Point compression for the trace zero subgroup over a small degree extension field

Using Semaev's summation polynomials, we derive a new equation for the $\mathbb{F}_q$-rational points of the trace zero variety of an elliptic curve defined over $\mathbb{F}_q$. Using this equation, we produce an optimal-size representation for such points. Our representation is compatible with scalar multiplication. We give a point compression algorithm to compute the representation and a decompression algorithm to recover the original point (up to some small ambiguity). The algorithms are efficient for trace zero varieties coming from small degree extension fields. We give explicit equations and discuss in detail the practically relevant cases of cubic and quintic field extensions.Comment: 23 pages, to appear in Designs, Codes and Cryptograph

Construction of self-dual normal bases and their complexity

Recent work of Pickett has given a construction of self-dual normal bases for extensions of finite fields, whenever they exist. In this article we present these results in an explicit and constructive manner and apply them, through computer search, to identify the lowest complexity of self-dual normal bases for extensions of low degree. Comparisons to similar searches amongst normal bases show that the lowest complexity is often achieved from a self-dual normal basis

Polynomial-Time Algorithms for Quadratic Isomorphism of Polynomials: The Regular Case

Let $\mathbf{f}=(f\_1,\ldots,f\_m)$ and $\mathbf{g}=(g\_1,\ldots,g\_m)$ be two sets of $m\geq 1$ nonlinear polynomials over $\mathbb{K}[x\_1,\ldots,x\_n]$ ($\mathbb{K}$ being a field). We consider the computational problem of finding -- if any -- an invertible transformation on the variables mapping $\mathbf{f}$ to $\mathbf{g}$. The corresponding equivalence problem is known as {\tt Isomorphism of Polynomials with one Secret} ({\tt IP1S}) and is a fundamental problem in multivariate cryptography. The main result is a randomized polynomial-time algorithm for solving {\tt IP1S} for quadratic instances, a particular case of importance in cryptography and somewhat justifying {\it a posteriori} the fact that {\it Graph Isomorphism} reduces to only cubic instances of {\tt IP1S} (Agrawal and Saxena). To this end, we show that {\tt IP1S} for quadratic polynomials can be reduced to a variant of the classical module isomorphism problem in representation theory, which involves to test the orthogonal simultaneous conjugacy of symmetric matrices. We show that we can essentially {\it linearize} the problem by reducing quadratic-{\tt IP1S} to test the orthogonal simultaneous similarity of symmetric matrices; this latter problem was shown by Chistov, Ivanyos and Karpinski to be equivalent to finding an invertible matrix in the linear space $\mathbb{K}^{n \times n}$ of $n \times n$ matrices over $\mathbb{K}$ and to compute the square root in a matrix algebra. While computing square roots of matrices can be done efficiently using numerical methods, it seems difficult to control the bit complexity of such methods. However, we present exact and polynomial-time algorithms for computing the square root in $\mathbb{K}^{n \times n}$ for various fields (including finite fields). We then consider \\#{\tt IP1S}, the counting version of {\tt IP1S} for quadratic instances. In particular, we provide a (complete) characterization of the automorphism group of homogeneous quadratic polynomials. Finally, we also consider the more general {\it Isomorphism of Polynomials} ({\tt IP}) problem where we allow an invertible linear transformation on the variables \emph{and} on the set of polynomials. A randomized polynomial-time algorithm for solving {\tt IP} when $\mathbf{f}=(x\_1^d,\ldots,x\_n^d)$ is presented. From an algorithmic point of view, the problem boils down to factoring the determinant of a linear matrix (\emph{i.e.}\ a matrix whose components are linear polynomials). This extends to {\tt IP} a result of Kayal obtained for {\tt PolyProj}.Comment: Published in Journal of Complexity, Elsevier, 2015, pp.3

A unified gas kinetic scheme for transport and collision effects in plasma

In this study, the Vlasov-Poisson equation with or without collision term for plasma is solved by the unified gas kinetic scheme (UGKS). The Vlasov equation is a differential equation describing time evolution of the distribution function of plasma consisting of charged particles with long-range interaction. The distribution function is discretized in discrete particle velocity space. After the Vlasov equation is integrated in finite volumes of physical space, the numerical flux across a cell interface and source term for particle acceleration are computed to update the distribution function at next time step. The flux is decided by Riemann problem and variation of distribution function in discrete particle velocity space is evaluated with central difference method. A electron-ion collision model is introduced in the Vlasov equation. This finite volume method for the UGKS couples the free transport and long-range interaction between particles. The electric field induced by charged particles is controlled by the Poisson's equation. In this paper, the Poisson's equation is solved using the Green's function for two dimensional plasma system subjected to the symmetry or periodic boundary conditions. Two numerical tests of the linear Landau damping and the Gaussian beam are carried out to validate the proposed method. The linear electron plasma wave damping is simulated based on electron-ion collision operator. Compared with previous methods, it is shown that the current method is able to obtain accurate results of the Vlasov-Poisson equation with a time step much larger than the particle collision time. Highly non-equilibrium and rarefied plasma flows, such as electron flows driven by electromagnetic field, can be simulated easily.Comment: 33 pages, 13 figure