The main focus of the POLSYS project is to solve systems of polynomial equations.

Our main objectives are:

**Fundamental Algorithms and Structured Systems.** The
objective is to propose fast exponential exact algorithms for
solving polynomial equations
and to identify large classes of structured polynomial systems which can be solved in polynomial time.

**Solving Systems over the Reals and Applications.** For
positive dimensional systems basic questions over the reals may be
very difficult (for instance testing the existence of solutions) but
also very useful in applications (e.g. global optimization problems).
We plan to propose efficient algorithms and implementations to address
the most important issues: computing sample points in the real
solution sets, decide if two such sample points can be path-connected
and, as a long term objective, perform quantifier elimination over the
reals (computing a quantifier-free formula which is equivalent to a
given quantified boolean formula of polynomial
equations/inequalities).

**Dedicated Algebraic Computation and Linear Algebra.** While
linear algebra is a key step in the computation of Gröbner bases,
the matrices generated by the algorithms

**Solving Systems in Finite Fields, Applications in
Cryptology and Algebraic Number Theory.** We propose to develop a
systematic use of *structured systems* in Algebraic
Cryptanalysis. We want to improve the efficiency and to predict the
theoretical complexity of such attacks. We plan to demonstrate the
power of algebraic techniques in new areas of cryptography such as
Algebraic Number Theory (typically, in curve based cryptography).

Polynomial system solving is a fundamental problem in Computer Algebra with many applications in cryptography, robotics, biology, error correcting codes, signal theory, .... Among all available methods for solving polynomial systems, computation of Gröbner bases remains one of the most powerful and versatile method since it can be applied in the continuous case (rational coefficients) as well as in the discrete case (finite fields). Gröbner bases are also a building blocks for higher level algorithms who compute real sample points in the solution set of polynomial systems, decide connectivity queries and quantifier elimination over the reals. The major challenge facing the designer or the user of such algorithms is the intrinsic exponential behaviour of the complexity for computing Gröbner bases. The current proposal is an attempt to tackle these issues in a number of different ways: improve the efficiency of the fundamental algorithms (even when the complexity is exponential), develop high performance implementation exploiting parallel computers, and investigate new classes of structured algebraic problems where the complexity drops to polynomial time.

Efficient algorithms *A
new efficient algorithm for computing Gröbner bases without reduction
to zero (F5).* In Proceedings of ISSAC '02, pages 75-83, New York, NY,
USA, 2002. ACM.

*(i)* developing dedicated
linear algebra routines performing the Gaussian elimination steps:
this is precisely the objective 2 described below;

*(ii)*
generating smaller or simpler matrices to which we will apply Gaussian
elimination.

We describe here our goals for the latter
problem. First, we focus on algorithms for computing a Gröbner basis
of *general polynomial systems*. Next, we present our goals on
the development of dedicated algorithms for computing Gröbner bases
of *structured polynomial systems* which arise in various
applications.

**Algorithms for general systems.** Several
degrees of freedom are available to the designer of a Gröbner basis
algorithm to generate the matrices occurring during the
computation. For instance, it would be desirable to obtain matrices
which would be almost triangular or very sparse. Such a goal can be
achieved by considering various interpretations of the

**Algorithms dedicated to ****structured****
polynomial systems.** A complementary approach is to exploit the
structure of the input polynomials to design specific algorithms. Very
often, problems coming from applications are not random but are
highly structured. The specific nature of these systems may vary a
lot: some polynomial systems can be sparse (when the number of terms
in each equation is low), overdetermined (the number of the equations
is larger than the number of variables), invariants by the action of
some finite groups, multi-linear (each equation is linear w.r.t. to
one block of variables) or more generally multihomogeneous. In each
case, the ultimate goal is to identify large classes of problems whose theoretical/practical complexity drops and to propose in each case
dedicated algorithms.

We will develop algorithms for solving polynomial systems over complex/real numbers. Again, the goal is to extend significantly the range of reachable applications using algebraic techniques based on Gröbner bases and dedicated linear algebra routines. Targeted application domains are global optimization problems, stability of dynamical systems (e.g. arising in biology or in control theory) and theorem proving in computational geometry.

The following functionalities shall be requested by the end-users:

*(i)* deciding the emptiness of the real solution set of systems
of polynomial equations and inequalities,

*(ii)* quantifier
elimination over the reals or complex numbers,

*(iii)* answering
connectivity queries for such real solution sets.

We will focus on these functionalities.

We will develop algorithms based on the so-called critical point
method to tackle systems of equations and inequalities
(problem *(i)*) . These techniques are based on solving
0-dimensional polynomial systems encoding "critical points" which are
defined by the vanishing of minors of jacobian matrices (with
polynomial entries). Since these systems are highly structured, the
expected results of Objective 1 and 2 may allow us to obtain dramatic
improvements in the computation of Gröbner bases of such polynomial
systems. This will be the foundation of practically fast
implementations (based on singly exponential algorithms) outperforming
the current ones based on the historical Cylindrical Algebraic
Decomposition (CAD) algorithm (whose complexity is doubly exponential
in the number of variables). We will also develop algorithms and
implementations that allow us to analyze, at least locally, the
topology of solution sets in some specific situations. A
long-term goal is obviously to obtain an analysis of the global
topology.

Here, the primary objective is to focus on *dedicated* algorithms
and software for the linear algebra steps in Gröbner bases
computations and for problems arising in Number Theory. As explained
above, linear algebra is a key step in the process of computing
efficiently Gröbner bases. It is then natural to develop specific
linear algebra algorithms and implementations to further strengthen
the existing software. Conversely, Gröbner bases computation is
often a key ingredient in higher level algorithms from Algebraic
Number Theory. In these cases, the algebraic problems are very
particular and specific. Hence dedicated Gröbner bases algorithms
and implementations would provide a better efficiency.

**Dedicated linear algebra tools.**FGb is
an efficient library for Gröbner bases computations which can be used,
for instance, via Maple. However, the library is sequential. A
goal of the project is to extend its efficiency to new trend parallel
architectures such as clusters of multi-processor systems in order to
tackle a broader class of problems for several applications.
Consequently, our first aim is to provide a durable, long term
software solution, which will be the successor of the existing FGb library. To achieve this goal, we will first develop a high
performance linear algebra package (under the LGPL license). This
could be organized in the form of a collaborative project between the
members of the team. The objective is not to develop a general
library similar to the Linbox project but to propose a dedicated
linear algebra package taking into account the specific properties of
the matrices generated by the Gröbner bases algorithms. Indeed these
matrices are sparse (the actual sparsity depends strongly on the
application), almost block triangular and not necessarily of full
rank. Moreover, most of the pivots are known at the beginning of the
computation. In practice, such matrices are huge (more than

Fast linear algebra packages would also benefit to the transformation of a Gröbner basis of a zero–dimensional ideal with respect to a given monomial ordering into a Gröbner basis with respect to another ordering. In the generic case at least, the change of ordering is equivalent to the computation of the minimal polynomial of a so-called multiplication matrix. By taking into account the sparsity of this matrix, the computation of the Gröbner basis can be done more efficiently using variant of the Wiedemann algorithm. Hence, our goal is also to obtain a dedicated high performance library for transforming (i.e. change ordering) Gröbner bases.

**Dedicated algebraic tools for Algebraic Number
Theory.** Recent results in Algebraic Number Theory tend to show that
the computation of Gröbner basis is a key step toward the resolution
of difficult problems in this
domain *Index calculus for abelian
varieties of small dimension and the elliptic curve discrete logarithm
problem*, Journal of Symbolic Computation 44,12 (2009)
pp. 1690-1702

Here, we focus on solving polynomial systems over finite fields
(i.e. the discrete case) and the corresponding applications
(Cryptology, Error Correcting Codes, ...). Obviously this
objective can be seen as an application of the results of the two
previous objectives. However, we would like to emphasize that it is
also the source of new theoretical problems and practical challenges.
We propose to develop a systematic use of *structured systems* in
*algebraic cryptanalysis*.

*(i)* So far, breaking a cryptosystem using algebraic
techniques could be summarized as modeling the problem by algebraic
equations and then computing a, usually, time consuming Gröbner
basis. A new trend in this field is to require a theoretical
complexity analysis. This is needed to explain the behavior of the
attack but also to help the designers of new cryptosystems to propose
actual secure parameters.

*(ii)* To assess the security of
several cryptosystems in symmetric cryptography (block ciphers, hash
functions, ...), a major difficulty is the size of the systems
involved for this type of attack. More specifically, the bottleneck
is the size of the linear algebra problems generated during a Gröbner basis
computation.

We propose to develop a
systematic use of *structured systems* in *algebraic
cryptanalysis*.

The first objective is to build on the recent breakthrough in
attacking McEliece's cryptosystem: it is the first structural
weakness observed on one of the oldest public key cryptosystem. We
plan to develop a well founded framework for assessing the security of
public key cryptosystems based on coding theory from the algebraic
cryptanalysis point of view. The answer to this issue is strongly
related to the complexity of solving bihomogeneous systems (of
bidegree

Dedicated tools for linear algebra problems generated during the Gröbner basis computation will be used in algebraic cryptanalysis. The promise of considerable algebraic computing power beyond the capability of any standard computer algebra system will enable us to attack various cryptosystems or at least to propose accurate secure parameters for several important cryptosystems. Dedicated linear tools are thus needed to tackle these problems. From a theoretical perspective, we plan to further improve the theoretical complexity of the hybrid method and to investigate the problem of solving polynomial systems with noise, i.e. some equations of the system are incorrect. The hybrid method is a specific method for solving polynomial systems over finite fields. The idea is to mix exhaustive search and Gröbner basis computation to take advantage of the over-determinacy of the resulting systems.

Polynomial system with noise is currently emerging as a problem of major interest in cryptography. This problem is a key to further develop new applications of algebraic techniques; typically in side-channel and statistical attacks. We also emphasize that recently a connection has been established between several classical lattice problems (such as the Shortest Vector Problem), polynomial system solving and polynomial systems with noise. The main issue is that there is no sound algorithmic and theoretical framework for solving polynomial systems with noise. The development of such framework is a long-term objective.

We propose to develop a systematic use of structured systems in Algebraic Cryptanalysis. We want to improve the efficiency and to predict the theoretical complexity of such attacks. We plan to demonstrate the power of algebraic techniques in new areas of cryptography such as Algebraic Number Theory (typically, in curve based cryptography).

Solving polynomial systems over the reals arise as a critical issue in wide range of problems coming from engineering sciences (biology, physics, control theory, etc.). We will focus on developing general enough software that may impact on these domains with a particular focus on control theory

FGb is a powerful software for computing Gröbner bases.It includes the new generation of algorihms for computing Gröbner bases polynomial systems (mainly the F4, F5 and FGLM algorithms). It is implemented in C/C++ (approximately 250000 lines), standalone servers are available on demand. Since 2006, FGb is dynamically linked with Maple software (version 11 and higher) and is part of the official distribution of this software.

See also the web page http://

ACM: I.1.2 Algebraic algorithms

Programming language: C/C++

GBLA a new open source C library for linear algebra
dedicated to Gröbner bases computations (see
http://

RAGLib is a Maple library for solving over the reals polynomial systems and computing sample points in semi-algebraic sets.

Epsilon is a library of functions implemented in Maple and Java for polynomial elimination and decomposition with (geometric) applications.

SLV is a software package in C that provides routines for isolating (and subsequently refine) the real roots of univariate polynomials with integer or rational coefficients based on subdivision algorithms and on the continued fraction expansion of real numbers. Special attention is given so that the package can handle polynomials that have degree several thousands and size of coefficients hundrends of Megabytes.
Currently the code consists of

ACM: I.1.2 Algebraic algorithms

Programming language: C/C++

Jointly with Univ. Of Kaiserslautern (C. Eder), we have released a new open source C library for linear algebra
dedicated to Gröbner bases computations (see
http://

The library is specialized in reducing matrices generated during Gröbner bases computations. Optimizing this reduction step is crucial for the overall computation.

Our approach takes even more advantage of the very special structure (quasi unit-triangular sparse matrices with patterns in the data)

We also reduce the number of operations, in a parallel friendly fashion, by changing the order of the operations in the elimination.

We present experimental results for sequential and parallel computations on NUMA architectures. We also get good scaling up until 32 (non hyper-threaded) cores: we have speed-ups around 14 or 16.

Sparse elimination theory is a framework developped during the last decades to exploit monomial structures in systems
of Laurent polynomials. Roughly speaking, this amounts to computing in a *semigroup algebra*, *i.e.* an
algebra generated by a subset of Laurent monomials. In order to solve symbolically sparse systems, we introduce
*sparse Gröbner bases*, an analog of classical Gröbner bases for semigroup algebras, and we propose sparse
variants of the

In the case where the generating subset of monomials corresponds to the points with integer coordinates in a normal
lattice polytope *unmixed case*). For
instance, we generalize the bound

Moreover, our prototype “proof-of-concept” implementation shows large speed-ups (more than 100 for some examples) compared to optimized (classical) Gröbner bases software.

Solving polynomial systems arising from applications is frequently
made easier by the structure of the systems. Weighted homogeneity
(or quasi-homogeneity) is one example of such a structure: given a
system of weights

Gröbner bases for weighted homogeneous systems can be computed by
adapting existing algorithms for homogeneous systems to the weighted
homogeneous case. In , we show that in
this case, the complexity estimate for Algorithm F5

Furthermore, the maximum degree reached in a run of Algorithm F5 is
bounded by the weighted Macaulay bound

We provide some experimental results based on systems arising from a cryptography problem and from polynomial inversion problems. They show that taking advantage of the weighted homogeneous structure yields substantial speed-ups, and allows us to solve systems which were otherwise out of reach.

Let
*necessary* conditions on the parameters
*collinear three body problem*.

Let *exact*
representation of the global infimum

This algorithm is *probabilistic*. It makes use of the notion of
polar varieties. Its complexity is essentially *cubic* in
*deterministic*
complexity class

We report on some practical experiments of a first implementation that is available as a Maple package. It appears that it can tackle global optimization problems that were unreachable by previous exact algorithms and can manage instances that are hard to solve with purely numeric techniques. As far as we know, even under the extra genericity assumptions on the input, it is the first probabilistic algorithm that combines practical efficiency with good control of complexity for this problem.

It is known that point searching in basic semialgebraic sets and the
search for globally minimal points in polynomial optimization tasks
can be carried out using

Subject to certain conditions, we associate
in to each of these problems an intrinsic
system degree which becomes in worst case of order

We design non-uniform deterministic or uniform probabilistic algorithms of intrinsic, quasi-polynomial complexity which solve these problems.

Let

Highly efficient and even nearly optimal algorithms have been developed for the classical problem of univariate polynomial root-finding, but this is still an area of active research. By combining some powerful techniques developed in this area we devise in new nearly optimal algorithms, whose substantial merit is their simplicity, important for the implementation.

Let *Isomorphism of
Polynomials with one Secret* (`IP1S`) and is a fundamental
problem in multivariate cryptography. Amongst its applications, we
can cite Graph Isomorphism (`GI`) which reduces to
equivalence of cubic polynomials with respect to an invertible
linear change of variables, according to Agrawal and Saxena.
The main result of our work
is a randomized polynomial-time
algorithm for solving `IP1S` for quadratic instances, a
particular case of importance in cryptography.

To this end, we show that `IP1S` for quadratic polynomials
can be reduced to a variant of
the classical module isomorphism problem in representation theory.
We show that we can essentially *linearize* the problem by
reducing quadratic-`IP1S` to test
the orthogonal simultaneous similarity of symmetric matrices; this
latter problem was shown by Chistov, Ivanyos and Karpinski
(ISSAC 1997) to be
equivalent to finding an invertible matrix in the linear space
`IP1S`, the counting version of `IP1S` for quadratic
instances. In particular, we provide a (complete) characterization
of the automorphism group of homogeneous quadratic polynomials.
Finally, we also consider the more general *Isomorphism of
Polynomials* (`IP`) problem where we allow an invertible
linear transformation on the variables *and* on the set of
polynomials. A randomized polynomial-time algorithm for solving
`IP` when *i.e.* a matrix whose components are linear polynomials). This extends
to `IP` a result of Kayal obtained for `PolyProj`.

In , we investigate the Hidden Subspace Problem (

**Input : **

**Find : ** a subspace

where

This problem underlies the security of the first public-key quantum money scheme that is proved to be cryptographically secure under a non quantum but classic hardness assumption. This scheme was proposed by S. Aaronson and P. Christiano at STOC'12.
In particular, it depends upon the hardness of

Some recent constructions based on LWE do not sample the secret
uniformly at random but rather from some distribution which produces
small entries. The most prominent of these is the binary-LWE problem
where the secret vector is sampled from

The main practical limitation of the McEliece public-key encryption scheme is probably the size of its key. A famous
trend to overcome this issue is to focus on subclasses of alternant/Goppa codes with a non trivial automorphism
group. Such codes display then *symmetries* allowing compact parity-check or generator matrices. For instance,
a key-reduction is obtained by taking *quasi-cyclic* (QC) or *quasi-dyadic* (QD) alternant/Goppa codes. We
show in , , that the use of such *symmetric*
alternant/Goppa codes in cryptography introduces a fundamental weakness. It is indeed possible to reduce the
key-recovery on the original symmetric public-code to the key-recovery on a (much) smaller code that has not anymore
symmetries. This result is obtained thanks to a new operation on codes called *folding* that exploits the
knowledge of the automorphism group. This operation consists in adding the coordinates of codewords which belong to
the same orbit under the action of the automorphism group. The advantage is twofold: the reduction factor can be as
large as the size of the orbits, and it preserves a fundamental property: folding the dual of an alternant
(*resp*. Goppa) code provides the dual of an alternant (*resp*. Goppa) code. A key point is to show that
all the existing constructions of alternant/Goppa codes with symmetries follow a common principal of taking codes
whose support is globally invariant under the action of affine transformations (by building upon prior works of
T. Berger and A. Dür). This enables not only to present a unified view but also to generalize the construction
of QC, QD and even *quasi-monoidic* (QM) Goppa codes. All in all, our results can be harnessed to boost up any
key-recovery attack on McEliece systems based on symmetric alternant or Goppa codes, and in particular algebraic
attacks.

In a seminal work at EUROCRYPT '96, Coppersmith showed how to find all small roots of a univariate polynomial congruence in polynomial time: this has found many applications in public-key cryptanalysis and in a few security proofs. However, the running time of the algorithm is a high-degree polynomial, which limits experiments: the bottleneck is an LLL reduction of a high-dimensional matrix with extra-large coefficients. We present in the first significant speedups over Coppersmith's algorithm. The first speedup is based on a special property of the matrices used by Coppersmith's algorithm, which allows us to provably speed up the LLL reduction by rounding, and which can also be used to improve the complexity analysis of Coppersmith's original algorithm. The exact speedup depends on the LLL algorithm used: for instance, the speedup is asymptotically quadratic in the bit-size of the small-root bound if one uses the Nguyen-Stehlé L2 algorithm. The second speedup is heuristic and applies whenever one wants to enlarge the root size of Coppersmith's algorithm by exhaustive search. Instead of performing several LLL reductions independently, we exploit hidden relationships between these matrices so that the LLL reductions can be somewhat chained to decrease the global running time. When both speedups are combined, the new algorithm is in practice hundreds of times faster for typical parameters.

Decomposition-based index calculus methods are currently efficient only for elliptic curves E defined over non-prime finite fields of very small extension degree n. This corresponds to the fact that the Semaev summation polynomials, which encode the relation search (or “sieving”), grows over-exponentially with n. Actually, even their computation is a first stumbling block and the largest Semaev polynomial ever computed is the 6-th. Following ideas from Faugère, Gaudry, Huot and Renault, our goal is to use the existence of small order torsion points on E to define new summation polynomials whose symmetrized expressions are much more compact and easier to compute. This setting allows to consider smaller factor bases, and the high sparsity of the new summation polynomials provides a very efficient decomposition step. In , the focus is on 2-torsion points, as it is the most important case in practice. We obtain records of two kinds: we successfully compute up to the 8-th symmetrized summation polynomial and give new timings for the computation of relations with degree 5 extension fields.

The usual algorithm to solve polynomial systems using Gröbner bases
consists of two steps: first computing the DRL Gröbner basis using
the F5 algorithm then computing the LEX Gröbner basis using a change
of ordering algorithm. When the Bézout bound is reached, the
bottleneck of the total solving process is the change of ordering
step. For 20 years, thanks to the FGLM algorithm the complexity of
change of ordering is known to be cubic in the number of solutions
of the system to solve. We show in that,
in the generic case or up to a generic linear change of variables,
the multiplicative structure of the quotient ring can be computed
with no arithmetic operation. Moreover, given this multiplicative
structure we propose a change of ordering algorithm for Shape
Position ideals whose complexity is polynomial in the number of
solutions with exponent

**ANR Grant (international program) EXACTA (2010-2013): Exact/Certified Algorithms with Algebraic Systems.**

The main objective of this project is to study and compute the solutions of nonlinear algebraic systems and their structures and properties with selected target applications using exact or certified computation. The project consists of one main task of basic research on the design and implementation of fundamental algorithms and four tasks of applied research on computational geometry, algebraic cryptanalysis, global optimization, and algebraic biology. It will last for three years (2010-2013) with 300 person-months of workforce. Its consortium is composed of strong research teams from France and China (KLMM, SKLOIS, and LMIB) in the area of solving algebraic systems with applications.

**ANR Grant HPAC: High Performance Algebraic Computing
(2012-2016).** The pervasive ubiquity of parallel architectures
and memory hierarchy has led to a new quest for parallel
mathematical algorithms and software capable of exploiting the
various levels of parallelism: from hardware acceleration
technologies (multi-core and multi-processor system on chip, GPGPU,
FPGA) to cluster and global computing platforms. For giving a
greater scope to symbolic and algebraic computing, beyond the
optimization of the application itself, the effective use of a large
number of resources (memory and specialized computing units) is
expected to enhance the performance multi-criteria objectives: time,
resource usage, reliability, even energy consumption. The design and
the implementation of mathematical algorithms with provable,
adaptive and sustainable performance is a major challenge. In this
context, this project is devoted to fundamental and practical
research speciﬁcally in exact linear algebra and system solving that
are two essential "dwarfs" (or "killer kernels") in scientiﬁc and
algebraic computing. The project should lead to progress in matrix
algorithms and challenge solving in cryptology, and should provide
new insights into high performance programming and library design
problems (J.-C. Faugère [contact], L. Perret, G. Renault, M. Safey
El Din).

**ANR Grant GeoLMI: Geometry of Linear Matrix Inequalities
(2011-2015).** GeoLMI project aims at developing an algebraic
and geometric study of linear matrix inequalities (LMI) for systems
control theory. It is an interdisciplinary project at the border
between information sciences (systems control), pure mathematics
(algebraic geometry) and applied mathematics (optimisation). The
project focuses on the geometry of determinantal varieties, on
decision problems involving positive polynomials, on computational
algorithms for algebraic geometry, on computational algorithms for
semi-deﬁnite programming, and on applications of algebraic geometry
techniques in systems control theory, namely for robust control of
linear systems and polynomial optimal control (Participants:
J.-C. Faugère, M. Safey El Din [contact], E. Tsigaridas).

Type: PEOPLE

Defi:

Instrument: Career Integration Grant

Objectif: NC

Duration: May 2013 - April 2017

Coordinator: Jean-Charles Faugère

Partner: Institut National de Recherche en Informatique et en Automatique (Inria), France

Inria contact: Elias Tsigaridas

Abstract: The project Algebraic Algorithms and Applications (A3) is an interdisciplinary and multidisciplinary project, with strong international synergy. It consists of four work packages The first (Algebraic Algorithms) focuses on fundamental problems of computational (real) algebraic geometry: effective zero bounds, that is estimations for the minimum distance of the roots of a polynomial system from zero, algorithms for solving polynomials and polynomial systems, derivation of non-asymptotic bounds for basic algorithms of real algebraic geometry and application of polynomial system solving techniques in optimization. We propose a novel approach that exploits structure and symmetry, combinatorial properties of high dimensional polytopes and tools from mathematical physics. Despite the great potential of the modern tools from algebraic algorithms, their use requires a combined effort to transfer this technology to specific problems. In the second package (Stochastic Games) we aim to derive optimal algorithms for computing the values of stochastic games, using techniques from real algebraic geometry, and to introduce a whole new arsenal of algebraic tools to computational game theory. The third work package (Non-linear Computational Geometry), we focus on exact computations with implicitly defined plane and space curves. These are challenging problems that commonly arise in geometric modeling and computer aided design, but they also have applications in polynomial optimization. The final work package (Efficient Implementations) describes our plans for complete, robust and efficient implementations of algebraic algorithms.

We are involved in the ECCA (Exact/Certifed Computation with Algebraic Systems) Team of LIAMA. Our partners are mainly from the Chinese Academy of Sciences and Beihang Univ. Our research focuses mainly on polynomial system solving and its applications.

Title: Hybrid Methodologies for Quantifier Elimination, Global Optimization, Linear Algebra and Polynomial System Solving

International Partner (Institution - Laboratory - Researcher):

North Carolina State University (ÉTATS-UNIS)

Duration: 2012 - 2014

Reliable and certified computing is a major issue in computer science motivated by huge needs in engineering sciences and in the industry (aeronautics, railway transports, etc.). At the same time, the need for high-performance computational routines is constantly increasing. It is tackled on the one hand by designing asymptotically fast algorithms which often have the feature to be randomized and/or approximate and/or probabilistic and on the other hand by developing high performance implementations. Our goal is to conciliate high-performance computing with certification and/or validation issues. We will mainly focus on algebraic problems, and precisely on linear and non-linear systems of equations and/or inequalities. In this context, hybrid methodologies combining exact and numeric computation are traditionally used in two separate ways: either exact computation is used to analyze the robustness of numerical schemes or numerical computation is used to speed up computations. Our viewpoint is to mix these trends in hybrid methodologies by exploiting the scientific continuum from linear algebra to quantifier elimination and global optimization through Grobner bases computations for polynomial system solving.

Éric Schost, Univ. Western Ontario, Canada.

Nitin Saxena, IIT Kanpur, India.

Danilo Gligoroski, NTNU, Norway.

Ivan Bannwarth

Date: Mar 2014 – Aug 2014

Institution: Université de Versailles – Saint-Quentin-en-Yvelines (France)

Matías Bender

Date: Sep 2014 – Feb 2015

Institution: Universidad de Buenos Aires (Argentine)

Anca Nitulescu

Date: Mar 2014 – Aug 2014

Institution: Université Paris Diderot (France)

Ulrick Severin

Date: Sep 2013 – Mar 2014

Institution: Dassault Systèmes (France)

Our seminar hosted over twenty invited speakers in 2014.

Dongming Wang was involved in the organization of the following conferences

Third International Seminar on Program Verification, Automated Debugging and Symbolic Computation (PAS 2014) (Vienna, Austria, July 17-18, 2014).

Software for Geometry at the 4th International Congress on Mathematical Software (ICMS 2014) (Seoul, Korea, August 5-9, 2014).

Ludovic Perret was member of the program committee of the following conference:

Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques (11 ? 15 May 2014 Copenhagen, Denmark)

Mohab Safey El Din was member of the program committee of the following conferences:

39-th Symposium on Symbolic and Algebraic Computation (ISSAC 2014) (Kobe, Japan, July 23-25, 2014)

ACM Symbolic-Numeric Computation Conference (SNC 2014) (Shangai, China, July 28-31, 2014)

Jean-Charles Faugère and Ludovic Perret were involved in a special Issue of the Journal Of Symbolic Compuation (JSC) devoted to Mathematical and Computer Algebra Techniques in Cryptology.

Jean-Charles Faugère was member of the program committee of the following conferences:

39-th Symposium on Symbolic and Algebraic Computation (ISSAC 2014) (Kobe, Japan, July 23-25, 2014)

The IACR International Conference on Practice and Theory of Public-Key Cryptography (PKC'2015)

The thirteenth conference MEGA (University of Trento, Italy)

Elias Tsigaridas was member of the program committee of the following conferences:

ACM Symbolic-Numeric Computation Conference (SNC 2014) (Shangai, China, July 28-31, 2014)

Dongming Wang was member of the program committes of the following conferences

6th International Symposium on Symbolic Computation in Software Science (SCSS 2014) (Gammarth, Tunisia, December 7-11, 2014),

16th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC 2014) (Timisoara, Romania, September 22-25, 2014),

12th International Conference on Artificial Intelligence and Symbolic Computation (AISC 2014) (Sevilla, Spain, December 11-13, 2014),

10th International Workshop on Automated Deduction in Geometry (ADG 2014) (Coimbra, Portugal, July 9-11, 2014).

Ludovic Perret is member of the editorial board of Designs, Codes and Cryptography published by Springer.

Mohab Safey El Din is member of the editorial board of Journal of Symbolic Computation (published by Academic Press/Elsevier, London).

Dongming Wang has the following editorial activities:

Editor-in-Chief and Managing Editor for the journal

Mathematics in Computer Science (published by Birkhäuser/Springer, Basel).

Executive Associate Editor-in-Chief for the journal

SCIENCE CHINA Information Sciences (published by Science China Press, Beijing and Springer, Berlin).

Member of the Editorial Boards for the

Journal of Symbolic Computation (published by Academic Press/Elsevier, London),

Frontiers of Computer Science (published by Higher Education Press, Beijing and Springer, Berlin),

Texts and Monographs in Symbolic Computation (published by Springer, Wien New York),

Book Series on Mathematics Mechanization (published by Science Press, Beijing),

Book Series on Fundamentals of Information Science and Technology (published by Science Press, Beijing).

Member of the International Advisory Board for the Communications of JSSAC (Japan Society for Symbolic and Algebraic Computation) (published by JSSAC).

Editor for the Book Series in Computational Science (published by Tsinghua University Press, Beijing).

Jean-Charles Faugère was invited talk at:

Workshop on Polynomials over Finite Fields - Barcelona - Centre de Recerca Matemàtica (CRM) - Spain

Computational Nonlinear Algebra - Computational Nonlinear Algebra (ICERM) - Providence - USA

Main lecture - Journées Nationales de Calcul Formel

Guénaël Renault was invited speaker for the following international conferences:

Espaces de modules effectifs et application à la cryptographie (June 10-13, 2014, Rennes, France)

18th Workshop On Elliptic Curve Cryptography (October 8-10, 2014, Chennai, India)

Mohab Safey El Din was invited talk at:

Workshop *Solving Polynomial Equations* as part of the
*Algorithms and Complexity in Algebraic Geometry* program,
Simons Institute, Berkeley, Oct. 2014.

Special track on *Algebraic techniques in polynomial
optimization*, IFORS, Barcelona, Spain, July, 2014.

*Real Algebraic Geometry With A View Toward Systems
Control and Free Positivity*, Oberwolfach, Germany, April,
2014.

Jérémy Berthomieu had the following teaching activities:

Master : Modélisation et résolutions numérique et
symbolique de problèmes *via* les logiciels Maple et
MATLAB, 54 heures équivalent TD, niveau M1,
Université Pierre-et-Marie-Curie, France

Master : Algèbre linéaire et applications, 35 heures équivalent TD, niveau M1, Université Pierre-et-Marie-Curie, France

Master : Introduction à la Sécurité, 32 heures équivalent TD, niveau M1, Université Pierre-et-Marie-Curie, France

Licence : Introduction au Calcul Scientifique, 40 heures équivalent TD, niveau L2, Université Pierre-et-Marie-Curie, France

Jean-Charles Faugère had the following teaching activities:

Master : Résolution de systèmes polynomiaux, 12 heures équivalent TD, niveau M2, MPRI

Ludovic Perret had the following teaching activities:

Master : Résolution de systèmes polynomiaux, 12 heures équivalent TD, niveau M2, MPRI

Master : Responsable Introduction à la sécurité, 96 heures équivalent TD, niveau M1, Université Pierre-et-Marie-Curie, France

Master : Responsable Complexité, 48 heures équivalent TD, niveau M1, Université Pierre-et-Marie-Curie, France

Licence : Introduction à l'Algorithmique, niveau L2, Université Pierre-et-Marie-Curie, France

Licence : Responsable en L2 du parcours informatique-mathématiques appliquées (PIMA), niveau L2, Université Pierre-et-Marie-Curie, France

Guénaël Renault had the following teaching activities:

Master : Co-responsable de la spécialité SFPN du master d'informatique, Université Pierre-et-Marie-Curie, France

Master : Responsable Cryptologie Avancée et Appliquée, 50 heures équivalent TD, niveau M2, Université Pierre-et-Marie-Curie, France

Master : Responsable Sécurité et Canaux Auxiliaires, 12 heures équivalent TD, niveau M2, Université Pierre-et-Marie-Curie, France

Master : Responsable Modélisation des attaques et des menaces, 25 heures équivalent TD, niveau M1, Université Pierre-et-Marie-Curie, France

Master : Responsable Algèbre linéaire et applications, 25 heures équivalent TD, niveau M1, Université Pierre-et-Marie-Curie, France

Licence : Responsable Introduction à la cryptologie, 40 heures équivalent TD, niveau L3, Université Pierre-et-Marie-Curie, France

Mohab Safey El Din had the following teaching activities:

Master : Résolution de systèmes polynomiaux, 30 heures équivalent TD, niveau M2, Université Pierre-et-Marie-Curie, France

Master : Modélisation et résolutions numérique et
symbolique de problèmes *via* les logiciels Maple et
MATLAB, 21 heures équivalent TD, niveau M1,
Université Pierre-et-Marie-Curie, France

Licence : Introduction à la Cryptologie, 20 heures équivalent TD, niveau L3, Université Pierre-et-Marie-Curie, France

PhD : Jules Svartz, Résolution de Systèmes polynomiaux structurés de Dimension zéro, Université Pierre-et-Marie-Curie (Univ. Paris 6), 30 Oct. 2014, Jean-Charles Faugère

PhD in progress : Ivan Bannwarth, Fast algorithms for studying real algebraic sets, Sept. 2014, Mohab Safey El Din

PhD in progress : Simone Naldi, Exact algorithms for rank defects in linear matrices, Sept. 2012, Didier Henrion and Mohab Safey El Din

PhD in progress : Fréderic Urvoy de Portzamparc, Algebraic Cryptanalysis and Physical Attacks in Code-Based Cryptography, Fev. 2012, Jean-Charles Faugère and Ludovic Perret

PhD in progress : Thibaut Verron, Gröbner bases and structured polynomial systems, Sept. 2012, Jean-Charles Faugère and Mohab Safey El Din

PhD in progress : Rina Zeitoun, Coppersmith's Algorithm and Applications in Cryptology, Jan. 2011, Jean-Charles Faugère and Guénaël Renault

Jen-Charles Faugère

member of the HDR committee of Guillaume Chèze

member of the HDR committee of Frederic Chyzac

member of the HDR committee of Clement Pernet

member of the PhD committee of Ruixian Renaud as the president of the committee.

member of the PhD committee of Jules Svartz as a an examiner.

Mohab Safey El Din was:

member of the PhD committee of Marta Abril Buccerro as a reviewer;

member of the PhD committee of Pierre Lairez as a reviewer;

member of the PhD committee of Jules Svartz as a an examiner.

member of the PhD committee of Sébastien Tavenas as a reviewer;

Guénaël Renault was invited speaker for the workshop
*Fabriquer le Hazard du forum Science, Recherche et Société*
(May 22, 2014) organized by the newspapers Le Monde et La Recherche.