Communication complexity
A Las Vegas - NC algorithm for isomorphism of graphs with bounded multiplicity of eigenvalues
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Equivalence of F-algebras and cubic forms
STACS'06 Proceedings of the 23rd Annual conference on Theoretical Aspects of Computer Science
Polynomial equivalence problems: algorithmic and theoretical aspects
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Affine projections of polynomials: extended abstract
STOC '12 Proceedings of the forty-fourth annual ACM symposium on Theory of computing
| Hi-index | 0.00 |
We consider the following computational problem. Let F be a field. Given two n-variate polynomials f(x1,.., xn) and g(x1,.., xn) over the field F, is there an invertible linear transformation of the variables which sends f to g? In other words, can we substitute a linear combination of the xi's for each xj appearing in f and obtain the polynomial g? This problem is known to be at least as difficult as the graph isomorphism problem even for homogeneous degree three polynomials. There is even a cryptographic authentication scheme (Patarin, 1996) based on the presumed average-case hardness of this problem. Here we show that at least in certain (interesting) special cases there is a polynomial-time randomized algorithm for determining this equivalence, if it exists. Somewhat surprisingly, the algorithms that we present are efficient even if the input polynomials are given as arithmetic circuits. As an application, we show that if in the key generation phase of Patarin's authentication scheme, a random multilinear polynomial is used to generate the secret, then the scheme can be broken and the secret recovered in randomized polynomial-time.