Let S be the sum-of-digits function in base 2, which returns the number of 1s in the base-2 expansion of a nonnegative integer. For a nonnegative integer t, define the asymptotic density

$${c_t} = \mathop {\lim }\limits_{N \to \infty } {1 \over N}|\{ 0 \le n < N:s(n + t) \ge s(n)\} |.$$

Symplectic finite semifields can be used to construct nonlinear binary codes of Kerdock type (i.e., with the same parameters of the Kerdock codes, a subclass of Delsarte–Goethals codes). In this paper, we introduce nonbinary Delsarte–Goethals codes of parameters $(q^{m+1}\ ,\ q^{m(r+2)+2}\ ,\ {\frac{q-1}{q}(q^{m+1}-q^{\frac{m+1}{2}+r})})$ over a Galois field of order $q=2^l$ , for all $0\le r\le\frac{m-1}{2}$ , with m ≥ 3 odd, and show the connection of this construction to finite semifields.

A 1993 result of Alon and Füredi gives a sharp upper bound on the number of zeros of a multivariate polynomial over an integral domain in a finite grid, in terms of the degree of the polynomial. This result was recently generalized to polynomials over an arbitrary commutative ring, assuming a certain ‘Condition (D)’ on the grid which holds vacuously when the ring is a domain. In the first half of this paper we give a further generalized Alon–Füredi theorem which provides a sharp upper bound when the degrees of the polynomial in each variable are also taken into account. This yields in particular a new proof of Alon–Füredi. We then discuss the relationship between Alon–Füredi and results of DeMillo–Lipton, Schwartz and Zippel. A direct coding theoretic interpretation of Alon–Füredi theorem and its generalization in terms of Reed–Muller-type affine variety codes is shown, which gives us the minimum Hamming distance of these codes. Then we apply the Alon–Füredi theorem to quickly recover – and sometimes strengthen – old and new results in finite geometry, including the Jamison–Brouwer–Schrijver bound on affine blocking sets. We end with a discussion of multiplicity enhancements.

In order to assess the security of cryptosystems based on the discrete logarithm problem in non-prime finite fields, as are the torus-based or pairing-based ones, we investigate thoroughly the case in $\mathbb{F}_{p^{6}}$ with the number field sieve. We provide new insights, improvements, and comparisons between different methods to select polynomials intended for a sieve in dimension 3 using a special-$\mathfrak{q}$ strategy. We also take into account the Galois action to increase the relation productivity of the sieving phase. To validate our results, we ran several experiments and real computations for various polynomial selection methods and field sizes with our publicly available implementation of the sieve in dimension 3, with special-$\mathfrak{q}$ and various enumeration strategies.

NTRU is a public-key cryptosystem introduced at ANTS-III. The two most used techniques in attacking the NTRU private key are meet-in-the-middle attacks and lattice-basis reduction attacks. Howgrave-Graham combined both techniques in 2007 and pointed out that the largest obstacle to attacks is the memory capacity that is required for the meet-in-the-middle phase. In the present paper an algorithm is presented that applies low-memory techniques to find ‘golden’ collisions to Odlyzko’s meet-in-the-middle attack against the NTRU private key. Several aspects of NTRU secret keys and the algorithm are analysed. The running time of the algorithm with a maximum storage capacity of $w$ is estimated and experimentally verified. Experiments indicate that decreasing the storage capacity $w$ by a factor $1<c<\sqrt{w}$ increases the running time by a factor $\sqrt{c}$.

This paper presents an algorithm to construct cryptographically strong genus $\def \xmlpi #1{}\def \mathsfbi #1{\boldsymbol {\mathsf {#1}}}\let \le =\leqslant \let \leq =\leqslant \let \ge =\geqslant \let \geq =\geqslant \def \Pr {\mathit {Pr}}\def \Fr {\mathit {Fr}}\def \Rey {\mathit {Re}}2$ curves and their Kummer surfaces via Rosenhain invariants and related Kummer parameters. The most common version of the complex multiplication (CM) algorithm for constructing cryptographic curves in genus 2 relies on the well-studied Igusa invariants and Mestre’s algorithm for reconstructing the curve. On the other hand, the Rosenhain invariants typically have much smaller height, so computing them requires less precision, and in addition, the Rosenhain model for the curve can be written down directly given the Rosenhain invariants. Similarly, the parameters for a Kummer surface can be expressed directly in terms of rational functions of theta constants. CM-values of these functions are algebraic numbers, and when computed to high enough precision, LLL can recognize their minimal polynomials. Motivated by fast cryptography on Kummer surfaces, we investigate a variant of the CM method for computing cryptographically strong Rosenhain models of curves (as well as their associated Kummer surfaces) and use it to generate several example curves at different security levels that are suitable for use in cryptography.

If C is a curve of genus 2 defined over a field k and J is its Jacobian, then we can associate a hypersurface K in ℙ3 to J, called the Kummer surface of J. Flynn has made this construction explicit in the case when the characteristic of k is not 2 and C is given by a simplified equation. He has also given explicit versions of several maps defined on the Kummer surface and shown how to perform arithmetic on J using these maps. In this paper we generalize these results to the case of arbitrary characteristic.

For a given elliptic curve $\mathbf{E}$, we obtain an upper bound on the discrepancy of sets of multiples ${{z}_{s}}G$ where ${{z}_{s}}$ runs through a sequence $Z\,=\,\left( {{z}_{1}},\ldots ,{{z}_{T}} \right)$ such that $k{{z}_{1}},\ldots ,k{{z}_{T}}$ is a permutation of ${{z}_{1}},\ldots ,{{z}_{T}}$, both sequences taken modulo $t$, for sufficiently many distinct values of $k$ modulo $t$.

We apply this result to studying an analogue of the power generator over an elliptic curve. These results are elliptic curve analogues of those obtained for multiplicative groups of finite fields and residue rings.

We consider ineducible Goppa codes of length qm over Fq defined by polynomials of degree r, where q = pt and p, m, r are distinct primes. The number of such codes, inequivalent under coordinate permutations and field automorphisms, is determined.

The 2g theta constants of second kind of genus g generate a graded ring of dimension g(g + 1)/2. In the case g ≥ 3 there must exist algebraic relations. In genus g = 3 it is known that there is one defining relation. In this paper we give a relation in the case g = 4. It is of degree 24 and has the remarkable property that it is invariant under the full Siegel modular group and whose Φ-image is not zero. Our relation is obtained as a linear combination of code polynomials of the 9 self-dual doubly-even codes of length 24.

We find conditions under which the numerator of the zeta-function of the curve y2+y = xd over Fp, where d — 2g +1 is a prime, d ≠ p, is irreducible over Q. This leads to the generalized Mersenne problem of "almost primality" of the number of points on the jacobian of such a curve over an extension of Fp, which has application to public key cryptography.