arxiv: 2605.03972 · v1 · submitted 2026-05-05 · 🪐 quant-ph

Recognition: unknown

Regev's reduction as a candidate quantum algorithm for the discrete logarithm problem in finite abelian groups

M. Isabel Franco Garrido , Andr\'e Chailloux

Authors on Pith no claims yet

Pith reviewed 2026-05-07 03:26 UTC · model grok-4.3

classification 🪐 quant-ph

keywords discrete logarithmRegev reductionReed-Solomon codesquantum decodingNP-hardnessfinite abelian groupsPretty Good Measurementbounded distance decoding

0 comments

The pith

Regev's reduction applied to Cheng-Wan instances of discrete logarithm falls short of the required decoder threshold by a constant factor.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper examines whether Regev's reduction, which converts a classical decoder for a code into a quantum algorithm for decoding the dual code, can solve the discrete logarithm problem when applied to instances derived from a reduction by Cheng and Wan. This reduction transforms DLOG in finite fields into bounded-distance decoding for Reed-Solomon codes. The authors generalize this to finite abelian groups and show that even at zero rate, such decoding is NP-hard, though at a larger radius than needed. When they apply known efficient decoders to these instances, none reach the Cheng-Wan threshold. They identify the exact performance level a decoder would need under an assumption on the instances. The key point is that solvability is not the issue, as the Pretty Good Measurement solves all instances, but it is inefficient in general.

Core claim

Regev's reduction does not yield an efficient quantum solver for discrete logarithm using known decoders on Cheng-Wan instances, as they fall short by a constant factor, and the required decoder performance is identified under an assumption on the instances; the obstruction is computational efficiency rather than fundamental solvability, since the Pretty Good Measurement solves the dual decoding problem on all instances including NP-hard ones but requires exponential resources.

What carries the argument

Regev's reduction, which turns a decoder for a linear code into a quantum solver for the corresponding dual decoding problem by preparing a superposition over codewords and measuring.

If this is right

The Cheng-Wan reduction generalizes to show that solving discrete logarithm in any finite abelian group reduces to bounded distance decoding of Reed-Solomon codes.
Bounded distance decoding for Reed-Solomon codes is NP-hard even at asymptotically zero rate.
Known efficient decoders for Reed-Solomon codes fall short of the Cheng-Wan threshold by a constant factor when used inside Regev's reduction.
The Pretty Good Measurement solves the dual decoding problem on every Cheng-Wan instance but requires exponential resources in general.
A decoder reaching the identified QDP parameter would turn Regev's reduction into a quantum algorithm for discrete logarithm.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Quantum reductions like Regev's may be limited more by the classical task of building efficient decoders for hard instances than by quantum mechanics itself.
This supplies a concrete performance target for future decoder research aimed at code-based quantum algorithms.
Similar efficiency gaps could appear when applying Regev-style reductions to other problems that reduce to decoding.
Testing the assumption on Cheng-Wan instance structure on small finite fields would clarify whether the identified threshold is robust.

Load-bearing premise

The assumption on the structure of the Cheng-Wan instances that allows identifying the precise QDP parameter a decoder must achieve to solve discrete logarithm.

What would settle it

Constructing or ruling out an efficient decoder that meets the identified QDP parameter on Cheng-Wan instances would determine whether Regev's reduction solves discrete logarithm, or showing an efficient implementation of the Pretty Good Measurement on these instances would confirm the efficiency barrier.

Figures

Figures reproduced from arXiv: 2605.03972 by Andr\'e Chailloux, M. Isabel Franco Garrido.

**Figure 1.** Figure 1: Regev’s reduction in the code-based setting. view at source ↗

**Figure 2.** Figure 2: Regev’s reduction in the code-based setting with QDP. view at source ↗

read the original abstract

We revisit the reduction of Cheng and Wan, which transforms instances of the discrete logarithm problem (DLOG) over finite fields into a decoding problem for Reed--Solomon codes, and study how Regev's reduction can be used to solve these instances. Regev's reduction turns a decoder for a code into a quantum solver for a decoding problem on the dual code. The quantum advantage depends on the dual problem being classically hard, which has proven difficult to establish. The Cheng--Wan reduction offers a natural source of such instances: solving them would solve discrete logarithm. Since Shor's algorithm already solves discrete logarithm, the goal is not a new quantum speedup but to understand whether Regev's reduction, applied to a problem we have independent reasons to believe is hard, can solve discrete logarithm, and if not, where it falls short. We generalize the hardness consequence of the Cheng--Wan reduction for Reed--Solomon bounded distance decoding -- from solving DLOG in $\mathbb{F}_{q^h}^\times$ to solving DLOG in finite abelian groups, and we prove that bounded distance decoding for Reed--Solomon codes is NP-hard even at asymptotically zero rate, though the known NP-hard radius lies well above the Cheng--Wan decoding radius. We then carry out Regev's reduction on the Cheng--Wan instances and evaluate it with known efficient decoders. All fall short of the Cheng--Wan threshold by a constant factor, and under an assumption on the Cheng--Wan instances we identify the QDP parameter a decoder would need to reach in order to solve discrete logarithm. The obstruction is one of efficiency rather than solvability: the Pretty Good Measurement solves the corresponding decoding problem on every instance, including NP-hard instances, but its implementation requires exponential resources in general.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

Regev's reduction applied to Cheng-Wan instances misses the decoder threshold by a constant factor, so it yields no efficient quantum DLOG solver, with the barrier being implementation cost rather than solvability.

read the letter

Regev's reduction does not produce an efficient quantum algorithm for discrete log when fed the Cheng-Wan instances, because standard decoders miss the required performance by a constant factor. The paper also extends the hardness statement to all finite abelian groups and shows NP-hardness for Reed-Solomon decoding at zero rate. The main contribution is the concrete evaluation: they apply the reduction, test known decoders, and under a stated assumption on the instances they pin down exactly what decoding quality would be needed to break DLOG this way. They correctly note that the pretty good measurement solves the decoding problem in principle but is not efficient to implement. This is useful diagnostic work on why a particular quantum approach does not yield a new algorithm, even though Shor's algorithm already exists. The generalization and the zero-rate NP-hardness are new. The hardness proof is interesting on its own, though the radius is larger than the Cheng-Wan one, so it does not rule out efficient decoders for the relevant instances. The soft spot is the assumption on the structure of the Cheng-Wan instances that is used to compute the exact QDP parameter. The paper states it clearly, but if the error patterns or weights after reduction do not match the assumption, the threshold claim weakens. The evaluation with known decoders is straightforward, but it would be good to see whether the constant-factor gap is fundamental or just a matter of current decoder technology. Overall the argument holds up on its own terms: the obstruction is efficiency, not solvability. No circularity or fitting issues appear. This paper is aimed at people who study quantum reductions and the limits of quantum algorithms for group problems. A reader interested in Regev's method or in connections between DLOG and coding theory will find the calculations and the hardness extension useful. It is not a breakthrough but it is a careful negative result that clarifies a barrier. I would bring it to a reading group for the technical details on the reduction composition. It deserves peer review because the claims are specific enough to be checked and the evaluation is reproducible in principle. Recommendation: send it to referees. The work is honest about its scope and the assumption is flagged.

Referee Report

2 major / 1 minor

Summary. The manuscript revisits the Cheng-Wan reduction mapping discrete logarithm instances over finite fields to bounded-distance decoding of Reed-Solomon codes. It generalizes the hardness implication to discrete logarithms in arbitrary finite abelian groups, proves that bounded-distance decoding of Reed-Solomon codes remains NP-hard even at asymptotically zero rate (though the hardness radius exceeds the Cheng-Wan radius), applies Regev's reduction to the resulting instances, and evaluates known efficient decoders, all of which fall short of the Cheng-Wan threshold by a constant factor. Under an assumption on the structure of the Cheng-Wan instances, the authors identify the precise QDP parameter a decoder must achieve to solve discrete logarithm and conclude that the obstruction is one of efficiency rather than solvability, since the Pretty Good Measurement solves the decoding problem on every instance (including NP-hard ones) but requires exponential resources in general.

Significance. If the results hold, the work supplies a concrete case study of Regev's reduction applied to instances that have independent hardness evidence (discrete logarithm). It isolates an efficiency barrier rather than an information-theoretic one and supplies a new NP-hardness statement for Reed-Solomon decoding at vanishing rate. These contributions are useful for understanding the scope and limitations of quantum decoding reductions for number-theoretic problems.

major comments (2)

The assumption on the structure of the Cheng-Wan instances (used to convert the observed constant-factor gap into a precise QDP-parameter threshold) is load-bearing for the central negative claim about known decoders. The manuscript should either prove the assumption or state it with sufficient precision that its failure modes can be checked; without this, the conclusion that the gap blocks an efficient solver rests on an unverified property of the reduced instances rather than on the reduction itself.
The NP-hardness result for bounded-distance Reed-Solomon decoding at asymptotically zero rate is stated, yet the paper explicitly notes that the known hardness radius lies well above the Cheng-Wan decoding radius. This limits the direct relevance of the hardness statement to the instances actually fed into Regev's reduction; the evaluation with concrete decoders therefore carries more weight than the complexity-theoretic claim for the paper's main argument.

minor comments (1)

The abstract and introduction would benefit from a single-sentence statement of the precise assumption on Cheng-Wan instance structure immediately after the sentence that invokes it.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the careful reading and constructive suggestions. The comments correctly identify two points where the manuscript's emphasis and precision can be improved. We address each below and will revise the manuscript to clarify the assumption on Cheng-Wan instances and to better foreground the concrete decoder evaluations as the primary evidence.

read point-by-point responses

Referee: The assumption on the structure of the Cheng-Wan instances (used to convert the observed constant-factor gap into a precise QDP-parameter threshold) is load-bearing for the central negative claim about known decoders. The manuscript should either prove the assumption or state it with sufficient precision that its failure modes can be checked; without this, the conclusion that the gap blocks an efficient solver rests on an unverified property of the reduced instances rather than on the reduction itself.

Authors: We agree that the assumption is central to converting the observed gap into a precise threshold for the QDP parameter. In the revised manuscript we will restate the assumption with greater precision, explicitly enumerating the structural properties of the Cheng-Wan instances that are used (the algebraic form of the error vectors and the preservation of the discrete-log relation under the reduction). We will also add a short discussion of plausible failure modes and how they could be checked computationally on small instances or ruled out by further analysis of the reduction map. While a complete proof of the assumption lies beyond the scope of the present work, making the statement fully explicit and falsifiable directly ties the negative conclusion to the reduction itself rather than to an opaque property of the instances. revision: partial
Referee: The NP-hardness result for bounded-distance Reed-Solomon decoding at asymptotically zero rate is stated, yet the paper explicitly notes that the known hardness radius lies well above the Cheng-Wan decoding radius. This limits the direct relevance of the hardness statement to the instances actually fed into Regev's reduction; the evaluation with concrete decoders therefore carries more weight than the complexity-theoretic claim for the paper's main argument.

Authors: We concur. The manuscript already records that the NP-hardness radius exceeds the Cheng-Wan radius, and we agree that this limits the direct applicability of the hardness result to the instances actually supplied to Regev's reduction. The central argument of the paper rests on the concrete decoder evaluations and the efficiency barrier for the Pretty Good Measurement. In the revision we will reorganize the exposition to place the decoder analysis and Regev reduction in the foreground, moving the NP-hardness theorem to an appendix so that it does not compete with the main narrative. revision: yes

Circularity Check

0 steps flagged

No circularity: external reductions evaluated against known decoders with explicit assumption only for threshold

full rationale

The derivation composes the Cheng-Wan reduction (transforming DLOG to Reed-Solomon decoding) with Regev's reduction (decoder to quantum dual decoder) and evaluates the result using independently known efficient decoders. All steps rely on prior external work and standard decoders without parameter fitting to the target DLOG instances. The single explicit assumption on Cheng-Wan instance structure is stated only to compute a precise QDP threshold and is not used to derive the central claim that known decoders fall short by a constant factor or that PGM solves the problem (albeit inefficiently). The NP-hardness extension for Reed-Solomon codes at zero rate is proved directly and does not reduce to self-citations or fitted inputs. No self-definitional, fitted-prediction, or load-bearing self-citation patterns appear.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The paper relies on the correctness of two prior reductions and on standard complexity assumptions but introduces no new free parameters or postulated entities.

axioms (2)

domain assumption The Cheng-Wan reduction correctly maps discrete-logarithm instances in finite fields to bounded-distance decoding instances for Reed-Solomon codes.
The paper invokes this mapping without re-deriving it.
domain assumption Regev's reduction converts a classical decoder for a code into a quantum procedure for the dual decoding problem.
The paper applies this transformation as a black box.

pith-pipeline@v0.9.0 · 5633 in / 1749 out tokens · 73241 ms · 2026-05-07T03:26:09.278473+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

67 extracted references · 12 canonical work pages · 2 internal anchors

[1]

Advances in Cryptology --

Yilei Chen and Qipeng Liu and Mark Zhandry , title =. Advances in Cryptology --. 2022 , doi =. 2108.11015 , archivePrefix =

work page arXiv 2022
[2]

On Worst-Case Optimal Polynomial Intersection

On Worst-Case Optimal Polynomial Intersection , author=. arXiv preprint arXiv:2604.09533 , year=

work page internal anchor Pith review Pith/arXiv arXiv
[3]

Journal of the

Takashi Yamakawa and Mark Zhandry , title =. Journal of the. 2024 , doi =. 2204.02063 , archivePrefix =

work page arXiv 2024
[4]

Proceedings of the 37th Annual

Oded Regev , title =. Proceedings of the 37th Annual. 2005 , doi =

2005
[5]

The Quantum Decoding Problem: Tight Achievability Bounds and Application to

Agathe Blanvillain and Andr. The Quantum Decoding Problem: Tight Achievability Bounds and Application to. 2025 , eprint =

2025
[6]

Efficient Quantum Algorithms for Some Instances of the Semidirect Discrete Logarithm Problem , journal =

Muhammad Imran and G. Efficient Quantum Algorithms for Some Instances of the Semidirect Discrete Logarithm Problem , journal =. 2024 , doi =. 2312.14028 , archivePrefix =

work page arXiv 2024
[7]

2025 , eprint =

Robin Kothari and Ryan O'Donnell and Kewen Wu , title =. 2025 , eprint =

2025
[8]

2025 , eprint=

Optimization by Decoded Quantum Interferometry , author=. 2025 , eprint=

2025
[9]

Proceedings of the 57th Annual ACM Symposium on Theory of Computing , pages=

Quantum advantage from soft decoders , author=. Proceedings of the 57th Annual ACM Symposium on Theory of Computing , pages=
[10]

IEEE transactions on Information Theory , volume=

Quantum reduction of finding short code vectors to the decoding problem , author=. IEEE transactions on Information Theory , volume=. 2023 , publisher=

2023
[11]

IACR international workshop on public key cryptography , pages=

Learning with errors and extrapolated dihedral cosets , author=. IACR international workshop on public key cryptography , pages=. 2018 , organization=

2018
[12]

International Conference on the Theory and Application of Cryptology and Information Security , pages=

Efficient public key encryption based on ideal lattices , author=. International Conference on the Theory and Application of Cryptology and Information Security , pages=. 2009 , organization=

2009
[13]

Theory of Quantum Computation, Communication and Cryptography (TQC 2024) , volume=

The Quantum Decoding Problem , author=. Theory of Quantum Computation, Communication and Cryptography (TQC 2024) , volume=. 2024 , organization=

2024
[14]

The Guruswami--Sudan Decoding Algorithm for Reed--Solomon Codes , author=
[15]

2017 IEEE International Symposium on Information Theory (ISIT) , pages=

Attaining capacity with iterated (U| U+ V) codes based on AG codes and Koetter-Vardy soft decoding , author=. 2017 IEEE International Symposium on Information Theory (ISIT) , pages=. 2017 , organization=

2017
[16]

SIAM Journal on Computing , volume=

On the list and bounded distance decodability of Reed--Solomon codes , author=. SIAM Journal on Computing , volume=. 2007 , publisher=

2007
[17]

& Tillich, J.-P

Chailloux, André and Tillich, Jean-Pierre , keywords =. The Quantum Decoding Problem , publisher =. 2023 , copyright =. doi:10.48550/ARXIV.2310.20651 , url =

work page doi:10.48550/arxiv.2310.20651 2023
[18]

Barnett , title =

Anthony Chefles and Stephen M. Barnett , title =. Physics Letters A , year =
[19]

2020 , note =

Dan Boneh and Victor Shoup , title =. 2020 , note =

2020
[20]

arXiv preprint arXiv:2510.10967 , year=

Verifiable quantum advantage via optimized DQI circuits , author=. arXiv preprint arXiv:2510.10967 , year=

work page arXiv
[21]

Dummit and Richard M

David S. Dummit and Richard M. Foote , title =
[22]

Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat

Improved decoding of Reed-Solomon and algebraic-geometric codes , author=. Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No. 98CB36280) , pages=. 1998 , organization=

1998
[23]

IEEE Transactions on Information Theory , year =

Venkatesan Guruswami and Alexander Vardy , title =. IEEE Transactions on Information Theory , year =. doi:10.1109/TIT.2005.850102 , url =

work page doi:10.1109/tit.2005.850102 2005
[24]

SIAM Journal on Computing , year =

Venkata Gandikota and Badih Ghazi and Elena Grigorescu , title =. SIAM Journal on Computing , year =. doi:10.1137/16M110349X , url =

work page doi:10.1137/16m110349x
[25]

SIAM Journal on Computing , year =

Qi Cheng and Daqing Wan , title =. SIAM Journal on Computing , year =. doi:10.1137/S0097539705447335 , url =

work page doi:10.1137/s0097539705447335
[26]

A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic , booktitle =

Razvan Barbulescu and Pierrick Gaudry and Antoine Joux and Emmanuel Thom. A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic , booktitle =. 2014 , doi =

2014
[27]

Smart and Frederik Vercauteren , title =

Antoine Joux and Reynald Lercier and Nigel P. Smart and Frederik Vercauteren , title =. CRYPTO 2006 , series =. 2006 , doi =

2006
[28]

Improving

Razvan Barbulescu and Pierrick Gaudry and Aurore Guillevic and Fran. Improving. EUROCRYPT 2015 (Part I) , series =. 2015 , doi =

2015
[29]

Algorithmic Number Theory (MSRI Publications, vol

Oliver Schirokauer , title =. Algorithmic Number Theory (MSRI Publications, vol. 44) , year =
[30]

CRYPTO 2016 , series =

Taechan Kim and Razvan Barbulescu , title =. CRYPTO 2016 , series =. 2016 , doi =

2016
[31]

Maggs , title =

Bruce M. Maggs , title =. 2000 , month = oct, note =

2000
[32]

Shum , title =

Kenneth W. Shum , title =. 2016 , month = nov, note =

2016
[33]

and Bossert, Martin , title =

Schmidt, Georg and Sidorenko, Vladimir R. and Bossert, Martin , title =. IEEE Trans. Inf. Theor. , month = jul, pages =. 2009 , issue_date =. doi:10.1109/TIT.2009.2021308 , abstract =

work page doi:10.1109/tit.2009.2021308 2009
[34]

Discrete Algorithms and Complexity , publisher =

Carl Pomerance , title =. Discrete Algorithms and Complexity , publisher =. 1987 , pages =

1987
[35]

On the Complexity of Decoded Quantum Interferometry

Marwaha, Kunal and Fefferman, Bill and Gheorghiu, Alexandru and Havlicek, Vojtech , keywords =. On the Complexity of Decoded Quantum Interferometry , publisher =. 2025 , copyright =. doi:10.48550/ARXIV.2509.14443 , url =

work page internal anchor Pith review Pith/arXiv arXiv doi:10.48550/arxiv.2509.14443 2025
[36]

Codes, Cryptology and Curves with Computer Algebra , publisher =

Ruud Pellikaan and Xin. Codes, Cryptology and Curves with Computer Algebra , publisher =
[37]

Journal of the ACM , year =

Hallgren, Sean , title =. Journal of the ACM , year =
[38]

Automata, Languages and Programming (ICALP 2008), Part I , series =

Qi Cheng and Daqing Wan , title =. Automata, Languages and Programming (ICALP 2008), Part I , series =. 2008 , doi =

2008
[39]

Proceedings of the Thirty-Third Annual

John Watrous , title =. Proceedings of the Thirty-Third Annual. 2001 , pages =. doi:10.1145/380752.380759 , url =. quant-ph/0011023 , archivePrefix =

work page doi:10.1145/380752.380759 2001
[40]

and Hellman, Martin E

Pohlig, Stephen C. and Hellman, Martin E. , title =. IEEE Transactions on Information Theory , volume =. 1978 , month = jan, doi =

1978
[41]

, title =

Pollard, John M. , title =. BIT Numerical Mathematics , volume =. 1975 , doi =

1975
[42]

Nechaev, V. I. , title =. Mathematical Notes , volume =. 1994 , doi =

1994
[43]

Advances in Cryptology ---

Shoup, Victor , title =. Advances in Cryptology ---. 1997 , editor =

1997
[44]

2003 , eprint =

Oded Regev , title =. 2003 , eprint =

2003
[45]

2007 , month = jan, note =

Arora, Sanjeev and Barak, Boaz , title =. 2007 , month = jan, note =

2007
[46]

Menezes and Paul C

Alfred J. Menezes and Paul C. van Oorschot and Scott A. Vanstone , title =. 1996 , url =

1996
[47]

2018 , month = apr, doi =

Elaine Barker and Lily Chen and Allen Roginsky and Apostol Vassilev and Richard Davis , title =. 2018 , month = apr, doi =

2018
[48]

Rudolf Lidl and Harald Niederreiter , title =
[49]

Finite Fields and Their Applications , volume =

Lido, Guido , title =. Finite Fields and Their Applications , volume =
[50]

Pollard, J. M. , title =. Mathematics of Computation , volume =. 1978 , doi =

1978
[51]

, title =

Shor, Peter W. , title =. SIAM Journal on Computing , volume =. 1997 , publisher =

1997
[52]

, title =

Kitaev, Alexei Yu. , title =. Electronic Colloquium on Computational Complexity (ECCC) , volume =. 1995 , note =

1995
[53]

and van Dam, Wim , title =

Childs, Andrew M. and van Dam, Wim , title =. Reviews of Modern Physics , volume =. 2010 , publisher =

2010
[54]

Nature , volume =

Arute, Frank and others , title =. Nature , volume =. 2019 , publisher =

2019
[55]

Proceedings of the 43rd Annual ACM Symposium on Theory of Computing (STOC) , pages =

Aaronson, Scott and Arkhipov, Alex , title =. Proceedings of the 43rd Annual ACM Symposium on Theory of Computing (STOC) , pages =. 2011 , publisher =

2011
[56]

Science , volume =

Zhong, Han-Sen and others , title =. Science , volume =. 2020 , publisher =

2020
[57]

, title =

Boneh, Dan and Lipton, Richard J. , title =. Advances in Cryptology -- CRYPTO 1995 , series =. 1995 , publisher =

1995
[58]

Some optimal inapproximability results , journal =

H. Some optimal inapproximability results , journal =. 2001 , publisher =

2001
[59]

2026 , eprint=

Shor's algorithm is possible with as few as 10,000 reconfigurable atomic qubits , author=. 2026 , eprint=

2026
[60]

Journal of the ACM , volume =

Oded Regev , title =. Journal of the ACM , volume =
[61]

2024 , eprint =

Regev, Oded , title =. 2024 , eprint =

2024
[62]

and Shamir, Adi and Adleman, Leonard , title =

Rivest, Ronald L. and Shamir, Adi and Adleman, Leonard , title =. Communications of the ACM , volume =. 1978 , doi =

1978
[63]

, title =

Diffie, Whitfield and Hellman, Martin E. , title =. IEEE Transactions on Information Theory , volume =. 1976 , doi =

1976
[64]

IEEE Transactions on Information Theory , volume =

ElGamal, Taher , title =. IEEE Transactions on Information Theory , volume =. 1985 , doi =

1985
[65]

Mathematics of Computation , volume =

Koblitz, Neal , title =. Mathematics of Computation , volume =. 1987 , doi =

1987
[66]

, editor =

Miller, Victor S. , editor =. Use of Elliptic Curves in Cryptography , booktitle =. 1985 , publisher =

1985
[67]

2025 , eprint=

OPI x Soft Decoders , author=. 2025 , eprint=

2025