Fast integer multiplication

Transcription

1 Fast integer multiplication David Harvey, Joris van der Hoeven, Grégoire Lecerf CNRS, École polytechnique Bordeaux, February 2,

2 Fundamental complexities I(n): multiplication of two n-digit integers M K (n): multiplication of two polynomials in K[x] of degree <n r ω : multiplication of two r r matrices More involved operations Division in Z O(I(n)) GCD in Z O(I(n) logn) Division in K[X] O(M K (n)) GCD in K[X] O(M K (n) logn) Inverting an r r matrix O(r ω ) Multiplication of r r integer matrices (n r) O(I(n)r 2 ) Multiplication of r r integer matrices (r n) O(nr ω ) Roots of polynomial in C[X], precision p n O(I(np) logn) Exponentiation with n-bit precision O(I(n) log n) Stokes matrix of holonomic function over Qˆ O(r 2 I(n) log 3 n) Etc.

3 Computational models Turing machines Turing machines with a finite number of tapes [Papadimitriou 94] Other bit complexity models Operations on logn-bit numbers in time O(1) Random access machine (RAM) «Straight Line Programs» (SLPs) DAGs, non branching programs [Bürgisser Clausen Shokrollahi 97] Other algebraic complexity models Turing machines with entries in model-theoretic structures S [Friedman 69] BSS machines [Blum Shub Smale 89]

4 Integer multiplication, very short history Date Authors Complexity <3000 ajc Unknown O(n 2 ) 1962 Karatsuba O(n log3/log2 ) 1963 (1965) Toom (Cook) O(n2 5 logn/log2 ) 1966 Schönhage O(n2 2logn/log2 (logn) 3/2 ) 1969 Knuth O(n2 2logn/log2 logn) 1971 Schönhage Strassen O(n log n log log n) 2007 Fürer O ( n logn2 ) O(log n) 2014 Harvey vdh Lecerf O(n logn8 log n ) log x := min{k N: log k x 1}, log k := log k log.

5 Multiplication by evaluation-interpolation Kronecker = X X X X = Evaluation-interpolation P,Q K[X] Multiplication PQ Evaluation Interpolation P(x 0 ),...,P(x N 1 ) (PQ)(x 0 ),...,(PQ)(x N 1 ) Q(x 0 ),...,Q(x N 1 ) Point-wise multiplication

6 Discrete Fourier Transform (DFT) Definition ω K primitive N-th root of unity, with N 2 N DFT ω (P 0,...,P N 1 ) = (P(1),P(ω),P(ω 2 ),...,P(ω N 1 )) Corresponds to evaluating P =P 0 + +P N 1 X N 1 at x i =ω i Inverse transform Interpolation evaluation DFT ω 1 = 1 N DFT ω 1 Variants K=C b : complex DFT, complex fixed-point arithmetic with b-bit precision K=F p, modular DFT, with p prime number of the form k2 N ±1 [Pollard 71] K=L[Y]/ ( Y 2N ±1 ), synthetic DFT, à la Schönhage Strassen

7 Discrete Fourier Transform (II) N lgn Cost of one DFT : 1 2 N lgn butterflies O(N lgn) operations in K Complex DFT Modular DFT Synthetic DFT N n/lgn M K (1)=O(I(lgn)) I(n)=O(n lgni(lgn)+nlgn) N n/lgn M K (1)=O(I(lgn)) I(n)=O(n lgni(lgn)+nlgn) N n butterfly O( n ) I(n)=O(n lgn n+ n I( n))

8 Discrete Fourier Transform (II) N lgn Cost of one DFT : 1 2 N lgn butterflies O(N lgn) operations in K Complex DFT Modular DFT Synthetic DFT N n/lgn M K (1)=O(I(lgn)) I(n)=O(n lgni(lgn)+nlgn) N n/lgn M K (1)=O(I(lgn)) I(n)=O(n lgni(lgn)+nlgn) N n butterfly O( n ) I(n)=O(n lgn n+ n I( n))

9 Discrete Fourier Transform (II) N lgn Cost of one DFT : 1 2 N lgn butterflies O(N lgn) operations in K Complex DFT Modular DFT Synthetic DFT N n/lgn M K (1)=O(I(lgn)) I(n)=O(n lgni(lgn)+nlgn) N n/lgn M K (1)=O(I(lgn)) I(n)=O(n lgni(lgn)+nlgn) N n butterfly O( n ) I(n)=O(n lgn n+ n I( n))

10 Discrete Fourier Transform (II) N lgn Cost of one DFT : 1 2 N lgn butterflies O(N lgn) operations in K Complex DFT Modular DFT Synthetic DFT N n/lgn M K (1)=O(I(lgn)) I(n)=O(n lgni(lgn)+nlgn) N n/lgn M K (1)=O(I(lgn)) I(n)=O(n lgni(lgn)+nlgn) N n butterfly O( n ) I(n)=O(n lgn n+ n I( n))

11 Discrete Fourier Transform (II) N lgn Cost of one DFT : 1 2 N lgn butterflies O(N lgn) operations in K Complex DFT Modular DFT Synthetic DFT N n/lgn M K (1)=O(I(lgn)) I(n)=O(n lgn lg lgn lg lg lgn ) N n/lgn M K (1)=O(I(lgn)) I(n)=O(n lgn lg lgn lg lg lgn ) N n butterfly O( n ) I(n)=O(n lgn lg lgn)

12 Variants of Discrete Fourier Transform 1 1 Permutation Permutation Permutation i ω 2 ω i ω 2 ω

13 Variants of Discrete Fourier Transform Permutation + twiddle Permutation + twiddle Permutation + twiddle 1 1

14 Variants of Discrete Fourier Transform i i 1 1 Permutation + twiddle i 1 i 1

15 Giant butterflies R lgn N lgr lg lgn lgn Slightly cheating in picture: we should have used 16 butterflies on every line

16 Fast integer multiplication Fürer s algorithm Coefficients in R=C b [X]/(X R/2 +1) Existence of a principal N-th root of unity ω, with ω 2N/R =X Fast giant butterflies (size R lgr), but slow twiddling multiplications in R New algorithm (( N I(n) = O R I(n) n lgn = O(1)+O ) lgn lgr ( I(n) = n lgn2 O(log n) ) (brlgr) ) I(Rb) (Rb) lg(rb) Ordinary DFT, but accelerate the giant butterflies: DFT of size R lgr over C b Slower giant butterflies, but faster twiddling (( N +O R (R b lgn) Bluestein O(MCb [X](R)) ) ) lgn M Cb (R) lgr Kronecker O(I(Rb)) Ordinary DFT faster point-wise multiplication (application : integer matrices)

17 Cyclic convolutions DFTs Cyclic convolution DFT P,Q K[X]/(X n 1), n 2 N>, primitive n-th root of unity ω ((PQ) 0,...,(PQ) n 1 ) = DFT ω 1 (DFT ω (P 0,...,P n 1 ) DFT ω (Q 0,...,Q n 1 )) DFT Cyclic convolution [Bluestein 70] Assume η K given with η 2 =ω. f i :=η i2, g i :=η i2 f i+n =η (i+n)2 =η i2 +n 2 +2ni =η i2 ω( n 2 +i)n =f i, g i+n =g i Then ω ij =f i f j g i j, so for all a K n : n 1 â i = DFT ω (a) i = j=0 One recognizes a cyclic convolution n 1 a j ω ij =f i j=0 (a j f j )g i j

18 Complexity analysis Logarithmically slow function Function Φ:[x 0, ) R such that there exists a l N with (log l Φ exp l )(x) = logx+o(1) (x ). Examples: Φ(x)=logx, Φ(x)=log 2 x, Φ(x)=(logx) log logx log log x e2014log, Φ(x)=e Iterateurs [see also Écalle 92, Schmeling 01] Φ (Φ(x)) = Φ(x) 1 Φ (x) = min{k N:Φ k (x) σ}. Lemma. Φ logarithmically slow, Φ iterator of Φ. Then Φ (x) = log x+o(1) Lemma. Φ logarithmically slow. Constants K,B,L,l and function T such that ( T(x) K 1+ B ) log l T(Φ(x))+L. x Then T(x)=O(K log n ).

19 Complexity analysis Logarithmically slow function Function Φ:[x 0, ) R such that there exists a l N with (log l Φ exp l )(x) = logx+o(1) (x ). Examples: Φ(x)=logx, Φ(x)=log 2 x, Φ(x)=(logx) log logx log log x e2014log, Φ(x)=e Iterateurs [see also Écalle 92, Schmeling 01] Φ (Φ(x)) = Φ(x) 1 Φ (x) = min{k N:Φ k (x) σ}. Lemma. Φ logarithmically slow, Φ iterator of Φ. Then Φ (x) = log x+o(1) Lemma. Φ 1,...,Φ k logarithmically slow. Constants K,B,L,l,c 1 + +c k =1 and functiont such that ( T(x) K 1+ B ) log l (c 1 T(Φ 1 (x))+ +c k T(Φ k (x)))+l. x Then T(x)=O(K log n ).

20 Which approach yields the fastest algorithm? We now have several ways to show that What is the best K we can get? I(n) = O(n lgnk log n ). Fürer, after optimisation : K= 16 (?) We, after optimisation : K=8 Ingredients Multiplication in Z multiplication in (Z/(2 n 1) Z)[i]. One argument shared many times in recursive calls 2 DFTs instead of 3. Convolution of length N with b-bit coefficients output of size 2b+O(lgN). Taking b (lgn) 2 instead of b lgn improves the ratio (2b+O(lgN))/b. Increase R lgn R (lgn) lg lgn+o(1). Cost Bluestein Kronecker cost twiddling and other.

21 Can we do even better? Where does the cost come from? a) Factor 2 b) Factor 2 c) Factor 2 Kronecker segmentation (Z[i] C b [X], cutting into pieces of b bits) 2 direct and inverse DFT Kronecker substitution (C b [X]/(X R 1) Z/(2 2bR 1) Z) Fermat primes And if, if, if there were sufficiently many prime numbers of the form p=2 2k +1 (Optimized) Fürer approach for K=F p yields K=4 Unfortunately..., p= is the largest known prime number of this form Mersenne primes Conjecture 1. Let π m (x)={p x:p=2 q 1,p prime,q prime}. Then a<b, Crandall Fagin algorithm a log logx<π m (x)<blog logx Multiplication F p [i][x]/(x M 1) F p [i][x,y]/(x M 1,Y N 1), p p Conjecture 1 K=4

22 Multiplication in F q [X] and in K[X] Kronecker : M Fp (n)=o(i(n logp)) if logn=o(logp) Schönhage Strassen : M Fq (n)=o(n logn log lognm Fq (1)) if char F q >2 Schönhage : M Fq (n)=o(n lognlog logn M Fq (1)) for all q Cantor Kaltofen : for any K-algebra A, M alg A (n)=o(n lognlog logn) Kronecker : M Fp k(n) M Fp (kn), modulo O(knlogp) operations Theorem. We have, uniformly in p: M p (n) = O ( (n logp) log(n logp)8 log (nlog p) ) Theorem. Modulo plausable conjectures, we have, uniformly in p: M p (n) = O ( (n logp) log(n logp)4 log (nlog p) ) Theorem. Let A be an F p -algebra. Then M A alg (n) = O(n lg n 8 log n ), uniformly in A. Moreover, we only need O(n4 log n ) (non scalar) multiplications in A.

23 Proof elements 1. Multiplication in F p [X] multiplication in F p k[x] 2. k such that F p k[x] admits an N-th primitive root of unity ω, with N large and smooth

24 3. Write N =N 1 N r with N 1,...,N r under control and use Bluestein-Kronecker Pari] factor (2^60-1) %1 = Pari] factor (7^60-1) %2 =

25 Pari] factor (2^210-1) %3 =

26 Pari] factor (37^60-1) %4 =

27 Pari]