Stronger bounds on the cost of computing Groebner bases for HFE systems

We give upper bounds for the solving degree and the last fall degree of the polynomial system associated to the HFE (Hidden Field Equations) cryptosystem. Our bounds improve the known bounds for this type of systems. We also present new results on the connection between the solving degree and the last fall degree and prove that, in some cases, the solving degree is independent of coordinate changes.Comment: 15 page

On the first fall degree of summation polynomials

We improve on the first fall degree bound of polynomial systems that arise from a Weil descent along Semaev's summation polynomials relevant to the solution of the Elliptic Curve Discrete Logarithm Problem via Gr\"obner basis algorithms.Comment: 12 pages, fina

Last fall degree, HFE, and Weil descent attacks on ECDLP

Weil descent methods have recently been applied to attack the Hidden Field Equation (HFE) public key systems and solve the elliptic curve discrete logarithm problem (ECDLP) in small characteristic. However the claims of quasi-polynomial time attacks on the HFE systems and the subexponential time algorithm for the ECDLP depend on various heuristic assumptions. In this paper we introduce the notion of the last fall degree of a polynomial system, which is independent of choice of a monomial order. We then develop complexity bounds on solving polynomial systems based on this last fall degree. We prove that HFE systems have a small last fall degree, by showing that one can do division with remainder after Weil descent. This allows us to solve HFE systems unconditionally in polynomial time if the degree of the defining polynomial and the cardinality of the base field are fixed. For the ECDLP over a finite field of characteristic 2, we provide computational evidence that raises doubt on the validity of the first fall degree assumption, which was widely adopted in earlier works and which promises sub-exponential algorithms for ECDLP. In addition, we construct a Weil descent system from a set of summation polynomials in which the first fall degree assumption is unlikely to hold. These examples suggest that greater care needs to be exercised when applying this heuristic assumption to arrive at complexity estimates. These results taken together underscore the importance of rigorously bounding last fall degrees of Weil descent systems, which remains an interesting but challenging open problem

On a Canonical Quantization of 3D Anti de Sitter Pure Gravity

We perform a canonical quantization of pure gravity on AdS3 using as a technical tool its equivalence at the classical level with a Chern-Simons theory with gauge group SL(2,R)xSL(2,R). We first quantize the theory canonically on an asymptotically AdS space --which is topologically the real line times a Riemann surface with one connected boundary. Using the "constrain first" approach we reduce canonical quantization to quantization of orbits of the Virasoro group and Kaehler quantization of Teichmuller space. After explicitly computing the Kaehler form for the torus with one boundary component and after extending that result to higher genus, we recover known results, such as that wave functions of SL(2,R) Chern-Simons theory are conformal blocks. We find new restrictions on the Hilbert space of pure gravity by imposing invariance under large diffeomorphisms and normalizability of the wave function. The Hilbert space of pure gravity is shown to be the target space of Conformal Field Theories with continuous spectrum and a lower bound on operator dimensions. A projection defined by topology changing amplitudes in Euclidean gravity is proposed. It defines an invariant subspace that allows for a dual interpretation in terms of a Liouville CFT. Problems and features of the CFT dual are assessed and a new definition of the Hilbert space, exempt from those problems, is proposed in the case of highly-curved AdS3.Comment: 61 pages, 7 figures. Minor misprints corrected, text in sections 1.3 and 5.4 clarified; version accepted for publication in JHEP. The first version was released jointly with arXiv:1508.04079 [hep-th

Abelian Surfaces over totally real fields are Potentially Modular

We show that abelian surfaces (and consequently curves of genus 2) over totally real fields are potentially modular. As a consequence, we obtain the expected meromorphic continuation and functional equations of their Hasse--Weil zeta functions. We furthermore show the modularity of infinitely many abelian surfaces A over Q with End_C(A)=Z. We also deduce modularity and potential modularity results for genus one curves over (not necessarily CM) quadratic extensions of totally real fields.Comment: 285 page