Download Advances in Cryptology – EUROCRYPT 2012: 31st Annual by Antoine Joux (auth.), David Pointcheval, Thomas Johansson PDF

By Antoine Joux (auth.), David Pointcheval, Thomas Johansson (eds.)

This e-book constitutes the refereed lawsuits of the thirty first Annual foreign convention at the thought and purposes of Cryptographic thoughts, EUROCRYPT 2012, held in Cambgridge, united kingdom, in April 2012.
The forty-one papers, offered including 2 invited talks, have been conscientiously reviewed and chosen from 195 submissions. The papers are prepared in topical sections on index calculus, symmetric buildings, safe computation, protocols, lossy trapdoor features, instruments, symmetric cryptanalysis, totally homomorphic encryption, uneven cryptanalysis, effective discount rates, public-key schemes, safety versions, and lattices.

2 Preliminaries In this section, we introduce definitions, notations and recall well known results concerning polynomial system solving. 1 31 Definition and Notation Let F2 be the finite field of cardinality 2. We will consider a degree n extension F2n of F2 . We will often see F2n as an n dimensional vector space over F2 . Let {θ1 , . . , θn } be a basis of F2n over F2 . We will use bold letters for elements, variables and polynomials over F2n and normal letters for elements, variables and polynomials over F2 .

This simple algorithm, that we call Sub-Macaulay, is not aimed to be optimal in practice but to derive complexity bounds. The general linearization strategy and our analysis below rely on a heuristic assumption formalized below: Assumption 1. With a probability exponentially close to one, the equations generated by Algorithm 1 are linearly independent. Particularly, the assumption states that the solutions of Slin are in one-to-one correspondence with the solutions of Problem 2. 5 Complexity Bounds for Solving Problem 2 We now derive an upper bound on the complexity of Algorithm 1.

Zm ) ∈ V m such that f (z1 , . . , zm ) = 0. Since F2n is a vector space over F2 , f can be rewritten (or deployed) as a polynomial system of m equations over F2 and then can be solved using Gröbner bases algorithms. The prominent observation is to remark that this system is (affine) multi-homogeneous. While the complexity of solving bi-linear systems using Gröbner bases – that is to say polynomials of bi-degree (1, 1) – is now well understood [24], the general case is not known. Consequently, we propose a simple ad-hoc algorithm to take advantage of the multihomogeneous structure.

