Oracle-supported drawing of the Groebner escalier

Abstract

The aim of this note is to discuss the following quite queer Problem: GIVEN i) the free non-commutative polynomial ring, P := F X1,…,Xn (public), ii) a bilateral ideal I⊂ F X1,…,Xn (private), iii) a finite set G := \g1,…,gl\⊂ I of elements of the ideal I (public), a noetherian semigroup term-ordering , (private), on the word semigroup T := < X1,…,Xn>, COMPUTE --a finite subset H⊂( I) of the Gr\"obner basis ( I) of I w.r.t. s.t., for each gi∈ G its normal form NF(gi,H) w.r.t. H is zero, "by means of a finite number of queries to an oracle", which, given a term τ∈ T returns its canonical form (τ, I,) w.r.t. the ideal I and the term-ordering . This queer problem has been suggested to us by Bulygin (2005) where a similar problem, but with stronger assumptions, is faced in order to set up a chosen-cyphertext attack against the cryptographic system proposed in Rai (2004).