1. No category

Chapter 5: Interpolation and the Chinese Remainder Theorem

Chapter 5
Interpolation and the Chinese
Remainder Theorem
In this chapter, we will consider polynomial evaluation and generalizations of it.
One such generalization is the Chinese Remainder Theorem, which works not only
for polynomials, but also for integers. In the later chapters, we will need to effectively compute the isomorphism given by the Chinese Remainder Theorem. The
algorithms from this chapter allow to do this.
The algorithms described here work with all kinds of polynomial and integer
arithmetics; in particular, they also work with the fast arithmetics described in
Chapter 3. Using the Fast Fourier Transform based arithmetic form Section 3.8, we
will see that all operations can be done in softly linear time.
5.1
Multipoint Evaluation
Let R be a ring a = (a1 , . . . , an ) ∈ Rn a vector of elements of R. Consider the map
Φa : R[X] → Rn ,
f 7→ (f (a1 ), . . . , f (an )).
This map is called the multipoint evaluation map and is a ring homomorphism, if
one considers K n with component-wise addition and multiplication.
In case ai − aj ∈ R∗ for i 6= j, this map is surjective:1 one can define
fi :=
Y
(ai − aj )−1 · (X − aj ) ∈ R[X],
j6=i
which satisfies fi (ai ) = 1 and fj (ai ) = 0 for j 6= i. Given b = (b1 , . . . , bn ) ∈ Rn ,
P
it allows to construct f = ni=1 bi fi ∈ R[X] of degree < n with Φa (f ) = b. The
polynomials fi are called the Lagrange interpolation polynomials.
Also note that in case Φa is surjective, Φa ’s kernel is principal and generated2
1
Note that this condition is also necessary. Note that it suffices to consider the case n = 2. In
case a1 − a2 6∈ R∗ , let I be the ideal generated by a1 − a2 . Using the binomial theorem, one quickly
verifies that f (a2 ) = f (a1 + (a2 − a1 )) = f (a1 ) + b, where b ∈ I. Therefore, there exists no f ∈ R[X]
with f (a1 ) = 0 and f (a2 ) = 1.
Qn
2
By using long division with g := i=1 (X − ai ), it suffices to consider polynomials of degree < n
(we can use long division since LC(g) is a unit). Thus we have to show that f ∈ R[X] with
deg f < 0 satisfies Φa (f ) = 0 if and only if f = 0. Note that R[X]<n ∼
= Rn as R-modules, and
φ := Φa |R[X]<n can thus be interpreted as a surjective endomorphism of the R-module Rn . But
for any commutative unitary ring, a surjective endomorphism of a finitely generated R-module is
already an automorphism [Eis95, Corollary 4.4], whence φ is also injective, and φ(f ) = 0 = φ(0)
implies f = 0.
157
158
by
CHAPTER 5. INTERPOLATION AND THE CHINESE REMAINDER ...
i=1 (X
− ai ).
We are interested in two tasks:
Qn
1. given f ∈ R[X] and a = (a1 , . . . , an ) ∈ Rn , compute Φa (f ) efficiently;
2. given a = (a1 , . . . , an ), (b1 , . . . , bn ) ∈ Rn with ai − aj ∈ R∗ for i 6= j, efficiently
compute f ∈ R[X] with deg f < n and Φa (f ) = b.
For task (a), one could obviously use Algorithm 3.8; then by Theorem 3.5.3, one
could compute Φa (f ) in n deg f multiplications in R and n deg f additions in R,
i.e. O(n deg f ) arithmetic operations in R. For task (b), one could compute each
Lagrange multiplication polynomial in O(n2 ) operations in K, and thus find f in
O(n3 ) arithmetic operations in R.
Both running times are far from optimal, especially if we can use fast multiplication in R[X]. One obvious question is: can this be done much faster? Note
that we have already considered a special case of (a), namely the vector a =
(ω 0 , ω 1 , . . . , ω n−1 ) in case n is a power of 2 and ω is a primitive n-th root of unity.
Then the Fast Fourier Transform, Algorithm 3.14, evaluates f of degree < n at a in
3
2 n log2 n arithmetic operations in R. So one could hope that the general case can
be done faster as well.
Now let us first consider a more general approach. If f ∈ R[X] and a, b ∈ R, then
f (a) = b if and only if f − b ∈ hX − ai, or formulated differently, f ≡ b (mod X − a).
In case of (a), we could thus also compute f modulo X − ai for i = 1, . . . , n; the
result would be the vector Φa (f ).
Assume we have monic polynomials g1 , . . . , gn . These could be the monomials X − ai , or any other polynomials, and we are interested in f mod g1 , . . . ,
f mod gn . To present the basic idea, first let us assume that n is a power of 2:
Example 5.1.1. We begin with a very specific power of 2, namely n = 22 = 4.
P
Moreover, assume that deg f, 4i=1 deg gi ≤ m. First precompute the products a10 =
g1 g2 , a11 = g3 g4 , a00 = g1 g2 g3 g4 . As deg a00 = deg a10 + deg a11 = deg g1 + deg g2 +
deg g3 +deg g4 ≤ m and by the superlinearity of M, we can compute all these products
in at most M(m)(log2 4 + 1) arithmetic operations in R (in fact, here, M(m) log2 4
arithmetic operations suffice); compare Section 4.2.5:
a00
a10
g1
a11
g2
g3
g4
Now that we have these products, we can first compute f modulo a00 ; denote this by
f10 . Then, we proceed recursively, and compute f00 := f10 mod a10 and f01 :=
f10 mod a11 . Finally, we compute h1 := f00 mod g1 , h2 := f00 mod g2 , h3 :=
f01 mod g3 and h4 := f10 mod g4 . Note that this yields hi = f mod gi . But how
fast is this approach?
Using Fast Division, we can compute f10 in 5 M(m) + 16m + 17 operations by
Theorem 3.3.5 (note that the divisor is monic). To compute f00 and f01 , note that
159
5.1. MULTIPOINT EVALUATION
deg f10 = deg f00 + deg f01 . Thus computing both of them requires
(4 M(deg a00 − deg a10 ) + M(deg a10 ) + 16(deg a00 − deg a10 ) + deg a00 + 17)
+ (4 M(deg a00 − deg a11 ) + M(deg a11 ) + 16(deg a00 − deg a11 ) + deg a00 + 17)
= (4 M(deg a11 ) + M(deg a10 ) + 16 deg a11 + deg a00 + 17)
+ (4 M(deg a10 ) + M(deg a11 ) + 16 deg a10 + deg a00 + 17)
≤ 5 M(m) + 16m + 2m + 2 · 17,
and computing h1 , . . . , h4 requires
(4 M(deg a10 − deg g1 ) + M(deg g1 ) + 16(deg a10 − deg g1 ) + deg a10 + 17)
+ (4 M(deg a10 − deg g2 ) + M(deg g2 ) + 16(deg a10 − deg g2 ) + deg a10 + 17)
+ (4 M(deg a11 − deg g3 ) + M(deg g3 ) + 16(deg a11 − deg g3 ) + deg a11 + 17)
+ (4 M(deg a11 − deg g4 ) + M(deg g4 ) + 16(deg a11 − deg g4 ) + deg a11 + 17)
= (4 M(deg g2 ) + M(deg g1 ) + 16 deg g2 + deg a10 + 17)
+ (4 M(deg g1 ) + M(deg g2 ) + 16 deg g1 + deg a10 + 17)
+ (4 M(deg g4 ) + M(deg g3 ) + 16 deg g4 + deg a11 + 17)
+ (4 M(deg g3 ) + M(deg g4 ) + 16 deg g3 + deg a11 + 17)
= 5M
X
4
deg gi + 16
4
X
deg gi + 2
deg a1i + 4 · 17
i=1
i=1
i=1
2
X
≤ 5 M(m) + 16m + 2m + 4 · 17.
Therefore, the total division-remainder costs are bounded by
(log2 4 + 1)(5 M(m) + 18m) + (2m − 1) · 17
arithmetic operations in R.
If one generalizes this approach to 2k terms, one obtains a total of O(M(n)k)
arithmetic operations for this generalized multipoint evaluation [vzGG03, Lemma 10.4
and Lemma 10.14].
Note that in case the tree is not very balanced, this approach is not optimal.
For example, in case deg g1 ≈ deg g2 ≈ deg g3 + deg g4 , the multiplication tree used
in the example is unbalanced, as deg a10 ≈ 2 deg a11 . Since the multiplication time
M is superlinear, we could obtain better running time bounds (especially for slower
multiplications such as classic and Karatsuba) if we arrange the tree differently. One
possibility using Huffman trees is discussed in detail in Sections 4.2.5 and 5.2.
Before we continue, let us discuss the case where n is not a power of two. For
example, if we have ten polynomials, we could form the following simple tree (see
Section 4.2.3) of height dlog2 10e = 4:
a00
a10
a11
a20
a30
g1
a31
g2
g3
a32
g4
g5
a33
g6
1
a22
a21
g7
a34
g8
g9
g10
1
160
CHAPTER 5. INTERPOLATION AND THE CHINESE REMAINDER ...
One can think of the nodes a11 and a22 having an additional child with value 1 (the
P
multiplicative identity). Then again, the degrees in each line add up to 10
i=1 deg gi .
All facts we need about such trees are listed in Proposition 4.2.15. The main
property we need is that if aki denotes the product of all leafs under the i-th node
in row k, then
min{2h−k (i+1),n}
aki =
Y
gi ,
j=2h−k i+1
and for each level k,
h−k −1
dn/2Y
e
aki =
i=0
n
Y
gi .
i=1
Input: g1 , . . . , gn ∈ R[X]
Output: All products (aki )0≤k<h, 0≤i<dn/2h−k e , where h = dlog2 ne
1. Let h = dlog2 ne and set `h := n;
2. Set ahi = gi+1 , 0 ≤ i < `h ;
3. For k = h − 1, . . . , 0, do:
(a) Compute `k := d`k+1 /2e;
(b) For i = 0, . . . , `k − 2, do:
• Compute aki := ak+1,2i · ak+1,2i+1 ;
(c) If 2`k − 1 < `k+1 :
• Then compute ak,`k −1 := ak+1,2`k −2 · ak+1,2`k −1 ;
• Else set ak,`k −1 := ak+1,2`k −2 ;
4. Return (aki )0≤k<h, 0≤i<dn/2h−k e .
Algorithm 5.1: Compute all products aki =
l
Qmin{2h−k (i+1),n}
j=2h−k i+1
gj , 0 ≤ k < h :=
m
dlog2 ne, 0 ≤ i < n/2h−k for Polynomials
Proposition 5.1.2. If
i=1 deg gi
Pn
≤ m, then Algorithm 5.1 computes all prod-
ucts (aki )0≤k<h, 0≤i<dn/2h−k e with aki =
arithmetic operations in R.
Qmin{2h−k (i+1),n}
j=2h−k i+1
gj in M(m)(log2 n + 1)
l
m
Proof. For k ∈ {0, . . . , h − 1}, we have to compute at most t̂ = n/2h−k products.
If there are t ∈ {t̂ − 1, t̂} products, each of polynomials with coefficients of degree ≤
P
P
m1 , . . . , mt , then ti=1 mi ≤ nj=1 deg gj ≤ m. Therefore, the complexity for fixed k
is bounded by
t
X
i=1
X
n
M(mi ) ≤ M
deg gj
≤ M(m).
j=1
We conclude with h = dlog2 ne ≤ log2 n + 1.
Theorem 5.1.3 (Simultaneous Reduction Modulo Different Monic Polynomials).
Let f ∈ R[X] be any polynomial and let g1 , . . . , gn ∈ R[X] be monic polynomials. Let
5.1. MULTIPOINT EVALUATION
161
m ≥ deg f and m ≥ ni=1 deg gi . Then we can compute (f mod g1 , . . . , f mod gn ) ∈
R[X]n using Algorithms 5.1 and 5.2 in
P
(6 M(m) + 17m + 34)(log2 n + 1) ∈ O(M(m) log2 n)
arithmetic operations in R.
Note that we can replace log2 n by the entropy of the induced probability distribution as described in Section 4.2.5, which is never larger than log2 n, but can be
much smaller if the deg gi ’s are not all the same.
∈
f
Input:
R[X], all products (aki )0≤k<h, 0≤i<dn/2h−k e , where aki
=
min{2h−k (i+1),n}
gj ∈ R[X] and h := dlog2 ne
Output: (f mod gi )1≤i≤n
Q
j=2h−k i+1
1. Compute b00 := f mod a00 ;
2. For k = 1, . . . , h, do:
l
m
(a) For i = 0, . . . , n/2h−k − 2, do:
• Compute bki := bk−1,bi/2c mod aki ;
l
m
(b) If n/2h−k − 1 is even:
• Then set bk,dn/2h−k e−1 := bk−1,dn/2h−k+1 e−1 ;
• Else compute bk,dn/2h−k e−1 := bk−1,dn/2h−k+1 e−1 mod ak,dn/2h−k e−1 ;
3. Return (bh0 , . . . , bh,n−1 ).
Algorithm 5.2: Compute f mod gi for 1 ≤ i ≤ n for Polynomials
Proof. Algorithm 5.1 computes all products (aki )ki in M(m)(log2 n + 1) arithmetic
operations in R by Proposition 5.1.2.
Now in iteration k lof Algorithm
5.2, consider
m
jlthe indices
m ki1 = 2j and i2 = 2j + 1
(such that 2j + 1 ≤ n/2h−k − 1, i.e. j ≤ n/2h−k /2 − 1). In both cases,
bit /2c = j, and ak−1,j = ak,i1 · ak,i2 . Therefore, by Theorem 3.3.5, computation of
both bk,i1 and bk,i2 can be done in
4 M(ak,i1 ) + M(ak,i2 ) + 16ak,i1 + deg ak−1,j + 17
+ 4 M(ak,i2 ) + M(ak,i1 ) + 16ak,i2 + deg ak−1,j + 17
arithmetic operations in R. Therefore, for iteration k, we need at most
/2 −1
bdn/2h−k
Xe c
5 M(ak,2j ) + 5 M(ak,2j+1 ) + 17(deg ak,2j + deg ak,2j+1 ) + 34
j=0
X
n
≤ 5M
deg gj + 17
j=1
n
X
deg gj + 34
j=1
≤ 5 M(m) + 17m + 34.
Since we iterate this h = dlog2 ne ≤ log2 n + 1 times, the claim follows.
162
CHAPTER 5. INTERPOLATION AND THE CHINESE REMAINDER ...
The special case gi = X − ai implies the following result on multipoint evaluation. It shows that asymptotically, we can evaluate f in a1 , . . . , an with the same
asymptotic complexity as the Fast Fourier Transform (Algorithm 3.14).
Corollary 5.1.4 (Multipoint Evaluation). Given a = (a1 , . . . , an ) ∈ R and f ∈
R[X], we can evaluate Φa (f ) = (f (a1 ), . . . , f (an )) ∈ Rn in
O(M(n) log n + M(deg f ))
arithmetic operations in R.
Before we further generalize multipoint evaluation, we present an interlude on
resultants.
5.2
Reduction Using Huffman Trees
In this section, we want to show how the algorithms from the previous subsection
can be turned into Python code. First, we need certain facilities for Huffman trees.
Assume that we are given the following node class, together with a function to create
Huffman trees:
1
2
3
class Node ( object ) :
left = None
right = None
4
5
6
7
8
9
10
def c r e a t e H u f f m a n T r e e _ T u p l e L i s t ( data ) :
""" Creates a Huffman tree with the given data at its
leaves .
Each element in data should be a tuple (v , d ) , where v
will the the value of the leaf and d assigned to its
data attribute . """
...
We will not discuss this in more detail, and only refer to Section 4.2.5. We also
assume that we have the following helper functions which allow to call a function
for every node of a tree:
11
12
13
14
15
16
17
def walkTreeNLR ( root , function ) :
""" Walks tree in order node - > left - > right , and calls
the given function for every node . """
if root is None : return
function ( root )
walkTreeNLR ( root . left , function )
walkTreeNLR ( root . right , function )
18
19
20
21
22
23
24
25
def walkTreeLRN ( root , function ) :
""" Walks tree in order left - > right - > node , and calls
the given function for every node . """
if root is None : return
walkTreeLRN ( root . left , function )
walkTreeLRN ( root . right , function )
function ( root )
Now we can begin to create a Huffman tree. The numbers assigned to every leaf
should be the degrees of the polynomials. This can be done as follows:
163
5.2. REDUCTION USING HUFFMAN TREES
Listing 5.1: Simultaneous Reduction using Huffman Trees 1/3
1
2
3
4
5
6
7
8
9
10
11
def Red uction _Huffm an ( value , moduli ) :
""" Computes value modulo moduli [ i ] for all i .
Uses Huffman trees . """
if len ( moduli ) == 0:
return []
# Create Huffman tree
results = [ None ] * len ( moduli )
valmodList = [ None ] * len ( moduli )
for i in xrange ( len ( moduli ) ) :
valmodList [ i ] = moduli [ i ]. deg () , ( moduli [ i ] , results , i )
root = c r e a t e H u f f m a n T r e e _ T u p l e L i s t ( valmodList )
Note that to every node, we assign the data tuple (moduli[i], results, i): here,
moduli[i] is the modulus assigned to this leaf, and results[i] is the position where
the result of this leaf should be written.
Let us explain the function with an example run:
1
2
3
4
R = Integers ()
value = Polynomial (R , [1 , 5 , 2 , 4 , 3 , 6 , 9])
moduli = [ Polynomial (R , [0 , 2 , 1]) , Polynomial (R , [1 , 1]) ,
Polynomial (R , [1 , 2 , 3 , 4 , 1]) ]
result = Re ductio n_Huff man ( value , moduli )
The first part of Reduction_Huffman will create the following tree:
Attribute
value
is_leaf
Attribute
value
is_leaf
Attribute
value
is_leaf
data
Value
3
False
Value
7
False
Attribute
value
is_leaf
data
Value
1
True
(X + 1, results, 1)
Value
4
True
(X 4 + 4X 3 + 3X 2 + 2X + 1, results, 2)
Attribute
value
is_leaf
data
Value
2
True
(X 2 + 2X, results, 0)
Now we can compute the product tree as in Algorithm 5.1. For this, we need
to begin with the leaves and work our way upwards to the root. Thus, we can use
the walkTreeLRN() helper function, which first visits the children of a node before it
applies the given function to the node itself:
Listing 5.2: Simultaneous Reduction using Huffman Trees 2/3
12
13
# Compute products
walkTreeLRN ( root , _ _ s p l i t A n d C o m p u t e P r o d u c t s 2 )
The function we use is the following:
1
2
3
4
5
6
def _ _ s p l i t A n d C o m p u t e P r o d u c t s 2 ( node ) :
""" Helper function for computing the product tree
( for Huffman trees ) ; compare Algorithm 5.6.
Should be used with walkTreeLRN . """
if node . is_leaf :
node . prod = node . data [0]
164
7
8
9
10
11
CHAPTER 5. INTERPOLATION AND THE CHINESE REMAINDER ...
node . resultlist = node . data [1]
node . index = node . data [2]
del node . data
else :
node . prod = node . left . prod * node . right . prod
For a leaf, first the data tuple is split up into its components. Note that node.is_leaf
is set to True for leaves only by createHuffmanTree_TupleList(). Then, for all other
nodes, the node’s modulus is computed as the product of the two children’s values.
In our example from above, the tree looks as follows afterwards:
Attribute
value
is_leaf
prod
Attribute
value
is_leaf
prod
Value
7
False
X 7 + 7X 6 + 17X 5 + 19X 4 + 13X 3 + 7X 2 + 2X
Value
3
False
X 3 + 3X 2 + 2X
Attribute
value
is_leaf
prod
resultlist
index
Attribute
value
is_leaf
prod
resultlist
index
Value
1
True
X +1
results
1
Value
4
True
X 4 + 4X 3 + 3X 2 + 2X + 1
results
2
Attribute
value
is_leaf
prod
resultlist
index
Value
2
True
X 2 + 2X
results
0
Finally, we have to walk the tree down beginning at the root. For this, we first
compute the root’s reduction, and then use walkTreeNLR():
Listing 5.3: Simultaneous Reduction using Huffman Trees 3/3
14
15
16
17
# Compute reductions
root . value = value % root . prod
walkTreeNLR ( root , _ _ s i m u l t a n e o u s R e d u c t i o n )
return results
The helper function used is the following:
1
2
3
4
5
6
7
8
9
def _ _ s i m u l t a n e o u s R e d u c t i o n ( node ) :
""" Helper function for computing simultaneous reductions
( for Huffman trees ) ; compare Algorithm 5.7. Should be
used with walkTreeNLR . """
if node . is_leaf :
node . resultlist [ node . index ] = node . value
else :
node . left . value = node . value % node . left . prod
node . right . value = node . value % node . right . prod
For leaves, the result is written to the destination, and otherwise, the current value
is reduced modulo the children’s moduli.
To continue our example from above, this is the final tree at the end of the call
to Reduction_Huffman:
165
5.3. RESULTANTS
Attribute
value
is_leaf
prod
value
Attribute
value
is_leaf
prod
value
Value
7
False
X 7 + 7X 6 + 17X 5 + 19X 4 + 13X 3 + 7X 2 + 2X
9X 6 + 6X 5 + 3X 4 + 4X 3 + 2X 2 + 5X + 1
Value
3
False
X 3 + 3X 2 + 2X
200X 2 + 201X + 1
Attribute
value
is_leaf
prod
value
resultlist
index
Attribute
value
is_leaf
prod
value
resultlist
index
Value
4
True
X 4 + 4X 3 + 3X 2 + 2X + 1
−308X 3 − 235X 2 − 157X − 95
results
2
Attribute
value
is_leaf
prod
value
resultlist
index
Value
1
True
X +1
0
results
1
Value
2
True
X 2 + 2X
−199X + 1
results
0
Therefore, the list returned by Reduction_Huffman has the value:
[Polynomial(R, [1,-199]), Polynomial(R, []), Polynomial(R, [-95,-157,-235,-308])]
5.3
Resultants
Let R be an arbitrary ring, and let f, g ∈ R[X] \ {0} be two polynomials. Consider
the R-linear map
Rf,g : R[X]<deg g × R[X]<deg f → R[X]<deg f +deg g ,
(u, v) 7→ uf + vg.
If we fix the bases B1 = ((X deg g−1 , 0), . . . , (X 0 , 0), (0, X deg f −1 ), . . . , (0, X 0 )) of
R[X]<deg g × R[X]<deg f and B2 := (X deg f +deg g−1 , . . . , X 0 ) of R[X]<deg f +deg g , we
can look at the matrix representation of Rf,g with respect to the bases B1 and B2 .
P
P
j
Let n = deg f and write f = ni=0 fi X i , and let m = deg g and write g = m
j=0 gj X .
Then the matrix representation of Rf,g with respect to B1 and B2 is

0
fn

f
 n−1
 .
 .
 .

 .
 ..

 .
Sylf,g := 
 ..

 ..
 .



 f0



0
..
.
..
.
fn
fn−1
..
.
..
.
..
.
..
..
.
.
f0
0
gm
gm−1
..
.
..
.
..
.
..
.
..
.
..
.
..
.
..
.
g0
..
0
.









gm 


(n+m)×(n+m)

gm−1  ∈ R

.. 
. 

.. 
. 

.. 

. 
g0
(the first m columns contain the coefficients of f , and the last n columns the coefficients of g); this matrix is called the Sylvester matrix of f and g, and its determinant
res(f, g) := det Sylf,g is called the resultant of f and g.
166
CHAPTER 5. INTERPOLATION AND THE CHINESE REMAINDER ...
i
Let (u, v) ∈ R[X]<m × R[X]<n be represented as u = m−1
i=0 ui X and v =
j
T
j=0 vj X . Then the column vector (um−1 , . . . , u0 , vn−1 , . . . , v0 ) corresponds to
P
the pair (u, v), and the resultant Rf,g (u, v) = n+m−1
rk X k corresponds to the
k=0
column vector
P
Pn−1
(rn+m−1 , . . . , r0 )T = Sylf,g ·(um−1 , . . . , u0 , vn−1 , . . . , v0 )T .
Remark 5.3.1. In case f = a
res(f, g) = am
n
Y
i=1 (X
Qn
− ai ) and g = b
g(ai ) = (−1)mn bn
i=1
m
Y
j=1 (X
Qm
f (bi ) = am bn
j=1
− bj ), then
n Y
m
Y
(ai − bj ).
i=1 j=1
Therefore, if f, g ∈ K[X] for a field K, then res(f, g) = 0 if and only if deg gcd(f, g) >
0.
Lemma 5.3.2. The following are equivalent:
(a) Rf,g is surjective;
(b) Rf,g is bijective;
(c) resf,g ∈ R∗ .
If one of these conditions is true, then there do not exist u, v ∈ R[X] \ {0} with
deg u < deg g and deg v < deg f such that uf + vg = 0
Proof. The equivalence (b)⇔(c) follows from the properties of the determinant. The
implication (b)⇒(a) is clear, and (a)⇒(b) follows from [Eis95, Corollary 4.4] since
Rf,g is an endomorphism of a finitely generated R-module. In case (b) holds, Rf,g is
also injective, whence the last statement is true as well assuming that all equivalences
hold.
Proposition 5.3.3. There exists polynomials U, V ∈ Z[X, F0 , . . . , Fn , G0 , . . . , Gm ]
with degX U < m and degX V < n such that for all commutative rings R and
P
P
j
polynomials f = ni=0 fi X i , g = m
j=0 gj X ∈ R with deg f = n, deg g = m,
res(f, g) = U (X, f0 , . . . , fn , g0 , . . . , gm ) ·f + V (X, f0 , . . . , fn , g0 , . . . , gm ) ·g.
|
{z
∈R[X]
}
|
{z
∈R[X]
}
Note that by Cayley-Hamilton, the existence of u, v ∈ R[X] with deg u < m and
deg v < n such that res(f, g) = uf + vg is clear: by Cayley-Hamilton, if ϕ is the
characteristic polynomial of Sylf,g , then ϕ(Sylf,g ) = 0. Now write ϕ = ϕ∗ · X +
(−1)n+m det Rf,g = ϕ∗ · X + (−1)n+m res(f, g) with ϕ∗ ∈ R[X]. Then by CayleyHamilton, Sylf,g ((−1)n+m+1 ϕ∗ (Sylf,g ) · v) = res(f, g) · v for any v ∈ Rn+m . Thus,
with v = (0, . . . , 0, 1), which corresponds to 1 ∈ R[X]<n+m , this yields (w1 , w2 ) ∈
R[X]<m × R[X]<n corresponding to Rm+n 3 w = (−1)n+m+1 ϕ∗ (Rf,g ) · v with w1 f +
w2 g = Rf,g (w1 , w2 ) = res(f, g).
The result of the proposition is somewhat stronger, since it shows that we can
choose the polynomials u, v such that they depend polynomially on the coefficients of
f and g.3 To prove it, we use Cramer’s rule. For a matrix A ∈ Rn×n and a vector v ∈
Rn , it describes explicitly a vector w ∈ Rn such that Aw = (det A) · v: if A =
(A1 , . . . , An ) are the columns of A, then wi = det(A1 , . . . , Ai−1 , v, Ai+1 , . . . , An ),
1 ≤ i ≤ n yields w = (w1 , . . . , wn ).
3
In fact, the approach using Cayley-Hamilton also shows this, since the coefficients of ϕ(X) =
det(XIn+m − Sylf,g ) depend polynomially on the entries of Sylf,g .
5.3. CHINESE REMAINDERING FOR POLYNOMIALS AND ...
167
Proof. Consider the ring R := Z[F0 , . . . , Fn , G0 , . . . , Gm ] with polynomials f =
Pn
Pm
i
j
i=0 Fi X ∈ R[X] and g =
j=0 Gj X ∈ R[X], and consider the corresponding
Sylvester matrix Sylf,g ∈ R(n+m)×(n+m) .
Consider v = (0, . . . , 0, 1)T ∈ Rn+m and let Sylf,g = (A1 , . . . , An+m ). Define
wi := det(A1 , . . . , Ai−1 , v, Ai+1 , . . . , An+m ) ∈ R; if w = (w1 , . . . , wn+m )T ∈ Rn+m ,
then by Cramer’s rule,
Sylf,g ·w = (det Sylf,g ) ·v.
|
{z
=res(f,g)
}
m−1
n−1
i
j
Define U :=
i=0 wm−i X ∈ R[X] and V :=
j=0 wm+n−j X ∈ R[X]; then
U · f + V · w = Rf,g (U, V ) = res(f, g) · 1, as v corresponds to 1 ∈ R[X]. Since this
polynomial identity holds over Z, it holds over any other commutative unitary ring
(compare the proof of Proposition 3.8.2).
P
P
These results help us to show a result about when two monic polynomials can
be used to form 1 as a linear combination by other polynomials. For fields, this is
the case if and only if they are coprime. For arbitrary commutative rings, we have
to use the resultant instead of the greatest common divisor:
Corollary 5.3.4. Assume that f, g ∈ R[X] are monic. Then the following are
equivalent:
(i) there exist u, v ∈ R[X] with 1 = uf + vg;
(ii) there exist u, v ∈ R[X] with 1 = uf + vg with deg u < deg g and deg v < deg f ;
(iii) res(f, g) ∈ R∗ .
Note that in case (ii), u and v are uniquely determined by f and g. If R = K, then
u and v can be computed using the Extended Euclidean Algorithm (Section 1.4).
Proof. Clearly, if res(f, g) ∈ R∗ , by Proposition 5.3.3, we can find û, v̂ ∈ R[X] such
that ûf + v̂g = res(f, g) and deg û < deg g, deg v̂ < deg f . Setting u := res(f, g)−1 û
and v := res(f, g)−1 v̂ yields uf + vg = 1. Thus, (iii) implies both (i) and (ii).
Now assume that (i) or (ii) holds. Let h ∈ R[X]<deg f +deg g ; then h = uhf +
vhg. Write uh = qg + r with q, r ∈ R[X], deg r < deg g; we can do this since
g is monic. Then h = rf + (vh + qf )g. Since deg h, deg rf < deg f + deg g and
g is monic, we also must have deg(vh + qf ) < deg f . Therefore, h ∈ img Rf,g .
Since all elements of R[X]<deg f +deg g are in img Rf,g , Rf,g is surjective, whence by
Lemma 5.3.2, res(f, g) ∈ R∗ .
Finally, in case (ii), note that since Rf,g is bijective (using (iii) and Lemma 5.3.2),
Rf,g (u, v) = 1 has precisely one solution (u, v). Thus, u and v are unique under the
degree condition. Since the Extended Euclidean Algorithm returns polynomials
satisfying these conditions (Lemma 1.4.6 (b)), the last statement is true as well.
Note that finding such polynomials u and v over other rings than fields is not
so simple. We will only consider the case where f = X − a and g = X − b.
Then res(f, g) = a − b ∈ R∗ implies that we can choose u = res(f, g)−1 and v =
− res(f, g)−1 = −u; then uf + vg = res(f, g)−1 · (a − b) = 1.
168
CHAPTER 5. INTERPOLATION AND THE CHINESE REMAINDER ...
5.4
Chinese Remaindering for Polynomials and Multipoint Interpolation
If a, b, c ∈ R, then the condition f (a) = b, f 0 (a) = c is equivalent to f ≡ b + c(X − a)
(mod (X − a)2 ). More generally, if we are given b0 , . . . , bm−1 , then Di (f )(a) = bi for
0 ≤ i < m is equivalent to f ≡ b0 +b1 (X −a)+· · ·+bm−1 (X −a)m−1 (mod (X −a)m ).
Now, if one is given a = (a1 , . . . , an ) ∈ Rn and (e1 , . . . , en ) ∈ N, one can consider
the extended multipoint evaluation map
Φa,e : R[X] →
n
Y
Rei ,
f 7→ (D0 (f )(ai ), . . . , Dei −1 (f )(ai )
i=1,...,n
.
i=1
(This map essentially computes the Taylor expansion of f truncated up to degree ei −
1 in ai ; see also Theorem 3.4.3 (e).) It turns out that this map is bijective if and
only if Φa is bijective. In fact, this follows from more general results, among them
the following:
Theorem 5.4.1 (Chinese Remainder Theorem). [Fon11, Satz 2.7.8] Let R be a ring
and I1 , . . . , In ideals in R which are pairwise coprime, i.e. Ii + Ij = R for i 6= j.
Then I1 ∩ · · · ∩ In = I1 · · · In and the map
ϕ : R/(I1 · · · In ) → R/I1 × · · · × R/In
f + I1 · · · In 7→ (f + I1 , . . . , f + In )
is an isomorphism of rings.
To apply this result, we need two intermediate results:
1. I and J are coprime, then so are I n and J m for any n, m ∈ N;
2. hX − ai and hX − bi are coprime in R[X] if and only if a − b ∈ R∗ .
If we instead look at R = K[X], which is a principal ideal domain, the situation
is simpler. In fact, it can be done similarly for all principal ideal domains:
Corollary 5.4.2 (Chinese Remainder Theorem for Principal Ideal Domains). [Fon11,
Satz 2.7.2] Let R be a principal ideal domain and f1 , . . . , fn coprime elements of R.
Then the map
ϕ : R/hf1 · · · fn i → R/hf1 i × · · · × R/hfn i
g + hf1 · · · fn i 7→ (g + hf1 i, . . . , g + hfn i)
is an isomorphism of rings.
We will prove this corollary directly (without using Theorem 5.4.1), as the proof
is constructive in case of Euclidean domains: the Extended Euclidean Algorithm (see
Sections 1.4 and 3.6) allows us to explicitly compute elements in R whose images in
R/hf1 i × · · · × R/hfn i form a simple basis.
Proof of Corollary 5.4.2. For any i, fi is coprime to the product j6=i fj ; therefore,
Q
Q
we can find ui , vi ∈ R with ui fi + vi j6=i fj = 1. Set ri := vi j6=i fj . Then ri ≡ 1
(mod fi ) and ri ≡ 0 (mod fj ), j 6= 0.
Now consider the map ψ : R → R/hf1 i × · · · × R/hfn i given by g + hf1 · · · fn i 7→
(g + hf1 i, . . . , g + hfn i). This is obviously a homomorphism of rings.
Q
169
5.4. CHINESE REMAINDERING FOR POLYNOMIALS AND ...
If g = (g1 + hf1 i, . . . , gn + hfn i) ∈ R/hf1 i × · · · × R/hfn i, then ψ( ni=1 gi ri ) = g;
therefore, ψ is surjective.
Now note that ψ(g) = 0 if and only if g ∈ hfi i for all i, whence fi | g for all i.
Q
Since the fi ’s are pairwise coprime, this yields ni=1 fi | g, and thus g ∈ hf1 · · · fn i.
Finally, ψ(f1 · · · fn ) = 0 completes ker φ = hf1 · · · fn i.
To conclude, we apply the First Isomorphism Theorem to ψ.
P
This shows how to solve the interpolation problem in case we use R = K[X] for
a field K and fi = (X − ai )ei : we have that fi and fj are coprime in K[X] if and
only if ai 6= aj in this case (since K is a field).
In case R is not a principal ideal domain, for example if R = S[X] for an arbitrary
ring S, we can prove a similar result:
Theorem 5.4.3. [vzGG03, Theorem 10.13] Let R be a ring and f1 , . . . , fn ∈ R[X]
Q
monic polynomials. Set gi := j6=i fj . Then the following are equivalent:
(a) The map
ϕ : R[X]/hf1 · · · fn i → R[X]/hf1 i × · · · × R[X]/hfn i
g + hf1 · · · fn i 7→ (g + hf1 i, . . . , g + hfn i)
is an isomorphism;
(b) There exist polynomials h1 , . . . , hn ∈ R[X] such that
Pn
i=1 gi hi
= 1;
(c) For i 6= j, there exist polynomials uij , vij ∈ R[X] with uij fi + vij fj = 1;
(d) res(fi , fj ) ∈ R∗ for i 6= j.
If R is a field, this is essentially Theorem 5.4.2.
Proof. Without loss of generality, we can assume that deg fi ≥ 1 for all i. We also
consider the map ψ : R[X] → R[X]/hf1 i × · · · × R[X]/hfn i, g 7→ (g + hf1 i, . . . , g +
hfn i). Then ϕ is surjective if and only if ψ is surjective.
Now assume that ϕ is surjective. Note that R[X]/hf1 · · · fn i is a free R-module of
rank deg f1 +· · ·+deg fn , while R[X]/hf1 i×· · ·×R[X]/hfn i is the finite direct product
of free R-modules of rank deg fi , 1 ≤ i ≤ n, and thus is also free of rank deg f1 +
· · · + deg fn . Since ϕ can therefore be interpreted as an surjective endomorphism
of a free R-module of finite rank, it must also be injective [Eis95, Corollary 4.4].
Therefore, for (a), it suffices to show that ψ is surjective.
Let ei = (0, . . . , 0, 1, 0, . . . , 0) ∈ R[X]/hf1 i × · · · × R[X]/hfn i be the vector with
zeros everywhere except a one in the i-th component.
Assume that (b) holds. Note that gi hi ∈ hfj i for all j 6= i, as well as gi hi − 1 ∈
hfi i. Therefore, ψ(gi hi ) = ei . This shows that ϕ is surjective. Thus, (a) holds by
the above.
Now assume that (c) holds. Then
1=
n−1
Y
n
Y
(uij fi + vij fj ).
i=1 j=i+1
Note that every term of the expanded product must contain all of the fi ’s except
at most one; since if we pick any two indices i1 < i2 from {1, . . . , n}, the product
contains the factor ui1 i2 fi1 +vi1 i2 fi2 , whence fi1 or fi2 (or both) must be contained in
170
CHAPTER 5. INTERPOLATION AND THE CHINESE REMAINDER ...
every term of the product. Therefore, we can write 1 = ni=1 hi j6=i fj = ni=1 hi gi
for some hi ∈ R[X], and (b) holds.
Conditions (c) and (d) are equivalent by Corollary 5.3.4. We conclude by showing
that (a) implies (c). For that, let f ∈ R[X] such that ψ(f ) = ei . Then f − 1 ∈ hfi i,
whence f − 1 = fi u for u ∈ R[X]. Moreover, f ∈ hfj i since j 6= i, whence f = fj v
for some v ∈ R[X]. Therefore, 1 = f − fi u = fj v − fi u. Thus, (c) holds.
P
Q
P
We will now investigate an algorithm which, given f1 , . . . , fn with res(fi , fj ) ∈
Q
R∗ for i 6= j, computes modular inverses of j6=i fj modulo fi . These allows us
to construct elements which are mapped to ei under R[X] → R[X]/hf1 i × · · · ×
R[X]/hfn i, as
hi ·
f
≡1
fi
this shows that hi ·
f
fi
(mod pi )
and
hi ·
f
≡0
fi
(mod pj ) for j 6= i :
is a preimage of ei .
Input: Monic polynomials f1 , . . . , fn ∈ R[X] with res(fi , fj ) ∈ R∗ for i 6= j, and
their product f = f1 · · · fn ∈ R[X]
Q
Output: h1 , . . . , hn ∈ R[X] with hi · ffi = hi j6=i fj ≡ 1 (mod fi ) and deg hi <
deg fi for all i
1. Use Algorithms 5.1 and 5.2 to compute ui := f mod fi2 for all i;
2. For i = 1, . . . , n, compute vi := ui /fi (there will be no remainder);
3. For i = 1, . . . , n, compute hi ∈ R[X] with hi · vi ≡ 1 (mod fi ) and deg hi <
deg fi ;
Note: in case R = K is a field, use the Fast Euclidean Algorithm; see Algorithm 3.13;
4. Return (h1 , . . . , hn ).
Algorithm 5.3: Simultaneous Inversion for CRT for Polynomials
Proposition 5.4.4. Algorithm 5.3 is correct. In case R is a field, it needs
X
n
O M
deg fi log max{n, deg f1 , . . . , deg fn } + n
i=1
arithmetic operations in K.
Proof. Correctness follows from the correctness of Algorithms 5.1 and 5.2. Set m =
i=1 deg fi and ` := max{deg fi | i = 1, . . . , n}.
By Theorem 5.1.3, Algorithms 5.1 and 5.2 require (6 M(2m) +34m+ 34)(log2 n+
1) ≤ (24 M(m)+34m+34)(log2 n+1) arithmetic operations in R to compute all ui ’s.
By Theorem 3.3.5, computation of vi takes 5 M(deg fi ) + 18 deg fi + 17 operations
P
in R since fi is monic. Therefore, to compute all ui ’s, we need 5 ni=1 M(deg fi ) +
18m + 17n ≤ 5 M(m) + 18m + 17n arithmetic operations in R. Finally, to compute
the hi ’s, Algorithm 3.13 needs at most
Pn
n
X
28 M(deg fi ) log2 deg fi + 43 deg fi log2 deg fi + 123 deg fi − 9
i=1
≤ 28 M(m) log2 ` + 43m log2 ` + 123m − 9n
5.4. CHINESE REMAINDERING FOR POLYNOMIALS AND ...
171
arithmetic operations in K by Theorem 3.6.8. Therefore, the total number of operations required is bounded by
M(m)(24 log2 n + 28 log2 ` + 29)
+ m(43 log2 ` + 34 log2 n + 175) + 34 log2 n + 34 + 8n.
The next algorithm will be used to form the linear combination
n
X
ĝi ·
i=1
n
X
Y
f
=
ĝi
fj .
fi
i=1
j6=i
If we apply it to ĝi = gi hi with the hi ’s as above, the result will be ≡ gi (mod fi )
for every i.
Input: Monic polynomials f1 , . . . , fn ∈ R[X], polynomials h1 , . . . , hn ∈ R[X] with
deg hi < deg fi , and all products (aki )0≤k<h, 0≤i<dn/2h−k e where h = dlog2 ne and
Qmin{2h−k (i+1),n}
aki = j=2h−k i+1
fj
P
Q
Output: the polynomial f = ni=1 hi j6=i fj ∈ R[X]
1. Let h = dlog2 ne and set `h := n;
2. Set bhi = hi+1 , 0 ≤ i < `h ;
3. For k = h − 1, . . . , 0, do:
(a) Compute `k := d`k+1 /2e;
(b) For i = 0, . . . , `k − 2, do:
• Compute bki := bk+1,2i · ak+1,2i+1 + bk+1,2i+1 · ak+1,2i ;
(c) If 2`k − 1 < `k+1 :
• Then compute bk,`k −1 := bk+1,2`k −2 ·ak+1,2`k −1 +bk+1,2`k −1 ·ak+1,2`k −2 ;
• Else set bk,`k −1 := bk+1,2`k −2 ;
4. Return b00 .
Algorithm 5.4: Linear Combination for CRT for Polynomials
Proposition 5.4.5. Algorithm 5.4 is correct and needs
(2 M(m) + m + 1)(log2 n + 1) + 2n ∈ O(M(m) log n)
arithmetic operations in R, where m =
i=1 deg fi .
Pn
Proof. To show correctness, we show that
min{2h−k (i+1),n}
bki =
X
j=2h−k i+1
hj ·
aki
.
fj
We proceed by induction on k = h, h − 1, . . . , 0. For k = h and 0 ≤ i < n, we clearly
have
min{i+1,n}
X
ahi
fj
hj ·
= hj ·
= hj = bhi .
f
fj
j
j=i+1
172
CHAPTER 5. INTERPOLATION AND THE CHINESE REMAINDER ...
l
m
Thus assume that the statement is true for bki , 0 ≤ i < n/2h−k , for a fixed k > 0.
l
m
l
m
Then for some i ∈ {0, . . . , n/2h−(k−1) with 2i + 1 < n/2h−k) , by induction,
bk−1,i = bk,2i ak,2i+1 + bk,2i+1 ak,2i
min{2h−k (2i+1),n}
=
X
hj ·
ak,2i
· ak,2i+1
fj
hj ·
ak,2i+1
· ak,2i
fj
j=2h−k 2i+1
min{2h−k (2i+2),n}
+
X
j=2h−k (2i+1)+1
min{2h−(k−1) (i+1),n}
=
X
hj ·
j=2h−(k−1) i+1
ak−1,i
.
fj
Therefore, Algorithm 5.4 is correct.
To analyze the running time, first note that deg bki < deg aki since deg hj <
deg fj . Thus, computing bki for k < h costs at most
M(deg ak+1,2i+1 ) + M(deg ak+1,2i+1 ) + 2 max{deg ak+1,2i , deg ak+1,2i+1 } + 1
l
m
operations in R. Therefore, computing bki , 0 ≤ i < n/2h−k for a fixed k < h needs
at most
dn/2h−k e−1
X
M(deg ak+1,2i+1 ) + M(deg ak+1,2i+1 )
i=0
+ 2 max{deg ak+1,2i , deg ak+1,2i+1 } + 1
dn/2h−(k+1) e−1
M(deg ak+1,i ) + 2 deg ak+1,i + dn/2h−k e
X
≤
i=0
≤ M
dn/2h−(k+1)
X e−1
deg ak+1,i + 2
i=0
P
l
m
X
deg ak+1,i + dn/2h−k e
i=0
= M(m) + 2m + dn/2
h−k
Now h−1
k=0 n/2
bounded by
dn/2h−(k+1) e−1
h−k
e.
≤ 2n + h, whence the total number of operations in R is
h−1
X
M(m) + 2m + dn/2h−k e
k=0
≤ (M(m) + 2m)(log2 n + 1) + 2n + (log2 n + 1).
Now we can combine everything.
173
5.4. CHINESE REMAINDERING FOR POLYNOMIALS AND ...
Input: Monic polynomials f1 , . . . , fn ∈ R[X] with res(fi , fj ) ∈ R∗ for i =
6 j, and
polynomials h1 , . . . , hn ∈ R[X] with deg hi < deg fi
P
Output: Polynomial h ∈ R[X] with deg h < ni=1 deg fi such that h ≡ hi (mod fi )
for all i
1. Call Algorithm 5.1 to compute all products aki =
l
Qmin{2h−k (i+1),n}
j=2h−k i+1
fj , 0 ≤ k <
m
h := dlog2 ne, 0 ≤ i < n/2h−k ;
2. Call Algorithm 5.3 with input ((f1 , . . . , fn ), a00 ); denote the output by
(g1 , . . . , gn );
3. Compute ĝi := (gi · hi ) mod fi
4. Call Algorithm 5.4 with input ((f1 , . . . , fn ), (ĝ1 , . . . , ĝn ), (aki )ki ); denote the
output by h;
5. Return h.
Algorithm 5.5: Fast Chinese Remaindering for Polynomials
Theorem 5.4.6 (Fast Chinese Remaindering for Polynomials). Algorithm 5.5 is
correct. In case R is a field and deg fi ≥ 1 for all i, it needs
O(M(m) log max{n, deg f1 , . . . , deg fn }) ⊆ O(M(m) log m)
arithmetic operations in R if m =
i=1 deg fi .
Pn
Proof. By Proposition 5.4.4, gi j6=i fj ≡ 1 (mod fi ) for all i, and by ProposiQ
Q
Q
P
tion 5.4.5, h = ni=1 ĝi j6=i fj . Therefore, ĝi j6=i fj ≡ gi hi j6=i fj ≡ hi (mod fi ).
Q
Moreover, for k 6= i, ĝi j6=i fj ≡ 0 (mod pk ). Therefore, f ≡ hi (mod fi ) for all i,
and thus Algorithm 5.5 is correct.
P
Now assume that R is a field. Let m = ni=1 deg fi . By Proposition 5.1.2, Algorithm 5.1 needs M(m)(log2 n + 1) arithmetic operations in R. By Proposition 5.4.4,
Algorithm 5.3 requires O(M(m) log max{n, deg f1 , . . . , deg fn } + n) operations in R.
Computing (gi · hi ) mod fi costs M(deg fi ) + (5 M(deg fi ) + 18 deg fi + 17) operations in R by Theorem 3.3.5. Finally, by Proposition 5.4.5, Algorithm 5.4 needs
(2 M(m) + m)(log2 n + 1) arithmetic operations in R.
Therefore, the total number of arithmetic operations in R is bounded by
Q
M(m)(log2 n + 1) + O(M(m) log max{n, deg f1 , . . . , deg fn } + n)
+
n
X
(6 M(deg fi ) + 18 deg fi + 17) + (2 M(m) + m + 1)(log2 n + 1) + 2n
i=1
∈ O(M(m) log max{n, deg f1 , . . . , deg fn })
using n ≤
i=1 deg fi
Pn
= m.
In particular, when choosing fi = X − ai , we obtain a solution to the multipoint
interpolation problem:
Corollary 5.4.7 (Multipoint Interpolation). [vzGG03, Corollary 10.12] If a =
(a1 , . . . , an ) ∈ Rn satisfies ai − aj ∈ R∗ , and we can compute an inverse of ai − aj
in O(1) arithmetic operations in R, then we can compute a preimage f ∈ Φ−1
a (b) for
any b = (b1 , . . . , bn ) ∈ Rn in O(M(n) log n) operations in R.
174
5.5
CHAPTER 5. INTERPOLATION AND THE CHINESE REMAINDER ...
Chinese Remaindering for Integers
Essentially all techniques from the last subsections can also be applied to Z instead of
R[X] resp. K[X]. We will present the algorithms and main results, though without
proofs.
Proposition 5.5.1. If
i=1 log |gi |
Pn
≤ m, then Algorithm 5.6 computes all prod-
ucts (aki )0≤k<h, 0≤i<dn/2h−k e with aki =
c-operations.
Qmin{2h−k (i+1),n}
j=2h−k i+1
gj in O(M(m) log n) basic
Theorem 5.5.2 (Simultaneous Reduction Modulo Different Integers). Let N ∈ Z
be an integer and let g1 , . . . , gn ∈ Z be further non-zero integers. Let m ≥ log |N |
P
and m ≥ ni=1 log |gi |. Then we can compute (N mod g1 , . . . , N mod gn ) ∈ Zn using
Algorithms 5.6 and 5.7 in O(M(m) log n) basic b-operations.
Theorem 5.5.3 (Fast Chinese Remaindering for Integers). Algorithm 5.10 is correct
and needs
O M(m) log max{n, log |f1 |, . . . , log |fn |} ⊆ O(M(m) log m)
basic b-operations if m =
i=1 log |fi |.
Pn
Input: g1 , . . . , gn ∈ Z
Output: All products (aki )0≤k<h, 0≤i<dn/2h−k e
1. Let h = dlog2 ne and set `h := n;
2. Set ahi = gi+1 , 0 ≤ i < `h ;
3. For k = h − 1, . . . , 0, do:
(a) Compute `k := d`k+1 /2e;
(b) For i = 0, . . . , `k − 2, do:
• Compute aki := ak+1,2i · ak+1,2i+1 ;
(c) If 2`k − 1 < `k+1 :
• Then compute ak,`k −1 := ak+1,2`k −2 · ak+1,2`k −1 ;
• Else set ak,`k −1 := ak+1,2`k −2 ;
4. Return (aki )0≤k<h, 0≤i<dn/2h−k e .
Algorithm 5.6: Compute all products aki =
dlog2 ne, 0 ≤ i <
l
n/2h−k
m
for Integers
Qmin{2h−k (i+1),n}
j=2h−k i+1
gj , 0 ≤ k < h :=
175
5.5. CHINESE REMAINDERING FOR INTEGERS
Input:
∈
N
N,
all products (aki )0≤k<h, 0≤i<dn/2h−k e ,
where aki
=
min{2h−k (i+1),n}
gj ∈ Z and h := dlog2 ne
j=2h−k i+1
Output: (N mod gi )1≤i≤n
Q
1. Compute b00 := N mod a00 ;
2. For k = 1, . . . , h, do:
l
m
(a) For i = 0, . . . , n/2h−k − 2, do:
• Compute bki := bk−1,bi/2c mod aki ;
l
m
(b) If n/2h−k − 1 is even:
• Then set bk,dn/2h−k e−1 := bk−1,dn/2h−k+1 e−1 ;
• Else compute bk,dn/2h−k e−1 := bk−1,dn/2h−k+1 e−1 mod ak,dn/2h−k e−1 ;
3. Return (bh0 , . . . , bh,n−1 ).
Algorithm 5.7: Compute f mod gi for 1 ≤ i ≤ n for Integers
Input: Non-zero integers f1 , . . . , fn ∈ Z with gcd(fi , fj ) = 1 ∈ R∗ for i 6= j, and
their product f = f1 · · · fn ∈ Z
Q
Output: h1 , . . . , hn ∈ Z with hi · ffi = hi j6=i fj ≡ 1 (mod fi ) and |hi | < |fi | for
all i
1. Use Algorithms 5.6 and 5.7 to compute ui := f mod fi2 for all i;
2. For i = 1, . . . , n, compute vi := ui /fi (there will be no remainder);
3. For i = 1, . . . , n, compute hi ∈ Z with hi · vi ≡ 1 (mod fi ) and deg hi < deg fi
using the Fast Euclidean Algorithm;
4. Return (h1 , . . . , hn ).
Algorithm 5.8: Simultaneous Inversion for CRT for Integers
176
CHAPTER 5. INTERPOLATION AND THE CHINESE REMAINDER ...
Input: Non-zero integers f1 , . . . , fn ∈ Z, integers h1 , . . . , hn ∈ Z with |hi | <
|fi |, and all products (aki )0≤k<h, 0≤i<dn/2h−k e where h = dlog2 ne and aki =
Qmin{2h−k (i+1),n}
fj
P
Q
Output: the integer f = ni=1 hi j6=i fj ∈ Z
j=2h−k i+1
1. Let h = dlog2 ne and set `h := n;
2. Set bhi = hi+1 , 0 ≤ i < `h ;
3. For k = h − 1, . . . , 0, do:
(a) Compute `k := d`k+1 /2e;
(b) For i = 0, . . . , `k − 2, do:
• Compute bki := bk+1,2i · ak+1,2i+1 + bk+1,2i+1 · ak+1,2i ;
(c) If 2`k − 1 < `k+1 :
• Then compute bk,`k −1 := bk+1,2`k −2 ·ak+1,2`k −1 +bk+1,2`k −1 ·ak+1,2`k −2 ;
• Else set bk,`k −1 := bk+1,2`k −2 ;
4. Return b00 .
Algorithm 5.9: Linear Combination for CRT for Integers
Input: Non-zero integers f1 , . . . , fn ∈ Z with gcd(fi , fj ) = 1 for i 6= j, and integers h1 , . . . , hn ∈ Z with |hi | < |fi |
Q
Output: integer h ∈ Z with |h| < ni=1 |fi | such that h ≡ hi (mod fi ) for all i
1. Call Algorithm 5.6 to compute all products aki =
h := dlog2 ne, 0 ≤ i <
l
n/2h−k
Qmin{2h−k (i+1),n}
j=2h−k i+1
fj , 0 ≤ k <
m
;
2. Call Algorithm 5.8 with input ((f1 , . . . , fn ), a00 ); denote the output by
(g1 , . . . , gn );
3. Compute ĝi := (gi · hi ) mod fi
4. Call Algorithm 5.9 with input ((f1 , . . . , fn ), (ĝ1 , . . . , ĝn ), (aki )ki ); denote the
output by h;
5. Return h.
Algorithm 5.10: Fast Chinese Remaindering for Integers

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz