fast method for testing the smoothness of polynomials
play

Fast method for testing the smoothness of polynomials Jean-Franc - PowerPoint PPT Presentation

Feb 07, 2024 •115 likes •1.02k views

page.1 Fast method for testing the smoothness of polynomials Jean-Franc ois Biasse Mike Jacobson University of Calgary October 2013 Biasse-Jacobson (U of C) Fast smoothness test October 2013 1 / 24 page.2 Presentation of the problem

  1. page.1 Fast method for testing the smoothness of polynomials Jean-Franc ¸ois Biasse Mike Jacobson University of Calgary October 2013 Biasse-Jacobson (U of C) Fast smoothness test October 2013 1 / 24

  2. page.2 Presentation of the problem Let K be a finite field. Let B > 0 a bound. We want to test if a given P ∈ K [ X ] is B -smooth, that is if P = P e 1 1 · · · P e n with ∀ i ≤ k deg( P i ) ≤ B . n , Biasse-Jacobson (U of C) Fast smoothness test October 2013 2 / 24

  3. page.3 Presentation of the problem Let K be a finite field. Let B > 0 a bound. We want to test if a given P ∈ K [ X ] is B -smooth, that is if P = P e 1 1 · · · P e n with ∀ i ≤ k deg( P i ) ≤ B . n , This occurs in the resolution of the disrete logarithm problem (DLP) : Function field sieve in ( F p m ) ∗ . Biasse-Jacobson (U of C) Fast smoothness test October 2013 2 / 24

  4. page.4 Presentation of the problem Let K be a finite field. Let B > 0 a bound. We want to test if a given P ∈ K [ X ] is B -smooth, that is if P = P e 1 1 · · · P e n with ∀ i ≤ k deg( P i ) ≤ B . n , This occurs in the resolution of the disrete logarithm problem (DLP) : Function field sieve in ( F p m ) ∗ . Random walk method in J ( C ). Biasse-Jacobson (U of C) Fast smoothness test October 2013 2 / 24

  5. page.5 Presentation of the problem Let K be a finite field. Let B > 0 a bound. We want to test if a given P ∈ K [ X ] is B -smooth, that is if P = P e 1 1 · · · P e n with ∀ i ≤ k deg( P i ) ≤ B . n , This occurs in the resolution of the disrete logarithm problem (DLP) : Function field sieve in ( F p m ) ∗ . Random walk method in J ( C ). Quadratic sieve method in the Jacobian of J ( C ). where J ( C ) is the Jacobian of a hyperelliptic curve C over a finite field. Biasse-Jacobson (U of C) Fast smoothness test October 2013 2 / 24

  6. page.6 1 Motivation 2 Bernstein’s approach 3 Complexity analysis 4 Practical examples Biasse-Jacobson (U of C) Fast smoothness test October 2013 2 / 24

  7. page.7 The jacobian of a hyperelliptic curve Let K be a finite field, a hyperelliptic curve C of genus g is defined by Y 2 + h ( X ) Y + f ( X ) = 0 , where h , f ∈ K [ X ], deg( h ) ≤ g and deg( f ) = 2 g + 1 or 2 g + 2. Biasse-Jacobson (U of C) Fast smoothness test October 2013 3 / 24

  8. page.8 The jacobian of a hyperelliptic curve Let K be a finite field, a hyperelliptic curve C of genus g is defined by Y 2 + h ( X ) Y + f ( X ) = 0 , where h , f ∈ K [ X ], deg( h ) ≤ g and deg( f ) = 2 g + 1 or 2 g + 2. The Jacobian variety A hyperelliptic curve is associated to a group J ( C ) with |J ( C ) | ≈ q g where K = F q . Solving the DLP at fixed g is exponential in log( q ). Biasse-Jacobson (U of C) Fast smoothness test October 2013 3 / 24

  9. page.9 The jacobian of a hyperelliptic curve Let K be a finite field, a hyperelliptic curve C of genus g is defined by Y 2 + h ( X ) Y + f ( X ) = 0 , where h , f ∈ K [ X ], deg( h ) ≤ g and deg( f ) = 2 g + 1 or 2 g + 2. The Jacobian variety A hyperelliptic curve is associated to a group J ( C ) with |J ( C ) | ≈ q g where K = F q . Solving the DLP at fixed g is exponential in log( q ). The DLP in |J ( C ) | in an essential topic in cryptography. Elliptic curves are the special case g = 1. Biasse-Jacobson (U of C) Fast smoothness test October 2013 3 / 24

  10. page.10 Smoothness in J ( C ) Elements of J ( C ) can be represented by ( u ( X ) , v ( X )) where deg( u ) ≤ g is the degree of ( u ( X ) , v ( X )). deg( v ) < deg( v ). Biasse-Jacobson (U of C) Fast smoothness test October 2013 4 / 24

  11. page.11 Smoothness in J ( C ) Elements of J ( C ) can be represented by ( u ( X ) , v ( X )) where deg( u ) ≤ g is the degree of ( u ( X ) , v ( X )). deg( v ) < deg( v ). Smoothness of divisors We say that a ∈ J ( C ) is B -smooth if a = p 1 · · · p n for some n > 0 , with ∀ i , deg( p i ) ≤ B . Biasse-Jacobson (U of C) Fast smoothness test October 2013 4 / 24

  12. page.12 Smoothness in J ( C ) Elements of J ( C ) can be represented by ( u ( X ) , v ( X )) where deg( u ) ≤ g is the degree of ( u ( X ) , v ( X )). deg( v ) < deg( v ). Smoothness of divisors We say that a ∈ J ( C ) is B -smooth if a = p 1 · · · p n for some n > 0 , with ∀ i , deg( p i ) ≤ B . If u ( X ) is B -smooth for B ≤ g , then ( u ( X ) , v ( X )) is B -smooth in J ( C ). Biasse-Jacobson (U of C) Fast smoothness test October 2013 4 / 24

  13. page.13 Solving the DLP in J ( C ) from relations Let a , b ∈ J ( C ), we want to find x ∈ Z such that b = a x . Let p 1 , · · · , p n generating J ( C ). Biasse-Jacobson (U of C) Fast smoothness test October 2013 5 / 24

  14. page.14 Solving the DLP in J ( C ) from relations Let a , b ∈ J ( C ), we want to find x ∈ Z such that b = a x . Let p 1 , · · · , p n generating J ( C ).   p m 1 , 1 · · · p m 1 , n = 1 0 0 m 1 , 1 m 1 , n n 1     p m k , 1 · · · p m k , n m l , 1 m l , n 0 0 = 1   n 1   =   M p m k +1 , 1 · · · p m k +1 , n m l +1 , 1 m l +1 , n 1 0 b = 1   n 1     m l +2 , 1 m l +2 , n 0 1 p m k +2 , 1 · · · p m k +2 , n a = 1 n 1 A : l + 2 rows n + 1 columns Biasse-Jacobson (U of C) Fast smoothness test October 2013 5 / 24

  15. page.15 Solving the DLP in J ( C ) from relations Let a , b ∈ J ( C ), we want to find x ∈ Z such that b = a x . Let p 1 , · · · , p n generating J ( C ).   p m 1 , 1 · · · p m 1 , n = 1 0 0 m 1 , 1 m 1 , n n 1     p m k , 1 · · · p m k , n m l , 1 m l , n 0 0 = 1   n 1   =   M p m k +1 , 1 · · · p m k +1 , n m l +1 , 1 m l +1 , n 1 0 b = 1   n 1     m l +2 , 1 m l +2 , n 0 1 p m k +2 , 1 · · · p m k +2 , n a = 1 n 1 A : l + 2 rows n + 1 columns If XA = (0 , · · · , 0 , 1), then ∃ y ∈ Z such that XM = (0 , · · · , 0 , 1 , y ). This means ba y = 1, so x = − y is a solution. Biasse-Jacobson (U of C) Fast smoothness test October 2013 5 / 24

  16. page.16 Relations in J ( C ) from random walk We can solve the DLP in J ( C ) from relations p 1 · · · p n = 1 where B := { p 1 · · · p n } generates J ( C ). B = { p = ( u , v ) ∈ J ( C ) | u prime , deg( u ) ≤ B } . Biasse-Jacobson (U of C) Fast smoothness test October 2013 6 / 24

  17. page.17 Relations in J ( C ) from random walk We can solve the DLP in J ( C ) from relations p 1 · · · p n = 1 where B := { p 1 · · · p n } generates J ( C ). B = { p = ( u , v ) ∈ J ( C ) | u prime , deg( u ) ≤ B } . Random walk strategy We repeat the following steps. Draw p e 1 1 · · · p e n n = ( u , v ) at random. Test if u ∈ F q [ X ] is B -smooth. i p e i Each time u is B -smooth, we have a relation � i = � j q j . Biasse-Jacobson (U of C) Fast smoothness test October 2013 6 / 24

  18. page.18 Relations in J ( C ) from random walk We can solve the DLP in J ( C ) from relations p 1 · · · p n = 1 where B := { p 1 · · · p n } generates J ( C ). B = { p = ( u , v ) ∈ J ( C ) | u prime , deg( u ) ≤ B } . Random walk strategy We repeat the following steps. Draw p e 1 1 · · · p e n n = ( u , v ) at random. Test if u ∈ F q [ X ] is B -smooth. i p e i Each time u is B -smooth, we have a relation � i = � j q j . The two main contribution to the cost are Arithmetic in J ( C ). Smoothness test of u . Biasse-Jacobson (U of C) Fast smoothness test October 2013 6 / 24

  19. page.19 Sieving in a fonction field Let P ∈ K [ x ][ y ] of degree g . Let B > 0 and S ⊂ K [ x ] g +1 . We want to find ( a i ( x )) ∈ S such that P ( a 0 ( x ) , · · · , a g ( x )) is B − smooth . Biasse-Jacobson (U of C) Fast smoothness test October 2013 7 / 24

  20. page.20 Sieving in a fonction field Let P ∈ K [ x ][ y ] of degree g . Let B > 0 and S ⊂ K [ x ] g +1 . We want to find ( a i ( x )) ∈ S such that P ( a 0 ( x ) , · · · , a g ( x )) is B − smooth . Sieving methods Using roots of P mod p i where deg( p i ) ≤ B , we Preselect rapidly candidates Q 1 ( x ) , · · · , Q l ( x ) where Q j ∈ P ( S ). Then we test the ( Q i ( x )) i ≤ l for smoothness. Biasse-Jacobson (U of C) Fast smoothness test October 2013 7 / 24

  21. page.21 Sieving in a fonction field Let P ∈ K [ x ][ y ] of degree g . Let B > 0 and S ⊂ K [ x ] g +1 . We want to find ( a i ( x )) ∈ S such that P ( a 0 ( x ) , · · · , a g ( x )) is B − smooth . Sieving methods Using roots of P mod p i where deg( p i ) ≤ B , we Preselect rapidly candidates Q 1 ( x ) , · · · , Q l ( x ) where Q j ∈ P ( S ). Then we test the ( Q i ( x )) i ≤ l for smoothness. Sieving is faster than testing P ( a 0 ( x ) , · · · , a g ( x )) for all ( a i ( x )) ∈ S . It still involves smoothness tests of elements in K [ x ]. Biasse-Jacobson (U of C) Fast smoothness test October 2013 7 / 24

  22. page.22 Relations in J ( C ) from sieving Let C : Y 2 + h ( X ) Y + f ( X ) = F ( X , Y ) = 0 with deg( f ) = 2 g + 1. Let O := F q [ X ][ Y ] / F ( X , Y ) be the equation order. Cl ( O ) := { ideals of O} / { principal ideals } ≃ J ( C ). Biasse-Jacobson (U of C) Fast smoothness test October 2013 8 / 24

Recommend

Fast Straightening Algorithm for Bracket Polynomials Based on Tableau Manipulations Changpeng

Fast Straightening Algorithm for Bracket Polynomials Based on Tableau Manipulations Changpeng

Fast Straightening Algorithm for Bracket Polynomials Based on Tableau Manipulations Changpeng Shao, Hongbo Li KLMM, Chinese Academy of Sciences July 18, 2018 1 / 30 Outline Background: Bracket Polynomials and Straightening Sros: New

611 views • 30 slides
About the CRT method to compute class Sminaire LFANT 10/05/2012 (Bordeaux) polynomials in

About the CRT method to compute class Sminaire LFANT 10/05/2012 (Bordeaux) polynomials in

About the CRT method to compute class Sminaire LFANT 10/05/2012 (Bordeaux) polynomials in dimension 2 Kristin Lauter 1 , Damien Robert 2 1 Microsoft Research 2 LFANT Team, IMB &amp; INRIA Bordeaux Sud-Ouest Class polynomials Speeding up the

671 views • 31 slides
Polynomials and Fast Fourier Transform (FFT) Polynomials n-1 a i x i a polynomial of degree n-1

Polynomials and Fast Fourier Transform (FFT) Polynomials n-1 a i x i a polynomial of degree n-1

Polynomials and Fast Fourier Transform (FFT) Polynomials n-1 a i x i a polynomial of degree n-1 A(x) = i=0 Evaluate at a point x = b in time ? Polynomials n-1 a i x i a polynomial of degree n-1 A(x) = i=0 Evaluate at a point x = b in

440 views • 16 slides
Recent results on the multiplicative renormalization method for orthogonal polynomials

Recent results on the multiplicative renormalization method for orthogonal polynomials

Introduction Multiplicative Renormalization Method Characterization Theorems References Recent results on the multiplicative renormalization method for orthogonal polynomials Hui-Hsiung Kuo Louisiana State University Symposium on

1.42k views • 125 slides
The Fast Sweeping Method for Convex Hamilton-Jacobi Equations and Beyond Hongkai Zhao UC Irvine

The Fast Sweeping Method for Convex Hamilton-Jacobi Equations and Beyond Hongkai Zhao UC Irvine

The Fast Sweeping Method for Convex Hamilton-Jacobi Equations and Beyond Hongkai Zhao UC Irvine Highlights of the fast sweeping method (FSM) Simplicity: a Gauss-Seidel type of iterative method. Optimal complexity: finite number of

1.13k views • 37 slides
Efficient GPU parallelization of the Fast Multipole Method with periodic boundary conditions

Efficient GPU parallelization of the Fast Multipole Method with periodic boundary conditions

Efficient GPU parallelization of the Fast Multipole Method with periodic boundary conditions Bartosz Kohnke Fast Multipole Method (FMM) Calculation of long-ranged forces in the n-body problem (Greengard and Rokhlin, 1987) Tree based

774 views • 59 slides
Computing Hilbert class polynomials with the CRT method Andrew V. Sutherland Massachusetts

Computing Hilbert class polynomials with the CRT method Andrew V. Sutherland Massachusetts

Introduction The CRT method Examples and Results Computing Hilbert class polynomials with the CRT method Andrew V. Sutherland Massachusetts Institute of Technology September 23, 2008 Introduction The CRT method Examples and Results

756 views • 47 slides
Composition of Power Series, Change of Basis and Orthogonal Polynomials Bruno Salvy

Composition of Power Series, Change of Basis and Orthogonal Polynomials Bruno Salvy

Introduction Very Fast Fast Change of Basis Orthogonal Polynomials Conclusion Composition of Power Series, Change of Basis and Orthogonal Polynomials Bruno Salvy Bruno.Salvy@inria.fr Algorithms Project, Inria June 2nd, 2008 Joint work

881 views • 69 slides
A new method for computing Kazhdan-Lusztig polynomials Eric Sommers University of Massachusetts

A new method for computing Kazhdan-Lusztig polynomials Eric Sommers University of Massachusetts

A new method for computing Kazhdan-Lusztig polynomials Eric Sommers University of Massachusetts Amherst AMS Session, Gainseville, FL November 3, 2019 1 Credits Based on the 2013 PhD thesis of Jennifer Koonz. Available through MathSciNet.

640 views • 16 slides
Fast Reduction of Bivariate Polynomials with Respect to Sufficiently Regular Gr obner Bases

Fast Reduction of Bivariate Polynomials with Respect to Sufficiently Regular Gr obner Bases

Fast Reduction of Bivariate Polynomials with Respect to Sufficiently Regular Gr obner Bases Joris van der Hoeven, Robin Larrieu Laboratoire dInformatique de lEcole Polytechnique (LIX) ISSAC 18 New York, USA 18 / 07 / 2018 Joris

419 views • 27 slides
8. Factoring polynomials over finite fields CS-E4500 Advanced Course on Algorithms Spring 2018

8. Factoring polynomials over finite fields CS-E4500 Advanced Course on Algorithms Spring 2018

8. Factoring polynomials over finite fields CS-E4500 Advanced Course on Algorithms Spring 2018 Peteri Kaski Department of Computer Science Aalto University Lecture schedule Tue 16 Jan: 1. Polynomials and integers Tue 23 Jan: 2. The fast

661 views • 41 slides
Metamorphic Testing: A Simple Method for Testing Non-Testable Programs Tsong Yueh Chen

Metamorphic Testing: A Simple Method for Testing Non-Testable Programs Tsong Yueh Chen

Metamorphic Testing: A Simple Method for Testing Non-Testable Programs Tsong Yueh Chen tychen@swin.edu.au Swinburne University of Technology Australia 1 Test Oracle A mechanism or procedure against which the computed outputs could be

1.01k views • 63 slides
Discrete Logarithms and Galois Invariant Smoothness Basis (with J.-M. Couveignes) R. Lercier

Discrete Logarithms and Galois Invariant Smoothness Basis (with J.-M. Couveignes) R. Lercier

Background Function Field Sieve Galois Invariant Smoothness Basis Conclusion Discrete Logarithms and Galois Invariant Smoothness Basis (with J.-M. Couveignes) R. Lercier DGA/CELAR &amp; University of Rennes France Reynald.Lercier (at)

650 views • 38 slides
Low weight polynomials in crypto Thomas Johansson Dept of EIT, Lund University, Sweden FSE

Low weight polynomials in crypto Thomas Johansson Dept of EIT, Lund University, Sweden FSE

Low weight polynomials in crypto Thomas Johansson Dept of EIT, Lund University, Sweden FSE 2014 Thomas Johansson Low weight polynomials in crypto Contents PART I: Applications of low weight polynomials in crypto 1 Fast correlation

642 views • 45 slides
Smoothness In Zariski Categories A Proposed Definition and a Few Easy Results. John Iskra

Smoothness In Zariski Categories A Proposed Definition and a Few Easy Results. John Iskra

Smoothness In Zariski Categories A Proposed Definition and a Few Easy Results. John Iskra jiskra@ehc.edu Department of Mathematics &amp; Computer Science Emory and Henry College Emory, Virginia 24327 USA Smoothness In Zariski Categories p.

991 views • 51 slides
Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing

Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing

Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing Hypothesis testing is a method to contradict a theoretical assumption using data. In his seminal book on design of experiments, Fisher (1937) uses

526 views • 3 slides
Computation of Igusa class polynomials with the complex analytic method R. Dupont 1 , A. Enge 2 ,

Computation of Igusa class polynomials with the complex analytic method R. Dupont 1 , A. Enge 2 ,

Computation of Igusa class polynomials with the complex analytic method R. Dupont 1 , A. Enge 2 , E. Thom e 3 1 INRIA/TANC, Saclay ; 2 INRIA/LFANT, Bordeaux ; 3 INRIA/CARAMEL, Nancy. /* EPI CARAMEL */ C,A, /*

563 views • 30 slides
Utter Command Fast, hands-free computer control by speech Redstart Report Method Fast,

Utter Command Fast, hands-free computer control by speech Redstart Report Method Fast,

Utter Command Fast, hands-free computer control by speech Redstart Report Method Fast, efficient, consistent reports by speech Kimberly Patch kim@redstartsystems.com www.redstartsystems.com Disabled Users as Speech Testbed Many people in

389 views • 6 slides
LOW-COMMUNICATION FFT WITH FAST MULTIPOLE METHOD Cris Cecka, Senior Research Scientist. May 11,

LOW-COMMUNICATION FFT WITH FAST MULTIPOLE METHOD Cris Cecka, Senior Research Scientist. May 11,

May 8-11, 2017 | Silicon Valley LOW-COMMUNICATION FFT WITH FAST MULTIPOLE METHOD Cris Cecka, Senior Research Scientist. May 11, 2017 THE FAST FOURIER TRANSFORM Operation Count: 4 N log 2 N 6 N + 8 2 SPLIT-RADIX FFT Algorithm 3

531 views • 34 slides
Testing for the Unexpected: An Automated T ti f th U t d A A t t d Method of Injecting

Testing for the Unexpected: An Automated T ti f th U t d A A t t d Method of Injecting

Testing for the Unexpected: An Automated T ti f th U t d A A t t d Method of Injecting Faults for Engine Management Development M t D l t Scott James Applied Dynamics International Sh Shaun Fuller Pickering Interfaces F ll

353 views • 18 slides
Arithmetic Circuit Identity Testing for Sparse Polynomials Speaker: Moritz Hardt Joint work

Arithmetic Circuit Identity Testing for Sparse Polynomials Speaker: Moritz Hardt Joint work

Arithmetic Circuit Identity Testing for Sparse Polynomials Speaker: Moritz Hardt Joint work with Markus Blser, Saarland University C M U T h e o r y L u n c h , A p r i l 2 5 2 0 0 7 Quick Reminder Arithmetic Circuit 1 2

750 views • 52 slides
More Zeroes of Polynomials In this lecture we look more carefully at zeroes of polynomials.

More Zeroes of Polynomials In this lecture we look more carefully at zeroes of polynomials.

More Zeroes of Polynomials In this lecture we look more carefully at zeroes of polynomials. (Recall: a zero of a polynomial is sometimes called a root.) Our goal in the next few presentations is to set up a strategy for Elementary

331 views • 9 slides
Between Piecewise Smoothness and Linear Complementarity Andreas Griewank, with thanks to A.

Between Piecewise Smoothness and Linear Complementarity Andreas Griewank, with thanks to A.

Between Piecewise Smoothness and Linear Complementarity Andreas Griewank, with thanks to A. Walther, T. Bosse, N. Strogies, S. Fiege, F. Kerkoff, J.U. Bernt, M. Radons,T. Streubel, R. Hasenfelder, P. Boeck, B. Lenser, . . . Institute for

771 views • 75 slides
The complexity of factoring univariate polynomials over the rationals Mark van Hoeij Florida

The complexity of factoring univariate polynomials over the rationals Mark van Hoeij Florida

The complexity of factoring univariate polynomials over the rationals Mark van Hoeij Florida State University ISSAC2013 June 26, 2013 Papers [Zassenhaus 1969]. Usually fast, but can be exp-time. [LLL 1982]. Lattice reduction (LLL

766 views • 43 slides

More recommend