29 research outputs found

    On the complexity of computing Gr\"obner bases for weighted homogeneous systems

    Get PDF
    Solving polynomial systems arising from applications is frequently made easier by the structure of the systems. Weighted homogeneity (or quasi-homogeneity) is one example of such a structure: given a system of weights W=(w_1,,w_n)W=(w\_{1},\dots,w\_{n}), WW-homogeneous polynomials are polynomials which are homogeneous w.r.t the weighted degree deg_W(X_1α_1,,X_nα_n)=w_iα_i\deg\_{W}(X\_{1}^{\alpha\_{1}},\dots,X\_{n}^{\alpha\_{n}}) = \sum w\_{i}\alpha\_{i}. Gr\"obner bases for weighted homogeneous systems can be computed by adapting existing algorithms for homogeneous systems to the weighted homogeneous case. We show that in this case, the complexity estimate for Algorithm~\F5 \left(\binom{n+\dmax-1}{\dmax}^{\omega}\right) can be divided by a factor (w_i)ω\left(\prod w\_{i} \right)^{\omega}. For zero-dimensional systems, the complexity of Algorithm~\FGLM nDωnD^{\omega} (where DD is the number of solutions of the system) can be divided by the same factor (w_i)ω\left(\prod w\_{i} \right)^{\omega}. Under genericity assumptions, for zero-dimensional weighted homogeneous systems of WW-degree (d_1,,d_n)(d\_{1},\dots,d\_{n}), these complexity estimates are polynomial in the weighted B\'ezout bound _i=1nd_i/_i=1nw_i\prod\_{i=1}^{n}d\_{i} / \prod\_{i=1}^{n}w\_{i}. Furthermore, the maximum degree reached in a run of Algorithm \F5 is bounded by the weighted Macaulay bound (d_iw_i)+w_n\sum (d\_{i}-w\_{i}) + w\_{n}, and this bound is sharp if we can order the weights so that w_n=1w\_{n}=1. For overdetermined semi-regular systems, estimates from the homogeneous case can be adapted to the weighted case. We provide some experimental results based on systems arising from a cryptography problem and from polynomial inversion problems. They show that taking advantage of the weighted homogeneous structure yields substantial speed-ups, and allows us to solve systems which were otherwise out of reach

    A Combinatorial Commutative Algebra Approach to Complete Decoding

    Get PDF
    Esta tesis pretende explorar el nexo de unión que existe entre la estructura algebraica de un código lineal y el proceso de descodificación completa. Sabemos que el proceso de descodificación completa para códigos lineales arbitrarios es NP-completo, incluso si se admite preprocesamiento de los datos. Nuestro objetivo es realizar un análisis algebraico del proceso de la descodificación, para ello asociamos diferentes estructuras matemáticas a ciertas familias de códigos. Desde el punto de vista computacional, nuestra descripción no proporciona un algoritmo eficiente pues nos enfrentamos a un problema de naturaleza NP. Sin embargo, proponemos algoritmos alternativos y nuevas técnicas que permiten relajar las condiciones del problema reduciendo los recursos de espacio y tiempo necesarios para manejar dicha estructura algebraica.Departamento de Algebra, Geometría y Topologí

    A lattice formulation of the F4 completion procedure

    Get PDF
    We write a procedure for constructing noncommutative Groebner bases. Reductions are done by particular linear projectors, called reduction operators. The operators enable us to use a lattice construction to reduce simultaneously each S-polynomial into a unique normal form. We write an implementation as well as an example to illustrate our procedure. Moreover, the lattice construction is done by Gaussian elimination, which relates our procedure to the F4 algorithm for constructing commutative Groebner bases

    Gröbner Basis over Semigroup Algebras: Algorithms and Applications for Sparse Polynomial Systems

    Get PDF
    International audienceGröbner bases is one the most powerful tools in algorithmic non-linear algebra. Their computation is an intrinsically hard problem with a complexity at least single exponential in the number of variables. However, in most of the cases, the polynomial systems coming from applications have some kind of structure. For example , several problems in computer-aided design, robotics, vision, biology , kinematics, cryptography, and optimization involve sparse systems where the input polynomials have a few non-zero terms. Our approach to exploit sparsity is to embed the systems in a semigroup algebra and to compute Gröbner bases over this algebra. Up to now, the algorithms that follow this approach benefit from the sparsity only in the case where all the polynomials have the same sparsity structure, that is the same Newton polytope. We introduce the first algorithm that overcomes this restriction. Under regularity assumptions, it performs no redundant computations. Further, we extend this algorithm to compute Gröbner basis in the standard algebra and solve sparse polynomials systems over the torus (C)n(C^*)^n. The complexity of the algorithm depends on the Newton polytopes

    A polyhedral approach to computing border bases

    Full text link
    Border bases can be considered to be the natural extension of Gr\"obner bases that have several advantages. Unfortunately, to date the classical border basis algorithm relies on (degree-compatible) term orderings and implicitly on reduced Gr\"obner bases. We adapt the classical border basis algorithm to allow for calculating border bases for arbitrary degree-compatible order ideals, which is \emph{independent} from term orderings. Moreover, the algorithm also supports calculating degree-compatible order ideals with \emph{preference} on contained elements, even though finding a preferred order ideal is NP-hard. Effectively we retain degree-compatibility only to successively extend our computation degree-by-degree. The adaptation is based on our polyhedral characterization: order ideals that support a border basis correspond one-to-one to integral points of the order ideal polytope. This establishes a crucial connection between the ideal and the combinatorial structure of the associated factor spaces

    The Point Decomposition Problem over Hyperelliptic Curves: toward efficient computations of Discrete Logarithms in even characteristic

    Get PDF
    International audienceComputing discrete logarithms is generically a difficult problem. For divisor class groups of curves defined over extension fields, a variant of the Index-Calculus called Decomposition attack is used, and it can be faster than generic approaches. In this situation, collecting the relations is done by solving multiple instances of the Point m-Decomposition Problem (PDPm_m). An instance of this problem can be modelled as a zero-dimensional polynomial system. Solving is done with Gröbner bases algorithms, where the number of solutions of the system is a good indicator for the time complexity of the solving process. For systems arising from a PDPm_m context, this number grows exponentially fast with the extension degree. To achieve an efficient harvesting, this number must be reduced as much as as possible. Extending the elliptic case, we introduce a notion of Summation Ideals to describe PDP m instances over higher genus curves, and compare to Nagao's general approach to PDPm_m solving. In even characteristic we obtain reductions of the number of solutions for both approaches, depending on the curve's equation. In the best cases, for a hyperelliptic curve of genus gg, we can divide the number of solutions by 2(n1)(g+1)2^{(n−1)(g+1)}. For instance, for a type II genus 2 curve defined over F293\mathbb{F}_{2^{93}} whose divisor class group has cardinality a near-prime 184 bits integer, the number of solutions is reduced from 4096 to 64. This is enough to build the matrix of relations in around 7 days with 8000 cores using a dedicated implementation

    A survey on signature-based Gr\"obner basis computations

    Full text link
    This paper is a survey on the area of signature-based Gr\"obner basis algorithms that was initiated by Faug\`ere's F5 algorithm in 2002. We explain the general ideas behind the usage of signatures. We show how to classify the various known variants by 3 different orderings. For this we give translations between different notations and show that besides notations many approaches are just the same. Moreover, we give a general description of how the idea of signatures is quite natural when performing the reduction process using linear algebra. This survey shall help to outline this field of active research.Comment: 53 pages, 8 figures, 11 table

    Arion: Arithmetization-Oriented Permutation and Hashing from Generalized Triangular Dynamical Systems

    Full text link
    In this paper we propose the (keyed) permutation Arion and the hash function ArionHash over Fp\mathbb{F}_p for odd and particularly large primes. The design of Arion is based on the newly introduced Generalized Triangular Dynamical System (GTDS), which provides a new algebraic framework for constructing (keyed) permutation using polynomials over a finite field. At round level Arion is the first design which is instantiated using the new GTDS. We provide extensive security analysis of our construction including algebraic cryptanalysis (e.g. interpolation and Groebner basis attacks) that are particularly decisive in assessing the security of permutations and hash functions over Fp\mathbb{F}_p. From a application perspective, ArionHash is aimed for efficient implementation in zkSNARK protocols and Zero-Knowledge proof systems. For this purpose, we exploit that CCZ-equivalence of graphs can lead to a more efficient implementation of Arithmetization-Oriented primitives. We compare the efficiency of ArionHash in R1CS and Plonk settings with other hash functions such as Poseidon, Anemoi and Griffin. For demonstrating the practical efficiency of ArionHash we implemented it with the zkSNARK libraries libsnark and Dusk Network Plonk. Our result shows that ArionHash is significantly faster than Poseidon - a hash function designed for zero-knowledge proof systems. We also found that an aggressive version of ArionHash is considerably faster than Anemoi and Griffin in a practical zkSNARK setting

    Fast Reduction of Bivariate Polynomials with Respect to Sufficiently Regular Gröbner Bases

    Get PDF
    International audienc
    corecore