Math question [polynomial division]

Main Page | Report this Page

Science Forum Index » Cryptography Forum » Math question [polynomial division]

Page 1 of 1

Author

Message

Tom St Denis

Posted: Mon Dec 29, 2003 12:57 pm

Guest

Howdy all,

I'm in the middle of fullfilling my promise to write a polynomial basis
library [uses LTM for math] and I came into an interesting dilema.

Essentially I represent the polymials as a "higher order mp_int" where I
have an array of mp_ints, a used/alloc counter and an mp_int for the
characteristic. As an "added complementary bonus gift while supplies last"
I allow characteristic zero polynomials. Essentially over the ring Z^k[x]
for char=0 or GF(p^k)[x] for char=p.

The problem now is that division cannot always be computed in the first
instance [as I understand it, and well as I understand math isn't saying
much]. Say you have

p(x) = 3x^2 + 4x + 1
and
q(x) = 7x + 9

If you attempt to divide p(x)/v(x) over Z^k[x] there is no solution since
you have to multiply q(x) by (3/7)x and subtract that out to clear the x^2
term. Since 3/7 == 0 over Z you cannot complete this operation for all
polynomials.

I was wondering if my logic is correct and what a suggested course of action
would be. The GF(p^k)[x] case is trivial provided that the coefficients
are units you just multiply by the inverse...

For the curious so far I've written the following functions [none tested
yet... ;-(]

add, sub, mul, copy, exch, init, init_copy, init_size, clear, clamp, grow.

For the v0.01 release I want to get division, gcd, lcm, invmod and a test
harness finished. I wouldn't count on the library being too useful until at
least v0.05 or so... By then I should have the routines ironed more, a
modexpt and some demos...

Tom

Mok-Kong Shen

Posted: Mon Dec 29, 2003 3:28 pm

Guest

Tom St Denis wrote:

Quote:

[snip]
The problem now is that division cannot always be computed in the first
instance [as I understand it, and well as I understand math isn't saying
much]. Say you have

p(x) = 3x^2 + 4x + 1
and
q(x) = 7x + 9

If you attempt to divide p(x)/v(x) over Z^k[x] there is no solution since
you have to multiply q(x) by (3/7)x and subtract that out to clear the x^2
term. Since 3/7 == 0 over Z you cannot complete this operation for all
polynomials.
[snip]

In this case you can't express p(x) as a(x)*q(x)+r(x)
with a(x) and r(x) having integer coefficients. But
what is the practical 'consequence' of that for you?
(What are the applications demanding such expressions?)

M. K. Shen

Marcel Martin

Posted: Mon Dec 29, 2003 6:12 pm

Guest

Mok-Kong Shen a écrit :

Quote:

Exact. That's why we used the so-called pseudo-division:
kP = AQ + R.
A practical use? Computation of GCDs, for instance.

This is somewhat basic and is explained in most books. Notably
in Knuth :-)

mm
--
http://www.ellipsa.net/
mm@ellipsa.no.sp.am.net ( suppress no.sp.am. )

Tom St Denis

Posted: Tue Dec 30, 2003 1:18 am

Guest

"Marcel Martin" <mm@ellipsa.no.sp.am.net> wrote in message
news:3FF0B4F4.348C9C23@ellipsa.no.sp.am.net...

Quote:

Mok-Kong Shen a écrit :
In this case you can't express p(x) as a(x)*q(x)+r(x)
with a(x) and r(x) having integer coefficients. But
what is the practical 'consequence' of that for you?
(What are the applications demanding such expressions?)

Exact. That's why we used the so-called pseudo-division:
kP = AQ + R.
A practical use? Computation of GCDs, for instance.

This is somewhat basic and is explained in most books. Notably
in Knuth Smile

Um maybe I misunderstand this but if you multiply P by k don't you have to
muliply the right side to maintain the equality? Essentially I'd have to
multiply the leading digit of P to form the least common multiple between
the digit of P and A. But I'd have to repeat this for every digit of the
quotient. Is that mathematically valid? The pseudo code would be like

G = 1
for n from ||P|| downto ||A|| do
L = LCM(P.leading, A.leading);
G = G * L/P.leading
P = P * L/P.leading
C = P.leading/A.leading
Q = Q + C*x^{||P|| - ||A||}
P = P - C*x^{||P|| - ||A|} * A
endfor

Where ||.|| is the number of coefficients in the polynomial. So we find the
LCM of the two, put that in L, then find out what we have to multiply P by
to get L, then add that as the leading digit an subtract from P.

At the end of the algorithm I've multiplied P by G to form the quotient.
Does this mean that the quotient is G times too big? Let's try this with

p(x) = 3x^2 + 4x + 1
and
q(x) = 7x + 9

So the LCM of 3,7 is 21 so multiply p by 7 to get

21x^2 + 28x + 7

now subtract 3x*q(x) to get p(x) - 3x*q(x) = 1x + 7, G = 7

now LCM of 1,7 is 7 again, so multiply p(x) by 7 to get

p(x) = 7x + 49

now subtract q(x) to get p(x) - q(x) = 42, G = 49

Now I'm a bit lost... seems the quotient is what, 3x + 1 and the remainder
is 42. But clearly (7x + 9)(3x + 1) = 21x^2 + 34x + 9 + 42 = 21x^2 + 34x +
51 is not equal to the original dividend.

---- also ---

So far I've implemented quite a few of the basics [division for char!=0 case
only] but I'm stuck on some issues. Everything seems to work well except
for gcd and invmod. First, when computing the gcd I use the characteristic
of the destination polynomial [just easier that way]. The trouble though is
that for any g(x) in GF(p^k)[x] there are at least p GCDs since any h(x) = k
where 1 <= k < p will "divide" g(x) and produce a zero remainder.

In all cases my gcd produces results which even divide the inputs. The
question though is, is it meaningful? How do I handle the trivial cases?
Do I just merge them all into one case? I'd say the operation should be
meaninful since it's part of the definition of irreducible.

Could someone test this in another system for me... I want to know the GCD
of

(x^2 - 1) and 5*x^4+5*x^3+7*x^2+8*x+1

over GF(17)[x]

I get 13x + 13 as the GCD and it does divide both over GF(17)[x] where

(x^2 - 1)/(13x + 13) = 4x + 13
and
(5*x^4+5*x^3+7*x^2+8*x+1)/(13x + 13) = 3x^3 + 11x + 4

(both divisions verified by Maple).

However, when I try polynomials which are irreducible such as

x^2 + 4

against say

x + 1

I get a GCD of 5 where I should expect 1 (since x^2 + 4 is irreducible over
GF(17)[x] the poly x+1 cannot divide it).

My GCD code is the trivial mod method e.g.

while (b != 0) {
r = a mod b
a = b
b = r
}
return a

Any tips or suggestions?

I've put a beta image of the source tree up on my website
[http://iahu.ca:8080/ltp-beta.tar.bz2]. As with my other LT projects this
is totally public domain.

As soon as I sort out my gcd/invmod woes I'll get some documentation ready
for v0.01 and release it...

Thanks,
Tom

Mok-Kong Shen

Posted: Tue Dec 30, 2003 4:20 am

Guest

Tom St Denis wrote:

Quote:

"Marcel Martin" <mm@ellipsa.no.sp.am.net> wrote:

Mok-Kong Shen a écrit :
In this case you can't express p(x) as a(x)*q(x)+r(x)
with a(x) and r(x) having integer coefficients. But
what is the practical 'consequence' of that for you?
(What are the applications demanding such expressions?)

Exact. That's why we used the so-called pseudo-division:
kP = AQ + R.
A practical use? Computation of GCDs, for instance.

This is somewhat basic and is explained in most books. Notably
in Knuth :-)

Um maybe I misunderstand this but if you multiply P by k don't you have to
muliply the right side to maintain the equality? Essentially I'd have to
multiply the leading digit of P to form the least common multiple between
the digit of P and A. But I'd have to repeat this for every digit of the
quotient. Is that mathematically valid? The pseudo code would be like
[snip]

Maybe I misunderstood you, but you multiply the 'whole'
of P(x) (not just any part of P(x)) with an integer and
treat it as if this was given instead of the original
P(x), so that the division is now possible.

M. K. Shen

Mok-Kong Shen

Posted: Tue Dec 30, 2003 4:27 am

Guest

Mok-Kong Shen wrote:

Quote:

Tom St Denis wrote:

"Marcel Martin" <mm@ellipsa.no.sp.am.net> wrote:

Mok-Kong Shen a écrit :
In this case you can't express p(x) as a(x)*q(x)+r(x)
with a(x) and r(x) having integer coefficients. But
what is the practical 'consequence' of that for you?
(What are the applications demanding such expressions?)

Exact. That's why we used the so-called pseudo-division:
kP = AQ + R.
A practical use? Computation of GCDs, for instance.

This is somewhat basic and is explained in most books. Notably
in Knuth :-)

Um maybe I misunderstand this but if you multiply P by k don't you have to
muliply the right side to maintain the equality? Essentially I'd have to
multiply the leading digit of P to form the least common multiple between
the digit of P and A. But I'd have to repeat this for every digit of the
quotient. Is that mathematically valid? The pseudo code would be like
[snip]

Maybe I misunderstood you, but you multiply the 'whole'
of P(x) (not just any part of P(x)) with an integer and
treat it as if this was given instead of the original
P(x), so that the division is now possible.

Sorry, I mean eliminating the leading term of P(x) is
now possible.

M. K. Shen

Gregory G Rose

Posted: Tue Dec 30, 2003 11:47 am

Guest

In article <zM8Ib.2272$INs.322@twister01.bloor.is.net.cable.rogers.com>,
Tom St Denis <tomstdenis@iahu.ca> wrote:
<At the end of the algorithm I've multiplied P by G to form the quotient.
<Does this mean that the quotient is G times too big? Let's try this with
<
<p(x) = 3x^2 + 4x + 1
<and
<q(x) = 7x + 9
<
<So the LCM of 3,7 is 21 so multiply p by 7 to get
<
<21x^2 + 28x + 7
<
<now subtract 3x*q(x) to get p(x) - 3x*q(x) = 1x + 7, G = 7
<
<now LCM of 1,7 is 7 again, so multiply p(x) by 7 to get

I think that here, you're overlooking the original
p(x)... which also has to be multiplied by 7
(again).

<p(x) = 7x + 49
<
<now subtract q(x) to get p(x) - q(x) = 42, G = 49

That should be 40, not 42; after all, it isn't the
answer to life, the universe, and everything.

<Now I'm a bit lost... seems the quotient is what, 3x + 1 and the remainder
<is 42. But clearly (7x + 9)(3x + 1) = 21x^2 + 34x + 9 + 42 = 21x^2 + 34x +
<51 is not equal to the original dividend.

The equation should now be:
49*p(x) = (21x + 1)q(x) + 40
147x^2 + 196x + 49 = (21x + 1)(7x + 9) + 40
147x^2 + 7x + 189x + 9 + 40
147x^2 + 196x + 49

N'est-ce pas?

Greg.
--
Greg Rose
232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
Qualcomm Australia: http://www.qualcomm.com.au

Tom St Denis

Posted: Tue Dec 30, 2003 11:57 am

Guest

"Gregory G Rose" <ggr@qualcomm.com> wrote in message
news:bssa7b$37d@qualcomm.com...

Quote:

But p(x) = 1x + 7 is the remainder of 7*p(x) - 3x*q(x) [for the original
p(x)]

Quote:

p(x) = 7x + 49

now subtract q(x) to get p(x) - q(x) = 42, G = 49

That should be 40, not 42; after all, it isn't the
answer to life, the universe, and everything.

Hehehe, oops yeah.

Quote:

Now I'm a bit lost... seems the quotient is what, 3x + 1 and the
remainder
is 42. But clearly (7x + 9)(3x + 1) = 21x^2 + 34x + 9 + 42 = 21x^2 + 34x
+
51 is not equal to the original dividend.

The equation should now be:
49*p(x) = (21x + 1)q(x) + 40

Where did 21x + 1 come from? Does 21x from the fact that you multiply p(x)
by 7 and the quotient coefficient is 3, 3*7=21? But you multiply the p(x)
by 7 to get the last digit too, so why isn't it 21x + 7 ?

Quote:

147x^2 + 196x + 49 = (21x + 1)(7x + 9) + 40
147x^2 + 7x + 189x + 9 + 40
147x^2 + 196x + 49

N'est-ce pas?

Whoosh.... I'll sort it out eventually.

Thanks!

Tom

Gregory G Rose

Posted: Tue Dec 30, 2003 12:01 pm

Guest

In article <L7iIb.169640$2We1.59640@news04.bloor.is.net.cable.rogers.com>,
Tom St Denis <tomstdenis@iahu.ca> wrote:

Quote:

"Gregory G Rose" <ggr@qualcomm.com> wrote in message
news:bssa7b$37d@qualcomm.com...
In article <zM8Ib.2272$INs.322@twister01.bloor.is.net.cable.rogers.com>,
Tom St Denis <tomstdenis@iahu.ca> wrote:
At the end of the algorithm I've multiplied P by G to form the quotient.
Does this mean that the quotient is G times too big? Let's try this with

p(x) = 3x^2 + 4x + 1
and
q(x) = 7x + 9

So the LCM of 3,7 is 21 so multiply p by 7 to get

21x^2 + 28x + 7

now subtract 3x*q(x) to get p(x) - 3x*q(x) = 1x + 7, G = 7

now LCM of 1,7 is 7 again, so multiply p(x) by 7 to get

I think that here, you're overlooking the original
p(x)... which also has to be multiplied by 7
(again).

But p(x) = 1x + 7 is the remainder of 7*p(x) - 3x*q(x) [for the original
p(x)]

p(x) = 7x + 49

now subtract q(x) to get p(x) - q(x) = 42, G = 49

That should be 40, not 42; after all, it isn't the
answer to life, the universe, and everything.

Hehehe, oops yeah.

Now I'm a bit lost... seems the quotient is what, 3x + 1 and the
remainder
is 42. But clearly (7x + 9)(3x + 1) = 21x^2 + 34x + 9 + 42 = 21x^2 + 34x
+
51 is not equal to the original dividend.

The equation should now be:
49*p(x) = (21x + 1)q(x) + 40

Where did 21x + 1 come from? Does 21x from the fact that you multiply p(x)
by 7 and the quotient coefficient is 3, 3*7=21? But you multiply the p(x)
by 7 to get the last digit too, so why isn't it 21x + 7 ?

Ah, you needed to multiply the 3x by seven to
adjust the leading coefficients, but that happens
*before* you subtract (one times) q(x).

Quote:

147x^2 + 196x + 49 = (21x + 1)(7x + 9) + 40
147x^2 + 7x + 189x + 9 + 40
147x^2 + 196x + 49

N'est-ce pas?

Whoosh.... I'll sort it out eventually.

Thanks!

Tom

Greg.
--
Greg Rose
232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
Qualcomm Australia: http://www.qualcomm.com.au

Marcel Martin

Posted: Tue Dec 30, 2003 2:00 pm

Guest

Gregory G Rose a écrit :

Quote:

In article <zM8Ib.2272$INs.322@twister01.bloor.is.net.cable.rogers.com>,
Tom St Denis <tomstdenis@iahu.ca> wrote:
At the end of the algorithm I've multiplied P by G to form the quotient.
Does this mean that the quotient is G times too big? Let's try this with

p(x) = 3x^2 + 4x + 1
and
q(x) = 7x + 9

So the LCM of 3,7 is 21 so multiply p by 7 to get

21x^2 + 28x + 7

now subtract 3x*q(x) to get p(x) - 3x*q(x) = 1x + 7, G = 7

now LCM of 1,7 is 7 again, so multiply p(x) by 7 to get

I think that here, you're overlooking the original
p(x)... which also has to be multiplied by 7
(again).

p(x) = 7x + 49

now subtract q(x) to get p(x) - q(x) = 42, G = 49

That should be 40, not 42; after all, it isn't the
answer to life, the universe, and everything.

Now I'm a bit lost... seems the quotient is what, 3x + 1 and the remainder
is 42. But clearly (7x + 9)(3x + 1) = 21x^2 + 34x + 9 + 42 = 21x^2 + 34x +
51 is not equal to the original dividend.

The equation should now be:
49*p(x) = (21x + 1)q(x) + 40
147x^2 + 196x + 49 = (21x + 1)(7x + 9) + 40
147x^2 + 7x + 189x + 9 + 40
147x^2 + 196x + 49

N'est-ce pas?

Tout à fait :-)

When multiplying the intermediate remainders, one must also multiply
the intermediate quotients (assuming the final quotient is wanted).

mm
--
http://www.ellipsa.net/
mm@ellipsa.no.sp.am.net ( suppress no.sp.am. )

Tom St Denis

Posted: Tue Dec 30, 2003 2:04 pm

Guest

"Marcel Martin" <mm@ellipsa.no.sp.am.net> wrote in message
news:3FF1CB37.B7CD45EB@ellipsa.no.sp.am.net...

Quote:

Tout à fait :-)

When multiplying the intermediate remainders, one must also multiply
the intermediate quotients (assuming the final quotient is wanted).

C'est bien, c'est bien! Merci beaucoup!

Thanks to both of you for explaining it to me.

Tom

Tom St Denis

Posted: Tue Dec 30, 2003 2:43 pm

Guest

"Marcel Martin" <mm@ellipsa.no.sp.am.net> wrote in message
news:3FF1CB37.B7CD45EB@ellipsa.no.sp.am.net...

Quote:

When multiplying the intermediate remainders, one must also multiply
the intermediate quotients (assuming the final quotient is wanted).

One more lingering question...

In the case of our answer there

Q = 21x + 1
R = 40

What would be the point of this? Obvious the GCD over Z[x] is 1 since the
factors of the dividend are (x+1)(3x + 1) neither of which are a multiple[or
divisor] of 7x + 9

If we used the trivial algorithm, e.g.

A = 3x^2 + 4x + 1
B = 7x + 9

while (B > 0) {
r = A mod B
A = B
B = r
}

we get

1. r = A mod B = 40, A = B, A = 7x + 9, B = r, B = 40

(7x + 9)/40 ...

So multiply A by 40 to get 280x + 360, subtract 7x*40 to get 360, which
divides nicely to 9, remainder zero.

2. r = A mod B = 0, A = B, A = 40, B = r, B = 0

3. Terminate, return A

so the GCD of the two is apparently 40?

But over Z[x] 40 doesn't divide either!!

Obviously I'm missing something [like say an undergrad education, ba da dum,
rimshot!] but I'd say the GCD really ought to be 1.

Tom

Mok-Kong Shen

Posted: Tue Dec 30, 2003 3:01 pm

Guest

Tom St Denis wrote:

Quote:

[snip]
If we used the trivial algorithm, e.g.

A = 3x^2 + 4x + 1
B = 7x + 9

while (B > 0) {
r = A mod B
A = B
B = r
}

we get

1. r = A mod B = 40, A = B, A = 7x + 9, B = r, B = 40
[snip]

Sorry, I am confused. How did you obtain 'r = A mod B = 40'?
As you said in your original post, you couldn't do
the common division operation to get A = q*B + r, right?
(Or what is the q here?) Thanks.

M. K. shen

Giuliano Bertoletti

Posted: Wed Dec 31, 2003 5:03 am

Guest

On Tue, 30 Dec 2003 06:18:07 GMT, "Tom St Denis" <tomstdenis@iahu.ca>
wrote:

Quote:

At the end of the algorithm I've multiplied P by G to form the quotient.
Does this mean that the quotient is G times too big?

Yes, but typically when you work with polynomials you don't care of
such a scaling factor which under a mathematical point of view is only
a minor nuissance. For example roots remain the same.

It's like an equation of a line or a plane. It doesn't change anything
if you multiply all vars by a constant factor != 0.

Quote:

---- also ---

So far I've implemented quite a few of the basics [division for char!=0 case
only] but I'm stuck on some issues. Everything seems to work well except
for gcd and invmod. First, when computing the gcd I use the characteristic
of the destination polynomial [just easier that way]. The trouble though is
that for any g(x) in GF(p^k)[x] there are at least p GCDs since any h(x) = k
where 1 <= k < p will "divide" g(x) and produce a zero remainder.

The non uniquiness of the GCD derives from the same problem.

The idea is that while in Z, d=GCD(a,b) is defined as the greatest
integer which divides both a and b (this indirectly solves the problem
of choosing between +ABS(d) and -ABS(d) which apparently are both
reasonable) , in the polys domain an order is not defined and
therefore you have to elect a candidate yourself.

This is particulary evident when you work over Q (rational numbers).

So, to make a long story short, the norm is typically used to define a
GCD, which in other words means you should take the GCD with the unit
coefficient as leading one (when possible).

Quote:

In all cases my gcd produces results which even divide the inputs. The
question though is, is it meaningful? How do I handle the trivial cases?
Do I just merge them all into one case? I'd say the operation should be
meaninful since it's part of the definition of irreducible.

You have to pay attention about in which domain you're operating in.
For a finite field for example all candidates are equally good, but
since you've a unit available, normalize respect to that.

If you're working on a integral domain like Z, then use
pseudo-division. Take care however that when you switch from Z to Z[x]
you lose the order relation, so while you can normalize over Z[x], you
cannot over Z.

Quote:

However, when I try polynomials which are irreducible such as

x^2 + 4

against say

x + 1

I get a GCD of 5 where I should expect 1 (since x^2 + 4 is irreducible over
GF(17)[x] the poly x+1 cannot divide it).

No, first it's 5 that should divide both x^2+4 and x+1.

Second, you are operating over a finite field and therefore the result
is correct (even if the algorithm probably selected one of the
candidates randomly) because 5 has an inverse modulo 17 and thefore
you can divide both polys (over a field, division is always defined
provided that divisor is not the null element).

The point is that you won't gain back the order relation simply
because in this case deg(5) = 0 and you landed in the ground field.

All these problem however are solved if you take the norm of the
result. In this case you multiply by inv(5) and get the unit.

Regards,
Giuliano Bertoletti.

Page 1 of 1 All times are GMT - 5 Hours The time now is Sat Oct 11, 2008 6:56 am Science Forum Index