By Antoine Joux (auth.), David Pointcheval, Thomas Johansson (eds.)

This booklet constitutes the refereed lawsuits of the thirty first Annual overseas convention at the conception and functions of Cryptographic recommendations, EUROCRYPT 2012, held in Cambgridge, united kingdom, in April 2012.

The forty-one papers, awarded including 2 invited talks, have been rigorously reviewed and chosen from 195 submissions. The papers are equipped in topical sections on index calculus, symmetric structures, safe computation, protocols, lossy trapdoor services, instruments, symmetric cryptanalysis, absolutely homomorphic encryption, uneven cryptanalysis, effective discounts, public-key schemes, safety versions, and lattices.

Advances in Cryptology – EUROCRYPT 2012: 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15-19, 2012. Proceedings

Of these polynomials ti,j fi = k cki,j mk with respect to the basis B. . ⎛ m1 > m2 > . . ⎞ Precisely, Lazard [34] proved the following fundamental result: Theorem 1. Let F = {f1 , . . , f } ⊂ R. There exists a positive integer D for which Gaussian elimination on all matrices M1 (F ), M2 (F ), . . , MD (F ) computes a Gröbner basis of f1 , . . , f . F4 [16] can be seen as another way to use linear algebra without knowing an a priori bound. It successively constructs and reduces matrices until a Gröbner basis is found.

Let yi,j be m · n variables deﬁned by xi = ν1 yi,1 + ν2 yi,2 + · · · + νn yi,n . g. [11, Chapter 7]). By replacing the variables xi in the polynomial f , we get a new polynomial fV ∈ F2n [y1,1 , . . , ym,n ] with m · n variables. The linear constraints on f are translated to Galoisian constraints by constraining the solutions of fV to F2 . Using the ﬁeld equations, fV is viewed more precisely as a a polynomial in the aﬃne algebra A(F2n ) := F2n [y1,1 , . . , ym,n ]/ Sfe , where Sfe is the 0-dimensional ideal generated by the ﬁeld equations: 2 Sfe = {yi,j − yi,j }1≤j≤n 1≤i≤m .

Xt,nt −1 , 1). Finally, we shall say that f has a multi-homogeneous structure if it is multi-homogeneous or aﬃne multihomogeneous. A system of equation has a multi-homogeneous structure if each equation has a multi-homogeneous structure (the equations can have diﬀerent multi-degrees). e. W (e) := ∞ i=0 ei . We write nk for the number of choices of k elements among a set of n elements without repetition. We write O for the “big O” notation: given two functions f and g of n, we say that f = O(g) if there exist N, c ∈ Z+ such that n > N ⇒ f (n) ≤ cg(n).