Efficiently inverting bijections given by straight line programs

Let K be any field, and let F: K/sup n/ to K/sup n/ be a bijection with the property that both F and F/sup -1/ are computable using only arithmetic operations from K. Motivated by cryptographic considerations, the authors concern themselves with the relationship between the arithmetic complexity of F and the arithmetic complexity of F/sup -1/. They give strong relations between the complexity of F and F/sup -1/ when F is an automorphism in the sense of algebraic geometry (i.e. a formal bijection defined by n polynomials in n variables with a formal inverse of the same form). These constitute all such bijections in the case in which K is infinite. The authors show that at polynomially bounded degree, if an automorphism F has a polynomial-size arithmetic circuit, then F/sup -1/ has a polynomial-size arithmetic circuit. Furthermore, this result is uniform in the sense that there is an efficient algorithm for finding such a circuit for F/sup -1/, given such a circuit for F. This algorithm can also be used to check whether a circuit defines an automorphism F. If K is the Boolean field GF(2), then a circuit defining a bijection does not necessarily define an automorphism. However, it is shown in this case that, given any K/sup n/ to K/sup n/ bijection, there always exists an automorphism defining that bijection. This is not generally true for an arbitrary finite field.<<ETX>>

[1]  Matthew Dickerson The Inverse of an Automorphism in Polynomial Time , 1992, J. Symb. Comput..

[2]  Walter Baur,et al.  The Complexity of Partial Derivatives , 1983, Theor. Comput. Sci..

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Zhi-Li Zhang Complexity of Symmetric Functions in Perceptron-Like Models , 1992 .

[5]  Adi Shamir,et al.  An efficient signature scheme based on quadratic equations , 1984, STOC '84.

[6]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[7]  Jeffrey C. Lagarias,et al.  One-Way Functions and Circuit Complexity , 1986, Inf. Comput..

[8]  Erich Kaltofen Computing with polynomials given by straight-line programs I: greatest common divisors , 1985, STOC '85.

[9]  Andrew M. Odlyzko,et al.  Discrete Logarithms in Finite Fields and Their Cryptographic Significance , 1985, EUROCRYPT.

[10]  Zhi-Li Zhang,et al.  Location Service in Ad-Hoc Networks : Modeling and Analysis , .

[11]  Susan Landau,et al.  Polynomial Decomposition Algorithms , 1989, J. Symb. Comput..

[12]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[13]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[14]  H. Bass,et al.  The Jacobian conjecture: Reduction of degree and formal expansion of the inverse , 1982 .