[AD93a]

Leonard M. Adleman and Jonathan DeMarrais. A subexponential algorithm for discrete logarithms over all finite fields. In Douglas R. Stinson, editor, *Advances in Cryptology: Crypto '93*, volume 773 of *Lecture Notes in Computer Science*, pages 147–158, New York, 1993. Springer-Verlag.

[AD93b]

Leonard M. Adleman and Jonathan DeMarrais. A subexponential algorithm for discrete logarithms over all finite fields. *Mathematics of Computation*, 61:1–15, 1993. Extended abstract in [AD93a].

[Adl91]

Leonard M. Adleman. Factoring numbers using singular integers. In *Proceedings of the 23th Annual Symposium on Theory of Computing*, pages 64–71, 1991.

[AdlarTANO]

Leonard M. Adleman. The function field sieve. In *Proceedings of the 1994 Algorithmic Number Theory Symposium*, Lecture Notes in Computer Science. Springer-Verlag, to appear.

[AEM87]

Leonard M. Adleman, Dennis Estes, and Kevin S. McCurley. Solving bivariate quadratic congruences in random polynomial time. *Mathematics of Computation*, 48:17–28, 1987.

[AH92]

Leonard M. Adleman and Ming-Deh Huang. *Primality testing and two dimensional Abelian varieties over finite fields*, volume 1512 of *Lecture Notes in Mathematics*. Springer-Verlag, 1992.

[AHDarTANO]

Leonard M. Adleman, Ming-Deh A. Huang, and Jonathan DeMarrais. A subexponential algorithm for discrete logarithms in the rational subgroup of the Jacobian of a hyperelliptic curve over a finite field. In *Proceedings of the 1994 Algorithmic Number Theory Symposium*, Lecture Notes in Computer Science. Springer-Verlag, to appear.

[AHU74]

Alan Aho, John Hopcroft, and Jeffrey Ullman. *The Design and Analysis of Computer Algorithms*. Addison-Wesley, Reading, MA, 1974.

[AK88]

Leonard M. Adleman and Kireeti Kompella. Using smoothness to achieve parallelism. In *Proceedings of the 20th ACM Symposium on Theory of Computing*, pages 528–538, 1988.

[AL86]

Leonard M. Adleman and H. W. Lenstra, Jr. Finding irreducible polynomials over finite fields. In *Proceedings of the 18th Annual Symposium on Theory of Computing*, pages 350–355, New York, 1986. Association for Computing Machinery.

[AM77]

Leonard M. Adleman and K. Manders. Reducibility, randomness, and intractibility. In *Proc. 9th Annual ACM Symposium On Theory Of Computing*, pages 151–163, New York, 1977. Association for Computing Machinery.

[AM82]

Leonard M. Adleman and R. McDonnell. An application of higher reciprocity to computational number theory. In *Proceedings of the 22nd Annual Symposium on Foundations of Computer Science*, pages 100–106. IEEE Computer Society, 1982.

[AM86]

Leonard M. Adleman and Kevin S. McCurley. Open problems in numbertheoretic complexity. In *Discrete Algorithms and Complexity (Proceedings of the Japan-US Joint Seminar on Discrete Algorithms and Complexity Theory)*, pages 237–262. Academic Press, 1986.

[AMM77]

Leonard M. Adleman, K. Manders, and Gary L. Miller. On taking roots in finite fields. In *Proceedings of the 18th Annual Symposium on Foundations of Computer Science*, pages 175–178, Rhode Island, 1977. IEEE Computer Society.

[Ank52]

N. Ankeny. The least quadratic nonresidue. *Annals of Mathematics*, 55:65–72, 1952.

[APR83]

Leonard M. Adleman, Carl Pomerance, and Robert Rumely. On distinguishing prime numbers from composite numbers. *Annals of Mathematics*, 117:173–206, 1983.

[Bac84]

Eric Bach. Discrete logarithms and factoring. Technical Report UCB/CSD 84/186, University of California, Computer Science Division (EECS). University of California, Berkely, California, June 1984.

[Bac85]

Eric Bach. *Analytic Methods in the Analysis and Design of Number Theoretic Algorithms*. MIT Press, Cambridge, 1985.

[Bac88]

Eric Bach. How to generate factored random numbers. *SIAM Journal of Computing*, 17:179–193, 1988.

[Bac90]

Eric Bach. Explicit bounds for primality testing and related problems. *Mathematics of Computation*, 55:355–380, 1990.

[BBS86]

Lenore Blum, Manuel Blum, and Michael Shub. A simple unpredictable pseudo-random number generator. *SIAM Journal of Computing*, 15:364–383, 1986.

[Ber67]

Elwyn Berlekamp. Factoring polynomials over finite fields. *Bell System Technical Journal*, 46:1853–1859, 1967.

[Ber68]

Elwyn Berlekamp. *Algebraic Coding Theory*. McGraw-Hill, New York, 1968.

[Ber70]

Elwyn Berlekamp. Factoring polynomials over large finite fields. *Mathematics of Computation*, 24:713–735, 1970.

[BK83]

Richard Brent and H. Kung. Systolic VLSI arrays for linear time gcd computation. In F. Anceau and E. Aas, editors, *VLSI 83*, pages 145–154. IFIP, Elsevevier, 1983.

[BM84]

Manuel Blum and Silvio Micali. How to generate cryptographically strong sequences of pseudorandom bits. *SIAM Journal of Computing*, 13:850–864, 1984.

[BM92]

Ernest F. Brickell and Kevin S. McCurley. An interactive identification scheme based on discrete logarithms and factoring. *Journal of Cryptology*, 5:29–40, 1992.

[BMS84]

Eric Bach, Gary L. Miller, and Jeffrey O. Shallit. Sums of divisors, perfect numbers, and factoring. In *Proceedings of the 16th Annual Symposium on Theory of Computing*, New York, 1984. Association for Computing Machinery.

[Bom74]

Enrico Bombieri. Le grand crible dans la théorie analytique des nombres. Avec une sommaire en anglais. *Astérisque*, 18, 1974.

[BS91]

Johannes Buchmann and Victor Shoup. Constructing non-residues in finite fields and the extended Riemann hypothesis. In *Proceedings of the 23th Annual Symposium on Theory of Computing*, pages 72–79, 1991.

[Buc90]

Johannes Buchmann. Complexity of algorithms in algebraic number theory. In R.A. Mollin, editor, *Proceedings of the First Conference of the Canadian Number Theory Association*, pages 37–53, Berlin, 1990. De Gruyter.

[BW89]

Johannes Buchmann and Hugh C. Williams. On the existence of a short proof for the value of the class number and regulator of a real quadratic field. In Richard A. Mollin, editor, *Proceedings of the NATO Advanced Study Institute on Number Theory and Applications*, pages 327–345, The Netherlands, 1989. Kluwer.

[CG]

B. Chor and O. Goldreich. An improved parallel algorithm for integer GCD. *Algorithmica*. To Appear.

[Chi89]

A. L. Chistov. The complexity of constructing the ring of integers of a global field. *Dokl Akad. Nauk. SSSR*, 306:1063–1067, 1989. English translation: Soviet Math. Dokl. 39 (1989), 597–600.

[CL84]

H. Cohen and H. W. Lenstra, Jr. Primality testing and Jacobi sums. *Mathematics of Computation*, 42:297–330, 1984.

[Coo81]

Stephen Cook. Towards a complexity theory of synchronous parallel computation. *Enseignment Math.*, 27:99–124, 1981.

[Coo85]

Stephen Cook. A taxonomy of problems with fast parallel algorithms. *Information and Control*, 64:2–22, 1985.

[Cop84]

Don Coppersmith. Fast evaluation of discrete logarithms in fields of characteristic two. *IEEE Transactions on Information Theory*, 30:587–594, 1984.

[Cop90]

Don Coppersmith. Modifications to the number field sieve. Technical Report RC16264, IBM TJ Watson Research Center, Yorktown Heights, New York, 1990.

[COS86]

Don Coppersmith, Andrew Odlyzko, and Richard Schroeppel. Discrete logarithms in GF(p). *Algorithmica*, 1:1–15, 1986.

[Cou93]

Jean-Marc Couveignes. Computing a square root for the number field sieve. In A. K. Lenstra and H. W. Lenstra, Jr., editors, *The development of the number field sieve*, number 1554 in Lecture Notes in Mathematics, pages 95–102. Springer-Verlag, 1993.

[Cra36]

H. Cramér. On the order of magnitude of the difference between consecutive prime numbers. *Acta Arithmetica*, 2:23–46, 1936.

[CZ81]

David Cantor and Hans Zassenhaus. A new algorithm for factoring polynomials over finite fields. *Mathematics of Computation*, 36:587–592, 1981.

[dB90]

Bert den Boer. Diffie-Hellman is as strong as discrete log for certain primes. In *Advances in Cryptology: Proceedings of Crypto '88*, volume 403 of *Lecture Notes in Computer Science*, pages 530–539, New York, 1990. Springer-Verlag.

[DH76]

W. Diffie and M. E. Hellman. New directions in cryptography. *IEEE Transactions on Information Theory*, 22:644–654, 1976.

[Dix81]

John D. Dixon. Asymptotically fast factorization of integers. *Mathematics of Computation*, 36:255–260, 1981.

[EH71]

P. D. T. A. Elliot and H. Halberstam. The least prime in an arithmetic progression. In *Studies in Pure Mathematics*, pages 69–61. Academic Press, London, 1971.

[ElG85]

Taher ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. *IEEE Transactions on Information Theory*, 31:469–472, 1985.

[Erd61]

P. Erdös. Remarks on number theory, I. *Mat. Lapok*, 12:10–17, 1961.

[Evd89]

S. A. Evdokimov. Factoring a solvable polynomial over a finite field and generalized Riemann hypothesis. *Zapiski Nauchn. Semin. Leningr. Otdel. Matem. Inst. Acad. Sci. USSR*, 176:104–117, 1989. In Russian.

[EvdarTANO]

S. A. Evdokimov. Factorization of polynomials over finite fields. In *Proceedings of the 1994 Algorithmic Number Theory Symposium*, Lecture Notes in Computer Science, Berlin, to appear. Springer-Verlag.

[Fru85]

M. A. Frumkin. Complexity questions in number theory. *J. Soviet Math.*, 29:1502–1517, 1985. Translated from Zapiski Nauchnykh Seminarov Leningradskogo Otdeleniya Matematicheskogo Instituta im. V. A. Steklova AN SSSR, vol. 118 (1982), 188–210.

[Für85]

Martin Fürer. Deterministic and Las Vegas primality testing algorithms. In *Proceedings of ICALP 1985*, 1985.

[Gau86]

Karl Friedrich Gauss. *Disquisitiones Arithmeticæ*. Springer-Verlag, New York, 1986. Reprint of the 1966 English translation by Arthur A. Clarke, S.J., Yale University Press, revised by William C. Waterhouse. Original 1801 edition published by Fleischer, Leipzig.

[Gil77]

John Gill. Computational complexity of probabilistic Turing machines. *SIAM Journal of Computing*, 4:675–695, 1977.

[GJ79]

Michael Garey and David Johnson. *Computers and Intractibility: A Guide to the Theory of NP-Completeness*. W. H. Freeman, San Francisco, 1979.

[GK86]

Shafi Goldwasser and Joe Kilian. Almost all primes can be quickly certified. In *Proceedings of the 18th Annual Symposium on Theory of Computing*, pages 316–329, New York, 1986. Association for Computing Machinery.

[GLS88]

Martin Grötschel, László Lovász, and Alexander Schrijver. *Geometrie Algorithms and Combinatorial Optimization* Springer-Verlag, Berlin, 1988.

[GM82]

Shafi Goldwasser and Silvio Micali. Probabilistic encryption & how to play mental poker keeping secret all partial information. In *Proceedings of the 14th Annual Symposium on Theory of Computing*, pages 365–377, New York, 1982. Association for Computing Machinery.

[GM84]

Shafi Goldwasser and Silvio Micali. Probabilistic encryption. *Journal of Computer and System Science*, 28:270–299, 1984.

[Gol85]

Dorian Goldfeld. Gauss' class number problem for imaginary quadratic fields. *Bulletin of the American Mathematical Society*, 13:23–38, 1985.

[Gor93]

Daniel M. Gordon. Discrete logarithms in GF(p) using the number field sieve. *SIAM Journal of Discrete Mathematics*, 6:124–138, 1993.

[Guy77]

Richard Guy. How to factor a number. *Congressus Numeratium*, XXVII:49–89, 1977. Proceedings of the Fifth Manitoba Conference on Numerical Mathematics, University of Manitoba.

[HB78]

D. R. Heath-Brown. Almost-primes in arithmetic progressions and short intervals. *Mathematical Proceedings of the Cambridge Philosophical Society*, 83:357–375, 1978.

[HM89a]

James Lee Hafner and Kevin S. McCurley. On the distribution of running times of certain integer factoring algorithms. *Journal of Algorithms*, 10:531–556, 1989.

[HM89b]

James Lee Hafner and Kevin S. McCurley. A rigorous subexponential algorithm for computation of class groups. *Journal of the American Mathematical Society*, 2:837–850, 1989.

[Hua85]

Ming-Deh A. Huang. Riemann hypothesis and finding roots over finite fields. In *Proceedings of the 17th Annual Symposium on Theory of Computing*, pages 121–130, New York, 1985. Association for Computing Machinery.

[Hua91]

Ming-Deh A. Huang. Generalized riemann hypothesis and factoring polynomials over finite fields. *Journal of Algorithms*, 12:464–481, 1991.

[Kan85]

William Kantor. Polynomial-time algorithms for finding elements of prime order and Sylow subgroups. *Journal of Algorithms*, 4:478–514, 1985.

[KMR84]

Ravi Kannan, Gary L. Miller, and L. Rudolph. Sublinear parallel algorithm for computing the greatest common divisor of two integers. In *Proceedings of the 25th Annual Symposium on Foundations of Computer Science*, pages 7–11. IEEE Computer Society, 1984.

[KMR87]

Ravi Kannan, Gary L. Miller, and L. Rudolph. Sublinear parallel algorithm for computing the greatest common divisor of two integers. *SIAM Journal of Computing*, 16:7–16, 1987. Extended abstract in [KMR84].

[Knu81]

Donald E. Knuth. *Seminumerical Algorithms*, volume 2 of *The Art of Computer Programming*. Addison-Wesley, Reading, Massachusetts, second edition, January 1981.

[Kob87a]

Neal Koblitz. *A Course in Number Theory and Cryptography*. Number 114 in Graduate Texts in Mathematics. Springer-Verlag, New York, 1987.

[Kob87b]

Neal Koblitz. Elliptic curve cryptosystems. *Mathematics of Computation*, 48:203–209, 1987.

[Kob88]

Neal Koblitz. Primality of the number of points on an elliptic curve over a finite field. *Pacific Journal of Mathematics*, 131:157–165, 1988.

[Kob90]

Neal Koblitz. A family of Jacobians suitable for discrete log cryptosystems. In S. Goldwasser, editor, *Advances in Cryptology: Proceedings of Crypto '88*, volume 403 of *Lecture Notes in Computer Science*, pages 94–99, Berlin, 1990. Springer-Verlag.

[Kob91]

Neal Koblitz. Constructing elliptic curve cryptosystems in characteristic 2. In A. J. Menezes and S. A. Vanstone, editors, *Advances in Cryptology: Proceedings of Crypto '90*, volume 537 of *Lecture Notes in Computer Science*, pages 156–167, Berlin, 1991. Springer-Verlag.

[KP94]

Sergei Konyagin and Carl Pomerance. On primes recognizable in deterministic polynomial time. preprint, May 1994.

[Lag79]

Jeffrey C. Lagarias. Succinct certificates for the solvability of binary quadratic diophantine equations. In *Proceedings of the 20th Annual Symposium on Foundations of Computer Science*, pages 47–54. IEEE Computer Society, 1979.

[Lag80a]

Jeffrey C. Lagarias. On the computational complexity of determining the solvability or unsolvability of the equation *x*
^{2} − *dy*
^{2} = −1. *Transactions of the American Mathematical Society*, 260:485–508, 1980.

[Lag80b]

Jeffrey C. Lagarias. Worst-case complexity bounds for algorithms in the theory of integral quadratic forms. *Journal of Algorithms*, 1:142–186, 1980.

[Lag85]

Jeffrey C. Lagarias. The computational complexity of simultaneous diophantine approximation problems. *SIAM Journal of Computing*, 14:196–209, 1985.

[Lan85]

Susan Landau. Polynomial time algorithms for Galois groups. In J. Fitch, editor, *Proceedings of EUROSAM '84*, volume 174 of *Lecture Notes in Computer Science*, pages 225–236, New York, 1985. Springer-Verlag.

[Lan88]

Susan Landau. Some remarks on computing the square parts of integers. *Information and Computation*, 78:246–253, 1988.

[Leh69]

D. H. Lehmer. Computer technology applied to the theory of numbers. In *Studies in Number Theory*, pages 117–151. Mathematical Association of America, 1969. Distributed by Prentice Hall, Englewood Cliffs, NJ.

[Len81]

H. W. Lenstra, Jr. Primality testing algorithms (after Adleman, Rumely, and Williams). In *Séminaire Bourbaki 1980/81, Exposé 576*, number 901 in Lecture Notes in Mathematics, pages 243–257. Springer-Verlag, Berlin, 1981.

[Len83]

H. W. Lenstra, Jr. Integer programming with a fixed number of variables. *Mathematics of Operations Research*, 8:538–548, 1983.

[Len87]

H. W. Lenstra, Jr. Factoring integers with elliptic curves. *Annals of Mathematics*, 126:649–673, 1987.

[Len90]

H. W. Lenstra, Jr. Algorithms for finite fields. In *Number Theory and Cryptography*, volume 154 of *London Mathematical Society Lecture Note Series*, pages 76–85. Cambridge University Press, Cambridge, 1990.

[Len92]

H. W. Lenstra, Jr. Algorithms in algebraic number theory. *Bulletin of the American Mathematical Society*, 26:211–244, 1992.

[LL93]

Arjen K. Lenstra and H. W. Lenstra, Jr., editors. *The development of the number field sieve*. Number 1554 in Lecture Notes in Mathematics. Springer-Verlag, 1993.

[LLL82]

Arjen K. Lenstra, H. W. Lenstra, Jr., and László Lovász. Factoring polynomials with rational coefficients. *Mathematische Annalen*, 261:515–534, 1982.

[LLS90]

Jeffrey C. Lagarias, H. W. Lenstra, Jr., and Claus-Peter Schaorr. Korkine-Zolotarev bases and successive minima of a lattice and its reciprocal lattice. *Combinatorica*, 10:333–348, 1990.

[LM85]

Susan Landau and Gary L. Miller. Solvability by radicals is in polynomial time. *Journal of Computer and System Science*, 30:179–208, 1985.

[LN83]

Rudolf Lidl and Harald Niederreiter. *Finite Fields*. Addison-Wesley, Reading, MA, 1983.

[Lov86]

László Lovász. *An Algorithmic Theory of Numbers, Graphs, and Convexity*. Number 50 in CBMS-NSF Regional Conference Series in Applied Mathematics. Society of Industrial and Applied Mathematicians, Philadelphia, PA, 1986.

[Lov92]

Renet Lovorn. *Rigorous Subexponential Algorithms for Discrete Logarithms over Finite Fields*. PhD thesis, University of Georgia, May 1992.

[LP92]

H. W. Lenstra, Jr. and Carl Pomerance. A rigorous time bound for factoring integers. *Journal of the American Mathematical Society*, 5:483–516, 1992.

[MA78]

K. Manders and Leonard M. Adleman. NP-complete decision problems for binary quadratics. *Journal of Computer and System Science*, 16:168–184, 1978.

[MB75]

Michael Morrison and John Brillhart. A method of factoring and the factorization of *F*
_{7}. *Mathematics of Computation*, 29:183–205, 1975.

[McC88]

Kevin S. McCurley. A key distribution system equivalent to factoring. *Journal of Cryptology*, 1:95–105, 1988.

[McC89]

Kevin S. McCurley. Cryptographic key distribution and computation in class groups. In Richard A. Mollin, editor, *Proceedings of the NATO Advanced Study Institute on Number Theory and Applications*, pages 459–479, The Netherlands, 1989. Kluwer.

[McC90a]

Kevin S. McCurley. The discrete logarithm problem. In Pomerance [Pom90], pages 49–74.

[McC90b]

Kevin S. McCurley. Odds and ends from cryptology and computational number theory. In Pomerance [Pom90], pages 145–166.

[Mil76]

Gary L. Miller. Riemann's hypothesis and tests for primality. *Journal of Computer and System Science*, 13:300–317, 1976.

[Mil86]

Victor Miller. Use of elliptic curves in cryptography. In *Advances in Cryptology: Proceedings of Crypto '85*, volume 218 of *Lecture Notes in Computer Science*, pages 417–426, Berlin, 1986. Springer-Verlag.

[MOV94]

Alfred J. Menezes, Tatsuaki Okamoto, and Scott A. Vanstone. Reducing elliptic curve logarithms to logarithms in a finite field. *IEEE Transactions in Information Theory*, ???, 1994. Extended abstract in Proceedings of the 23rd ACM Symposium on Theory of Computing, 1991, ACM, pp. 80–89.

[oC91]

U.S. Department of Commerce. A proposed federal information processing standard for digital signature standard. In *Federal Register*, volume 56, no. 169, pages 42980–42982. U.S. GPO, August 1991.

[Odl85]

Andrew Odlyzko. The discrete logarithm problem and its cryptographic significance. In *Advances in Cryptology: Proceedings of Eurocrypt '84*, volume 209 of *Lecture Notes in Computer Science*, pages 224–314, Berlin, 1985. Springer-Verlag.

[Odl94]

Andrew Odlyzko. Discrete logarithms and smooth polynomials. In Gary L. Mullen and Peter Shiue, editors, *Finite Fields: Theory, Applications, and Algorithms*, Contemporary Mathematics Series, Providence, RI, 1994. American Mathematical Society.

[OSS84]

H. Ong, Claus-Peter Schnorr, and Adi Shamir. An efficient signature scheme based on quadratic equations. In *Proceedings of the 16th Annual Symposium on Theory of Computing*, pages 208–216, New York, 1984. Association for Computing Machinery.

[PH78]

Stephen Pohlig and Martin Hellman. An improved algorithm for computing discrete logarithms over GF(p) and its cryptographic significance. *IEEE Transactions on Information Theory*, 24:106–110, 1978.

[Pil90]

Jonathan Pila. Frobenius maps of abelian varieties and finding roots of unity in finite fields. *Mathematics of Computation*, 55:745–763, 1990.

[Pla79]

D. A. Plaisted. Fast verification, testing, and generation of large primes. *Theoretical Computer Science*, 9:1–16, 1979.

[Pom82]

Carl Pomerance. Analysis and comparison of some integer factoring methods. In H. W. Lenstra, Jr. and R. Tijdeman, editors, *Computational Methods in Number Theory, Part I*, number 154 in Math. Centre Tract, pages 89–139. Math. Centre, Amsterdam, 1982.

[Pom86]

Carl Pomerance. Fast, rigorous factorization and discrete logarithm algorithms. In *Discrete Algorithms and Complexity (Proceedings of the Japan-US Joint Seminar on Discrete Algorithms and Complexity Theory)*, pages 119–143. Academic Press, 1986.

[Pom90]

Carl Pomerance, editor. *Cryptography and Computational Number Theory*, volume 42 of *Proceedings of Symposia in Applied Mathematics*. American Mathematical Society, Providence, 1990.

[Pom81]

Carl Pomerance. Recent developments in primality testing. *Mathematical Intelligencer*, 3:97–105, 1980/81.

[Pra75]

Vaughn Pratt. Every prime has a succinct certificate. *SIAM Journal of Computing*, 4:214–220, 1975.

[PS87]

John Pollard and Claus-Peter Schnorr. Solution of *x*
^{2} + *ky*
^{2} ≡ *m* (mod *n*), with application to digital signatures. *IEEE Transactions on Information Theory*, 22:702–709, 1987.

[PSS88]

Janos Pintz, William L. Steiger, and Endre Szemerédi. Two infinite sets of primes with fast primality tests. In *Proceedings of the 20th Annual Symposium on Theory of Computing*, pages 504–509. Association for Computing Machinery, 1988. Journal version in [PSS89].

[PSS89]

Janos Pintz, William L. Steiger, and Endre Szemerédi. Infinite sets of primes with fast primality tests and quick generation of large primes. *Mathematics of Computation*, 53:399–406, 1989. Extended abstract in [PSS88].

[Rab79]

Michael O. Rabin. Digitalized signatures and public-key functions as intractible as factorization. Technical Report TR-212, Massachussetts Institute of Technology, Laboratory for Computer Science, 1979.

[Rab80a]

Michael O. Rabin. Probabilistic algorithm for testing primality. *Journal of Number Theory*, 12:128–138, 1980.

[Rab80b]

Michael O. Rabin. Probabilistic algorithms in finite fields, *SIAM Journal of Computing*, 9:273–280, 1980.

[Rie85a]

Hans Riesel. Modern factorization methods. *BIT*, 25:205–222, 1985.

[Rie85b]

Hans Riesel. *Prime Numbers and Computer Methods for Factorization*. Birkhäuser, Boston, 1985.

[Rón88]

L. Rónyai. Factoring polynomials over finite fields. *Journal of Algorithms*, 9:391–400, 1988.

[Rón89]

L. Rónyai. Galois groups and factoring polynomials over finite fields. In *Proceedings of the 30th Annual Symposium on Foundations of Computer Science*, pages 99–104. IEEE Computer Society, 1989.

[RSA78]

Ronald Rivest, Adi Shamir, and Leonard M. Adleman. A method for obtaining digital signatures and public key cryptosystems. *Communications of the ACM*, 21:120–126, 1978.

[Sch82]

Rene School. Quadratic fields and factorisation. In H. W. Lenstra, Jr. and R. Tijdeman, editors, *Computational Methods in Number Theory, Part I*, number 154 in Math. Centre Tract. Math. Centre, Amsterdam, 1982.

[Sch85]

R. Schoof. Elliptic curves over finite fields and the computation of square roots modulo p. *Mathematics of Computation*, 44:483–494, 1985.

[Sch91]

Claus-Peter Schnorr. Efficient signature generation by smart cards. *Journal of Cryptology*, 4:161–174, 1991.

[Sch93]

Oliver Schirokauer. Discrete logarithms and local units. *Philisophical Transactions of the Royal Society of London (A)*, 345:409–423, 1993.

[Sey87]

Martin Seysen. A probabilistic factorization algorithm with quadratic forms of negative discriminant. *Mathematics of Computation*, 48:757–780, 1987.

[Sha71]

Daniel Shanks. Class number, a theory of factorization, and genera. In *Analytic Number Theory*, volume 20 of *Proceedings of Symposia in Pure Mathematics*, pages 415–440. American Mathematical Society, 1971.

[Sha72]

Daniel Shanks. Five number-theoretic algorithms. In *Proceedings of the Second Manitoba Conference on Numerical Mathematics*, pages 51–70, 1972.

[Sha84]

Jeffrey O. Shallit. An exposition of Pollard's algorithm for quadratic congruences. Technical Report 84-006, University of Chicago, Department of Computer Science, December 1984.

[Sho90a]

Victor Shoup. New algorithms for finding irreducible polynomials over finite fields. *Mathematics of Computation*, 54:435–447, 1990. Extended abstract in Proceedings of the 29th Annual IEEE Symposium on Foundations of Computer Science (1988), pp. 283–290.

[Sho90b]

Victor Shoup. On the deterministic complexity of factoring polynomials over finite fields. *Information Processing Letters*, 33:261–267, 1990.

[Sho90c]

Victor Shoup. Searching for primitive roots in finite fields. In *Proceedings of the 22th Annual Symposium on Theory of Computing*, pages 546–554, 1990.

[ShoarTANO]

Peter W. Shor. Polynomial time algorithms for discrete logarithms and factoring on a quantum computer. In *Proceedings of the 1994 Algorithmic Number Theory Symposium*. Springer-Verlag, to appear.

[Sil86]

Joseph H. Silverman. *The Arithmetic of Elliptic Curves*, volume 106 of *Graduate Texts in Mathematics*. Springer-Verlag, 1986.

[SL84]

Claus-Peter Schnorr and H. W. Lenstra, Jr. A Monte Carlo factoring algorithm with linear storage. *Mathematics of Computation*, 43:289–311, 1984.

[Sor90]

Jonathan Sorenson. Counting the integers factorable via cyclotomic methods. Technical Report 919, University of Wisconsin, Deparment of Computer Sciences, 1990.

[SS71]

Alfred Schönhage and Volker Strassen. Schnelle Multiplikation grosser Zahlen. *Computing*, 7:281–292, 1971.

[SS77]

R. Solovay and Volker Strassen. A fast Monte-Carlo test for primality. *SIAM Journal of Computing*, 6:84–85, 1977.

[SS85]

Jeffrey O. Shallit and Adi Shamir. Number-theoretic functions which are equivalent to number of divisors. *Information Processing Letters*, 20:151–153, 1985.

[ThiarTANO]

C. Thiel. Verifying the class number belongs to *NP*∩co*NP*. In *Proceedings of the 1994 Algorithmic Number Theory Symposium*. Springer-Verlag, to appear.

[Ton91]

A. Tonelli. Bemerkung ber die aufl sung quadratischer Congruenzen. *Göttinger Nachrichten*, pages 314–346, 1891.

[vEB81]

P. van Emde Boas. Another NP-complete partition problem and the complexity of computing short vectors in lattices. Technical Report 81-04, Mathematics Department, University of Amsterdam, 1981.

[vO91]

Paul van Oorschot. A comparison of practical public key cryptosystems based on integer factorization and discrete logarithms. In Gustavus J. Simmons, editor, *Contemporary Cryptology: The Science of Information Integrity*, IEEE Proceedings, pages 280–322. IEEE, 1991.

[vzGKS93]

Joachim von zur Gathen, Marek Karpinski, and Igor Shparlinski. Counting curves and their projections. preprint, March 1993.

[Wan61]

Y. Wang. On the least primitive root of a prime. *Scientia Sinica*, 10:1–14, 1961.

[Wil78]

Hugh C. Williams. Primality testing on a computer. *Ars Combinatorica*, 5:127–185, 1978.

[Wil84]

Hugh C. Williams. Factoring on a computer. *Mathematical Intelligencer*, 6:29–36, 1984.

[Yao82]

Andrew C. Yao. Theory and applications of trapdoor functions. In *Proceedings of the 23rd Annual Symposium on Foundations of Computer Science*, pages 80–91. IEEE Computer Society, 1982.