29 research outputs found
On the complexity of computing Gr\"obner bases for weighted homogeneous systems
Solving polynomial systems arising from applications is frequently made
easier by the structure of the systems. Weighted homogeneity (or
quasi-homogeneity) is one example of such a structure: given a system of
weights , -homogeneous polynomials are polynomials
which are homogeneous w.r.t the weighted degree
. Gr\"obner bases for weighted homogeneous systems can be
computed by adapting existing algorithms for homogeneous systems to the
weighted homogeneous case. We show that in this case, the complexity estimate
for Algorithm~\F5 \left(\binom{n+\dmax-1}{\dmax}^{\omega}\right) can be
divided by a factor . For zero-dimensional
systems, the complexity of Algorithm~\FGLM (where is the
number of solutions of the system) can be divided by the same factor
. Under genericity assumptions, for
zero-dimensional weighted homogeneous systems of -degree
, these complexity estimates are polynomial in the
weighted B\'ezout bound .
Furthermore, the maximum degree reached in a run of Algorithm \F5 is bounded by
the weighted Macaulay bound , and this bound is
sharp if we can order the weights so that . For overdetermined
semi-regular systems, estimates from the homogeneous case can be adapted to the
weighted case. We provide some experimental results based on systems arising
from a cryptography problem and from polynomial inversion problems. They show
that taking advantage of the weighted homogeneous structure yields substantial
speed-ups, and allows us to solve systems which were otherwise out of reach
A Combinatorial Commutative Algebra Approach to Complete Decoding
Esta tesis pretende explorar el nexo de unión que existe entre la estructura algebraica de un código lineal y el proceso de descodificación completa. Sabemos que el proceso de descodificación completa para códigos lineales arbitrarios es NP-completo, incluso si se admite preprocesamiento de los datos. Nuestro objetivo es realizar un análisis algebraico del proceso de la descodificación, para ello asociamos diferentes estructuras matemáticas a ciertas familias de códigos. Desde el punto de vista computacional, nuestra descripción no proporciona un algoritmo eficiente pues nos enfrentamos a un problema de naturaleza NP. Sin embargo, proponemos algoritmos alternativos y nuevas técnicas que permiten relajar las condiciones del problema reduciendo los recursos de espacio y tiempo necesarios para manejar dicha estructura algebraica.Departamento de Algebra, Geometría y Topologí
A lattice formulation of the F4 completion procedure
We write a procedure for constructing noncommutative Groebner bases.
Reductions are done by particular linear projectors, called reduction
operators. The operators enable us to use a lattice construction to reduce
simultaneously each S-polynomial into a unique normal form. We write an
implementation as well as an example to illustrate our procedure. Moreover, the
lattice construction is done by Gaussian elimination, which relates our
procedure to the F4 algorithm for constructing commutative Groebner bases
Gröbner Basis over Semigroup Algebras: Algorithms and Applications for Sparse Polynomial Systems
International audienceGröbner bases is one the most powerful tools in algorithmic non-linear algebra. Their computation is an intrinsically hard problem with a complexity at least single exponential in the number of variables. However, in most of the cases, the polynomial systems coming from applications have some kind of structure. For example , several problems in computer-aided design, robotics, vision, biology , kinematics, cryptography, and optimization involve sparse systems where the input polynomials have a few non-zero terms. Our approach to exploit sparsity is to embed the systems in a semigroup algebra and to compute Gröbner bases over this algebra. Up to now, the algorithms that follow this approach benefit from the sparsity only in the case where all the polynomials have the same sparsity structure, that is the same Newton polytope. We introduce the first algorithm that overcomes this restriction. Under regularity assumptions, it performs no redundant computations. Further, we extend this algorithm to compute Gröbner basis in the standard algebra and solve sparse polynomials systems over the torus . The complexity of the algorithm depends on the Newton polytopes
A polyhedral approach to computing border bases
Border bases can be considered to be the natural extension of Gr\"obner bases
that have several advantages. Unfortunately, to date the classical border basis
algorithm relies on (degree-compatible) term orderings and implicitly on
reduced Gr\"obner bases. We adapt the classical border basis algorithm to allow
for calculating border bases for arbitrary degree-compatible order ideals,
which is \emph{independent} from term orderings. Moreover, the algorithm also
supports calculating degree-compatible order ideals with \emph{preference} on
contained elements, even though finding a preferred order ideal is NP-hard.
Effectively we retain degree-compatibility only to successively extend our
computation degree-by-degree. The adaptation is based on our polyhedral
characterization: order ideals that support a border basis correspond
one-to-one to integral points of the order ideal polytope. This establishes a
crucial connection between the ideal and the combinatorial structure of the
associated factor spaces
The Point Decomposition Problem over Hyperelliptic Curves: toward efficient computations of Discrete Logarithms in even characteristic
International audienceComputing discrete logarithms is generically a difficult problem. For divisor class groups of curves defined over extension fields, a variant of the Index-Calculus called Decomposition attack is used, and it can be faster than generic approaches. In this situation, collecting the relations is done by solving multiple instances of the Point m-Decomposition Problem (PDP). An instance of this problem can be modelled as a zero-dimensional polynomial system. Solving is done with Gröbner bases algorithms, where the number of solutions of the system is a good indicator for the time complexity of the solving process. For systems arising from a PDP context, this number grows exponentially fast with the extension degree. To achieve an efficient harvesting, this number must be reduced as much as as possible. Extending the elliptic case, we introduce a notion of Summation Ideals to describe PDP m instances over higher genus curves, and compare to Nagao's general approach to PDP solving. In even characteristic we obtain reductions of the number of solutions for both approaches, depending on the curve's equation. In the best cases, for a hyperelliptic curve of genus , we can divide the number of solutions by . For instance, for a type II genus 2 curve defined over whose divisor class group has cardinality a near-prime 184 bits integer, the number of solutions is reduced from 4096 to 64. This is enough to build the matrix of relations in around 7 days with 8000 cores using a dedicated implementation
A survey on signature-based Gr\"obner basis computations
This paper is a survey on the area of signature-based Gr\"obner basis
algorithms that was initiated by Faug\`ere's F5 algorithm in 2002. We explain
the general ideas behind the usage of signatures. We show how to classify the
various known variants by 3 different orderings. For this we give translations
between different notations and show that besides notations many approaches are
just the same. Moreover, we give a general description of how the idea of
signatures is quite natural when performing the reduction process using linear
algebra. This survey shall help to outline this field of active research.Comment: 53 pages, 8 figures, 11 table
Arion: Arithmetization-Oriented Permutation and Hashing from Generalized Triangular Dynamical Systems
In this paper we propose the (keyed) permutation Arion and the hash function
ArionHash over for odd and particularly large primes. The design
of Arion is based on the newly introduced Generalized Triangular Dynamical
System (GTDS), which provides a new algebraic framework for constructing
(keyed) permutation using polynomials over a finite field. At round level Arion
is the first design which is instantiated using the new GTDS. We provide
extensive security analysis of our construction including algebraic
cryptanalysis (e.g. interpolation and Groebner basis attacks) that are
particularly decisive in assessing the security of permutations and hash
functions over . From a application perspective, ArionHash is
aimed for efficient implementation in zkSNARK protocols and Zero-Knowledge
proof systems. For this purpose, we exploit that CCZ-equivalence of graphs can
lead to a more efficient implementation of Arithmetization-Oriented primitives.
We compare the efficiency of ArionHash in R1CS and Plonk settings with other
hash functions such as Poseidon, Anemoi and Griffin. For demonstrating the
practical efficiency of ArionHash we implemented it with the zkSNARK libraries
libsnark and Dusk Network Plonk. Our result shows that ArionHash is
significantly faster than Poseidon - a hash function designed for
zero-knowledge proof systems. We also found that an aggressive version of
ArionHash is considerably faster than Anemoi and Griffin in a practical zkSNARK
setting
Fast Reduction of Bivariate Polynomials with Respect to Sufficiently Regular Gröbner Bases
International audienc