Polynomial-Time Algorithms for Quadratic Isomorphism of Polynomials: The Regular Case

Let $\mathbf{f}=(f\_1,\ldots,f\_m)$ and $\mathbf{g}=(g\_1,\ldots,g\_m)$ be two sets of $m\geq 1$ nonlinear polynomials over $\mathbb{K}[x\_1,\ldots,x\_n]$ ($\mathbb{K}$ being a field). We consider the computational problem of finding -- if any -- an invertible transformation on the variables mapping $\mathbf{f}$ to $\mathbf{g}$. The corresponding equivalence problem is known as {\tt Isomorphism of Polynomials with one Secret} ({\tt IP1S}) and is a fundamental problem in multivariate cryptography. The main result is a randomized polynomial-time algorithm for solving {\tt IP1S} for quadratic instances, a particular case of importance in cryptography and somewhat justifying {\it a posteriori} the fact that {\it Graph Isomorphism} reduces to only cubic instances of {\tt IP1S} (Agrawal and Saxena). To this end, we show that {\tt IP1S} for quadratic polynomials can be reduced to a variant of the classical module isomorphism problem in representation theory, which involves to test the orthogonal simultaneous conjugacy of symmetric matrices. We show that we can essentially {\it linearize} the problem by reducing quadratic-{\tt IP1S} to test the orthogonal simultaneous similarity of symmetric matrices; this latter problem was shown by Chistov, Ivanyos and Karpinski to be equivalent to finding an invertible matrix in the linear space $\mathbb{K}^{n \times n}$ of $n \times n$ matrices over $\mathbb{K}$ and to compute the square root in a matrix algebra. While computing square roots of matrices can be done efficiently using numerical methods, it seems difficult to control the bit complexity of such methods. However, we present exact and polynomial-time algorithms for computing the square root in $\mathbb{K}^{n \times n}$ for various fields (including finite fields). We then consider \\#{\tt IP1S}, the counting version of {\tt IP1S} for quadratic instances. In particular, we provide a (complete) characterization of the automorphism group of homogeneous quadratic polynomials. Finally, we also consider the more general {\it Isomorphism of Polynomials} ({\tt IP}) problem where we allow an invertible linear transformation on the variables \emph{and} on the set of polynomials. A randomized polynomial-time algorithm for solving {\tt IP} when $\mathbf{f}=(x\_1^d,\ldots,x\_n^d)$ is presented. From an algorithmic point of view, the problem boils down to factoring the determinant of a linear matrix (\emph{i.e.}\ a matrix whose components are linear polynomials). This extends to {\tt IP} a result of Kayal obtained for {\tt PolyProj}.Comment: Published in Journal of Complexity, Elsevier, 2015, pp.3

In-depth comparison of the Berlekamp--Massey--Sakata and the Scalar-FGLM algorithms: the adaptive variants

The Berlekamp--Massey--Sakata algorithm and the Scalar-FGLM algorithm both compute the ideal of relations of a multidimensional linear recurrent sequence.Whenever quering a single sequence element is prohibitive, the bottleneck of these algorithms becomes the computation of all the needed sequence terms. As such, having adaptive variants of these algorithms, reducing the number of sequence queries, becomes mandatory.A native adaptive variant of the Scalar-FGLM algorithm was presented by its authors, the so-called Adaptive Scalar-FGLM algorithm.In this paper, our first contribution is to make the Berlekamp--Massey--Sakata algorithm more efficient by making it adaptive to avoid some useless relation test-ings. This variant allows us to divide by four in dimension 2 and by seven in dimension 3 the number of basic operations performed on some sequence family.Then, we compare the two adaptive algorithms. We show that their behaviors differ in a way that it is not possible to tweak one of the algorithms in order to mimic exactly the behavior of the other. We detail precisely the differences and the similarities of both algorithms and conclude that in general the Adaptive Scalar-FGLM algorithm needs fewer queries and performs fewer basic operations than the Adaptive Berlekamp--Massey--Sakata algorithm.We also show that these variants are always more efficient than the original algorithms

Decomposition of multihomogeneous polynomials: minimal number of variables

Functional decomposition; Algebraic system resolution; Multihomogeneous polynomials; Invariants; ComplexityIn this paper, we generalize Hironaka's invariants, the ridge and the directrix, of homogeneous ideals, to multihomogeneous ideals. These invariants are the minimal number of additive polynomials or linear forms to write a given ideal. We design algorithms to compute both these invariants which make use of the multihomogeneous structure of the ideal and study their complexities depending on the number of blocks of variables, the number of variables in each block and the degree of the polynomials spanning the considered ideal. We report our implementation in Maple using FGb library

Polynomial-Division-Based Algorithms for Computing Linear Recurrence Relations

Sparse polynomial interpolation, sparse linear system solving or modular rational reconstruction are fundamental problems in Computer Algebra. They come down to computing linear recurrence relations of a sequence with the Berlekamp-Massey algorithm. Likewise, sparse multivariate polynomial interpolation and multidimensional cyclic code decoding require guessing linear recurrence relations of a multivariate sequence.Several algorithms solve this problem. The so-called Berlekamp-Massey-Sakata algorithm (1988) uses polynomial additions and shifts by a monomial. The Scalar-FGLM algorithm (2015) relies on linear algebra operations on a multi-Hankel matrix, a multivariate generalization of a Hankel matrix. The Artinian Gorenstein border basis algorithm (2017) uses a Gram-Schmidt process.We propose a new algorithm for computing the Gr{\"o}bner basis of the ideal of relations of a sequence based solely on multivariate polynomial arithmetic. This algorithm allows us to both revisit the Berlekamp-Massey-Sakata algorithm through the use of polynomial divisions and to completely revise the Scalar-FGLM algorithm without linear algebra operations.A key observation in the design of this algorithm is to work on the mirror of the truncated generating series allowing us to use polynomial arithmetic modulo a monomial ideal. It appears to have some similarities with Pad{\'e} approximants of this mirror polynomial.As an addition from the paper published at the ISSAC conferance, we give an adaptive variant of this algorithm taking into account the shape of the final Gr{\"o}bner basis gradually as it is discovered. The main advantage of this algorithm is that its complexity in terms of operations and sequence queries only depends on the output Gr{\"o}bner basis.All these algorithms have been implemented in Maple and we report on our comparisons

Polynomial root finding over local rings and application to error correcting codes

International audienceThis article is devoted to algorithms for computing all the roots of a univariate polynomial with coefficients in a complete commutative Noetherian unramified regular local domain, which are given to a fixed common finite precision. We study the cost of our algorithms, discuss their practical performances, and apply our results to the Guruswami and Sudan list decoding algorithm over Galois rings

Guessing Linear Recurrence Relations of Sequence Tuples and P-recursive Sequences with Linear Algebra

International audienceGiven several $n$-dimensional sequences, we first present an algorithmfor computing the Gröbner basis of their module of linear recurrencerelations.A P-recursive sequence $(u_{\mathbf{i}})_{\mathbf{i}\in\mathbb{N}^n}$satisfies linear recurrence relations with polynomial coefficients in$\mathbf{i}$, as defined by Stanley in 1980. Calling directlythe aforementioned algorithm on the tuple ofsequences $\left((\mathbf{i}^{\mathbf{j}}\,u_{\mathbf{i}})_{\mathbf{i}\in\mathbb{N}^n}\right)_{\mathbf{j}}$for retrieving the relations yields redundant relations.Since the module of relations of aP-recursive sequence also has an extra structure of a $0$-dimensional rightideal of an Ore algebra, we design a more efficient algorithm that takesadvantage of this extra structure forcomputing the relations.Finally, we show how to incorporate Gröbner bases computations in anOre algebra $\mathbb{K}\langle t_1,\ldots,t_n,x_1,\ldots,x_n\rangle$, withcommutators $x_k\,x_{\ell}-x_{\ell}\,x_k=t_k\,t_{\ell}-t_{\ell}\,t_k=t_k\,x_{\ell}-x_{\ell}\,t_k=0$ for $k\neq\ell$ and$t_k\,x_k-x_k\,t_k=x_k$, into the algorithm designed for P-recursivesequences. This allows us to compute faster the Gr\"obner basis of the ideal spanned by the first relations,such as in \textsc{2D}/\textsc{3D}-space walks examples

A polynomial-division-based algorithm for computing linear recurrence relations

International audienceSparse polynomial interpolation, sparse linear system solving or modular rational reconstruction are fundamental problems in Computer Algebra. They come down to computing linear recurrence relations of a sequence with the Berlekamp–Massey algorithm. Likewise, sparse multivariate polynomial interpolation and multidi-mensional cyclic code decoding require guessing linear recurrence relations of a multivariate sequence. Several algorithms solve this problem. The so-called Berlekamp– Massey–Sakata algorithm (1988) uses polynomial additions and shifts by a monomial. The Scalar-FGLM algorithm (2015) relies on linear algebra operations on a multi-Hankel matrix, a multivariate generalization of a Hankel matrix. The Artinian Gorenstein border basis algorithm (2017) uses a Gram-Schmidt process. We propose a new algorithm for computing the Gröbner basis of the ideal of relations of a sequence based solely on multivariate polynomial arithmetic. This algorithm allows us to both revisit the Berlekamp–Massey–Sakata algorithm through the use of polynomial divisions and to completely revise the Scalar-FGLM algorithm without linear algebra operations. A key observation in the design of this algorithm is to work on the mirror of the truncated generating series allowing us to use polynomial arithmetic modulo a monomial ideal. It appears to have some similarities with Padé approximants of this mirror polynomial. Finally, we give a partial solution to the transformation of this algorithm into an adaptive one

Linear Algebra for Computing Gröbner Bases of Linear Recursive Multidimensional Sequences

International audienceSakata generalized the Berlekamp -- Massey algorithm to $n$ dimensions in~1988. The Berlekamp -- Massey -- Sakata (BMS)algorithm can be used for finding a Gröbner basis of a $0$-dimensionalideal of relations verified by a table. We investigate this problem usinglinear algebra techniques, with motivations such as accelerating change ofbasis algorithms (FGLM) or improving their complexity.We first define and characterize multidimensional linear recursive sequencesfor $0$-dimensional ideals.Under genericity assumptions, we propose a randomized preprocessing of thetable that corresponds to performing a linear change of coordinates on thepolynomials associated with the linear recurrences. This technique thenessentially reduces our problem to using the efficient $1$-dimensional Berlekamp -- Massey (BM)algorithm.However, the number of probes to the table in this scheme may be elevated.We thus consider the table in the \emph{black-box} model: we assume probing thetable is expensive and we minimize the number of probes to the table in ourcomplexity model.We produce an FGLM-like algorithm for finding the relations in thetable, which lets us use linear algebra techniques. Under some additionalassumptions, we make this algorithm adaptive and reduce further the numberof table probes.This number can be estimated by counting the number of distinct elements in amulti-Hankel matrix (a multivariate generalization of Hankel matrices); we canrelate this quantity with the \emph{geometry} of the final staircase. Hence,in favorable cases such as convex ones, the complexity is essentially linear inthe size of the output. Finally, when using the \textsc{lex} ordering, we canmake use of fast structured linear algebra similarly to the Hankelinterpretation of Berlekamp -- Massey

Linear Algebra for Computing Gröbner Bases of Linear Recursive Multidimensional Sequences

Special issue on the conference ISSAC 2015: Symbolic computation and computer algebraInternational audienceThe so-called Berlekamp~-- Massey~-- Sakata algorithmcomputes a Gröbner basis of a $0$-dimensional ideal of relations satisfied by an inputtable. It extends the Berlekamp~-- Massey algorithmto $n$-dimensional tables, for $n>1$.We investigate this problem and design several algorithms forcomputing such a Gröbner basis of an ideal of relations using linearalgebra techniques.The first one performs a lot of table queries andis analogous to a change of variables on the ideal of relations.As each query to the table can be expensive,we design a second algorithmrequiring fewer queries, in general.This \textsc{FGLM}-like algorithm allows us to compute the relations of thetable by extracting a full rank submatrix of a \emph{multi-Hankel}matrix (a multivariate generalization of Hankel matrices).Under someadditional assumptions, we make a third, adaptive, algorithm and reducefurther the number of table queries.Then, we relate the number of queries ofthis third algorithm to the\emph{geometry} of the final staircase and we show that it isessentially linear in the size of the output when the staircase is convex.As a direct application to this, we decode $n$-cyclic codes, ageneralization in dimension $n$ of Reed Solomon codes. We show that the multi-Hankelmatrices are heavily structured when using the \textsc{LEX} orderingand that we can speed up the computations using fast algorithms forquasi-Hankel matrices.Finally, we designalgorithms for computing the generating series of a linear recursivetable