ALG 4.3. Hashing Polynomials and Algebraic Expressions: Main Goal of Lecture: Algorithms Professor John Reif

Transcription

1 Algorithms Professor John Reif ALG 4.3 Hashing Polynomials and Algebraic Expressions: (a) Identity Testing of Polynomials (b) Applications of Polynomial Hashing (c) Hashing Classes of Algebraic Expressions Reading Selection: Handout: Ibarra & Moran, "Probabilistic Algorithms for Deciding Equavalence of Straight-Line Programs", JACM, Vol. 30, No. 1, pp , Jan Main Goal of Lecture: Develop techniques for testing equality of Expressions Goals: test e 1 = e 2? by using test Ê ˆ hash Áe Ë 1 = hash Ë e? 2 (1) provable bounds on error probability (2) applicable to largest possible class of expressions Ê ˆ

2 Straight Line Program P: Input x 1,...,x n Definitions: polynomial expression: l or any variable, or integer, or a + b, a - b, a b,or a k, where a, b arepolynomial expressions,and k isa positiveinteger. sequence assignments-- length ( q ) assignments output x L where Ï Ô ÌÔ ÔÓ x n +1 x i 1 q 1 x j 1 x n +2 x i 2 q 2 x j 2 L = length ( P). allow operations q k Œ +, -,, ( ) denotes output value. P x 1,º,x n Ï Ì Ó.

3 Notes: (1) Given a polynomial expression a, can construct a straight-line program of size linear in input polynomial a. (2) A straight-line program ( ) P x 1,º,x n will yield a polynomial expression a P with integer coefficients where degree( a P ) 2 length ( P ) ( ) is a program over Q, ( ) 2 2length( P) can be If P x 1,º,x n P x,º,x 1 n proved by induction on length ( P). basis: true for case length induction step: if true for length ( ) k -1 and ( x 1, K, x k ) = 1( x1kxk) q k 2( x1kxk), 2 ( K 2 ). ( ) length then x1 x k Q.E.D. ( ) = 0

4 Let Q be an infinite field. Let P (x 1,º,x n ) be nonzero polynomial degree d. Lemma: If A Q sizek = A > d, then $ at least( k - d n ) elementsaœ A n s.t. Pa ( ) π 0. Proof: By induction on n Basis : If n =1, then P has d roots in Q. Induction: Suppose lemma holds for polynomials with less than n variables. Since P nonzero, ( ) s.t. P ( a 1,º,a,c n-1 ) π 0. $ a 1,º,a n-1,c So by induction hypothesis $ at least ( k- d) n-1 such a1,º, a n-1 ( ) ŒA n-1 s.t. ( ) π 0. But the Px ( n ) = ( ) is nonzero polynomial Pa 1,º, a n-1, c Pa 1,º, a n-1, x n with at least k- d elements in A s.t. P ( x n ) π 0. Lemma follows : Q.E.D.

5 This is the key Lemma used to justify hashing polynomials! If P x 1 º x n ( ) degree d in Q, Theorem: If k= A 2dn, and a is a random element of A n, then ( ) 1 2 Prob P( a) π 0 Proof: { ( ) = a:a ŒAn,P( a) π 0} Prob P( a) π 0 ( = k- d ) n k n = 1 - d k A n by Lemma ( ) n ( ) n since k 2dn È( ) 2n n Í 1-1 ÎÍ 2n e -1 2 since 1-1 2n ( ) 2n e -1 Lemma 2: If k is an integer s.t n k 2 n, and m is randomly chosen from 1, K, then Prob( k π 0modm) n for n >> 0. Proof: By the prime number theorem, the number of primes less than 2 2n 2n is at least 2 2n 4 for large n. But k has at most 2n2 n { n }, prime divisors. Hence, Prob( k π 0modm) # primes 2 2n which don t divide k ( ) 2n 2 2n- 2n2 2n 2 n 2 2n 1 4 n Q.E.D. Q.E.D. 1 2 since 2 e 1 2

6 Algorithm: Randomized Zero Testing Input: program p x 1, K, begin n = r + t A r = { 12,, K, 22 t } for i = 1, K, 8 begin ( ) length r n, d o x t choose random a choose random m if p( a) π 0mod m, then return "p π 0" end return "p = 0" end ŒA t n Œ{ 1, K, 2 2 } Theorem: Prob ( correct output) 1 2 Proof : If p 0, then algorithm always correct. Suppose p π 0. By Lemma1, Prob( p( a) π 0) 1 2. Also, if p( a) π 0, then Prob( p( a) π 0 mod m) 4n 1, so ( ) Prob p( a) π 0 mod m Prob correct output ( 4n ) = 1 ( 8n) 8n ( ) e n. Hence, Q.E.D.

7 Applications o f Polynomial Zero Testing (1) G i v e n n n matrices A, B, C problem: A B = C? (2) Given n degree Polynomials P ( x),p ( x),p ( x) problem: P ( x) P ( x) = P ( x)? Given: non integer matrices Theorem: ABC,, (3) G i v e n n b i t i n t egers x 1,x 2,x 3 problem: x 1 x 2 = x 3? (4) Given n n Matrix A, integer r problem: rank(a) = r? Can test A B = C? in time On 2 logn ( ) with success probability 1 - for a constant c. 1 n c, (5) Given graph G of n vertices problem: does G have perfect matching? ( Authentication systems (7) Testing equality of sets with element addition and deletion operations.

8 Given Polynomials: P 1 ( x) P 2 ( x), P 3 ( x) degree n. Proof: Let K = clog n. Choose k random vectors x r K r 1,, x k each of size n, from elements in - r r K s.t. ABxi Cx then output "A B π C" else output "A B = C" If $ i Œ{ 1,, k} ( ) π ( ) i { 11, } Note: if A B = C, then no errors ever! Else: if A B π C, "Œ{ i 1, K, k} A ( B x r r ) π Cx) r =Prob( Dx i π 0 ) where D = A B- C π since r at most 2 r n-1 out of 2 n vectors x have D x = 0 if D π 0. So, Prob A B x r r i Cxi for i 1, K, k -k -c 1-2 = 1- n. ( ( ) π Œ{ }) Theorem: Can test P 1 ( x) P 2 ( x) = P 3 ( x)? in expected 0( n) arithmetic steps. Proof : Fix error prob. eœ Ê 0, 1 ˆ Ë 2. Let k = È 1 e, w = 2 Èlog ( kn ) Choose random x 0 Œ-w { + 1, -w + 2,,0,,w - 1,w} if P 1 ( x 0 ) P 2 ( x 0 ) - P 3 ( x 0 ) π 0 else then return "P 1 ( x) P 2 ( x) π P 3 ( x)" "P 1 (x) P 2 (x) = P 3 (x)" Note: If P 1 P 2 = P 3, then never any error! If P 1 P 2 π P 3, then, since the polynomial Q P 1 P 2 - P 3 has degree 2n, fi error probability 2n 2w = n e Q. E. D. w

9 Application to Perfect Matching Let G = (V, E) be an undirected graph with vertex set V = {1,...,n}. A perfect matching of G is a set of n edges on E with no common endpoints. firandomized Algorithm for matching test: [1] Choose each x ij to be a random integer { } in 1, K, n c Define n x m matrix M [2] If determinate ( M) = 0 such M ij = ( ) Œ Ïxij if i, j E Ô Ì 1 if i= j Ô Ó 0 otherwise then return, "no perfect matching", else, return, "a perfect matching exists". Let x ij =- x be indeterminate variables. ji Can set c > a3 to get error < 1 n a. Lemma (Edmonds): G has perfect matching iff determinate ( M) π 0.

10 Strongly Universal Hash Functions (Wegman and Carter) Example: Let AB, be sets in some finite field Let H be a set of hash fns A Æ B Let H= class of polynomials degree n of one variable. Claim: H is strongly universaln. def: H is strongly universaln if then for i " a K 1 an ŒA " b K b Œ 1 n B H functions in H take a n B b = 1, K, n. i Æ i Proof: Given a 1, K, a n, b 1, K, b n $ exactly one polynomial degree n that interpolates through distinguished pairs a Æ b for all i = 1, K, n. i i Q.E.D.

11 Let Applications of Polynomial Hashing to Authentication System: M= possible message set T= authentication tags Application to Testing Set Equality Given: set elements A = { a 1,,a n } and sets S 1,,S m initially empty 1. public knows set functions H from M Æ T 2. sender / receiver share secret random f Œ H 3. sender sends message m in M with authentication tag f ( m) Operations: 1. add element a i to set S j 2. delete element a i from set S j 3. test equality S j1 = S j2? case: H = strongly universa 2 set fns M Æ T = polynomials degree < M Claim: unbreakable with prob 1-1 T Proof: If f random fn in H forger must pick correct fn f from H'= { hœg f ( m) = h( m) } and substitute m' for m s. t. f ( m' ) = f ( m), but, by definition of Implementation: Use set hash fn H, which is strongly universal n for each n. Each f ŒH maps from A to B. assume: B is group with operation and inverse Example: Analyze following implementation (Use variables V 1,,V m initially all fixed b 0 ŒB.) strongly universa 2 fns, only 1 T of fns in H' map Operatio: Implementatio: m' to f(m). Q.E.D. S j S j» { a i } V j V j f( a i ) S j S j - { a i } V j V j f( a i ) -1 test S j1 = S j2? test V j1 = V j2?

12 Hashing Algebraic Expressions (Gonnet, "Determining Equilibrium of Expressions in Random Polynomial Time", 1984 STOC) Generalizations: (1) complex arithmetic expressions Partial Results: (2) expressions with roots & rational components (3) expressions with exponents (4) expressions with trigonometric fns Hashing Complex Expressions Assume p prime > 2 2 Lemma: $i s.t. i =-1 mod p, iff p = 4k + 1 for some k. Proof: Since any prime p > 2 is odd so ( p -1) 2 is integer. Let a be generator of mult. group of Z p. Then a p-1 ( 1mod p and a p -1) 2-1mod p. ( p-1) 2 2 k Thus i a -1mod p if i = a where p k = ( -1) 4. Q.E.D. 2 Example: For p = 13, i =- 1,mod p for i = 5. Then: Can do equivalence testing of complex expressions in random polynomial time.

13 Expressions: Hashing Expressions with Constant Exponents in Finite Fields E E' allow E to have +,-, x, operations. (Compute E mod p.) requires E' only to have +,- operartions. (Compute E' mod p- 1.) Since multiplication group in Z p is a cyclic group with one less element than entire group Z p. Hashing Expressions with Trigonometric Functions (no provable method) Extensions: (Morton) Can extend construction to find e, p s.t. e ip =-1 for certain primes p. Open Problem: fi get a provable method for identity testing of trigonometric functions sin( x),cos( x), etc. Hashing Expressions with Square Roots Proposition: If p = 4nj +1 is prime >2, then j mod p is defined. Idea: Use equivalences ( ) 2i ( ) 2 sin( x) = e ix - e -ix cos( x) = e ix + e -ix