Projection of Varieties and Elimination Ideals

Size: px

Start display at page:

Download "Projection of Varieties and Elimination Ideals"

Kerrie Barnett
5 years ago
Views:

Projection of Varieties and Elimination Ideals Applications: Word-Level Abstraction from Bit-Level Circuits, Combinational Verification, Reverse Engineering Functions from

1 Projection of Varieties and Elimination Ideals Applications: Word-Level Abstraction from Bit-Level Circuits, Combinational Verification, Reverse Engineering Functions from Circuits Priyank Kalla Associate Professor Electrical and Computer Engineering, University of Utah Nov 22, onwards

2 We will employ everything we have learnt so far... Hilbert s Nullstellensatz over F q Gröbner basis theory Efficient term ordering from circuits Canonical representations of circuits f : B k B k to f : F 2 k F 2 k And learn a new concept: Elimination ideals Apply these techniques to circuit analysis and verification P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 2 / 16

3 Polynomial Interpolation from Circuits Circuit: f : B k B k Model it as a polynomial function f : F 2 k F 2 k Interpolate a word-level polynomial from the circuit: Z = F(A) Obtain Z = F(A) as a unique, canonical, word-level, polynomial representation from the bit-level circuit Why do we want to do that? P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 3 / 16

4 Hierarchical Abstraction and Verification A B R 2 R 2 MM MM A R B R MM A B R MM "1" G = A B (mod P) Figure: Montgomery multiplier over GF(2 k ) Montgomery Multiply: F = A B R 1, R = α k P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 4 / 16

5 Projection of Variety Represent the polynomials of the circuit as ideal J (or J +J 0 ) Consider V Fq (J) Let x i denote the bit-level variables of the circuit: J F q [x i,z,a] Project V Fq (J) on Z,A, denoted by V Fq (J) Z,A Does this recover the function of the circuit? P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 5 / 16

6 Projection of a Variety P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 6 / 16

7 Projection on a circuit a circuit ideal J z internal variables V(J) = (a 0,x 0,z 0 ) (a 1,x 1,z 1 ) (a 2,x 2,z 2 ) Projection of V(J) on (a,z) : π x (V(J)) = V(J) a,z = (a 0,z 0 ) (a 1,z 1 ) (a 2,z 2 ) P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 7 / 16

8 Projection Map Definition Given variety V = V(f 1,...,f s ) = V(J) F n q. The l th projection map π l : F n q F n l q,π l ((c 1,...,c n )) = (c l+1,...,c n ) We may also denote π l by Proj[V(J)] l+1,...,n, or by V(J) l+1,...,n In some sense, we have eliminated the first l variables from the system This is related to elimination ideals and variable elimination P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 8 / 16

9 Elimination Ideals and Gröbner Bases Definition (Elimination Ideal) Given J = f 1,...,f s F q [x 1,...,x n ], the lth elimination ideal J l is the ideal of F q [x l+1,...,x n ] defined by J l = J F q [x l+1,...,x n ]. In other words, the l th elimination ideal does not contain variables x 1,...,x l, nor do the generators of it. Theorem (Elimination Theorem) Let J F q [x 1,...,x n ] be an ideal and let G be a Gröbner basis of J with respect to a lex ordering where x 1 > x 2 > > x n. Then for every 0 l n, the set G l = G F q [x l+1,...,x n ] is a Gröbner basis of the lth elimination ideal J l. P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 9 / 16

10 A Gröbner basis example [From Cox/Little/O Shea] Solve the system of equations over C: f 1 : x 2 y z 1 = 0 f 2 : x y 2 z 1 = 0 f 3 : x y z 2 1 = 0 G 1 = G C[y,z] = {g 2,g 3,g 4 } Gröbner basis G with lex term order x > y > z g 1 :x y z 2 1 = 0 g 2 :y 2 y z 2 z = 0 g 3 :2yz 2 z 4 z 2 = 0 g 4 :z 6 4z 4 4z 3 z 2 = 0 G 2 = G C[z] = {g 4 } G is triangular: solve g 4 for z, then g 2,g 3 for y, and then g 1 for x Solutions to z are 0,1, 1+ 2, 1 2 V(G) = {(1,0,0),(0,1,0),(0,0,1),( 1+ 2, 1+ 2, 1+ 2),( 1 2, 1 2, 1 2)} P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 10 / 16

11 Projection of Variety and Elimination Ideals Using elimination, obtain partial solution to V(I l ), then extend it to V(I), one variable at a time However, all partial solutions to V(I l ) may not lift to V(I) Example Consider f 1 : xy 1, f 2 : xz 1. Eliminate x, you get f 3 : y z. All points (a,a) are solutions to f 3. All points (1/a,a,a) extend to complete solutions, except (0, 0). Given J = f 1,...,f s F[x 1,...,x n ], π l (V(J)) V(J l ) In other words, Proj[V(J)] xl+1,...,xn V(J l ) Theorem (Over F q Elimination ideals give Projection exactly) Over Galois fields, F q, let J be any ideal, and J 0 be the ideal of vanishing polynomials. Let I = J +J 0. The projection of variety is equal to the variety of the elimination ideal. In other words, π l (V(I)) = V(I l ). P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 11 / 16

12 Abstraction from Circuits To obtain, Z = F(A): Denote x i as bit-level variables, A,Z as word-level variables Obtain J +J 0 from the circuits Compute Gröbner basis G with lex order with x i > Z > A G xi be the elimination ideal that eliminates x i Projection of variety onto Z,A is equal to V(G xi ), This recovers the function of the circuit Z = F(A) P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 12 / 16

13 Abstraction from Circuits G is computed with lex x i > Z > A There exists a polynomial A q A in G There exists a polynomial Z = F(A) in G Why? Can you prove it? Z = F(A) is the unique canonical representation of the circuit. Why? The rest is irrelevant for us P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 13 / 16

14 f 1 : z 0 +z 1 α+z; f 2 : b 0 +b 1 α+b; f 3 : a 0 +a 1 α+a; f 4 : s 0 +a 0 b 0 ; f 5 : s 1 +a 0 b 1 ; f 6 : s 2 +a 1 b 0 ; f 7 : s 3 +a 1 b 1 ; f 8 : r 0 +s 1 +s 2 ; f 9 : z 0 +s 0 +s 3 ; f 10 : z 1 +r 0 +s 3. Ideal J = f 1,...,f 10. Add J 0 and compute GB(J +J 0 ) with x i > Z > A > B, then G : g 1 : z 0 +z 1 α+z; g 2 : b 0 +b 1 α+b; g 3 : a 0 +a 1 α+a; g 4 : s 3 +r 0 +z 1 ;g 5 : s 1 +s 2 +r 0 ; g 6 : s 0 +s 3 +z 0 ; g 7 : Z +AB; g 8 : a 1 b 1 +a 1 B +b 1 A+z 1 ; g 9 : r 0 +a 1 b 1 +z 1 ; g 10 : s 2 +a 1 b 0 P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 14 / 16

15 Proof Outline Z = F(A) G is a canonical representation of the function implemented by the circuit. LEX order: x i > Z > A Specification polynomial is of the type f : Z F(A), i.e. lm(f) = Z, and Z > F(A) G = GB(J +J 0 ) = {g 1,...,g t }, so lm(g i ) Z There exists a g i = Z +G(A) Now show that F(A) = G(A) (mod A q A) P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 15 / 16

16 To Conclude Lex orders are elimination orders, but Deglex and DegRevLex are not elimination orders Computing GB with Lex orders is hard, gives very large output One can use block orders (I will give you a singular file with a block order) Projection of varieties can be solved exactly using Elimination ideals over Galois fields, not so over R,Q,C P. Kalla (Univ. of Utah) Elimination and Abstraction Nov 22, onwards 16 / 16

Galois Fields and Hardware Design

Galois Fields and Hardware Design Construction of Galois Fields, Basic Properties, Uniqueness, Containment, Closure, Polynomial Functions over Galois Fields Priyank Kalla Associate Professor Electrical