Polynomial Multiplication over Finite Fields using Field Extensions and Interpolation

Transcription

1 009 19th IEEE International Symposium on Computer Arithmetic Polynomial Multiplication over Finite Fields using Field Extensions and Interpolation Murat Cenk Department of Mathematics and Computer Science Cankaya University, Ankara, Turkey Çetin Kaya Koç University of California Santa Barbara, USA & City University of Istanbul, Turkey Ferruh Özbudak Department of Mathematics and Institute of Applied Mathematics Middle East Technical University, Ankara, Turkey Abstract A method for polynomial multiplication over finite fields using field extensions and polynomial interpolation is introduced. The proposed method uses polynomial interpolation as Toom-Cook method together with field extensions. Furthermore, the proposed method can be used when Toom- Cook method cannot be applied directly. Explicit formulae improving the previous results in many cases are obtained. 1 Introduction A direct approach to polynomial multiplication is the schoolbook method. For multiplying two arbitrary -term polynomials, this algorithms requires 4 multiplications. Karatsuba-Ofman or simply Karatsuba algorithm [6, 7] is a well-known subquadratic polynomial multiplication algorithm. Karatsuba algorithm decreases the number of multiplications from 4 multiplications to 3 multiplications for multiplying two arbitrary -term polynomials. Weimerskirch and Paar [10] generalized Karatsuba algorithm and gave a detailed account of its variants. Recently, Montgomery [8] improved some of those results by giving explicit formulae for multiplying two arbitrary n-term polynomials, where n {5, 6, 7}. Toom-Cook [9, 4] method is another related method which gives the best result in many cases where it can be applied directly. Toom-Cook method cannot be applied directly for the multiplication of n-term polynomials over a finite field F q,ifn is sufficiently large compared to q. In this paper we give a method for polynomial multiplication over finite fields using field extensions and polynomial interpolation. Our method uses polynomial interpolation as Toom-Cook method, and we also use field extensions. Furthermore, our method works also when Toom- Cook method cannot be applied directly. We obtain explicit formulae improving the previous results in many cases. In some cases over F the bounds we obtain are the same with the recent bounds obtained by Fan and Hasan in [5]. The paper is organized as follows. In the next section we give some background and describe some well-known methods of polynomial multiplication. Our method is explained with illustrative examples in Section 3. We apply our method to polynomial multiplication over F and 10, 11 and 1-term polynomial multiplication bounds are determined in Section 4. In Section 5 we discuss the efficiency of the proposed method. We conclude this paper in Section 6. Background Let R be an arbitrary commutative ring with identity and R[x] denote the ring of polynomials over R with the inde /09 $ IEEE DOI /ARITH

2 terminate x. For an integer n 1, a polynomial of the form a 0 + a 1 x + + a n 1 x n 1 R[x] is called an n-term polynomial over R. Throughout the paper, if not stated otherwise, an n-term polynomial A(x) means an n-term polynomial with indeterminate x over an arbitrary commutative ring with identity. For an integer n 1, thecomplexity of polynomial multiplication for n-term polynomials is the minimum number M(n) of multiplications needed in order to multiply two arbitrary n-term polynomials. Throughout the paper, F q denotes a finite field with q elements. For a prime power q and an integer n 1, the complexity of polynomial multiplication over F q for n-term polynomials is the minimum number M q (n) of multiplications over F q needed to multiply two arbitrary n-term polynomials over F q. We note that M q (n) M(n). We now summarize the schoolbook method, Karatsuba algorithm and the related generalization by Weimerskirch and Paar, the recent work by Montgomery, and Toom-Cook method..1 Schoolbook Method Consider two n-term polynomials n 1 n 1 A(x) = a i x i, B(x) = b i x i. i=0 i=0 The schoolbook multiplication gives us the product C(x) of A(x) and B(x) to be n 1 n 1 C(x) = a i b j x i+j. i=0 j=0 Therefore using this method we get M(n) n. (1). Karatsuba Algorithm and Weimerskirch-Paar Generalization Karatsuba algorithm [6] gives better upper bounds on M(n). For example, consider two -term polynomials, A(x) =a 0 + a 1 x, B(x) =b 0 + b 1 x. Karatsuba algorithm computes the product C(x) = A(x)B(x) as C(x) = a 1 b 1 x +[(a 0 + a 1 )(b 0 + b 1 ) a 0 b 0 a 1 b 1 ]x + a 0 b 0. Here we need just three multiplications: a 0 b 0, (a 0 + a 1 )(b 0 + b 1 ) and a 1 b 1. Hence we obtain M() 3, while the schoolbook method gives only M() 4. Weimerskirsh and Paar [10] gave a detailed complexity analysis of Karatsuba algorithm for different cases. Specifically, if the number of coefficients of polynomials are composite integers, say nm, then we can write A(x) = m 1 s=0 A s(x)x ns R[x] where A s (x) R[x] is an n- term polynomial for each 0 s m 1. LetR = R[x], which is again a commutative ring with identity. Now, A(x) can be considered as an m-term polynomial over R, where each of its coefficients are n-term polynomials over R. After writing B(x) in the same way and applying Karatsuba algorithm, it is found that M(nm) M(n)M(m). () If the number of coefficient is n =m +1where m 1, then we can write A(x) =A 0 (x)+a 1 (x)x m, B(x) =B 0 (x)+b 1 (x)x m, where A 0,B 0 are degree m 1 polynomials and A 1,B 1 are degree m polynomials. Then A(x)B(x) =A 0 B 0 +[(A 0 + A 1 )(B 0 +B 1 ) A 1 B 1 A 0 B 0 ]x m +A 1 B 1 x m. Therefore we arrive to the following bound of [10]: M(m +1) M(m)+M(m +1) (3) for odd n =m +1where m 1..3 Montgomery s Contribution Montgomery [8] observed, among other things, that one multiplication is redundant in (3). Hence M(m +1) M(m +1)+M(m) 1, (m 1). (4) Montgomery also gave explicit formulae for n = 5, 6, 7, which imply M(5) 13, M(6) 17 and M(7). Using these formulae for n =5, 6, 7 recursively, he also obtained improvements on M(n) for some larger values of n. These improvements are tabulated in the Table 1 in [8]..4 Toom-Cook Method Let F be an arbitrary field. For n 1, assume that F has at least n distinct elements (or point s) α 1,..., α n. Toom-Cook method [9], [4] uses these n distinct elements of F and the point at in order to compute the product of two arbitrary n-term polynomials from F. If there are enough elements in F, then this method needs (n 1) multiplications over F in order to multiply two arbitrary n-term polynomials over F. We refer to a recent paper [1, ] for the details. Hence if q n, then Toom-Cook method gives M q (n) n 1. (5) 85

3 However if F is a finite field F q and n is large enough, this method cannot be applied directly (see also [8, Subsection 6.1]). For example, if q = 7 and n = 5,then as n = 8 > 7=q, we cannot apply Toom-Cook method. Among schoolbook method, Karatsuba algorithm and Montgomery s improvements, the best result for M 7 (5) is M 7 (5) 13 (see [8, Table 1]). Note that Toom-Cook method gives M 7 (3) = 5 and M 7 () = 3. Therefore using Toom-Cook method recursively and (4), we obtain that M 7 (5) M 7 (3) + M 7 () =1, which is better than the upper bound M 7 (5) 13 obtained from Montgomery s formulae for 5-term polynomials. In the next section we will improve, for example, this bound to M 7 (5) 11 (see Example 1) and then we will improve this bound to M 7 (5) = 10 (see Example 3) which is optimal and therefore we use equality. Remark 1 It follows from the definitions that the inequalities on () and (4) on M(n) also hold if M(n) is replaced with M q (n), whereq is a prime power. 3 New Method For Polynomial Multiplication Over Finite Fields Let q be a prime power. Using Toom-Cook method we have M q (n) n 1 for n q +, and M q (n) n 1 for n q+. Toom-Cook method cannot be applied directly for obtaining an upper bound on M q (n) if n> q+. In the beginning of this section, we will show that modifying Toom- Cook method and using the extension F q /F q, we can obtain new formulae and improved upper bounds on M q (n) for n q +. Then, we will generalize our results using the extensions F q m/f q for arbitrary integers m and obtain new formulae and improved upper bounds on M q (n) forlargervaluesofn as well. The following definition is useful. Definition 1 Let q be a prime power and m be an integer. Let μ q (m) be the smallest number of multiplications needed over F q for multiplying two arbitrary elements of F q m. In the definition of μ q (m), multiplying two arbitrary elements of F q is counted but multiplying an element of F q with a constant in F q is not counted. Any polynomial multiplication formula over F q can be used for finite field multiplication because element of finite fields can be represented by polynomials. In order to multiply two elements of finite field, the elements are multiplied like polynomials and then the product is reduced using reduction polynomial of the finite field. The reduction step has no multiplicative cost. So we can assume that we have μ q (n) M q (n). Lemma 1 Let q be a prime power. We have μ q () 3. Proof. Karatsuba algorithm [6] gives the result. Now we give our first improvement using the extension F q /F q. Proposition 1 Let q be a prime power. Assume that q+ < n q +. There exists a formula for multiplying two arbitrary n-term polynomials over F q which gives M q (n) 6n q 5. (6) Proof. Assume that n> q+. We use Toom-Cook type evaluations over F q using the point, q elements of F q and n q elements from F q \F q. Here and throughout the paper, for sets A and B, the notation A\Bdenotes the subset of A excluding the elements of B. These need at most q +1multiplications in F q due to the point and the elements of F q,andatmostn q multiplications over F q due to the chosen n q elements of F q \F q.using Lemma 1 we obtain that M q (n) q +1+μ q ()(n q ) 6n q 5. Remark In the proof of Proposition 1, if we know that a multiplication corresponding to an evaluation and contributing to the upper bound (6) also appears in another evaluation, then we call such a multiplication an overlap. Since the proof of Proposition 1 does not take such overlaps into account, if we know the existence of such overlaps in a particular case, then the upper bound (6) can be improved. In Example we will illustrate such a situation. In the following example we demonstrate how to find the formula of Proposition 1 explicitly. Example 1 Let q =7and n =5. Note that x 3 F 7 [x] is irreducible and let w F 49 with w = 3. Let a = a 0 + a a 4 x 4 and b = b 0 + b 1 x + + b 4 x 4 be two arbitrary 5-term polynomials over F 7. We need to compute c 0,c 1,...,c 8 F 7 such that (a 0 + a 1 x a 4 x 4 )(b 0 + b 1 x+...+b 4 x 4 )=c 0 +c 1 x+...+c 8 x 8. Using the elements 0, 1,...,6 of F 7, w F 49 \ F 7 and the point, we obtain the following system of n 1=9equations: x =0 a 0 b 0 = c 0 x =1 (a a 4 )(b b 4 )=(c c 8 ) x = (a a 4 )(b b 4 )=(c c 8 ) x =3 (a a 4 )(b b 4 )=(c c 8 ) x =4 (a a 4 )(b b 4 )=(c c 8 ) x =5 (a a 4 )(b b 4 )=(c c 8 ) 86

4 x =6 (a a 4 )(b b 4 )=(c c 8 ) x = w (a w 4 a 4 )(b w 4 b 4 )=(c w 8 c 8 ) x = a 4 b 4 = c 8 We use the following notations for the products at the left hand side of equations above. Note that we reduce the products with respect to mod 7 and mod (w 3). D 0 = a 0 b 0 D 1 =(a 0 + a 1 + a + a 3 + a 4 )(b 0 + b 1 + b + b 3 + b 4 ) D =(a 0 +a 1 +4a +a 3 +a 4 )(b 0 +b 1 +4b +b 3 +b 4 ) D 3 =(a 0 +3a 1 +a +6a 3 +4a 4 )(b 0 +3b 1 +b +6b 3 +4b 4 ) D 4 =(a 0 +4a 1 +a +a 3 +4a 4 )(b 0 +4b 1 +b +b 3 +4b 4 ) D 5 =(a 0 +5a 1 +4a +6a 3 +a 4 )(b 0 +5b 1 +4b +6b 3 +b 4 ) D 6 =(a 0 +6a 1 + a +6a 3 + a 4 )(b 0 +6b 1 + b +6a 3 + b 4 ) D 7 =(a 0 +3a +a 4 +(a 1 +3a 3 )w)(b 0 +3b +b 4 + (b 1 +3b 3 )w) D 8 = a 4 b 4. As it is seen D 7 is the only product over F 49. If we expand D 7, then we get D 7 = t 1 t 1 +[(t 1 + t )(t 1 + t ) t 1t 1 t t ]w + t t w, where t 1 =(a 0 +3a +a 4 ),t 1 =(b 0 +3b +b 4 ),t = (a 1 +3a 3 ),t =(b 1 +3b 3 ). Substituting w =3we obtain D 7 = D 7 + D 7 w, where D 7 and D 7 are the multiplications over F 7 with D 7 = t 1t 1 +3t t, D 7 = [(t 1 + t )(t 1 + t ) t 1 t 1 t t ]. For any matrix A, leta T denote the transpose of A. Then we have C T = VD T where C = [ ] c 0 c 1 c c 3 c 4 c 5 c 6 c 7 c 8, D = [ ] D 0 D 1 D D 3 D 4 D 5 D 6 D 7 D 8, and V = w 3w+ w+5 6w+6 6w+1 w+ 3w+5 6w w w 4w+4 6w+5 w+3 w+4 6w+ 4w+3 w 6w Using D 7 = D 7 + D 7 w and c 0,c 1,...,c 8 F 7 we get an explicit formula for the coefficients as c 0 = D 0 c 1 = D 1 +5D +6D 3 + D 4 +D 5 +5D 6 +4D 7 c = 6D 1 +5D +3D 3 +3D 4 +5D 5 +6D 6 +6D 8 c 3 = 6D 1 +6D + D 3 +6D 4 + D 5 + D 6 c 4 = 6D 1 +3D +5D 3 +5D 4 +3D 5 +6D 6 c 5 = 6D 1 +5D +4D 3 +3D 4 +D 5 + D 6 c 6 = 6D 0 +6D 1 +6D +6D 3 +6D 4 +6D 5 +6D 6 c 7 = 4D 1 +5D +3D 3 +4D 4 +D 5 +3D 6 +3D 7 c 8 = D 8 Since D 7 requires 3 multiplications in F 7, this shows that we can multiply 5-term polynomials over F 7 with 11 multiplications in F 7. (7) By Proposition 1 we have M (3) 9. In the next example using 3 overlaps (cf. Remark ) we will improve it to M (3) 6. Example Let q =and n =3.Letw F 4 \ F with w + w +1=0.Leta 0 + a 1 x + a x and b 0 + b 1 x + b x be two arbitrary 3-term polynomials over F. We need to compute c 0,c 1,c,c 3,c 4 F such that (a 0 + a 1x + a x )(b 0 + b 1x + b x )=c 0 + c 1x c 4x 4. Using the elements 0, 1 of F, w, w F 4 \ F and the point we obtain the following matrix equation: [ c0 ] [ ] a 0b 0 (a 0+a 1+a )(b 0+b 1+b ) = (a 0+wa 1+w a )(b 0+wb 1+w b ) c 1 c c 3 c 4 Let us denote 01w+1 w 1 01 w w (a 0+w a 1+w 4 a )(b 0+w b 1+w 4 b ) a b D = (a 0 + wa 1 + w a )(b 0 + wb 1 + w b ), D 3 = (a 0 + w a 1 + w 4 a )(b 0 + w b 1 + w 4 b ). In the proof of Proposition 1, each of the contributions of D and D 3 to the upper bound (6) are counted as 3. Using w + w +1=0, we obtain that D = [(a 0 + a )(b 0 + b )+(a 1 + a )(b 1 + b )] +w[(a 0 + a 1 )(b 0 + b 1 )+(a 0 + a )(b 0 + b )], and D 3 = [(a 0 + a 1 )(b 0 + b 1 )+(a 1 + a )(b 1 + b )] +w[(a 0 + a )(b 0 + b )+(a 0 + a 1 )(b 0 + b 1 )]. The counted multiplications in Proposition 1 for D 1 are (a 0 + a )(b 0 + b ), (a 1 + a )(b 1 + b ), (a 0 + a 1 )(b 0 + b 1 ), and for D are (a 0 + a 1 )(b 0 + b 1 ), (a 1 + a )(b 1 + b ), (a 0 + a )(b 0 + b ). It is clear that there are at least 3 overlaps: each of the multiplications for D 1 are counted again for D. Therefore we obtain that M (3) (6n q 5) 3=6. In the rest of this section we give our generalizations. The first one is a straightforward generalization of Proposition 1. Recall that μ q (m) is defined in Definition 1. Proposition Let q be a prime power and m an integer. Assume that q+ <n qm +. There exists a formula for multiplying two arbitrary n-term polynomials over F q which gives M q (n) q +1+μ q (m)(n q ). (8) 87

5 Proof. By changing μ q () 3 with μ q (m) and applying the similar arguments in the proof of Proposition 1, we complete the proof. It follows from Definition 1 that if m 1,m are positive integers and m 1 m,thenμ q (m 1 ) μ q (m ).Hereand throughout the paper, for two positive integers m 1 and m, the notation m 1 m denotes that m 1 divides m. Indeed as F q m 1 is a subfield of F q m, any formula for multiplying two arbitrary elements of F q m can be used for multiplying two arbitrary elements of F q m 1. Moreover if 1 m 1 m are positive integers with m 1 m, then in all cases we know the upper bound on μ q (m 1 ) is less than or equal to the upper bound on μ q (m ). Therefore we would like to use all suitable finite fields of small size in order to obtain a better upper bound on M q (n). Using this idea now we give our general result which improves Proposition. First we give some notation. Let S q (k) be the number of elements in F q k \ F q d where d k. In other words, S q (k) =#{α F q k α/ F q d for all d k}. (9) Theorem 1 Let q be a prime power and m an integer. For an integer n> q+ assume it holds that n q + S q (k), (10) k m where S q (k) is defined in (9). There exists a formula for multiplying two arbitrary n-term polynomials over F q which gives M q (n) 1+q + k<m μ q(k)s q (k)+ μ q (m)(n q k<m S (11) q(k)). Proof. Let m be the least common multiple of the integers 1,,...,mand F = F q m. It is clear that F q k is a subfield of F for each k m. By assumption (10), apart from the point at, we can choose n elements of F such that exactly q of them are from ( F q,for k<mexactly S q (k) of them are from F q k and n q ) k<m S q(k) of them are from F q m. Using the method in the proofs of Propositions 1 and Proposition, we observe that Toom- Cook type evaluations at the point and at the elements of F q contribute to M q (n) by at most q +1multiplications. For each k < m Toom-Cook type evaluations at the chosen elements of F q k contribute to M q (n) by at most μ q (k)s q (k) multiplications. ( Finally, Toom-Cook type evaluations at the n q ) k<m S q(k) chosen elements of F q m ( contribute to M q (n) by at most μ q (m) n q ) k<m S q(k). This completes the proof. Remark 3 As in Proposition 1 and Remark, we can improve the upper bound (11) of Theorem 1 if we know the existence of overlaps. We provide such an example in Section 4. 4 Improved Bounds for Multiplying 10, 11 and 1-term Polynomials over F In this section, we will give a mixed method which provides improved bounds. Then we show existence of some overlaps in Theorem 1 for q =in detail and we will apply the results to n =10, 11 and 1 by using the mixed method. The following fact will be combined by the proposed method to obtain the mixed method. Fact 1 Let a(x) and b(x) be n-term polynomials over F q. If l coefficients of the product a(x) b(x) are known then (n l) elements of F q are enough for finding other coefficients of the product a(x) b(x) with (n l) multiplications in F q. We refer to [3, p. 30] for the proof of this fact. Note that since we count the point as an evaluation point, it is enough to use (n l) points. The following proposition gives some coefficients of the product polynomial with efficient number of multiplications. Therefore, we can use this proposition for further improvements. Proposition 3 Let a(x) = n 1 i=0 a ix i and b(x) = n 1 i=0 b ix i be n-term polynomials over F q and let c(x) = n i=0 c i x i be their product. It always holds c 0 = a 0 b 0,c 1 =(a 0 + a 1 )(b 0 + b 1 ) a 0 b 0 a 1 b 1, c =(a 0 + a )(b 0 + b ) a 0 b 0 a b + a 1 b 1, c n = a n 1 b n 1, c n 3 = (a n 1 + a n )(b n 1 + b n ) a n 1 b n 1 a n b n, c n 4 = (a n 1 + a n 3 )(b n 1 +b n 3 ) a n 1 b n 1 a n 3 b n 3 +a n b n. Proof of the proposition is obvious. Note that c 0 and c n are the products corresponding to evaluations at 0 and. After using those points the cost of each of c 1 and c n 3 is multiplications. Similarly, the cost of each of c and c n 4 is multiplications when we use c 0,c 1,c n and c n 3. The following example shows how to use Proposition 3 and Fact 1. Example 3 Consider 5-term polynomial multiplication over F 7. Since 7 <.5, we have M 7 (5) >.5 1=9. In Example 1 it is found M 7 (5) 11. Now we will find the optimal bound M 7 (5) = 10 by using interpolation and Proposition 3. Now using the points of F 7, and the known coefficient c 1 =(a 0 + a 1 )(b 0 + b 1 ) a 0 b 0 a 1 b 1 in the equation ( 4 i)( 4 ) ( 8 ) a i x b i x i = c i x i, i=0 i=0 i=0 we get x =0 a 0b 0 = c 0, x = 1 (a 0 + a a 4)(b 0 + b b 4) = 88

6 (c 0 + c c 8), x = (a 0 +a a 4)(b 0 +b b 4)= (c 0 +c c 8), x =3 (a 0 +3a a 4)(b 0 +3b b 4)= (c 0 +3c c 8), x =4 (a 0 +4a a 4)(b 0 +4b b 4)= (c 0 +4c c 8), x =5 (a 0 +5a a 4)(b 0 +5b b 4)= (c 0 +5c c 8), x =6 (a 0 +6a a 4)(b 0 +6b b 4)= (c 0 +6c c 8), x = a 4b 4 = c 8, and c 1 =(a 0 + a 1 )(b 0 + b 1 ) a 0 b 0 a 1 b 1. If we construct the system of linear equations in F 7 like in Example 1, we see that the matrix of the linear system is invertible. Therefore we get M 7 (5) = 10 since 7 multiplications comes from the elements of F 7, 1 multiplication is counted for and multiplications are counted for c 1. The proposed method described in Section 3 can be combined with Fact 1 and Proposition 3 as in Example 3. We call this method as the mixed method. Now we will find the polynomial multiplication bounds for n =10, 11 and 1 over F by using the mixed method. However, in order to find better results we need to find all possible overlaps. The following proposition is for the case F. Proposition 4 Let q =, w F 4 with w + w +1=0, α F 8 with α 3 +α+1 = 0 and γ F 16 with γ 4 +γ+1 = 0. For an integer n 1, leta(x) = n 1 i=0 a ix i and B(x) = n 1 i=0 b ix i be two arbitrary n-term polynomials over F. In computing the product A(x)B(x) using the method of Theorem 1: i) the total number of multiplications needed for the evaluation at the elements of the set {w, w } is at most 3, instead of μ () 6, ii) the total number of multiplications needed for the evaluation at the elements of the set { α, α,α 4} (respectively { α 3,α 6,α 5} )isatmost6, instead of μ (3) 3 18, iii) the total number of multiplications needed for the evaluation at the elements of the set { γ,γ,γ 4,γ 8} (respectively { γ 3,γ 6,γ 1,γ 9} and { γ 7,γ 14,γ 13,γ 11} ) is at most 9, instead of μ (4) Proof. We give a detailed proof of item i) only as the proofs of the items ii) and iii) are similar. Let w 1 = w and w = w. Let I 0 = {0 i n 1 : i 0 mod 3}, I 1 = {0 i n 1:i 1 mod 3} and I = {0 i n 1:i mod 3}. Using the relation w1 = w 1 +1we obtain that A(w 1 )=A 0 + w 1 A 1,B(w 1 )=B 0 + w 1 B 1, where A 0,A 1,B 0,B 1 F are given by A 0 = i I 1 a i,a 1 = i I 0 a i,b 0 = i I 1 b i,b 1 = i I 0 b i. Then, using a Karatsuba type argument, we get A(w 1 )B(w 1 )=(A 0 B 0 + A 1 B 1 )+w 1 [(A 0 + A 1 )(B 0 + B 1 )+A 0 B 0 )]. We note that A 0 + A 1 = i I a i, and B 0 + B 1 = i I b i. The counted multiplications for the evaluation at w 1 in the method of Theorem 1 are ( )( ) A 0 B 0 = a i b i, ( i I 1 )( i I 1 ) A 1 B 1 = a i b i, (1) i I 0 i I 0 ( )( ) (A 0 + A 1 )(B 0 + B 1 )=. i I a i i I b i Since w 1 and w are conjugates of each other we have w + w +1=0.Sowehavew = w +1and we obtain that A(w )=A 0 + w A 1,B(w )=B 0 + w B 1, where A 0 = A 0, A 1 = A 1, B 0 = B 0, and B 1 = B 1 F. It is seen that multiplications needed for the evaluation at w and multiplications needed for the evaluation at w are the same, and hence the total number of evaluations needed for the elements of {w, w } is 3. This completes the proof of item i). Remark 4 The observation that is used in the proof of Proposition 4 can be used for any finite field F q. If F q d is the extension field of F q then the total number of multiplications needed for the evaluation at the elements of the set S = {α, α q,α q,...,α qd 1 } is equal to the total number of multiplications needed for the evaluations at the element α because the elements in S are all conjugates of each other and they are the roots of the reduction polynomial of F q d. Note that overlaps are independent from the reduction polynomial of F q d. However, if polynomial multiplication is used for finite field multiplication then the reduction polynomial affects the number of additions. In order to decrease the number of additions it would is better to chose the reduction polynomial having coefficients as low as possible such as binomial or trinomial. Now we will show how to find the polynomial multiplication bounds by using the mixed method. 89

7 Example 4 Let q =and w, α, γ be as defined in proposition 4. We first consider 10-term polynomials over F.As 10 =18, using the method of Theorem 1, apart from the point at, it is enough to choose the following evaluation 18 points: {0, 1}, {w, w }, {α, α,α 4 }, {α 3,α 6,α 5 }, {γ,γ,γ 4,γ 8 }, {γ 3,γ 6,γ 1,γ 9 }. Using Proposition 4 and the method of Theorem 1 we obtain existence of an explicit formula for multiplying two 10-term polynomials over F which gives M (10) =36. Next we consider 11-term polynomials over F. We have 11 = 0 and apart from the point we consider the following 0 points: {0, 1}, {α, α,α 4 }, {α 3,α 6,α 5 }, {γ,γ,γ 4,γ 8 }, {γ 3,γ 6,γ 1,γ 9 }, {γ 7,γ 14,γ 13,γ 11 }. Hence we obtain M (11) =4. Finally we consider 1-term polynomials over F. We have 1 = and apart from the point at we consider the following points:{0, 1}, {w, w }, {α, α,α 4 }, {α 3,α 6,α 5 }, {γ,γ,γ 4,γ 8 }, {γ 3,γ 6,γ 1,γ 9 }, {γ 7,γ 14,γ 13,γ 11 }. Then we get M (1) =47. However, a recent paper [5] finds M (10) 35,M (11) 40 and M (1) 44 by using Chinese Remainder Theorem. We will also obtain the same bound in [5] by using the mixed method as follows: First n =10. As 10 =18, using the method of Theorem 1, apart from the point at, it is enough to choose 18 evaluation points. If we use c 16,c 15,c 1 and c given in Proposition 3, it is enough to choose 18 4=14evaluation points. Let us choose{0, 1}, {w, w }, {α, α,α 4 }, {α 3,α 6,α 5 }, {γ,γ,γ 4,γ 8 } which gives M (10) =35. For n =11we use {0, 1}, {w, w }, {α, α,α 4 }, {α 3,α 6,α 5 }, {γ,γ,γ 4,γ 8 }, {γ 3,γ 6,γ 1,γ 9 } together with c 1 and c 19. Then it is obtained M (11) 40 since c 1 and c 19 cost 4 multiplications. Similarly, if we use c 16,c 15,c 1 and c instead of using points in the set {γ 7,γ 14,γ 13,γ 11 } in the computation of M (1) we decreased the number of multiplications from 45 to 44 since the cost of c 16,c 15,c 1 and c is 8 while the cost of {γ 7,γ 14,γ 13,γ 11 } is 9 multiplications. 5 Efficiency of the Proposed Method The proposed method provides multiplication algorithms which uses less number of multiplications than known methods. However, since the proposed method is based on the interpolation method, the number of additions may increase. The main question is the effect of those additions in practice. In this section, we discuss the efficiency of the proposed method. In order to see the effect of additions, we will give timing results for 5-term polynomials over fields of characteristic 5. We compare the proposed method for 5-term polynomial multiplication over F 5 with Montgomery s 5-term multiplication formula [8] and Karatsuba s 5-term multiplication formula [10]. Note that Mongomery s and Karatsuba s 5-term polynomial multiplication formulae use 13 and 15 multiplications in F 5, respectively. The proposed method provides a 5-term polynomial multiplication formula with 11 multiplications in F 5 as follows. Let a(x) = 4 i=0 a ix i and b(x) = 4 i=0 b ix i be 5-term polynomials over F 5 such that a(x)b(x) =c(x) = 8 i=0 c ix i. We use the 5 points from F 5,, α and β where α, β F 5 /F 5 such that α +3 = 0and β +3 = 0. Moreover, if we use the known coefficient c 1 = (a 0 + a 1 )(b 0 +b 1 ) a 0 b 0 a 1 b 1, we obtain the multiplication formula. Note that the total number of multiplications needed for the evaluation at the elements of the set {α, β} is at most 3 multiplications in F 5 by Remark 4. Therefore we find M 5 (5) 11. The explicit formula is the following: m 1 = a 0 b 0,m =(a 0 + a 1 )(b 0 + b 1 ),m 3 = a 1 b 1, m 4 =(a 0 + a 1 + a + a 3 + a 4 )(b 0 + b 1 + b + b 3 + b 4 ), m 5 =(a 0 +a 1 +4a +3a 3 +a 4 )(b 0 +b 1 +4b +3b 3 +b 4 ), m 6 =(a 0 +3a 1 +4a +a 3 +a 4 )(b 0 +3b 1 +4b +b 3 +b 4 ), m 7 =(a 0 +4a 1 +a +4a 3 +a 4 )(b 0 +4b 1 +b +4b 3 +b 4 ), m 8 = a 4 b 4,m 9 =(a 0 +a +4a 4 )(b 0 +b +4b 4 ) m 10 =(a 1 +a 3 )(b 1 +b 3 ), m 11 =(a 1 +a 3 +a 0 +a +4a 4 )(b 1 +b 3 +b 0 +b +4b 4 ). c 0 = m 1, c 1 = m m 1 m 3, c =m 1 +3m 4 +4m 5 +4m 6 +3m 7 +m 8 +4m 9 +8m 10, c 3 =m m 1 m 3 +3m 4 +m 5 +3m 6 +m 7 + 4m 11 4m 9 4m 10, c 4 =4m 1 +4m 4 +4m 5 +4m 6 +4m 7 +4m 8, c 5 =4m 4m 1 4m 3 +4m 4 +m 5 +3m 6 + m 7, c 6 =3m 1 + m 4 +m 5 +m 6 + m 7 +3m 8 + m 9 +m 10, c 7 =3m 3m 1 3m 3 + m 4 + m 5 +4m 6 +4m 7 + m 11 m 9 m 10, c 8 = m 8. In Table 1, we give timing comparisons among our explicit formula, Montgomery s 5-term polynomial multiplications [8] and Karatsuba s 5-term polynomial multiplication formula [10]. We implement the formulae recursively by using () for 5 k -term polynomial multiplications over F 5,wherek 1. The implementation of formulae in the platform of a single-processor 3.00-GHZ Pentium 4 gives a slightly slower timing results for 5-term polynomials as indicated in Table 1. However, proposed explicit formula for 90

8 5-term polynomial multiplications over F 5 is much better in timings compared to [8] and [10], especially for k>1 because the number of multiplications dominates the number of additions for k>1. Table 1: Timings (μ sec) for F 5 Polynomial Multiplication n Proposed Method Montgomery Karatsuba ,075. 3,15 16,896 3,481 37,376 Finally we give two examples of practical applications for which the number multiplications in polynomial multiplication formula is much more important than the number additions used in that formula. Firstly we consider polynomial multiplication over large finite fields. Let m>1bean integer. It is well known that any n-term polynomial multiplication formula over F q is valid for n-term polynomial multiplication over F q m.if we apply the proposed formula over F q m, the effect of addition will be negligible. For example, consider the proposed formula for 5-term polynomial multiplication formula over F 5. When we use this proposed formula for 5-term polynomials over F 5 m, we use 11 multiplications in F 5 m whereas Montgomery s formula uses 13 multiplications in F 5 m and Karatsuba s formula uses 15 multiplications in F 5 m.since the multiplication in F 5 m takes much more time than the addition in F 5 m, the formula which uses less multiplication will produce faster polynomial multiplication. Second we consider the multiplication of matrix polynomials. Multiplication of matrices takes much more time than their addition. In such an application, the number of multiplications will be more important parameter than the number of additions. For example, consider the 10-term binary matrix polynomials with coefficients of the size matrices. In this case the multiplication of those matrices will take much more time than the additions of those matrices. So, the proposed method will give faster matrix multiplication of polynomials. 6 Conclusions We gave a method for polynomial multiplication over finite fields using field extensions and polynomial interpolation. Using this method we obtained explicit formulae which improved the previous results. We analyzed for n-term polynomial multiplications over F, where n {10, 11, 1}, in detail. Moreover we discussed the efficiency of the proposed method. Acknowledgments A part of this paper was written while the third author was visiting Temasek Laboratories and Department of Mathematics at the National University of Singapore. He would like to thank both institutes for the hospitality. This research of the third author was supported by the DSTA grant R with Temasek Laboratories in Singapore and NTU Research Grant No. M The first and the third authors were supported by TÜBİTAK under Grant No. TBAG-107T86. References [1] M. Bodrato and A. Zanoni. Integer and Polynomial Multiplication: Towards Optimal Toom-Cook Matrices, Proceedings of the ISSAC 007 Conference, Ontario, Canada, pp. 17-4, ACM Press, July 9 - August 1, 007, ACM press. [] M. Bodrato: Towards optimal Toom-Cook multiplication for univariate and multivariated polynomials in characteristic and 0, Proc. WAIFI 007, LNCS 4547, pp , June 007. [3] P. Bürgisser, M. Clausen and M. A. Shokrollahi, Algebraic Complexity Theory, Springer, [4] S. A. Cook. On the Minimum Computation Time of Functions. pages 51-77, Thesis, Harvard University, Cambridge, MA, [5] H. Fan and M. Anwar Hasan, Comments on Five, Six, and Seven-Term Karatsuba-Like Formulae, IEEE Transactions on Computers, vol. 56, no. 5, pp , 007. [6] A. Karatsuba and Y. Ofman. Multiplication of multidigit numbers by automata, Soviet Physics-Doklady, (7): , [7] D. E. Knuth. The Art of Computer Programming: Seminumerical Algorithms, Volume, Second Edition, Addison-Wesley, [8] P. L. Montgomery. Five, six, and seven-term Karatsuba-like formulae. IEEE Transactions on Computers, 54(3):36-369, March 005. [9] A. L. Toom. The complexity scheme of functional elements realizing the multiplication of integers, Soviet Mathematics, 3: , [10] A. Weimerskirch and C. Paar. Generalizations of the Karatsuba Algorithm for Polynomial Multiplication, Avaliable: 91