Algorithms for the Approximate Common Divisor Problem
نویسندگان
چکیده
The security of several homomorphic encryption schemes depends on the hardness of variants of the approximate common divisor (ACD) problem. We survey and compare a number of latticebased algorithms for the ACD problem, with particular attention to some very recently proposed variants of the ACD problem. One of our main goals is to compare the multivariate polynomial approach with other methods. We find that the multivariate polynomial approach is not better than the orthogonal lattice algorithm for practical cryptanalysis. We also briefly discuss a sample-amplification technique for ACD samples and a pre-processing algorithm similar to the Blum–Kalai–Wasserman algorithm for learning parity with noise. The details of this work are given in the full version of the paper.
منابع مشابه
Approximate Polynomial GCD over Integers with Digits-wise Lattice
For the given coprime polynomials over integers, we change their coefficients slightly over integers so that they have a greatest common divisor (GCD) over integers. That is an approximate polynomial GCD over integers. There are only two algorithms known for this problem. One is based on an algorithm for approximate integer GCDs. The other is based on the well-known subresultant mapping and the...
متن کاملThe ERES Method for Computing the Approximate GCD
The computation of the greatest common divisor (GCD) of a set of polynomials has interested the mathematicians for a long time and has attracted a lot of attention in recent years. A challenging problem that arises from several applications, such as control or image and signal processing, is to develop a numerical GCD method that inherently has the potential to work efficiently with sets of sev...
متن کاملApproximate greatest common divisor of many polynomials, generalised resultants, and strength of approximation
The computation of the Greatest Common Divisor (GCD) of many polynomials is a nongeneric problem. Techniques defining “approximate GCD” solutions have been defined, but the proper definition of the “approximate” GCD, and the way we can measure the strength of the approximation has remained open. This paper uses recent results on the representation of the GCD of many polynomials, in terms of fac...
متن کاملComputing Approximate GCD of Univariate Polynomials by Structure Total Least Norm
The problem of approximating the greatest common divisor(GCD) for polynomials with inexact coefficients can be formulated as a low rank approximation problem with Sylvester matrix. This paper presents a method based on Structured Total Least Norm(STLN) for constructing the nearest Sylvester matrix of given lower rank. We present algorithms for computing the nearest GCD and a certified 2-GCD for...
متن کاملApproximate Polynomial Common Divisor Problem Relates to Noisy Multipolynomial Reconstruction
In this paper, we investigate the hardness of the approximate polynomial common divisor problem, which is regarded as a polynomial analogy of the approximate integer common divisor problem. In order to solve this problem, we present a simple method by using the polynomial lattice reduction algorithm and contain complete theoretical analyses. Further, we propose an improved lattice attack to red...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016