Certification of Minimal Approximant Bases Pascal Giorgi 1 , Vincent - PowerPoint PPT Presentation

Certification of Minimal Approximant Bases Pascal Giorgi 1 , Vincent Neiger 2 1 Universit´ 2 Universit´ e de Limoges, France e de Montpellier, France ISSAC’2018, New York, USA July 17, 2018

Approximant Bases Let F ∈ K [ X ] m × n a matrix of power series truncated at order d = ( d 1 , . . . , d n ) columnwise : ∀ 1 ≤ j ≤ n , deg F ∗ , j < d j approximant of F at order d : p ∈ K [ X ] 1 × m s.t. pF = [0 , . . . , 0] mod X ( d 1 ,..., d n ) the set A d ( F ) of all approximants of F forms a free K [ X ]-module of rank m [Van Barel, Bultheel 1992] . A basis P ∈ K [ X ] m × m of A d ( F ) is called an approximant basis

Minimal Approximant Bases Minimality row-reduced over K [ X ], i.e. minimal row degree among all bases     3 x 3 2 x 2 x + 3 3 x 3 + 4 x 2 2 x 3 + 3 x 2  , rdeg ( P ) = 5 x 2 P = 3    x 3 + 6 x 2 + 4 x 2 x 3 + 8 x 2 + 5 6 x 2 + 3 3

Minimal Approximant Bases Minimality row-reduced over K [ X ], i.e. minimal row degree among all bases     3 x 3 2 x 2 x + 3 3 x 3 + 4 x 2 2 x 3 + 3 x 2  , rdeg ( P ) = 5 x 2 P = 3    x 3 + 6 x 2 + 4 x 2 x 3 + 8 x 2 + 5 6 x 2 + 3 3 ⇒ row-reduction is related to the rdeg -leading matrix of P       3 x 3 2 x 2 1 x + 3 3 x 3 + 4 x 2 2 x 3 + 3 x 2  P = R = 5 x 2  , rdeg ( R ) = 1 3     2 x 2 + 4 x 5 x 2 + 5 x 2 + 3 − 1 1 2

Shifted Minimal Approximant Bases Shifted row degree (or s -row degree) degree measure for weighting the columns with a shift s = ( s 1 , . . . , s m )   X s 1 ...   rdeg s ( P ) = rdeg ( PX s ) = rdeg ( P  )  X s m s -minimal approximant bases bases of A d ( F ) that have minimal s -row degree among all bases ( s -reduced)

Shifted Minimal Approximant Bases Shifted row degree (or s -row degree) degree measure for weighting the columns with a shift s = ( s 1 , . . . , s m )   X s 1 ...   rdeg s ( P ) = rdeg ( PX s ) = rdeg ( P  )  X s m s -minimal approximant bases bases of A d ( F ) that have minimal s -row degree among all bases ( s -reduced) s -Popov approximant bases (uniqueness) rdeg s -leading matrix → unitary lower triangular matrix cdeg -leading matrix → identity

Algorithms for Approximant Bases - polynomial matrix F ∈ K [ X ] m × n > 0 with D = | d | = � - order d = ( d 1 , . . . , d n ) ∈ Z n j d j - shift s ∈ Z m Best known algorithms to date cost in O ˜( m ω D / m ) = O ˜( m ω − 1 D ) minimal bases (unique order, no shift) [G., Jeannerod, Villard ISSAC’03] s -minimal bases (unique order, small shifts) [Zhou, Labahn ISSAC’12] s -Popov bases (all orders/shifts) [Jeannerod et al. ISSAC’16]

Algorithms for Approximant Bases - polynomial matrix F ∈ K [ X ] m × n > 0 with D = | d | = � - order d = ( d 1 , . . . , d n ) ∈ Z n j d j - shift s ∈ Z m Best known algorithms to date cost in O ˜( m ω D / m ) = O ˜( m ω − 1 D ) minimal bases (unique order, no shift) [G., Jeannerod, Villard ISSAC’03] s -minimal bases (unique order, small shifts) [Zhou, Labahn ISSAC’12] s -Popov bases (all orders/shifts) [Jeannerod et al. ISSAC’16] These are deterministic non-optimal algorithms, i.e. Size ( F ) = mD when delegating computation → hope for faster verification

Verifying outsourced computation F , x Verifier Prover y= F (x), proof generating the proof must be negiglible verifying the proof must be easier than computing F (x) → different models : interactive or static

Verifying outsourced computation F , x Verifier Prover y= F (x), proof generating the proof must be negiglible verifying the proof must be easier than computing F (x) → different models : interactive or static Sometimes the proof is unnecessary : → Freivalds’ verification of matrix mul. ( uA ) B = uC

Certifying linear algebra Generic approaches exist Interactive proof for boolean circuits [Goldwasser, Kalai, Rothblum ’08 ; Thaler ’13] matrix mul. reduction → rerun with Freivalds [Kaltofen, Nehrig, Saunders ISSAC’11] prover or verifier time might not be optimal ✗

Certifying linear algebra Generic approaches exist Interactive proof for boolean circuits [Goldwasser, Kalai, Rothblum ’08 ; Thaler ’13] matrix mul. reduction → rerun with Freivalds [Kaltofen, Nehrig, Saunders ISSAC’11] prover or verifier time might not be optimal ✗ Optimal ad’hoc verifications exist [Dumas,Kaltofen ISSAC’14] ✓ prover and verifier time can be “optimal” ✓ independent of the circuit (certifying result rather than execution)

Certifying linear algebra Generic approaches exist Interactive proof for boolean circuits [Goldwasser, Kalai, Rothblum ’08 ; Thaler ’13] matrix mul. reduction → rerun with Freivalds [Kaltofen, Nehrig, Saunders ISSAC’11] prover or verifier time might not be optimal ✗ Optimal ad’hoc verifications exist [Dumas,Kaltofen ISSAC’14] ✓ prover and verifier time can be “optimal” ✓ independent of the circuit (certifying result rather than execution) How to optimally certify/verify approximant bases ?

Main result Given P a s -minimal basis of A d ( F ) with Size ( P ) = O ( mD ) Static proof for s -minimal approximant bases additional effort : O ( m ω − 1 D ) prover Monte Carlo verification : O ( mD + m ω − 1 ( m + n )) verifier D probability of error ≤ # S for S ⊂ K . ⇒ almost optimal certificate ( D ≫ m 2 often the case in practice) ⇒ total prover time remains in O ˜( m ω − 1 D )

Main result Given P a s -minimal basis of A d ( F ) with Size ( P ) = O ( mD ) Size ( P ) = O ( mD ) not in general ⇒ but bases computed by best known algorithms have such property | rdeg ( P ) | ∈ O ( D ) [Van Barel, Bultheel ’92 ; Zhou, Labahn ISSAC’12] | cdeg ( P ) | ≤ D ( s -Popov) [Jeannerod et al. ISSAC’16]

How to certify approximant basis Minimal : P is s -reduced 1 Approximant : PF = 0 mod X ( d 1 ,..., d n ) 2 Basis : rows of P generate A d ( F ) 3

How to certify approximant basis Minimal : P is s -reduced 1 This amounts to check non-singularity of the rdeg s -leading matrix of P ⇒ can be done at a cost O ( m ω )

How to certify approximant basis Approximant : PF = 0 mod X ( d 1 ,..., d n ) 2 not trivial → computing PF mod X ( d 1 ,..., d n ) costs O ˜( m ω − 1 D ).

How to certify approximant basis Approximant : PF = 0 mod X ( d 1 ,..., d n ) 2 not trivial → computing PF mod X ( d 1 ,..., d n ) costs O ˜( m ω − 1 D ). Proposition : Freivalds + [G. ’18] verify PF = G mod X ( d 1 ,..., d n ) at optimal cost O ( mD )

How to certify approximant basis Approximant : PF = 0 mod X ( d 1 ,..., d n ) 2 not trivial → computing PF mod X ( d 1 ,..., d n ) costs O ˜( m ω − 1 D ). Proposition : Freivalds + [G. ’18] verify PF = G mod X ( d 1 ,..., d n ) at optimal cost O ( mD ) check ( uP ) F = uG mod X ( d 1 ,..., d n ) for a random vector u

How to certify approximant basis Approximant : PF = 0 mod X ( d 1 ,..., d n ) 2 not trivial → computing PF mod X ( d 1 ,..., d n ) costs O ˜( m ω − 1 D ). Proposition : Freivalds + [G. ’18] verify PF = G mod X ( d 1 ,..., d n ) at optimal cost O ( mD ) check ( uP ) F = uG mod X ( d 1 ,..., d n ) for a random vector u check for a random α ∈ S ⊂ K , δ = max ( d 1 , . . . , d n ) that   uP 0     F 0 uG 0 ... F 1 uG 1   uP 1 � 1 α . . . α δ − 1 �   � 1 α . . . α δ − 1 �     .  = .     . . .  ... ...  .  .  .    . F δ − 1 uG δ − 1 uP δ − 1 . . . uP 1 uP 0

How to certify approximant basis Approximant : PF = 0 mod X ( d 1 ,..., d n ) 2 not trivial → computing PF mod X ( d 1 ,..., d n ) costs O ˜( m ω − 1 D ). Proposition : Freivalds + [G. ’18] verify PF = G mod X ( d 1 ,..., d n ) at optimal cost O ( mD ) check ( uP ) F = uG mod X ( d 1 ,..., d n ) for a random vector u check for a random α ∈ S ⊂ K , δ = max ( d 1 , . . . , d n ) that   uP 0   F 0 ... F 1   uP 1 � 1 α . . . α δ − 1 �     .  = uG ( α )   . .  ... ...  .  .   . F δ − 1 uP δ − 1 . . . uP 1 uP 0

How to certify approximant basis Approximant : PF = 0 mod X ( d 1 ,..., d n ) 2 not trivial → computing PF mod X ( d 1 ,..., d n ) costs O ˜( m ω − 1 D ). Proposition : Freivalds + [G. ’18] verify PF = G mod X ( d 1 ,..., d n ) at optimal cost O ( mD ) check ( uP ) F = uG mod X ( d 1 ,..., d n ) for a random vector u check for a random α ∈ S ⊂ K , δ = max ( d 1 , . . . , d n ) that   F 0 F 1   � � uP ( α ) . . . α δ − j u ( P rem X j )( α ) . . . α δ − 1 uP 0  = uG ( α ) .   .  . F δ − 1 Horner’s intermediate values for α δ − 1 rev ( uP ) on X = α − 1

How to certify approximant basis Basis : rows of P generate A d ( F ) 3

How to certify approximant basis Basis : rows of P generate A d ( F ) 3 Proposed lemma rows of P generate A d ( F ) if and only if PF = 0 mod X d det ( P ) = X δ for 0 < δ ≤ D [Beckermann, Labahn ’97] � � ∈ K m × ( m + n ) has full rank, where the matrix P (0) C C = PFX − d mod X (our certificate)