arxiv: v1 [math.nt] 12 Nov 2018

Size: px

Start display at page:

Download "arxiv: v1 [math.nt] 12 Nov 2018"

Lisa Edwards
5 years ago
Views:

1 THE DIOPHANTINE EXPONENT OF THE Z/qZ POINTS OF S d S d arxiv: v1 [math.nt] 1 Nov 018 M. W. HASSAN, Y. MAO, N. T. SARDARI, R. SMITH, X. ZHU Abstract. Assume a polynomial-time algorithm for factoring integers, Conjecture 1.1, d 3, and q and p are prime numbers, where p q A for some A > 0. We develop a polynomial-time algorithm in log(q) that lifts every Z/qZ point of S d S d to a Z[1/p] point of S d with the minimum height. We implement our algorithm for d = 3 and 4. Based on our numerical results, we formulate a conjecture which can be checked in polynomial-time and gives the optimal bound on the diophantine exponent of the Z/qZ points of S d S d Motivation. Let 1. Introduction S d (R) := {(x 0,..., x d ) : x x d = 1, where x i R for 0 i d}, where R is any commutative ring. Let S d (R) S d (R), be the subset of the points with the coordinates (x 0,..., x d, 0, 0) S d (R). Suppose that q is a prime number, and a S d (Z/qZ). Let p be an odd prime number, we say that s S d (Z[1/p]) is an integral lift of a if s a mod q. Let H : S d (Z[1/p]) Z + be the natural height function defined by H(( n 0 p,..., n d h0 p h )) := max. d 0 i d phi where gcd(n i, p) = 1 for 0 i d. We define the diophantine exponent of a S d (Z/qZ) with respect to p to be w p (a) := d 1 min log d q (H(s)) : s S d (Z[1/p]) lifts a. Assume that d 3. By the circle method (Hardy-Littlewood circle method for d 4 and its refinement by Kloosterman [Klo7] for d = 3), it follows that w p (a) < for every a S d (Z/qZ). Moreover, it follows from the circle method that the number of the integral points s S d (Z[1/p]) with H(s) p h is less than O ɛ (p h(d 1+ɛ) ) for any ɛ > 0. It is elementary to check that #S d (Z/qZ) q d. Hence, by a Pigeonhole argument, it follows that w p (a) 1 + o q (1) for all but a tiny fractions of a S d (Z/qZ). It follows from the work of the third author [Sar15a, Theorem 1.] that w p (a) /d + o q,ɛ (1) for every a S d (Z/qZ), d 4, and p q ɛ, where o q,ɛ (1) 0 as q and ɛ 0. Moreover, this bound is essentially optimal. The third author also conjectured [Sar15a, Conjecture 1.3] that w p (a) 4/3+o q,ɛ (1) for d = 3. This is the non-archimedian version of Sarnak s conjecture on the covering exponent of integral points on the sphere; see [Sar15b], [Sar15a], and [BKS17]. The main motivation for studying w p (a) for a S d (Z/qZ) S d (Z/qZ) comes from the navigation algorithms for the LPS Ramanujan graphs X p,q, and Date: November 19,

2 M. W. HASSAN, Y. MAO, N. T. SARDARI, R. SMITH, X. ZHU its archimedean analogue which is the Ross and Selinger algorithm for navigating P SU() with the golden quantum gates; see [LPS88], [Mar88], [PLQ08], [Sar17a], and also [RS16] and [PS18]. More precisely, the vertices of the LPS Ramanujan graph X p,q are labeled with ±a S 3 (Z/qZ)/±, if p is a quadratic residue mod q. It follows from [LPS88] and [Sar17a, Theorem 1.7] that the shortest path between ±a and ±(1, 0,..., 0) with even number of edges is log p (q 3 )w p (a). In [Sar17a, Theorem 1.], the third author developed and implemented a conditional polynomial-time algorithm that gives the shortest possible path between any ±a S 1 (Z/qZ) S 3 (Z/qZ) and ±(1, 0,..., 0). He also proved that finding the shortest possible path between a generic point ±a S 3 (Z/qZ) and ±(1, 0,..., 0) is essentially NP complete [Sar17a, Corollary 1.9]. The archimedean analogue of this NP-completeness result is in the work of Sarnak and Parzanchevski [PS18]. Therefore, the diophantine exponent w p (a) for a S 1 (Z/qZ) S 3 (Z/qZ) and its archimedean analogue is proportional to the size of the output of these navigation algorithms. Understanding the size of the output of these algorithms is a fundamental problem in quantum computing. Since it helps us to optimize the cost of the implementation of an algorithm on a quantum computer if one is ever build. The only known upper bound is w p (a) +o(1) [LPS88] which implies diamx p,q ( + o(1)) log p (q 3 ), where diamx p,q is the diameter of the LPS Ramanujan graph X p,q. The third author also proved that diam(x p,q ) (4/3) log p (q 3 ) for some integral values of q [Sar18]. The third author conjectured that diam(x p,q ) = 4/3 log p (q 3 ) + o q (1). The numerical results of Ross and Selinger [RS16] and the third author [Sar17a, Sar18] suggests that for all but tiny fractions of a S 1 (Z/qZ) S 3 (Z/qZ), we have w p (a) = 1 + o q (1). It is also observed that max a (w p (a)) = 4/3 + o q (1). The main goal of this paper is to give a theoretical explanation to these observation. 1.. Main results. In this paper, we develop a conditional polynomial-time algorithm for lifting every a S d (Z/qZ) S d (Z/qZ) to an integral point s S d (Z[1/p]) with the minimal height. In particular, we have a conditional polynomial time algorithm in log(q) that computes w p (a) for every a S d (Z/qZ) S d (Z/qZ). We prove that our algorithm terminates in polynomial-time by assuming a polynomial-time algorithm for factoring integers and an arithmetic conjecture, which we formulate next. Let t := (t 0,..., t d ) and Q(t) := N q (t 0 + b0 q ) (t d + b d q ), where N, b 0,..., b d are integers, N b b d mod q, and gcd(n, q) = 1. Define (1.1) A Q,r := { t Z d 1 : Q(t) Z, t < r, and Q(t) 0 }, where r > 0 is some positive real number. Conjecture 1.1. Let Q and A Q,r be as above. There exists constants γ > 0 and C γ > 0, independent of Q and r, such that if A Q,r > C γ (log N) γ for some r > 0, then Q expresses a sum of two squares inside A Q,r. We denote the following assumptions by ( ): (1) There exists a polynomial-time algorithm for factoring integers, () Conjecture 1.1 holds. This is a version of our main theorem.

3 THE DIOPHANTINE EXPONENT OF THE Z/qZ POINTS OF S d S d 3 Theorem 1.. Assume ( ), d 3 is fixed, p q and p q A for some fixed A > 0. We develop a deterministic polynomial-time algorithm in log(q), that on input a S d (Z/qZ) S d (Z/qZ) returns a minimal lift s S d (Z[1/p]) of a. We prove Theorem 1. in Section. Remark 1.3. By [Sar17a, Corollary 1.9], finding a minimal lift of a generic point a S d (Z/qZ) is essentially NP-complete. Moreover, Theorem 1. generalizes the lifting algorithm for the Z/qZ points of S 1 S 3 [Sar17a, Theorem 1.10] to S d S d for any d 3. The main observation of this paper links w p (a) to another invariant associated to a S d (Z/qZ) S d (Z/qZ), which we describe next. Suppose that a = (a 0,..., a d, 0, 0). Let L(a) be the following sub-lattice of Z d 1 with co-volume q: (1.) L(a) := { (x 0,..., x d ) Z d 1 : x 0 a x d a d 0 mod q }. For any Z basis B = {v 1,..., v d 1 } of L(a), let (1.3) M(B) = max{ v 1,..., v d 1 }, where v is the Euclidean norm of v. Define the height function η(a) := log q min M(B), B where B varies among all Z basis of L(a). We prove that η(a) is computable in polynomial-time in log(q) up to an error term of size O d (1/ log(q)). Theorem 1.4. Fix d 3. We develop a deterministic polynomial-time algorithm in log(q), that on input a S d (Z/qZ) S d (Z/qZ) returns η(a) + O d (1/ log(q)). We implemented the algorithms in Theorem 1. and Theorem 1.4 for d = 4 [HMS + 18]. Figure 1 illustrates our main observation, which links the diophantine exponent w p (a) to the height function η(a). Figure 1. Random Coordinates We graph w p (a) against η(a) for a chosen randomly on a logarithmic scale and eight 130-digit values of q, as described in Section 3. Figure 1 suggests the following

4 4 M. W. HASSAN, Y. MAO, N. T. SARDARI, R. SMITH, X. ZHU linear relation between w p (a) and η(a) (1.4) w p (a) = 3 4 (1 + η(a)) + o q(1). We give further numerical evidences that supports the above relation in Section 3. Moreover, we prove the following theorem in Section. Theorem 1.5. Assume d 3, Conjecture 1.1, and p log(q). We have w p (a) d 1 (1 + η(a)) + O(log log(q)/ log(q)), d where the implicit constant in O(log log(q)/ log(q)) only depends on γ and C γ defined in Conjecture 1.1 and it is independent of p, q, and a. Based on our numerical results and Theorem 1.5, we conjecture the following optimal upper bound on w p (a) for every a S d (Z/qZ) S d (Z/qZ). Conjecture 1.6. Let a S d (Z/qZ) S d (Z/qZ), p log(q) be a prime number and d 3. We have (1.5) w p (a) d 1 (1 + η(a)) + O(log log(q)/ log(q)), d where the implicit constant in O(log log(q)/ log(q)) only depends on d and it is independent of p, q, and a. Remark 1.7. By Theorem 1. and Theorem 1.4, w p (a) and η(a) are computable in polynomial-time in log(q). Our algorithm for d = 4 [HMS + 18] has been implemented and it runs and terminates quickly for q We verify Conjecture 1.6 for various values of q and a in Section 3. We expect that the upper bound (1.5) to be sharp for a generic a S d (Z/qZ) S d (Z/qZ) and prime p log(q). More precisely, we expect that (1.6) w p (a) = d 1 (1 + η(a)) + O(log log(q)/ log(q)) d for fixed a S d (Z/qZ) S d (Z/qZ), and all but tiny fractions of primes 1 p 1 log(q). Moreover, by the equidistribution of covolume-1 lattices L(a) in the q 1/(d 1) space of the unimodular lattices, for all but a tiny fractions of a S (Z/qZ) S 4 (Z/qZ), we have η(a) = 1/(d 1) + O(log log(q)/ log(q)). It is also conjectured for d 3 that w p (a) = 1 + O(log log(q)/ log(q)) for all but a tiny fractions of a S d (Z/qZ) S d (Z/qZ). Hence, the identity (1.6) holds for a generic choice 1 of parameters. Note that d 1 η(a) 1. Hence, we expect that the diophantine exponent w p (a) to be dense in the interval [1, /d] as q. We give strong numerical evidence for this in Section Outline of the proofs. We give an outline of the proof of Theorem 1.. The proof is based on induction on d. The base case d = 3 was essentially proved in the previous work of the third author [Sar17a, Theorem 1.10]. Our algorithm starts with searching for the lattice points of L(a) inside a convex region defined by the intersection of two balls. There is a similar step in the work of Ross and Selinger [RS16]. Sarnak and Ori [PS18] explained this step in terms of Lenstra s work [Len83]. If the convex region is defined by a system of linear inequalities in a fixed dimension then the general result of Lenstra [Len83] implies this search is polynomially solvable. We use a variant of Lenstra s argument that is developed

5 THE DIOPHANTINE EXPONENT OF THE Z/qZ POINTS OF S d S d 5 in [Sar17a, Theorem 1.10] and Conjecure 1.1 to reduce the problem to dimension d 1. At the final stage of our algorithm, we need to represent a given integers m as a sum of two squares if it is possible. We apply Pollard s rho algorithm to factor m into primes, and check if all the prime factors with the odd exponent are congruent to 1 mod 4. Finally, we use Schoof s algorithm [Sch85] to express each prime divisor p 1 mod 4 as a sum of two squares. An important feature of our algorithm is that it has been implemented for d = 4 [HMS + 18] and d = 3 [Sar17b], and it runs and terminates quickly. Acknowledgements. We thank Brandon Boggess for his help for implementing the code of Theorem 1.. We also thank Professor Peter Selinger for publicly providing a very useful Haskell package (newsynth) which was used in our code.. Proof of Theorem 1. and δ-lll reduced basis. In this section we define a δ-lll reduced basis of R d, and give a proof of Theorem 1.4. We cite a theorem due to Babai on the shape of the LLL-reduced basis. We refer the reader to [LLL8, Section 1] for a detailed discussion of the LLL-algorithm. We first recall the Gram-Schmidt process. Definition.1. Let v 1,..., v k be k linearly independent vectors in R n. The Gram- Schmidt orthogonalization of v 1,..., v k is defined inductively by ṽ i = v i i 1 j=1 µ i,jṽ j, where µ i,j := vi,ṽj ṽ j,ṽ j. Next, we define a δ-lll reduced basis of R d for any 1/4 < δ < 1. Definition.. A basis {v 1,..., v d } R d is a δ-lll reduced basis if the following holds: (1) µ i,j 1/, for every 1 i n, and j < i, () δ ṽ i µ i+1,i ṽ i + ṽ i+1 for for every 1 i < n. Remark.3. By [LLL8, Proposition 1.6], the LLL-algorithm transforms a given basis B of a lattice L Z d in O(d 4 log(m(b))) operatins into a δ-lll reduced basis of R d, where M(B) is defined in (1.3). We cite the following theorem from [Bab86, Theorem 5.1]. Theorem.4 (Babai). Let {v 1,..., v d } be a δ LLL reduced basis with δ = 3/4. Let θ k denote the angle between v k and the linear subspace U k = j k Rv j. Then, for every 1 k d, sin θ k ( 3 )d. We give a proof of Theorem 1.4. Proof. We give an LLL-reduced basis for the lattice L(a). Assume the a 0 0 mod q. Let ã 0 q 1 be the integer such that ã 0 (a 0 ) 1 mod q. Let v 0 := (q, 0,..., 0) L(a), and v i := ( ã 0 a i, δ 1,i,..., δ d,i ) for 1 i d, where δ i,j = 1 if i = j, and δ i,j = 0 otherwise. Since the covolume of L(a) is q, it follows that {v 0,..., v d } is a Z basis for L(a). We apply the LLL basis reduction algorithm on {v 0,..., v d } for δ = 3/4 and obtain a 3/4-LLL

6 6 M. W. HASSAN, Y. MAO, N. T. SARDARI, R. SMITH, X. ZHU reduced basis B L := {u 0,..., u d } for L(a) in O(log(q)) steps; see Remark.3. By [LLL8, Proposition 1.1], we have Hence, min B M(B) M(B L) (d )/ min M(B). B 0 log q (M(B L )) η(a) d log q = O d(1/ log q). This concludes the proof of Theorem Proof of Theorem 1.. Recall the notations while formulating Theorem 1.. Let a = (a 0,..., a d ), where a d 1 a d 0 mod q. Assume that s := ( n0,..., n p h d ) p h S d (Z[1/p]) is a minimal lift of a, where n i Z. Hence, we have n n d = p h, n i p h a i mod q for 0 i d. More generally, let N q A for some fixed A > 0 be an integer, and b i Z for 0 i d, where d i=0 b i N mod q. Theorem 1. follows from the following Proposition. Proposition.5. Assume ( ) and d 3, we develop a polynomial-time algorithm in log(q) that finds a solution (t 0,..., t d ) Z d+1, if it exists, to (.1) (qt 0 + b 0 ) + + (qt d + b d ) + (qt d 1 ) + (qt d ) = N. If there is no integral solution, it terminates in polynomial-time in log(q). Proof of Theorem 1.. For 0 h 4 log p q, let N = p h and b i a i p h mod q for 0 i d. By theorem [Sar15a, Theorem 1.] the diophantine equation (.1) has a solution for every (3 + o q (1)) log p q h 4 log p q. Our goal is to find the smallest h such that the equation (.1) has a solution, and then find a solution to the equation (.1). For 0 h 4 log p q, apply the algorithm in Proposition.5, in order to find an integral solution to the equation.1. If there exits such a solution (t h,0,..., t h,d ), then s h := ( qt h,0 + b 0 p h,..., qt h,d + b d p h, qt h,d 1 p h, qt h,d p h ) is a lift for a S d (Z[1/p]). Otherwise the algorithm in Proposition.5 terminates in polynomial-time in log(q) with no solutions, and a does not have any integral lift s S d (Z[1/p]) with H(s) = p h. We have a lift s h for every (3 + o q (1)) log p q h 4 log p q, let h min be the smallest exponent 0 h 4 log p q such that the lift s h exists. Then s hmin is a minimal lift and this concludes the proof of Theorem 1.. Next, we prove two auxiliary lemmas and finally give a proof of Proposition.5. By rearranging (.1), we have (.) t d 1 + t d = N/q (t 0 + b 0 /q) (t d + b d /q). Let Q(t) := N/q t + 1 q b, where t = (t 0,..., t d ), b = (b 0,..., b d ) and. is the Euclidean norm. Recall the definition of A Q,r from (1.1), where r > 0 is some real number. By Conjecture 1.1, if A Q,r > C γ (log N) γ then the equation (.) has a solution, where

7 THE DIOPHANTINE EXPONENT OF THE Z/qZ POINTS OF S d S d 7 t A Q,r. Let k := (N b )/q. Since b N mod q, k Z. We can further rearrange (.): t d 1 + t d = (k b, t )/q t. Note that t A Q,r iff the following two conditions are satisfied: Condition 1: t + 1 q b N/q, and t < r. Condition : b, t k mod q. We first focus on Condition. Without loss of generality, we assume that a 0 0 mod q. Then b 0 p h a 0 0 mod q and b 0 has an inverse mod q. Let b 0 q 1 be the integer such that b 0 (b 0 ) 1 mod q. Then t 0 := (k b 0, 0,..., 0) is a solution for the congruence equation in Condition (). Since p h a b mod q, the integral solutions of Condition () are the translation of the lattice points of L(a) by t 0. Let {u 0,..., u d } be the 3/4-LLL reduced basis for L(a) that is defined in the proof of Theorem 1.4. We write t d q b = c i u i, for sum c i 1 q Z. Let t 0 = d i=0 r iu i, where r i 1/ and c i r i Z for every 0 i d. Assume that t Z d 1 satisfies Condition (). Then, there exists a one to one correspondence between t and x := (x 0,..., x d ) Z d 1, such that: Let i=0 d t 0 + x i u i = t + 1 q b. i=0 d F (x) := N/q t 0 + x i u i. Note that F (x) = Q(t) by the above correspondence, and F (x) Z for every x Z d 1. Clearly Condition (1) is satisfied if and only if F 0. We prove two general lemmas for listing the positive values of F (x). Assume that {w 1,..., w m } is a 3/4-LLL basis for R m. Let w 0 = m i=1 s iw i, where s i < 1/. Define m H(x 1,..., x m ) := M w 0 + x i w i, where M is some real number. Lemma.6. Assume that α w k > M for some α > 0, and H(x 1,..., x m ) > 0, then x k α( 3 ) m + 1. Proof. Since H(x 1,..., x m ) > 0, we have i=0 i=1 0 < H(x 1,..., x m ) M ( sin θ k (x k + s k ) w k ). By Theroem.4 and α w k > M, we have Hence, sin θk (x k + s k ) w k ( 3 )m ( x k 1/) M α. x k α( 3 ) m + 1/.

8 8 M. W. HASSAN, Y. MAO, N. T. SARDARI, R. SMITH, X. ZHU This concludes the lemma. Lemma.7. Assume that m w i < M for 1 i m. Let A i := M m w i 1/ and C := m i=1 [ A i, A i ]. Then H(x) is positive for every x C and negative outside m( 3 ) m C. Proof. Recall that H(x 1,..., x m ) = M w 0 + m i=1 x iw i, and w 0 = m i=1 s iw i, where s i < 1/. Assume that x C. By the triangle inequality H(x) M ( m ( x i + 1/) w i ) M ( m (A i + 1/) w i ) i=1 i=1 M M = 0. Next, we show that H is negative outside m( 3 ) m C. Assume that y := (y 1,..., y m ) m( 3 ) m C. Hence, there exits 1 k m such that y k m( 3 ) m A k. By Theorem.4 and the assumption m w k < M, we obtain F (y) M ( sin θ k (y k + r k ) w k ) ( M ( 3 )m( m( 3 ) m M ) ( m w k 1/) 1/) w k < 0 This concludes our lemma. Finally, we give a proof of Proposition.5. Proof of Proposition.5. Recall the notations and the assumptions while formulating Proposition.5. We develop an algorithm that finds a solution to the equation (.) in polynomial-time in log(q), and if it does not have a solution, it terminates in polynomial-time in log(q). First, assume that (d 1) u i < N q for every 1 i d 1. By Lemma.7, there exists a box C such that F (x) is positive inside C and it is negative outside (d 1)( 3 ) d 1 C. We consider two cases. Case 1: if C C γ log(n) γ, Case : if C > C γ log(n) γ. where C = d i=0 A i, C γ and γ are defined in Conjecture 1.1. For Case 1, we check if any point x (d 1)( 3 ) d 1 C gives a solution to the equation. as follows. We factor F (x) in polynomial-time in log(q) into its prime powers, by our assumed polynomial-time factoring algorithm. We check if all the prime factors with the odd exponent are congruent to 1 mod 4. Finally, we use Schoof s algorithm [Sch85] to express each prime divisor p 1 mod 4 as a sum of two squares. Since C C γ log(n) γ, this conduces the proof of Proposition.5. For Case, by Conjecture 1.1, there exists x C such that F (x) = t d 1 + t d for some t d 1, t d Z, where x C γ log(n) γ. Similarly, we find such x C γ log(n) γ in polynomial time. This conduces the proof of Proposition.5 if (d 1) u i < N q for every 1 i d 1. Otherwise, there exists 0 k d such that (d 1) u k > N q. By Lemma.6, x k (d 1)( 3 ) d

9 THE DIOPHANTINE EXPONENT OF THE Z/qZ POINTS OF S d S d 9 Since d is fixed, there are only a bounded number of choices for x k Z. Let x k = l for some l Z, where l (d 1)( 3 ) d Hence, d F (x) := N/q t 0 + lu k + x i u i. We write uniquely t 0 + lu k = u k,1 + u k,, where u k,1 = i k α iu i and u k, is orthogonal to i k Ru i. Hence, i k d F (x) = M w 0 + y i u i where M := (N/q u k, ), w 0 := i k s iu i, where s i 1/ and s i α i Z, and y i = x i + α i s i. Let i k d G l,k (y) := M w 0 + y i u i. Next, we use a similar argument as in the beginning of our proof. We assume that (d 1) u i < M for all i k, and proceed with the same argument on G l,k (y) as F (x). We either find a solution for the equation (.), or find another variable with bounded value. Since the dimension d is bounded this algorithm terminates in polynomial time in log(q). This completes the proof of Proposition.5. Finally, we give a proof of Theorem 1.5 Proof. Assume that ( h (log p q) i k 1 + η(a) + d + log C γ + γ log 5 log q log (q) Let B L := {u 0,..., u d } be the LLL-reduced basis that is introduced in the proof of Theorem 1.4. It follows from the proof of Theorem 1.4 that η(a) + Hence, for every 0 i d, we have ( h (log p q) Let N := p h, we have Assume that N q 5, then d log (q) log q(m(b L )). 1 + log q ( u i ) + d + log C γ + γ log 5 log q log (q) N q N q d u i C γ (log q 5 ) γ. d u i C γ (log N) γ. By the proof of Proposition.5, if follows that there exists an integral lift s S d (Z[1/p]) with H(s) = p h. Therefore, w p (a) d 1 d (1 + η(a)) + O d(log log(q)/ log(q)). This concludes the proof of Theorem 1.5. ). ).

10 10 M. W. HASSAN, Y. MAO, N. T. SARDARI, R. SMITH, X. ZHU 3. Numerical results We now give numerical evidence for Conjecture 1.1 by testing identity 1.4 for d = 4. Figure 1, shown in the introduction, was produced by choosing the three non-zero coordinates in S 4 (Z/qZ) randomly on a logarithmic scale. This was done specifically by first choosing an integer r randomly from 60 to 15 for each coordinate, then choosing an integral representative of the coordinate randomly from 0 to 10 r q. This was done 100 times for each of eight 130-digit primes listed below, and all points were included in the figure: q 1 = q = q 3 = q 4 = q 5 = q 6 = q 7 = q 8 = Generic Coordinates. There are several cases which are worthy of special consideration. The generic element of S (Z/qZ) has coordinates of size q, so we expect η(a) = 1/3 and w p (a) = 1 for most lattices. Figure shows that this is indeed the case, using the same primes and number of points as Figure 1. The coordinates are chosen between 0 and q on a linear, rather than logarithmic scale.

11 THE DIOPHANTINE EXPONENT OF THE Z/qZ POINTS OF S d S d 11 The horizontal lines observed on the small-scale are a result of H(a), and therefore w p (a), taking much more discrete values than η(a). Figure. Generic Coordinates 3.. Small Coordinates. When all coordinates are small, the lattice is quite high in the cusp, and therefore one expects η(a) = 1 and w p (a) = 3/, which is observed in Figure 3. Here all coordinates are chosen between 0 and q. Figure 3. Small Coordinates 3.3. Other Cusp Regions. One can explore additional cusp cases by fixing one or two coordinates and varying the rest on a logarithmic scale. Figures 4 and 5 show that identity 1.4 still holds in these two cases. The fixed coordinate is set to 1, and the other coordinates are chosen as in Figure 1. Note that in Figure 5, where only one coordinate is large, the lattices are relatively high in the cusp, but the corresponding points still adhere to the theoretical line.

12 1 M. W. HASSAN, Y. MAO, N. T. SARDARI, R. SMITH, X. ZHU Figure 4. One Coordinate Fixed Figure 5. Two Coordinates Fixed References [Bab86] L. Babai. On Lovász lattice reduction and the nearest lattice point problem. Combinatorica, 6(1):1 13, [BKS17] T.D. Browning, V. Vinay Kumaraswamy, and R.S. Steiner. Twisted linnik implies optimal covering exponent for s 3. International Mathematics Research Notices, page rnx116, 017. [HMS + 18] M. W. Hassan, Y. Mao, N. T. Sardari, R. Smith, and X. Zhu. 5 Squares Algorithm, August [Klo7] H. D. Kloosterman. On the representation of numbers in the form ax +by +cz +dt. Acta Math., 49(3-4): , 197. [Len83] H. W. Lenstra, Jr. Integer programming with a fixed number of variables. Math. Oper. Res., 8(4): , [LLL8] A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovász. Factoring polynomials with rational coefficients. Math. Ann., 61(4): , 198.

13 THE DIOPHANTINE EXPONENT OF THE Z/qZ POINTS OF S d S d 13 [LPS88] A. Lubotzky, R. Phillips, and P. Sarnak. Ramanujan graphs. Combinatorica, 8(3):61 77, [Mar88] G. A. Margulis. Explicit group-theoretic constructions of combinatorial schemes and their applications in the construction of expanders and concentrators. Problemy Peredachi Informatsii, 4(1):51 60, [PLQ08] Christophe Petit, Kristin Lauter, and Jean-Jacques Quisquater. Full Cryptanalysis of LPS and Morgenstern Hash Functions, pages Springer Berlin Heidelberg, Berlin, Heidelberg, 008. [PS18] Ori Parzanchevski and Peter Sarnak. Super-golden-gates for P U(). Adv. Math., 37: , 018. [RS16] Neil J. Ross and Peter Selinger. Optimal ancilla-free Clifford + T approximation of z-rotations. Quantum Inf. Comput., 16(11-1): , 016. [Sar15a] N. T Sardari. Optimal strong approximation for quadratic forms. ArXiv e-prints, October 015. [Sar15b] Peter Sarnak. Letter to Scott Aaronson and Andy Pollington on the Solovay- Kitaev Theorem, February https://publications.ias.edu/sarnak/paper/637. [Sar17a] N. T Sardari. Complexity of strong approximation on the sphere. ArXiv e-prints, March 017. [Sar17b] N. T. Sardari. Navigating LPS Ramanujan Graphs, March com/ntalebiz/navigating-lps-ramanujan-graphs. [Sar18] Naser T. Sardari. Diameter of ramanujan graphs and random cayley graphs. Combinatorica, Aug 018. [Sch85] René Schoof. Elliptic curves over finite fields and the computation of square roots mod p. Math. Comp., 44(170): , Department of Mathematics, UW-Madison, Madison, WI address: mwhassan@wisc.edu Department of Mathematics, UW-Madison, Madison, WI address: mao36@wisc.edu Department of Mathematics, UW-Madison, Madison, WI address: ntalebiz@math.wisc.edu Department of Mathematics, UW-Madison, Madison, WI address: rlsmithjr134@gmail.com Department of Mathematics, UW-Madison, Madison, WI address: xzhu74@wisc.edu

arxiv: v2 [math.nt] 5 Sep 2018

arxiv: v2 [math.nt] 5 Sep 2018 COMPLEXITY OF STRONG APPROXIMATION ON THE SPHERE arxiv:1703.02709v2 [math.nt] 5 Sep 2018 NASER T. SARDARI Abstract. By assuming some widely-believed arithmetic conjectures, we show that the task of accepting