on the complexity of lacunary polynomial divisibilitydroche/courses/sparsediv-talk.pdfgiven two...

On the Complexity of Lacunary Polynomial Divisibility

Daniel S. Roche

CS 887 Spring 2007University of Waterloo

17 September 2007

Roche (CS 887) Lacunary Polynomial Divisibility 17 September 2007 1 / 24

Outline

Outline

1 Introduction: Lacunary Polynomials

2 Complexity ResultsNP-Hardness#P-CompletenessOther Results and Observations

3 Proposed AlgorithmThings we can proveSome classes of failures

4 Experimental Results

5 Conclusions


Introduction

Polynomial Representations

Given a polynomial f (x) ∈ Z[x ], we can write:

f (x) = f0 + f1x + f2x2 + · · ·+ fnx

n

f (x) = a1xe1 + a2x

e2 + · · ·+ asxes ,

where a1, a2, . . . , as 6= 0 and e1 < e2 < · · · < es = n.

Dense Representation

〈f0, f1, . . . , fn〉, size O(n‖f ‖∞)

Sparse/Lacunary Representation

〈(a1, e1), (a2, e2), . . . , (as , es)〉, size O(

s log(n‖f ‖∞))


Introduction

Complexity of Lacunary Polynomial Operations

Sparse representation can be exponentially smaller than dense!

Question

Which polynomial operations are in P when the input is given in thelacunary representation?

Equivalently,

Question

Which polynomial operations are truly made easier when the inputpolynomials are very sparse?


Complexity NP-Hardness

Plaisted’s NP-Hardness Results

Series of publications with hardness results:

Operations on a finite set of sparse polynomials (1977)

Just two polynomials (1984)

Polynomials with coefficients only 0,1,-1 (1985)

NP-Hard operations “close” to lacunary divisibility

Degree of GCD of two or more polynomials

Degree of remainder

Divisibility of the product of a set of polynomials by a single one



A Typical Proof

Theorem (Plaisted – 1984)

Given two integer polynomials f (x) and g(x), it is NP-Hard to determine

if the degree of their gcd is at least 1.

Outline of proof:

1 Let F be an input formula to 3-SAT

2 Map each 3-literal clause to a sparse polynomial whose rootscorrespond to satisfying assignments

3 Sum the polynomials in such a way that the sum has roots only whereall summands have a root

4 GCD test to see if any such roots exist



A Typical Proof (2)

Proof.

Predicate symbols of F : P1, P2, . . . ,Pk

M ← p1p2 · · · pk , ω ← e2πi/M

Pi assigned “true” by ωj iff pi |j

A polynomial “represents” a formula iff it has zeros at every root ofunity which satisfies the formula.

xM/pi represents Pi and 1 + xM/pi + · · ·+ x (pi−1)M/pi represents ¬Pi

Prod. of polynomials representing literals represents their disjunction

Say fi (x) represents clause Ci in F (n clauses total)

Let f ∗i (x) be fi (x) times its reversal xdi fi (1/x)

Note f ∗i (x) = 0 iff fi (x) = 0 and |z | = 1 implies f ∗i (z) ∈ R+

Then∑

f ∗i (x) has a zero of modulus 1 iff F satisfiable

This is true iff deg gcd(∑

f ∗i (x), xM − 1) > 0



Other NP-Hard Operations

Theorem

Given g(x), f1(x), . . . , fk(x) ∈ Z[x ], it is NP-hard to determine if g(x)divides

∏

fi (x).

Proof.

Same reduction as before. Note F is satisfiable iff ¬F is not a tautology,iff xM − 1 doesn’t divide a polynomial representing F . P-time computablebecause negation of CNF is DNF.

Theorem

Given g(x), f (x) ∈ Z[x ], it is NP-hard to determine if the degree of the

remainder when f (x) is divided by g(x) is maximal.

Reduction from subset sub problem


Complexity #P-Completeness

Complexity Class #P

Definition

A function f : Σ∗ → N is in #P iff f counts the number of verifier stringswhich cause some Turing machine M to accept on given input.

Extension of NP to counting problems

Every NP-Complete problem generates a #P-Complete problem (notalways trivial though)

Some #P-Complete Problems

How many ways to satisfy a boolean formula?

How many Hamiltonian paths in a graph?

How many k-cliques in a graph?

How many subsets sum to zero?


Complexity #P-Completeness

#P-Complete Problems with Sparse Polynomials

From Quick, von zur Gathen, Karpinski, Shparlinski (1986-1996):

Theorem

For f1(x), f2(x), . . . , fk(x) ∈ Z[x ], computing deg gcd(f1(x), . . . , fk(x)) is

#P-Complete. In certain cases, just computing deg gcd(f1(x), f2(x)) is

also #P-Complete.

Basic results are achieved by the same reduction as our proof before, butbeing much more careful so that the number of satisfying assignments forF is recoverable (in polynomial time) from the degree of the GCD.


Complexity Other Results and Observations

Non-divisibility is in NP

Theorem (Grigoriev,Karpinski,Odlyzko)

Sparse polynomial non-divisibility testing is in NP, under the Extended

Riemann Hypothesis

Proof.

Suppose g(x) does not divide f (x). Then, under ERH, there is a p whosesize (not value) is polynomially bounded by the input size such that g(x)has a root in Zp[x ] with higher multiplicity that the multiplicity in f (x).So the prime p and the root α constitute a short proof fornon-divisibility.

As we will see, if we can prove our algorithm succeeds with highprobability, then we will have another proof that non-divisibility is in NP.


Complexity Other Results and Observations

So why isn’t sparse divisibility NP-Hard?

Lemma

The following are equivalent:

g(x)|f (x)

deg gcd(g(x), f (x)) is maximal

deg rem(f (x), g(x)) is minimal

Based on these strong relationships to hard problems, why can’t we usethe techniques above to prove sparse divisibility is hard?

Taking the product of even a finite number of sparse polynomialscauses an exponential blow-up in the size of the result.

Sparse divisibility corresponds to the “opposite” of the provably hardgcd and remainder problems.

Other #P-Complete problems easy at one end and hard at the other:3-SAT, k-clique


Algorithm

Proposed Algorithm for Sparse Divisibility

The algorithm (originally suggested by Wayne Eberly) is simple:

Algorithm

1 Choose a small prime p

2 Compute f (x) and g(x) mod Φp(x)

3 Compute f (x)/g(x) in the field Q[x ]/Φp(x)

4 If the quotient has integer coefficients, return “divides”; otherwisereturn “does not divide”.

Here Φp(x) is the p’th cyclotomic polynomial, and “small” p means thevalue of p is polynomially bounded by the input size.


Algorithm Things we can prove

Basic requirements

Theorem

The algorithm always runs in polynomial time.

Proof.

We just need to see that we can compute the remainders mod Φp(x) inpolynomial time. First, note that each Φp(x) is a divisor of xp − 1.Reducing mod xp − 1 is just mapping each exponent to its remainder modp, and so this can be done in polynomial time.Then we reduce this image mod Φp(x) to get the remainder. This and allother steps run in O(pO(1)) time, so the whole algorithm runs inpolynomial time.



Basic requirements (2)

Theorem

If g(x)|f (x), the algorithm always gives correct output.

Proof.

If g(x)|f (x), then ∃q(x) ∈ Z[x ] such that g(x)q(x) = f (x), and so thecomputed quotient will just be q(x) mod Φp(x), which must have integercoefficients.



Simplifying Lemmas

Lemma

Suppose f (x) = f (x)h(x) and g(x) = g(x)h(x) with gcd(f (x), g(x)) = 1and deg g(x) > 0. Then the algorithm incorrectly reports “divides” on

input of f (x), g(x) only if it gives incorrect output on input of f (x), g(x).

Proof.

Denote by g−1(x) the inverse of g(x) in Q[x ]/Φp(x). Suppose thealgorithm incorrectly reports “divides” on input of f (x), g(x). Thenf (x)g−1(x) ∈ Z[x ], and therefore f (x)h(x)g−1(x)h−1(x) ∈ Z. But thismeans that f (x)g−1(x) ∈ Z, so the algorithm will report “divides” oninput of f (x), g(x) as well.



Simplifying Lemmas (2)

Lemma

Suppose g(x) = g1(x)g2(x) and g(x) does not divide f (x). Then the

algorithm incorrectly reports “divides” on input of g(x), f (x) only if it

gives incorrect output on input of f (x), g1(x) or f (x), g2(x).

Proof.

If g1(x)|f (x) and g2(x)|f (x), then g(x)|f (x), so at least one ofg1(x), g2(x) does not divide f (x); w.l.o.g. say g1(x). If the algorithmincorrectly reports “divides” on input of g(x), f (x), thenf (x)g−1(x) = f (x)g−1

1 (x)g−12 (x) ∈ Z[x ]. Since g2(x) ∈ Z[x ], the product

f (x)g−11 (x)g−1

2 (x)g2(x) = f (x)g−11 (x) ∈ Z[x ], which means the algorithm

will incorrectly report “divides” on input of f (x), g1(x).

So any failure will occur only when f (x), g(x) are relatively prime, g(x) isirreducible, and g(x) does not divide f (x).


Algorithm Some classes of failures

When Φp(x) divides f (x)

If Φp(x)|f (x). then the image of f (x) mod Φp(x) is 0. Sof (x)g−1(x) = 0 in the cyclotomic field, and the algorithm will alwaysoutput “divides” no matter what the value of g(x).

Theorem

For f (x) ∈ mathbbZ [x ], the number of distinct Φp(x) which divide f (x) is

polynomially bounded by the sparse size of f (x).

Proof.

Lenstra showed that we can find all small factors of f (x) in polynomialtime. Since the p’s are bounded by the sparse size of f (x), all Φp(x)which divide f (x) are in fact “small”. Since we can find them all, thenthere can be only polynomially many of them.


Algorithm Some classes of failures

When Res(g(x), Φp(x) is 1 or -1

If g−1(x) ∈ Z[x ], then we will always have f (x)g−1(x) ∈ Z[x ], so thealgorithm will return “divides” no matter what the value of f (x) is.

Finding the inverse of g(x) in Q[x ]/Φp(x) is performed via theExtended Euclidian Algorithm, finding multipliers s(x), t(x) ∈ Q[x ]such that s(x)Φp(x) + t(x)g(x) = 1 — here t(x) is the inverse ofg(x) mod Φp(x).

If t(x) ∈ Z[x ], then s(x) ∈ Z[x ], and this only occurs when theresultant of g(x) and Φp(x) is a unit in Z. Evertse gives lowerbounds on the size of the resultant that seem to guarantee this neveroccurs, but this needs further investigation.


Experiments

Implementation

No good specialized package for sparse univariate polynomial arithmeticexists (like Victor Shoup’s NTL for dense polynomials).I chose to implement the algorithm in Maple for the following reasons:

All polynomials in Maple are stored in the sparse representation bydefault.

Maple includes a procedure divide which tests for polynomialdivisibility.

Basic routines such as extended Euclidian algorithm are implemented.

Their name is on the door.


Experiments

Constructing Timing Comparison Routines

Would be easier if we had, say, dense polynomials over Zp[x ].

Have to choose degree, sparsity, and size of coefficients for g(x) andf (x), in addition the prime p.

To increase sparse size linearly, increase sparsity by an additiveconstant and degree by a multiplicative constant at each iteration.

p chosen to be 3


Experiments

Our algorithm vs. Maple

Sparse Standard Maple

degree 101 102 103 104

time(s)

5

10

50

100

500

1000

Note logarithmic scales for both axes.Roche (CS 887) Lacunary Polynomial Divisibility 17 September 2007 22 / 24

Experiments

Correctness testing

Correctness testing is considerably less useful than timing comparisons.Nonetheless, we performed the following test:

Over 1,000,000 iterations

Random polynomial chosens with coefficients from -99 to 99, degreesas large as 10,000, and as many as 1,000 nonzero terms.

Fix p = 3.

Use built-in Maple function to confirm or deny “divides” results.

The results of the tests are quite promising:

35 failures

Every failure passed when we set p = 5.


Conclusions

Conclusions

Possible space of “bad cases” somewhat narrowed down

Experimental results are promising, but a complete correctness proofis still needed.

A Monte Carlo algorithm would give an ERH-independent proof thatnon-divisibility is in NP, and strong evidence that it is in P

“Practical” applications of fast divisibility test to lacunaryfactorization and decomposition.


on the complexity of lacunary polynomial divisibilitydroche/courses/sparsediv-talk.pdfgiven two...

Documents