Similarly, we have taken 3*p*^{2} steps for division whereas division
can be reduced to multiplication upto a constant factor and hence is
again accomplished in a constant multiple of *p* log(*p*) steps.

It will probably suffice for cryptological applications to make the
asymmetric assumption that the cryptographer (encryption/decryption
process) uses multiplication that takes *p*^{2} steps while the
cryptanalyst (the ``code-breaker'') uses multiplication that takes
*p* log(*p*) steps. If the cryptosystems that we design are secure under
such asymmetric assumptions they will also be secure under more
symmetric assumptions!

Kapil Hari Paranjape 2002-10-20