Results 1  10
of
48
Mechanical Translation of Set Theoretic Problem Specifications Into Efficient RAM Code  A Case Study
 Proc. EUROCAL 85
, 1985
"... This paper illustrates a fully automatic topdown approach to program development in which formal problem specifications are mechanically translated into efficient RAM code. This code is guaranteed to be totally correct and an upper bound on its worst case asymptotic running time is automatically de ..."
Abstract

Cited by 26 (8 self)
 Add to MetaCart
This paper illustrates a fully automatic topdown approach to program development in which formal problem specifications are mechanically translated into efficient RAM code. This code is guaranteed to be totally correct and an upper bound on its worst case asymptotic running time is automatically determined. The user is only required to supply the system with a formal problem specification, and is relieved of all responsibilities in the rest of the program development process. These results are obtained, in part, by greatly restricting the system to handle a class of determinate, set theoretic, tractable problems. The most essential transformational techniques that are used are fixed point iteration, finite differencing, and data structure selection. Rudimentary forms of these techniques have been implemented and used effectively in the RAPTS transformational programming system. This paper explains the conceptual underpinnings of our approach by considering the problem of attribute closure for relational databases and systematically deriving a program that implements a linear time solution. 1.
Hybrid approach for solving multivariate systems over finite fields
 JOURNAL OF MATHEMATICAL CRYPTOLOGY
, 2009
"... In this paper, we present an improved approach to solve multivariate systems over finite fields. Our approach is a tradeoff between exhaustive search and Gröbner bases techniques. We give theoretical evidences that our method brings a significant improvement in a very large context and we clearly d ..."
Abstract

Cited by 23 (9 self)
 Add to MetaCart
In this paper, we present an improved approach to solve multivariate systems over finite fields. Our approach is a tradeoff between exhaustive search and Gröbner bases techniques. We give theoretical evidences that our method brings a significant improvement in a very large context and we clearly define its limitations. The efficiency depends on the choice of the tradeoff. Our analysis gives an explicit way to choose the best tradeoff as well as an approximation. From our analysis, we present a new general algorithm to solve multivariate polynomial systems. Our theoretical results are experimentally supported by successful cryptanalysis of several multivariate schemes (TRMS, UOV,...). As a proof of concept, we were able to break the proposed parameters assumed to be secure until now. Parameters that resists to our method are also explicitly given. Our work permits to refine the parameters to be chosen for multivariate schemes.
Polynomial Equivalence Problems: Algorithmic and Theoretical Aspects
 In EUROCRYPT
, 2006
"... Abstract. The Isomorphism of Polynomials (IP) [28], which is the main concern of this paper, originally corresponds to the problem of recovering the secret key of a C ∗ scheme [26]. Besides, the security of various other schemes (signature, authentication [28], traitor tracing [5],...) also depends ..."
Abstract

Cited by 22 (10 self)
 Add to MetaCart
Abstract. The Isomorphism of Polynomials (IP) [28], which is the main concern of this paper, originally corresponds to the problem of recovering the secret key of a C ∗ scheme [26]. Besides, the security of various other schemes (signature, authentication [28], traitor tracing [5],...) also depends on the practical hardness of IP. Due to its numerous applications, the Isomorphism of Polynomials is thus one of the most fundamental problems in multivariate cryptography. In this paper, we address two complementary aspects of IP, namely its theoretical and practical difficulty. We present an upper bound on the theoretical complexity of “IPlike ” problems, i.e. a problem consisting in recovering a particular transformation between two sets of multivariate polynomials. We prove that these problems are not NPHard (provided that the polynomial hierarchy does not collapse). Concerning the practical aspect, we present a new algorithm for solving IP. In a nutshell, the idea is to generate a suitable algebraic system of equations whose zeroes correspond to a solution of IP. From a practical point of view, we employed a fast Gröbner basis algorithm, namely F5 [17], for solving this system. This approach is efficient in practice and obliges to modify the current security criteria for IP. We have indeed broken several challenges proposed in literature [28, 29,5]. For instance, we solved a challenge proposed by O. Billet and H. Gilbert at Asiacrypt’03 [5] in less than one second.
Cryptanalysis of MinRank
, 2008
"... In this paper, we investigate the difficulty of one of the most relevant problems in multivariate cryptography – namely MinRank – about which no real progress has been reported since [19, 9]. Our starting point is the KipnisShamir attack [19]. We first show new properties of the ideal generated by ..."
Abstract

Cited by 19 (11 self)
 Add to MetaCart
In this paper, we investigate the difficulty of one of the most relevant problems in multivariate cryptography – namely MinRank – about which no real progress has been reported since [19, 9]. Our starting point is the KipnisShamir attack [19]. We first show new properties of the ideal generated by KipnisShamir’s equations. We then propose a new modeling of the problem. Concerning the practical resolution, we adopt a Gröbner basis approach that permitted us to actually solve challenges A and B proposed by Courtois in [8]. Using the multihomogeneous structure of the algebraic system, we have been able to provide a theoretical complexity bound reflecting the practical behavior of our approach. Namely, when r ′ the dimension of the matrices minus the rank of the target matrix in the MinRank ( problem is constant, then we have a polynomial time at3 tack: O ln (q) n r′2). For the challenge C, we obtain a theoretical bound of 2 66.3 operations.
Symbolic and numeric methods for exploiting structure in constructing resultant matrices
 J. Symb. Comp
, 2002
"... Resultants characterize the existence of roots of systems of multivariate nonlinear polynomial equations, while their matrices reduce the computation of all common zeros to a problem in linear algebra. Sparse elimination theory has introduced the sparse resultant, which takes into account the sparse ..."
Abstract

Cited by 17 (12 self)
 Add to MetaCart
Resultants characterize the existence of roots of systems of multivariate nonlinear polynomial equations, while their matrices reduce the computation of all common zeros to a problem in linear algebra. Sparse elimination theory has introduced the sparse resultant, which takes into account the sparse structure of the polynomials. The construction of sparse resultant, or Newton, matrices is the critical step in the computation of the multivariate resultant and the solution of a nonlinear system. We reveal and exploit the quasiToeplitz structure of the Newton matrix, thus decreasing the time complexity of constructing such matrices by roughly one order of magnitude to achieve quasiquadratic complexity in the matrix dimension. The space complexity is also decreased analogously. These results imply similar improvements in the complexity of computing the resultant polynomial itself and of solving zerodimensional systems. Our approach relies on fast vectorbymatrix multiplication and uses the following two methods as building blocks. First, a fast and numerically stable method for determining the rank of rectangular matrices, which works exclusively over oating point arithmetic. Second, exact polynomial arithmetic algorithms that improve upon the complexity of polynomial multiplication under our model of sparseness, o ering bounds linear in the number of variables and the number of nonzero terms. 1.
Cryptanalysis of 2R– schemes
 in &quot;Advances in Cryptology CRYPTO 2006&quot;, C. DWORK (editor). , Lecture Notes in Computer Science
"... Abstract. In this paper, we study the security of 2R − schemes [17,18], which are the “minus variant ” of tworound schemes. This variant consists in removing some of the n polynomials of the public key, and permits to thwart an attack described at Crypto’99 [25] against tworound schemes. Usually, ..."
Abstract

Cited by 10 (7 self)
 Add to MetaCart
Abstract. In this paper, we study the security of 2R − schemes [17,18], which are the “minus variant ” of tworound schemes. This variant consists in removing some of the n polynomials of the public key, and permits to thwart an attack described at Crypto’99 [25] against tworound schemes. Usually, the “minus variant ” leads to a real strengthening of the considered schemes. We show here that this is actually not true for 2R − schemes. We indeed propose an efficient algorithm for decomposing 2R − schemes. For instance, we can remove up to � n 2 � equations and still be able to recover a decomposition in O(n 12). We provide experimental results illustrating the efficiency of our approach. In practice, we have been able to decompose 2R − schemes in less than a handful of hours for most of the challenges proposed by the designers [18]. We believe that this result makes the principle of tworound schemes, including 2R − schemes, useless.
Solving NonLinear Arithmetic
"... We present a new algorithm for deciding satisfiability of nonlinear arithmetic constraints. The algorithm performs a ConflictDriven Clause Learning (CDCL)style search for a feasible assignment, while using projection operators adapted from cylindrical algebraic decomposition to guide the search aw ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
We present a new algorithm for deciding satisfiability of nonlinear arithmetic constraints. The algorithm performs a ConflictDriven Clause Learning (CDCL)style search for a feasible assignment, while using projection operators adapted from cylindrical algebraic decomposition to guide the search away from the conflicting states.
Comparing Parallel Functional Languages: Programming and Performance
, 2002
"... This paper presents a practical evaluation and comparison of three stateoftheart parallel functional languages. The evaluation is based on implementations of three typical symbolic computation programs, with performance measured on a Beowulfclass parallel architecture. We assess ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
This paper presents a practical evaluation and comparison of three stateoftheart parallel functional languages. The evaluation is based on implementations of three typical symbolic computation programs, with performance measured on a Beowulfclass parallel architecture. We assess
Algebraic Geometry and Computer Vision: Polynomial Systems, Real and Complex Roots
, 1998
"... We review the different techniques known for doing exact computations on polynomial systems. Some are based on the use of Grobner bases and linear algebra, others on the more classical resultants and its modern counterparts. Many theoretical examples of the use of these techniques are given. Further ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
We review the different techniques known for doing exact computations on polynomial systems. Some are based on the use of Grobner bases and linear algebra, others on the more classical resultants and its modern counterparts. Many theoretical examples of the use of these techniques are given. Furthermore, a full set of examples of applications in the domain of artificial vision, where many constraints boil down to polynomial systems, are presented. Emphasis is also put on very recent methods for determining the number of (isolated) real and complex roots of such systems.