Proceedings of the forty-third annual ACM symposium on Theory of computing, 2011
We devise an algorithm, L 1 , with the following specifications: It takes as input an arbitrary b... more We devise an algorithm, L 1 , with the following specifications: It takes as input an arbitrary basis B = (bi)i ∈ Z d×d of a Euclidean lattice L; It computes a basis of L which is reduced for a mild modification of the Lenstra-Lenstra-Lovász reduction; It terminates in time O(d 5+ε β + d ω+1+ε β 1+ε) where β = log max bi (for any ε > 0 and ω is a valid exponent for matrix multiplication). This is the first LLLreducing algorithm with a time complexity that is quasilinear in β and polynomial in d. The backbone structure of L 1 is able to mimic the Knuth-Schönhage fast gcd algorithm thanks to a combination of cutting-edge ingredients. First the bit-size of our lattice bases can be decreased via truncations whose validity are backed by recent numerical stability results on the QR matrix factorization. Also we establish a new framework for analyzing unimodular transformation matrices which reduce shifts of reduced bases, this includes bit-size control and new perturbation tools. We illustrate the power of this framework by generating a family of reduction algorithms.
For a prime p and a matrix A ∈ Z
n×n
, write A as A = p(A quo p)+
(A rem p) where the remainder a... more For a prime p and a matrix A ∈ Z n×n , write A as A = p(A quo p)+ (A rem p) where the remainder and quotient operations are applied element-wise. Write the p-adic expansion of A as A = A[0] + pA[1] + p 2A[2] + · · · where each A[i] ∈ Z n×n has entries between [0, p − 1]. Upper bounds are proven for the Z-ranks of A rem p, and A quo p. Also, upper bounds are proven for the Z/pZ-rank of A[i] for all i ≥ 0 when p = 2, and a conjecture is presented for odd primes.
We present algorithms to compute the Smith Normal Form of matrices
over two families of local rin... more We present algorithms to compute the Smith Normal Form of matrices over two families of local rings. The algorithms use the black-box model which is suitable for sparse and structured matrices. The algorithms depend on a number of tools, such as matrix rank computation over finite fields, for which the best-known time- and memory-efficient algorithms are probabilistic. For an n × n matrix A over the ring F[z]/(f e ), where f e is a power of an irreducible polynomial f ∈ F[z] of degree d, our algorithm requires O(ηde2n) operations in F, where our black-box is assumed to require O(η) operations in F to compute a matrix-vector product by a vector over F[z]/(f e ) (and η is assumed greater than nde). The algorithm only requires additional storage for O(nde) elements of F. In particular, if η = O˜(nde), then our algorithm requires only O˜(n 2d 2 e 3 ) operations in F, which is an improvement on known dense methods for small d and e. For the ring Z/peZ, where p is a prime, we give an algorithm which is time- and memory-efficient when the number of nontrivial invariant factors is small. We describe a method for dimension reduction while preserving the invariant factors. The time complexity is essentially linear in µnre log p, where µ is the number of operations in Z/pZ to evaluate the black-box (assumed greater than n) and r is the total number of non-zero invariant factors. To avoid the practical cost of conditioning, we give a Monte Carlo certificate, which at low cost, provides either a high probability of success or a proof of failure. The quest for a time- and memory-efficient solution without restrictions on the number of nontrivial invariant factors remains open. We offer a conjecture which may contribute toward that end.
Given a field extension K/k of degree n we are interested
in finding the subfields of K containin... more Given a field extension K/k of degree n we are interested in finding the subfields of K containing k. There can be more than polynomially many subfields. We introduce the notion of generating subfields, a set of up to n subfields whose intersections give the rest. We provide an efficient algorithm which uses linear algebra in k or lattice reduction along with factorization. Our implementation shows that previously difficult cases can now be handled.
We devise an algorithm, L1, with the following specifications: It takes as input an arbitrary bas... more We devise an algorithm, L1, with the following specifications: It takes as input an arbitrary basis of a Euclidean lattice L; It computes a basis of L which is reduced for a mild modification of the Lenstra-Lenstra-Lovász reduction; It terminates in time O(d^(5+ε)β +d^(ω+1+ε)β^(1+ε)) where β = log max bits of a basis vector (for any ε > 0 and ω is a valid exponent for matrix multiplication). This is the first LLL-reducing algorithm with a time complexity that is quasi-linear in β and polynomial in d. The backbone structure of L1 is able to mimic the Knuth-Schönhage fast gcd algorithm thanks to a combination of cutting-edge ingredients. First the bit-size of our lattice bases can be decreased via truncations whose validity are backed by recent numerical stability results on the QR matrix factorization. Also we establish a new framework for analyzing unimodular transformation matrices which reduce shifts of reduced bases, this includes bit-size control and new perturbation tools. We illustrate the power of this framework by generating a family of reduction algorithms.
We present a lattice algorithm specifically designed for some classical applications of lattice
r... more We present a lattice algorithm specifically designed for some classical applications of lattice reduction. The applications are for lattice bases with a generalized knapsack-type structure, where the target vectors are boundably short. For such applications, the complexity of the algorithm improves traditional lattice reduction by replacing some dependence on the bit-length of the input vectors by some dependence on the bound for the output vectors. If the bit-length of the target vectors is unrelated to the bit-length of the input, then our algorithm is only linear in the bit-length of the input entries, which is an improvement over the quadratic complexity floating-point LLL algorithms. To illustrate the usefulness of this algorithm we show that a direct application to factoring univariate polynomials over the integers leads to the first complexity bound improvement since 1984. A second application is algebraic number reconstruction, where a new complexity bound is obtained as well.
We revisit a divide-and-conquer algorithm, originally described by Brent and Kung for composition... more We revisit a divide-and-conquer algorithm, originally described by Brent and Kung for composition of power series, showing that it can be applied practically to composition of polynomials in Z[x] given in the standard monomial basis. We offer a complexity analysis, showing that it is asymptotically fast, avoiding coefficient explosion in Z[x]. The algorithm is straightforward to implement and practically fast, avoiding computationally expensive change of basis steps of other polynomial composition strategies. The algorithm is available in the open source FLINT C library and we offer a practical comparison with the polynomial composition algorithm in the MAGMA computer algebra system.
This thesis presents an algorithm for factoring polynomials over the rationals which follows the ... more This thesis presents an algorithm for factoring polynomials over the rationals which follows the approach of the van Hoeij algorithm. The key theoretical novelty in our approach is that it is set up in a way that will make it possible to prove a new complexity result for this algorithm which was actually observed on prior algorithms. One difference of this algorithm from prior algorithms is the practical improvement which we call early termination. Our algorithm should outperform prior algorithms in many common classes of polynomials (including irreducibles).
State of the art factoring in Q[x] is dominated in theory by a combinatorial reconstruction probl... more State of the art factoring in Q[x] is dominated in theory by a combinatorial reconstruction problem while, excluding some rare polynomials, performance tends to be dominated by Hensel lifting. We present an algorithm which gives a practical improvement (less Hensel lifting) for these more common polynomials. In addition, factoring has suffered from a 25 year complexity gap because the best implementations are much faster in practice than their complexity bounds. We illustrate that this complexity gap can be closed by providing an implementation which is comparable to the best current implementations and for which competitive complexity results can be proved.
Proceedings of the forty-third annual ACM symposium on Theory of computing, 2011
We devise an algorithm, L 1 , with the following specifications: It takes as input an arbitrary b... more We devise an algorithm, L 1 , with the following specifications: It takes as input an arbitrary basis B = (bi)i ∈ Z d×d of a Euclidean lattice L; It computes a basis of L which is reduced for a mild modification of the Lenstra-Lenstra-Lovász reduction; It terminates in time O(d 5+ε β + d ω+1+ε β 1+ε) where β = log max bi (for any ε > 0 and ω is a valid exponent for matrix multiplication). This is the first LLLreducing algorithm with a time complexity that is quasilinear in β and polynomial in d. The backbone structure of L 1 is able to mimic the Knuth-Schönhage fast gcd algorithm thanks to a combination of cutting-edge ingredients. First the bit-size of our lattice bases can be decreased via truncations whose validity are backed by recent numerical stability results on the QR matrix factorization. Also we establish a new framework for analyzing unimodular transformation matrices which reduce shifts of reduced bases, this includes bit-size control and new perturbation tools. We illustrate the power of this framework by generating a family of reduction algorithms.
For a prime p and a matrix A ∈ Z
n×n
, write A as A = p(A quo p)+
(A rem p) where the remainder a... more For a prime p and a matrix A ∈ Z n×n , write A as A = p(A quo p)+ (A rem p) where the remainder and quotient operations are applied element-wise. Write the p-adic expansion of A as A = A[0] + pA[1] + p 2A[2] + · · · where each A[i] ∈ Z n×n has entries between [0, p − 1]. Upper bounds are proven for the Z-ranks of A rem p, and A quo p. Also, upper bounds are proven for the Z/pZ-rank of A[i] for all i ≥ 0 when p = 2, and a conjecture is presented for odd primes.
We present algorithms to compute the Smith Normal Form of matrices
over two families of local rin... more We present algorithms to compute the Smith Normal Form of matrices over two families of local rings. The algorithms use the black-box model which is suitable for sparse and structured matrices. The algorithms depend on a number of tools, such as matrix rank computation over finite fields, for which the best-known time- and memory-efficient algorithms are probabilistic. For an n × n matrix A over the ring F[z]/(f e ), where f e is a power of an irreducible polynomial f ∈ F[z] of degree d, our algorithm requires O(ηde2n) operations in F, where our black-box is assumed to require O(η) operations in F to compute a matrix-vector product by a vector over F[z]/(f e ) (and η is assumed greater than nde). The algorithm only requires additional storage for O(nde) elements of F. In particular, if η = O˜(nde), then our algorithm requires only O˜(n 2d 2 e 3 ) operations in F, which is an improvement on known dense methods for small d and e. For the ring Z/peZ, where p is a prime, we give an algorithm which is time- and memory-efficient when the number of nontrivial invariant factors is small. We describe a method for dimension reduction while preserving the invariant factors. The time complexity is essentially linear in µnre log p, where µ is the number of operations in Z/pZ to evaluate the black-box (assumed greater than n) and r is the total number of non-zero invariant factors. To avoid the practical cost of conditioning, we give a Monte Carlo certificate, which at low cost, provides either a high probability of success or a proof of failure. The quest for a time- and memory-efficient solution without restrictions on the number of nontrivial invariant factors remains open. We offer a conjecture which may contribute toward that end.
Given a field extension K/k of degree n we are interested
in finding the subfields of K containin... more Given a field extension K/k of degree n we are interested in finding the subfields of K containing k. There can be more than polynomially many subfields. We introduce the notion of generating subfields, a set of up to n subfields whose intersections give the rest. We provide an efficient algorithm which uses linear algebra in k or lattice reduction along with factorization. Our implementation shows that previously difficult cases can now be handled.
We devise an algorithm, L1, with the following specifications: It takes as input an arbitrary bas... more We devise an algorithm, L1, with the following specifications: It takes as input an arbitrary basis of a Euclidean lattice L; It computes a basis of L which is reduced for a mild modification of the Lenstra-Lenstra-Lovász reduction; It terminates in time O(d^(5+ε)β +d^(ω+1+ε)β^(1+ε)) where β = log max bits of a basis vector (for any ε > 0 and ω is a valid exponent for matrix multiplication). This is the first LLL-reducing algorithm with a time complexity that is quasi-linear in β and polynomial in d. The backbone structure of L1 is able to mimic the Knuth-Schönhage fast gcd algorithm thanks to a combination of cutting-edge ingredients. First the bit-size of our lattice bases can be decreased via truncations whose validity are backed by recent numerical stability results on the QR matrix factorization. Also we establish a new framework for analyzing unimodular transformation matrices which reduce shifts of reduced bases, this includes bit-size control and new perturbation tools. We illustrate the power of this framework by generating a family of reduction algorithms.
We present a lattice algorithm specifically designed for some classical applications of lattice
r... more We present a lattice algorithm specifically designed for some classical applications of lattice reduction. The applications are for lattice bases with a generalized knapsack-type structure, where the target vectors are boundably short. For such applications, the complexity of the algorithm improves traditional lattice reduction by replacing some dependence on the bit-length of the input vectors by some dependence on the bound for the output vectors. If the bit-length of the target vectors is unrelated to the bit-length of the input, then our algorithm is only linear in the bit-length of the input entries, which is an improvement over the quadratic complexity floating-point LLL algorithms. To illustrate the usefulness of this algorithm we show that a direct application to factoring univariate polynomials over the integers leads to the first complexity bound improvement since 1984. A second application is algebraic number reconstruction, where a new complexity bound is obtained as well.
We revisit a divide-and-conquer algorithm, originally described by Brent and Kung for composition... more We revisit a divide-and-conquer algorithm, originally described by Brent and Kung for composition of power series, showing that it can be applied practically to composition of polynomials in Z[x] given in the standard monomial basis. We offer a complexity analysis, showing that it is asymptotically fast, avoiding coefficient explosion in Z[x]. The algorithm is straightforward to implement and practically fast, avoiding computationally expensive change of basis steps of other polynomial composition strategies. The algorithm is available in the open source FLINT C library and we offer a practical comparison with the polynomial composition algorithm in the MAGMA computer algebra system.
This thesis presents an algorithm for factoring polynomials over the rationals which follows the ... more This thesis presents an algorithm for factoring polynomials over the rationals which follows the approach of the van Hoeij algorithm. The key theoretical novelty in our approach is that it is set up in a way that will make it possible to prove a new complexity result for this algorithm which was actually observed on prior algorithms. One difference of this algorithm from prior algorithms is the practical improvement which we call early termination. Our algorithm should outperform prior algorithms in many common classes of polynomials (including irreducibles).
State of the art factoring in Q[x] is dominated in theory by a combinatorial reconstruction probl... more State of the art factoring in Q[x] is dominated in theory by a combinatorial reconstruction problem while, excluding some rare polynomials, performance tends to be dominated by Hensel lifting. We present an algorithm which gives a practical improvement (less Hensel lifting) for these more common polynomials. In addition, factoring has suffered from a 25 year complexity gap because the best implementations are much faster in practice than their complexity bounds. We illustrate that this complexity gap can be closed by providing an implementation which is comparable to the best current implementations and for which competitive complexity results can be proved.
Uploads
Papers by Andy Novocin
n×n
, write A as A = p(A quo p)+
(A rem p) where the remainder and quotient operations are applied
element-wise. Write the p-adic expansion of A as A = A[0] + pA[1] +
p
2A[2] + · · · where each A[i] ∈ Z
n×n has entries between [0, p − 1].
Upper bounds are proven for the Z-ranks of A rem p, and A quo p.
Also, upper bounds are proven for the Z/pZ-rank of A[i]
for all i ≥ 0
when p = 2, and a conjecture is presented for odd primes.
over two families of local rings. The algorithms use the black-box
model which is suitable for sparse and structured matrices. The algorithms
depend on a number of tools, such as matrix rank computation
over finite fields, for which the best-known time- and memory-efficient
algorithms are probabilistic.
For an n × n matrix A over the ring F[z]/(f
e
), where f
e
is a power
of an irreducible polynomial f ∈ F[z] of degree d, our algorithm requires
O(ηde2n) operations in F, where our black-box is assumed to
require O(η) operations in F to compute a matrix-vector product by
a vector over F[z]/(f
e
) (and η is assumed greater than nde). The algorithm
only requires additional storage for O(nde) elements of F. In
particular, if η = O˜(nde), then our algorithm requires only O˜(n
2d
2
e
3
)
operations in F, which is an improvement on known dense methods
for small d and e.
For the ring Z/peZ, where p is a prime, we give an algorithm which
is time- and memory-efficient when the number of nontrivial invariant
factors is small. We describe a method for dimension reduction while
preserving the invariant factors. The time complexity is essentially
linear in µnre log p, where µ is the number of operations in Z/pZ to
evaluate the black-box (assumed greater than n) and r is the total
number of non-zero invariant factors. To avoid the practical cost of
conditioning, we give a Monte Carlo certificate, which at low cost,
provides either a high probability of success or a proof of failure. The
quest for a time- and memory-efficient solution without restrictions
on the number of nontrivial invariant factors remains open. We offer
a conjecture which may contribute toward that end.
in finding the subfields of K containing k. There can be
more than polynomially many subfields. We introduce the
notion of generating subfields, a set of up to n subfields
whose intersections give the rest. We provide an efficient
algorithm which uses linear algebra in k or lattice reduction
along with factorization. Our implementation shows that
previously difficult cases can now be handled.
for a mild modification of the Lenstra-Lenstra-Lovász reduction; It terminates in time O(d^(5+ε)β +d^(ω+1+ε)β^(1+ε)) where β = log max bits of a basis vector (for any ε > 0 and ω is a valid exponent for matrix multiplication).
This is the first LLL-reducing algorithm with a time complexity that is quasi-linear in β and polynomial in d.
The backbone structure of L1 is able to mimic the Knuth-Schönhage fast gcd algorithm thanks to
a combination of cutting-edge ingredients. First the bit-size of our lattice bases can be decreased via truncations whose validity are backed by recent numerical stability results on the QR matrix
factorization. Also we establish a new framework for analyzing unimodular transformation matrices which reduce shifts of reduced bases, this includes bit-size control and new perturbation tools. We illustrate the power of this framework by generating a family of reduction algorithms.
reduction. The applications are for lattice bases with a generalized knapsack-type structure, where the
target vectors are boundably short. For such applications, the complexity of the algorithm improves
traditional lattice reduction by replacing some dependence on the bit-length of the input vectors by
some dependence on the bound for the output vectors. If the bit-length of the target vectors is unrelated
to the bit-length of the input, then our algorithm is only linear in the bit-length of the input entries,
which is an improvement over the quadratic complexity floating-point LLL algorithms. To illustrate
the usefulness of this algorithm we show that a direct application to factoring univariate polynomials
over the integers leads to the first complexity bound improvement since 1984. A second application is
algebraic number reconstruction, where a new complexity bound is obtained as well.
n×n
, write A as A = p(A quo p)+
(A rem p) where the remainder and quotient operations are applied
element-wise. Write the p-adic expansion of A as A = A[0] + pA[1] +
p
2A[2] + · · · where each A[i] ∈ Z
n×n has entries between [0, p − 1].
Upper bounds are proven for the Z-ranks of A rem p, and A quo p.
Also, upper bounds are proven for the Z/pZ-rank of A[i]
for all i ≥ 0
when p = 2, and a conjecture is presented for odd primes.
over two families of local rings. The algorithms use the black-box
model which is suitable for sparse and structured matrices. The algorithms
depend on a number of tools, such as matrix rank computation
over finite fields, for which the best-known time- and memory-efficient
algorithms are probabilistic.
For an n × n matrix A over the ring F[z]/(f
e
), where f
e
is a power
of an irreducible polynomial f ∈ F[z] of degree d, our algorithm requires
O(ηde2n) operations in F, where our black-box is assumed to
require O(η) operations in F to compute a matrix-vector product by
a vector over F[z]/(f
e
) (and η is assumed greater than nde). The algorithm
only requires additional storage for O(nde) elements of F. In
particular, if η = O˜(nde), then our algorithm requires only O˜(n
2d
2
e
3
)
operations in F, which is an improvement on known dense methods
for small d and e.
For the ring Z/peZ, where p is a prime, we give an algorithm which
is time- and memory-efficient when the number of nontrivial invariant
factors is small. We describe a method for dimension reduction while
preserving the invariant factors. The time complexity is essentially
linear in µnre log p, where µ is the number of operations in Z/pZ to
evaluate the black-box (assumed greater than n) and r is the total
number of non-zero invariant factors. To avoid the practical cost of
conditioning, we give a Monte Carlo certificate, which at low cost,
provides either a high probability of success or a proof of failure. The
quest for a time- and memory-efficient solution without restrictions
on the number of nontrivial invariant factors remains open. We offer
a conjecture which may contribute toward that end.
in finding the subfields of K containing k. There can be
more than polynomially many subfields. We introduce the
notion of generating subfields, a set of up to n subfields
whose intersections give the rest. We provide an efficient
algorithm which uses linear algebra in k or lattice reduction
along with factorization. Our implementation shows that
previously difficult cases can now be handled.
for a mild modification of the Lenstra-Lenstra-Lovász reduction; It terminates in time O(d^(5+ε)β +d^(ω+1+ε)β^(1+ε)) where β = log max bits of a basis vector (for any ε > 0 and ω is a valid exponent for matrix multiplication).
This is the first LLL-reducing algorithm with a time complexity that is quasi-linear in β and polynomial in d.
The backbone structure of L1 is able to mimic the Knuth-Schönhage fast gcd algorithm thanks to
a combination of cutting-edge ingredients. First the bit-size of our lattice bases can be decreased via truncations whose validity are backed by recent numerical stability results on the QR matrix
factorization. Also we establish a new framework for analyzing unimodular transformation matrices which reduce shifts of reduced bases, this includes bit-size control and new perturbation tools. We illustrate the power of this framework by generating a family of reduction algorithms.
reduction. The applications are for lattice bases with a generalized knapsack-type structure, where the
target vectors are boundably short. For such applications, the complexity of the algorithm improves
traditional lattice reduction by replacing some dependence on the bit-length of the input vectors by
some dependence on the bound for the output vectors. If the bit-length of the target vectors is unrelated
to the bit-length of the input, then our algorithm is only linear in the bit-length of the input entries,
which is an improvement over the quadratic complexity floating-point LLL algorithms. To illustrate
the usefulness of this algorithm we show that a direct application to factoring univariate polynomials
over the integers leads to the first complexity bound improvement since 1984. A second application is
algebraic number reconstruction, where a new complexity bound is obtained as well.