Paper 2017/593

Solving Multivariate Polynomial Systems and an Invariant from Commutative Algebra

Alessio Caminata and Elisa Gorla

Abstract

The security of several post-quantum cryptosystems is based on the assumption that solving a system of multivariate (quadratic) polynomial equations $p_1=\dots=p_r=0$ over a finite field is hard. Such a system can be solved by computing a lexicographic Gröbner basis of the ideal $(p_1,\dots,p_r)$. The most efficient algorithms for computing Gröbner bases transform the problem into several instances of Gaussian elimination. The computational complexity of these algorithms is not completely understood, especially when the polynomials $p_1,\dots,p_r$ are not homogeneous. In this paper, we prove that this complexity is controlled by the Castelnuovo-Mumford regularity of the ideal $(p_1^h,\dots,p_r^h)$ obtained by homogenizing the input polynomials. This allows us to bound the complexity of solving a system of polynomial equations when the associated ideal is zero-dimensional, a common situation in cryptography. In combination with some theorems in commutative algebra, our results also allow us to bound the complexity of the ABC and cubic simple matrix schemes, as well as some instances of the MinRank Problem.

Note: Improved introduction and exposition, added Theorem 2.10, reorganized Section 3, shortened Section 5. Main results unaffected.