International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Faugere's F5 Algorithm Revisited

Till Stegers
Search ePrint
Search Google
Abstract: We present and analyze the F5 algorithm for computing Groebner bases. On the practical side, we correct minor errors in Faugere's pseudo code, and report our experiences implementing the -- to our knowledge -- first working public version of F5. While not designed for efficiency, it will doubtless be useful to anybody implementing or experimenting with F5. In addition, we list some experimental results, hinting that the version of F5 presented in Faugere's original paper can be considered as more or less naive, and that Faugere's actual implementations are a lot more sophisticated. We also suggest further improvements to the F5 algorithm and point out some problems we encountered when attempting to merge F4 and F5 to an "F4.5" algorithm. On the theoretical side, we slightly refine Faugere's theorem that it suffices to consider all normalized critical pairs, and give the first full proof, completing his sketches. We strive to present a more accessible account of the termination and correctness proofs of F5. Unfortunately, we still rely on a conjecture about the correctness of certain optimizations. Finally, we suggest directions of future research on F5.
  title={Faugere's F5 Algorithm Revisited},
  booktitle={IACR Eprint archive},
  keywords={Groebner bases, public-key cryptography. cryptanalysis},
  note={Diplom thesis at TU Darmstadt, Germany 13588 received 10 Nov 2006, last revised 16 Mar 2007},
  author={Till Stegers},