Paper 2006/404

Faugere's F5 Algorithm Revisited

Till Stegers


We present and analyze the F5 algorithm for computing Groebner bases. On the practical side, we correct minor errors in Faugere's pseudo code, and report our experiences implementing the -- to our knowledge -- first working public version of F5. While not designed for efficiency, it will doubtless be useful to anybody implementing or experimenting with F5. In addition, we list some experimental results, hinting that the version of F5 presented in Faugere's original paper can be considered as more or less naive, and that Faugere's actual implementations are a lot more sophisticated. We also suggest further improvements to the F5 algorithm and point out some problems we encountered when attempting to merge F4 and F5 to an "F4.5" algorithm. On the theoretical side, we slightly refine Faugere's theorem that it suffices to consider all normalized critical pairs, and give the first full proof, completing his sketches. We strive to present a more accessible account of the termination and correctness proofs of F5. Unfortunately, we still rely on a conjecture about the correctness of certain optimizations. Finally, we suggest directions of future research on F5.

Note: Fixed mistake in F5 pseudocode (reported by John Perry).

Available format(s)
Publication info
Published elsewhere. Diplom thesis at TU Darmstadt, Germany
Groebner basespublic-key cryptographycryptanalysis
Contact author(s)
stegers @ cs ucdavis edu
2007-03-16: last of 2 revisions
2006-11-12: received
See all versions
Short URL
Creative Commons Attribution


      author = {Till Stegers},
      title = {Faugere's F5 Algorithm Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2006/404},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.