Questions tagged [polynomial]
17 questions
2
votes
0 answers
NTRUEncrypt key generation
We all know that in NTRUEncrypt, we need to generate private key $f$ such that:
\begin{equation}
F_q(x)\equiv f(x)^{-1} \text{ in } \mathbb{Z}_q[x]/(x^N-1)
\end{equation}
exists. However, Algorithm 1 in this article says that to guarantee the…
EddyLiu
- 75
- 4
2
votes
1 answer
Understanding Canonical-embedding vs Coefficient-embedding in Ideal Lattices: Relation to NTT?
I'm trying to understand the relationship between different representations of ideal lattices, particularly the canonical embedding and coefficient embedding. While studying these concepts, I noticed some similarities between:
Canonical embedding…
a15600712
- 85
- 4
2
votes
0 answers
How efficient is Coron's bivariate Coppersmith algorithm in practice?
The paper by Coron on bivariate coppersmith in https://iacr.org/archive/crypto2007/46220372/46220372.pdf states the complexity of the algorithm is $O(\log^{11}W)$ where $W$ usually is on order of the number to be factored.
How is this algorithm…
Turbo
- 1,045
- 6
- 15
2
votes
1 answer
How to find a polynomial with small coefficients that has a given root over a prime field?
Let $\mathbb{Z}_p$ be a prime field, $r \leftarrow \mathbb{Z}_p$ be a random number, $w=w_0w_1...w_{K-1}$ be a 0-1 string, and
$$v = \sum_{k=0}^{K-1} r^kw_k \mod p.$$
Is it possible to find another length-$K$ binary string $\hat{w}$ such that…
Jason
- 57
- 8
2
votes
0 answers
Succinct proof of evaluation of known polynomial
Consider the zeroes polynomial
$$
zeroes_n(X) = \prod_{0\leq i< n} (X-i) .
$$
Fix a large prime $p$, and fix some $n$ that is less than $p$ but which may still be very large (e.g. $p\approx 2^{256}$ and $n\approx 2^{64}$).
Question: What is the…
Jim
- 131
- 2
2
votes
2 answers
Probabilistic proof of multiplying two elements from non-prime finite field
I was reading this paper, and there, they use the ring $\mathbb{Z}_{\large p}[\alpha]/(\alpha^{\large n}+1)$ for all their operations. And that looks like a construction of finite field $\mathbb{F}_{\large p^{\Large n}}$ as the quotient ring of the…
the thinker
- 147
- 5
2
votes
0 answers
Inefficient double-lengthening PRG
I'm trying to prove that an inefficient double-lengthening PRG exists, i.e. construct a PRG $G: \{0,1\}^n \rightarrow \{0,1\}^{2n}$
My current approach is to bound the number of poly-time non-uniform algorithms as the number of boolean circuits,…
Stevie
- 123
- 4
1
vote
0 answers
The need for bivariate polynomial in the "prescribed permutation gadget" of PLONK
Background
Right now, I'm learning ZK proof from https://rdi.berkeley.edu/zk-learning/
Lecture 5 explains how the PLONK IOP work. In particular, p.33-36 of the slide talks about the "prescribed permutation check" gadget of PLONK.
Skipping over some…
Alex Vong
- 111
- 4
1
vote
1 answer
Bulletproofs, Vector Polynomials & Inner Product of Vector Polynomials
This is from the Bulletproofs Paper
Page 11
The paper defines what is a vector polynomial & how the inner product of Vector Polynomials are computed.
Now, I am unable to find any text about these anywhere else outside of this paper. Vector…
user93353
- 2,348
- 3
- 28
- 49
1
vote
1 answer
LSFR polynomial next term example
I’m struggling with the mathematical representation of an LFSR as polynomials, and I’d like to understand where I go wrong.
In my example, I use an LFSR with a 5-bit shift to the left and feedback on bits $b_4$ and $b_2$.
My LFSR polynomial…
Cauchy_Chlasse
- 33
- 4
1
vote
0 answers
Is a cryptosystem based on hardness of factorization of polynomials, as defined below valid?
I'm proposing a cryptosystem as defined below:
Private Key: $(R, A, R^{-1})$, where $R = \left(\mathbf{r_1}, \cdots, \mathbf{r_n}\right)$ is full-rank, with $n \geq 4$, even; $A = \left(a_1\mathbf{e_1}, \cdots, a_n\mathbf{e_n} \right)$ and $a_i…
Yuri S VB
- 69
- 4
0
votes
0 answers
How Semanev polynomials works for the decomposition of an elliptic curve point?
In order for any index calculus to work on elliptic curves, a point should decomposed. Although inefficient, 1 way to do this is summation polynomials… I’m not talking how to establish the decomposition but how decomposition itself work.
Is the…
user2284570
- 324
- 4
- 19
0
votes
0 answers
Highest- and lowest-degree terms of a finite field's irreducible polynomial
Whether it be for multivariate cryptography, universal hash functions, substitution boxes, or LFSRs, the irreducible polynomials used for $n$ bits of data always have the $x^n$ and $1$ (a.k.a. $x^0$) terms. The only variance is in which of terms…
Melab
- 4,178
- 4
- 24
- 49
0
votes
0 answers
One-way function constructed by multivariable polynomials
Although the conjecture regarding the existence of one-way functions remained open, there are numerous NP-based methods for constructing diverse one-way functions, including DL, lattice, and subset sum problems.
Recently, I have been endeavoring to…
X.H. Yue
- 498
- 3
- 11
0
votes
0 answers
What do we mean when we say we need more than polynomial time many cipher texts
What does it mean when we say something like „we need more than polynomial time many cipher texts“? I understand it as „an adversarial can run for polynomial time and try as many messages as possible in an exhaustive search on our encoded message in…
jilgolfo
- 1
- 2