Cryptology ePrint Archive: Report 2006/404
Faugere's F5 Algorithm Revisited
Abstract: We present and analyze the F5 algorithm for computing Groebner bases. On the practical side, we correct minor errors in Faugere's pseudo code, and report our experiences implementing the -- to our knowledge -- first working public version of F5. While not designed for efficiency, it will doubtless be useful to anybody implementing or experimenting with F5. In addition, we list some experimental results, hinting that the version of F5 presented in Faugere's original paper can be considered as more or less naive, and that Faugere's actual implementations are a lot more sophisticated. We also suggest further improvements to the F5 algorithm and point out some problems we encountered when attempting to merge F4 and F5 to an "F4.5" algorithm. On the theoretical side, we slightly refine Faugere's theorem that it suffices to consider all normalized critical pairs, and give the first full proof, completing his sketches. We strive to present a more accessible account of the termination and correctness proofs of F5. Unfortunately, we still rely on a conjecture about the correctness of certain optimizations. Finally, we suggest directions of future research on F5.
Category / Keywords: Groebner bases, public-key cryptography. cryptanalysis
Publication Info: Diplom thesis at TU Darmstadt, Germany
Date: received 10 Nov 2006, last revised 16 Mar 2007
Contact author: stegers at cs ucdavis edu
Available format(s): PDF | BibTeX Citation
Note: Fixed mistake in F5 pseudocode (reported by John Perry).
Version: 20070316:224338 (All versions of this report)
Short URL: ia.cr/2006/404
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]