Controlled non uniform random generation of decomposable structures

Consider a class of decomposable combinatorial structures, using different types of atoms \Atoms = \{\At_1,\ldots ,\At_{|{\Atoms}|}\}. We address the random generation of such structures with respect to a size $n$ and a targeted distribution in $k$ of its \emph{distinguished} atoms. We consider two variations on this problem. In the first alternative, the targeted distribution is given by $k$ real numbers \TargFreq_1, \ldots, \TargFreq_k such that 0 < \TargFreq_i < 1 for all $i$ and \TargFreq_1+\cdots+\TargFreq_k \leq 1. We aim to generate random structures among the whole set of structures of a given size $n$, in such a way that the {\em expected} frequency of any distinguished atom \At_i equals \TargFreq_i. We address this problem by weighting the atoms with a $k$-tuple \Weights of real-valued weights, inducing a weighted distribution over the set of structures of size $n$. We first adapt the classical recursive random generation scheme into an algorithm taking \bigO{n^{1+o(1)}+mn\log{n}} arithmetic operations to draw $m$ structures from the \Weights-weighted distribution. Secondly, we address the analytical computation of weights such that the targeted frequencies are achieved asymptotically, i. e. for large values of $n$. We derive systems of functional equations whose resolution gives an explicit relationship between \Weights and \TargFreq_1, \ldots, \TargFreq_k. Lastly, we give an algorithm in \bigO{k n^4} for the inverse problem, {\it i.e.} computing the frequencies associated with a given $k$-tuple \Weights of weights, and an optimized version in \bigO{k n^2} in the case of context-free languages. This allows for a heuristic resolution of the weights/frequencies relationship suitable for complex specifications. In the second alternative, the targeted distribution is given by a $k$ natural numbers $n_1, \ldots, n_k$ such that $n_1+\cdots+n_k+r=n$ where $r \geq 0$ is the number of undistinguished atoms. The structures must be generated uniformly among the set of structures of size $n$ that contain {\em exactly} $n_i$ atoms \At_i ($1 \leq i \leq k$). We give a \bigO{r^2\prod_{i=1}^k n_i^2 +m n k \log n} algorithm for generating $m$ structures, which simplifies into a \bigO{r\prod_{i=1}^k n_i +m n} for regular specifications

Polynomial-Time Amoeba Neighborhood Membership and Faster Localized Solving

We derive efficient algorithms for coarse approximation of algebraic hypersurfaces, useful for estimating the distance between an input polynomial zero set and a given query point. Our methods work best on sparse polynomials of high degree (in any number of variables) but are nevertheless completely general. The underlying ideas, which we take the time to describe in an elementary way, come from tropical geometry. We thus reduce a hard algebraic problem to high-precision linear optimization, proving new upper and lower complexity estimates along the way.Comment: 15 pages, 9 figures. Submitted to a conference proceeding

Key-Recovery Attacks on ASASA

International audienceThe ASASA construction is a new design scheme introduced at Asiacrypt 2014 by Biryukov, Bouillaguet and Khovratovich. Its versatility was illustrated by building two public-key encryption schemes, a secret-key scheme, as well as super S-box subcomponents of a white-box scheme. However one of the two public-key cryptosystems was recently broken at Crypto 2015 by Gilbert, Plût and Treger. As our main contribution, we propose a new algebraic key-recovery attack able to break at once the secret-key scheme as well as the remaining public-key scheme, in time complexity 2^{63} and 2^{39} respectively (the security parameter is 128 bits in both cases). Furthermore, we present a second attack of independent interest on the same public-key scheme, which heuristically reduces the problem of breaking the scheme to an LPN instance with tractable parameters. This allows key recovery in time complexity 2^{56}. Finally, as a side result, we outline a very efficient heuristic attack on the white-box scheme, which breaks instances claiming 64 bits of security under one minute on a laptop computer

Numerical Algebraic Geometry: A New Perspective on String and Gauge Theories

The interplay rich between algebraic geometry and string and gauge theories has recently been immensely aided by advances in computational algebra. However, these symbolic (Gr\"{o}bner) methods are severely limited by algorithmic issues such as exponential space complexity and being highly sequential. In this paper, we introduce a novel paradigm of numerical algebraic geometry which in a plethora of situations overcomes these short-comings. Its so-called 'embarrassing parallelizability' allows us to solve many problems and extract physical information which elude the symbolic methods. We describe the method and then use it to solve various problems arising from physics which could not be otherwise solved.Comment: 36 page

Improved global sea surface height and current maps from remote sensing and in situ observations

We present a new gridded sea surface height and current dataset produced by combining observations from nadir altimeters and drifting buoys. This product is based on a multiscale and multivariate mapping approach that offers the possibility to improve the physical content of gridded products by combining the data from various platforms and resolving a broader spectrum of ocean surface dynamic than in the current operational mapping system. The dataset covers the entire global ocean and spans from 1 July 2016 to 30 June 2020. The multiscale approach decomposes the observed signal into different physical contributions. In the present study, we simultaneously estimate the mesoscale ocean circulations as well as part of the equatorial wave dynamics (e.g. tropical instability and Poincaré waves). The multivariate approach is able to exploit the geostrophic signature resulting from the synergy of altimetry and drifter observations. Sea-level observations in Arctic leads are also used in the merging to improve the surface circulation in this poorly mapped region. A quality assessment of this new product is proposed with regard to an operational product distributed in the Copernicus Marine Service. We show that the multiscale and multivariate mapping approach offers promising perspectives for reconstructing the ocean surface circulation: observations of leads contribute to improvement of the coverage in delivering gap-free maps in the Arctic and observations of drifters help to refine the mapping in regions of intense dynamics where the temporal sampling must be accurate enough to properly map the rapid mesoscale dynamics. Overall, the geostrophic circulation is better mapped in the new product, with mapping errors significantly reduced in regions of high variability and in the equatorial band. The resolved scales of this new product are therefore between 5 % and 10 % finer than the Copernicus product (https://doi.org/10.48670/moi-00148, Pujol et al., 2022b).</p

Rank Analysis of Cubic Multivariate Cryptosystems

In this work we analyze the security of cubic cryptographic constructions with respect to rank weakness. We detail how to extend the big field idea from quadratic to cubic, and show that the same rank defect occurs. We extend the min-rank problem and propose an algorithm to solve it in this setting. We show that for fixed small rank, the complexity is even lower than for the quadratic case. However, the rank of a cubic polynomial in $n$ variables can be larger than $n$, and in this case the algorithm is very inefficient. We show that the rank of the differential is not necessarily smaller, rendering this line of attack useless if the rank is large enough. Similarly, the algebraic attack is exponential in the rank, thus useless for high rank

A Polynomial-Time Key-Recovery Attack on MQQ Cryptosystems

International audienceWe investigate the security of the family of MQQ public key cryptosystems using multivariate quadratic quasigroups (MQQ). These cryptosystems show especially good performance properties. In particular, the MQQ-SIG signature scheme is the fastest scheme in the ECRYPT benchmarking of cryptographic systems (eBACS). We show that both the signature scheme MQQ-SIG and the encryption scheme MQQ-ENC, although using different types of MQQs, share a common algebraic structure that introduces a weakness in both schemes. We use this weakness to mount a successful polynomial time key-recovery attack. Our key-recovery attack finds an equivalent key using the idea of so-called {\it good keys} that reveals the structure gradually. In the process we need to solve a MinRank problem that, because of the structure, can be solved in polynomial-time assuming some mild algebraic assumptions. We highlight that our theoretical results work in characteristic $2$ which is known to be the most difficult case to address in theory for MinRank attacks. Also, we emphasize that our attack works without any restriction on the number of polynomials removed from the public-key, that is, using the minus modifier. This was not the case for previous MinRank like-attacks against \MQ\ schemes. From a practical point of view, we are able to break an MQQ-SIG instance of $80$ bits security in less than $2$ days, and one of the more conservative MQQ-ENC instances of $128$ bits security in little bit over $9$ days. Altogether, our attack shows that it is very hard to design a secure public key scheme based on an easily invertible MQQ structure

Combined genetic approaches yield a 48% diagnostic rate in a large cohort of French hearing-impaired patients

International audienceHearing loss is the most common sensory disorder and because of its high genetic heterogeneity, implementation of Massively Parallel Sequencing (MPS) in diagnostic laboratories is greatly improving the possibilities of offering optimal care to patients. We present the results of a two-year period of molecular diagnosis that included 207 French families referred for non-syndromic hearing loss. Our multi-step strategy involved (i) DFNB1 locus analysis, (ii) MPS of 74 genes, and (iii) additional approaches including Copy Number Variations, in silico analyses, minigene studies coupled when appropriate with complete gene sequencing, and a specific assay for STRC. This comprehensive screening yielded an overall diagnostic rate of 48%, equally distributed between DFNB1 (24%) and the other genes (24%). Pathogenic genotypes were identified in 19 different genes, with a high prevalence of GJB2, STRC, MYO15A, OTOF, TMC1, MYO7A and USH2A. Involvement of an Usher gene was reported in 16% of the genotyped cohort. Four de novo variants were identified. This study highlights the need to develop several molecular approaches for efficient molecular diagnosis of hearing loss, as this is crucial for genetic counselling, audiological rehabilitation and the detection of syndromic forms

Two philosophies for solving non-linear equations in algebraic cryptanalysis

Algebraic Cryptanalysis [45] is concerned with solving of particular systems of multivariate non-linear equations which occur in cryptanalysis. Many different methods for solving such problems have been proposed in cryptanalytic literature: XL and XSL method, Gröbner bases, SAT solvers, as well as many other. In this paper we survey these methods and point out that the main working principle in all of them is essentially the same. One quantity grows faster than another quantity which leads to a “phase transition” and the problem becomes efficiently solvable. We illustrate this with examples from both symmetric and asymmetric cryptanalysis. In this paper we point out that there exists a second (more) general way of formulating algebraic attacks through dedicated coding techniques which involve redundancy with addition of new variables. This opens numerous new possibilities for the attackers and leads to interesting optimization problems where the existence of interesting equations may be somewhat deliberately engineered by the attacker

Use of satellite observations for operational oceanography: recent achievements and future prospects

The paper gives an overview of the development of satellite oceanography over the past five years focusing on the most relevant issues for operational oceanography. Satellites provide key essential variables to constrain ocean models and/or serve downstream applications. New and improved satellite data sets have been developed and have directly improved the quality of operational products. The status of the satellite constellation for the last five years was, however, not optimal. Review of future missions shows clear progress and new research and development missions with a potentially large impact for operational oceanography should be demonstrated. Improvement of data assimilation techniques and developing synergetic use of high resolution satellite observations are important future priorities