Computing over Z, Q, K[X]

Transcription

1 Computing over Z, Q, K[X] Clément PERNET M2-MIA Calcul Exact

2 Outline Introduction Chinese Remainder Theorem Rational reconstruction Problem Statement Algorithms Applications Dense CRT codes Extension to Cauchy Interpolation

3 Outline Introduction Chinese Remainder Theorem Rational reconstruction Problem Statement Algorithms Applications Dense CRT codes Extension to Cauchy Interpolation

4 Exact computations and arithmetic Domain of Computation Z, Q variable size Z p, GF(p k ) fixed size but specific arithmetic K[X] for K = Z p, Z... Key idea: change of representation

5 Deal with size of arithmetic: reduce to Z p Chinese Remainder Algorithm: Z Z m Z m1 Z mk x < m 1 m k Z (x 1 Z m1,..., x k Z mk ) p-adic Lifting: Z Z p k Z p x = x 0 + x 1 p +... x k p k < p k+1 Z p k (x 1 Z p,..., x k Z p ) Rational reconstruction: Q Zk Z p x = n d = x 0 + x 1 p +... x k p k [p k+1 ] (x 1 Z p,..., x k Z p )

6 Outline Introduction Chinese Remainder Theorem Rational reconstruction Problem Statement Algorithms Applications Dense CRT codes Extension to Cauchy Interpolation

7 Chinese remainder algorithm If m 1,..., m k pariwise relatively prime: Z/(m 1... m k )Z Z/m 1 Z Z/m k Z Computation of y = f (x) for f Z[X], x Z m begin Compute an upper bound β on f (x) ; Pick m 1,... m k, pairwise prime, s.t. m 1... m k > β; for i = 1... k do Compute y i = f (x mod m i ) mod m i Compute y = CRT(y 1,..., y k ) CRT : Z/m 1 Z Z/m k Z Z/(m 1... m k )Z (x 1,..., x k ) k i=1 x iπ i Y i mod Π Π = k i=1 m i where Π i = Π/m i Y i = Π 1 i mod m i

8 Chinese remainder algorithm If m 1,..., m k pariwise relatively prime: Z/(m 1... m k )Z Z/m 1 Z Z/m k Z Computation of y = f (x) for f Z[X], x Z m begin Compute an upper bound β on f (x) ; Pick m 1,... m k, pairwise prime, s.t. m 1... m k > β; for i = 1... k do Compute y i = f (x mod m i ) mod m i ; /* Evaluation */ Compute y = CRT(y 1,..., y k ); /* Interpolation */ CRT : Z/m 1 Z Z/m k Z Z/(m 1... m k )Z (x 1,..., x k ) k i=1 x iπ i Y i mod Π Π = k i=1 m i where Π i = Π/m i Y i = Π 1 i mod m i

9 Chinese remaindering and evaluation/interpolation Evaluate P in a Reduce P modulo X a

10 Chinese remaindering and evaluation/interpolation Evaluate P in a Reduce P modulo X a Polynomials Evaluation: P mod X a Evaluate P in a Interpolation: P = k i=1 y i j i(x a j) j i (a i a j )

11 Chinese remaindering and evaluation/interpolation Evaluate P in a Reduce P modulo X a Polynomials Evaluation: P mod X a Evaluate P in a Interpolation: P = k i=1 y i j i(x a j) j i (a i a j ) Integers N mod m Evaluate N in m N = k i=1 y i j i m j( j i m j) 1[m i]

12 Chinese remaindering and evaluation/interpolation Evaluate P in a Reduce P modulo X a Polynomials Evaluation: P mod X a Evaluate P in a Interpolation: P = k i=1 y i j i(x a j) j i (a i a j ) Integers N mod m Evaluate N in m N = k i=1 y i j i m j( j i m j) 1[m i] Analogy: complexities over Z over K[X] size of coefficients O ( log result T algebr. ) degree of polynomials O ( deg(result) T algebr. )

13 Chinese remaindering and evaluation/interpolation Evaluate P in a Reduce P modulo X a Polynomials Evaluation: P mod X a Evaluate P in a Interpolation: P = k i=1 y i j i(x a j) j i (a i a j ) Integers N mod m Evaluate N in m N = k i=1 y i j i m j( j i m j) 1[m i] Analogy: complexities over Z over K[X] size of coefficients O ( log result T algebr. ) det(n, A ) = O (n log A n ω ) degree of polynomials O ( deg(result) T algebr. ) det(n, d) = O (nd n ω )

14 Early termination Classic Chinese remaindering Deterministic bound β on the result Choice of the m i : such that m 1... m k > β

15 Early termination Classic Chinese remaindering Deterministic bound β on the result Choice of the m i : such that m 1... m k > β Early termination Probabilistic Monte Carlo For each new modulo m i : reconstruct yi = f (x) mod m 1 m i If yi == y i 1 terminated

16 Early termination Classic Chinese remaindering Deterministic bound β on the result Choice of the m i : such that m 1... m k > β Early termination Probabilistic Monte Carlo For each new modulo m i : reconstruct yi = f (x) mod m 1 m i If yi == y i 1 terminated Advantage: Adaptive number of moduli depending on the output value Interesting when pessimistic bound: sparse/structured matrices,... no bound available

17 Outline Introduction Chinese Remainder Theorem Rational reconstruction Problem Statement Algorithms Applications Dense CRT codes Extension to Cauchy Interpolation

18 Informally (Black-board)

19 Problem Statement Definition (Rational Reconstruction Problem) Let A K[X] of degree n, and B K[X] of degree < n. For a fixed k {1... n}, find (R, V) K[X] satisfying: gcd(v, A) = 1, deg(r) < k, deg(v) n k and R = VB mod A. A = X n : Padé Approximation A = n i=1 (X u i): Cauchy Interpolation

20 Rational Reconstruction Problem Existence of a solution: k + n k + 1 = n + 1 unknowns, for n equations Uniqueness: A divides R 1 V 1 B and R 2 V 2 B. Thus A divides R 1 V 2 R 2 V 1 = (R 1 V 1 B)V 2 (R 2 V 2 B)V 1 ) of degree < n.

21 Algorithm R = VB mod A VB + UA = R begin R 0 A; U 0 1; V 0 0; R 0 B; U 0 0; V 0 1; i 1; while deg R i k do (Q i, R i+1 ) QuoRem(R i 1, R i ); U i+1 U i 1 Q i U i ; V i+1 V i 1 Q i V i ; i i + 1; if gcd(a, V i ) = 1 then return (R i, V i ) else return 0

22 Outline Introduction Chinese Remainder Theorem Rational reconstruction Problem Statement Algorithms Applications Dense CRT codes Extension to Cauchy Interpolation

23 Dense interpolation with errors Problem : CRT with errors Given (y i, m i ) for i = 1... n, Find Y such that Y = y i mod m i on at least n e values. CRT codes [Mandelbaum] Based on Rational reconstruction

24 Mandelbaum algorithm over Z Chinese Remainder Theorem x Z x 1 x 2... x k where m 1 m k > x and x i = x mod m i i

25 Mandelbaum algorithm over Z Chinese Remainder Theorem x Z x 1 x 2... x k x k+1... x n where m 1 m n > x and x i = x mod m i i

26 Mandelbaum algorithm over Z Chinese Remainder Theorem x Z x 1 x 2... x k x k+1... x n where m 1 m n > x and x i = x mod m i i Definition { (n, k)-code: C = { x < m1... m (x 1,..., x n ) Z m1 Z mn s.t. x, k x i = x mod m i i }

27 Principle Property X C iff X < Π k. Π n = p 1 p n p 1 p 2... p k p k+1... p n Π k = p 1 p k Redundancy : r = n k

28 ABFT with Chinese remainder algorithm Input A Encoding A = (A 1,... A n) Computation Solution x < Π n x < Π k x = (r 1,..., r n) Correction x = (x 1,..., x n) Decoding

29 Properties of the code Error model: Error: E = X X Error support: I = {i 1... n, E 0 mod m i } Impact of the error: Π F = i I m i

30 Properties of the code Error model: Error: E = X X Error support: I = {i 1... n, E 0 mod m i } Impact of the error: Π F = i I m i Detects up to r errors: If X = X + E with X C, #I r, then X > Π k. Redundancy r = n k, distance: r + 1 can correct up to r 2 errors in theory More complicated in practice...

31 Correction i / I : E mod m i = 0 E is a multiple of Π V : E = ZΠ V = Z i/ I m i gcd(e, Π) = Π V Mandelbaum 78: rational reconstruction X = X E = X ZΠ v X Π = X Π Z Π F X Π Z Π F 1 2Π 2 F Z Π F = E X Π is a convergent of Π Rational reconstruction of X mod Π Extended Euclidean Algorithm interrupted

32 Correction capacity Mandelbaum 78: 1 symbol = 1 residue Polynomial time algorithm if e (n k) log m min log 2 log m max+log m min worst case: exponential (random perturbation) Goldreich Ron Sudan 99 weighted residues equivalent Guruswami Sahai Sudan 00 invariably polynomial time

33 Correction capacity Mandelbaum 78: 1 symbol = 1 residue Polynomial time algorithm if e (n k) log m min log 2 log m max+log m min worst case: exponential (random perturbation) Goldreich Ron Sudan 99 weighted residues equivalent Guruswami Sahai Sudan 00 invariably polynomial time Interpretation: Errors have variable weights depending on their impact Π F = i I m i Example: m 1 = 2, m 2 = 3, m 3 = error mod 2 or mod 3, can be corrected, not mod 101 limits to X < 2, where X < 17 is sufficient

34 Analogy with Reed Solomon Dornstetter 87 Berlekamp/Massey extended Euclidean Alg. Gao02 Reed-Solomon decoding by extended Euclidean Alg. Chinese Remaindering over K[X] m i = X a i Encoding = evaluation in a i Decoding = interpolation Correction = Extended Euclidean algorithm

35 Analogy with Reed Solomon Dornstetter 87 Berlekamp/Massey extended Euclidean Alg. Gao02 Reed-Solomon decoding by extended Euclidean Alg. Chinese Remaindering over K[X] m i = X a i Encoding = evaluation in a i Decoding = interpolation Correction = Extended Euclidean algorithm Generalization for m i of degrees > 1 Variable impact, depending on the degree of m i Necessary unification [Sudan 01,...]

36 Generalized point of view: amplitude code Over a Euclidean ring A with a Euclidean function ν, multiplicative and sub-additive, ie such that ν(ab) = ν(a)ν(b) ν(a + b) ν(a) + ν(b) eg. over Z: ν(x) = x over K[X]: ν(p) = 2 deg(p) Definition Error impact between x and y: Π F = i x y[m i ] m i Error amplitude: ν(π F )

37 Amplitude codes Distance : A A R + (x, y) i x y[m i ] log 2 ν (m i ) (x, y) = log 2 ν(π F )

38 Definition ((n, k) amplitude code) Given {m i } i m pairwise rel. prime, and κ R + The set C = {x A : ν(x) < κ}, n = log 2 i m m i, k = log 2 κ. is a (n,k) amplitude code.

39 Definition ((n, k) amplitude code) Given {m i } i m pairwise rel. prime, and κ R + The set C = {x A : ν(x) < κ}, n = log 2 i m m i, k = log 2 κ. is a (n,k) amplitude code. Property (Quasi MDS) (x, y) C (x, y) > n k 1 correction capacity = maximal amplitude of an error that can be corrected

40 Definition ((n, k) amplitude code) Given {m i } i m pairwise rel. prime, and κ R + The set C = {x A : ν(x) < κ}, n = log 2 i m m i, k = log 2 κ. is a (n,k) amplitude code. Property (Quasi MDS) (x, y) C, A = K[X] Singleton bound (x, y) n k + 1 correction capacity = maximal amplitude of an error that can be corrected

41 Advantages Generalization over any Euclidean ring Natural representation of the amount of information No need to sort moduli Finer correction capacities

42 Advantages Generalization over any Euclidean ring Natural representation of the amount of information No need to sort moduli Finer correction capacities Adaptive decoding: taking advantage of all the available redundancy Early termination: with no a priori knowledge of a bound on the result

43 Interpretation of Mandelbaum s algorithm Remark Rational reconstruction Partial Extended Euclidean Algorithm Property The Extended Euclidean Algorithm, applied to (Π, E) and to (X = X + E, Π), performs the same first iterations until r i < Π V. u i 1 Π + v i 1 E = Π v u i Π + v i E = 0 u i 1 Π + v i 1 X = r i 1 u i Π + v i X = r i v i X = r i

44 Amplitude decoding, with static correction capacity Amplitude based decoder over R Input: Π, X Input: τ R + τ < ν(π) 2 : bound on the maximal error amplitude Output: X R: corrected message s.t. ν(x)4τ 2 ν(π) begin u 0 = 1, v 0 = 0, r 0 = Π; u 1 = 0, v 1 = 1, r 1 = X ; i = 1; while (ν(r i ) > ν(π)/2τ) do Let r i 1 = q i r i + r i+1 be the Euclidean division of r i 1 by r i ; u i+1 = u i 1 q i u i ; v i+1 = v i 1 q i v i ; i = i + 1; return X = ri v i reaches the quasi-maximal correction capacity

45 Amplitude decoding, with static correction capacity Amplitude based decoder over R Input: Π, X Input: τ R + τ < ν(π) 2 : bound on the maximal error amplitude Output: X R: corrected message s.t. ν(x)4τ 2 ν(π) begin u 0 = 1, v 0 = 0, r 0 = Π; u 1 = 0, v 1 = 1, r 1 = X ; i = 1; while (ν(r i ) > ν(π)/2τ) do Let r i 1 = q i r i + r i+1 be the Euclidean division of r i 1 by r i ; u i+1 = u i 1 q i u i ; v i+1 = v i 1 q i v i ; i = i + 1; return X = ri v i reaches the quasi-maximal correction capacity requires an a priori knowledge of τ How to make the correction capacity adaptive?

46 Adaptive approach Multiple goals: With a fixed n, the correction capacity depends on a bound on ν(x) pessimistic estimate how to take advantage of all the available redundancy? redundancy effectively available X bound on v(x) redundancy being used

47 A first adaptive approach: divisibility check Termination criterion in the Extended Euclidean alg.: u i+1 Π + v i+1 E = 0 E = u i+1 Π/v i+1 test if v j divides Π check if X satisfies: ν(x) ν(π) 4ν(v j ) 2 But several candidates are possible discrimination by a post-condition on the result

48 A first adaptive approach: divisibility check Termination criterion in the Extended Euclidean alg.: u i+1 Π + v i+1 E = 0 E = u i+1 Π/v i+1 test if v j divides Π check if X satisfies: ν(x) ν(π) 4ν(v j ) 2 But several candidates are possible discrimination by a post-condition on the result Example x = 23 with 0 error x = 2 with 1 error m i x i 2 3 2

49 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix

50 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix

51 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix

52 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix X = r i /v i At the final iteration: ν(r i ) = ν(v i X) If necessary, a gap appears between r i 1 and r i.

53 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix 2 g X = r i /v i At the final iteration: ν(r i ) = ν(v i X) If necessary, a gap appears between r i 1 and r i. Introduce a blank 2 g in order to detect a gap > 2 g

54 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix 2 g X = r i /v i At the final iteration: ν(r i ) = ν(v i X) If necessary, a gap appears between r i 1 and r i. Introduce a blank 2 g in order to detect a gap > 2 g

55 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix 2 g X = r i /v i At the final iteration: ν(r i ) = ν(v i X) If necessary, a gap appears between r i 1 and r i. Introduce a blank 2 g in order to detect a gap > 2 g

56 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix 2 g X = r i /v i At the final iteration: ν(r i ) = ν(v i X) If necessary, a gap appears between r i 1 and r i. Introduce a blank 2 g in order to detect a gap > 2 g

57 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix 2 g X = r i /v i At the final iteration: ν(r i ) = ν(v i X) If necessary, a gap appears between r i 1 and r i. Introduce a blank 2 g in order to detect a gap > 2 g Property Loss of correction capacity: very small in practice Test of the divisibility for the remaining candidates Strongly reduces the number of divisibility tests

58 Experiments Size of the error g = 2 1/446 1/765 1/1118 2/1183 2/4165 1/7907 g = 3 1/244 1/414 1/576 2/1002 2/2164 1/4117 g = 5 1/53 1/97 1/153 2/262 1/575 1/1106 g = 10 1/1 1/3 1/9 1/14 1/26 1/35 g = 20 1/1 1/1 1/1 1/1 1/1 1/1 Table: Number of remaining candidates after the gap detection: c /d means d candidates with a gap > 2 g, and c of them passed the divisibility test. n 6001 (3000 moduli), κ 201 (100 moduli).

59 Experiments Divisibility Gap g=2 Gap g=5 Gap g=10 Threshold T= Time (s) Size of the errors Figure: Comparison for n (m = 1300 moduli of 20 bits), κ 6001 (300 moduli) and τ (about 500 moduli).

60 Experiments 5 Time (s) Gap g=5 Gap g=7 Gap g=10 Gap g=20 Threshold T= Size of the errors Figure: Comparison for n (m = moduli of 20 bits), κ (8500 moduli) and τ (500 moduli). Gap: Euclidean Algorithm down to the end overhead

61 Dense rational function interpolation with errors (Cauchy interpolation) y i = f (x i) g(x i ) Rational function interpolation: Pade approximant Find h K[X] s.t. h(x i ) = y i (interpolation) Find f, g s.t. hg = f mod (X x i ) (Pade approx)

62 Dense rational function interpolation with errors (Cauchy interpolation) y i = f (x i) g(x i ) Rational function interpolation: Pade approximant Find h K[X] s.t. h(x i ) = y i (interpolation) Find f, g s.t. hg = f mod (X x i ) (Pade approx) Introducing an error of impact Π F = i I (X x i): hgπ F = f Π F mod (X x i ) Property If n deg f + deg g + 2e, one can interpolate with at most e errors