Cryptology ePrint Archive: Report 2006/404

Faugere's F5 Algorithm Revisited

Till Stegers

Abstract: We present and analyze the F5 algorithm for computing Groebner bases. On the practical side, we correct minor errors in Faugere's pseudo code, and report our experiences implementing the -- to our knowledge -- first working public version of F5. While not designed for efficiency, it will doubtless be useful to anybody implementing or experimenting with F5. In addition, we list some experimental results, hinting that the version of F5 presented in Faugere's original paper can be considered as more or less naive, and that Faugere's actual implementations are a lot more sophisticated. We also suggest further improvements to the F5 algorithm and point out some problems we encountered when attempting to merge F4 and F5 to an "F4.5" algorithm. On the theoretical side, we slightly refine Faugere's theorem that it suffices to consider all normalized critical pairs, and give the first full proof, completing his sketches. We strive to present a more accessible account of the termination and correctness proofs of F5. Unfortunately, we still rely on a conjecture about the correctness of certain optimizations. Finally, we suggest directions of future research on F5.

Category / Keywords: Groebner bases, public-key cryptography. cryptanalysis

Publication Info: Diplom thesis at TU Darmstadt, Germany

Date: received 10 Nov 2006, last revised 16 Mar 2007

Contact author: stegers at cs ucdavis edu

Available format(s): PDF | BibTeX Citation

Note: Fixed mistake in F5 pseudocode (reported by John Perry).

Version: 20070316:224338 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]