable codes lie somewhere between
$t$-frameproof and $(t-1)$-frameproof codes: all $t$-frameproof codes are
$\overline{t}$-separable, and all $\overline{t}$-separable codes a...

We say that a set $S$ is additively decomposed into two sets $A$ and $B$ if
$S = \{a+b : a\in A, \ b \in B\}$. A. S\'ark\"ozy has recently conjectured that
the set $Q$ of quadratic residues modulo a prime $p$ does not have nontrivial
decompositions. Although various partial results towards this conjecture have
been obtained, it is still open. Here...

Let $\def \xmlpi #1{}\def \mathsfbi #1{\boldsymbol {\mathsf {#1}}}\let \le =\leqslant \let \leq =\leqslant \let \ge =\geqslant \let \geq =\geqslant \def \Pr {\mathit {Pr}}\def \Fr {\mathit {Fr}}\def \Rey {\mathit {Re}}G$ be a cyclic group written multiplicatively (and represented in some concrete way). Let $n$ be a positive integer (much smaller th...

We say that a $q$-ary length $n$ code is non-overlapping if the set of
non-trivial prefixes of codewords and the set of non-trivial suffices of
codewords are disjoint. (This property is often called cross-bifix-free.)
Baji\'c and Stojanovi\'c were the first to consider non-overlapping codes,
motivated by applications requiring fast and reliable fra...

The iterated Johnson bound is the best known upper bound on a size of an
error-correcting code in the Grassmannian $\mathcal{G}_q(n,k)$. The iterated
Sch\"{o}nheim bound is the best known lower bound on the size of a covering
code in $\mathcal{G}_q(n,k)$. We use probabilistic methods to prove that both
bounds are asymptotically attained for fixed $...

A rack of order $n$ is a binary operation $\rack$ on a set $X$ of cardinality
$n$, such that right multiplication is an automorphism. More precisely,
$(X,\rack)$ is a rack provided that the map $x\mapsto x\rack y$ is a bijection
for all $y\in X$, and $(x\rack y)\rack z=(x\rack z)\rack (y\rack z)$ for all
$x,y,z\in X$. The paper provides upper and l...

Let \(\mathcal{G}\) be a triangulation of the sphere with vertex set V, such that the faces of the triangulation are properly coloured black and white. Motivated by applications in the theory of bitrades, Cavenagh and Wanless defined \(\mathcal{A}_W\) to be the abelian group generated by the set V, with relations r+c+s = 0 for all white triangles w...

Let G be a finite group, and let κ(G) be the probability that elements g, h∈G are conjugate, when g and h are chosen independently and uniformly at random. The paper classifies those groups G such that κ(G)≥¼, and shows that G is abelian whenever . It is also shown that κ(G)|G| depends only on the isoclinism class of G.
Specializing to the symmetr...

We cryptanalyse a matrix-based key transport protocol due to Baumslag, Camps,
Fine, Rosenberger and Xu from 2006. We also cryptanalyse two recently proposed
matrix-based key agreement protocols, due to Habeeb, Kahrobaei and Shpilrain,
and due to Romanczuk and Ustimenko.

Given a prime $p$, an elliptic curve $\E/\F_p$ over the finite field $\F_p$
of $p$ elements and a binary \lrs\ $\(u(n)\)_{n =1}^\infty$ of order~$r$, we
study the distribution of the sequence of points $$ \sum_{j=0}^{r-1} u(n+j)P_j,
\qquad n =1,..., N, $$ on average over all possible choices of $\F_p$-rational
points $P_1,..., P_r$ on~$\E$. For a s...

Let $n$ and $k$ be positive integers, and let $F$ be an alphabet of size $n$.
A sequence over $F$ of length $m$ is a \emph{$k$-radius sequence} if any two
distinct elements of $F$ occur within distance $k$ of each other somewhere in
the sequence. These sequences were introduced by Jaromczyk and Lonc in 2004, in
order to produce an efficient caching...

Traceability codes are combinatorial objects introduced by Chor, Fiat and Naor in 1994 to be used in traitor tracing schemes to protect digital content. A k-traceability code is used in a scheme to trace the origin of digital content under the assumption that no more than k users collude. It is well known that an error correcting code of high minim...

The paper provides a cryptanalysis the AA -cryptosystem recently proposed by Arin and Abu. The scheme is in essence a key agree- ment scheme whose security is based on a discrete logarithm problem in the innite

A distinct difference configuration is a set of points in Z2 with the property that the vectors (difference vectors) connecting any two of the points are all distinct. Many specific examples of these configurations have been previously studied: the class of distinct difference configurations includes both Costas arrays and sonar sequences, for exam...

An n-ary k-radius sequence is a finite sequence of elements taken from an alphabet of size n such that any two distinct elements of the alphabet occur within distance k of each other somewhere in the sequence. These sequences were introduced by Jaromczyk and Lonc to model a caching strategy for computing certain functions on large data sets such as...

A two-dimensional (2-D) grid with dots is called a configuration with distinct differences if any two lines which connect two dots are distinct either in their length or in their slope. These configurations are known to have many applications such as radar, sonar, physical alignment, and time-position synchronization. Rather than restricting dots t...

In this article, we analyze the complexity of the construction of the 2k
-diamond structure proposed by Kelsey and Kohno (LNCS, Vol 4004, pp 183–200, 2006). We point out a flaw in their analysis and show that their construction may not produce the desired diamond structure. We then give a more rigorous and detailed complexity analysis of the constr...

A honeycomb array is an analogue of a Costas array in the hexagonal grid; they were first studied by Golomb and Taylor in 1984. A recent result of Blackburn, Etzion, Martin and Paterson has shown that (in contrast to the situation for Costas arrays) there are only finitely many examples of honeycomb arrays, though their bound on the maximal size of...

Given a right-angled triangle of squares in a grid whose horizontal and vertical sides are $n$ squares long, let N(n) denote the maximum number of dots that can be placed into the cells of the triangle such that each row, each column, and each diagonal parallel to the long side of the triangle contains at most one dot. It has been proven that $N(n)...

In this paper we describe a cryptanalysis of MST 3, a public key cryp-tosystem based on non-commutative groups recently proposed by Lemp-ken, Magliveras, van Trung and Wei.

This paper is a guide for the pure mathematician who would like to know more about cryptography based on group theory. The paper gives a brief overview of the subject, and provides pointers to good textbooks, key research papers and recent survey papers in the area. Comment: 25 pages References updated, and a few extra references added. Minor typog...

We consider symmetric key predistribution in grid-based wireless sensor networks. Networks consisting of wireless sensor nodes arranged in a grid pattern have many useful applications, including environmental monitoring and agribusiness. The structured physical distribution of nodes in such networks facilitates efficient distribution of keys to the...

Biggs has recently proposed the critical group of a certain class of finite graphs as a platform group for cryptosystems relying on the difficulty of the discrete log problem. The paper uses techniques from the theory of Picard groups on finite graphs to show that the discrete log problem can be efficiently solved in Biggs's groups. Thus this class...

The paper provides an upper bound on the size of a (generalized) separating hash family, a notion introduced by Stinson, Wei and Chen. The upper bound generalizes and unifies several previously known bounds which apply in special cases, namely bounds on perfect hash families, frameproof codes, secure frameproof codes and separating hash families of...

In this paper we propose a new key predistribution scheme for wireless sensor networks in which the sensors are arranged in a square grid. We describe how Costas arrays can be used for key predistribution in these networks, then define distinct difference configurations, a more general structure that provides a flexible choice of parameters in such...

The problem of establishing symmetric keys in wireless sensor networks has been extensively studied, but other aspects of key management have received comparatively little attention. In this paper we consider the problem of refreshing keys that are shared among several nodes in a WSN, in order to provide forward security. We discuss several applica...

A \emph{uniform random intersection graph} $G(n,m,k)$ is a random graph constructed as follows. Label each of $n$ nodes by a randomly chosen set of $k$ distinct colours taken from some finite set of possible colours of size $m$. Nodes are joined by an edge if and only if some colour appears in both their labels. These graphs arise in the study of t...

We obtain upper and lower bounds on the average energy of circulant graphs with n vertices and regularity d. The average is taken over all representations of such graphs by circulant adjacency matrices.

are descendants. It is shown that linear prolific IPP codes fall into three infinite ('trivial') families, together with a single sporadic example which is ternary of length 4. There are no known examples of prolific IPP codes which are not equivalent to a linear example: the paper shows that for most parameters there are no prolific IPP codes, lea...

Let q>1 be an integer and let a and b be elements of the residue ring Zq of integers modulo q. We show how, when given a polynomial f∈Zq[X] and approximations to v0,v1∈Zq such that v1≡f(v0)modq one can recover v0 and v1 efficiently. This result has direct applications to predicting the polynomial congruential generator: a sequence (vn) of pseudoran...

The paper cryptanalyses a public-key cryptosystem recently proposed by D. Grigoriev and I. Ponomarenko [Quad. Mat. 13, 305–325 (2004; Zbl 1149.94318)], which encrypts an element from a fixed finite group defined in terms of generators and relations to produce a ciphertext from SL(2,ℤ). The paper presents a heuristic method for recovering the secret...

The paper contains proofs of the following results. For all sufficiently large odd integers n, there exists a set of 2(n-1) permutations that pairwise generate the symmetric group S, There is no set of 2(n-1) + 1 permutations having this property. For all sufficiently large integers n with n 2 mod 4, there exists a set of 2(n-2) even permutations t...

A binary array is a (d<sub>1</sub>,k<sub>1</sub>,d<sub>2</sub>,k <sub>2</sub>) runlength constrained array if the runs of zeros in every row and column have length at least d<sub>1</sub> and at most k<sub>1 </sub>, and the runs of ones in every row and column have length at least d<sub>2</sub> and at most k<sub>2</sub>. Such arrays arise in the con...

We obtain upper bounds on character sums and autocorrelation of nonlinear recurrence sequences over arbitrary finite rings.

A public key cryptosystem based on Drinfeld modules has been
proposed by Gillard, Leprevost, Panchishkin and Roblot. This paper
shows how an adversary can directly recover a private key using
only the public key, and so the cryptosystem is insecure.
http://eprint.iacr.org/2003/223

Let p be a prime and let a and b be elements of the finite field Fp of p elements. The inversive congruential generator (ICG) is a sequence (un) of pseudorandom numbers defined by the relation un+1 ≡ au−1 n +b mod p .W e show that if sufficiently many of the most significant bits of several consecutive values un of the ICG are given, one can recove...

Acryptanalysis is given of aMAC proposal presented at CRYPTO2003 by Cary and Venkatesan. Anice feature of the Cary- Venkatesan
MAC is that alower bound on its security can be proved when acertain block cipher is modelled as an ideal cipher. Our attacks
find collisions for the MAC and yield MAC forgeries, both faster than astraightforward applicatio...

Let p be a prime and let a and b be integers modulo p. The inversive congruential generator (ICG) is a sequence (u
n
) of pseudorandom numbers defined by the relation Un+1 º au-1n+b mod pU_{n+1}\equiv au{^{-1}_{n}}+b {\rm mod} p.We show that if b and sufficiently many of the most significant bits of three consecutive values u
n
of the ICG are giv...

Let G be an abelian group of order n (written multiplicatively), let g∈G and let d be an integer such that 1⩽d⩽n. The paper establishes bounds on the number of d-element subsets S of G such that ∏x∈Sx=g. This work generalises the problem of finding bounds on the number of monic root-free polynomials of degree d over a finite field Fq with a specifi...

The paper gives an upper bound on the size of a q-ary code of length n that has the k-identifiable parent property. One consequence of this bound is that the optimal rate of such a code is determined in many cases when q→∞ with k and n fixed.

Frameproof codes were first introduced by Boneh and Shaw in the context of digital fingerprinting. Variants of these codes have been studied by several authors, and several similar definitions of frameproof codes exist in the literature. The paper considers frameproof codes from a combinatorial point of view, where we define frameproof codes as fol...

A public key cryptosystem based on Drinfeld modules has been proposed by Gillard, Leprevost, Panchishkin and Roblot. The paper shows how an adversary can directly recover a private key using only the public key, and so the cryptosystem is insecure.

We present a cryptanalysis of a MAC proposal at CRYPTO 2003 due to Cary and Venkatesan. Our attacks nd collisions for the MAC and yield MAC forgeries, both faster than a straightforward application of the birthday paradox would suggest.

The authors show that a public key cryptosystem due to Yoo, Hong,
Lee, Lim, Yi and Sung is insecure, as it is susceptible to an attack
based on the LLL algorithm

An (n, q, t)-perfect hash family of size s consists of a set V of order n, a set F of order q, and a sequence φ1, φ2, …, φs of functions from V to F with the following property. For all t-subsets X⊆V, there exists i∈{1, 2, …, s} such that φi is injective when restricted to X. An (n, q, t)-perfect hash family of minimal size is known as optimal. The...

. The baby-step giant-step algorithm, due to Shanks, may be used to solve the discrete logarithm problem in arbitrary groups. The paper explores a generalisation of this algorithm, where extra baby steps may be computed after carrying out giant steps (thus increasing the giant step size). The paper explores the problem of deciding how many, and whe...

In environments using RSA schemes, a Certification Authority (CA) is often used to bind a user's public key to their identity. The paper proposes a method of RSA key generation which convinces the CA that a user's key has been well generated, i.e. that the resulting RSA problem is hard with overwhelming probability. This is achieved by involving bo...

The paper cryptanalyses two public key cryptosystems based on
SL2 (\mathbbZ){\mbox{SL}_2 (\mathbb{Z})} that have been recently proposed by Yamamura.

The self-shrinking generator, a stream cipher due to Meier and
Staffelbach (see Advances in Cryptology-EUROCRYPT'94, Berlin, Germany,
p.205-14, 1995 and Lecture Notes in Computer Science, vol.950), uses the
output of a primitive binary linear-feedback shift register (LFSR) of
length n to generate a keystream sequence of period dividing 2<sup>n-1
</...

The paper classifies (up to isomorphism) those groups of prime power order whose derived subgroups have prime order.

This paper cryptanalyses a public key cryptosystem that has
recently been proposed by C.K. Wu and E. Dawson (see ibid., vol. 145,
no. 5, p. 321-5 (1998)). We show that anyone, knowing only the public
key and a ciphertext, can retrieve the corresponding message by using
some basic linear algebra

C. Cocks [Cryptography and coding: 6th IMA international conference, Lect. Notes Comput. Sci. 1355, 89-95 (1997; Zbl 0904.94010)] proposed a protocol for two parties to jointly generate a shared RSA key. His protocol was designed under the assumption that both parties follow the protocol. He then proposed a modification to the protocol to prevent c...

It is shown that a stream cipher proposed by Chan and Cheng (see
ibid., vol. 34, 1206-7, 1998) is insecure, due to a Meier-Steffelbach
correlation attack

The paper cryptanalyses the stream cipher `Labyrinth', a cipher recently proposed by Bo Lin and Simon Shepherd. Given only 2 30 known bits of keystream, the 119 bit key of Labyrinth is recovered in under a second of computation using a DEC Alpha. Key words: Stream cipher, cryptanalysis, Labyrinth. 1 Introduction The stream cipher `Labyrinth' has re...

Minghua Qu and S.A.Vanstone [2] have proposed a public key cryptosystem (FGM) which is based on factorisations of a binary vector space (i.e. transversal logarithmic signatures of an elementary abelian 2-group). In this paper, a generalised (basis-independent) decryption algorithm is given, which shows that there are many equivalent private keys, a...

LetVbe a set of ordernand letFbe a set of orderq. A setS⊆{φ: V→F} of functions fromVtoFis an (n, q, t)-perfect hash familyif for allX⊆Vwith |X|=t, there existsφ∈Swhich is injective when restricted toX. Perfect hash families arise in compiler design, in circuit complexity theory and in cryptography. LetSbe an (n, q, t)-perfect hash family. The paper...

Cryptanalysis of the stream cipher `Labyrinth', a cipher recently
proposed by Lin and Shepherd (1997), is performed. Given only 2<sup>30
</sup> known bits of keystream, the 119 bit key of Labyrinth is
recovered in under a second of computation using a DEC Alpha

The paper considers the problem of distributed key generation for shared-control RSA schemes. In particular: how can two parties generate a shared RSA key in such a way that neither party can cheat? The answer to this question would have significant applications to, for example, key escrow systems. Cocks has recently proposed protocols to solve thi...

Letfandgbe polynomials over some field, thought of as elements of the ring of one-sided Laurent series, and suppose that deg f<deg g. The quotientf/gisbadly approximableif all the partial quotients of the continued fraction expansion off/ghave degree 1. We investigate the set of polynomials which occur as the denominatorsgof badly approximable quot...

We show that an algorithm designed to solve the Welch–Berlekamp key equation may also be used to solve a more general problem, which can be regarded as a finite analogue of a generalized rational interpolation problem. As a consequence, we show that a single algorithm exists which can solve both Berlekamp's classical key equation (usually solved by...

This paper argues that the cipher systems based on cellular automata (CA) proposed by S. Nandi et al. (1994) are affine and are insecure. A reply by S. Nandi and P. Pal Chaudhuri is given. The reply emphasizes the point that the regular, modular, cascadable structure of local neighborhood CA can be employed for building low cost cipher system hardw...

The authors argue that public key system proposed by C.H. Lin et al. (1995) is insecure, even if used as a private key system

An asymptotically fast algorithm for solving the generalized
rational interpolation problem is presented. This problem has been
studied as part of system theory and is related to the solution of the
classical and Welch-Berlekamp (1983) key equations which arise in
Reed-Solomon decoding. The algorithm can also be used to compute the
linear complexit...

A node bisector of a graph Γ is a subset Ω of the nodes of Γ such that Γ may be expressed as the disjoint union
G = W1 [(È)\dot] W[(È)\dot] W2 ,\Gamma = \Omega _1 \dot \cup \Omega \dot \cup \Omega _2 ,
, where
| W1 | \geqslant \frac13| G|,W2 \geqslant \frac13| G|\left| {\Omega _1 } \right| \geqslant \frac{1}{3}\left| \Gamma \right|,\Omega _2 \ge...

A sequence of elements from a finite field satisfies the shift and add property if the componentwise sum of any two shifts of the sequence is either a shift of the sequence or the all zero sequence. A sequence whose elements lie in an arbitrary group satisfies the shift and multiply property if the componentwise product of any two shifts of the seq...

The paper establishes a connection between the theory of permutation polynomials and the question of whether a de Bruijn sequence over a general finite field of a given linear complexity exists. The connection is used both to construct span 1 de Bruijn sequences (permutations) of a range of linear complexities and to prove non-existence results for...

. Recently, Qu and Vanstone have announced the construction of several new public-key cryptosystems based on group factorization. One of these was described at the last AUSCRYPT meeting [2]. We point out a serious weakness of this last system which makes it insecure. Our method only uses elementary algebra. 1 The proposed cryptosystem. Let G be a f...

Multiplicative threshold schemes are useful tools in thresh- old cryptography. For example, such schemes can be used with
a wide variety of practical homomorphic cryptosystems (such as the RSA, the El Gamal and elliptic curve systems) for threshold
decryption, signa- tures, or proofs. The paper describes a new recursive construction for multiplicat...

Let s be a periodic sequence whose elements lie in a finite field.
The authors present an algorithm that calculates the minimal polynomial
of s, assuming that a period of s is known. The algorithm generalises
both the discrete Fourier transform and the Games-Chan algorithm

Maximal length Linear Shift Register sequences (m-sequences) are widely used in digital systems, such as stream ciphers, which require fast, easily produced bitstreams with good statistical properties. Since many applications require rapid generation of m-sequences, it is desirable to study methods of increasing their rate of output. M. Robshaw (19...

As a generalisation of clock-controlled shift registers, we consider a class of key-stream generators where a clocking sequence is used to control a pseudorandom walk on a finite group.

This paper summarizes the results of four separate research topics related to the generation of binary sequences by linear feedback shift registers for applications in cryptographic systems.

. Recently, Qu and Vanstone have announced the constructionof several new public-key cryptosystems based on group factorization.One of these was described at the last AUSCRYPT meeting [2]. Wepoint out a serious weakness of this last system which makes it insecure.Our method only uses elementary algebra.1 The proposed cryptosystem.Let G be a finite...

How much extra length (above the length of your car) do you need to parallel park? This report shows how to write down a formula for this.

Cambridge Core - Algorithmics, Complexity, Computer Algebra, Computational Geometry - Surveys in Combinatorics 2013 - edited by Simon R. Blackburn

## Citations

... It is cyclically -good if each set of cyclically consecutive vertices is an independent set of (X , B). These definitions accord with those given in [2,7], where good and cyclically good sequencings were studied. Trivially, any cyclically -good sequencing of (X , B) is cyclically -good and -good for each ∈ {1, . . . ...

... Studying the value of P t,ℓ (s, k) has been initiated in [11] and since then several more results have appeared; see e.g. [3], [4], [6], [28]. Note that the first work [12] which studied batch codes defined them in their array codes setup and only later on they were studied in their one-dimensional case, also known as primitive batch codes; see e.g. ...

... The retrieval rate of an PIR scheme is the ratio of the gained information over downloaded information, while uploaded costs of the requests are ignored. PIR scheme for more realistic coded distributed data storage system was proposed in [6,35]. All files x 1 , . . . ...

... We mention th