Results 1  10
of
197
A New Efficient Algorithm for Computing Gröbner Bases Without Reduction to Zero (F5
 In: ISSAC ’02: Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation
, 2002
"... This paper introduces a new efficient algorithm for computing Gröbner bases. To avoid as much as possible intermediate computation, the algorithm computes successive truncated Gröbner bases and it replaces the classical polynomial reduction found in the Buchberger algorithm by the simultaneous reduc ..."
Abstract

Cited by 253 (54 self)
 Add to MetaCart
This paper introduces a new efficient algorithm for computing Gröbner bases. To avoid as much as possible intermediate computation, the algorithm computes successive truncated Gröbner bases and it replaces the classical polynomial reduction found in the Buchberger algorithm by the simultaneous reduction of several polynomials. This powerful reduction mechanism is achieved by means of a symbolic precomputation and by extensive use of sparse linear algebra methods. Current techniques in linear algebra used in Computer Algebra are reviewed together with other methods coming from the numerical field. Some previously untractable problems (Cyclic 9) are presented as well as an empirical comparison of a first implementation of this algorithm with other well known programs. This comparison pays careful attention to methodology issues. All the benchmarks and CPU times used in this paper are frequently updated and available on a Web page. Even though the new algorithm does not improve the worst case complexity it is several times faster than previous implementations both for integers and modulo computations. 1
Quantum Schubert Polynomials
 J. AMER. MATH. SOC
, 1997
"... We compute GromovWitten invariants of the flag manifold using a new combinatorial construction for its quantum cohomology ring. Our construction provides quantum analogues of the BernsteinGelfandGelfand results on the cohomology of the flag manifold, and the LascouxSchutzenberger theory of S ..."
Abstract

Cited by 67 (6 self)
 Add to MetaCart
We compute GromovWitten invariants of the flag manifold using a new combinatorial construction for its quantum cohomology ring. Our construction provides quantum analogues of the BernsteinGelfandGelfand results on the cohomology of the flag manifold, and the LascouxSchutzenberger theory of Schubert polynomials. We also derive the quantum Monk's formula.
Effective Algorithms for Parametrizing Linear Control Systems over Ore Algebras
 APPLICABLE ALGEBRA IN ENGINEERING, COMMUNICATION AND COMPUTING
"... ..."
Variation of Cost Functions in Integer Programming
 MATHEMATICAL PROGRAMMING
, 1994
"... We study the problem of minimizing c \Delta x subject to A \Delta x = b, x 0 and x integral, for a fixed matrix A. Two cost functions c and c 0 are considered equivalent if they give the same optimal solutions for each b. We construct a polytope St(A) whose normal cones are the equivalence classe ..."
Abstract

Cited by 42 (8 self)
 Add to MetaCart
We study the problem of minimizing c \Delta x subject to A \Delta x = b, x 0 and x integral, for a fixed matrix A. Two cost functions c and c 0 are considered equivalent if they give the same optimal solutions for each b. We construct a polytope St(A) whose normal cones are the equivalence classes. Explicit inequality presentations of these cones are given by the reduced Gröbner bases associated with A. The union of the reduced Gröbner bases as c varies (called the universal Gröbner basis) consists precisely of the edge directions of St(A). We present geometric algorithms for computing St(A), the Graver basis [Gra], and the universal Gröbner basis.
Algebraic Cryptanalysis of McEliece Variants with Compact Keys
 In Proceedings of Eurocrypt 2010
"... Abstract. In this paper we propose a new approach to investigate the security of the McEliece cryptosystem. We recall that this cryptosystem relies on the use of errorcorrecting codes. Since its invention thirty years ago, no efficient attack had been devised that managed to recover the private key ..."
Abstract

Cited by 25 (8 self)
 Add to MetaCart
Abstract. In this paper we propose a new approach to investigate the security of the McEliece cryptosystem. We recall that this cryptosystem relies on the use of errorcorrecting codes. Since its invention thirty years ago, no efficient attack had been devised that managed to recover the private key. We prove that the private key of the cryptosystem satisfies a system of bihomogeneous polynomial equations. This property is due to the particular class of codes considered which are alternant codes. We have used these highly structured algebraic equations to mount an efficient keyrecovery attack against two recent variants of the McEliece cryptosystems that aim at reducing public key sizes. These two compact variants of McEliece managed to propose keys with less than 20,000 bits. To do so, they proposed to use quasicyclic or dyadic structures. An implementation of our algebraic attack in the computer algebra system MAGMA allows to find the secretkey in a negligible time (less than one second) for almost all the proposed challenges. For instance, a private key designed for a 256bit security has been found in 0.06 seconds with about 2 17.8 operations. 1
Gomory Integer Programs
, 2001
"... The set of all group relaxations of an integer program contains certain special members called Gomory relaxations. A family of integer programs with a fixed coefficient matrix and cost vector but varying right hand sides is a Gomory family if every program in the family can be solved by one of its G ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
The set of all group relaxations of an integer program contains certain special members called Gomory relaxations. A family of integer programs with a fixed coefficient matrix and cost vector but varying right hand sides is a Gomory family if every program in the family can be solved by one of its Gomory relaxations. In this paper, we characterize Gomory families. Every TDI system gives a Gomory family, and we construct Gomory families from matrices whose columns form a Hilbert basis for the cone they generate. The existence of Gomory families is related to the Hilbert covering problems that arose from the conjectures of Sebö. Connections to commutative algebra are outlined at the end.
Algebraic Structure of Quasicyclic Codes
 DISCRETE APPL. MATH
"... We use Gröbner bases of modules as a tool in the construction and classification of quasiscyclic codes. Whereas previous studies have been mainly concerned with the 1generator case, our results elucidate the structure of arbitrary quasicyclic codes and their duals. As an application we provide a co ..."
Abstract

Cited by 23 (1 self)
 Add to MetaCart
We use Gröbner bases of modules as a tool in the construction and classification of quasiscyclic codes. Whereas previous studies have been mainly concerned with the 1generator case, our results elucidate the structure of arbitrary quasicyclic codes and their duals. As an application we provide a complete characterisation of selfdual quasicyclic codes of index 2.
Polynomial Equivalence Problems: Algorithmic and Theoretical Aspects
 In EUROCRYPT
, 2006
"... Abstract. The Isomorphism of Polynomials (IP) [28], which is the main concern of this paper, originally corresponds to the problem of recovering the secret key of a C ∗ scheme [26]. Besides, the security of various other schemes (signature, authentication [28], traitor tracing [5],...) also depends ..."
Abstract

Cited by 22 (10 self)
 Add to MetaCart
Abstract. The Isomorphism of Polynomials (IP) [28], which is the main concern of this paper, originally corresponds to the problem of recovering the secret key of a C ∗ scheme [26]. Besides, the security of various other schemes (signature, authentication [28], traitor tracing [5],...) also depends on the practical hardness of IP. Due to its numerous applications, the Isomorphism of Polynomials is thus one of the most fundamental problems in multivariate cryptography. In this paper, we address two complementary aspects of IP, namely its theoretical and practical difficulty. We present an upper bound on the theoretical complexity of “IPlike ” problems, i.e. a problem consisting in recovering a particular transformation between two sets of multivariate polynomials. We prove that these problems are not NPHard (provided that the polynomial hierarchy does not collapse). Concerning the practical aspect, we present a new algorithm for solving IP. In a nutshell, the idea is to generate a suitable algebraic system of equations whose zeroes correspond to a solution of IP. From a practical point of view, we employed a fast Gröbner basis algorithm, namely F5 [17], for solving this system. This approach is efficient in practice and obliges to modify the current security criteria for IP. We have indeed broken several challenges proposed in literature [28, 29,5]. For instance, we solved a challenge proposed by O. Billet and H. Gilbert at Asiacrypt’03 [5] in less than one second.
Cryptanalysis of MinRank
, 2008
"... In this paper, we investigate the difficulty of one of the most relevant problems in multivariate cryptography – namely MinRank – about which no real progress has been reported since [19, 9]. Our starting point is the KipnisShamir attack [19]. We first show new properties of the ideal generated by ..."
Abstract

Cited by 22 (11 self)
 Add to MetaCart
In this paper, we investigate the difficulty of one of the most relevant problems in multivariate cryptography – namely MinRank – about which no real progress has been reported since [19, 9]. Our starting point is the KipnisShamir attack [19]. We first show new properties of the ideal generated by KipnisShamir’s equations. We then propose a new modeling of the problem. Concerning the practical resolution, we adopt a Gröbner basis approach that permitted us to actually solve challenges A and B proposed by Courtois in [8]. Using the multihomogeneous structure of the algebraic system, we have been able to provide a theoretical complexity bound reflecting the practical behavior of our approach. Namely, when r ′ the dimension of the matrices minus the rank of the target matrix in the MinRank ( problem is constant, then we have a polynomial time at3 tack: O ln (q) n r′2). For the challenge C, we obtain a theoretical bound of 2 66.3 operations.