flexible partial enlargement to accelerate gr obner basis
play

Flexible Partial Enlargement to Accelerate Gr obner Basis - PowerPoint PPT Presentation

Jun 29, 2023 •155 likes •713 views

Flexible Partial Enlargement to Accelerate Gr obner Basis Computation over F 2 Johannes Buchmann*, Daniel Cabarcas , Jantai Ding , Mohamed Saied Emam Mohamed* *Technische Universit at Darmstadt University of Cincinnati

  1. Flexible Partial Enlargement to Accelerate Gr¨ obner Basis Computation over F 2 Johannes Buchmann*, Daniel Cabarcas † , Jantai Ding † , Mohamed Saied Emam Mohamed* *Technische Universit¨ at Darmstadt † University of Cincinnati Africacrypt 2010 Stellenbosch, South Africa, May 2010 Mohamed Saied Emam Mohamed The MGB Algorithm 1

  2. Outline Motivation Gr¨ obner Basis Algorithms for Computing GB Enlargement Flexible Partial Enlargement MGB Algorithm Experimental Results Future Work Mohamed Saied Emam Mohamed The MGB Algorithm 2

  3. Motivation Multivariate Cryptography Factoring and discrete logarithm: insecure under the assumption that quantum computer with enough Qbits exist Multivariate based cryptosystems: potential to resist the quantum computer attacks Mohamed Saied Emam Mohamed The MGB Algorithm 3

  4. Motivation Multivariate Cryptography Factoring and discrete logarithm: insecure under the assumption that quantum computer with enough Qbits exist Multivariate based cryptosystems: potential to resist the quantum computer attacks Algebraic Cryptanalysis Breaking a good cipher should require “as much work as solving a system of simultaneous equations in a large number of unknowns” (Shannon 1949) Mohamed Saied Emam Mohamed The MGB Algorithm 3

  5. Motivation The MQ Problem Given finite set of quadratic polynomials P in X = { x 1 , . . . , x n } over finite field F Find v ∈ F n , p ( v ) = 0 ∀ p ∈ P , for example: x 1 x 2 + x 1 x 3 + x 2 x 3 = 0 x 1 x 3 + x 2 x 3 + x 1 + 1 = 0 x 1 x 2 + x 1 x 3 + x 2 x 3 + x 1 + x 2 + 1 = 0 General MQ is NP-hard even if P is over F 2 Mohamed Saied Emam Mohamed The MGB Algorithm 4

  6. Motivation Algebraic Attacks Cryptosystem → MQ Polynomial equations system Solving MQ polynomial equations system → Recovering the secret Mohamed Saied Emam Mohamed The MGB Algorithm 5

  7. Motivation Algebraic Attacks Cryptosystem → MQ Polynomial equations system Solving MQ polynomial equations system → Recovering the secret Attacking MPKCs PK is a set of MQ Polynomial equations Encryption = Evaluation Decryption = Inversion Multivariate encryption scheme Multivariate systems → Decrypting a ciphertext using PK Multivariate signature scheme Multivariate systems → Signing a message using PK Mohamed Saied Emam Mohamed The MGB Algorithm 5

  8. Motivation Attacking Block Cipher Using the pair of (known) plaintext-ciphertext values, the secret key and a large number of intermediate variables arising in the cipher Solving the resulting multivariate system is equivalent to recovering the secret key Mohamed Saied Emam Mohamed The MGB Algorithm 6

  9. Motivation Attacking Block Cipher Using the pair of (known) plaintext-ciphertext values, the secret key and a large number of intermediate variables arising in the cipher Solving the resulting multivariate system is equivalent to recovering the secret key Attacking Stream Cipher Set up system of polynomial equations in unknown K and known keystream bits z t f 1 ( K , Z ) = 0 , · · · , f N ( K , Z ) = 0 Solving the multivariate system to get K Mohamed Saied Emam Mohamed The MGB Algorithm 6

  10. Motivation The key question How to solve multivariate polynomial systems efficiently? Mohamed Saied Emam Mohamed The MGB Algorithm 7

  11. Motivation The key question How to solve multivariate polynomial systems efficiently? Experiments Dense random systems HFE systems of different univariate degrees Mohamed Saied Emam Mohamed The MGB Algorithm 7

  12. Gr¨ obner Basis Gr¨ obner basis algorithms are the best known techniques for solving multivariate systems Definition: A Gr¨ obner basis is a finite subset G of an ideal I satisfying: � LT(G) � = LT( I ) Properties: Computing the variety of I Membership Problem Mohamed Saied Emam Mohamed The MGB Algorithm 8

  13. Algorithms for Computing GB Matrix-based algorithms F 4 algorithm F 5 algorithm XL algorithm (single solution) MutantXL algorithm (single solution) MXL 3 algorithm Mohamed Saied Emam Mohamed The MGB Algorithm 9

  14. Algorithms for Computing GB Matrix-based algorithms F 4 algorithm F 5 algorithm XL algorithm (single solution) MutantXL algorithm (single solution) MXL 3 algorithm Mohamed Saied Emam Mohamed The MGB Algorithm 9

  15. Algorithms for Computing GB Input: P ( x ) = 0 Output: G a Gr¨ obner basis of � P ( x ) � repeat Echelonize( P ) G = Gr¨ obner( P ) if termination criterion satisfied then return G terminate Enlarge( P ) Mohamed Saied Emam Mohamed The MGB Algorithm 10

  16. Algorithms for Computing GB Echelonize( P ): Linearize(P) Gaussian Elimination Problem → very large matrix and computation time Mohamed Saied Emam Mohamed The MGB Algorithm 11

  17. Algorithms for Computing GB Termination Criterion: F 4 ,F 5 → No more pairs exist Mohamed Saied Emam Mohamed The MGB Algorithm 12

  18. Algorithms for Computing GB Termination Criterion: F 4 ,F 5 → No more pairs exist XL,MutantXL → Computing univariate equations Mohamed Saied Emam Mohamed The MGB Algorithm 12

  19. Algorithms for Computing GB Termination Criterion: F 4 ,F 5 → No more pairs exist XL,MutantXL → Computing univariate equations MXL 3 → Saturation Criterion Computing G with highest degree d : G contains all terms of degree d as leading terms If H = G ∪ { t · g : g ∈ G deg( t · g ) ≤ d + 1 } No new t ∈ HT( � H ) and deg( t ) ≤ d Mohamed Saied Emam Mohamed The MGB Algorithm 12

  20. Enlargement Enlarge( P ): Extends P by multiplying a selected set of polynomials by monomials Affects on the size of the constructed matrix and the memory t 1 t 2 1 . . .   p 1 × × × . . .   p 2 × × × . . .   .  . . .  ... . . . .   . . . . p m × × × . . . Mohamed Saied Emam Mohamed The MGB Algorithm 13

  21. Enlargement Enlarge( P ): Extends P by multiplying a selected set of polynomials by monomials Affects on the size of the constructed matrix and the memory t 1 t 2 1 . . .   p 1 × × × . . .   p 2 × × × . . .   .  . . .  ... Enlarge . . . . − − − − →   . . . . m ji · p i p m × × × . . . Mohamed Saied Emam Mohamed The MGB Algorithm 13

  22. Enlargement Enlarge( P ): Extends P by multiplying a selected set of polynomials by monomials Affects on the size of the constructed matrix and the memory t 1 t 2 1 s 1 s 2 s 3 1 . . . . . . . . .     p 1 × × × f 1 × × × × . . . . . . . . .     p 2 × × × f 2 × × × × . . . . . . . . .     .  . . .  ...   Enlarge f 3 × × × × . . . . . . . . . . − − − − →     . . . . . . . . . ... ...   m ji · p i . . . . . .  . . . .  p m × × × . . .   . . . . . ... ... . . . . .   . . . . . f k × × × × . . . . . . Mohamed Saied Emam Mohamed The MGB Algorithm 13

  23. Enlargement Selection Strategy: F 4 ,F 5 algorithms → S-Polynomials Selecting a subset of Critical pairs based on the degree of LCM of the pair Mohamed Saied Emam Mohamed The MGB Algorithm 14

  24. Enlargement Selection Strategy: F 4 ,F 5 algorithms → S-Polynomials Selecting a subset of Critical pairs based on the degree of LCM of the pair XL algorithm → No selection Enlarge the system by multiplying P by all monomials up to a certain degree D Mohamed Saied Emam Mohamed The MGB Algorithm 14

  25. Enlargement Selection Strategy: F 4 ,F 5 algorithms → S-Polynomials Selecting a subset of Critical pairs based on the degree of LCM of the pair XL algorithm → No selection Enlarge the system by multiplying P by all monomials up to a certain degree D MutantXL algorithm → Mutant Criterion Mohamed Saied Emam Mohamed The MGB Algorithm 14

  26. Enlargement Mutants Echelonize process yields polynomials of smaller degree than expected at a current degree D of the algorithm (mutants) Using them to enlarge the system before the degree goes up Mohamed Saied Emam Mohamed The MGB Algorithm 15

  27. Enlargement Mutants Echelonize process yields polynomials of smaller degree than expected at a current degree D of the algorithm (mutants) Using them to enlarge the system before the degree goes up p 1 = x 1 x 2 + x 2 x 3 + x 2 x 4 + x 3 x 4 + x 1 + x 3 + 1 p 2 = x 1 x 2 + x 1 x 3 + x 1 x 4 + x 3 x 4 + x 2 + x 3 + 1 p 3 = x 1 x 2 + x 1 x 3 + x 2 x 3 + x 3 x 4 + x 1 + x 4 + 1 p 4 = x 1 x 3 + x 1 x 4 + x 2 x 3 + x 2 x 4 + 1 Mohamed Saied Emam Mohamed The MGB Algorithm 15

  28. Enlargement Mutants Echelonize process yields polynomials of smaller degree than expected at a current degree D of the algorithm (mutants) Using them to enlarge the system before the degree goes up p 1 = x 1 x 2 + x 2 x 3 + x 2 x 4 + x 3 x 4 + x 1 + x 3 + 1 p 2 = x 1 x 2 + x 1 x 3 + x 1 x 4 + x 3 x 4 + x 2 + x 3 + 1 p 3 = x 1 x 2 + x 1 x 3 + x 2 x 3 + x 3 x 4 + x 1 + x 4 + 1 p 4 = x 1 x 3 + x 1 x 4 + x 2 x 3 + x 2 x 4 + 1 p 1 = x 1 x 2 + x 2 x 3 + x 2 x 4 + x 3 x 4 + x 1 + x 3 + 1 � p 2 = � x 1 x 3 + x 1 x 4 + x 2 x 3 + x 2 x 4 + x 1 + x 2 p 3 = � x 1 x 4 + x 2 x 3 + x 1 + x 2 + x 3 + x 4 p 4 = � x 1 + x 2 + 1 Mohamed Saied Emam Mohamed The MGB Algorithm 15

Recommend

Gr obner basis - What, Why and How? Tushant Mittal Agenda Motivational Problems 1 2

Gr obner basis - What, Why and How? Tushant Mittal Agenda Motivational Problems 1 2

Gr obner basis - What, Why and How? Tushant Mittal Agenda Motivational Problems 1 2 Monomial Ordering 3 Division Algorithm 4 Gr obner Basis 5 Buchbergers Algorithm 6 Complexity 7 Applications 2/18 08/04/2017 Tushant Mittal Indian

778 views • 60 slides
Solving sparse polynomial systems using Gr obner basis Mat as R. Bender Sorbonne

Solving sparse polynomial systems using Gr obner basis Mat as R. Bender Sorbonne

Solving sparse polynomial systems using Gr obner basis Mat as R. Bender Sorbonne Universit e, CNRS , INRIA , Laboratoire dInformatique de Paris 6, LIP6 , Equipe PolSys , 4 place Jussieu, F-75005, Paris, France Joint work with :

893 views • 74 slides
Towards Mixed Gr obner Basis Algorithms: the Multihomogeneous and Sparse Case July 19, 2018

Towards Mixed Gr obner Basis Algorithms: the Multihomogeneous and Sparse Case July 19, 2018

Towards Mixed Gr obner Basis Algorithms: the Multihomogeneous and Sparse Case July 19, 2018 Mat as R. Bender, Jean-Charles Faug` ere & Elias Tsigaridas Sorbonne Universit e, CNRS , INRIA , Laboratoire dInformatique de Paris 6,

786 views • 39 slides
Fast Gr obner basis computation and polynomial reduction for generic bivariate ideals Joris

Fast Gr obner basis computation and polynomial reduction for generic bivariate ideals Joris

Fast Gr obner basis computation and polynomial reduction for generic bivariate ideals Joris van der Hoeven, Robin Larrieu Laboratoire dInformatique de lEcole Polytechnique (LIX) JNCF 2019 Luminy 05th February 2019 Joris van der

881 views • 56 slides
Reduced Basis Collocation Methods for Partial Differential Equations with Random Coefficients

Reduced Basis Collocation Methods for Partial Differential Equations with Random Coefficients

Preliminary: Spectral Methods for PDEs with Uncertain Coefficients Reduced Basis Methods Reduced Basis + Sparse Grid Collocation Iterative Solution of Reduced Problem Concluding Remarks Reduced Basis Collocation Methods for Partial Differential

476 views • 43 slides
Flexible Spending Accounts Presented by What is a Flexible Spending Account (FSA) ? Its an

Flexible Spending Accounts Presented by What is a Flexible Spending Account (FSA) ? Its an

Flexible Spending Accounts Presented by What is a Flexible Spending Account (FSA) ? Its an employee benefit plan that: Allows you to set aside money on a pre-tax basis to pay for unreimbursed health or dependent care expenses.

397 views • 23 slides
Project-course about the enlargement of the European Union Will the EU start negotiations with

Project-course about the enlargement of the European Union Will the EU start negotiations with

Nadine Malich, M.A. Institute for Political Sciences University Kiel, Germany Project-course about the enlargement of the European Union Will the EU start negotiations with Turkey about a full membership in the EU ? EU and its enlargement -

352 views • 10 slides
Purpose of Enlargement JULY 8, 2015 Overview Purpose of Enlargement Educational Services

Purpose of Enlargement JULY 8, 2015 Overview Purpose of Enlargement Educational Services

Passaic County Educational Services Commission Purpose of Enlargement JULY 8, 2015 Overview Purpose of Enlargement Educational Services Transportation Services Information Technology Services Financial Services Overview Mission The PCESC

305 views • 26 slides
Automatic calculation of plane loci using Gr obner bases and integration into a Dynamic

Automatic calculation of plane loci using Gr obner bases and integration into a Dynamic

Automatic calculation of plane loci using Gr obner bases and integration into a Dynamic Geometry System Michael Gerh auser, Alfred Wassermann July 24, 2010 Overview JSXGraph - A short overview Computing plane loci using Gr obner

377 views • 36 slides
Elliptic stochastic partial differential equations: An orthonormal vector basis approach S

Elliptic stochastic partial differential equations: An orthonormal vector basis approach S

Elliptic stochastic partial differential equations: An orthonormal vector basis approach S Adhikari 1 1 Swansea University, UK Uncertainty Quantification Workshop, Edinburgh, 26 May, 2010 Adhikari (SU) Reduced methods for SPDE 26 May 2010 1 /

570 views • 33 slides
I n this months column available basis, 7 as the proceeds of a partial (or com- plete, as the

I n this months column available basis, 7 as the proceeds of a partial (or com- plete, as the

C O R P O R A T E B U S I N E S S T A X A T I O N M O N T H L Y Tax Accounting BY JAMES E. SALLES tal, and represents gain to the extent that it exceeds I n this months column available basis, 7 as the proceeds of

163 views • 3 slides
regular basis and many options more frequently Can be adapted to your preferences as

regular basis and many options more frequently Can be adapted to your preferences as

Result of Data Warehouse reviews and is an effective reconciliations tool occurring Must be Use to monitor throughout performed on a activity the year. Very flexible with regular basis and many options more frequently

922 views • 43 slides
Content 1. SmartEEs - At a glance 2. Context - Smart Anything Everywhere & Digital

Content 1. SmartEEs - At a glance 2. Context - Smart Anything Everywhere & Digital

Content 1. SmartEEs - At a glance 2. Context - Smart Anything Everywhere & Digital Innovation Hubs 3. Application - Flexible Electronics 4. Acceleration program - A full set of actions to accelerate Flexible Electronics integration 5.

486 views • 23 slides
Content 1. SmartEEs - At a glance 2. Context - Smart Anything Everywhere 3. Application -

Content 1. SmartEEs - At a glance 2. Context - Smart Anything Everywhere 3. Application -

Content 1. SmartEEs - At a glance 2. Context - Smart Anything Everywhere 3. Application - Flexible Electronics 4. Acceleration program - A full set of actions to accelerate Flexible Electronics integration 5. Value proposal -

559 views • 19 slides
European Commission European Commission DG ENLARGEMENT DG ENLARGEMENT D.4 D.4 Institution

European Commission European Commission DG ENLARGEMENT DG ENLARGEMENT D.4 D.4 Institution

European Commission European Commission DG ENLARGEMENT DG ENLARGEMENT D.4 D.4 Institution Building Unit (IBU): Institution Building Unit (IBU): TAIEX Instrument TAIEX Instrument EC - DG Enlargement - Institution Building Unit (07/11/2005)

306 views • 11 slides
An Efficient Implementation for Computing Gr obner bases over algebraic number fields

An Efficient Implementation for Computing Gr obner bases over algebraic number fields

An Efficient Implementation for Computing Gr obner bases over algebraic number fields Masayuki Noro Kobe University An Efficient Implementation for Computing Gr obner bases over algebraic number fields p. 1 Multiple algebraic

447 views • 25 slides
ACCELERATE AUDIT ACCELERATE ATTAIN ALIGN ACCREDIT THE 4 STAGE PROCESS ACCELERATE ACCREDIT

ACCELERATE AUDIT ACCELERATE ATTAIN ALIGN ACCREDIT THE 4 STAGE PROCESS ACCELERATE ACCREDIT

THE PROCESS ACCELERATE AUDIT ACCELERATE ATTAIN ALIGN ACCREDIT THE 4 STAGE PROCESS ACCELERATE ACCREDIT ALIGN AUDIT ATTAIN We assess sales and sales management teams We deliver a targeted and We have a robust approach We align

517 views • 8 slides
Overview Partial Constituent Fronting in German The phenomenon: Partial constituent fronting

Overview Partial Constituent Fronting in German The phenomenon: Partial constituent fronting

Overview Partial Constituent Fronting in German The phenomenon: Partial constituent fronting in German Partial VPs Partial APs Kordula De Kuthy Detmar Meurers Partial NPs Interaction: Partial constituents embedded in VPs

224 views • 7 slides
Gr obner Bases In Public Key Cryptography: Hope Never Dies M. Caboara, F.Caruso, C. Traverso

Gr obner Bases In Public Key Cryptography: Hope Never Dies M. Caboara, F.Caruso, C. Traverso

Gr obner Bases In Public Key Cryptography: Hope Never Dies M. Caboara, F.Caruso, C. Traverso Eurocrypt 2008 Rump session Istanbul, April 15, 2008 M. Caboara, F.Caruso, C. Traverso Gr obner Bases In Public Key Cryptography: Hope Never

649 views • 31 slides
Commission proposal for the Enlargement region IPA III 1 This afternoon Discussion on

Commission proposal for the Enlargement region IPA III 1 This afternoon Discussion on

2021 2027: Commission proposal for the Enlargement region IPA III 1 This afternoon Discussion on measures for IPARD III In three groups, reporting back to the plenary Introduction access to finance, financial instruments

532 views • 13 slides
Algebraic Techniques in Cryptanalysis of Block Ciphers with a bias towards Gr obner bases

Algebraic Techniques in Cryptanalysis of Block Ciphers with a bias towards Gr obner bases

Introduction Equations Solvers Advanced Techniques Algebraic Techniques in Cryptanalysis of Block Ciphers with a bias towards Gr obner bases Martin R. Albrecht Team SALSA, UPMC, Paris 6, . . . June 2nd, 2011 @ ECrypt 2 PhD Summer school,

1.09k views • 46 slides
1 The problem From a given partial order, produce a compatible total order Partial order:

1 The problem From a given partial order, produce a compatible total order Partial order:

Chair of Softw are Engineering Chair of Softw are Engineering Einfhrung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 19: Topological sort Part 1: Problem and math basis by Caran dAche Introduction

538 views • 15 slides
Gr obner Bases a short introduction Elena Dimitrova AIMS, 2019 Elena Dimitrova Gr

Gr obner Bases a short introduction Elena Dimitrova AIMS, 2019 Elena Dimitrova Gr

Gr obner Bases a short introduction Elena Dimitrova AIMS, 2019 Elena Dimitrova Gr obner Bases a short introduction AIMS, 2019 1 / 11 Polynomial rings Let k be a field. Let R be the set of all polynomials in variables x 1 , . . .

355 views • 11 slides
JUST THE MATHS SLIDES NUMBER 14.1 PARTIAL DIFFERENTIATION 1 (Partial derivatives of the

JUST THE MATHS SLIDES NUMBER 14.1 PARTIAL DIFFERENTIATION 1 (Partial derivatives of the

JUST THE MATHS SLIDES NUMBER 14.1 PARTIAL DIFFERENTIATION 1 (Partial derivatives of the first order) by A.J.Hobson 14.1.1 Functions of several variables 14.1.2 The definition of a partial derivative UNIT 14.1 PARTIAL DIFFERENTIATION

295 views • 8 slides

More recommend