Results 1  10
of
264
Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases
 In Advances in Cryptology — CRYPTO 2003
, 2003
"... Abstract. In this paper, we review and explain the existing algebraic cryptanalysis of multivariate cryptosystems from the hidden field equation (HFE) family. These cryptanalysis break cryptosystems in the HFE family by solving multivariate systems of equations. In this paper we present a new and ef ..."
Abstract

Cited by 104 (27 self)
 Add to MetaCart
Abstract. In this paper, we review and explain the existing algebraic cryptanalysis of multivariate cryptosystems from the hidden field equation (HFE) family. These cryptanalysis break cryptosystems in the HFE family by solving multivariate systems of equations. In this paper we present a new and efficient attack of this cryptosystem based on fast algorithms for computing Gröbner basis. In particular it was was possible to break the first HFE challenge (80 bits) in only two days of CPU time by using the new algorithm F5 implemented in C. From a theoretical point of view we study the algebraic properties of the equations produced by instance of the HFE cryptosystems and show why they yield systems of equations easier to solve than random systems of quadratic equations of the same sizes. Moreover we are able to bound the maximal degree occuring in the Gröbner basis computation. As a consequence, we gain a deeper understanding of the algebraic cryptanalysis against these cryptosystems. We use this understanding to devise a specific algorithm based on sparse linear algebra. In general, we conclude that the cryptanalysis of HFE can be performed in polynomial time. We also revisit the security estimates for existing schemes in the HFE family. 1
On the complexity of Gröbner basis computation of semiregular overdetermined . . .
, 2004
"... ..."
Polynomial interpolation in several variables
 J. Algebraic Geom
, 1995
"... This is a survey of the main results on multivariate polynomial interpolation in the last twentyfive years, a period of time when the subject experienced its most rapid development. The problem is considered from two different points of view: the construction of data points which allow unique inter ..."
Abstract

Cited by 73 (0 self)
 Add to MetaCart
This is a survey of the main results on multivariate polynomial interpolation in the last twentyfive years, a period of time when the subject experienced its most rapid development. The problem is considered from two different points of view: the construction of data points which allow unique interpolation for given interpolation spaces as well as the converse. In addition, one section is devoted to error formulas and another to connections with computer algebra. An extensive list of references is also included.
Complete search in continuous global optimization and constraint satisfaction, Acta Numerica 13
, 2004
"... A chapter for ..."
Effective lattice point counting in rational convex polytopes
 JOURNAL OF SYMBOLIC COMPUTATION
, 2003
"... This paper discusses algorithms and software for the enumeration of all lattice points inside a rational convex polytope: we describe LattE, a computer package for lattice point enumeration which contains the first implementation of A. Barvinok's algorithm [8]. We report on computational experiments ..."
Abstract

Cited by 65 (11 self)
 Add to MetaCart
This paper discusses algorithms and software for the enumeration of all lattice points inside a rational convex polytope: we describe LattE, a computer package for lattice point enumeration which contains the first implementation of A. Barvinok's algorithm [8]. We report on computational experiments with multiway contingency tables, knapsack type problems, rational polygons, and flow polytopes. We prove that this kind of symbolicalgebraic ideas surpasses the traditional branchandbound enumeration and in some instances LattE is the only software capable of counting. Using LattE, we have also computed new formulas of Ehrhart (quasi)polynomials for interesting families of polytopes (hypersimplices, truncated cubes, etc). We end with a survey of other "algebraicanalytic" algorithms, including a "polar" variation of Barvinok's algorithm which is very fast when the number of facetdefining inequalities is much smaller compared to the number of vertices.
Recent Developments on Direct Relative Orientation
, 2006
"... This paper presents a novel version of the fivepoint relative orientation algorithm given in Nister (2004). The name of the algorithm arises from the fact that it can operate even on the minimal five point correspondences required for a finite number of solutions to relative orientation. For the mi ..."
Abstract

Cited by 61 (0 self)
 Add to MetaCart
This paper presents a novel version of the fivepoint relative orientation algorithm given in Nister (2004). The name of the algorithm arises from the fact that it can operate even on the minimal five point correspondences required for a finite number of solutions to relative orientation. For the minimal five correspondences the algorithm returns up to ten real solutions. The algorithm can also operate on many points. Like the previous version of the fivepoint algorithm, our method can operate correctly even in the face of critical surfaces, including planar and ruled quadric scenes. The paper
Factoring Multivariate Polynomials via Partial Differential Equations
 Math. Comput
, 2000
"... A new method is presented for factorization of bivariate polynomials over any field of characteristic zero or of relatively large characteristic. It is based on a simple partial differential equation that gives a system of linear equations. Like Berlekamp's and Niederreiter's algorithms for factorin ..."
Abstract

Cited by 51 (9 self)
 Add to MetaCart
A new method is presented for factorization of bivariate polynomials over any field of characteristic zero or of relatively large characteristic. It is based on a simple partial differential equation that gives a system of linear equations. Like Berlekamp's and Niederreiter's algorithms for factoring univariate polynomials, the dimension of the solution space of the linear system is equal to the number of absolutely irreducible factors of the polynomial to be factored and any basis for the solution space gives a complete factorization by computing gcd's and by factoring univariate polynomials over the ground field. The new method finds absolute and rational factorizations simultaneously and is easy to implement for finite fields, local fields, number fields, and the complex number field. The theory of the new method allows an effective Hilbert irreducibility theorem, thus an efficient reduction of polynomials from multivariate to bivariate.
Symmetric tensors and symmetric tensor rank
 Scientific Computing and Computational Mathematics (SCCM
, 2006
"... Abstract. A symmetric tensor is a higher order generalization of a symmetric matrix. In this paper, we study various properties of symmetric tensors in relation to a decomposition into a symmetric sum of outer product of vectors. A rank1 orderk tensor is the outer product of k nonzero vectors. An ..."
Abstract

Cited by 46 (19 self)
 Add to MetaCart
Abstract. A symmetric tensor is a higher order generalization of a symmetric matrix. In this paper, we study various properties of symmetric tensors in relation to a decomposition into a symmetric sum of outer product of vectors. A rank1 orderk tensor is the outer product of k nonzero vectors. Any symmetric tensor can be decomposed into a linear combination of rank1 tensors, each of them being symmetric or not. The rank of a symmetric tensor is the minimal number of rank1 tensors that is necessary to reconstruct it. The symmetric rank is obtained when the constituting rank1 tensors are imposed to be themselves symmetric. It is shown that rank and symmetric rank are equal in a number of cases, and that they always exist in an algebraically closed field. We will discuss the notion of the generic symmetric rank, which, due to the work of Alexander and Hirschowitz, is now known for any values of dimension and order. We will also show that the set of symmetric tensors of symmetric rank at most r is not closed, unless r = 1. Key words. Tensors, multiway arrays, outer product decomposition, symmetric outer product decomposition, candecomp, parafac, tensor rank, symmetric rank, symmetric tensor rank, generic symmetric rank, maximal symmetric rank, quantics AMS subject classifications. 15A03, 15A21, 15A72, 15A69, 15A18 1. Introduction. We
Asymptotic Behaviour of the Degree of Regularity of SemiRegular Polynomial Systems
 In MEGA’05, 2005. Eighth International Symposium on Effective Methods in Algebraic Geometry
"... We compute the asymptotic expansion of the degree of regularity for overdetermined semiregular sequences of algebraic equations. This degree implies bounds for the generic complexity of Gröbner bases algorithms, in particular the F5 [Fau02] algorithm. Bounds can also be derived for the XL [SPCK00] ..."
Abstract

Cited by 42 (24 self)
 Add to MetaCart
We compute the asymptotic expansion of the degree of regularity for overdetermined semiregular sequences of algebraic equations. This degree implies bounds for the generic complexity of Gröbner bases algorithms, in particular the F5 [Fau02] algorithm. Bounds can also be derived for the XL [SPCK00] family of algorithms used by the cryptographic community. 1 Motivations and Results The worstcase complexity of Gröbner bases has been the object of extensive studies. In the most general case, it is well known after work by Mayr and Meyer that the complexity is doubly exponential in the number of variables. For subclasses of polynomial systems, the complexity may be much smaller. Of particular importance is the class of regular sequences of polynomials. There, it is known that after a generic linear change of variables the complexity of the computation for the degreereverselexicographic order is simply exponential in the number of variables. Moreover, in characteristic 0, these systems are generic. Our goal is to give similar complexity bounds for overdetermined systems, for a class of systems that we
On the Validity of Implicitization by Moving Quadrics for Rational Surfaces with No Base Points
 J. Symbolic Computation
, 2000
"... Techniques from algebraic geometry and commutative algebra are adopted to establish sufficient polynomial conditions for the validity of implicitization by the method of moving quadrics both for rectangular tensor product surfaces of bidegree (m; n) and for triangular surfaces of total degree n in ..."
Abstract

Cited by 41 (3 self)
 Add to MetaCart
Techniques from algebraic geometry and commutative algebra are adopted to establish sufficient polynomial conditions for the validity of implicitization by the method of moving quadrics both for rectangular tensor product surfaces of bidegree (m; n) and for triangular surfaces of total degree n in the absence of base points. 1 Introduction Several years ago, Tom Sederberg introduced a new technique for finding the implicit equation of a rational surface [Sederberg & Chen 1995]. The classical method for finding the implicit equation of a rational parametric surface x = x(s; t) w(s; t) ; y = y(s; t) w(s; t) ; z = z(s; t) w(s; t) is to compute the bivariate resultant of the three polynomials: x(s; t) \Gamma x \Delta w(s; t); y(s; t) \Gamma y \Delta w(s; t); z(s; t) \Gamma z \Delta w(s; t): Unfortunately for many applications, the resultant of these three polynomials vanishes identically when the surface has base points  that is, parameter values (s 0 ; t 0 ) for which x(s 0 ;...