Generic bivariate multi-point evaluation, interpolation and modular composition with precomputation
GGeneric Bivariate Multi-point Evaluation, Interpolation andModular Composition with Precomputation
Vincent Neiger
Univ. Limoges, CNRS, XLIM, UMR 7252
F-87000 Limoges, France
Johan Rosenkilde
Technical University of Denmark
Kgs. Lyngby, Denmark
Grigory Solomatov
Technical University of Denmark
Kgs. Lyngby, Denmark
ABSTRACT
Suppose K is a large enough field and P ⊂ K is a fixed, genericset of points which is available for precomputation. We introduce atechnique called reshaping which allows us to design quasi-linearalgorithms for both: computing the evaluations of an input polyno-mial f ∈ K [ x , y ] at all points of P ; and computing an interpolant f ∈ K [ x , y ] which takes prescribed values on P and satisfies aninput y -degree bound. Our genericity assumption is explicit andwe prove that it holds for most point sets over a large enough field.If P violates the assumption, our algorithms still work and theperformance degrades smoothly according to a distance from beinggeneric. To show that the reshaping technique may have an impacton other related problems, we apply it to modular composition:suppose generic polynomials M ∈ K [ x ] and A ∈ K [ x ] are availablefor precomputation, then given an input f ∈ K [ x , y ] we show howto compute f ( x , A ( x )) rem M ( x ) in quasi-linear time. KEYWORDS
Multi-point evaluation, interpolation, modular composition, bivari-ate polynomials, precomputation.
ACM Reference Format:
Vincent Neiger, Johan Rosenkilde, and Grigory Solomatov. 2020. GenericBivariate Multi-point Evaluation, Interpolation and Modular Compositionwith Precomputation. In
International Symposium on Symbolic and AlgebraicComputation (ISSAC ’20), July 20–23, 2020, Athens, Greece.
ACM, New York,NY, USA, 8 pages. https://doi.org/10.1145/3373207.3404032
Outline.
Let K be an effective field. We consider the three clas-sical problems for bivariate polynomials K [ x , y ] mentioned in thetitle. We assume a model where part of the input is given earlyas preinput which is available for heavier computation, and theprimary goal is to keep the complexity of the online phase , once theremaining part of the input is given, to a minimum. Multi-point evaluation (MPE): with preinput a point set P = {( α i , β i )} ni = ⊆ K and input f ∈ K [ x , y ] , compute (cid:0) f ( α i , β i ) (cid:1) ni = .We give two algorithms: the first requires pairwise distinct α i ’sand has online complexity ˜ O ( deg x f deg y f + n ) as long as P is balanced , a notion described below; the second accepts repeated x -coordinates with online complexity ˜ O ( deg x f ( deg x f + deg y f ) + n ) as long as a certain “shearing” of P is balanced. “ soft-O ” ignoreslogarithmic terms: O ( f ( n )( log f ( n )) c ) ⊂ ˜ O ( f ( n )) for any c ∈ Z ≥ . ISSAC ’20, July 20–23, 2020, Athens, Greece © 2020 Copyright held by the owner/author(s). Publication rights licensed to ACM.This is the author’s version of the work. It is posted here for your personal use. Notfor redistribution. The definitive Version of Record was published in
InternationalSymposium on Symbolic and Algebraic Computation (ISSAC ’20), July 20–23, 2020,Athens, Greece , https://doi.org/10.1145/3373207.3404032.
Interpolation: with preinput a point set P as before, and inputvalues γ ∈ K n , compute f ∈ K [ x , y ] such that (cid:0) f ( α i , β i ) (cid:1) ni = = γ ,satisfying some constraints on the monomial support. We give analgorithm which preinputs a degree bound d and outputs f suchthat deg y f < d and deg x f ∈ O ( n / d ) . The online complexity is˜ O ( n ) if P and a shearing of P are both balanced; d should exceedthe x -valency of P , i.e. the maximal number of y -coordinates forany given x -coordinate. Modular composition: with preinput M , A ∈ K [ x ] , we input f ∈ K [ x , y ] and compute f ( x , A ) rem M . Our algorithm has on-line complexity ˜ O ( deg x f deg y f + deg A + deg M ) , as long as thebivariate ideal ⟨ M , y − A ⟩ is balanced.We prove that if P ⊆ K is random of fixed cardinality n , and if | K | ≫ n log ( n ) then P is balanced with high probability. Similarly,if M is square-free and A is uniformly random of degree less thandeg M , then ⟨ M , y − A ⟩ is balanced with high probability. Our prooftechniques currently do not extend to proving that sheared pointsets are balanced. A few trials we conducted suggest that this mayoften be the case if the x -valency of P is not too high. The cost ofthe second MPE algorithm is not symmetric in the x - and y -degree,so whenever deg x f < deg y f one should consider transposingthe input, i.e. evaluating f ( y , x ) on {( β i , α i )} ni = . In this case, thebalancedness assumption is on the transposed point set.Our algorithms are deterministic, and once the preinput hasbeen processed, the user knows whether it is balanced and hencewhether the algorithms will perform well. Further, the performanceof our algorithms deteriorates smoothly with how “unbalanced”the preinput is, in the sense of certain polynomials, which dependonly on preinput, having sufficiently well behaved degrees. In atoolbox one might therefore apply our algorithms whenever thepreinput turns out to be sufficiently balanced and reverting to otheralgorithms on very unbalanced preinput.A typical use of precomputation is if we compute e.g. MPEs onthe same point set for many different polynomials. This occurs incoding theory, where bivariate MPE corresponds to the encodingstage of certain families of codes such as some Reed-Muller codes [1,Chap. 5] and some algebraic-geometric codes [14]: here P is fixedand communication consists of a long series of bivariate MPEs on P . In these applications, P is often not random but chosen carefully,and so our genericity assumptions might not apply. Techniques.
We introduce a tool we call reshaping for achievingthe following: given an ideal I ⊆ K [ x , y ] and f ∈ K [ x , y ] , computeˆ f ∈ f + I with smaller y -degree. For instance in MPE, we let Γ ⊂ K [ x , y ] be the ideal of polynomials which vanish on all thepoints P . Then all elements of f + Γ have the same evaluationson P , so we compute a ˆ f ∈ f + Γ of y -degree 0 (it exists if P hasdistinct x -coordinates), and then apply fast univariate MPE. a r X i v : . [ c s . S C ] J un SSAC ’20, July 20–23, 2020, Athens, Greece Vincent Neiger, Johan Rosenkilde, and Grigory Solomatov
An obvious idea to accomplish this iteratively is to find some д ∈ Γ of lower y -degree than f and whose leading y -term is 1, andthen compute ˜ f = f rem д . The problem is that the x -degree of ˜ f may now be as large as deg x f + ( deg y f − deg y д ) deg x д . Our ideais to seek polynomials д that we call reshapers , which have the form д = y d / − ˆ д , where deg y ˆ д < d / d = deg y f + d ). Writing f = f y d / + f with deg y f < d /
3, then ˜ f = f ˆ д + f is easy to compute, has y -degree less than 2 d /
3, and x -degree onlydeg x f + deg x д . Repeating such a reduction O ( log ( d )) times withreshapers of progressively smaller y -degree, we eventually reach y -degree 0.For efficiency, we therefore need the x -degrees of all these re-shapers д to be small. For MPE, stating that д ∈ Γ specifies n linearcontraints on the coefficients of ˆ д , so we look for д with about n monomials. Generically, since deg y ˆ д ≈ d /
3, one may expect to find д with deg x д ≈ n / d . Informally, P is balanced if all the reshapersneeded in the above process satisfy this degree constraint.Above, we assumed the point set has distinct x -coordinates. Tohandle repetitions, we shear the points by ( α , β ) (cid:55)→ ( α + θ β , β ) ,where θ generates an extension field of K of degree 2. The resultingpoint set has distinct x -coordinates. This replaces f ( x , y ) with f ( x − θy , y ) , and whenever deg x f < deg y f we stay within quasi-linearcomplexity if the sheared point set is balanced. Previous work.
Quasi-linear complexity has been achieved formultivariate MPE and interpolation on special point sets and mono-mial support: Pan [18] gave an algorithm on grids, and van derHoeven and Schost [26] (see also [5, Sec. 2]) generalised this tocertain types of subsets of grids, constraining both the points andthe monomial support. See [26] for references to earlier work oninterpolation, not achieving quasi-linear complexity.In classical univariate modular composition, we are given f , M , A in K [ x ] and seek f ( A ) rem M . Brent and Kung’s baby-step giant-step algorithm [2, 19] performs this operation in ˜ O ( n ( ω + )/ ) , where ω is the matrix multiplication exponent with best known bound ω < .
373 [13]. Nüsken and Ziegler [17] extended this to a bivariate f ,computing f ( x , A ) rem M in complexity O ( deg x f ( deg y f ) ( ω + )/ ) ,assuming that A and M have degree at most deg x f deg y f . Theyapplied this to solve MPE in the same cost; in this paper, we useessentially the same link between these problems. To the best ofour knowledge, this is currently the best known cost bound forthese problems, in the algebraic complexity model.In a breakthough, Kedlaya and Umans [11] achieved “almostlinear” time for modular composition and MPE, for specific types offields K and in the bit complexity model. For modular composition,the cost is O ( n + ϵ ) bit operations for any ϵ >
0, while for MPE it is O (( n + ( deg x f ) ) + ϵ ) , assuming deg y f < deg x f (the algorithmalso supports multivariate MPE). Unfortunately, these algorithmshave so far resisted attempts at a practical implementation [25].Our quasi-linear complexities improve upon the above results(including Kedlaya and Umans’ ones since quasi-linear comparesfavorably to almost linear); however we stress that none of the latterhave the two constraints of our work: allowing precomputation,and genericity assumption. For modular composition, precompu-tation on M was suggested in [24] to leverage its factorisation structure. Except for slight benefits of precomputation in Brent andKung’s modular composition (used in the Flint and NTL libraries[8, 22]), we are unaware of previous work focusing on the use ofprecomputation for MPE, Interpolation, and Modular Composition.Genericity has recently been used by Villard [27], who showedhow to efficiently compute the resultant of two generic bivariatepolynomials; a specific case computes, for given univariate M and A ,the characteristic polynomial of A in K [ x ]/⟨ M ⟩ , with direct links tothe modular composition f ( A ) rem M [27, 28]. This led to an ongo-ing work on achieving exponent ( ω + )/ ⟨ M , y − A ⟩ admits bases formed by m polynomials of y -degree < m and x -degree at most deg ( M )/ m , for a given parameter 2 ≤ m ≤ deg ( M ) .Such a basis is represented as an m × m matrix over K [ x ] with allentries of degree at most deg ( M )/ m , and one can then rely on fastunivariate polynomial matrix algorithms. In this paper, genericityserves a purpose similar to that in [15, 27]: it ensures the existenceof such bases for several parameters m , and also of the reshapers д mentioned above; besides we make use of these bases to precomputethese reshapers. Whereas an important contribution of [27] is theefficient computation of such bases, here they are only used to findreshapers in the precomputation stage and the speed of computingthem is not a main concern. Once the reshapers are known, ouralgorithms work without requiring any other genericity property. Organisation.
After some preliminaries in Section 2, we describethe reshaping strategy for an arbitrary ideal in Section 3. ThenSections 4 to 6 give algorithms for each of the three problems. Wediscuss precomputation in Section 7 and genericity in Section 8.
For complexity estimates, we use the algebraic RAM model andcount arithmetic operations in K . By M ( n ) we denote the cost ofmultiplying two univariate polynomials over K of degree at most n ;one may take M ( n ) ∈ O ( n log n log log n ) ⊂ ˜ O ( n ) [3]. Division withremainder in K [ x ] also costs O ( M ( n )) [30, Thm. 9.6]. When degreesof a polynomial, say f ∈ K [ x , y ] , appear in complexity estimates,we abuse notation and let deg x f denote max ( deg x f , ) .It is well-known that univariate interpolation and multi-pointevaluation can be done in quasi-linear time [30, Cor. 10.8 and 10.12]:given f ∈ K [ x ] and α , . . . , α n ∈ K , we may compute (cid:0) f ( α i ) (cid:1) ni = in time O ( M ( deg x f + n ) log n ) ⊆ ˜ O ( deg x f + n ) ; given α , . . . , α n and β , . . . , β n in K with the α i ’s pairwise distinct, we may com-pute the unique corresponding interpolant in time O ( M ( n ) log n ) ⊆ ˜ O ( n ) . We will also use the fact that two bivariate f , д ∈ K [ x , y ] can be multiplied in time O ( M ( d x d y )) ⊂ ˜ O ( d x d y ) , where d x = max ( deg x f , deg x д ) and d y = max ( deg y f , deg y д ) [30, Cor. 8.28].For a bivariate polynomial f = (cid:205) ki = f i ( x ) y i ∈ K [ x , y ] such that f k (cid:44)
0, we define its y -leading coefficient as LC y ( f ) = f k ∈ K [ x ] .For our genericity results, we will invoke the following staple:Lemma 2.1 (DeMillo-Lipton-Schwartz-Zippel [7, 21, 31]). Let f ∈ K [ x , . . . , x n ] be non-zero of total degree d , and T ⊆ K be finite.For α , . . . , α k ∈ T chosen independently and uniformly at random,the probability that f ( α , . . . , α k ) = is at most d /|T | . eneric Bivariate Multi-point Evaluation, Interpolation and Modular Composition with Precomputation ISSAC ’20, July 20–23, 2020, Athens, Greece For a point set
P ⊆ K , the x -valency of P , denoted by ν x (P) , isthe largest number of y -coordinates for any given x -coordinate, i.e. ν x (P) = max α ∈ K |{ β ∈ K | ( α , β ) ∈ P}| . When ν x (P) =
1, the x -coordinates of P are pairwise distinct.The vanishing ideal of P is the bivariate ideal Γ (P) = { f ∈ K [ x , y ] | f ( α , β ) = ( α , β ) ∈ P} , Hereafter, ≺ lex stands for the lexicographic order on K [ x , y ] with x ≺ lex y , and LT lex ( f ) is the ≺ lex -leading term of f ∈ K [ x , y ] . Thefollowing is folklore and follows e.g. from [12] and [6, Thm. 3].Lemma 2.2. Let
P ⊂ K be a point set of cardinality n and let G = { д , . . . , д s } be the reduced ≺ lex -Gröbner basis of Γ (P) , orderedby ≺ lex . Then д ∈ K [ x ] , and д s is y -monic with deg y д s = ν x (P) . We first describe our algorithm Reshape which takes f ∈ K [ x , y ] and an ideal I and finds ˆ f ∈ f + I whose y -degree is below sometarget. This will pass through several intermediate elements of f + I of progressively smaller y -degree. This sequence of y -degrees hasthe following form: Definition 3.1.
We say η = ( η i ) ki = ∈ Z k + > is a ( η , η k ) - reshapingsequence if η i − > η i ≥ ⌊ η i − ⌋ for i = , . . . , k . For I ⊆ K [ x , y ] anideal and η = ( η i ) ki = a reshaping sequence, we say д = ( д i ) ki = ∈ I k is an η -reshaper for I if д i = y η i + ˆ д i where deg y ˆ д i ≤ η i − η i − ,for each i = , . . . , k .Our algorithms are faster with short reshaping sequences, so weshould choose η i ≈ η i − , and hence 2 η i − η i − ≈ η i . It is easy tosee that for any a , b ∈ Z > , there is an ( a , b ) -reshaping sequence oflength less than log / ( a ) +
2. Observe that for any ( a , b ) -reshapingsequence we have η i ≥ ( η i − − ) for i = , . . . , k and therefore2 η i − η i − ≥ η i − − ≥ η i − . (1)By considering the cases η i ≥ η i = ,
2, we get 2 η i − η i − ≥ Algorithm 1 is correct and has complexity ˜ O ( (cid:205) ki = i η i ( deg x f + (cid:205) ij = i deg x д j ))⊆ ˜ O ( k deg y f deg x f + k (cid:205) ki = i η i deg x д i ) , for the smallest i such that η i ≤ deg y f . Proof. Let ˆ f i , ˆ f i , , ˆ f i , be the values of ˆ f , ˆ f , ˆ f at the end ofiteration i . First, the iterations for i < i perform no operation andkeep ˆ f i = f , since η i > deg y ˆ f i − implies ˆ f i , = f i = ˆ f i − .In particular, if η i > deg y f for all i then the algorithm is correctand returns f without using any arithmetic operation. Now for i ≥ i , observe that ˆ f i = ˆ f i , ˆ д i + ˆ f i , = ˆ f i − − ˆ f i , д i ; thus in theend ˆ f ∈ f + I since each д i belongs to I . We show the followingloop invariants, which imply the degree bounds on the output:deg x ˆ f i ≤ deg x f + (cid:205) ij = i deg x д j , and deg y ˆ f i < η i .Both are true for i = i − i = x -degree, ˆ f i = ˆ f i − − ˆ f i , д i yields deg x ˆ f i ≤ deg x ˆ f i − + deg x д i ,and the loop invariant follows. For the y -degree, by construction Algorithm 1
Reshape ( f , η , д ) Input:
A bivariate polynomial f ∈ K [ x , y ] ; a reshaping se-quence η = ( η i ) ki = ∈ Z k + > with deg y f < η ; an η -reshaper д = ( д i ) ki = ∈ I k for some ideal I ⊆ K [ x , y ] . Output: a polynomial ˆ f ∈ f + I such that deg y ˆ f < η k anddeg x ˆ f ≤ deg x f + (cid:205) ki = deg x д i . ˆ f ← f for i = , . . . , k do Write д i = y η i + ˆ д i where deg y ˆ д i ≤ η i − η i − Write ˆ f = ˆ f y η i + ˆ f where deg y ˆ f < η i ˆ f ← ˆ f ˆ д i + ˆ f ▷ equivalent to ˆ f ← ˆ f − ˆ f д i return ˆ f deg y ˆ f i , < η i and deg y ˆ f i , ≤ deg y ˆ f i − − η i hold; the assumptiondeg y ˆ f i − < η i − then gives deg y ˆ f i , ˆ д i < η i , hence deg y ˆ f i < η i .For complexity, the only costly step is at Line 5 and for iterations i ≥ i . From the above bound deg y ˆ f i , ˆ д i < η i , multiplying ˆ f i , and ˆ д i costs O ( M (( deg x ˆ f i , + deg x ˆ д i ) η i )) . Since deg x ˆ д i = deg x д i ,since both ˆ f i , and ˆ f i , have x -degree at most deg x ˆ f i − , and sincedeg y ˆ f i , < η i , the total cost of the i th iteration is in˜ O (( deg x ˆ f i − + deg x ˆ д i ) η i ) ⊆ ˜ O (( deg x f + (cid:205) ij = i deg x д j ) η i ) . Summing over all iterations, we get the first complexity bound inthe theorem; the second one follows from it, using the fact thatdeg y f ≥ η i > η i + > . . . > η k and i ≥ □ We now define the balancedness of a point set. In Section 8 weprove that this notion captures the expected x -degree of reshapers. Definition 3.3.
Let
P ⊆ K be a point set of cardinality n , andlet η = ( η i ) ki = be a reshaping sequence. Then P is η -balanced ifthere exists an η -reshaper д = ( д i ) ki = ∈ K [ x , y ] k for Γ (P) suchthat deg x д i ≤ ⌊ n η i − η i − + ⌋ + i = , . . . , k .The next bound is often used below for deriving complexityestimates; it follows directly from Eq. (1).Lemma 3.4. Let η = ( η i ) ki = be a reshaping sequence, P ⊆ K bean η -balanced point set of cardinality n , and д = ( д i ) ki = be an η -reshaper for Γ (P) . Then (cid:205) ki = i η i deg x д i ≤ ( n + η i ) k for ≤ i ≤ k . We conclude this section with two results about the existence of η -reshapers for vanishing ideals of point sets.Lemma 3.5. Let
P ⊆ K be a point set and η = ( η i ) ki = a reshapingsequence. If ν x (P) ≤ min ≤ i ≤ k ( η i − η i − + ) , then there exists an η -reshaper д ∈ K [ x , y ] k for Γ (P) . Proof. By Lemma 2.2, the reduced ≺ lex -Gröbner basis G of Γ (P) contains a polynomial with ≺ lex -leading term y ν x (P) . Thusdeg y y η rem G < ν x (P) for any η , and setting д i = y η i −( y η i rem G ) yields an η -reshaper as long as ν x (P) ≤ η i − η i − + i . □ Corollary 3.6.
Let
P ⊆ K be a point set of cardinality n and a , b ∈ Z > with n > a > b ≥ ν x (P) . Then there is an ( a , b ) -reshapingsequence η which satisfies the condition of Lemma 3.5 and has length k ≤ log / ( a ) + ∈ O ( log ( a )) . SSAC ’20, July 20–23, 2020, Athens, Greece Vincent Neiger, Johan Rosenkilde, and Grigory Solomatov
Proof. Let v = ν x (P) − η ′ = ( η ′ , . . . , η ′ k ) be any ( a − v , b − v ) -reshaping sequence with k ≤ log / ( a − v ) +
1. Nowlet η = ( η , . . . , η k ) be defined by η i = η ′ i + v for i = , . . . , k . Then, η is an ( a , b ) -reshaping sequence. Indeed, clearly the endpoints arecorrect and η i − > η i for i = , . . . , k ; moreover, η i = η ′ i + v ≥ ⌊ η ′ i − ⌋ + v = ⌊ η i − + v ⌋ ≥ ⌊ η i − ⌋ . To conclude, we use 2 η ′ i − η ′ i − ≥ η i − η i − + = η ′ i − η ′ i − + v + ≥ v + = ν x (P) . □ In this section we use reshaping for MPE with precomputation; i.e.given a point set
P ⊂ K upon which we are allowed to performprecomputation, and a polynomial f ∈ K [ x , y ] which is assumed tobe received at online time, compute f ( P ) for all P ∈ P . Algorithm 2deals with the case ν x (P) =
1, which we reduce to an instance ofunivariate MPE using Reshape. The cost of Algorithm 2 followsdirectly from Theorem 3.2 and Lemma 3.4.
Algorithm 2
MPE-DistinctX d , η , P ( f ) Preinput: d ∈ Z > ; a ( d , ) -reshaping sequence η ; a point set P = {( α i , β i )} ni = ⊂ K with the α i ’s pairwise distinct. Precomputation: a: д ← η -reshaper for Γ (P) Input: f ∈ K [ x , y ] with deg y f < d . Output: (cid:0) f ( α , β ) , . . . , f ( α n , β n ) (cid:1) ∈ K n . ˆ f ← Reshape ( f , η , д ) ∈ K [ x ] return (cid:0) ˆ f ( α ) , . . . , ˆ f ( α n ) (cid:1) ∈ K n ▷ univariate MPE Theorem 4.1.
Algorithm 2 is correct. If P is η -balanced and η haslength in O ( log ( n )) , the complexity is ˜ O ( deg x f deg y f + n ) . Algorithm 2 can easily be extended to the case where ν x (P) > P into ν x (P) many subsets, each having x -valencyone. This approach also has quasi-linear complexity in the inputsize as long as ν x (P) ≪ n , or more precisely if nν x (P) ∈ ˜ O ( n ) .When ν x (P) is large, this strategy is costly, and we proceedinstead by shearing the point set, as proposed by Nüsken and Ziegler[17], so that the resulting point set has distinct x -coordinates: bytaking θ ∈ L \ K , where L is an extension field of K of degree 2,we apply the map ( α , β ) (cid:55)→ ( α + θ β , β ) to each element of P . Theproblem then reduces to evaluating ¯ f = f ( x − θy , y ) at the shearedpoints. To compute ¯ f , [17] provides an algorithm with complexity O ( M ( d x ( d x + d y )) log ( d x )) using a univariate Taylor shift of f seenas a polynomial in x over the ring L [ y ] . Algorithm 3 describes analgorithm for this task which improves the cost on the logarithmiclevel, by using Taylor shifts of the homogeneous components of f . Algorithm 3
ShearPoly ( f , a , b ) Input: f = (cid:205) d x i = (cid:205) d y j = f i , j x i y j ∈ L [ x , y ] ; a ∈ L and b ∈ L . Output: f ( ax + by , y ) . for t = , . . . , d x + d y do h t ← (cid:205) min ( t , d x ) i = max ( , t − d y ) f i , t − i z i ∈ L [ z ] s t ← h t ( az + b ) ▷ Taylor shift return (cid:205) d x + d y t = y t s t ( x / y ) Theorem 4.2.
Algorithm 3 correctly computes f ( ax + by , y ) , whichhas x -degree at most d x and y -degree at most d x + d y , at a cost of O (( d x + d y ) M ( d x ) log ( d x )) ⊂ ˜ O ( d x ( d x + d y )) operations in L . Proof. Observe that y t h t ( x / y ) is the homogeneous componentof f of degree t , and in particular f = (cid:205) d x + d y t = y t h t ( x / y ) . Thus f ( ax + by , y ) = (cid:205) d x + d y t = y t h t (cid:16) ax + byy (cid:17) = (cid:205) d x + d y t = y t s t ( x / y ) , hence the correctness. The degree bounds on the output are straight-forward. As for complexity, only Line 3 uses arithmetic operations.First, scaling h t ( z ) (cid:55)→ h t ( az ) costs O ( d x ) operations in L , sincedeg h t ≤ d x ; then the Taylor shift h t ( az ) (cid:55)→ h t ( az + b ) costs O ( M ( d x ) log ( d x )) operations in L according to [29, Fact 2.1(iv)].Summing over the d x + d y iterations yields the claimed bound. □ This leads to Algorithm 4, where P may have repeated α i ’s. Algorithm 4
MPE-Shear d , η , P ( f ) Preinput: an integer d ∈ Z > ; a ( d , ) -reshaping sequence η ;a point set P = {( α i , β i )} ni = ⊂ K . Precomputation: a: ( L , θ ) ← degree 2 extension of K , element θ ∈ L \ K b: ¯ P ← {( α i + θ β i , β i )} ni = ⊂ L c: Do the precomputation of MPE-DistinctX d , η , ¯ P Input: f ∈ K [ x , y ] with deg x f + deg y f < d . Output: (cid:0) f ( α , β ) , . . . , f ( α n , β n ) (cid:1) ∈ K n . ¯ f ← ShearPoly ( f , , − θ ) ▷ ¯ f = f ( x − θy , y ) return MPE-DistinctX d , η , ¯ P ( ¯ f ) Theorem 4.3.
Algorithm 4 is correct. If ¯ P is η -balanced and η haslength in O ( log ( n )) , its complexity is ˜ O ( deg x f ( deg x f + deg y f ) + n ) . In this section we use reshaping for the interpolation problem ina similar setting: we input a point set P for precomputation, andinput interpolation values at online time. When P is appropriatelybalanced, we solve the interpolation problem in quasi-linear time(see Algorithm 5). The strategy is to first shear the point set to haveunique y -coordinates and compute u ∈ L [ y ] which interpolatesthe values on the sheared y -coordinates. Then we reshape this into r ∈ L [ x , y ] with x - and y -degrees roughly √ n . Shearing back thispolynomial to interpolate the original point set is now in quasi-linear time; a last reshaping allows us to meet the target y -degree.Theorem 5.1. Algorithm 5 is correct and has complexity ˜ O (cid:18) k n + k (cid:16) √ n + k (cid:205) j = deg x д , j (cid:17) + (cid:205) ℓ = k ℓ k ℓ (cid:205) j = η ℓ, k deg x д ℓ, j (cid:19) . If ¯ P is η -balanced and P is η -balanced, and both η and η havelength in O ( log n ) , then the complexity is ˜ O ( n ) . Proof. First note that a reshaping sequence of length O ( log n ) and satisfying the preinput constraints exists, due to Corollary 3.6and the assumption d ≥ ν x (P) . For correctness, observe that allpoints in ¯ P have pairwise distinct y -coordinates, so computing u makes sense. Viewing u as an element of L [ x , y ] with deg x u =
0, we eneric Bivariate Multi-point Evaluation, Interpolation and Modular Composition with Precomputation ISSAC ’20, July 20–23, 2020, Athens, Greece
Algorithm 5
Interpolate d , η , P ( γ ) Preinput: an integer d ∈ Z > ; an ( n , d ) -reshaping sequence η = ( η i ) ki = such that η k = ⌊√ n ⌋ for some k ; a point set P = {( α i , β i )} ni = ⊆ K such that ν x (P) ≤ d ≤ ⌊√ n ⌋ + ν x (P) ≤ min ≤ i ≤ k ( η i − η i − + ) . Precomputation: a: η ← ( η i ) k i = and η ← ( η i ) ki = k b: ( L , θ ) ← (cid:40) ( K , ) if ν y (P) = K , θ ∈ L \ K otherwise c: ¯ P ← {( α i , ¯ β i )} ni = , where ¯ β i = θα i + β i d: д ← η -reshaper for ¯ P e: д ← η -reshaper for P Input:
Interpolation values γ = ( γ i ) ni = ∈ K n . Output: f ∈ K [ x , y ] satisfying f ( α i , β i ) = γ i for i = , . . . , n ,deg y f < d and deg x f ≤ ⌊√ n ⌋ + (cid:205) д ∈ д ∪ д deg x д . u ∈ L [ y ] with deg u < n and u ( ¯ β i ) = γ i for i = , . . . , n r ← Reshape ( u , η , д ) ∈ L [ x , y ] s ← r ( x , θx + y ) ▷ using ShearPoly Write s = s + θs , where s , s ∈ K [ x , y ] return Reshape ( s , η , д ) ∈ K [ x , y ] have u ( α i , ¯ β i ) = γ i . By Theorem 3.2 then r has the same evaluationsand deg y r < ⌊√ n ⌋ and deg x r ≤ (cid:205) k i = deg x д , i .Then, in both cases ν y (P) = ν y (P) >
1, we have γ i = r ( α i , ¯ β i ) = s ( α i , β i ) = s ( α i , β i ) + θs ( α i , β i ) for i = , . . . , n . Since s , s ∈ K [ x , y ] and all γ i ’s are in K , we get s ( α i , β i ) = s ( α i , β i ) = γ i for i = , . . . , n . We also then havethat deg y s ≤ deg y s < ⌊√ n ⌋ anddeg x s ≤ deg x s ≤ deg y r + deg x r ≤ ⌊√ n ⌋ + (cid:205) k j = deg x д , j . Thus, by Theorem 3.2 again, the output f is such that f ( α i , β i ) = γ i for i = , . . . , n , and deg y f < d , anddeg x f ≤ ⌊√ n ⌋ + (cid:205) k j = deg x д , j + (cid:205) k j = deg x д , j . The complexity bound gathers the calls to Algorithms 1 and 3, andthe relaxed cost assuming balancedness is due to Lemma 3.4. □ We now turn to the following modular composition problem: given M , A ∈ K [ x ] with n : = deg x M > deg x A , and f ∈ K [ x , y ] , compute f ( x , A ( x )) rem M ( x ) ∈ K [ x ] . (2)We consider the variant of the problem where M and A are availablefor precomputation. Computing (2) is tantamount to computing theunique element of ( f + I ) ∩ K [ x ] of degree less than n , for the ideal I = ⟨ M , y − A ⟩ ⊆ K [ x , y ] . One can thus see this as a reshaping task:given f of some y -degree, reshape it to a polynomial of y -degree 0while keeping it fixed modulo I : this is formalised as Algorithm 6.Like for point sets above, if η = ( η i ) ki = is a reshaping sequence,we say that I = ⟨ M , y − A ⟩ is η -balanced if there exists an η -reshaper д = ( д i ) ki = for I such that deg x д i ≤ ⌊ n η i − η i − + ⌋ + Algorithm 6 is correct. If ⟨ M , y − A ⟩ is η -balancedand η has length in O ( log ( n )) , the complexity is ˜ O ( deg x f deg y f + n ) . Algorithm 6
ModComp d , η , M , A ( f ) Preinput: d ∈ Z > ; a ( d , ) -reshaping sequence η ; polynomials M , A ∈ K [ x ] with n : = deg x M > deg x A . Precomputation: a: д ← η -reshaper for ⟨ M , y − A ⟩ Input: f ∈ K [ x , y ] with deg y f < d . Output: f ( x , A ) rem M ∈ K [ x ] . ˆ f ← Reshape ( f , η , д ) ∈ K [ x ] return ˆ f rem M ▷ univariate division with remainder Here we describe Algorithm 7 for precomputing reshapers for anyzero-dimensional ideal I ⊆ K [ x , y ] , given a ≺ lex -Gröbner basis of I .It operates through the K [ x ] -module I δ : = { f ∈ I | deg y f < δ } ,so we first expound the relation between this and I as a corollaryof Lazard’s structure theorem on bivariate ≺ lex -Gröbner bases [12].Corollary 7.1. Let G = { b , . . . , b s } ⊂ K [ x , y ] be a minimal ≺ lex -Gröbner basis defining an ideal I = ⟨ G ⟩ . For δ ∈ Z > , let I δ = { f ∈ I | deg y f < δ } , let ˆ s = max { i | deg y b i < δ , ≤ i ≤ s } ,let d i = deg y b i for ≤ i ≤ ˆ s and d ˆ s + = δ . Then I δ is a K [ x ] -submodule of K [ x , y ] deg y < δ which is free of rank δ − d and admitsthe basis { y j b i | ≤ j < d i + − d i , ≤ i ≤ ˆ s } . A proof is given in appendix. We will use the following K [ x ] -module isomorphism which converts between bivariate polynomi-als of bounded y -degree and vectors over K [ x ] : for any δ ∈ Z > , ϕ δ : f = (cid:205) δ − j = f j ( x ) y j ∈ K [ x , y ] (cid:55)→ [ f , . . . , f δ − ] ∈ K [ x ] × δ . If I is zero-dimensional then in Corollary 7.1 we have d = I δ has rank δ . Any basis B of I δ can be represented as anonsingular matrix M B ∈ K [ x ] δ × δ whose rows are ϕ δ ( B ) . Then,∆ ( I δ ) : = deg det ( M B ) does not depend on the choice of B since allbases of I δ have the same determinant up to scalar multiplication.In this section, we use the Popov form [20], which can be definedfor any matrix and with “shifts”; here we only need the unshifted,nonsingular square case.
Definition 7.2.
For any row vector v ∈ K [ x ] × δ its row degree denoted deg v is the maximal degree among its entries. The pivot of v is the rightmost entry of v with degree deg v . A nonsingularmatrix P = [ p ij ] ∈ K [ x ] δ × δ is in Popov form if p ii is the pivot ofthe i th row, is monic, and deg p ii > deg p ji for any j (cid:44) i .For a (free) K [ x ] -submodule M ⊂ K [ x ] × δ of rank δ , we identifya basis of M as the rows of a nonsingular matrix in K [ x ] δ × δ . Anysuch M has a unique basis P ∈ K [ x ] δ × δ in Popov form, whichwe call the Popov basis of M . It has minimal row degrees in thefollowing sense: if N ∈ K [ x ] δ × δ is another basis of M , there is abijection ψ from the rows of P to the rows of N such that deg p ≤ deg ψ ( p ) for any row p of P . The Popov basis satisfies ∆ (M) = ∆ ( P ) = | cdeg ( P )| , using the following notation: the sum of theentries of a tuple t ∈ Z δ ≥ is denoted | t | ; the column degree of amatrix B ∈ K [ x ] δ × δ is cdeg ( B ) = ( d i ) δi = ∈ Z δ ≥ , with d i the largestdegree in the i th column of B (for a zero column, d i = SSAC ’20, July 20–23, 2020, Athens, Greece Vincent Neiger, Johan Rosenkilde, and Grigory Solomatov
Proposition 7.3 ([16]).
There is an algorithm which inputs anonsingular matrix B ∈ K [ x ] δ × δ and outputs the Popov basis ofthe K [ x ] -row space of B using ˜ O ( δ ω − | cdeg ( B )|) operations in K ,assuming that δ ∈ O (| cdeg ( B )|) . Since Popov forms are “column reduced”, they are well suited formatrix division with remainder [10, Thm. 6.3-15]: if P ∈ K [ x ] δ × δ isthe Popov basis of M , then for any v ∈ K [ x ] × δ there is a unique u ∈ v + M such that cdeg ( u ) < cdeg ( P ) entrywise; we denote u = v rem P . Furthermore, u has minimal row degree among allvectors in v + M . Such remainders can be computed efficiently:Proposition 7.4 ([16]). There is an algorithm which inputs aPopov form P ∈ K [ x ] δ × δ and v ∈ K [ x ] × δ such that cdeg ( v ) < cdeg ( P ) + ( ∆ ( P ) , . . . , ∆ ( P )) entrywise, and outputs v rem P using ˜ O ( δ ω − ∆ ( P )) operations in K , assuming that δ ∈ O ( ∆ ( P )) . Algorithm 7
ComputeReshaper ( G , η , δ ) Input:
A reduced ≺ lex -Gröbner basis G = { b , . . . , b s } ⊂ K [ x , y ] , sorted by increasing y -degree, for a zero-dimensionalideal I (hence b ∈ K [ x ] ); η , δ ∈ Z > with δ < η . Output:
If no polynomial in y η + I has y -degree < δ , “Fail”;otherwise, д = y η − ˆ д ∈ I with deg y ˆ д < δ and deg x ˆ д minimal. R ← y η rem G if deg y R ≥ δ then return “Fail” B δ ← basis of I δ = { f ∈ I | deg y f < δ } as in Corollary 7.1 B ∈ K [ x ] δ × δ ← row-wise applying ϕ δ to elements of B δ P ∈ K [ x ] δ × δ ← Popov basis of I δ from the basis B ˆ д ← − ϕ − δ ( ϕ δ ( R ) rem P ) ∈ K [ x , y ] return д = y η − ˆ д ∈ K [ x , y ] Theorem 7.5.
Algorithm 7 is correct. Assuming η ∈ O ( ∆ ( I δ )) , itcosts ˜ O ( δ ω − ∆ ( I δ ) + ηs deg x b ) operations in K . Proof. Since G is a ≺ lex -Gröbner basis, if y η + I contains apolynomial of y -degree less than δ , then deg y ( y η rem G ) ≤ δ andthe algorithm does not fail at Line 2.For correctness of the output, observe that y η − R ∈ I so satis-factory д = y η − ˜ д all have ˜ д ∈ R + I δ . Now, ˆ д of Line 6 is clearlyin R + I δ since P is the Popov basis of I δ , but also ˆ д has minimal x -degree in the coset R + I δ . Hence among all д of the correct form,the algorithm returns that of minimal x -degree.For complexity, work is done in Lines 1, 5 and 6. Since G is re-duced, deg x b > . . . > deg x b s . Therefore the diagonal entries in B are dominant in their columns and | cdeg B | = ∆ ( B ) = ∆ ( P ) = ∆ ( I δ ) .For Line 1, we use the algorithm of [23] with cost ˜ O ( ηs deg x b ) ,see Lemma A.2. Line 5 costs ˜ O ( δ ω − | cdeg B |) by Proposition 7.3and Line 6 costs ˜ O ( δ ω − ∆ ( P )) since deg x R < deg x b < ∆ ( P ) . □ We turn to obtaining the reduced ≺ lex -Gröbner basis of Γ (P) . Wewill consider the K [ x ] -submodule Γ m (P) = Γ (P) ∩ K [ x , y ] deg y < m which by Lemma 2.2 and Corollary 7.1 is free and of rank m . Toobtain a ≺ lex -Gröbner basis, our approach is to first compute theHermite basis of Γ m (P) . This is the unique basis whose correspond-ing matrix H ⊂ K [ x ] m × m is lower triangular, with each diagonalentry monic and strictly dominating the degrees in its column. Lemma 7.6. For any point set
P ⊆ K and any m > ν x (P) , wehave Γ (P) = ⟨ Γ m (P)⟩ and ∆ ( Γ m (P)) = |P| . Proof. By Lemma 2.2 the elements of the reduced ≺ lex -Gröbnerbasis of Γ (P) have y -degree at most ν x (P) , implying the first claim.Further, this means the quotient K [ x , y ]/ Γ (P) is isomorphic to thequotient of modules K [ x , y ] deg y < m / Γ m (P) . It is a basic property ofzero-dimensional varieties that the K -dimension of the former isthe number of points in P , which is hence also the K -dimension ofthe latter. This dimension is ∆ ( Γ m (P)) by [16, Lem. 2.3]. □ Proposition 7.7.
There is an algorithm which inputs
P ⊂ K andoutputs the reduced ≺ lex -Gröbner basis of Γ (P) and has complexity ˜ O ( ν x (P) ω − |P|) . Proof. Let Γ = Γ (P) , Γ m = Γ m (P) , and m = ν x (P) +
1. We firstcompute the Hermite basis H of Γ m (P) in time ˜ O ( m ω − |P|) using (aspecial case of) [9, Thm. 1.5], in which taking s = ( , n , . . . , ( m − ) n ) ensures that the s -Popov basis P of Γ m is the Hermite basis.Let G = { д , . . . , д m − } ⊂ K [ x , y ] be given as the ϕ − m -imageof the rows of H . By Lemma 7.6 and since H is lower triangular, G is a ≺ lex -Gröbner basis of Γ but not necessarily minimal. Con-struct G ′ ⊆ G from G by excluding the elements д ∈ G suchthat there is д ′ ∈ G with deg y д ′ < deg y д and deg x ( LC y ( д ′ )) ≤ deg x ( LC y ( д )) , i.e. LT lex ( д ′ ) divides LT lex ( д ) . This makes G ′ a mini-mal ≺ lex -Gröbner basis of Γ [4, Lem. 3 of Chap. 2 §7], and we claim itis the reduced one. Indeed, since H is in Hermite form, the selectioncriteria for G ′ ensures that for any д (cid:44) д ′ in G ′ and any term x i y j in д ′ , we have i < deg x ( LT lex ( д )) or j < deg y д , and hence G ′ isreduced. Obtaining G ′ from H costs no arithmetic operations. □ Corollary 7.8.
Given a point set
P ⊆ K of cardinality n anda reshaping sequence η = ( η i ) ki = with n ≥ η k and satisfying thecondition of Lemma 3.5, then we can determine if P is η -balancedand compute an η -reshaper д = ( д i ) ki = for P where each elementhas minimal possible x -degree in complexity ˜ O ( kη ω − n + η ν x nk ) . Proof. By Proposition 7.7, computing a reduced ≺ lex -Gröbnerbasis G = ( b i ) ν x i = of Γ (P) costs ˜ O ( ν ω − x n ) ⊂ ˜ O ( η ω − n ) . We thenrun Algorithm 7 on input η = η i and δ i = η i − η i − + > ν x for i = , . . . , k . Lemma 7.6 ensures ∆ ( Γ δ (P)) = n for any δ > ν x , thusthe cost of each call to Algorithm 7 becomes ˜ O ( η ω − n + η ν x n ) . □ Corollary 7.9.
Given M , A ∈ K [ x ] with n : = deg M > deg A and a reshaping sequence η = ( η i ) ki = with n ≥ η k , then we candetermine if I : = ⟨ M , y − A ⟩ is η -balanced and compute an η -reshaper д = ( д i ) ki = for P where each element has minimal possible x -degreein complexity ˜ O ( kη ω − n ) . Proof. For any δ , and using the notation of Algorithm 7, thebasis B of I δ is lower triangular with diagonal entries ( M , , . . . , ) .Hence ∆ ( B ) = ∆ ( I δ ) = n . Using s = x b = deg x M = n ,the cost follows from Theorem 7.5. □ Now we show that on random input our algorithms usually havequasi-linear complexity, i.e. that random point sets are balancedand that ⟨ M , y − A ⟩ is balanced for random univariate A , M . eneric Bivariate Multi-point Evaluation, Interpolation and Modular Composition with Precomputation ISSAC ’20, July 20–23, 2020, Athens, Greece Lemma 8.1.
Let α , . . . , α n ∈ K be distinct, let y , . . . , y n be newindeterminates, and consider for s ∈ Z > the matrix A s = (cid:2) V s | DV s | . . . | D m − V s (cid:3) ∈ K [ y , . . . , y n ] n × ms (3) where D is the diagonal matrix with entries ( y , . . . , y n ) , and V s = [ α j − i ] ≤ i ≤ n , ≤ j ≤ s ∈ K n × s . Then A s has rank min ( n , ms ) . Proof. Note that by rank of a matrix over K [ y , . . . , y n ] , wemean the rank of that matrix seen as over the field of fractions K ( y , . . . , y n ) . If we specialise y i to α si for i = , . . . , n , we obtainthe Vandermonde matrix ˆ A s = [ α j − i ] ≤ i ≤ n , ≤ j ≤ ms ∈ K n × ms ofthe points α , . . . , α n . Since these points are distinct, ˆ A s has fullrank min ( n , ms ) . Hence A s must also have full rank. □ The columns of A s can be identified to monomials x i y j with i < s and j < m . In particular, if p ∈ Γ (P) is a bivariate polynomialwith x -degree less than s and y -degree less than m which vanisheson a point set P = {( α i , β i )} ni = ⊂ K with distinct α i ’s, then thecoefficients of p form a vector in the right kernel of the matrixˆ A s = ( A s ) | y i → β i ∈ K n × ms specializing y i to β i .The next lemma determines the exact row degrees of the Popovbasis P ∈ K [ x ] m × m of ϕ m ( Γ m (P)) for a “random” point set P ,where Γ m (P) = Γ (P) ∩ K [ x , y ] deg y < m as in Section 7.2.Lemma 8.2. Let α , . . . , α n ∈ K be distinct, let T ⊆ K be a finitesubset, and let λ : K n → K n be an affine map. For γ , . . . , γ n ∈ T chosen independently and uniformly at random, set P = {( α i , β i )} ni = where ( β , . . . , β n ) = λ ( γ , . . . , γ n ) . Let m ∈ Z with ν x (P) < m ≤ n and let ( d , t ) = qo_rem ( n , m ) . With probability at least − nm /|T | ,the Popov basis P ∈ K [ x ] m × m of ϕ m ( Γ m (P)) has exactly m − t rowsof degree d and t rows of degree d + and in particular deg x P ≤ d + . Proof. Let p , . . . , p m ∈ K [ x , y ] be the polynomials defined bythe rows of P . Lemma 2.2 shows ∆ ( P ) = n = (cid:205) mi = deg x p i .For any s ∈ Z > , let A s ∈ K [ y , . . . , y n ] n × ms be as in Lemma 8.1,hence rank ( A s ) = min ( n , ms ) . Let ˆ A s = ( A s ) | y i → β i ∈ K n × ms . Tak-ing s = d , as mentioned above, if deg x p i < d for some i , then the co-efficient vector of p i is in the right kernel of ˆ A d , and so rank ( ˆ A d ) < rank ( A d ) = md ≤ n . Thus, letting M ∈ K [ y , . . . , y n ] be a non-zero md × md minor of A d then M ( β , . . . , β n ) = M ( λ ( γ , . . . , γ n )) = M has degree at most m − M isless than nm , and since λ is affine the composition M ( λ ( z , . . . , z n )) also has total degree less than nm . Then, by Lemma 2.1 the proba-bility that M ( λ ( γ , . . . , γ n )) = nm /|T | .Assume now that all rows of P have degree at least d . For each i such that deg x p i = d , the coefficients of p i form a vector in theright kernel of ˆ A d + ∈ K n × m ( d + ) . By Lemma 8.1, A d + has a rightkernel (over the fractions) of dimension m ( d + ) − n = m − t . Sincethe rows of P are linearly independent over K [ x ] , and therefore alsoover K , whenever rank ( ˆ A d + ) = rank ( A d + ) at most m − t rows of P have x -degree d . We thus consider N ∈ K [ y , . . . , y n ] a non-zero n × n minor of A d + . Again N has total degree less than nm and theprobability that N ( β , . . . , β n ) = N ( λ ( γ , . . . , γ n )) = nm /|T | , bounding the probability that rank ( ˆ A d + ) < rank ( A d + ) .Hence, with probability at least 1 − nd /|T | , P has all rows ofdegree at least d and j rows of degree exactly d with j ≤ m − t . Eachof the remaining m − j rows has degree at least d +
1, while their degrees must sum to n − jd = md + t − jd = ( m − j ) d + t ≤ ( m − j )( d + ) .Hence each of them has degree exactly d + □ Algorithm 7 for computing reshapers outputs a д = y η − ˆ д with deg y ˆ д < δ satisfying deg x ˆ д ≤ deg x P , where P is the Popovbasis of Γ δ (P) . Lemma 8.2 states that generically we can expectdeg x P ≤ ⌊ nδ ⌋ +
1, and so when δ = η i − η i − + η -balanced.Corollary 8.3. Let α , . . . , α n ∈ K be distinct, let T ⊆ K a finitesubset, and let λ : K n → K n be an affine map. For γ , . . . , γ n ∈ T chosen independently and uniformly at random, set P = {( α i , β i )} ni = where ( β , . . . , β n ) = λ ( γ , . . . , γ n ) . Let η = ( η i ) ki = be a reshapingsequence with η ≤ n and satisfying the constraint of Lemma 3.5.Then P is η -balanced with probability at least − n k /|T | . The above proposition directly applies to both our MPE and inter-polation algorithms on random point sets with unique x -coordinates.Note that in the case of interpolation, where the point set is shearedif its y -valency is greater than one, the property of being η -balancedis not inherited a priori by the sheared point set. The probabilityof being η -balanced, however, is preserved, since the shearing actsas an affine transformation on the y -coordinates. There are manyformulations depending on the type of randomness one needs overthe point sets; the following is a simple example over finite fields:Corollary 8.4. Let d , n ∈ Z > with d ≤ n and F q be a finitefield with q elements, and let P = {( α i , β i )} ni = ⊆ F q be chosenuniformly at random among point sets with cardinality n . Then withprobability of at least (cid:0) − n q (cid:1) (cid:0) − n ( log / ( n ) + ) q (cid:1) over the choiceof P the following two problems can be solved with cost ˜ O ( n ) : (1) Input polynomial f ∈ F q [ x , y ] such that deg x f < n / d and deg y f < d , and output ( f ( α i , β i )) ni = ∈ F nq . (2) Input interpolation values γ = ( γ i ) ni = ∈ F nq , and output f ∈ F q [ x , y ] satisfying f ( α i , β i ) = γ i for i = , . . . , n , as wellas deg y f < d and deg x f ≤ cn for some constant c whichdepends only on n and d . Proof sketch. The probability simply bounds the probabilitythat P has unique x -coordinates and that it is balanced in all thenecessary ways. By Corollary 3.6 there is an appropriate reshapingsequence of length at most log / ( n ) + □ We do not make a claim about the genericity in Algorithm 4: dueto the shearing in that algorithm, the arguments of this section donot immediately apply. Lastly, we turn to modular composition.Theorem 8.5.
Let M ∈ K [ x ] be square-free of degree n and let η bea ( d , ) -reshaping sequence of length k with < d ≤ n . Let T ⊆ K bea finite subset, and let A = (cid:205) n − i = a i x i − ∈ K [ x ] where a , . . . , a n − are chosen independently and uniformly at random from T . Then ⟨ M , y − A ⟩ is η -balanced with probability at least − n k /|T | . Proof. Let L be the splitting field of M , so M = (cid:206) ni = ( x − α i ) for some pairwise distinct α , . . . , α n ∈ L . Define the stochasticvariables β i = A ( α i ) for i = , . . . , n ; the map λ ( a , . . . , a n − ) = ( β , . . . , β n ) is L -linear. Consider P = {( α i , β i )} ni = ⊆ L . ThenCorollary 8.3 implies that P is η -balanced with probability at least1 − n k |T | . In this case, for each i there exists д i = y η i + ˆ д i ∈ I L where SSAC ’20, July 20–23, 2020, Athens, Greece Vincent Neiger, Johan Rosenkilde, and Grigory Solomatov deg y ˆ д i < η i − η i − and deg x ˆ д i ≤ ⌊ n η i − η i − + ⌋ +
1, and where I L = ⟨ M , y − A ⟩ ⊗ K L . Let { , ζ , . . . , ζ s − } ⊂ L be a basis of L : K and write д i = д i , + ζд i , + . . . + ζ s − д i , s − with д i , j ∈ K [ x , y ] .Then д i ∈ I L implies that д i , ∈ I , and by the shape of д i then д i , = y η i + ˆ д i , where the x - and y -degree of ˆ д i , satisfy the samebounds as ˆ д i . Then the tuple д = ( д , , . . . , д k , ) ∈ K [ x , y ] k formsa balanced η -reshaper for I . □ REFERENCES [1] E. F. Assmus and J. D. Key. 1992.
Designs and Their Codes . Cambridge UniversityPress. https://doi.org/10.1017/CBO9781316529836[2] R. P. Brent and H. T. Kung. 1978. Fast Algorithms for Manipulating Formal PowerSeries.
J. ACM
25, 4 (1978), 581–595. https://doi.org/10.1145/322092.322099[3] D. G. Cantor and E. Kaltofen. 1991. On fast multiplication of polynomials overarbitrary algebras.
Acta Informatica
28, 7 (1991), 693–701. https://doi.org/10.1007/BF01178683[4] D. A. Cox, J. Little, and D. O’Shea. 2015.
Ideals, Varieties, and Algorithms (4th ed.).Springer. https://doi.org/10.1007/978-3-319-16721-3[5] N. Coxon. 2018. Fast systematic encoding of multiplicity codes.
J. Symb. Comput. (2018). https://doi.org/10.1016/j.jsc.2018.08.005[6] X. Dahan. 2009. Size of Coefficients of Lexicographical Gröbner Bases: The Zero-Dimensional, Radical and Bivariate Case. In
Proceedings ISSAC 2009 . 119–126.https://doi.org/10.1145/1576702.1576721[7] R. A. DeMillo and R. J. Lipton. 1978. A Probabilistic Remark on Algebraic ProgramTesting.
Inf. Process. Lett.
7, 4 (1978), 193–195. https://doi.org/10.1016/0020-0190(78)90067-4[8] W. Hart, F. Johansson, and S. Pancratz. 2015. FLINT: Fast Library for NumberTheory. Version 2.5.2, http://flintlib.org.[9] C.-P. Jeannerod, V. Neiger, É. Schost, and G. Villard. 2016. Fast Computation ofMinimal Interpolation Bases in Popov Form for Arbitrary Shifts. In
ProceedingsISSAC 2016 . 295–302. https://doi.org/10.1145/2930889.2930928[10] T Kailath. 1980.
Linear Systems . Prentice-Hall.[11] K. Kedlaya and C. Umans. 2011. Fast Polynomial Factorization and ModularComposition.
SIAM J. Comput.
40, 6 (Jan. 2011), 1767–1802. https://doi.org/10.1137/08073408X[12] D. Lazard. 1985. Ideal bases and primary decomposition: case of two variables.
J.Symb. Comput.
1, 3 (1985). https://doi.org/10.1016/S0747-7171(85)80035-3[13] F. Le Gall. 2014. Powers of tensors and fast matrix multiplication. In
ProceedingsISSAC 2014 . ACM, 296–303. https://doi.org/10.1145/2608628.2608664[14] S. Miura. 1993. Algebraic geometric codes on certain plane curves.
Electronicsand Communications in Japan (Part III: Fundamental Electronic Science)
76, 12(1993), 1–13. https://doi.org/10.1002/ecjc.4430761201[15] V. Neiger, B. Salvy, É. Schost, and G. Villard. 2020. Faster modular composition(work in progress).[16] V. Neiger and T. X. Vu. 2017. Computing Canonical Bases of Modules of UnivariateRelations. In
Proceedings ISSAC 2017 . https://doi.org/10.1145/3087604.3087656[17] M. Nüsken and M. Ziegler. 2004. Fast Multipoint Evaluation of Bivariate Polyno-mials. In
Proceedings ESA 2004 . https://doi.org/10.1007/978-3-540-30140-0_49[18] V. Y. Pan. 1994. Simple Multivariate Polynomial Multiplication.
J. Symb. Comput.
18, 3 (1994), 183–186. https://doi.org/10.1006/jsco.1994.1042[19] M. S. Paterson and L. J. Stockmeyer. 1973. On the number of nonscalar multipli-cations necessary to evaluate polynomials.
SIAM J. Comput.
2, 1 (1973), 60–66.https://doi.org/10.1137/0202007[20] V Popov. 1970. Some properties of the control systems with irreducible matrix-transfer functions. In
Seminar on Diff. Eq. and Dyn. Sys., II . 169–180. https://doi.org/10.1007/BFb0059934[21] J. T. Schwartz. 1980. Fast Probabilistic Algorithms for Verification of PolynomialIdentities.
J. ACM
27, 4 (1980), 701–717. https://doi.org/10.1145/322217.322225[22] V. Shoup. 2020. NTL: A Library for doing Number Theory, version 11.4.3. .[23] J. van der Hoeven. 2015. On the complexity of multivariate polynomial division.In
Proceedings ACA 2015 . 447–458. https://doi.org/10.1007/978-3-319-56932-1_28[24] J. van der Hoeven and G. Lecerf. 2018. Modular composition via factorization.
J.Complexity
48 (2018), 36–68. https://doi.org/10.1016/j.jco.2018.05.002[25] J. van der Hoeven and G. Lecerf. 2019. Fast multivariate multi-point evaluationrevisited.
J. Complexity (2019). https://doi.org/10.1016/j.jco.2019.04.001[26] J. van der Hoeven and É. Schost. 2013. Multi-point evaluation in higher di-mensions.
Appl. Algebra Eng. Commun. Comput.
24, 1 (2013), 37–52. https://doi.org/10.1007/s00200-012-0179-3[27] G. Villard. 2018. On computing the resultant of generic bivariate polynomials. In
Proceedings ISSAC 2018
J. Symb. Comput.
9, 3 (1990). https://doi.org/10.1016/S0747-7171(08)80014-4[30] J. von zur Gathen and J. Gerhard. 2013.
Modern Computer Algebra (3rd ed.).Cambridge University Press. https://doi.org/10.1017/CBO9781139856065[31] R. Zippel. 1979. Probabilistic algorithms for sparse polynomials. In
ProceedingsEUROSAM’79 . 216–226. https://doi.org/10.1007/3-540-09519-5_73
APPENDIX
Corollary A.1 (of [12]).
Let G = { b , . . . , b s } ⊂ K [ x , y ] be aminimal ≺ lex -Gröbner basis, sorted according to ≺ lex . Then (1) deg y b < . . . < deg y b s ; and (2) LC y ( b s ) | LC y ( b s − ) | · · · | LC y ( b ) . Proof of Corollary 7.1. Since I is an ideal of K [ x , y ] and I δ = I ∩ K [ x , y ] deg y < δ , then I δ is a K [ x ] -submodule of K [ x , y ] deg y < δ .Let B denote the (claimed) basis in the corollary. Clearly B ⊆ I δ , and the elements of B all have different y -degree and so are K [ x ] -linearly independent. Also |B| = δ − d , so if B generates I δ then it is a basis of it and the rank of I δ is δ − d . It remains toshow that B generates I δ , so take some f ∈ I δ . Since f ∈ I themultivariate division algorithm using G and the order ≺ lex results in q , . . . , q s ∈ K [ x , y ] such that f = q b + . . . + q s b s with deg y q i ≤ deg y f − deg y b i . Since deg y f < δ this means q ˆ s + = . . . = q s = i for which LT lex ( b i ) divides the leading term of thecurrent remainder. Thus no term of q i b i is divisible by LT lex ( b i + ) for any i < s . But by Corollary A.1 then LC y ( b i + ) divides LC y ( b i ) ,and so if deg y ( q i b i ) ≥ deg y b i + then LT lex ( b i + ) | LT lex ( q i b i ) .Consequently deg y q i < deg y b i + − deg y b i , and therefore f is a K [ x ] -linear combination of the elements of B . □ Lemma A.2.
There is an algorithm which inputs a ≺ lex -Gröbnerbasis G = [ b , . . . , b s ] ⊆ K [ x , y ] with deg y b = , and a polynomial f ∈ K [ x , y ] , and outputs f rem G in time ˜ O (| G | d x ( deg y f )) , where d x = max ( deg x f , deg x b ) . Proof. This is a special case of [23]: the multivariate divisionalgorithm computes q , . . . , q s , R ∈ K [ x , y ] such that f = q b + . . . + q s b s + R with R = f rem G , and the cost of the algorithm canbe bounded as (cid:205) si = deg ◦ x ( q i b i ) deg ◦ y ( q i b i ) + deg ◦ x ( R ) deg ◦ y ( R ) , where deg ◦ x (·) denotes an a priori upper bound on the x -degree,and similarly for deg ◦ y (·) . Since G is a ≺ lex -Gröbner basis, thendeg ◦ y ( q i b i ) ≤ deg y f and deg ◦ y ( R ) ≤ deg y f . For the x -degrees,note that in an iteration of the division algorithm where b i , i > x ˜ R < deg x b , where ˜ R is the current remain-der, since otherwise the algorithm would have reduced by b asdeg y b =
0. Hence deg x ( q i ) ≤ deg x ( q i LT lex ( b i )) < deg x b andso deg ◦ x ( q i b i ) ≤ x b . Similarly, deg ◦ x ( R ) < deg x b . Left isonly deg ◦ x ( q b ) : since q b = f − q b − . . . − q s b s − R , thendeg x ( q b ) ≤ max ( deg x f , x b ) ..