101,368 research outputs found
Computing Small Certificates of Inconsistency of Quadratic Fewnomial Systems
B{\'e}zout 's theorem states that dense generic systems of n multivariate
quadratic equations in n variables have 2 n solutions over algebraically closed
fields. When only a small subset M of monomials appear in the equations
(fewnomial systems), the number of solutions may decrease dramatically. We
focus in this work on subsets of quadratic monomials M such that generic
systems with support M do not admit any solution at all. For these systems,
Hilbert's Nullstellensatz ensures the existence of algebraic certificates of
inconsistency. However, up to our knowledge all known bounds on the sizes of
such certificates -including those which take into account the Newton polytopes
of the polynomials- are exponential in n. Our main results show that if the
inequality 2|M| -- 2n \sqrt 1 + 8{\nu} -- 1 holds for a quadratic
fewnomial system -- where {\nu} is the matching number of a graph associated
with M, and |M| is the cardinality of M -- then there exists generically a
certificate of inconsistency of linear size (measured as the number of
coefficients in the ground field K). Moreover this certificate can be computed
within a polynomial number of arithmetic operations. Next, we evaluate how
often this inequality holds, and we give evidence that the probability that the
inequality is satisfied depends strongly on the number of squares. More
precisely, we show that if M is picked uniformly at random among the subsets of
n + k + 1 quadratic monomials containing at least (n 1/2+)
squares, then the probability that the inequality holds tends to 1 as n grows.
Interestingly, this phenomenon is related with the matching number of random
graphs in the Erd{\"o}s-Renyi model. Finally, we provide experimental results
showing that certificates in inconsistency can be computed for systems with
more than 10000 variables and equations.Comment: ISSAC 2016, Jul 2016, Waterloo, Canada. Proceedings of ISSAC 201
On the Complexity of Solving Quadratic Boolean Systems
A fundamental problem in computer science is to find all the common zeroes of
quadratic polynomials in unknowns over . The
cryptanalysis of several modern ciphers reduces to this problem. Up to now, the
best complexity bound was reached by an exhaustive search in
operations. We give an algorithm that reduces the problem to a combination of
exhaustive search and sparse linear algebra. This algorithm has several
variants depending on the method used for the linear algebra step. Under
precise algebraic assumptions on the input system, we show that the
deterministic variant of our algorithm has complexity bounded by
when , while a probabilistic variant of the Las Vegas type
has expected complexity . Experiments on random systems show
that the algebraic assumptions are satisfied with probability very close to~1.
We also give a rough estimate for the actual threshold between our method and
exhaustive search, which is as low as~200, and thus very relevant for
cryptographic applications.Comment: 25 page
Cryptography from tensor problems
We describe a new proposal for a trap-door one-way function. The new proposal belongs to the "multivariate quadratic" family but the trap-door is different from existing methods, and is simpler
Polynomial-Time Algorithms for Quadratic Isomorphism of Polynomials: The Regular Case
Let and be
two sets of nonlinear polynomials over
( being a field). We consider the computational problem of finding
-- if any -- an invertible transformation on the variables mapping
to . The corresponding equivalence problem is known as {\tt
Isomorphism of Polynomials with one Secret} ({\tt IP1S}) and is a fundamental
problem in multivariate cryptography. The main result is a randomized
polynomial-time algorithm for solving {\tt IP1S} for quadratic instances, a
particular case of importance in cryptography and somewhat justifying {\it a
posteriori} the fact that {\it Graph Isomorphism} reduces to only cubic
instances of {\tt IP1S} (Agrawal and Saxena). To this end, we show that {\tt
IP1S} for quadratic polynomials can be reduced to a variant of the classical
module isomorphism problem in representation theory, which involves to test the
orthogonal simultaneous conjugacy of symmetric matrices. We show that we can
essentially {\it linearize} the problem by reducing quadratic-{\tt IP1S} to
test the orthogonal simultaneous similarity of symmetric matrices; this latter
problem was shown by Chistov, Ivanyos and Karpinski to be equivalent to finding
an invertible matrix in the linear space of matrices over and to compute the square root in a matrix
algebra. While computing square roots of matrices can be done efficiently using
numerical methods, it seems difficult to control the bit complexity of such
methods. However, we present exact and polynomial-time algorithms for computing
the square root in for various fields (including
finite fields). We then consider \\#{\tt IP1S}, the counting version of {\tt
IP1S} for quadratic instances. In particular, we provide a (complete)
characterization of the automorphism group of homogeneous quadratic
polynomials. Finally, we also consider the more general {\it Isomorphism of
Polynomials} ({\tt IP}) problem where we allow an invertible linear
transformation on the variables \emph{and} on the set of polynomials. A
randomized polynomial-time algorithm for solving {\tt IP} when
is presented. From an algorithmic point
of view, the problem boils down to factoring the determinant of a linear matrix
(\emph{i.e.}\ a matrix whose components are linear polynomials). This extends
to {\tt IP} a result of Kayal obtained for {\tt PolyProj}.Comment: Published in Journal of Complexity, Elsevier, 2015, pp.3
- …