Finding optimal Chudnovsky-Chudnovsky multiplication algorithms - PowerPoint PPT Presentation

Finding optimal Chudnovsky-Chudnovsky multiplication algorithms Matthieu Rambaud Telecom ParisTech, Paris, France WAIFI 2014, Gebze September 27, 2014

Can one do better ? A trick Total : 4 multiplications Matthieu Rambaud – Optimal ChCh algorithms WAIFI 2014, Gebze Sept. 27, 2014 1 / 14 Compute ( ax + b )( cx + d ) = a • cx 2 + ( a • d + b • c ) x + b • d

A trick Total : 4 multiplications Matthieu Rambaud – Optimal ChCh algorithms WAIFI 2014, Gebze Sept. 27, 2014 1 / 14 Can one do better ? Compute ( ax + b )( cx + d ) = a • cx 2 + ( a • d + b • c ) x + b • d

Matthieu Rambaud – Optimal ChCh algorithms A trick WAIFI 2014, Gebze Sept. 27, 2014 2 / 14 Evaluate m 0 = b • d m 1 = ( a + b ) • ( c + d ) m ∞ = a • c Then, ( ax + b )( cx + d ) = m ∞ x 2 + ( m 1 − m 0 − m ∞ ) x + m 0 Total : 3 multiplications

Problem : only q points on F q What happened ? The degree 2 polynomial P(x)=(ax+b)(cx+d) is fully determined by 0 1 Matthieu Rambaud – Optimal ChCh algorithms WAIFI 2014, Gebze Sept. 27, 2014 3 / 14 Lagrange’s interpolation (over R ∪ ∞ ) the 3 evaluations m 0 = P (0) , m 1 = P (1) , m ∞ = P ( ∞ ) . ∞

What happened ? The degree 2 polynomial P(x)=(ax+b)(cx+d) is fully determined by 0 1 Matthieu Rambaud – Optimal ChCh algorithms WAIFI 2014, Gebze Sept. 27, 2014 3 / 14 Lagrange’s interpolation (over R ∪ ∞ ) the 3 evaluations m 0 = P (0) , m 1 = P (1) , m ∞ = P ( ∞ ) . Problem : only q + 1 points on F q ∪ ∞ ∞

Ch&Ch’s interpretation polynomials Sept. 27, 2014 WAIFI 2014, Gebze Matthieu Rambaud – Optimal ChCh algorithms evaluation on: Before sections of F q set: After 4 / 14 curve X = P 1 F q ∪ ∞ ( ax + b ) and D = O X ( ∞ ) ( cx + d ) : divisor G = points 0 , 1 , ∞ [0] + [1] + [ ∞ ]

1 find divisor D ; lift x y to f x , f y in L D . P n ; evaluate the f x P i and f y P i . f x P i f y P i : deg G multiplications. m n to unique g 5 evaluate g at Q to find the product of x and y . 5 ev Q 0 2 find divisor G 3 P ev G compute the m i 4 interpolate m L D D 4 s 3 r ev Q ev Q 1 r 1 ev G Multiply x , y in F q m (Ch&Ch) L ( D + D ) L ( D ) L ( D ) , ev G 2 x , y ∈ ∏ m i =1 F q ( P i ) F q ( Q ) mult. ⊗ deg ( G ) choose Q on X of degree m , fix isomorphism x , y ∈ F q m ∼ = F q ( Q )

P n ; evaluate the f x P i and f y P i . f x P i f y P i : deg G multiplications. m n to unique g 5 evaluate g at Q to find the product of x and y . 5 ev Q 0 2 find divisor G P compute the m i 3 ev G 4 interpolate m L D D 4 s 3 r ev Q ev Q 1 r 1 ev G Multiply x , y in F q m (Ch&Ch) L ( D + D ) L ( D ) L ( D ) , ev G 2 x , y ∈ ∏ m i =1 F q ( P i ) F q ( Q ) mult. ⊗ deg ( G ) choose Q on X of degree m , fix isomorphism x , y ∈ F q m ∼ = F q ( Q ) 1 find divisor D ; lift x , y to f x , f y in L ( D ) .

f x P i f y P i : deg G multiplications. m n to unique g 5 evaluate g at Q to find the product of x and y . 3 D L D 4 interpolate m compute the m i 3 0 ev Q 5 4 s ev G ev Q ev G 1 r 1 r ev Q Multiply x , y in F q m (Ch&Ch) L ( D + D ) L ( D ) L ( D ) , ev G 2 x , y ∈ ∏ m i =1 F q ( P i ) F q ( Q ) mult. ⊗ deg ( G ) choose Q on X of degree m , fix isomorphism x , y ∈ F q m ∼ = F q ( Q ) 1 find divisor D ; lift x , y to f x , f y in L ( D ) . 2 find divisor G = P 1 + . . . + P n ; evaluate the f x ( P i ) and f y ( P i ) .

m n to unique g 5 evaluate g at Q to find the product of x and y . ev G D L D 4 interpolate m 3 0 ev Q 5 4 s ev G 3 1 r r ev Q ev Q 1 Multiply x , y in F q m (Ch&Ch) L ( D + D ) L ( D ) L ( D ) , ev G 2 x , y ∈ ∏ m i =1 F q ( P i ) F q ( Q ) mult. ⊗ deg ( G ) choose Q on X of degree m , fix isomorphism x , y ∈ F q m ∼ = F q ( Q ) 1 find divisor D ; lift x , y to f x , f y in L ( D ) . 2 find divisor G = P 1 + . . . + P n ; evaluate the f x ( P i ) and f y ( P i ) . compute the m i = f x ( P i ) • f y ( P i ) : deg G multiplications.

5 evaluate g at Q to find the product of x and y . 3 3 0 ev Q 5 4 s ev G ev Q ev Q r 1 r 1 ev G Multiply x , y in F q m (Ch&Ch) L ( D + D ) L ( D ) L ( D ) , ev G 2 x , y ∈ ∏ m i =1 F q ( P i ) F q ( Q ) mult. ⊗ deg ( G ) choose Q on X of degree m , fix isomorphism x , y ∈ F q m ∼ = F q ( Q ) 1 find divisor D ; lift x , y to f x , f y in L ( D ) . 2 find divisor G = P 1 + . . . + P n ; evaluate the f x ( P i ) and f y ( P i ) . compute the m i = f x ( P i ) • f y ( P i ) : deg G multiplications. 4 interpolate [ m 1 , · · · , m n ] to unique g ∈ L ( D + D )

5 evaluate g at Q to find the product of x and y . 3 3 0 ev Q 5 4 s ev G ev Q ev Q r 1 r 1 ev G Multiply x , y in F q m (Ch&Ch) L ( D + D ) L ( D ) L ( D ) , ev G 2 x , y ∈ ∏ m i =1 F q ( P i ) F q ( Q ) mult. ⊗ deg ( G ) choose Q on X of degree m , fix isomorphism x , y ∈ F q m ∼ = F q ( Q ) 1 find divisor D ; lift x , y to f x , f y in L ( D ) . 2 find divisor G = P 1 + . . . + P n ; evaluate the f x ( P i ) and f y ( P i ) . compute the m i = f x ( P i ) • f y ( P i ) : deg G multiplications. 4 interpolate [ m 1 , · · · , m n ] to unique g ∈ L ( D + D )

Need more interpolation data ? Before Sept. 27, 2014 WAIFI 2014, Gebze Matthieu Rambaud – Optimal ChCh algorithms y l …Both : y l derivatives of f x F q d 1 degree( P i ) : Evaluation in: After 6 / 14 d � 1 F q [ y ] ” f x ( P i ) ” : value f x ( P i ) at P i up to l � 0 F q d [ y ]

Putting things together ”suitable for interpolation”. Then : Sept. 27, 2014 WAIFI 2014, Gebze Matthieu Rambaud – Optimal ChCh algorithms weighted degree of G q q 7 / 14 X a curve of genus g over F q , Q a point of degree m , D a divisor, Complexity of the algorithm [Randriam 2012, see Th. 2] . y l q F qd [ y ] ( d , l ) the bilinear complexity of the multiplication in Note µ sym G := l 1 P 1 + · · · l n P n [with deg P i = d i ], and suppose ( G , D , Q ) ( m ) � ∑ n ( d i , l i ) µ sym i =1 µ sym

Find suitable ( G , D , Q ) , G of smallest weighted degree

Lowering the weights l d Table: New lower − upper bounds on the µ sym ( d , l ) [see R., §2] 2 \ 2 3 4 5 6 8 9 10 1 7 1 3 6 9 13 15 − 24 − 30 − 33 1 16 − 22 2 9 − 24 3 16 . . . . . . 3 15 − 30 5 . . . . . . . 4 − 21 8 . . . . . . . . 5 11 . . . . . . . . . 6 14 . . . . . . . . . 7 16 − 18 . . . . . . . . . 8 − 22 . . . . . . . . . 9 − 27 . . . . . . . . . 10 − 30 . . . . . . . . .

WAIFI 2014, Gebze Matthieu Rambaud – Optimal ChCh algorithms Sept. 27, 2014 10 / 14 ( G , D , Q ) , G of smallest degree? Best expectable ( G , D , Q ) [see R., Prop. 8 & 10] X a curve of genus g . Assume m > g . Then : criterion for ( G , D , Q ) being ”suitable for interpolation on F q m ” depends only on the classes of G , D , Q in Cl ( X ) . When the case : 1. deg G � 2 m + g − 1 2. …and if this lower bound attained, then deg D = m + g − 1 .

Example [see 4.2] Step 0 : find a curve X having a divisor G of smallest weighted degree, weighted degree 900. ! Matthieu Rambaud – Optimal ChCh algorithms WAIFI 2014, Gebze Sept. 27, 2014 11 / 14 Multiplication in F 2 m , m = 163 : under the constraint deg G � 2 m + g − 1 = 331 (condition 1.). → Exhaustive search on the X 0 ( N ) …Winner : X 0 (71) , with a G of G is not necessarily part of a suitable ( G , D , Q )

Example [see 4.2] Step 1 : Choose a G on X of weighted degree 900. Step 3 : Loop over the classes of random Q of degree m , until Success at first attempt. Matthieu Rambaud – Optimal ChCh algorithms WAIFI 2014, Gebze Sept. 27, 2014 12 / 14 class group : Cl ( X 0 (71)) ∼ Z /315 Z × Z , generators : ( D 1 , D 2 ) . Step 2 deg D must be m + g − 1 = 168 → Loop over the classes : D := i ∗ D 1 + 168 ∗ D 2 , until l (2 D − G ) = 0 [Theorem 2, condition (i’)]. → Success for i = 2 . l ( D − Q ) = 0 [Theorem 2, condition (ii’) & Footnote 16] → → 900 is a new upper bound for the multiplication in F 2 163 .

13 / 14 2486 . . 1654 . . . . . . 3555 . . Matthieu Rambaud – Optimal ChCh algorithms WAIFI 2014, Gebze Sept. 27, 2014 1335 . 900 6 1 (ECs) 2 . . 3 4 5 Search on the curves X 0 ( N ) , N = 0 . . . 1000 − → new bounds: ( m ) , sorted by the genus of curves used Table: New upper bounds on µ sym 2 m \ g 163 905 903 901 233 1339 1336 283 1661 1660 409 2492 2491 571 3562 3561 3560

HIDDEN QUESTION : points in every class ? …see footnotes 17 & 21