Oracle-supported drawing of the Groebner {\em escalier}

Abstract

The aim of this note is to discuss the following quite queer Problem: \noindent GIVEN \noindent i) the free non-commutative polynomial ring, {\Cal P} := {\Bbb F}\langle X_1,\ldots,X_n\rangle {\em (public)}, \noindent ii) a bilateral ideal ${\sf I}\subset {\Bbb F}\langle X_1,\ldots,X_n\rangle$ {\em (private)}, \noindent iii) a finite set $G := \{g_1,\ldots,g_l\}\subset{\sf I}$ of elements of the ideal ${\sf I}$ {\em (public)}, \noindent a noetherian semigroup term-ordering $\prec,$ {\rm (private)}, on the word semigroup {\Cal T} := , \noindent COMPUTE \noindent --a finite subset $H\subset\Gamma({\sf I})$ of the Gr\"obner basis $\Gamma({\sf I})$ of ${\sf I}$ w.r.t. $\prec$ s.t., for each $g_i\in G$ its {\em normal form} $NF(g_i,H)$ w.r.t. $H$ is zero, \noindent "by means of a finite number of queries to an oracle", which, \noindent given a term \tau\in{\Cal T} returns its {\em canonical form} \Can(\tau,{\sf I},\prec) w.r.t. the ideal ${\sf I}$ and the term-ordering $\prec$. \qed This queer problem has been suggested to us by Bulygin (2005) where a similar problem, but with stronger assumptions, is faced in order to set up a chosen-cyphertext attack against the cryptographic system proposed in Rai (2004)