“School of Mathematics”
Back to Papers HomeBack to Papers of School of Mathematics
Paper IPM / M / 16954  


Abstract:  
The security of multivariate cryptosystems and digital signature schemes relies on the hardness of solving a system of polynomial equations over a finite field. Polynomial system solving is also currently a bottleneck of indexcalculus algorithms to solve the elliptic and hyperelliptic curve discrete logarithm problem. The complexity of solving a system of polynomial equations is closely related to the cost of computing GrÃ¶bner bases, since computing the solutions of a polynomial system can be reduced to finding a lexicographic GrÃ¶bner basis for the ideal generated by the equations. Several algorithms for computing such bases exist: We consider those based on repeated Gaussian elimination of Macaulay matrices.
In this paper, we analyze the case of random systems, where random systems means either semiregular systems, or quadratic systems in n variables which contain a regular sequence of n polynomials. We provide explicit formulae for bounds on the solving degree of semiregular systems with m>n equations in n variables, for equations of arbitrary degrees for m=n+1, and for any m for systems of quadratic or cubic polynomials. In the appendix, we provide a table of bounds for the solving degree of semiregular systems of m=n+k quadratic equations in n variables for 1<k,n< 101 and online we provide the values of the bounds for 1< k,n< 51. For quadratic systems which contain a regular sequence of n polynomials, we argue that the EisenbudGreenHarris conjecture, if true, provides a sharp bound for their solving degree, which we compute explicitly.
Download TeX format 

back to top 