Efficient Computation of Zero-dimensional Gröbner Bases by Change of Ordering

Faugère, Jean-Charles; Gianni, Patrizia; Lazard, Daniel; Mora, Teo

doi:10.1006/jsco.1993.1051

Cited by 500 publications

(426 citation statements)

References 8 publications

Supporting

Mentioning

424

Contrasting

Unclassified

Order By: Relevance

“…Lazard in the articles [17] describes a relationship between the method of the computation of Gröbner bases and the one based on Gaussian Eliminations on matrix for the system A. Moreover there are some other Gröbner basis algorithms based on Gaussian elimination: F 4 [11], F GLM [13] and F 5 [12]. We explain now the relationship between polynomials and matrices.…”

Section: Some Other Algorithmsmentioning

confidence: 99%

See 1 more Smart Citation

Comparison Between XL and Gröbner Basis Algorithms

Ars

Faugère

Imai

et al. 2004

Advances in Cryptology - ASIACRYPT 2004

View full text Add to dashboard Cite

Abstract. This paper compares the XL algorithm with known Gröbner basis algorithms. We show that to solve a system of algebraic equations via the XL algorithm is equivalent to calculate the reduced Gröbner basis of the ideal associated with the system. Moreover we show that the XL algorithm is also a Gröbner basis algorithm which can be represented as a redundant variant of a Gröbner basis algorithm F4. Then we compare these algorithms on semi-regular sequences, which correspond, in conjecture, to almost all polynomial systems in two cases: over the fields F2 and Fq with q n. We show that the size of the matrix constructed by XL is large compared to the ones of the F5 algorithm. Finally, we give an experimental study between XL and the Buchberger algorithm on the cryptosystem HFE and find that the Buchberger algorithm has a better behavior.

show abstract

Section: Some Other Algorithmsmentioning

confidence: 99%

“…Behavior of the XL algorithm and the F5 algorithm on Fq 1 + n i=1 (deg(f i ) − 1) = n + 1 for any ordering. This computation is done with a DRL ordering and then we use the FGLM algorithm [13,10] to find the wanted ordering.…”

Section: On the Fieldmentioning

confidence: 99%

Comparison Between XL and Gröbner Basis Algorithms

Ars

Faugère

Imai

et al. 2004

Advances in Cryptology - ASIACRYPT 2004

View full text Add to dashboard Cite

show abstract

“…It could be chosen so that D 0 form a lexicographic Gröbner basis (using a block order where the non-eliminated variables are ordered lexicographically), but this may make the elimination process slower. In any case, order change algorithms could be used, such as the Gröbner Walk [6] or FGLM [15].…”

Section: New Sets Of Conditions Given a R-round Trail T A Sequencementioning

confidence: 99%

Analysis of the Collision Resistance of RadioGatúnUsing Algebraic Techniques

Bouillaguet

Fouque

2009

Selected Areas in Cryptography

View full text Add to dashboard Cite

Abstract. In this paper, we present some preliminary results on the security of the RadioGatún hash function. RadioGatún has an internal state of 58 words, and is parameterized by the word size, from one to 64 bits. We mostly study the one-bit version of RadioGatún since according to the authors, attacks on this version also affect the reasonably-sized versions. On this toy version, we revisit the claims of the designers and first improve some results. Secondly, given a differential path, we show how to find a message pair colliding more efficiently than the strategy proposed by the authors using algebraic techniques. We experimented this strategy on the one-bit version since we can efficiently find differential path by brute force. Even though the complexity of this collision attack is higher than the general security claim on RadioGatún 1 , it is still less than the birthday paradox on the size of the internal state.

show abstract

“…In differential algebra, they make it easier to compute power series solutions, as pointed out in [2]. In both nondifferential and differential algebra, they permit to search linear dependencies between rational fractions modulo regular chains, by searching linear dependencies between their normal forms, modulo "nothing" (one of the key ideas of [10], developed in the differential case in [3]). The very same principle, applied on the derivatives of rational differential fractions, may help to find first integrals.…”

Section: Introductionmentioning

confidence: 99%