overview of modular methods
play

Overview of Modular Methods http://cocoa.dima.unige.it/ J. Abbott - PowerPoint PPT Presentation

Overview of Modular Methods http://cocoa.dima.unige.it/ J. Abbott Universitt Kassel J. Abbott Modular Methods IITGN, Feb 2016 1 / 19 What are Modular Methods? Given two polynomials f , g Z [ x ] , compute h = gcd ( f , g ) Z [ x ]


  1. Overview of Modular Methods http://cocoa.dima.unige.it/ J. Abbott Universität Kassel J. Abbott Modular Methods IITGN, Feb 2016 1 / 19

  2. What are Modular Methods? Given two polynomials f , g ∈ Z [ x ] , compute h = gcd ( f , g ) ∈ Z [ x ] direct computation by Euclid’s Algorithm is often slow using pseudo-remainder produces large coefficients using Q coefficients requires rational normalization subresultant algorithm faster but more complicated In contrast: Euclid’s Algorithm works well in F p [ x ] Idea: Pick a prime p . h = gcd (¯ Compute ¯ f , ¯ g ) ∈ F p [ x ] . Reconstruct h from modular gcd, ¯ h . J. Abbott Modular Methods IITGN, Feb 2016 2 / 19

  3. What are Modular Methods? (cont’d) Two big questions: Which prime(s) to use? How to “reconstruct” the correct answer? The ring homomorphism φ N : Z − → Z / � N � is not invertible. But suppose we knew a bound B for the coefficients of h : namely | h | ∞ ≤ B − B ≤ c i ≤ B or equiv And suppose that N > 2 B . . . Now can we reconstruct h from ¯ h ? J. Abbott Modular Methods IITGN, Feb 2016 3 / 19

  4. What are Modular Methods? (cont’d) No!! We need to avoid bad primes, where ¯ h does not “look like” h . Example (A) : f = g = 3 x + 1 and p = 3; then gcd (¯ f , ¯ g ) = 1 Example (B) : f = x + 1 and g = 4 x + 1 and p = 3; then gcd (¯ f , ¯ g ) = x + 1 Bad primes of type (A) are easy to recognize: they divide LC ( f ) or LC ( g ) . We exclude such primes from now on. J. Abbott Modular Methods IITGN, Feb 2016 4 / 19

  5. What are Modular Methods? (cont’d) Bad primes of type (B) are not easy to recognise. We can nevertheless recognize relatively bad primes: Let ¯ h 1 be the gcd modulo prime p 1 , and let ¯ h 2 be the gcd modulo prime p 2 . If deg (¯ h 1 ) > deg (¯ h 2 ) then surely p 1 is bad. By considering the rank of a suitable Sylvester matrix we can say: there are only finitely many bad primes. J. Abbott Modular Methods IITGN, Feb 2016 5 / 19

  6. How many primes? What size? Suppose we have a bound B for the coefficients of the gcd: | h | ∞ ≤ B We could use either one big prime p > 2 B or many small primes p 1 , . . . , p s and use Chinese Remaindering or one small prime p and use Hensel Lifting. Notes: Chinese Remaindering works well in a parallel context; also helpful for detecting bad primes. J. Abbott Modular Methods IITGN, Feb 2016 6 / 19

  7. How many primes? What size? Just how big can the gcd h be? It is easy to get a degree bound for h , but what about the coefficients? “Rare” example: gcd with big coefficients gcd ( x 3 − x 2 − x + 1 , x 4 − x 3 − x + 1 ) = x 2 − 2 x + 1 many results about size of coeffs of factors in C [ x ] all known bounds are very pessimistic for factors in Z [ x ] Summary: we can compute a bound B but it is annoyingly large. J. Abbott Modular Methods IITGN, Feb 2016 7 / 19

  8. Scalar factors Still one important detail to settle: scalar factors. The gcd in F p [ x ] is defined up to a scalar factor. We want to ensure that ¯ h = φ p ( h ) for every good prime p . Idea: ensure that LC (¯ h ) = φ p ( LC ( h )) . We do not know the value of LC ( h ) but it surely divides gcd ( LC ( f ) , LC ( g )) Choose modular gcd so that LC (¯ ( h )) = φ p ( gcd ( LC ( f ) , LC ( g ))) ; reconstruct “small” scalar multiple of h ∈ Z [ x ] . Note: must increase B by the same scalar factor! J. Abbott Modular Methods IITGN, Feb 2016 8 / 19

  9. Rational Recovery An alternative way to scale: make the gcd monic. This means that gcd ( f , g ) ∈ Q [ x ] ← − the coeffs are rational numbers. We can easily extend φ p : Q ∩ Z � p � − → Z / � p � How to invert it? Rational Reconstruction originally by Wang, Guy, Davenport refined by Collins, Encarnacion uses Continued Fractions, equiv. Euclid’s Algorithm it can fail: no such rational number exists New bound for modulus: to reconstruct p / q ∈ Q , assume we know bounds P ≥ | p | and Q ≥ q require the modulus N > 2 PQ . There is also vector rational reconstruction by Bright and Storjohann. J. Abbott Modular Methods IITGN, Feb 2016 9 / 19

  10. Final Verification The Final Verification If the prime(s) we used were good then the reconstructed poly is h ; it is easy to sort out the matter of the scalar multiple. But how do we know the primes were good? What if all the primes we tried were bad? We must verify the result: check that the reconstructed h actually divides both f and g . J. Abbott Modular Methods IITGN, Feb 2016 10 / 19

  11. In practice... Theory and practice. . . Since we have to verify the result anyway, and since all known bounds are very pessimistic... We ignore the coeff bound, and attempt reconstruction every few primes until success. How often to attempt reconstruction? We “watch” one coeff until it stabilizes, then try a full reconstruction. J. Abbott Modular Methods IITGN, Feb 2016 11 / 19

  12. Coefficient Field Extensions Coefficients in Algebraic Extensions We can use a similar approach for gcds in Q ( α, β, . . . )[ x ] . map coeffs into Z / � p � ( α, β, . . . ) ← − probably not a field! α, ¯ map coeffs into Z / � p � (¯ β, . . . ) for Z [ α ] solved by Lenstra using LLL lattice reduction generalized to Q ( α, β, . . . ) by Abbott J. Abbott Modular Methods IITGN, Feb 2016 12 / 19

  13. Hensel Lifting: p -adic Integers Quick Reminder of p -adic Integers Recall p -adic norm | a | p = p − ν where p ν || a . Z p is completion of Z with norm | · | p . Elements of Z p are formal power series in p : α = a 0 p 0 + a 1 p 1 + a 2 p 2 + · · · Note that α mod p k is a formal polynomial in p : α mod p k = a 0 p 0 + a 1 p 1 + · · · + a k − 1 p k − 1 α mod p k is a “good” k -th order approx to α : � � � α − ( α mod p k ) p ≤ p − k � � � J. Abbott Modular Methods IITGN, Feb 2016 13 / 19

  14. Hensel Lifting: outline Let f ∈ Z [ x ] and let p be a prime not dividing LC ( f ) . g ¯ g , ¯ Suppose φ p ( f ) = ¯ h ∈ Z / � p � [ x ] where gcd (¯ h ) = 1. Then by Hensel Lifting we can obtain a better factorization: g ( k ) ¯ h ( k ) ∈ Z / � p k � [ x ] f ≡ ¯ for any k ∈ N . linear lifting goes from Z / � p k � to Z / � p k + 1 � quadratic lifting goes from Z / � p k � to Z / � p 2 k � Hensel lifting can be applied in several contexts (same principle, different details) J. Abbott Modular Methods IITGN, Feb 2016 14 / 19

  15. Hensel Lifting a Factorization Lifting a factorization: main step Let f ∈ Z [ x ] be monic and let p be a prime, and suppose f ≡ g 1 h 1 mod p 1 with gcd ( g 1 , h 1 ) = 1. g , ˆ Since Z / � p � [ x ] is a PID, there exist ˆ h ∈ Z / � p � [ x ] such that g g + ˆ ˆ h h = 1 in Z / � p � [ x ] Set ∆ = ( f − g 1 h 1 ) / p 1 ∈ Z [ x ] . Set ∆ g = ˆ h ∆ mod g 1 ∈ Z / � p � [ x ] and ∆ h = ˆ g ∆ mod h 1 ∈ Z / � p � [ x ] Now f ≡ g 2 h 2 mod p 2 where g 2 = g 1 + p 1 ∆ g and h 2 = h 1 + p 1 ∆ h . Repeat until f ≡ g k h k mod p k . J. Abbott Modular Methods IITGN, Feb 2016 15 / 19

  16. Factorization Picture Z [ x ] Factorization Picture f ∈ Z [ x ] f = f 1 f 2 · · · f r ∈ Z [ x ] ↓ ↑ ↓ ↑ ↓ ↑ f ≡ G 1 G 2 · · · G s mod p k f ≡ g 1 g 2 · · · g s mod p − → Note: for some polynomials ( e.g. x 4 + 1) all primes are bad! J. Abbott Modular Methods IITGN, Feb 2016 16 / 19

  17. GCD of Multivariate Polynomials Multivariate Polynomials Let f ∈ k [ x , y ] , and let a ∈ k . Observe that evaluating y �→ a is just k [ x , y ] − → k [ x , y ] / � y − a � . if k is a finite field all choices of a may be bad Hensel lift all variables together Hensel lift the variables one at a time new problem: loss of sparsity Lagrange interpolation Zippel’s Algorithm sparse polynomial interpolation (de Prony, Ben-Or & Tiwari) ad hoc tricks exploiting sparsity J. Abbott Modular Methods IITGN, Feb 2016 17 / 19

  18. Fault-tolerant Rational Reconstruction Fault-tolerant Reconstruction Let a = p / q ∈ Q , and suppose we have residue-modulus pairs ( r i , m i ) satisfying qr i ≡ p ( mod m i ) for most indices i . Some of the residues may be wrong We can still reconstruct a : using continued fractions (Abbott, generalizes WGD) using lattice reduction (Böhm, Decker, Fieker, Pfister) New relationship between combined modulus and bounds: M / M 2 bad > 2 PQ Useful when bad primes cannot be recognized ( e.g. implicitization) J. Abbott Modular Methods IITGN, Feb 2016 18 / 19

  19. The End The End J. Abbott Modular Methods IITGN, Feb 2016 19 / 19

Recommend


More recommend