Network


Latest external collaboration on country level. Dive into details by clicking on the dots.

Hotspot


Dive into the research topics where Jean-Charles Faugère is active.

Publication


Featured researches published by Jean-Charles Faugère.


Journal of Symbolic Computation | 2011

Gröbner bases of bihomogeneous ideals generated by polynomials of bidegree (1,1): Algorithms and complexity

Jean-Charles Faugère; Mohab Safey El Din; Pierre-Jean Spaenlehauer

Solving multihomogeneous systems, as a wide range of structured algebraic systems occurring frequently in practical problems, is of first importance. Experimentally, solving these systems with Grobner bases algorithms seems to be easier than solving homogeneous systems of the same degree. Nevertheless, the reasons for this behaviour are not clear. In this paper, we focus on bilinear systems (i.e. bihomogeneous systems where all equations have bidegree (1,1)). Our goal is to provide a theoretical explanation of the aforementioned experimental behaviour and to propose new techniques to speed up the Grobner basis computations by using the multihomogeneous structure of those systems. The contributions are theoretical and practical. First, we adapt the classical F5 criterion to avoid reductions to zero which occur when the input is a set of bilinear polynomials. We also prove an explicit form of the Hilbert series of bihomogeneous ideals generated by generic bilinear polynomials and give a new upper bound on the degree of regularity of generic affine bilinear systems. We propose also a variant of the F5 Algorithm dedicated to multihomogeneous systems which exploits a structural property of the Macaulay matrix which occurs on such inputs. Experimental results show that this variant requires less time and memory than the classical homogeneous F5 Algorithm. Lastly, we investigate the complexity of computing a Grobner basis for the grevlex ordering of a generic 0-dimensional affine bilinear system over k[x1,...,xnx,y1,...,yny]. In particular, we show that this complexity is upper bounded by O(nx+ny+min(nx+1,ny+1)min(nx+1,ny+1)^@w), which is polynomial in nx+ny (i.e. the number of unknowns) when min(nx,ny) is constant.


Mathematics of Computation | 2004

The arithmetic of Jacobian groups of superelliptic cubics

Abdolali Basiri; Andreas Enge; Jean-Charles Faugère; Nicolas Gürel

We present two algorithms for the arithmetic of cubic curves with a totally ramified prime at infinity. The first algorithm, inspired by Cantors reduction for hyperelliptic curves, is easily implemented with a few lines of code, making use of a polynomial arithmetic package. We prove explicit reducedness criteria for superelliptic curves of genus 3 and 4, which show the correctness of the algorithm. The second approach, quite general in nature and applicable to further classes of curves, uses the FGLM algorithm for switching between Grobner bases for different orderings. Carrying out the computations symbolically, we obtain explicit reduction formulae in terms of the input data.


international symposium on symbolic and algebraic computation | 2012

Solving polynomial systems over finite fields: improved analysis of the hybrid approach

Luk Bettale; Jean-Charles Faugère; Ludovic Perret

The Polynomial System Solving (PoSSo) problem is a fundamental NP-Hard problem in computer algebra. Among others, PoSSo have applications in area such as coding theory and cryptology. Typically, the security of multivariate public-key schemes (MPKC) such as the UOV cryptosystem of Kipnis, Shamir and Patarin is directly related to the hardness of PoSSo over finite fields. The goal of this paper is to further understand the influence of finite fields on the hardness of PoSSo. To this end, we consider the so-called hybrid approach. This is a polynomial system solving method dedicated to finite fields proposed by Bettale, Faugère and Perret (Journal of Mathematical Cryptography, 2009). The idea is to combine exhaustive search with Gröbner bases. The efficiency of the hybrid approach is related to the choice of a trade-off between the two methods. We propose here an improved complexity analysis dedicated to quadratic systems. Whilst the principle of the hybrid approach is simple, its careful analysis leads to rather surprising and somehow unexpected results. We prove that the optimal trade-off (i.e. number of variables to be fixed) allowing to minimize the complexity is achieved by fixing a number of variables proportional to the number of variables of the system considered, denoted n. Under some natural algebraic assumption, we show that the asymptotic complexity of the hybrid approach is 2(3.31-3.62 log2(q)-1)n, where q is the size of the field (under the condition in particular that log(q) ≪ n). This is to date, the best complexity for solving PoSSo over finite fields (when q > 2). We have been able to quantify the gain provided by the hybrid approach compared to a direct Gröbner basis method. For quadratic systems, we show (assuming a natural algebraic assumption) that this gain is exponential in the number of variables. Asymptotically, the gain is 21.49n when both n and q grow to infinity and log(q) ≪ n.


algorithmic number theory symposium | 2004

Implementing the Arithmetic of C3,4 Curves

Abdolali Basiri; Andreas Enge; Jean-Charles Faugère; Nicolas Gürel

We provide explicit formulae for realising the group law in Jacobians of superelliptic curves of genus 3 and C 3,4 curves. It is shown that two distinct elements in the Jacobian of a C 3,4 curve can be added with 150 multiplications and 2 inversions in the field of definition of the curve, while an element can be doubled with 174 multiplications and 2 inversions. In superelliptic curves, 10 multiplications are saved.


international symposium on symbolic and algebraic computation | 2003

Changing the ordering of Gröbner bases with LLL: case of two variables

Abdolali Basiri; Jean-Charles Faugère

We present an algorithm for the transformation of a Gröbner basis of an ideal with respect to any given ordering into a Gröbner basis with respect to any other ordering. This algorithm is based on a modified version of the LLL algorithm. The worst case theoretical complexity of this algorithm is not better than the complexity of the FGLM algorithm; but can also give the theoretical complexity with some parameters depending on the size of the output. When the output is small then algorithm is more efficient. We also present a first implementation of the algorithm in Maple. This algorithm is restricted to the case of two variables but works also in positive dimension.


Finite Fields and Their Applications | 2012

On enumeration of polynomial equivalence classes and their application to MPKC

Dongdai Lin; Jean-Charles Faugère; Ludovic Perret; Tianze Wang

The Isomorphism of Polynomials (IP) is one of the most fundamental problems in multivariate public key cryptography (MPKC). In this paper, we introduce a new framework to study the counting problem associated to IP. Namely, we present tools of finite geometry allowing to investigate the counting problem associated to IP. Precisely, we focus on enumerating or estimating the number of isomorphism equivalence classes of homogeneous quadratic polynomial systems. These problems are equivalent to finding the scale of the key space of a multivariate cryptosystem and the total number of different multivariate cryptographic schemes respectively, which might impact the security and the potential capability of MPKC. We also consider their applications in the analysis of a specific multivariate public key cryptosystem. Our results not only answer how many cryptographic schemes can be derived from monomials and how big the key space is for a fixed scheme, but also show that quite many HFE cryptosystems are equivalent to a Matsumoto-Imai scheme.


Journal of Complexity | 2015

Polynomial-time algorithms for quadratic isomorphism of polynomials

Jérémy Berthomieu; Jean-Charles Faugère; Ludovic Perret

Let f = ( f 1 , ? , f m ) and g = ( g 1 , ? , g m ) be two sets of m ? 1 nonlinear polynomials in K x 1 , ? , x n ] ( K being a field). We consider the computational problem of finding-if any-an invertible transformation on the variables mapping f to g . The corresponding equivalence problem is known as Isomorphism of Polynomials with one Secret (IP1S) and is a fundamental problem in multivariate cryptography. Amongst its applications, we can cite Graph Isomorphism (GI) which reduces to equivalence of cubic polynomials with respect to an invertible linear change of variables, according to Agrawal and Saxena. The main result is a randomized polynomial-time algorithm for solving IP1S for quadratic instances-a particular case of importance in cryptography.To this end, we show that IP1S for quadratic polynomials can be reduced to a variant of the classical module isomorphism problem in representation theory. We show that we can essentially linearize the problem by reducing quadratic-IP1S to test the orthogonal simultaneous similarity of symmetric matrices; this latter problem was shown by Chistov, Ivanyos and Karpinski (ISSAC 1997) to be equivalent to finding an invertible matrix in the linear space K n i? n of n i? n matrices over K and to compute the square root in a certain representation in a matrix algebra. While computing square roots of matrices can be done efficiently using numerical methods, it seems difficult to control the bit complexity of such methods. However, we present exact and polynomial-time algorithms for computing a representation of the square root of a matrix in K n i? n , for various fields (including finite fields), as a product of two matrices. Each coefficient of these matrices lies in an extension field of K of polynomial degree. We then consider #IP1S, the counting version of IP1S for quadratic instances. In particular, we provide a (complete) characterization of the automorphism group of homogeneous quadratic polynomials. Finally, we also consider the more general Isomorphism of Polynomials (IP) problem where we allow an invertible linear transformation on the variables and on the set of polynomials. A randomized polynomial-time algorithm for solving IP when f = ( x 1 d , ? , x n d ) is presented. From an algorithmic point of view, the problem boils down to factoring the determinant of a linear matrix (i.e. ?a matrix whose components are linear polynomials). This extends to IP a result of Kayal obtained for PolyProj.


Journal of Symbolic Computation | 2016

On the complexity of computing Gröbner bases for weighted homogeneous systems

Jean-Charles Faugère; Mohab Safey El Din; Thibaut Verron

Solving polynomial systems arising from applications is frequently made easier by the structure of the systems. Weighted homogeneity (or quasi-homogeneity) is one example of such a structure: given a system of weights W = ( w 1 , ? , w n ) , W-homogeneous polynomials are polynomials which are homogeneous w.r.t. the weighted degree deg W ? ( X 1 α 1 ? X n α n ) = ? w i α i .Grobner bases for weighted homogeneous systems can be computed by adapting existing algorithms for homogeneous systems to the weighted homogeneous case. We show that in this case, the complexity estimate for Algorithm F 5 ( ( n + d max - 1 d max ) ω ) can be divided by a factor ( ? w i ) ω . For zero-dimensional systems, the complexity of Algorithm FGLM n D ω (where D is the number of solutions of the system) can be divided by the same factor ( ? w i ) ω . Under genericity assumptions, for zero-dimensional weighted homogeneous systems of W-degree ( d 1 , ? , d n ) , these complexity estimates are polynomial in the weighted Bezout bound ? i = 1 n d i / ? i = 1 n w i .Furthermore, the maximum degree reached in a run of Algorithm F 5 is bounded by the weighted Macaulay bound ? ( d i - w i ) + w n , and this bound is sharp if we can order the weights so that w n = 1 . For overdetermined semi-regular systems, estimates from the homogeneous case can be adapted to the weighted case.We provide some experimental results based on systems arising from a cryptography problem and from polynomial inversion problems. They show that taking advantage of the weighted homogeneous structure can yield substantial speed-ups, and allows us to solve systems which were otherwise out of reach.


Journal of Symbolic Computation | 2015

On the complexity of the F 5 Gröbner basis algorithm

Magali Bardet; Jean-Charles Faugère; Bruno Salvy

We study the complexity of Grobner bases computation, in particular in the generic situation where the variables are in simultaneous Noether position with respect to the system. n nWe give a bound on the number of polynomials of degree d in a Grobner basis computed by Faugeres F5F5 algorithm (2002) in this generic case for the grevlex ordering (which is also a bound on the number of polynomials for a reduced Grobner basis, independently of the algorithm used). Next, we analyse more precisely the structure of the polynomials in the Grobner bases with signatures that F5F5 computes and use it to bound the complexity of the algorithm. n nOur estimates show that the version of F5F5 we analyse, which uses only standard Gaussian elimination techniques, outperforms row reduction of the Macaulay matrix with the best known algorithms for moderate degrees, and even for degrees up to the thousands if Strassens multiplication is used. The degree being fixed, the factor of improvement grows exponentially with the number of variables.


Archive | 2002

An Algebraic Cryptanalysis of Nonlinear Filter Generators using Gröbner bases

Jean-Charles Faugère; Gwénolé Ars

Collaboration


Dive into the Jean-Charles Faugère's collaboration.

Top Co-Authors

Avatar

Ludovic Perret

Norwegian University of Science and Technology

View shared research outputs
Top Co-Authors

Avatar
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Abdolali Basiri

Centre national de la recherche scientifique

View shared research outputs
Top Co-Authors

Avatar

Daniel Lazard

Centre national de la recherche scientifique

View shared research outputs
Top Co-Authors

Avatar
Top Co-Authors

Avatar
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Bruno Salvy

École normale supérieure de Lyon

View shared research outputs
Top Co-Authors

Avatar
Researchain Logo
Decentralizing Knowledge