A well-characterized approximation problem
Information Processing Letters
Using the Groebner basis algorithm to find proofs of unsatisfiability
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Proof complexity in algebraic systems and bounded depth Frege systems with modular counting
Computational Complexity
Results related to threshold phenomena research in satisfiability: lower bounds
Theoretical Computer Science - Phase transitions in combinatorial problems
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Unsatisfiable Systems Of Equations, Over A Finite Field
FOCS '98 Proceedings of the 39th Annual Symposium on Foundations of Computer Science
Typical case complexity of satisfiability algorithms and the threshold phenomenon
Discrete Applied Mathematics - Special issue: Typical case complexity and phase transitions
Efficient algorithms for solving overdefined systems of multivariate polynomial equations
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Hi-index | 0.00 |
A random multivariate polynomial system with more equations than variables is likely to be unsolvable. On the other hand, if there are more variables than equations, the system has at least one solution with high probability. In this paper we study in detail the phase transition between these two regimes, which occurs when the number of equations equals the number of variables. In particular, the limiting probability for no solution is 1/e at the phase transition, over a prime field. We also study the probability of having exactly s solutions, with s ≥ 1. In particular, the probability of a unique solution is asymptotically 1/e if the number of equations equals the number of variables. The probability decreases very rapidly if the number of equations increases or decreases. Our motivation is that many cryptographic systems can be expressed as large multivariate polynomial systems (usually quadratic) over a finite field. Since decoding is unique, the solution of the system must also be unique. Knowing the probability of having exactly one solution may help us to understand more about these cryptographic systems. For example, whether attacks should be evaluated by trying them against random systems depends very much on the likelihood of a unique solution.