On the last fall degree of zero-dimensional Weil descent systems
In this article we will discuss a mostly theoretical framework for solving zero-dimensional polynomial systems. Complexity bounds are obtained for solving such systems using a new parameter, called the last fall degree, which does not depend on the choice of a monomial order. The method is similar t...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/142369 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | In this article we will discuss a mostly theoretical framework for solving zero-dimensional polynomial systems. Complexity bounds are obtained for solving such systems using a new parameter, called the last fall degree, which does not depend on the choice of a monomial order. The method is similar to certain MutantXL algorithms, but our abstract formulation has advantages. For example, we can prove that the cryptographic systems multi-HFE and HFE are insecure. More generally, let k be a finite field of cardinality qn and let k′ be the subfield of cardinality q. Let F⊂k[X0,…,Xm−1] be a finite subset generating a zero-dimensional ideal. We give an upper bound of the last fall degree of the Weil descent system of F from k to k′, which depends on q, m, the last fall degree of F, the degree of F and the number of solutions of F, but not on n. This shows that such Weil descent systems can be solved efficiently if n grows and the other parameters are fixed. In particular, one can apply these results to show a weakness in the cryptographic protocols HFE and multi-HFE. |
|---|