fast method for testing the smoothness of polynomials
play

Fast method for testing the smoothness of polynomials Jean-Franc - PowerPoint PPT Presentation

Feb 07, 2024 •115 likes •1.02k views

page.1 Fast method for testing the smoothness of polynomials Jean-Franc ois Biasse Mike Jacobson University of Calgary October 2013 Biasse-Jacobson (U of C) Fast smoothness test October 2013 1 / 24 page.2 Presentation of the problem

  1. page.1 Fast method for testing the smoothness of polynomials Jean-Franc ¸ois Biasse Mike Jacobson University of Calgary October 2013 Biasse-Jacobson (U of C) Fast smoothness test October 2013 1 / 24

  2. page.2 Presentation of the problem Let K be a finite field. Let B > 0 a bound. We want to test if a given P ∈ K [ X ] is B -smooth, that is if P = P e 1 1 · · · P e n with ∀ i ≤ k deg( P i ) ≤ B . n , Biasse-Jacobson (U of C) Fast smoothness test October 2013 2 / 24

  3. page.3 Presentation of the problem Let K be a finite field. Let B > 0 a bound. We want to test if a given P ∈ K [ X ] is B -smooth, that is if P = P e 1 1 · · · P e n with ∀ i ≤ k deg( P i ) ≤ B . n , This occurs in the resolution of the disrete logarithm problem (DLP) : Function field sieve in ( F p m ) ∗ . Biasse-Jacobson (U of C) Fast smoothness test October 2013 2 / 24

  4. page.4 Presentation of the problem Let K be a finite field. Let B > 0 a bound. We want to test if a given P ∈ K [ X ] is B -smooth, that is if P = P e 1 1 · · · P e n with ∀ i ≤ k deg( P i ) ≤ B . n , This occurs in the resolution of the disrete logarithm problem (DLP) : Function field sieve in ( F p m ) ∗ . Random walk method in J ( C ). Biasse-Jacobson (U of C) Fast smoothness test October 2013 2 / 24

  5. page.5 Presentation of the problem Let K be a finite field. Let B > 0 a bound. We want to test if a given P ∈ K [ X ] is B -smooth, that is if P = P e 1 1 · · · P e n with ∀ i ≤ k deg( P i ) ≤ B . n , This occurs in the resolution of the disrete logarithm problem (DLP) : Function field sieve in ( F p m ) ∗ . Random walk method in J ( C ). Quadratic sieve method in the Jacobian of J ( C ). where J ( C ) is the Jacobian of a hyperelliptic curve C over a finite field. Biasse-Jacobson (U of C) Fast smoothness test October 2013 2 / 24

  6. page.6 1 Motivation 2 Bernstein’s approach 3 Complexity analysis 4 Practical examples Biasse-Jacobson (U of C) Fast smoothness test October 2013 2 / 24

  7. page.7 The jacobian of a hyperelliptic curve Let K be a finite field, a hyperelliptic curve C of genus g is defined by Y 2 + h ( X ) Y + f ( X ) = 0 , where h , f ∈ K [ X ], deg( h ) ≤ g and deg( f ) = 2 g + 1 or 2 g + 2. Biasse-Jacobson (U of C) Fast smoothness test October 2013 3 / 24

  8. page.8 The jacobian of a hyperelliptic curve Let K be a finite field, a hyperelliptic curve C of genus g is defined by Y 2 + h ( X ) Y + f ( X ) = 0 , where h , f ∈ K [ X ], deg( h ) ≤ g and deg( f ) = 2 g + 1 or 2 g + 2. The Jacobian variety A hyperelliptic curve is associated to a group J ( C ) with |J ( C ) | ≈ q g where K = F q . Solving the DLP at fixed g is exponential in log( q ). Biasse-Jacobson (U of C) Fast smoothness test October 2013 3 / 24

  9. page.9 The jacobian of a hyperelliptic curve Let K be a finite field, a hyperelliptic curve C of genus g is defined by Y 2 + h ( X ) Y + f ( X ) = 0 , where h , f ∈ K [ X ], deg( h ) ≤ g and deg( f ) = 2 g + 1 or 2 g + 2. The Jacobian variety A hyperelliptic curve is associated to a group J ( C ) with |J ( C ) | ≈ q g where K = F q . Solving the DLP at fixed g is exponential in log( q ). The DLP in |J ( C ) | in an essential topic in cryptography. Elliptic curves are the special case g = 1. Biasse-Jacobson (U of C) Fast smoothness test October 2013 3 / 24

  10. page.10 Smoothness in J ( C ) Elements of J ( C ) can be represented by ( u ( X ) , v ( X )) where deg( u ) ≤ g is the degree of ( u ( X ) , v ( X )). deg( v ) < deg( v ). Biasse-Jacobson (U of C) Fast smoothness test October 2013 4 / 24

  11. page.11 Smoothness in J ( C ) Elements of J ( C ) can be represented by ( u ( X ) , v ( X )) where deg( u ) ≤ g is the degree of ( u ( X ) , v ( X )). deg( v ) < deg( v ). Smoothness of divisors We say that a ∈ J ( C ) is B -smooth if a = p 1 · · · p n for some n > 0 , with ∀ i , deg( p i ) ≤ B . Biasse-Jacobson (U of C) Fast smoothness test October 2013 4 / 24

  12. page.12 Smoothness in J ( C ) Elements of J ( C ) can be represented by ( u ( X ) , v ( X )) where deg( u ) ≤ g is the degree of ( u ( X ) , v ( X )). deg( v ) < deg( v ). Smoothness of divisors We say that a ∈ J ( C ) is B -smooth if a = p 1 · · · p n for some n > 0 , with ∀ i , deg( p i ) ≤ B . If u ( X ) is B -smooth for B ≤ g , then ( u ( X ) , v ( X )) is B -smooth in J ( C ). Biasse-Jacobson (U of C) Fast smoothness test October 2013 4 / 24

  13. page.13 Solving the DLP in J ( C ) from relations Let a , b ∈ J ( C ), we want to find x ∈ Z such that b = a x . Let p 1 , · · · , p n generating J ( C ). Biasse-Jacobson (U of C) Fast smoothness test October 2013 5 / 24

  14. page.14 Solving the DLP in J ( C ) from relations Let a , b ∈ J ( C ), we want to find x ∈ Z such that b = a x . Let p 1 , · · · , p n generating J ( C ).   p m 1 , 1 · · · p m 1 , n = 1 0 0 m 1 , 1 m 1 , n n 1     p m k , 1 · · · p m k , n m l , 1 m l , n 0 0 = 1   n 1   =   M p m k +1 , 1 · · · p m k +1 , n m l +1 , 1 m l +1 , n 1 0 b = 1   n 1     m l +2 , 1 m l +2 , n 0 1 p m k +2 , 1 · · · p m k +2 , n a = 1 n 1 A : l + 2 rows n + 1 columns Biasse-Jacobson (U of C) Fast smoothness test October 2013 5 / 24

  15. page.15 Solving the DLP in J ( C ) from relations Let a , b ∈ J ( C ), we want to find x ∈ Z such that b = a x . Let p 1 , · · · , p n generating J ( C ).   p m 1 , 1 · · · p m 1 , n = 1 0 0 m 1 , 1 m 1 , n n 1     p m k , 1 · · · p m k , n m l , 1 m l , n 0 0 = 1   n 1   =   M p m k +1 , 1 · · · p m k +1 , n m l +1 , 1 m l +1 , n 1 0 b = 1   n 1     m l +2 , 1 m l +2 , n 0 1 p m k +2 , 1 · · · p m k +2 , n a = 1 n 1 A : l + 2 rows n + 1 columns If XA = (0 , · · · , 0 , 1), then ∃ y ∈ Z such that XM = (0 , · · · , 0 , 1 , y ). This means ba y = 1, so x = − y is a solution. Biasse-Jacobson (U of C) Fast smoothness test October 2013 5 / 24

  16. page.16 Relations in J ( C ) from random walk We can solve the DLP in J ( C ) from relations p 1 · · · p n = 1 where B := { p 1 · · · p n } generates J ( C ). B = { p = ( u , v ) ∈ J ( C ) | u prime , deg( u ) ≤ B } . Biasse-Jacobson (U of C) Fast smoothness test October 2013 6 / 24

  17. page.17 Relations in J ( C ) from random walk We can solve the DLP in J ( C ) from relations p 1 · · · p n = 1 where B := { p 1 · · · p n } generates J ( C ). B = { p = ( u , v ) ∈ J ( C ) | u prime , deg( u ) ≤ B } . Random walk strategy We repeat the following steps. Draw p e 1 1 · · · p e n n = ( u , v ) at random. Test if u ∈ F q [ X ] is B -smooth. i p e i Each time u is B -smooth, we have a relation � i = � j q j . Biasse-Jacobson (U of C) Fast smoothness test October 2013 6 / 24

  18. page.18 Relations in J ( C ) from random walk We can solve the DLP in J ( C ) from relations p 1 · · · p n = 1 where B := { p 1 · · · p n } generates J ( C ). B = { p = ( u , v ) ∈ J ( C ) | u prime , deg( u ) ≤ B } . Random walk strategy We repeat the following steps. Draw p e 1 1 · · · p e n n = ( u , v ) at random. Test if u ∈ F q [ X ] is B -smooth. i p e i Each time u is B -smooth, we have a relation � i = � j q j . The two main contribution to the cost are Arithmetic in J ( C ). Smoothness test of u . Biasse-Jacobson (U of C) Fast smoothness test October 2013 6 / 24

  19. page.19 Sieving in a fonction field Let P ∈ K [ x ][ y ] of degree g . Let B > 0 and S ⊂ K [ x ] g +1 . We want to find ( a i ( x )) ∈ S such that P ( a 0 ( x ) , · · · , a g ( x )) is B − smooth . Biasse-Jacobson (U of C) Fast smoothness test October 2013 7 / 24

  20. page.20 Sieving in a fonction field Let P ∈ K [ x ][ y ] of degree g . Let B > 0 and S ⊂ K [ x ] g +1 . We want to find ( a i ( x )) ∈ S such that P ( a 0 ( x ) , · · · , a g ( x )) is B − smooth . Sieving methods Using roots of P mod p i where deg( p i ) ≤ B , we Preselect rapidly candidates Q 1 ( x ) , · · · , Q l ( x ) where Q j ∈ P ( S ). Then we test the ( Q i ( x )) i ≤ l for smoothness. Biasse-Jacobson (U of C) Fast smoothness test October 2013 7 / 24

  21. page.21 Sieving in a fonction field Let P ∈ K [ x ][ y ] of degree g . Let B > 0 and S ⊂ K [ x ] g +1 . We want to find ( a i ( x )) ∈ S such that P ( a 0 ( x ) , · · · , a g ( x )) is B − smooth . Sieving methods Using roots of P mod p i where deg( p i ) ≤ B , we Preselect rapidly candidates Q 1 ( x ) , · · · , Q l ( x ) where Q j ∈ P ( S ). Then we test the ( Q i ( x )) i ≤ l for smoothness. Sieving is faster than testing P ( a 0 ( x ) , · · · , a g ( x )) for all ( a i ( x )) ∈ S . It still involves smoothness tests of elements in K [ x ]. Biasse-Jacobson (U of C) Fast smoothness test October 2013 7 / 24

  22. page.22 Relations in J ( C ) from sieving Let C : Y 2 + h ( X ) Y + f ( X ) = F ( X , Y ) = 0 with deg( f ) = 2 g + 1. Let O := F q [ X ][ Y ] / F ( X , Y ) be the equation order. Cl ( O ) := { ideals of O} / { principal ideals } ≃ J ( C ). Biasse-Jacobson (U of C) Fast smoothness test October 2013 8 / 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fast Straightening Algorithm for Bracket Polynomials Based on Tableau Manipulations Changpeng

Fast Straightening Algorithm for Bracket Polynomials Based on Tableau Manipulations Changpeng

Fast Straightening Algorithm for Bracket Polynomials Based on Tableau Manipulations Changpeng Shao, Hongbo Li KLMM, Chinese Academy of Sciences July 18, 2018 1 / 30 Outline Background: Bracket Polynomials and Straightening Sros: New

611 views • 30 slides
About the CRT method to compute class Sminaire LFANT 10/05/2012 (Bordeaux) polynomials in

About the CRT method to compute class Sminaire LFANT 10/05/2012 (Bordeaux) polynomials in

About the CRT method to compute class Sminaire LFANT 10/05/2012 (Bordeaux) polynomials in dimension 2 Kristin Lauter 1 , Damien Robert 2 1 Microsoft Research 2 LFANT Team, IMB &amp; INRIA Bordeaux Sud-Ouest Class polynomials Speeding up the

671 views • 31 slides
Polynomials and Fast Fourier Transform (FFT) Polynomials n-1 a i x i a polynomial of degree n-1

Polynomials and Fast Fourier Transform (FFT) Polynomials n-1 a i x i a polynomial of degree n-1

Polynomials and Fast Fourier Transform (FFT) Polynomials n-1 a i x i a polynomial of degree n-1 A(x) = i=0 Evaluate at a point x = b in time ? Polynomials n-1 a i x i a polynomial of degree n-1 A(x) = i=0 Evaluate at a point x = b in

440 views • 16 slides
Recent results on the multiplicative renormalization method for orthogonal polynomials

Recent results on the multiplicative renormalization method for orthogonal polynomials

Introduction Multiplicative Renormalization Method Characterization Theorems References Recent results on the multiplicative renormalization method for orthogonal polynomials Hui-Hsiung Kuo Louisiana State University Symposium on

1.42k views • 125 slides
The Fast Sweeping Method for Convex Hamilton-Jacobi Equations and Beyond Hongkai Zhao UC Irvine

The Fast Sweeping Method for Convex Hamilton-Jacobi Equations and Beyond Hongkai Zhao UC Irvine

The Fast Sweeping Method for Convex Hamilton-Jacobi Equations and Beyond Hongkai Zhao UC Irvine Highlights of the fast sweeping method (FSM) Simplicity: a Gauss-Seidel type of iterative method. Optimal complexity: finite number of

1.13k views • 37 slides
Efficient GPU parallelization of the Fast Multipole Method with periodic boundary conditions

Efficient GPU parallelization of the Fast Multipole Method with periodic boundary conditions

Efficient GPU parallelization of the Fast Multipole Method with periodic boundary conditions Bartosz Kohnke Fast Multipole Method (FMM) Calculation of long-ranged forces in the n-body problem (Greengard and Rokhlin, 1987) Tree based

774 views • 59 slides
Computing Hilbert class polynomials with the CRT method Andrew V. Sutherland Massachusetts

Computing Hilbert class polynomials with the CRT method Andrew V. Sutherland Massachusetts

Introduction The CRT method Examples and Results Computing Hilbert class polynomials with the CRT method Andrew V. Sutherland Massachusetts Institute of Technology September 23, 2008 Introduction The CRT method Examples and Results

756 views • 47 slides
Composition of Power Series, Change of Basis and Orthogonal Polynomials Bruno Salvy

Composition of Power Series, Change of Basis and Orthogonal Polynomials Bruno Salvy

Introduction Very Fast Fast Change of Basis Orthogonal Polynomials Conclusion Composition of Power Series, Change of Basis and Orthogonal Polynomials Bruno Salvy Bruno.Salvy@inria.fr Algorithms Project, Inria June 2nd, 2008 Joint work

881 views • 69 slides
A new method for computing Kazhdan-Lusztig polynomials Eric Sommers University of Massachusetts

A new method for computing Kazhdan-Lusztig polynomials Eric Sommers University of Massachusetts

A new method for computing Kazhdan-Lusztig polynomials Eric Sommers University of Massachusetts Amherst AMS Session, Gainseville, FL November 3, 2019 1 Credits Based on the 2013 PhD thesis of Jennifer Koonz. Available through MathSciNet.

640 views • 16 slides
Fast Reduction of Bivariate Polynomials with Respect to Sufficiently Regular Gr obner Bases

Fast Reduction of Bivariate Polynomials with Respect to Sufficiently Regular Gr obner Bases

Fast Reduction of Bivariate Polynomials with Respect to Sufficiently Regular Gr obner Bases Joris van der Hoeven, Robin Larrieu Laboratoire dInformatique de lEcole Polytechnique (LIX) ISSAC 18 New York, USA 18 / 07 / 2018 Joris

419 views • 27 slides
8. Factoring polynomials over finite fields CS-E4500 Advanced Course on Algorithms Spring 2018

8. Factoring polynomials over finite fields CS-E4500 Advanced Course on Algorithms Spring 2018

8. Factoring polynomials over finite fields CS-E4500 Advanced Course on Algorithms Spring 2018 Peteri Kaski Department of Computer Science Aalto University Lecture schedule Tue 16 Jan: 1. Polynomials and integers Tue 23 Jan: 2. The fast

661 views • 41 slides
Metamorphic Testing: A Simple Method for Testing Non-Testable Programs Tsong Yueh Chen

Metamorphic Testing: A Simple Method for Testing Non-Testable Programs Tsong Yueh Chen

Metamorphic Testing: A Simple Method for Testing Non-Testable Programs Tsong Yueh Chen tychen@swin.edu.au Swinburne University of Technology Australia 1 Test Oracle A mechanism or procedure against which the computed outputs could be

1.01k views • 63 slides
Discrete Logarithms and Galois Invariant Smoothness Basis (with J.-M. Couveignes) R. Lercier

Discrete Logarithms and Galois Invariant Smoothness Basis (with J.-M. Couveignes) R. Lercier

Background Function Field Sieve Galois Invariant Smoothness Basis Conclusion Discrete Logarithms and Galois Invariant Smoothness Basis (with J.-M. Couveignes) R. Lercier DGA/CELAR &amp; University of Rennes France Reynald.Lercier (at)

650 views • 38 slides
Low weight polynomials in crypto Thomas Johansson Dept of EIT, Lund University, Sweden FSE

Low weight polynomials in crypto Thomas Johansson Dept of EIT, Lund University, Sweden FSE

Low weight polynomials in crypto Thomas Johansson Dept of EIT, Lund University, Sweden FSE 2014 Thomas Johansson Low weight polynomials in crypto Contents PART I: Applications of low weight polynomials in crypto 1 Fast correlation

642 views • 45 slides
Smoothness In Zariski Categories A Proposed Definition and a Few Easy Results. John Iskra

Smoothness In Zariski Categories A Proposed Definition and a Few Easy Results. John Iskra

Smoothness In Zariski Categories A Proposed Definition and a Few Easy Results. John Iskra jiskra@ehc.edu Department of Mathematics &amp; Computer Science Emory and Henry College Emory, Virginia 24327 USA Smoothness In Zariski Categories p.

991 views • 51 slides
Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing

Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing

Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing Hypothesis testing is a method to contradict a theoretical assumption using data. In his seminal book on design of experiments, Fisher (1937) uses

526 views • 3 slides
Outline Saltzer &amp; Schroeders principles (contd) CSci 5271 More secure design

Outline Saltzer &amp; Schroeders principles (contd) CSci 5271 More secure design

Outline Saltzer &amp; Schroeders principles (contd) CSci 5271 More secure design principles Introduction to Computer Security Software engineering for security Defensive programming 2 (combined lecture) Announcements intermission

632 views • 9 slides
Matrix Methods for the Bernstein Form and Their Application in Global Optimization June, 10

Matrix Methods for the Bernstein Form and Their Application in Global Optimization June, 10

Matrix Methods for the Bernstein Form and Their Application in Global Optimization June, 10 Jihad Titi J urgen Garloff University of Konstanz Department of Mathematics and Statistics and University of Applied Sciences / HTWG Konstanz

685 views • 30 slides
Does open-source cryptographic software work correctly? Daniel J. Bernstein CVE-2018-0733, an

Does open-source cryptographic software work correctly? Daniel J. Bernstein CVE-2018-0733, an

Does open-source cryptographic software work correctly? Daniel J. Bernstein CVE-2018-0733, an OpenSSL bug Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit

670 views • 44 slides
The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at

The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at

The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at Chicago, Eindhoven University of Technology Post-quantum cryptography: Cryptography designed under the assumption that the attacker (not the user!) has

1.29k views • 94 slides
signSGD Jeremy Bernstein Yu-Xiang Wang Caltech UCSB/Amazon Compressed optimisation for

signSGD Jeremy Bernstein Yu-Xiang Wang Caltech UCSB/Amazon Compressed optimisation for

signSGD Jeremy Bernstein Yu-Xiang Wang Caltech UCSB/Amazon Compressed optimisation for non-convex problems Kamyar Azizzadenesheli Anima Anandkumar UCI Caltech/Amazon Snap gradient components to 1 Reduces signSGD

456 views • 22 slides
Curves and Splines Outline Hermite Splines Catmull-Rom Splines Bezier Curves

Curves and Splines Outline Hermite Splines Catmull-Rom Splines Bezier Curves

Curves and Splines Outline Hermite Splines Catmull-Rom Splines Bezier Curves Higher Continuity: Natural and B-Splines Drawing Splines Modeling Complex Shapes We want to build models of very complicated objects An

675 views • 50 slides
The libpqcrypto software library for post-quantum cryptography Daniel J. Bernstein and many

The libpqcrypto software library for post-quantum cryptography Daniel J. Bernstein and many

The libpqcrypto software library for post-quantum cryptography Daniel J. Bernstein and many contributors libpqcrypto.org Daniel J. Bernstein Context libpqcrypto.org Daniel J. Bernstein Redesigning crypto for security New requirements for

541 views • 51 slides
Post-quantum cryptography Daniel J. Bernstein 1 Tanja Lange 1 Peter Schwabe 2 Technische

Post-quantum cryptography Daniel J. Bernstein 1 Tanja Lange 1 Peter Schwabe 2 Technische

Post-quantum cryptography Daniel J. Bernstein 1 Tanja Lange 1 Peter Schwabe 2 Technische Universiteit Eindhoven Radboud University 08 September 2016 Cryptography Motivation #1: Communication channels are spying on our data.

1.34k views • 117 slides

More recommend