210 likes | 346 Vues
Topics 2: Exact arithmetic. Number theory. Linear algebra. Lecture 7. Long integer arithmetic. Integer arithmetic is one of the fundamental building blocks of CAS.
E N D
Topics 2: Exact arithmetic. Number theory. Linear algebra Lecture 7
Long integer arithmetic • Integer arithmetic is one of the fundamental building blocks of CAS. • One kind of integer arithmetics is based on finite precision arithmetic (which still can lead to several thousand bytes per integer) while most implementations today allow for arbitrary precision, limited only by the size of the machine memory. • Even for simple CA algorithms, estimates for the size of resulting integers are difficult to obtain. • As a consequence, long integer have to be implemented as dynamic data structures. • Representations include polynomials in some fixed radix or a residue number system where moduli are bound by the word size. • Implementation of exact rational arithmetic rely on efficient greatest common divisor (GCD) algorithms for integers of arbitrary size. • The complexity of the basic rational operations is dominated by the complexity of the integer GCD algorithm. • GCD algorithms on univariate polynomials over integers can be mapped to long integer GCD computation.
Long integer arithmetic • Real numbers can be represented as intervals given the rational upper and lower bounds. • A binary rational arithmetic where all denominators are a power of two suffices for interval operations. • Closely related to binary rational numbers are floating-point numbers in base tow with mantises and exponents of arbitrary length. • In arithmetic there is no strong division line between computer algebra and numerics. • Some CAS and most stand alone packages for arithmetic provide non-classical algorithms for integer arithmetic, like Karatsuba algorithm for multiplication, or the Schoenhage- Strassen algorithm and Winograd algorithm • it still unknown to date how far the complexity of Schoenhage-Strassen algorithm differs from the optimum considering the lack of non-trivial lower bounds for multiplication. • Efficient arithmetic packages are freely available: apfloat, BigNum, CLN, freelip, Hfloat, libI, lip, MIRACL, MPFUN, Pari, Piologie2, GMP, Blitz++, LiDIA etc.
Euclid’s algorithm and continued fractions • Besides basic operations, computation of GCD is by far the most important task for any integer arithmetic. • The Euclidean algorithm computes GCDs by iterated division with remainder. • Continued fraction expansions exist for every real number; • they generate sequences of rationalapproximations which are optimal in some sense. • Applications are • the extraction of the numerator and denominator of a rational number from a given decimal approximation, • factorization of integers, • solutions of diophantine equations, • quotients of the logarithms of two algebraic numbers • etc. • There are several variants of the Euclidian algorithm that decrease the running time of its implementation: for small numbers, a binary variant.
Modular arithmetic and the Chinese remainder theorem • Modular arithmetic (arithmetic of residue classes modulo a natural number m) is preformed on representatives of the congruence classes, e.g. {0, 1, . . . ,m − 1}. • Modular multiplication then requires one multiplication and one division with remainder of an integer by m. • If m = m_1 · · ·m_r is the product of r pairwise coprime integers m_1, . . . ,m_r, then the Chinese Remainder Theorem allow one to recover any number in the range 0, . . . ,m−1 from its residues mod m_i. • Problems having a solution modulo m can now be split into r smaller problems, whose solutions can be combined through an application of the theorem. • The method can be used for long integer arithmetic, by performing computations modulo sufficiently many small powers of prime numbers each in the range of a computer word.
Computations with algebraic numbers • Fundamental to algebraic numbers is the issue of representation. • The natural method of representing an algebraic number is as a root of an irreducible polynomial over a specific field. • For many applications concerned with a single root this representation suffices • Alternate forms of representation include writing the root as a sum of basic elements in a number field; • in this case arithmetic operations are straightforward linear algebra calculations in these elements. • Determining the sign of an expression containing radicals continues to be difficult: • current methods to determine whether an expression with k input roots is positive or negative take time exponential in k. • By contrast, there are fast methods to determine if the sum is zero. • The interaction between numeric and symbolic computation looks to be well suited in those problems. • Meanwhile symbolic computation, through infinitely precise, takes much more times, and should be used when numerical computations are likely to fail.
Real algebraic numbers • Real algebraic numbers are real roots of a polynomial with integer coefficients. • Real algebraic points are points whose coordinates are real algebraic numbers. • A real algebraic number can be characterized in two ways: • by a polynomial P and an isolating interval (a, b), such that x is the only real root of P in (a, b), • by a polynomial P and its Thom encoding, i.e. the signs of the successive derivatives of P at x. • The basic operations required on real algebraic numbers are: • to decide whether two numbers are equal, • which of two numbers is the larger one, • to determine the sign of a polynomial at a real algebraic number.
Real algebraic numbers There are two main tools to characterize the real roots of a univariate polynomial: • Descartes’ rule • Its states that the number of positive real roots of a univariate polynomial counted with multiplicity is less of equal with the number of sign changes in the list of the polynomial real non-zero coefficients, and the difference between these two numbers is even. • Based on this rule, Upensky’s method finds isolating intervals. • Sturm-Sylvester theorem • Gives isolation techniques based on dichotomy as well as methods for determining the non-empty sign conditions realized by a family of polynomials at the zeroes of a polynomial. • Applied to the derivatives of P, this gives the Thom encoding of the real roots. • Real algebraic numbers play an important role in all the algorithms of real algebraic geometry.
P-adic numbers and approximations • In analogy to the construction of the reals from the rational numbers by completion based on the absolute value, there exists a completion Q_p of the rationals for any prime p, defined by the p-adic norm || || that is discrete. • It has certain advantages over the absolute value making computations in Q_p more efficient than computing with reals. • The p-adic numbers can be represented by formal power series with finitely many terms of negative order (Laurent series). • Their arithmetic is analogous to power series arithmetic.
Finite fields • Computing with finite fields has found extensive application in coding theory and cryptography. • Arithmetic is a finite field is particularly simple in the case of residue class fields (Z_p). • Arithmetic in those fields is reduced to modular computations. • In the finite fields F_q where q is a power of a prime number q = p^n, arithmetic can be implemented as polynomial arithmetic module a normalized, irreducible polynomial f in F_p of degree n. • Important applications of finite fields are the factorization of integers and polynomials (algorithms Berlekamp and Cantor-Zassenhaus). • Another problem is the computation of discrete logarithms: • find a natural number x which satisfies the equation ax = b for given a, b from a finite field.
Primality Tests • An important problem of algorithmic number theory is to decide whether a natural number n is prime or not. • A common procedure is to apply a probabilistic primality test first. • It either certifies that n is composite, or indicates that n is prime with high probability. • In the latter case one uses a deterministic primality test to show that n actually is a prime number. • A first method uses Fermat’s little theorem: let n be prime; then for all natural a with GCD(a, n) = 1, a^(n−1) = 1 mod n holds. • The theorem leads to the following, so-called Fermat test: we choose a random integer 0 < a < n, and compute the GCD of this number with n. • If the result is greater than 1, then we found a divisor of n, therefore n is composite. • Otherwise, we compute a^(n−1) mod n which can be done efficiently by binar exponentiation. • If the result is different from 1 then n has to be composite. • However, the method does not yield a divisor of n. On the other hand, when the result is 1, we have to repeat this step by selecting another integer a. • Provided that n is composite, the procedure almost always terminates after a few iterations • Unfortunately, this is not true for any composite number (e.g. 561). • Fortunately there is a whole class of similar methods which allow to decide whether a given number is composite or probably prime.
Primality Tests • The solution of the second problem, namely to prove that a number which is presumably prime is in fact prime, turns out to be far more difficult, for all practical purposes. • There are two applicable methods, one is based on Jacobi sums, another one uses elliptic curves. • Practical implementations can handle very large numbers. • For example, the primality of (27331 − 1)/458072843161 (2196 digits) has been successfully verified in several days. • The largest known prime numbers are obtained in a different way. They all have a special form, they are so-called Mersenne numbers M_n = 2^n − 1. • For Mersenne numbers, there exists a simple criterion for primality. • First, we define the sequence (e_n)n in IN by e_1 = 4 and e_(k+1) = e_2^k − 2, k >= 1. • The M_n is prime if and only if e_(n−1) = 0 mod M_n. • This method is often used to benchmark the capabilities of supercomputers. • The largest prime number known to date M_6972593 with 2 · 10^6 digits was computed in that manner.
Integer Factorization • The problem of decomposing a large number into its factors has been of special interest to number theorist for quite some time. • During the past twenty years however, the problem also gained considerable practical importance. • The presumption that factoring large integers is difficult became the basis of security in some modern crypto systems. • The most important concurrent methods for factoring are the elliptic curve method (ECM), the quadratic sieve (QS), and the number field sieve (NFS). • While the running time of the last two methods depends on the size of the number n to be factored, the running time of the first method depends on the size of the largest prime factor of n; • therefore it can be used to factor very large numbers with moderate prime factors • The largest prime factor ECM has found so far has 54 decimal digits. • The largest number factored by QS has 129 decimal digits (parallel computers were employed). • QS is implemented in Magma, Pari, LiDIA. • NFS is faster than QS. • Famous records of NFS are the factorization of the ninth Fermat-number 229 + 1 which has 155 decimal digits and the factorization of the 512 bit number RSA-155.
Algebraic Number Fields and Algebraic Function Fields • In the recent years algorithmic algebraic number theory has attracted rapidly increasing interest. • There are several package concentrating on number theoretical calculations. • The most important ones are Kant V4, Pari, Simath. • Almost all parts of Kant V4 and Pari are also contained in the Magma system. • The four principal computational tasks are: the calculation • of the Galois group, • of an integral basis, • of the unit group, and • of the class group. • Methods for determining these invariants are of considerable importance for • the solution of diophantine equations, • the factorization of large integers (using a number field sieve), and • in cryptography (especially for public key cryptosystems).
Galois Groups • The constructive Galois theory is divided into two subproblems: • First there are algorithms to determine the Galois group of a given polynomial (direct problem), • second there are methods to construct polynomials with given Galois group (inverse problem). • For the first problem exponential time algorithms were already used more then one hundred years ago. • Nevertheless until today no general polynomial time algorithm is known. • All practical algorithms use the classification of transitive groups, which is completed up to degree 31. • One method is the resolvent method which uses the factorization of resolvent polynomials which can be computed from the coefficients of the given polynomial. • There is an implementation of this method in Maple up to degree 8. • An alternative method decides if there are integer roots of a polynomial; implementations are available in Pari (up to degree 11) and Kash (up to degree 15).
Rational Points on Elliptic Curves • Elliptic curves and higher dimensional abelian varieties take center stage in algebraic number theory, and in arithmetic algebraic geometry. • They also gain more and more importance in CS, e.g. for factoring large integers and in primality tests. • Being the most basic abelian varieties, namely those of dimension one, elliptic curves are explicitly suited for computation.
Geometry of Numbers • A considerable number of CA problems can be translated into a language of arithmetic lattices, i.e. discrete subgroups L of finite dimensional Euclidean spaces. • In recent years methods of the geometry of numbers were applied, for example, to • problems like the knapsack problem, • Various problems in algebraic number fields (finding a good generating polynomial, calculating fundamental units), • problems of diophantine approximation (prove that given real numbers are not zeros of integer polynomials, whose degree and coefficients are bounded), • providing that factorizing polynomials over number fields is polynomial time, • solving systems of integral linear equations. • When these and other problems are formulated in the language of the geometry of numbers they usually lead to one of the following tasks: • the determination of suitable bases for a lattice as well as any of its sublattices (Hermite and Smith normal forms); • the computation of a lattice basis consisting of short vectors or from a system of generators • the computation of short lattice vectors, or the nearest lattice vector to a given vector; • the computation of successive minima; • the computation of automorphism groups of lattices
Linear systems • The emphasis in computer algebra is primarily on the exact solution of systems over such domains as: • the integers (Diophantine systems); • the field of rational numbers; • a finite field; • the rational numbers extended by some algebraic or transcendental elements. • Basic Gaussian elimination works over any field. • The values computed in elimination methods are minors or quotients of minors of the original matrix. • Thus there can be a severe intermediate expression size swell when the entry field is infinite and exact arithmetic is used. • This problem can be addressed wit a method that uses entries and an integral subring of the field and the Chinese remainder algorithm. • An approach based on determinant identities uses exact division and quotients need not to be stored, saving substantial storage and simplification time. Improvements have been made for sparse systems.
Linear systems • Consider a row operation on an integer matrix R_i gets aR_k + bR_i. • Because of the products, if a and b are the same size as entries, generally the integer sizes will double. • If the matrix is very sparse, the number of nonzero entries on the row will also nearly double. • This problem is compounded if the entries themselves are sparse objects, as is typical if they are multivariate polynomials. • If elimination is used, there is the fill-in and, worse, the growth of expressions can be exponential in the dimensions of the sub-matrices involved. • In such cases, it is more efficient to exploit minor expansion. • In numerical linear system solving a distinction is made between iterative methods and direct methods. • For solving the linear system Ax = b, elimination is direct, exploiting and manipulating the internal structure of the matrix A. • On the other hand, iterative methods generally treat the matrix as a black box, a representation of the linear transformation on vectors, u to Au. • Black box methods are well suited to situations where the cost of the matrix-vector product Au is relatively small (sparse matrices or specific structured matrices like Vandermonde matrices).
Linear systems • For singular systems a number of issues arise. • To provide a basis for the solution plane is asking too much in the context of a sparse system – the basis may require an amount of space quadratic in the input size. • Using some preconditioners a special method can be used to obtain a random sample of the solution manifold. • Possibly inconsistent systems then present yet another problem. • Because of the random preconditioners, when a solution to a singular system is not found, it is desirable to determine whether it is due to inconsistency of the input system or to bad luck in the preconditioners. • This my be resolved by computing an inconsistency certificate.
Algorithms for matrix canonical forms • Canonical forms of matrices are fundamental tools in various domains of algebra. • The fact that they are difficult to compute by means of fixed-precision reals makes them particularly amenable to computer algebra. • For a matrix A over a principal ideal domain R, the Hermite form H = UA is triangular and the Smith form S = V AW is diagonal. • Both forms are obtained by unimodular transformations U, V and W over R. • They are canonical representatives of the equivalence classes of matrices under unimodular pre-multiplication (Hermite) and unimodular pre- and post-multiplication (Smith). • For a square matrix A over a field K, the Frobenius form over K and the Jordan form over an algebraic extension of K, are block diagonal matrices similar to A. • These canonical forms capture and display algebraic and geometric invariants of the matrices under similarity transformations. • The classical theory offers constructive definitions of these forms.