Fast computation of power series solutions of systems of differential equations

We propose new algorithms for the computation of the first N terms of a vector (resp. a basis) of power series solutions of a linear system of differential equations at an ordinary point, using a number of arithmetic operations which is quasi-linear with respect to N. Similar results are also given in the non-linear case. This extends previous results obtained by Brent and Kung for scalar differential equations of order one and two

Some remarks on multiplicity codes

Multiplicity codes are algebraic error-correcting codes generalizing classical polynomial evaluation codes, and are based on evaluating polynomials and their derivatives. This small augmentation confers upon them better local decoding, list-decoding and local list-decoding algorithms than their classical counterparts. We survey what is known about these codes, present some variations and improvements, and finally list some interesting open problems.Comment: 21 pages in Discrete Geometry and Algebraic Combinatorics, AMS Contemporary Mathematics Series, 201

Symmetric Subresultants and Applications

Schur's transforms of a polynomial are used to count its roots in the unit disk. These are generalized them by introducing the sequence of symmetric sub-resultants of two polynomials. Although they do have a determinantal definition, we show that they satisfy a structure theorem which allows us to compute them with a type of Euclidean division. As a consequence, a fast algorithm based on a dichotomic process and FFT is designed. We prove also that these symmetric sub-resultants have a deep link with Toeplitz matrices. Finally, we propose a new algorithm of inversion for such matrices. It has the same cost as those already known, however it is fraction-free and consequently well adapted to computer algebra

Quasi-GCD computations

AbstractFor univariate polynomials with real or complex coefficients and a given error bound ϵ > 0, h is called a quasi-gcd of f and g, if h is an ϵ-approximate divisor of f and of g and if any (exact) common divisor of f, g is an approximate divisor of h. Extended quasi-gcd computation means to find such h and additional cofactors u, ν such that | uf + νg − h | < ϵ | h | holds. Suitable “pivoting” leads to a numerically stable version of Euclid's algorithm for solving this task. Further refinements by a divide-and-conquer technique and by means of fast algorithms for polynomial arithmetic then yield the worst case upper bound O(n2 lg n(lg(1/ϵ) + n lg n)) of “pointer time” for nth-degree polynomials. In the particular case of integer polynomials, however, an immediate reduction to fast integer gcd computation is recommended, instead

Related Message Attacks to Public Key Encryption Schemes: Relations among Security Notions

Consider a scenario in which an adversary, attacking a certain public key encryption scheme, gains knowledge of several ciphertexts which underlying plaintext are meaningfully related with a given target ciphertext. This kind of related message attack has been proved successful against several public key encryption schemes; widely known is the Franklin-Reiter attack to RSA with low exponent and its subsequent improvement by Coppersmith. However, to the best of our knowledge no formal treatment of these type of attacks has to date been done, and as a result, it has not been rigorously studied which of the ``standard\u27\u27 security notions imply resilience to them. We give formal definitions of several security notions capturing the resistance to this kind of attacks. For passive adversaries we prove that, for the case of indistinguishability, security against related message attacks is equivalent to standard CPA security. On the other hand, one-wayness robust schemes in this sense can be seen as strictly between OW-CPA and IND-CPA secure schemes. Furthermore, we prove that the same holds for active (CCA) adversaries

Faster computation of isogenies of large prime degree

International audienceLet $\mathcal{E}/\mathbb{F}_q$ be an elliptic curve, and $P$ a point in $\mathcal{E}(\mathbb{F}_q)$ of prime order $\ell$.Vélu's formulae let us compute a quotient curve $\mathcal{E}' = \mathcal{E}/\langle{P}\rangle$ and rational maps defining a quotient isogeny $\phi: \mathcal{E} \to \mathcal{E}'$ in $\tilde{O}(\ell)$ $\mathbb{F}_q$-operations, where the $\tilde{O}$ is uniform in $q$.This article shows how to compute $\mathcal{E}'$, and $\phi(Q)$ for $Q$ in $\mathcal{E}(\mathbb{F}_q)$, using only $\tilde{O}(\sqrt{\ell})$ $\mathbb{F}_q$-operations, where the $\tilde{O}$ is again uniform in $q$.As an application, this article speeds up some computations used in the isogeny-based cryptosystems CSIDH and CSURF

Fast norm computation in smooth-degree Abelian number fields

This paper presents a fast method to compute algebraic norms of integral elements of smooth-degree cyclotomic fields, and, more generally, smooth-degree Galois number fields with commutative Galois groups. The typical scenario arising in $S$-unit searches (for, e.g., class-group computation) is computing a $\Theta(n\log n)$-bit norm of an element of weight $n^{1/2+o(1)}$ in a degree-$n$ field; this method then uses $n(\log n)^{3+o(1)}$ bit operations. An $n(\log n)^{O(1)}$ operation count was already known in two easier special cases: norms from power-of-2 cyclotomic fields via towers of power-of-2 cyclotomic subfields, and norms from multiquadratic fields via towers of multiquadratic subfields. This paper handles more general Abelian fields by identifying tower-compatible integral bases supporting fast multiplication; in particular, there is a synergy between tower-compatible Gauss-period integral bases and a fast-multiplication idea from Rader. As a baseline, this paper also analyzes various standard norm-computation techniques that apply to arbitrary number fields, concluding that all of these techniques use at least $n^2(\log n)^{2+o(1)}$ bit operations in the same scenario, even with fast subroutines for continued fractions and for complex FFTs. Compared to this baseline, algorithms dedicated to smooth-degree Abelian fields find each norm $n/(\log n)^{1+o(1)}$ times faster, and finish norm computations inside $S$-unit searches $n^2/(\log n)^{1+o(1)}$ times faster

Algorithmes rapides pour les polynômes, séries formelles et matrices

Notes d'un cours dispensé aux Journées Nationales du Calcul Formel 2010International audienceLe calcul formel calcule des objets mathématiques exacts. Ce cours explore deux directions : la calculabilité et la complexité. La calculabilité étudie les classes d'objets mathématiques sur lesquelles des réponses peuvent être obtenues algorithmiquement. La complexité donne ensuite des outils pour comparer des algorithmes du point de vue de leur efficacité. Ce cours passe en revue l'algorithmique efficace sur les objets fondamentaux que sont les entiers, les polynômes, les matrices, les séries et les solutions d'équations différentielles ou de récurrences linéaires. On y montre que de nombreuses questions portant sur ces objets admettent une réponse en complexité (quasi-)optimale, en insistant sur les principes généraux de conception d'algorithmes efficaces. Ces notes sont dérivées du cours " Algorithmes efficaces en calcul formel " du Master Parisien de Recherche en Informatique (2004-2010), co-écrit avec Frédéric Chyzak, Marc Giusti, Romain Lebreton, Bruno Salvy et Éric Schost. Le support de cours complet est disponible à l'url https://wikimpri.dptinfo.ens-cachan.fr/doku.php?id=cours:c-2-2