Constructing Small Generating Sets for the Multiplicative Groups of - - PowerPoint PPT Presentation

Constructing Small Generating Sets for the Multiplicative Groups of Algebras over Finite Fields

Ming-Deh Huang, Lian Liu

University of Southern California

ISSAC’16, July 19-22

Motivation

Expander graphs are sparse graphs that are well connected. Intuitively, every small subset of vertices have a relatively large neighborhood.

(a) Petersen graph (b) Barbell graph

Motivation

Properties of expander graphs:

◮ Large edge/vertex expansion; ◮ Small diameter; ◮ Fast mixing; ◮ Non-blocking; ◮ ...

Applications of expander graphs:

◮ Pseudorandom generators &

extractors;

◮ Derandomization; ◮ Error-correcting codes; ◮ Communication networks; ◮ ...

How do we measure the “expansion” of a graph?

Let M be the adjacency matrix of an d-regular graph Γ (either directed

• r undirected), the spectrum of Γ is the sorted sequence of the

eigenvalues of M: d = |λ1| ≥ |λ2| ≥ . . . ≥ |λn|.

Definition (expander)

The eigenvalue of Γ is defined as λ(Γ) := |λ2|. We call a d-regular graph Γ an (n, d, λ)-expander, or simply a λ-expander, if it has n vertices and λ(Γ) ≤ λ. Intuitively, for regular graphs with n and d fixed, smaller eigenvalue implies larger expansion.

How to construct expander graphs?

Two major types of approaches:

◮ Probabilistic constructions; ◮ Explicit constructions.

Most known explicit constructions are based on Cayley graphs.

Definition (Cayley graph)

Let G be a finite abelian group and S ⊆ G be a subset of elements, the Cayley graph Γ(G, S) is a directed graph where

◮ g ∈ V (Γ) iff g ∈ G; ◮ (g, h) ∈ E(Γ) iff sg = h for some s ∈ S.

For simplicity, we say Γ(G, S) is a Cayley graph over G.

Related work

Theorem (Chung)

Given Fq ≃ Fp[x]/f a finite field of q = pd elements. Let S = x + Fp := {x + a|a ∈ Fp}. If √p > n − 1, then Γ(F×

q , S) is an

(n − 1)√p-expander.

Corollary

x + Fp is a generating set for F×

q .

Our results

Part I: Expander construction We present algorithms for constructing expander graphs over B×, where B is a finite algebra of the form B := Fp[x]/F, and F ∈ Fp[x] is not necessarily irreducible. These expander constructions naturally gives different types of generating sets for B×. Part II: Basis construction & decomposition We study the structure of B× and present algorithms for constructing a basis for B× and decomposing elements w.r.t. the basis.

Expander graphs over finite commutative algebras

Notation

For simplicity of the presentation, we will focus on algebras of the form A := Fp[x]/f e, where f ∈ Fp[x] is an irreducible polynomial and e > 1 is an integer. It’s not hard to generalize all results to the general case via the Chinese Remainder isomorphism: ψ :

m

• i=1

(Fp[x]/f ei

i )× ∼

− → (Fp[x]/F)×, where F =

i f ei i .

Eigenvalues of Cayley graphs

Eigenvalues of Cayley graphs are character sums:

Lemma

Let M be the adjacency matrix of Γ(G, S), then the eigenvalues of M are

• f the form

s∈S χ(s), where χ : G ∼

− → C∗ is a character of G.

Upper bounds for character sums

Theorem (Katz, Lenstra, Weil)

Let B be an arbitrary finite n-dimensional commutative Fq-algebra and x be an element of B. If χ is a character of the multiplicative group B× (extended by zero to all of B) which is non-trivial on Fq[x], then

• t∈Fq

χ(t − x)

• ≤ (n − 1)√q

The first small generating set

Since A = Fp[x]/f can be naturally regarded as an Fp-algebra of dimension de, the following theorem is a quick consequence:

Theorem

If √p > de − 1, then Γ(A×, Fp − x) is an (ne − 1)p1/2-expander.

Corollary

If √p > de − 1, then Fp − x is a generating set of A×.

Question

What if p is small but d, e are large?

Embed Fq into A

For the case √p ≤ de − 1, we present an embedding π : Fq ≃ Fp[x]/f ֌ A such that π(Fq) ≃ Fq as fields.

Fq A π

How to compute the embedding?

The embedding π : Fp[x]/f → Fp/f e is computed based on

Lemma

For each a0 ∈ F×

q , there exists a unique a ∈ A× such that

• a = a0

(mod f ), aq−1 = a0 (mod f e). Given a0, we assume π(a0) = a = d−1

i=1 aif i, where deg ai < d for all i.

We show that each ai is uniquely determined, and can be computed efficiently.

Expander graphs over A× and generating sets

The embedding gives us a way to “enlarge” the ground field of A.

Theorem

If K is a subfield of Fq of size pc where c|d and pc/2 > de/c − 1, then Γ(A×, π(K) − x) is an (de/c − 1)pc/2-expander.

Corollary

If pc/2 > de/c − 1, then π(K) − x is a generating set for A×.

Fp K Fq A p pc pd dim de

c

Basis construction and decomposition

The structure of A×

Consider the map φ : A× → Fp[x]/f s.t. φ(a) = a mod f . It’s easy to see that ker φ = {1 + af | deg a < d(e − 1)}. When p ≥ e, it holds that (1 + af )p = 1 + apf p = 1 (mod pe). Thereby, we have

Lemma

If p ≥ e, then A× = π(F×

q ) × ker φ ≃ Z/(pd − 1)Z ⊕

 

d(e−1)

Z/pZ   .

Basis construction

A× = π(F×

q ) × ker φ. ◮ For the first component, the problem reduces to finding a primitive

element for Fq;

◮ For the second component, we prove that

Lemma

The set {1 + xkf j|0 ≤ k ≤ d − 1, 1 ≤ j ≤ e − 1} forms a basis for ker φ.

Decomposition

Given an element a = d−1

i=0 aif i ∈ A×, we first write a = π(a0) · k,

where k ∈ ker φ.

◮ Clearly, finding the coordinate of a in Z/(pd − 1)Z is equivalent to

finding the discrete-log of a0;

◮ The decomposition of k in d(e−1) Z/pZ can be computed

efficiently via the filteration K1 K2 . . . Ke, where each Kj := {1 + af j mod f e}. We omit the details here.

Experiments and future work

Figure: p = 5, e = 4

1 2 3 4 5 6 7 2 4 6 8 10 log2 (d) c b fit(c) fit(b)

Figure: p = 11, e = 4

1 2 3 4 5 6 7 2 4 6 8 10 log2 (d) c b fit(c) fit(b)

Experiments and future work

Figure: p = 7, e = 3

1 2 3 4 5 6 7 2 4 6 8 10 log2 (d) c b fit(c) fit(b)

Figure: p = 7, e = 5

1 2 3 4 5 6 7 2 4 6 8 10 log2 (d) c b fit(c) fit(b)

Thanks! Questions?