-
Polynomial-Division-Based Algorithms for Computing Linear Recurrence Relations
Authors:
Jérémy Berthomieu,
Jean-Charles Faugère
Abstract:
Sparse polynomial interpolation, sparse linear system solving or modular rational reconstruction are fundamental problems in Computer Algebra. They come down to computing linear recurrence relations of a sequence with the Berlekamp-Massey algorithm. Likewise, sparse multivariate polynomial interpolation and multidimensional cyclic code decoding require guessing linear recurrence relations of a mul…
▽ More
Sparse polynomial interpolation, sparse linear system solving or modular rational reconstruction are fundamental problems in Computer Algebra. They come down to computing linear recurrence relations of a sequence with the Berlekamp-Massey algorithm. Likewise, sparse multivariate polynomial interpolation and multidimensional cyclic code decoding require guessing linear recurrence relations of a multivariate sequence.Several algorithms solve this problem. The so-called Berlekamp-Massey-Sakata algorithm (1988) uses polynomial additions and shifts by a monomial. The Scalar-FGLM algorithm (2015) relies on linear algebra operations on a multi-Hankel matrix, a multivariate generalization of a Hankel matrix. The Artinian Gorenstein border basis algorithm (2017) uses a Gram-Schmidt process.We propose a new algorithm for computing the Gr{ö}bner basis of the ideal of relations of a sequence based solely on multivariate polynomial arithmetic. This algorithm allows us to both revisit the Berlekamp-Massey-Sakata algorithm through the use of polynomial divisions and to completely revise the Scalar-FGLM algorithm without linear algebra operations.A key observation in the design of this algorithm is to work on the mirror of the truncated generating series allowing us to use polynomial arithmetic modulo a monomial ideal. It appears to have some similarities with Pad{é} approximants of this mirror polynomial.As an addition from the paper published at the ISSAC conferance, we give an adaptive variant of this algorithm taking into account the shape of the final Gr{ö}bner basis gradually as it is discovered. The main advantage of this algorithm is that its complexity in terms of operations and sequence queries only depends on the output Gr{ö}bner basis.All these algorithms have been implemented in Maple and we report on our comparisons.
△ Less
Submitted 6 July, 2021;
originally announced July 2021.
-
Koszul-type determinantal formulas for families of mixed multilinear systems
Authors:
Matías R. Bender,
Jean-Charles Faugère,
Angelos Mantzaflaris,
Elias Tsigaridas
Abstract:
Effective computation of resultants is a central problem in elimination theory and polynomial system solving. Commonly, we compute the resultant as a quotient of determinants of matrices and we say that there exists a determinantal formula when we can express it as a determinant of a matrix whose elements are the coefficients of the input polynomials. We study the resultant in the context of mixed…
▽ More
Effective computation of resultants is a central problem in elimination theory and polynomial system solving. Commonly, we compute the resultant as a quotient of determinants of matrices and we say that there exists a determinantal formula when we can express it as a determinant of a matrix whose elements are the coefficients of the input polynomials. We study the resultant in the context of mixed multilinear polynomial systems, that is multilinear systems with polynomials having different supports, on which determinantal formulas were not known. We construct determinantal formulas for two kind of multilinear systems related to the Multiparameter Eigenvalue Problem (MEP): first, when the polynomials agree in all but one block of variables; second, when the polynomials are bilinear with different supports, related to a bipartite graph. We use the Weyman complex to construct Koszul-type determinantal formulas that generalize Sylvester-type formulas. We can use the matrices associated to these formulas to solve square systems without computing the resultant. The combination of the resultant matrices with the eigenvalue and eigenvector criterion for polynomial systems leads to a new approach for solving MEP.
△ Less
Submitted 26 May, 2021;
originally announced May 2021.
-
Computing critical points for invariant algebraic systems
Authors:
Jean-Charles Faugère,
George Labahn,
Mohab Safey El Din,
Éric Schost,
Thi Xuan Vu
Abstract:
Let $\mathbf{K}$ be a field and $φ$, $\mathbf{f} = (f_1, \ldots, f_s)$ in $\mathbf{K}[x_1, \dots, x_n]$ be multivariate polynomials (with $s < n$) invariant under the action of $\mathcal{S}_n$, the group of permutations of $\{1, \dots, n\}$. We consider the problem of computing the points at which $\mathbf{f}$ vanish and the Jacobian matrix associated to $\mathbf{f}, φ$ is rank deficient provided…
▽ More
Let $\mathbf{K}$ be a field and $φ$, $\mathbf{f} = (f_1, \ldots, f_s)$ in $\mathbf{K}[x_1, \dots, x_n]$ be multivariate polynomials (with $s < n$) invariant under the action of $\mathcal{S}_n$, the group of permutations of $\{1, \dots, n\}$. We consider the problem of computing the points at which $\mathbf{f}$ vanish and the Jacobian matrix associated to $\mathbf{f}, φ$ is rank deficient provided that this set is finite. We exploit the invariance properties of the input to split the solution space according to the orbits of $\mathcal{S}_n$. This allows us to design an algorithm which gives a triangular description of the solution space and which runs in time polynomial in $d^s$, ${{n+d}\choose{d}}$ and $\binom{n}{s+1}$ where $d$ is the maximum degree of the input polynomials. When $d,s$ are fixed, this is polynomial in $n$ while when $s$ is fixed and $d \simeq n$ this yields an exponential speed-up with respect to the usual polynomial system solving algorithms.
△ Less
Submitted 2 September, 2020;
originally announced September 2020.
-
Gr{ö}bner Basis over Semigroup Algebras: Algorithms and Applications for Sparse Polynomial Systems
Authors:
Matías Bender,
Jean-Charles Faugère,
Elias Tsigaridas
Abstract:
Gr{ö}bner bases is one the most powerful tools in algorithmic non-linear algebra. Their computation is an intrinsically hard problem with a complexity at least single exponential in the number of variables. However, in most of the cases, the polynomial systems coming from applications have some kind of structure. For example , several problems in computer-aided design, robotics, vision, biology ,…
▽ More
Gr{ö}bner bases is one the most powerful tools in algorithmic non-linear algebra. Their computation is an intrinsically hard problem with a complexity at least single exponential in the number of variables. However, in most of the cases, the polynomial systems coming from applications have some kind of structure. For example , several problems in computer-aided design, robotics, vision, biology , kinematics, cryptography, and optimization involve sparse systems where the input polynomials have a few non-zero terms. Our approach to exploit sparsity is to embed the systems in a semigroup algebra and to compute Gr{ö}bner bases over this algebra. Up to now, the algorithms that follow this approach benefit from the sparsity only in the case where all the polynomials have the same sparsity structure, that is the same Newton polytope. We introduce the first algorithm that overcomes this restriction. Under regularity assumptions, it performs no redundant computations. Further, we extend this algorithm to compute Gr{ö}bner basis in the standard algebra and solve sparse polynomials systems over the torus $(C*)^n$. The complexity of the algorithm depends on the Newton polytopes.
△ Less
Submitted 1 February, 2019;
originally announced February 2019.
-
A nearly optimal algorithm to decompose binary forms
Authors:
Matías Bender,
Jean-Charles Faugère,
Ludovic Perret,
Elias Tsigaridas
Abstract:
Symmetric tensor decomposition is an important problem with applications in several areas for example signal processing, statistics, data analysis and computational neuroscience. It is equivalent to Waring's problem for homogeneous polynomials, that is to write a homogeneous polynomial in n variables of degree D as a sum of D-th powers of linear forms, using the minimal number of summands. This mi…
▽ More
Symmetric tensor decomposition is an important problem with applications in several areas for example signal processing, statistics, data analysis and computational neuroscience. It is equivalent to Waring's problem for homogeneous polynomials, that is to write a homogeneous polynomial in n variables of degree D as a sum of D-th powers of linear forms, using the minimal number of summands. This minimal number is called the rank of the polynomial/tensor. We focus on decomposing binary forms, a problem that corresponds to the decomposition of symmetric tensors of dimension 2 and order D. Under this formulation, the problem finds its roots in invariant theory where the decompositions are known as canonical forms. In this context many different algorithms were proposed. We introduce a superfast algorithm that improves the previous approaches with results from structured linear algebra. It achieves a softly linear arithmetic complexity bound. To the best of our knowledge, the previously known algorithms have at least quadratic complexity bounds. Our algorithm computes a symbolic decomposition in $O(M(D) log(D))$ arithmetic operations, where $M(D)$ is the complexity of multiplying two polynomials of degree D. It is deterministic when the decomposition is unique. When the decomposition is not unique, our algorithm is randomized. We present a Monte Carlo version of it and we show how to modify it to a Las Vegas one, within the same complexity. From the symbolic decomposition, we approximate the terms of the decomposition with an error of $2^{--$ε$}$ , in $O(D log^2(D) (log^2(D) + log($ε$)))$ arithmetic operations. We use results from Kaltofen and Yagati (1989) to bound the size of the representation of the coefficients involved in the decomposition and we bound the algebraic degree of the problem by min(rank, D -- rank + 1). We show that this bound can be tight. When the input polynomial has integer coefficients, our algorithm performs, up to poly-logarithmic factors, $O\_{bit} (D{\ell} + D^4 + D^3 $τ$)$ bit operations, where $$τ$$ is the maximum bitsize of the coefficients and $2^{--{\ell}}$ is the relative error of the terms in the decomposition.
△ Less
Submitted 11 September, 2019; v1 submitted 30 October, 2018;
originally announced October 2018.
-
In-depth comparison of the Berlekamp--Massey--Sakata and the Scalar-FGLM algorithms: the adaptive variants
Authors:
Jérémy Berthomieu,
Jean-Charles Faugère
Abstract:
The Berlekamp--Massey--Sakata algorithm and the Scalar-FGLM algorithm both compute the ideal of relations of a multidimensional linear recurrent sequence.Whenever quering a single sequence element is prohibitive, the bottleneck of these algorithms becomes the computation of all the needed sequence terms. As such, having adaptive variants of these algorithms, reducing the number of sequence queries…
▽ More
The Berlekamp--Massey--Sakata algorithm and the Scalar-FGLM algorithm both compute the ideal of relations of a multidimensional linear recurrent sequence.Whenever quering a single sequence element is prohibitive, the bottleneck of these algorithms becomes the computation of all the needed sequence terms. As such, having adaptive variants of these algorithms, reducing the number of sequence queries, becomes mandatory.A native adaptive variant of the Scalar-FGLM algorithm was presented by its authors, the so-called Adaptive Scalar-FGLM algorithm.In this paper, our first contribution is to make the Berlekamp--Massey--Sakata algorithm more efficient by making it adaptive to avoid some useless relation test-ings. This variant allows us to divide by four in dimension 2 and by seven in dimension 3 the number of basic operations performed on some sequence family.Then, we compare the two adaptive algorithms. We show that their behaviors differ in a way that it is not possible to tweak one of the algorithms in order to mimic exactly the behavior of the other. We detail precisely the differences and the similarities of both algorithms and conclude that in general the Adaptive Scalar-FGLM algorithm needs fewer queries and performs fewer basic operations than the Adaptive Berlekamp--Massey--Sakata algorithm.We also show that these variants are always more efficient than the original algorithms.
△ Less
Submitted 4 June, 2018;
originally announced June 2018.
-
Bilinear systems with two supports: Koszul resultant matrices, eigenvalues, and eigenvectors
Authors:
Matías Bender,
Jean-Charles Faugère,
Angelos Mantzaflaris,
Elias Tsigaridas
Abstract:
A fundamental problem in computational algebraic geometry is the computation of the resultant. A central question is when and how to compute it as the determinant of a matrix. whose elements are the coefficients of the input polynomials up-to sign. This problem is well understood for unmixed multihomogeneous systems, that is for systems consisting of multihomogeneous polynomials with the * 1 same…
▽ More
A fundamental problem in computational algebraic geometry is the computation of the resultant. A central question is when and how to compute it as the determinant of a matrix. whose elements are the coefficients of the input polynomials up-to sign. This problem is well understood for unmixed multihomogeneous systems, that is for systems consisting of multihomogeneous polynomials with the * 1 same support. However, little is known for mixed systems, that is for systems consisting of polynomials with different supports. We consider the computation of the multihomogeneous resultant of bilinear systems involving two different supports. We present a constructive approach that expresses the resultant as the exact determinant of a Koszul resultant matrix, that is a matrix constructed from maps in the Koszul complex. We exploit the resultant matrix to propose an algorithm to solve such systems. In the process we extend the classical eigenvalues and eigenvectors criterion to a more general setting. Our extension of the eigenvalues criterion applies to a general class of matrices, including the Sylvester-type and the Koszul-type ones.
△ Less
Submitted 14 May, 2018;
originally announced May 2018.
-
Towards Mixed Gr{ö}bner Basis Algorithms: the Multihomogeneous and Sparse Case
Authors:
Matías Bender,
Jean-Charles Faugère,
Elias Tsigaridas
Abstract:
One of the biggest open problems in computational algebra is the design of efficient algorithms for Gr{ö}bner basis computations that take into account the sparsity of the input polynomials. We can perform such computations in the case of unmixed polynomial systems, that is systems with polynomials having the same support, using the approach of Faug{è}re, Spaenlehauer, and Svartz [ISSAC'14]. We pr…
▽ More
One of the biggest open problems in computational algebra is the design of efficient algorithms for Gr{ö}bner basis computations that take into account the sparsity of the input polynomials. We can perform such computations in the case of unmixed polynomial systems, that is systems with polynomials having the same support, using the approach of Faug{è}re, Spaenlehauer, and Svartz [ISSAC'14]. We present two algorithms for sparse Gr{ö}bner bases computations for mixed systems. The first one computes with mixed sparse systems and exploits the supports of the polynomials. Under regularity assumptions, it performs no reductions to zero. For mixed, square, and 0-dimensional multihomogeneous polynomial systems, we present a dedicated, and potentially more efficient, algorithm that exploits different algebraic properties that performs no reduction to zero. We give an explicit bound for the maximal degree appearing in the computations.
△ Less
Submitted 15 May, 2018; v1 submitted 9 May, 2018;
originally announced May 2018.
-
Fast Quantum Algorithm for Solving Multivariate Quadratic Equations
Authors:
Jean-Charles Faug`ere,
Kelsey Horan,
Delaram Kahrobaei,
Marc Kaplan,
Elham Kashefi,
Ludovic Perret
Abstract:
In August 2015 the cryptographic world was shaken by a sudden and surprising announcement by the US National Security Agency NSA concerning plans to transition to post-quantum algorithms. Since this announcement post-quantum cryptography has become a topic of primary interest for several standardization bodies. The transition from the currently deployed public-key algorithms to post-quantum algori…
▽ More
In August 2015 the cryptographic world was shaken by a sudden and surprising announcement by the US National Security Agency NSA concerning plans to transition to post-quantum algorithms. Since this announcement post-quantum cryptography has become a topic of primary interest for several standardization bodies. The transition from the currently deployed public-key algorithms to post-quantum algorithms has been found to be challenging in many aspects. In particular the problem of evaluating the quantum-bit security of such post-quantum cryptosystems remains vastly open. Of course this question is of primarily concern in the process of standardizing the post-quantum cryptosystems. In this paper we consider the quantum security of the problem of solving a system of {\it $m$ Boolean multivariate quadratic equations in $n$ variables} (\MQb); a central problem in post-quantum cryptography. When $n=m$, under a natural algebraic assumption, we present a Las-Vegas quantum algorithm solving \MQb{} that requires the evaluation of, on average, $O(2^{0.462n})$ quantum gates. To our knowledge this is the fastest algorithm for solving \MQb{}.
△ Less
Submitted 19 December, 2017;
originally announced December 2017.
-
In-depth comparison of the Berlekamp -- Massey -- Sakata and the Scalar-FGLM algorithms: the non adaptive variants
Authors:
Jérémy Berthomieu,
Jean-Charles Faugère
Abstract:
We compare thoroughly the Berlekamp -- Massey -- Sakata algorithm and the Scalar-FGLM algorithm, which compute both the ideal of relations of a multi-dimensional linear recurrent sequence. Suprisingly, their behaviors differ. We detail in which way they do and prove that it is not possible to tweak one of the algorithms in order to mimic exactly the behavior of the other.
We compare thoroughly the Berlekamp -- Massey -- Sakata algorithm and the Scalar-FGLM algorithm, which compute both the ideal of relations of a multi-dimensional linear recurrent sequence. Suprisingly, their behaviors differ. We detail in which way they do and prove that it is not possible to tweak one of the algorithms in order to mimic exactly the behavior of the other.
△ Less
Submitted 21 September, 2017;
originally announced September 2017.
-
Computing Small Certificates of Inconsistency of Quadratic Fewnomial Systems
Authors:
Jean-Charles Faugere,
Pierre-Jean Spaenlehauer,
Jules Svartz
Abstract:
B{é}zout 's theorem states that dense generic systems of n multivariate quadratic equations in n variables have 2 n solutions over algebraically closed fields. When only a small subset M of monomials appear in the equations (fewnomial systems), the number of solutions may decrease dramatically. We focus in this work on subsets of quadratic monomials M such that generic systems with support M do…
▽ More
B{é}zout 's theorem states that dense generic systems of n multivariate quadratic equations in n variables have 2 n solutions over algebraically closed fields. When only a small subset M of monomials appear in the equations (fewnomial systems), the number of solutions may decrease dramatically. We focus in this work on subsets of quadratic monomials M such that generic systems with support M do not admit any solution at all. For these systems, Hilbert's Nullstellensatz ensures the existence of algebraic certificates of inconsistency. However, up to our knowledge all known bounds on the sizes of such certificates -including those which take into account the Newton polytopes of the polynomials- are exponential in n. Our main results show that if the inequality 2|M| -- 2n $\le$ $\sqrt$ 1 + 8ν -- 1 holds for a quadratic fewnomial system -- where ν is the matching number of a graph associated with M, and |M| is the cardinality of M -- then there exists generically a certificate of inconsistency of linear size (measured as the number of coefficients in the ground field K). Moreover this certificate can be computed within a polynomial number of arithmetic operations. Next, we evaluate how often this inequality holds, and we give evidence that the probability that the inequality is satisfied depends strongly on the number of squares. More precisely, we show that if M is picked uniformly at random among the subsets of n + k + 1 quadratic monomials containing at least $Ω$(n 1/2+$ε$) squares, then the probability that the inequality holds tends to 1 as n grows. Interestingly, this phenomenon is related with the matching number of random graphs in the Erd{ö}s-Renyi model. Finally, we provide experimental results showing that certificates in inconsistency can be computed for systems with more than 10000 variables and equations.
△ Less
Submitted 19 May, 2016;
originally announced May 2016.
-
Determinantal sets, singularities and application to optimal control in medical imagery
Authors:
Bernard Bonnard,
Jean-Charles Faugère,
Alain Jacquemard,
Mohab Safey El Din,
Thibaut Verron
Abstract:
Control theory has recently been involved in the field of nuclear magnetic resonance imagery. The goal is to control the magnetic field optimally in order to improve the contrast between two biological matters on the pictures. Geometric optimal control leads us here to analyze mero-morphic vector fields depending upon physical parameters , and having their singularities defined by a deter-minantal…
▽ More
Control theory has recently been involved in the field of nuclear magnetic resonance imagery. The goal is to control the magnetic field optimally in order to improve the contrast between two biological matters on the pictures. Geometric optimal control leads us here to analyze mero-morphic vector fields depending upon physical parameters , and having their singularities defined by a deter-minantal variety. The involved matrix has polynomial entries with respect to both the state variables and the parameters. Taking into account the physical constraints of the problem, one needs to classify, with respect to the parameters, the number of real singularities lying in some prescribed semi-algebraic set. We develop a dedicated algorithm for real root classification of the singularities of the rank defects of a polynomial matrix, cut with a given semi-algebraic set. The algorithm works under some genericity assumptions which are easy to check. These assumptions are not so restrictive and are satisfied in the aforementioned application. As more general strategies for real root classification do, our algorithm needs to compute the critical loci of some maps, intersections with the boundary of the semi-algebraic domain, etc. In order to compute these objects, the determinantal structure is exploited through a stratifi-cation by the rank of the polynomial matrix. This speeds up the computations by a factor 100. Furthermore, our implementation is able to solve the application in medical imagery, which was out of reach of more general algorithms for real root classification. For instance, computational results show that the contrast problem where one of the matters is water is partitioned into three distinct classes.
△ Less
Submitted 6 July, 2017; v1 submitted 3 May, 2016;
originally announced May 2016.
-
GBLA -- Gröbner Basis Linear Algebra Package
Authors:
Brice Boyer,
Christian Eder,
Jean-Charles Faugère,
Sylvian Lachartre,
Fayssal Martani
Abstract:
This is a system paper about a new GPLv2 open source C library GBLA implementing and improving the idea of Faugère and Lachartre (GB reduction). We further exploit underlying structures in matrices generated during Gröbner basis computations in algorithms like F4 or F5 taking advantage of block patterns by using a special data structure called multilines. Moreover, we discuss a new order of operat…
▽ More
This is a system paper about a new GPLv2 open source C library GBLA implementing and improving the idea of Faugère and Lachartre (GB reduction). We further exploit underlying structures in matrices generated during Gröbner basis computations in algorithms like F4 or F5 taking advantage of block patterns by using a special data structure called multilines. Moreover, we discuss a new order of operations for the reduction process. In various different experimental results we show that GBLA performs better than GB reduction or Magma in sequential computations (up to 40% faster) and scales much better than GB reduction for a higher number of cores: On 32 cores we reach a scaling of up to 26. GBLA is up to 7 times faster than GB reduction. Further, we compare different parallel schedulers GBLA can be used with. We also developed a new advanced storage format that exploits the fact that our matrices are coming from Gröbner basis computations, shrinking storage by a factor of up to 4. A huge database of our matrices is freely available with GBLA.
△ Less
Submitted 19 February, 2016;
originally announced February 2016.
-
Moment Varieties of Gaussian Mixtures
Authors:
Carlos Améndola,
Jean-Charles Faugère,
Bernd Sturmfels
Abstract:
The points of a moment variety are the vectors of all moments up to some order of a family of probability distributions. We study this variety for mixtures of Gaussians. Following up on Pearson's classical work from 1894, we apply current tools from computational algebra to recover the parameters from the moments. Our moment varieties extend objects familiar to algebraic geometers. For instance, t…
▽ More
The points of a moment variety are the vectors of all moments up to some order of a family of probability distributions. We study this variety for mixtures of Gaussians. Following up on Pearson's classical work from 1894, we apply current tools from computational algebra to recover the parameters from the moments. Our moment varieties extend objects familiar to algebraic geometers. For instance, the secant varieties of Veronese varieties are the loci obtained by setting all covariance matrices to zero. We compute the ideals of the 5-dimensional moment varieties representing mixtures of two univariate Gaussians, and we offer a comparison to the maximum likelihood approach.
△ Less
Submitted 15 October, 2015;
originally announced October 2015.
-
On the complexity of computing Gröbner bases for weighted homogeneous systems
Authors:
Jean-Charles Faugère,
Mohab Safey El Din,
Thibaut Verron
Abstract:
Solving polynomial systems arising from applications is frequently made easier by the structure of the systems. Weighted homogeneity (or quasi-homogeneity) is one example of such a structure: given a system of weights $W=(w\_{1},\dots,w\_{n})$, $W$-homogeneous polynomials are polynomials which are homogeneous w.r.t the weighted degree…
▽ More
Solving polynomial systems arising from applications is frequently made easier by the structure of the systems. Weighted homogeneity (or quasi-homogeneity) is one example of such a structure: given a system of weights $W=(w\_{1},\dots,w\_{n})$, $W$-homogeneous polynomials are polynomials which are homogeneous w.r.t the weighted degree $°\_{W}(X\_{1}^{α\_{1}},\dots,X\_{n}^{α\_{n}}) = \sum w\_{i}α\_{i}$. Gröbner bases for weighted homogeneous systems can be computed by adapting existing algorithms for homogeneous systems to the weighted homogeneous case. We show that in this case, the complexity estimate for Algorithm~\F5 $\left(\binom{n+\dmax-1}{\dmax}^ω\right)$ can be divided by a factor $\left(\prod w\_{i} \right)^ω$. For zero-dimensional systems, the complexity of Algorithm~\FGLM $nD^ω$ (where $D$ is the number of solutions of the system) can be divided by the same factor $\left(\prod w\_{i} \right)^ω$. Under genericity assumptions, for zero-dimensional weighted homogeneous systems of $W$-degree $(d\_{1},\dots,d\_{n})$, these complexity estimates are polynomial in the weighted Bézout bound $\prod\_{i=1}^{n}d\_{i} / \prod\_{i=1}^{n}w\_{i}$. Furthermore, the maximum degree reached in a run of Algorithm \F5 is bounded by the weighted Macaulay bound $\sum (d\_{i}-w\_{i}) + w\_{n}$, and this bound is sharp if we can order the weights so that $w\_{n}=1$. For overdetermined semi-regular systems, estimates from the homogeneous case can be adapted to the weighted case. We provide some experimental results based on systems arising from a cryptography problem and from polynomial inversion problems. They show that taking advantage of the weighted homogeneous structure yields substantial speed-ups, and allows us to solve systems which were otherwise out of reach.
△ Less
Submitted 21 December, 2015; v1 submitted 23 December, 2014;
originally announced December 2014.
-
Folding Alternant and Goppa Codes with Non-Trivial Automorphism Groups
Authors:
Jean-Charles Faugère,
Ayoub Otmani,
Ludovic Perret,
Frédéric de Portzamparc,
Jean-Pierre Tillich
Abstract:
The main practical limitation of the McEliece public-key encryption scheme is probably the size of its key. A famous trend to overcome this issue is to focus on subclasses of alternant/Goppa codes with a non trivial automorphism group. Such codes display then symmetries allowing compact parity-check or generator matrices. For instance, a key-reduction is obtained by taking quasi-cyclic (QC) or qua…
▽ More
The main practical limitation of the McEliece public-key encryption scheme is probably the size of its key. A famous trend to overcome this issue is to focus on subclasses of alternant/Goppa codes with a non trivial automorphism group. Such codes display then symmetries allowing compact parity-check or generator matrices. For instance, a key-reduction is obtained by taking quasi-cyclic (QC) or quasi-dyadic (QD) alternant/Goppa codes. We show that the use of such symmetric alternant/Goppa codes in cryptography introduces a fundamental weakness. It is indeed possible to reduce the key-recovery on the original symmetric public-code to the key-recovery on a (much) smaller code that has not anymore symmetries. This result is obtained thanks to a new operation on codes called folding that exploits the knowledge of the automorphism group. This operation consists in adding the coordinates of codewords which belong to the same orbit under the action of the automorphism group. The advantage is twofold: the reduction factor can be as large as the size of the orbits, and it preserves a fundamental property: folding the dual of an alternant (resp. Goppa) code provides the dual of an alternant (resp. Goppa) code. A key point is to show that all the existing constructions of alternant/Goppa codes with symmetries follow a common principal of taking codes whose support is globally invariant under the action of affine transformations (by building upon prior works of T. Berger and A. D{ü}r). This enables not only to present a unified view but also to generalize the construction of QC, QD and even quasi-monoidic (QM) Goppa codes. All in all, our results can be harnessed to boost up any key-recovery attack on McEliece systems based on symmetric alternant or Goppa codes, and in particular algebraic attacks.
△ Less
Submitted 20 May, 2014;
originally announced May 2014.
-
A survey on signature-based Gröbner basis computations
Authors:
Christian Eder,
Jean-Charles Faugère
Abstract:
This paper is a survey on the area of signature-based Gröbner basis algorithms that was initiated by Faugère's F5 algorithm in 2002. We explain the general ideas behind the usage of signatures. We show how to classify the various known variants by 3 different orderings. For this we give translations between different notations and show that besides notations many approaches are just the same. More…
▽ More
This paper is a survey on the area of signature-based Gröbner basis algorithms that was initiated by Faugère's F5 algorithm in 2002. We explain the general ideas behind the usage of signatures. We show how to classify the various known variants by 3 different orderings. For this we give translations between different notations and show that besides notations many approaches are just the same. Moreover, we give a general description of how the idea of signatures is quite natural when performing the reduction process using linear algebra. This survey shall help to outline this field of active research.
△ Less
Submitted 7 April, 2014;
originally announced April 2014.
-
Sparse Gröbner Bases: the Unmixed Case
Authors:
Jean-Charles Faugere,
Pierre-Jean Spaenlehauer,
Jules Svartz
Abstract:
Toric (or sparse) elimination theory is a framework developped during the last decades to exploit monomial structures in systems of Laurent polynomials. Roughly speaking, this amounts to computing in a \emph{semigroup algebra}, \emph{i.e.} an algebra generated by a subset of Laurent monomials. In order to solve symbolically sparse systems, we introduce \emph{sparse Gröbner bases}, an analog of cla…
▽ More
Toric (or sparse) elimination theory is a framework developped during the last decades to exploit monomial structures in systems of Laurent polynomials. Roughly speaking, this amounts to computing in a \emph{semigroup algebra}, \emph{i.e.} an algebra generated by a subset of Laurent monomials. In order to solve symbolically sparse systems, we introduce \emph{sparse Gröbner bases}, an analog of classical Gröbner bases for semigroup algebras, and we propose sparse variants of the $F_5$ and FGLM algorithms to compute them. Our prototype "proof-of-concept" implementation shows large speed-ups (more than 100 for some examples) compared to optimized (classical) Gröbner bases software. Moreover, in the case where the generating subset of monomials corresponds to the points with integer coordinates in a normal lattice polytope $\mathcal P\subset\mathbb R^n$ and under regularity assumptions, we prove complexity bounds which depend on the combinatorial properties of $\mathcal P$. These bounds yield new estimates on the complexity of solving $0$-dim systems where all polynomials share the same Newton polytope (\emph{unmixed case}). For instance, we generalize the bound $\min(n_1,n_2)+1$ on the maximal degree in a Gröbner basis of a $0$-dim. bilinear system with blocks of variables of sizes $(n_1,n_2)$ to the multilinear case: $\sum n_i - \max(n_i)+1$. We also propose a variant of Fröberg's conjecture which allows us to estimate the complexity of solving overdetermined sparse systems.
△ Less
Submitted 25 June, 2014; v1 submitted 28 February, 2014;
originally announced February 2014.
-
On the Complexity of the F5 Gröbner basis Algorithm
Authors:
Magali Bardet,
Jean-Charles Faugère,
Bruno Salvy
Abstract:
We study the complexity of Gröbner bases computation, in particular in the generic situation where the variables are in simultaneous Noether position with respect to the system.
We give a bound on the number of polynomials of degree $d$ in a Gröbner basis computed by Faugère's $F_5$ algorithm~(Fau02) in this generic case for the grevlex ordering (which is also a bound on the number of polynomial…
▽ More
We study the complexity of Gröbner bases computation, in particular in the generic situation where the variables are in simultaneous Noether position with respect to the system.
We give a bound on the number of polynomials of degree $d$ in a Gröbner basis computed by Faugère's $F_5$ algorithm~(Fau02) in this generic case for the grevlex ordering (which is also a bound on the number of polynomials for a reduced Gröbner basis, independently of the algorithm used). Next, we analyse more precisely the structure of the polynomials in the Gröbner bases with signatures that $F_5$ computes and use it to bound the complexity of the algorithm.
Our estimates show that the version of~$F_5$ we analyse, which uses only standard Gaussian elimination techniques, outperforms row reduction of the Macaulay matrix with the best known algorithms for moderate degrees, and even for degrees up to the thousands if Strassen's multiplication is used. The degree being fixed, the factor of improvement grows exponentially with the number of variables.
△ Less
Submitted 17 July, 2014; v1 submitted 5 December, 2013;
originally announced December 2013.
-
Polynomial-Time Algorithms for Quadratic Isomorphism of Polynomials: The Regular Case
Authors:
Jérémy Berthomieu,
Jean-Charles Faugère,
Ludovic Perret
Abstract:
Let $\mathbf{f}=(f\_1,\ldots,f\_m)$ and $\mathbf{g}=(g\_1,\ldots,g\_m)$ be two sets of $m\geq 1$ nonlinear polynomials over $\mathbb{K}[x\_1,\ldots,x\_n]$ ($\mathbb{K}$ being a field). We consider the computational problem of finding -- if any -- an invertible transformation on the variables map** $\mathbf{f}$ to $\mathbf{g}$. The corresponding equivalence problem is known as {\tt Isomorphism of…
▽ More
Let $\mathbf{f}=(f\_1,\ldots,f\_m)$ and $\mathbf{g}=(g\_1,\ldots,g\_m)$ be two sets of $m\geq 1$ nonlinear polynomials over $\mathbb{K}[x\_1,\ldots,x\_n]$ ($\mathbb{K}$ being a field). We consider the computational problem of finding -- if any -- an invertible transformation on the variables map** $\mathbf{f}$ to $\mathbf{g}$. The corresponding equivalence problem is known as {\tt Isomorphism of Polynomials with one Secret} ({\tt IP1S}) and is a fundamental problem in multivariate cryptography. The main result is a randomized polynomial-time algorithm for solving {\tt IP1S} for quadratic instances, a particular case of importance in cryptography and somewhat justifying {\it a posteriori} the fact that {\it Graph Isomorphism} reduces to only cubic instances of {\tt IP1S} (Agrawal and Saxena). To this end, we show that {\tt IP1S} for quadratic polynomials can be reduced to a variant of the classical module isomorphism problem in representation theory, which involves to test the orthogonal simultaneous conjugacy of symmetric matrices. We show that we can essentially {\it linearize} the problem by reducing quadratic-{\tt IP1S} to test the orthogonal simultaneous similarity of symmetric matrices; this latter problem was shown by Chistov, Ivanyos and Karpinski to be equivalent to finding an invertible matrix in the linear space $\mathbb{K}^{n \times n}$ of $n \times n$ matrices over $\mathbb{K}$ and to compute the square root in a matrix algebra. While computing square roots of matrices can be done efficiently using numerical methods, it seems difficult to control the bit complexity of such methods. However, we present exact and polynomial-time algorithms for computing the square root in $\mathbb{K}^{n \times n}$ for various fields (including finite fields). We then consider \\#{\tt IP1S}, the counting version of {\tt IP1S} for quadratic instances. In particular, we provide a (complete) characterization of the automorphism group of homogeneous quadratic polynomials. Finally, we also consider the more general {\it Isomorphism of Polynomials} ({\tt IP}) problem where we allow an invertible linear transformation on the variables \emph{and} on the set of polynomials. A randomized polynomial-time algorithm for solving {\tt IP} when \(\mathbf{f}=(x\_1^d,\ldots,x\_n^d)\) is presented. From an algorithmic point of view, the problem boils down to factoring the determinant of a linear matrix (\emph{i.e.}\ a matrix whose components are linear polynomials). This extends to {\tt IP} a result of Kayal obtained for {\tt PolyProj}.
△ Less
Submitted 29 May, 2015; v1 submitted 18 July, 2013;
originally announced July 2013.
-
Polynomial Systems Solving by Fast Linear Algebra
Authors:
Jean-Charles Faugère,
Pierrick Gaudry,
Louise Huot,
Guénaël Renault
Abstract:
Polynomial system solving is a classical problem in mathematics with a wide range of applications. This makes its complexity a fundamental problem in computer science. Depending on the context, solving has different meanings. In order to stick to the most general case, we consider a representation of the solutions from which one can easily recover the exact solutions or a certified approximation o…
▽ More
Polynomial system solving is a classical problem in mathematics with a wide range of applications. This makes its complexity a fundamental problem in computer science. Depending on the context, solving has different meanings. In order to stick to the most general case, we consider a representation of the solutions from which one can easily recover the exact solutions or a certified approximation of them. Under generic assumption, such a representation is given by the lexicographical Gröbner basis of the system and consists of a set of univariate polynomials. The best known algorithm for computing the lexicographical Gröbner basis is in $\widetilde{O}(d^{3n})$ arithmetic operations where $n$ is the number of variables and $d$ is the maximal degree of the equations in the input system. The notation $\widetilde{O}$ means that we neglect polynomial factors in $n$. We show that this complexity can be decreased to $\widetilde{O}(d^{ωn})$ where $2 \leq ω< 2.3727$ is the exponent in the complexity of multiplying two dense matrices. Consequently, when the input polynomial system is either generic or reaches the Bézout bound, the complexity of solving a polynomial system is decreased from $\widetilde{O}(D^3)$ to $\widetilde{O}(D^ω)$ where $D$ is the number of solutions of the system. To achieve this result we propose new algorithms which rely on fast linear algebra. When the degree of the equations are bounded uniformly by a constant we propose a deterministic algorithm. In the unbounded case we present a Las Vegas algorithm.
△ Less
Submitted 12 July, 2013; v1 submitted 22 April, 2013;
originally announced April 2013.
-
Sparse FGLM algorithms
Authors:
Jean-Charles Faugère,
Chenqi Mou
Abstract:
Given a zero-dimensional ideal I in K[x1,...,xn] of degree D, the transformation of the ordering of its Groebner basis from DRL to LEX is a key step in polynomial system solving and turns out to be the bottleneck of the whole solving process. Thus it is of crucial importance to design efficient algorithms to perform the change of ordering.
The main contributions of this paper are several efficie…
▽ More
Given a zero-dimensional ideal I in K[x1,...,xn] of degree D, the transformation of the ordering of its Groebner basis from DRL to LEX is a key step in polynomial system solving and turns out to be the bottleneck of the whole solving process. Thus it is of crucial importance to design efficient algorithms to perform the change of ordering.
The main contributions of this paper are several efficient methods for the change of ordering which take advantage of the sparsity of multiplication matrices in the classical FGLM algorithm. Combing all these methods, we propose a deterministic top-level algorithm that automatically detects which method to use depending on the input. As a by-product, we have a fast implementation that is able to handle ideals of degree over 40000. Such an implementation outperforms the Magma and Singular ones, as shown by our experiments.
First for the shape position case, two methods are designed based on the Wiedemann algorithm: the first is probabilistic and its complexity to complete the change of ordering is O(D(N1+nlog(D))), where N1 is the number of nonzero entries of a multiplication matrix; the other is deterministic and computes the LEX Groebner basis of the radical of I via Chinese Remainder Theorem. Then for the general case, the designed method is characterized by the Berlekamp-Massey-Sakata algorithm from Coding Theory to handle the multi-dimensional linearly recurring relations. Complexity analyses of all proposed methods are also provided.
Furthermore, for generic polynomial systems, we present an explicit formula for the estimation of the sparsity of one main multiplication matrix, and prove its construction is free. With the asymptotic analysis of such sparsity, we are able to show for generic systems the complexity above becomes $O(\sqrt{6/n π} D^{2+(n-1)/n}})$.
△ Less
Submitted 3 April, 2013;
originally announced April 2013.
-
On the Complexity of Computing Gröbner Bases for Quasi-homogeneous Systems
Authors:
Jean-Charles Faugère,
Mohab Safey El Din,
Thibaut Verron
Abstract:
Let $\K$ be a field and $(f_1, \ldots, f_n)\subset \K[X_1, \ldots, X_n]$ be a sequence of quasi-homogeneous polynomials of respective weighted degrees $(d_1, \ldots, d_n)$ w.r.t a system of weights $(w_{1},\dots,w_{n})$. Such systems are likely to arise from a lot of applications, including physics or cryptography. We design strategies for computing Gröbner bases for quasi-homogeneous systems by a…
▽ More
Let $\K$ be a field and $(f_1, \ldots, f_n)\subset \K[X_1, \ldots, X_n]$ be a sequence of quasi-homogeneous polynomials of respective weighted degrees $(d_1, \ldots, d_n)$ w.r.t a system of weights $(w_{1},\dots,w_{n})$. Such systems are likely to arise from a lot of applications, including physics or cryptography. We design strategies for computing Gröbner bases for quasi-homogeneous systems by adapting existing algorithms for homogeneous systems to the quasi-homogeneous case. Overall, under genericity assumptions, we show that for a generic zero-dimensional quasi-homogeneous system, the complexity of the full strategy is polynomial in the weighted Bézout bound $\prod_{i=1}^{n}d_{i} / \prod_{i=1}^{n}w_{i}$. We provide some experimental results based on generic systems as well as systems arising from a cryptography problem. They show that taking advantage of the quasi-homogeneous structure of the systems allow us to solve systems that were out of reach otherwise.
△ Less
Submitted 3 May, 2013; v1 submitted 23 January, 2013;
originally announced January 2013.
-
Critical Points and Gröbner Bases: the Unmixed Case
Authors:
Jean-Charles Faugère,
Mohab Safey El Din,
Pierre-Jean Spaenlehauer
Abstract:
We consider the problem of computing critical points of the restriction of a polynomial map to an algebraic variety. This is of first importance since the global minimum of such a map is reached at a critical point. Thus, these points appear naturally in non-convex polynomial optimization which occurs in a wide range of scientific applications (control theory, chemistry, economics,...). Critical p…
▽ More
We consider the problem of computing critical points of the restriction of a polynomial map to an algebraic variety. This is of first importance since the global minimum of such a map is reached at a critical point. Thus, these points appear naturally in non-convex polynomial optimization which occurs in a wide range of scientific applications (control theory, chemistry, economics,...). Critical points also play a central role in recent algorithms of effective real algebraic geometry. Experimentally, it has been observed that Gröbner basis algorithms are efficient to compute such points. Therefore, recent software based on the so-called Critical Point Method are built on Gröbner bases engines. Let $f_1,..., f_p$ be polynomials in $ \Q[x_1,..., x_n]$ of degree $D$, $V\subset\C^n$ be their complex variety and $π_1$ be the projection map $(x_1,.., x_n)\mapsto x_1$. The critical points of the restriction of $π_1$ to $V$ are defined by the vanishing of $f_1,..., f_p$ and some maximal minors of the Jacobian matrix associated to $f_1,..., f_p$. Such a system is algebraically structured: the ideal it generates is the sum of a determinantal ideal and the ideal generated by $f_1,..., f_p$. We provide the first complexity estimates on the computation of Gröbner bases of such systems defining critical points. We prove that under genericity assumptions on $f_1,..., f_p$, the complexity is polynomial in the generic number of critical points, i.e. $D^p(D-1)^{n-p}{{n-1}\choose{p-1}}$. More particularly, in the quadratic case D=2, the complexity of such a Gröbner basis computation is polynomial in the number of variables $n$ and exponential in $p$. We also give experimental evidence supporting these theoretical results.
△ Less
Submitted 1 February, 2012;
originally announced February 2012.
-
On the Complexity of Solving Quadratic Boolean Systems
Authors:
Magali Bardet,
Jean-Charles Faugère,
Bruno Salvy,
Pierre-Jean Spaenlehauer
Abstract:
A fundamental problem in computer science is to find all the common zeroes of $m$ quadratic polynomials in $n$ unknowns over $\mathbb{F}_2$. The cryptanalysis of several modern ciphers reduces to this problem. Up to now, the best complexity bound was reached by an exhaustive search in $4\log_2 n\,2^n$ operations. We give an algorithm that reduces the problem to a combination of exhaustive search a…
▽ More
A fundamental problem in computer science is to find all the common zeroes of $m$ quadratic polynomials in $n$ unknowns over $\mathbb{F}_2$. The cryptanalysis of several modern ciphers reduces to this problem. Up to now, the best complexity bound was reached by an exhaustive search in $4\log_2 n\,2^n$ operations. We give an algorithm that reduces the problem to a combination of exhaustive search and sparse linear algebra. This algorithm has several variants depending on the method used for the linear algebra step. Under precise algebraic assumptions on the input system, we show that the deterministic variant of our algorithm has complexity bounded by $O(2^{0.841n})$ when $m=n$, while a probabilistic variant of the Las Vegas type has expected complexity $O(2^{0.792n})$. Experiments on random systems show that the algebraic assumptions are satisfied with probability very close to~1. We also give a rough estimate for the actual threshold between our method and exhaustive search, which is as low as~200, and thus very relevant for cryptographic applications.
△ Less
Submitted 25 May, 2012; v1 submitted 29 December, 2011;
originally announced December 2011.
-
On the Complexity of the Generalized MinRank Problem
Authors:
Jean-Charles Faugère,
Mohab Safey El Din,
Pierre-Jean Spaenlehauer
Abstract:
We study the complexity of solving the \emph{generalized MinRank problem}, i.e. computing the set of points where the evaluation of a polynomial matrix has rank at most $r$. A natural algebraic representation of this problem gives rise to a \emph{determinantal ideal}: the ideal generated by all minors of size $r+1$ of the matrix. We give new complexity bounds for solving this problem using Gröbner…
▽ More
We study the complexity of solving the \emph{generalized MinRank problem}, i.e. computing the set of points where the evaluation of a polynomial matrix has rank at most $r$. A natural algebraic representation of this problem gives rise to a \emph{determinantal ideal}: the ideal generated by all minors of size $r+1$ of the matrix. We give new complexity bounds for solving this problem using Gröbner bases algorithms under genericity assumptions on the input matrix. In particular, these complexity bounds allow us to identify families of generalized MinRank problems for which the arithmetic complexity of the solving process is polynomial in the number of solutions. We also provide an algorithm to compute a rational parametrization of the variety of a 0-dimensional and radical system of bi-degree $(D,1)$. We show that its complexity can be bounded by using the complexity bounds for the generalized MinRank problem.
△ Less
Submitted 2 May, 2013; v1 submitted 19 December, 2011;
originally announced December 2011.
-
The Digital Signature Scheme MQQ-SIG
Authors:
Danilo Gligoroski,
Svein Johan Knapskog,
Smile Markovski,
Rune Steinsmo Ødegård,
Rune Erlend Jensen,
Ludovic Perret,
Jean-Charles Faugère
Abstract:
This document contains the Intellectual Property Statement and the technical description of the MQQ-SIG - a new public key digital signature scheme. The complete scientific publication covering the design rationale and the security analysis will be given in a separate publication. MQQ-SIG consists of $n - \frac{n}{4}$ quadratic polynomials with $n$ Boolean variables where n=160, 196, 224 or 256.
This document contains the Intellectual Property Statement and the technical description of the MQQ-SIG - a new public key digital signature scheme. The complete scientific publication covering the design rationale and the security analysis will be given in a separate publication. MQQ-SIG consists of $n - \frac{n}{4}$ quadratic polynomials with $n$ Boolean variables where n=160, 196, 224 or 256.
△ Less
Submitted 15 October, 2010;
originally announced October 2010.
-
Gröbner Bases of Bihomogeneous Ideals generated by Polynomials of Bidegree (1,1): Algorithms and Complexity
Authors:
Jean-Charles Faugère,
Mohab Safey El Din,
Pierre-Jean Spaenlehauer
Abstract:
Solving multihomogeneous systems, as a wide range of structured algebraic systems occurring frequently in practical problems, is of first importance. Experimentally, solving these systems with Gröbner bases algorithms seems to be easier than solving homogeneous systems of the same degree. Nevertheless, the reasons of this behaviour are not clear. In this paper, we focus on bilinear systems (i.e.…
▽ More
Solving multihomogeneous systems, as a wide range of structured algebraic systems occurring frequently in practical problems, is of first importance. Experimentally, solving these systems with Gröbner bases algorithms seems to be easier than solving homogeneous systems of the same degree. Nevertheless, the reasons of this behaviour are not clear. In this paper, we focus on bilinear systems (i.e. bihomogeneous systems where all equations have bidegree (1,1)). Our goal is to provide a theoretical explanation of the aforementionned experimental behaviour and to propose new techniques to speed up the Gröbner basis computations by using the multihomogeneous structure of those systems. The contributions are theoretical and practical. First, we adapt the classical F5 criterion to avoid reductions to zero which occur when the input is a set of bilinear polynomials. We also prove an explicit form of the Hilbert series of bihomogeneous ideals generated by generic bilinear polynomials and give a new upper bound on the degree of regularity of generic affine bilinear systems. This leads to new complexity bounds for solving bilinear systems. We propose also a variant of the F5 Algorithm dedicated to multihomogeneous systems which exploits a structural property of the Macaulay matrix which occurs on such inputs. Experimental results show that this variant requires less time and memory than the classical homogeneous F5 Algorithm.
△ Less
Submitted 24 February, 2010; v1 submitted 22 January, 2010;
originally announced January 2010.
-
Computing modular correspondences for abelian varieties
Authors:
Jean-Charles Faugère,
David Lubicz,
Damien Robert
Abstract:
The aim of this paper is to give a higher dimensional equivalent of the classical modular polynomials $Φ_\ell(X,Y)$. If $j$ is the $j$-invariant associated to an elliptic curve $E_k$ over a field $k$ then the roots of $Φ_\ell(j,X)$ correspond to the $j$-invariants of the curves which are $\ell$-isogeneous to $E_k$. Denote by $X_0(N)$ the modular curve which parametrizes the set of elliptic curve…
▽ More
The aim of this paper is to give a higher dimensional equivalent of the classical modular polynomials $Φ_\ell(X,Y)$. If $j$ is the $j$-invariant associated to an elliptic curve $E_k$ over a field $k$ then the roots of $Φ_\ell(j,X)$ correspond to the $j$-invariants of the curves which are $\ell$-isogeneous to $E_k$. Denote by $X_0(N)$ the modular curve which parametrizes the set of elliptic curves together with a $N$-torsion subgroup. It is possible to interpret $Φ_\ell(X,Y)$ as an equation cutting out the image of a certain modular correspondence $X_0(\ell) \to X_0(1) \times X_0(1)$ in the product $X_0(1) \times X_0(1)$. Let $g$ be a positive integer and $\overn \in \N^g$. We are interested in the moduli space that we denote by $\Mn$ of abelian varieties of dimension $g$ over a field $k$ together with an ample symmetric line bundle $\pol$ and a symmetric theta structure of type $\overn$. If $\ell$ is a prime and let $\overl=(\ell, ..., \ell)$, there exists a modular correspondence $\Mln \to \Mn \times \Mn$. We give a system of algebraic equations defining the image of this modular correspondence.
△ Less
Submitted 24 October, 2009;
originally announced October 2009.
-
On formulas for decoding binary cyclic codes
Authors:
Daniel Augot,
Magali Bardet,
Jean-Charles Faugère
Abstract:
We adress the problem of the algebraic decoding of any cyclic code up to the true minimum distance. For this, we use the classical formulation of the problem, which is to find the error locator polynomial in terms of the syndroms of the received word. This is usually done with the Berlekamp-Massey algorithm in the case of BCH codes and related codes, but for the general case, there is no generic…
▽ More
We adress the problem of the algebraic decoding of any cyclic code up to the true minimum distance. For this, we use the classical formulation of the problem, which is to find the error locator polynomial in terms of the syndroms of the received word. This is usually done with the Berlekamp-Massey algorithm in the case of BCH codes and related codes, but for the general case, there is no generic algorithm to decode cyclic codes. Even in the case of the quadratic residue codes, which are good codes with a very strong algebraic structure, there is no available general decoding algorithm. For this particular case of quadratic residue codes, several authors have worked out, by hand, formulas for the coefficients of the locator polynomial in terms of the syndroms, using the Newton identities. This work has to be done for each particular quadratic residue code, and is more and more difficult as the length is growing. Furthermore, it is error-prone. We propose to automate these computations, using elimination theory and Grbner bases. We prove that, by computing appropriate Grbner bases, one automatically recovers formulas for the coefficients of the locator polynomial, in terms of the syndroms.
△ Less
Submitted 10 January, 2007;
originally announced January 2007.
