Results 1  10
of
12
New Subexponential Algorithms for Factoring in SL(2,F2 n)
"... Cayley hash functions are a particular kind of cryptographic hash functions with very appealing properties. Unfortunately, their security is related to a mathematical problem whose hardness is not very well understood, the factorization problem in finite groups. Given a group G, a set of generators ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Cayley hash functions are a particular kind of cryptographic hash functions with very appealing properties. Unfortunately, their security is related to a mathematical problem whose hardness is not very well understood, the factorization problem in finite groups. Given a group G, a set of generators S for this group and an element g ∈ G, the factorization problem asks for a “short” representation of g as a product of the generators. In this paper, we provide a new algorithm for solving this problem for the group G: = SL(2,F2n). We first reduce the problem to the resolution of a particular kind of multivariate equation over F2n. Then, we introduce a dedicated approach to solve this equation with Gröbner bases. We provide a complexity analysis of our approach that is of independent interest from the point of view of Gröbner basis algorithms. Finally, we give the first subexponential time algorithm computing polynomiallength factorizations of any element g with respect to any generator set S of SL(2,F2n). Previous algorithms only worked for specific generator sets, ran in exponential time or produced factorizations that had at least a subexponential length. In practice, our algorithm beats the birthdaybound complexity of previous attacks for medium and large values of n.
Gröbner bases in differencedifferential modules
 University of Linz
, 2006
"... This is joint work with M. Zhou of Beihang University in Beijing. The work has been supported by the Austrian FWF project P16357N04 and by the ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
This is joint work with M. Zhou of Beihang University in Beijing. The work has been supported by the Austrian FWF project P16357N04 and by the
Connecting Gröbner bases programs with Coq to do proofs in algebra, geometry and arithmetics
"... We describe how we connected three programs that compute Gröbner bases [1] to Coq [11], to do automated proofs on algebraic, geometrical and arithmetical expressions. The result is a set of Coq tactics and a certificate mechanism 1. The programs are: F4 [5], GB [4], and gbcoq [10]. F4 and GB are the ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We describe how we connected three programs that compute Gröbner bases [1] to Coq [11], to do automated proofs on algebraic, geometrical and arithmetical expressions. The result is a set of Coq tactics and a certificate mechanism 1. The programs are: F4 [5], GB [4], and gbcoq [10]. F4 and GB are the fastest (up to our knowledge) available programs that compute Gröbner bases. Gbcoq is slow in general but is proved to be correct (in Coq), and we adapted it to our specific problem to be efficient. The automated proofs concern equalities and nonequalities on polynomials with coefficients and indeterminates in R or Z, and are done by reducing to Gröbner computation, via Hilbert’s Nullstellensatz. We adapted also the results of [7], to allow to prove some theorems about modular arithmetics. The connection between Coq and the programs that compute Gröbner bases is done using the ”external” tactic of Coq that allows to call arbitrary programs accepting xml inputs and outputs. We also produce certificates in order to make the proof scripts independent from the external programs.
Solving polynomial systems over finite fields: Improved analysis of the hybrid approach
 In: ISSAC’12: Proceedings of the 2012 International Symposium on Symbolic and Algebraic Computation
, 2012
"... The Polynomial System Solving (PoSSo) problem is a fundamental NPHard problem in computer algebra. Among others, PoSSo have applications in area such as coding theory and cryptology. Typically, the security of multivariate publickey schemes (MPKC) such as the UOV cryptosystem of Kipnis, Shamir and ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
The Polynomial System Solving (PoSSo) problem is a fundamental NPHard problem in computer algebra. Among others, PoSSo have applications in area such as coding theory and cryptology. Typically, the security of multivariate publickey schemes (MPKC) such as the UOV cryptosystem of Kipnis, Shamir and Patarin is directly related to the hardness of PoSSo over finite fields. The goal of this paper is to further understand the influence of finite fields on the hardness of PoSSo. To this end, we consider the socalled hybrid approach. This is a polynomial system solving method dedicated to finite fields proposed by Bettale, Faugère and Perret (Journal of Mathematical Cryptography, 2009). The idea is to combine exhaustive search with Gröbner bases. The efficiency of the hybrid approach is related to the choice of a tradeoff between the two methods. We propose here an improved complexity analysis dedicated
Inversion of polynomial systems and separation of nonlinear mixtures of finitealphabet sources
, 2009
"... Abstract — In this contribution, MultiInput MultiOutput (MIMO) mixing systems are considered, which are instantaneous and nonlinear but polynomial. We first address the problem of invertibility, searching the inverse in the class of polynomial systems. It is shown that Groebner bases techniques of ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract — In this contribution, MultiInput MultiOutput (MIMO) mixing systems are considered, which are instantaneous and nonlinear but polynomial. We first address the problem of invertibility, searching the inverse in the class of polynomial systems. It is shown that Groebner bases techniques offer an attractive solution for testing the existence of an exact inverse and computing it. By noticing that any nonlinear mapping can be interpolated by a polynomial on a finite set, we tackle the general nonlinear case. Relying on a finite alphabet assumption of the input source signals, theoretical results on polynomials allow us to represent nonlinear systems as linear combinations of a finite set of monomials. We then generalize the first results to give a condition for the existence of an exact nonlinear inverse. The proposed method allows to compute this inverse in polynomial form. In the light of the previous results, we go further to the blind source separation problem. It is shown that for sources in a finite alphabet, the nonlinear problem is tightly connected with both problems of underdetermination and of dependent sources. We concentrate on the case of two binary sources, for which an easy solution can be found. By simulation, this solution is compared to techniques borrowed from classification methods. Index Terms — nonlinear systems, polynomials, Groebner bases, blind source separation, finite alphabet
Computing and Proving with IntegroDifferential Polynomials in Theorema
"... Integrodifferential polynomials are a novel generalization of the wellknown differential polynomials extensively used in differential algebra [17]. They were introduced in [29] as a kind of universal extensions of integrodifferential algebras and have recently been applied in a confluence proof [ ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Integrodifferential polynomials are a novel generalization of the wellknown differential polynomials extensively used in differential algebra [17]. They were introduced in [29] as a kind of universal extensions of integrodifferential algebras and have recently been applied in a confluence proof [34] for the rewrite system
Vanishing Component Analysis
"... The vanishing ideal of a set of points, S ⊂ Rn, is the set of all polynomials that attain the value of zero on all the points in S. Such ideals can be compactly represented using a small set of polynomials known as generators of the ideal. Here we describe and analyze an efficient procedure that con ..."
Abstract
 Add to MetaCart
The vanishing ideal of a set of points, S ⊂ Rn, is the set of all polynomials that attain the value of zero on all the points in S. Such ideals can be compactly represented using a small set of polynomials known as generators of the ideal. Here we describe and analyze an efficient procedure that constructs a set of generators of a vanishing ideal. Our procedure is numerically stable, and can be used to find approximately vanishing polynomials. The resulting polynomials capture nonlinear structure in data, and can for example be used within supervised learning. Empirical comparison with kernel methods show that our method constructs more compact classifiers with comparable accuracy. 1.
ElimLin Algorithm Revisited
"... ElimLin is a simple algorithm for solving polynomial systems of multivariate equations over small finite fields. It was initially proposed as a single tool by Courtois to attack DES. It can reveal some hidden linear equations existing in the ideal generated by the system. We report a number of key ..."
Abstract
 Add to MetaCart
(Show Context)
ElimLin is a simple algorithm for solving polynomial systems of multivariate equations over small finite fields. It was initially proposed as a single tool by Courtois to attack DES. It can reveal some hidden linear equations existing in the ideal generated by the system. We report a number of key theorems on ElimLin. Our main result is to characterize ElimLin in terms of a sequence of intersections of vector spaces. It implies that the linear space generated by ElimLin is invariant with respect to any variable ordering during elimination and substitution. This can be seen as surprising given the fact that it eliminates variables. On the contrary, monomial ordering is a crucial factor in Gröbner basis algorithms such as F4. Moreover, we prove that the result of ElimLin is invariant with respect to any affine bijective variable change. Analyzing an overdefined dense system of equations, we argue that to obtain more linear equations in the succeeding iteration in ElimLin some restrictions should be satisfied. Finally, we compare the security of LBlock and MIBS block ciphers with respect to algebraic attacks and propose several attacks on Courtois Toy Cipher version 2 (CTC2) with distinct parameters using ElimLin.
ii ACKNOWLEDGMENTS
, 2013
"... I would first like to thank those who I could not have done this without. On the academic side, my advisers ..."
Abstract
 Add to MetaCart
(Show Context)
I would first like to thank those who I could not have done this without. On the academic side, my advisers