60 research outputs found
Matrix-F5 algorithms and tropical Gr\"obner bases computation
Let be a field equipped with a valuation. Tropical varieties over can
be defined with a theory of Gr\"obner bases taking into account the valuation
of . Because of the use of the valuation, this theory is promising for
stable computations over polynomial rings over a -adic fields.We design a
strategy to compute such tropical Gr\"obner bases by adapting the Matrix-F5
algorithm. Two variants of the Matrix-F5 algorithm, depending on how the
Macaulay matrices are built, are available to tropical computation with
respective modifications. The former is more numerically stable while the
latter is faster.Our study is performed both over any exact field with
valuation and some inexact fields like or In the latter case, we track the loss in precision,
and show that the numerical stability can compare very favorably to the case of
classical Gr\"obner bases when the valuation is non-trivial. Numerical examples
are provided
On the degree of the polynomial defining a planar algebraic curves of constant width
In this paper, we consider a family of closed planar algebraic curves
which are given in parametrization form via a trigonometric
polynomial . When is the boundary of a compact convex set, the
polynomial represents the support function of this set. Our aim is to
examine properties of the degree of the defining polynomial of this family of
curves in terms of the degree of . Thanks to the theory of elimination, we
compute the total degree and the partial degrees of this polynomial, and we
solve in addition a question raised by Rabinowitz in \cite{Rabi} on the lowest
degree polynomial whose graph is a non-circular curve of constant width.
Computations of partial degrees of the defining polynomial of algebraic
surfaces of constant width are also provided in the same way.Comment: 13 page
On the Complexity of the F5 Gr\"obner basis Algorithm
We study the complexity of Gr\"obner bases computation, in particular in the
generic situation where the variables are in simultaneous Noether position with
respect to the system.
We give a bound on the number of polynomials of degree in a Gr\"obner
basis computed by Faug\`ere's algorithm~(Fau02) in this generic case for
the grevlex ordering (which is also a bound on the number of polynomials for a
reduced Gr\"obner basis, independently of the algorithm used). Next, we analyse
more precisely the structure of the polynomials in the Gr\"obner bases with
signatures that computes and use it to bound the complexity of the
algorithm.
Our estimates show that the version of~ we analyse, which uses only
standard Gaussian elimination techniques, outperforms row reduction of the
Macaulay matrix with the best known algorithms for moderate degrees, and even
for degrees up to the thousands if Strassen's multiplication is used. The
degree being fixed, the factor of improvement grows exponentially with the
number of variables.Comment: 24 page
On formulas for decoding binary cyclic codes
We adress the problem of the algebraic decoding of any cyclic code up to the
true minimum distance. For this, we use the classical formulation of the
problem, which is to find the error locator polynomial in terms of the syndroms
of the received word. This is usually done with the Berlekamp-Massey algorithm
in the case of BCH codes and related codes, but for the general case, there is
no generic algorithm to decode cyclic codes. Even in the case of the quadratic
residue codes, which are good codes with a very strong algebraic structure,
there is no available general decoding algorithm. For this particular case of
quadratic residue codes, several authors have worked out, by hand, formulas for
the coefficients of the locator polynomial in terms of the syndroms, using the
Newton identities. This work has to be done for each particular quadratic
residue code, and is more and more difficult as the length is growing.
Furthermore, it is error-prone. We propose to automate these computations,
using elimination theory and Grbner bases. We prove that, by computing
appropriate Grbner bases, one automatically recovers formulas for the
coefficients of the locator polynomial, in terms of the syndroms
An algebraic approach to the Rank Support Learning problem
Rank-metric code-based cryptography relies on the hardness of decoding a
random linear code in the rank metric. The Rank Support Learning problem (RSL)
is a variant where an attacker has access to N decoding instances whose errors
have the same support and wants to solve one of them. This problem is for
instance used in the Durandal signature scheme. In this paper, we propose an
algebraic attack on RSL which clearly outperforms the previous attacks to solve
this problem. We build upon Bardet et al., Asiacrypt 2020, where similar
techniques are used to solve MinRank and RD. However, our analysis is simpler
and overall our attack relies on very elementary assumptions compared to
standard Gr{\"o}bner bases attacks. In particular, our results show that key
recovery attacks on Durandal are more efficient than was previously thought
Improvement of algebraic attacks for solving superdetermined MinRank instances
The MinRank (MR) problem is a computational problem that arises in many
cryptographic applications. In Verbel et al. (PQCrypto 2019), the authors
introduced a new way to solve superdetermined instances of the MinRank problem,
starting from the bilinear Kipnis-Shamir (KS) modeling. They use linear algebra
on specific Macaulay matrices, considering only multiples of the initial
equations by one block of variables, the so called ''kernel'' variables. Later,
Bardet et al. (Asiacrypt 2020) introduced a new Support Minors modeling (SM),
that consider the Pl{\"u}cker coordinates associated to the kernel variables,
i.e. the maximal minors of the Kernel matrix in the KS modeling. In this paper,
we give a complete algebraic explanation of the link between the (KS) and (SM)
modelings (for any instance). We then show that superdetermined MinRank
instances can be seen as easy instances of the SM modeling. In particular, we
show that performing computation at the smallest possible degree (the ''first
degree fall'') and the smallest possible number of variables is not always the
best strategy. We give complexity estimates of the attack for generic random
instances.We apply those results to the DAGS cryptosystem, that was submitted
to the first round of the NIST standardization process. We show that the
algebraic attack from Barelli and Couvreur (Asiacrypt 2018), improved in Bardet
et al. (CBC 2019), is a particular superdetermined MinRank instance.Here, the
instances are not generic, but we show that it is possible to analyse the
particular instances from DAGS and provide a way toselect the optimal
parameters (number of shortened positions) to solve a particular instance
Algebraic Properties of Polar Codes From a New Polynomial Formalism
Polar codes form a very powerful family of codes with a low complexity
decoding algorithm that attain many information theoretic limits in error
correction and source coding. These codes are closely related to Reed-Muller
codes because both can be described with the same algebraic formalism, namely
they are generated by evaluations of monomials. However, finding the right set
of generating monomials for a polar code which optimises the decoding
performances is a hard task and channel dependent. The purpose of this paper is
to reveal some universal properties of these monomials. We will namely prove
that there is a way to define a nontrivial (partial) order on monomials so that
the monomials generating a polar code devised fo a binary-input symmetric
channel always form a decreasing set.
This property turns out to have rather deep consequences on the structure of
the polar code. Indeed, the permutation group of a decreasing monomial code
contains a large group called lower triangular affine group. Furthermore, the
codewords of minimum weight correspond exactly to the orbits of the minimum
weight codewords that are obtained from (evaluations) of monomials of the
generating set. In particular, it gives an efficient way of counting the number
of minimum weight codewords of a decreasing monomial code and henceforth of a
polar code.Comment: 14 pages * A reference to the work of Bernhard Geiger has been added
(arXiv:1506.05231) * Lemma 3 has been changed a little bit in order to prove
that Proposition 7.1 in arXiv:1506.05231 holds for any binary input symmetric
channe
Complexity reduction of C-algorithm
The C-Algorithm introduced in [Chouikha2007] is designed to determine
isochronous centers for Lienard-type differential systems, in the general real
analytic case. However, it has a large complexity that prevents computations,
even in the quartic polynomial case.
The main result of this paper is an efficient algorithmic implementation of
C-Algorithm, called ReCA (Reduced C-Algorithm). Moreover, an adapted version of
it is proposed in the rational case. It is called RCA (Rational C-Algorithm)
and is widely used in [BardetBoussaadaChouikhaStrelcyn2010] and
[BoussaadaChouikhaStrelcyn2010] to find many new examples of isochronous
centers for the Li\'enard type equation
Polynomial time attack on high rate random alternant codes
A long standing open question is whether the distinguisher of high rate
alternant codes or Goppa codes \cite{FGOPT11} can be turned into an algorithm
recovering the algebraic structure of such codes from the mere knowledge of an
arbitrary generator matrix of it. This would allow to break the McEliece scheme
as soon as the code rate is large enough and would break all instances of the
CFS signature scheme. We give for the first time a positive answer for this
problem when the code is {\em a generic alternant code} and when the code field
size is small : and for {\em all} regime of other
parameters for which the aforementioned distinguisher works. This breakthrough
has been obtained by two different ingredients : (i) a way of using code
shortening and the component-wise product of codes to derive from the original
alternant code a sequence of alternant codes of decreasing degree up to getting
an alternant code of degree (with a multiplier and support related to those
of the original alternant code);
(ii) an original Gr\"obner basis approach which takes into account the non
standard constraints on the multiplier and support of an alternant code which
recovers in polynomial time the relevant algebraic structure of an alternant
code of degree from the mere knowledge of a basis for it
- …