Fast Polynomial Factorization and Modular Composition Chris Umans Caltech joint work with Kiran Kedlaya (MIT) [Umans STOC 08] + [Kedlaya-Umans FOCS 08]

Introduction A basic problem: given: degree n polynomial A(X) output: factorization into irreducible polynomials Example: given: A(X) = x3 – 1 output: (x2 + x + 1)(x – 1) Nov. 18, 2009

Introduction factoring a degree n polynomial A(X) with coefficients in Fq is easy Why? can easily compute (Xqi – X) mod A(X) (contains all potential factors of degree dividing i; use GCD, and i = 1,2,3…, n) Nov. 18, 2009

product of degree i polynomials Introduction polynomial-time factoring in Fq[X] [Berlekamp, Cantor-Zassenhaus]: make A(X) square-free distinct degree factorization: A(X) = A1(X)A2(X)...Ai(X)…An(X) equal-degree factorization: Ai(X) = g1(X)g2(X)…gk(X) product of degree i polynomials irreducible factors Nov. 18, 2009

Bottleneck in algorithms how to compute this polynomial quickly: (Xqi – X) mod A(X) deg(A) = n; i ≤ n Nov. 18, 2009

Bottleneck in algorithms how to compute this polynomial quickly: Xqi mod A(X) repeated squaring: log(qi) = i log q operations deg(A) = n; i ≤ n “operations” = modular addition, multiplication, composition of degree n polynomials Nov. 18, 2009

Bottleneck in algorithms how to compute this polynomial quickly: Xqi mod A(X) repeated squaring: log(qi) = i log q operations modular composition: log q + log i operations compute Xq mod A(X) using repeated squaring compose it with itself (Xq)q = Xq2 compose it with itself again (Xq2)q2 = Xq4 deg(A) = n; i ≤ n von zur Gathen + Shoup 1992 mod A(X) “operations” = modular addition, multiplication, composition of degree n polynomials Nov. 18, 2009

Operations on polynomials degree n polynomials f(X), g(X), A(X) Operation: Time: f(X) + g(X) mod A(X) O’(n) f(X)g(X) mod A(X) O’(n) f(0), …, f(n) O’(n) find f(X): f(0)=0, …, f(n) = n O’(n) f(g(X)) mod A(X) O’(n1.667) Nov. 18, 2009

Modular composition given deg. n polynomials f(X), g(X), A(X) compute f(g(X)) mod A(X) trivial in time O’(n2) best known [Brent-Kung 1978; Huang-Pan 1997] O’(n1.667) (= O(n1.5 + n2/2) ) idea: reduce problem to matrix multiplication This work: O’(n) Nov. 18, 2009

Outline reduce to “multivariate multipoint evaluation” new algorithm via multimodular reduction ) data structure for polynomial evaluation ) faster algorithms for polynomial factorization and other problems Nov. 18, 2009

f(g(X)) ´ f(g0(X), …, glog n-1(X)) mod A(X) The reduction given deg. n=2m polynomials f(X), g(X), A(X) compute f(g(X)) mod A(X) convert f(X) to multilinear: f(X0,X1,…,Xlog n-1) f(X) = f(X, X2, X4, X8, …, Xn/2) compute g2i(X) mod A(X) (call this gi(X)) for i = 0,1,2,…, log n -1 note: f(g(X)) ´ f(g0(X), …, glog n-1(X)) mod A(X) Nov. 18, 2009

The reduction given deg. n=2m polynomials f(X), g(X), A(X) compute f(g(X)) mod A(X) f(X) = f(X, X2, X4, X8, …, Xn/2) f(g(X)) ´ f(g0(X), …, glog n-1(X)) mod A(X) idea: evaluate at n¢log n points; evaluate each gi at n¢log n points evaluate f at these n¢log n points in (Fq)log n then interpolate; reduce modulo A(X) degree n¢log n Nov. 18, 2009

Multipoint evaluation Recall univariate case: given degree n polynomial f(X) 2 Fq[X] and points 0, 1, …, n can compute f(0), …, f(n) in time O’(n) Multivariate case harder: given f(X1, X2, …, Xm) 2 Fq[X1, X2, …, Xm] with individual degrees · d, and 0, 1, …, N=dm can compute f(0), …, f(N) in time O’(Nm) where 1.3335 < m < 1.667 [Nüsken-Ziegler 2004] Nov. 18, 2009

Multivariate multipoint evaluation given f(X1,X2,…,Xm), ind. deg <d; 0, …, N=dm compute f(0), f(1), …, f(N) If N points are all of Fqm then computable in O’(N) time via (multidimensional, finite field) FFT But we get un- structured points… Fqm Fqm Nov. 18, 2009

Multivariate multipoint evaluation Assume working over Fp Lift coefficients of f and the coordinates of each ®i to {0,1, 2, …, p-1} µ Z In integers, f(®i) · dmpdm = M Solve problem mod primes p1, p2, …, pk with p1p2…pk ¸ M (so pj · O(log M)) reconstruct via Chinese Remainder Thm. repeat; magnitude of the pj ! ¼ dm Nov. 18, 2009

What happens to the eval. pts.? (after few rounds) can afford to compute all evaluations at cost ¼ (dm)m (ideal cost: dm) 0 1 2 3 4 5 6 0 1 2 3 4 5 6 (mod 7) 0 1 2 3 4 0 1 2 0 1 0 1 0 1 2 0 1 2 3 4 (mod 2) (mod 3) (mod 5) Nov. 18, 2009

Multivariate multipoint evaluation given f(X1,X2,…,Xm), ind. deg <d; 0, …, N compute f(0), f(1), …, f(N) Theorem: for every const. ± > 0, can solve above problem in time (dm + N)1+± log1+o(1)q provided m · do(1). Nov. 18, 2009

Data structure for poly. eval. Observation: reduced f’s and tables of evaluations over entire domains don’t depend on the set of evaluation points Theorem: given degree n poly f(X) over Fq, can produce a data structure in nearly-linear time that answers evaluation queries ® 2 Fq in time polylog(n)¢log1+o(1)q. Nov. 18, 2009

Algorithmic improvements modular composition in nearly-linear time (as well as its “transpose” problem) ) faster algorithms for polynomial factorization: O’(n1.5 + nlog q)¢log q (best previous O’(n2 + n log q)¢log q or O’(n1.815 log q)¢log q ) von zur Gathen + Shoup ‘92 Kaltofen + Shoup ‘98 irreducibility testing: O’(n log q)¢log q finding minimal polynomials: O’(n log q) (improved exponents in all cases) Nov. 18, 2009

Open problems Find an O’(n) algebraic algorithm for modular composition/multivariate multipoint evaluation in any characteristic Find a fast algorithm for multivariate multipoint evaluation when m > do(1) Find a nearly-linear time algorithm for polynomial factorization Nov. 18, 2009