A Multi-level Blocking Distinct Degree Factorization Algorithm

We give a new algorithm for performing the distinct-degree factorization of a polynomial P(x) over GF(2), using a multi-level blocking strategy. The coarsest level of blocking replaces GCD computations by multiplications, as suggested by Pollard (1975), von zur Gathen and Shoup (1992), and others. The novelty of our approach is that a finer level of blocking replaces multiplications by squarings, which speeds up the computation in GF(2)[x]/P(x) of certain interval polynomials when P(x) is sparse. As an application we give a fast algorithm to search for all irreducible trinomials x^r + x^s + 1 of degree r over GF(2), while producing a certificate that can be checked in less time than the full search. Naive algorithms cost O(r^2) per trinomial, thus O(r^3) to search over all trinomials of given degree r. Under a plausible assumption about the distribution of factors of trinomials, the new algorithm has complexity O(r^2 (log r)^{3/2}(log log r)^{1/2}) for the search over all trinomials of degree r. Our implementation achieves a speedup of greater than a factor of 560 over the naive algorithm in the case r = 24036583 (a Mersenne exponent). Using our program, we have found two new primitive trinomials of degree 24036583 over GF(2) (the previous record degree was 6972593)

Faster polynomial multiplication over finite fields

Let p be a prime, and let M_p(n) denote the bit complexity of multiplying two polynomials in F_p[X] of degree less than n. For n large compared to p, we establish the bound M_p(n) = O(n log n 8^(log^* n) log p), where log^* is the iterated logarithm. This is the first known F\"urer-type complexity bound for F_p[X], and improves on the previously best known bound M_p(n) = O(n log n log log n log p)

A Discrete Logarithm-based Approach to Compute Low-Weight Multiples of Binary Polynomials

Being able to compute efficiently a low-weight multiple of a given binary polynomial is often a key ingredient of correlation attacks to LFSR-based stream ciphers. The best known general purpose algorithm is based on the generalized birthday problem. We describe an alternative approach which is based on discrete logarithms and has much lower memory complexity requirements with a comparable time complexity.Comment: 12 page

Computing Puiseux series : a fast divide and conquer algorithm

Let $F\in \mathbb{K}[X, Y ]$ be a polynomial of total degree $D$ defined over a perfect field $\mathbb{K}$ of characteristic zero or greater than $D$. Assuming $F$ separable with respect to $Y$ , we provide an algorithm that computes the singular parts of all Puiseux series of $F$ above $X = 0$ in less than $\tilde{\mathcal{O}}(D\delta)$ operations in $\mathbb{K}$, where $\delta$ is the valuation of the resultant of $F$ and its partial derivative with respect to $Y$. To this aim, we use a divide and conquer strategy and replace univariate factorization by dynamic evaluation. As a first main corollary, we compute the irreducible factors of $F$ in $\mathbb{K}[[X]][Y ]$ up to an arbitrary precision $X^N$ with $\tilde{\mathcal{O}}(D(\delta + N ))$ arithmetic operations. As a second main corollary, we compute the genus of the plane curve defined by $F$ with $\tilde{\mathcal{O}}(D^3)$ arithmetic operations and, if $\mathbb{K} = \mathbb{Q}$, with $\tilde{\mathcal{O}}((h+1)D^3)$ bit operations using a probabilistic algorithm, where $h$ is the logarithmic heigth of $F$.Comment: 27 pages, 2 figure

A Tropical F5 algorithm

Let K be a field equipped with a valuation. Tropical varieties over K can be defined with a theory of Gr{\"o}bner bases taking into account the valuation of K. While generalizing the classical theory of Gr{\"o}bner bases, it is not clear how modern algorithms for computing Gr{\"o}bner bases can be adapted to the tropical case. Among them, one of the most efficient is the celebrated F5 Algorithm of Faug{\`e}re. In this article, we prove that, for homogeneous ideals, it can be adapted to the tropical case. We prove termination and correctness. Because of the use of the valuation, the theory of tropical Gr{\"o}b-ner bases is promising for stable computations over polynomial rings over a p-adic field. We provide numerical examples to illustrate time-complexity and p-adic stability of this tropical F5 algorithm

Fast Arithmetics in Artin-Schreier Towers over Finite Fields

An Artin-Schreier tower over the finite field F_p is a tower of field extensions generated by polynomials of the form X^p - X - a. Following Cantor and Couveignes, we give algorithms with quasi-linear time complexity for arithmetic operations in such towers. As an application, we present an implementation of Couveignes' algorithm for computing isogenies between elliptic curves using the p-torsion.Comment: 28 pages, 4 figures, 3 tables, uses mathdots.sty, yjsco.sty Submitted to J. Symb. Compu

Decoding Generalized Reed-Solomon Codes and Its Application to RLCE Encryption Schemes

This paper compares the efficiency of various algorithms for implementing quantum resistant public key encryption scheme RLCE on 64-bit CPUs. By optimizing various algorithms for polynomial and matrix operations over finite fields, we obtained several interesting (or even surprising) results. For example, it is well known (e.g., Moenck 1976 \cite{moenck1976practical}) that Karatsuba's algorithm outperforms classical polynomial multiplication algorithm from the degree 15 and above (practically, Karatsuba's algorithm only outperforms classical polynomial multiplication algorithm from the degree 35 and above ). Our experiments show that 64-bit optimized Karatsuba's algorithm will only outperform 64-bit optimized classical polynomial multiplication algorithm for polynomials of degree 115 and above over finite field $GF(2^{10})$. The second interesting (surprising) result shows that 64-bit optimized Chien's search algorithm ourperforms all other 64-bit optimized polynomial root finding algorithms such as BTA and FFT for polynomials of all degrees over finite field $GF(2^{10})$. The third interesting (surprising) result shows that 64-bit optimized Strassen matrix multiplication algorithm only outperforms 64-bit optimized classical matrix multiplication algorithm for matrices of dimension 750 and above over finite field $GF(2^{10})$. It should be noted that existing literatures and practices recommend Strassen matrix multiplication algorithm for matrices of dimension 40 and above. All our experiments are done on a 64-bit MacBook Pro with i7 CPU and single thread C codes. It should be noted that the reported results should be appliable to 64 or larger bits CPU architectures. For 32 or smaller bits CPUs, these results may not be applicable. The source code and library for the algorithms covered in this paper are available at http://quantumca.org/