A multistep strategy for polynomial system solving over finite fields and a new algebraic attack on the stream cipher Trivium

In this paper we introduce a multistep generalization of the guess-and-determine or hybrid strategy for solving a system of multivariate polynomial equations over a finite field. In particular, we propose performing the exhaustive evaluation of a subset of variables stepwise, that is, by incrementing the size of such subset each time that an evaluation leads to a polynomial system which is possibly unfeasible to solve. The decision about which evaluation to extend is based on a preprocessing consisting in computing an incomplete Grobner basis after the current evaluation, which possibly generates linear polynomials that are used to eliminate further variables. If the number of remaining variables in the system is deemed still too high, the evaluation is extended and the preprocessing is iterated. Otherwise, we solve the system by a Grobner basis computation. Having in mind cryptanalytic applications, we present an implementation of this strategy in an algorithm called MultiSolve which is designed for polynomial systems having at most one solution. We prove explicit formulas for its complexity which are based on probability distributions that can be easily estimated by performing the proposed preprocessing on a testset of evaluations for different subsets of variables. We prove that an optimal complexity of MultiSolve is achieved by using a full multistep strategy with a maximum number of steps and in turn the classical guess-and-determine strategy, which essentially is a strategy consisting of a single step, is the worst choice. Finally, we extensively study the behaviour of MultiSolve when performing an algebraic attack on the well-known stream cipher Trivium

A New Method for Geometric Interpretation of Elliptic Curve Discrete Logarithm Problem

In this paper, we intend to study the geometric meaning of the discrete logarithm problem defined over an Elliptic Curve. The key idea is to reduce the Elliptic Curve Discrete Logarithm Problem (EC-DLP) into a system of equations. These equations arise from the interesection of quadric hypersurfaces in an affine space of lower dimension. In cryptography, this interpretation can be used to design attacks on EC-DLP. Presently, the best known attack algorithm having a sub-exponential time complexity is through the implementation of Summation Polynomials and Weil Descent. It is expected that the proposed geometric interpretation can result in faster reduction of the problem into a system of equations. These overdetermined system of equations are hard to solve. We have used F4 (Faugere) algorithms and got results for primes less than 500,000. Quantum Algorithms can expedite the process of solving these over-determined system of equations. In the absence of fast algorithms for computing summation polynomials, we expect that this could be an alternative. We do not claim that the proposed algorithm would be faster than Shor's algorithm for breaking EC-DLP but this interpretation could be a candidate as an alternative to the 'summation polynomial attack' in the post-quantum era

Fast algorithm for border bases of Artinian Gorenstein algebras

Given a multi-index sequence $$\sigma$$, we present a new efficient algorithm to compute generators of the linear recurrence relations between the terms of $$\sigma$$. We transform this problem into an algebraic one, by identifying multi-index sequences, multivariate formal power series and linear functionals on the ring of multivariate polynomials. In this setting, the recurrence relations are the elements of the kerne l$I$\sigma of the Hankel operator $H$\sigma associated to $$\sigma$$. We describe the correspondence between multi-index sequences with a Hankel operator of finite rank and Artinian Gorenstein Algebras. We show how the algebraic structure of the Artinian Gorenstein algebra $A$\sigma$$associated to the sequence$$\sigma yields the structure of the terms $\sigma\alpha$for all$$\alpha$ $\in$ N n$. This structure is explicitly given by a border basis of$A$\sigma$$, which is presented as a quotient of the polynomial ring$K[x 1 ,. .. , xn$] by the kernel$I$\sigma$$of the Hankel operator$H$\sigma$$. The algorithm provides generators of$I$\sigma$$constituting a border basis, pairwise orthogonal bases of$A$\sigma$$ and the tables of multiplication by the variables in these bases. It is an extension of Berlekamp-Massey-Sakata (BMS) algorithm, with improved complexity bounds. We present applications of the method to different problems such as the decomposition of functions into weighted sums of exponential functions, sparse interpolation, fast decoding of algebraic codes, computing the vanishing ideal of points, and tensor decomposition. Some benchmarks illustrate the practical behavior of the algorithm

Algebraic geometry in experimental design and related fields

The thesis is essentially concerned with two subjects corresponding to the two grants under which the author was research assistant in the last three years. The one presented first, which cronologically comes second, addresses the issues of iden- tifiability for polynomial models via algebraic geometry and leads to a deeper understanding of the classical theory. For example the very recent introduction of the idea of the fan of an experimental design gives a maximal class of models identifiable with a given design. The second area develops a theory of optimum orthogonal fractions for Fourier regression models based on integer lattice designs. These provide alternatives to product designs. For particular classes of Fourier models with a given number of interactions the focus is on the study of orthogonal designs with attention given to complexity issues as the dimension of the model increases. Thus multivariate identifiability is the field of concern of the thesis. A major link between these two parts is given by Part III where the algebraic approach to identifiability is extended to Fourier models and lattice designs. The approach is algorithmic and algorithms to deal with the various issues are to be found throughout the thesis. Both the application of algebraic geometry and computer algebra in statistics and the analysis of orthogonal fractions for Fourier models are new and rapidly growing fields. See for example the work by Koval and Schwabe (1997) [42] on qualitative Fourier models, Shi and Fang (1995) [67] on ¿/-designs for Fourier regression and Dette and Haller (1997) [25] on one-dimensional incomplete Fourier models. For algebraic geometry in experimental design see Fontana, Pistone and Rogantin (1997) [31] on two-level orthogonal fractions, Caboara and Robbiano (1997) [15] on the inversion problem and Robbiano and Rogantin (1997) [61] on distracted fractions. The only previous extensive application of algebraic geometry in statistics is the work of Diaconis and Sturmfels (1993) [27] on sampling from conditional distributions

An Integration of FDI and DX Techniques for Determining the Minimal Diagnosis in an Automatic Way

Two communities work in parallel in model-based diagnosis: FDI and DX. In this work an integration of the FDI and the DX communities is proposed. Only relevant information for the identification of the minimal diagnosis is used. In the first step, the system is divided into clusters of components, and each cluster is separated into nodes. The minimal and necessary set of contexts is then obtained for each cluster. These two steps automatically reduce the computational complexity since only the essential contexts are generated. In the last step, a signature matrix and a set of rules are used in order to obtain the minimal diagnosis. The evaluation of the signature matrix is on-line, the rest of the process is totally off-line.Ministerio de Ciencia y Tecnología DPI2003-07146-C02-0

Lazy exact real computation

EThOS - Electronic Theses Online ServiceGBUnited Kingdo