Probabilistic verification

Probabilistic verification Mario Szegedy, Rutgers www/cs.rutgers.edu/~szegedy/07540 Lecture 3

Fields • A set F with two operations: + (addition), x (multiplication) • (F, +) is an Abelian group with unit element 0. • (F\{0}, x) is an Abelian group with unit element 1. • For all x, y, z Є F: (x+y)z = xz + yz. (Distributivity) • (We get the same definition if the multiplicative part is not restricted to Abelian.)

Characteristic Let F be a field (finite or infinite). Let U = < 1>+ = {0, 1, 1+1, 1+1+1,…}, if |F| is finite |U| is the characteristic of F. If |U| is infinite then the characteristic is 0. (1 + 1)(1+1+1) = (1+1+1) + (1+ 1 + 1). Similarly, product of any two elements from U is also from U by distributivity. Let |U| = p, finite. Then U is isomorphic with Z/pZ with respect to. addition and multiplication. In this case p is a prime, otherwise F would have a zero divisor, so U= Fp. And Fp is also called the prime subfield of F. LEMMA: If a field (finite or infinite) has finite characteristic p, then p is a prime. A finite field F has positivecharacteristicp for some primep.

Size of a finite field Theorem 1.1The cardinality of F is pn where n = [F :Fp] andFpdenotes the prime subfield of F. Proof. The prime subfield Fp of F is isomorphic to the field Z/pZ of integers mod p. Since the field F is an n-dimensional vector space over Fp for some finite n, it is set-isomorphic to Fpn and thus has cardinality pn.

(Uni-variate) Polynomials P(x) = xn + an-1 xn-1 + … + a1 x + a0 (deg P = n) ais are the coefficients. Roots: P(c) = 0 → P(x) = (x-c) Q(x) (deg Q = n-1) → P(x) can have at most n roots Reducibility: P(x) = Q(x)S(x)(deg Q, deg S < n) If there are no factors Q,S as above, then P is irreducible.

Theorem: the multiplicative group of every finite field is cyclic Let |F| = q. The theorem says that there is g ЄF such that F = { 0, g, g2,…, gq-1 } We need to prove that there is a g with order q-1 (smallest power that is 1). Let ORD(a) = { z | ord(z) = a}. ORD(a) is empty unless a|q-1. LEMMA: | ORD(a) | = φ(a) , where φ(a) is the number of those residue classes mod a That are relatively prime to a. REMARK: The lemma immediately gives the theorem, since φ(q-1)≥ 1.

Proof of the lemma: We proceed by induction on a. ORD(1) = {1}. Consider a > 1. z Є F is a root of xa -1↔ for some a’|a it holds that z ЄORD(a’). → xa -1= Πa’|aΠf Є ORD(a’) (x-f) . → ∑a’|a |ORD(a’)| = a. From the inductional hypothesis: |ORD(a)| = a -∑a’|a; a’<a φ(a) . To prove |ORD(a)| = φ(a) it is sufficient to show that: LEMMA:∑a’|a φ(a) = a. Proof of the lemma: Classify all numbers in {1,2,…,a} according to its greatest common divisor with a, and for every b|a let β(b) = | { z | (a,z) = b}|. Clearly, ∑b|a β(b) = a. We claimβ(b) = φ(a/b). (If so, we are done, since {a/b | b|a} = {b | b|a}). Indeed, (a,z) = b ↔ z = λb, where (λ, a/b) = 1.

Field extensions Transcendental extension: F(x) = { q(x)/r(x), where q,r are polynomials} Algebraic extension (with a root of some irreducible polynomial, s(x)): F(α) = {q(x) | q is a polynomial over F such that deg q < deg s} q(α) ↔ q(x) mod s(x) Alternative notation: F(α) ↔ F[x]/(s(x)) Inverse of r(x) for an algebraic extension: If xists r’(x) such that r’(x) r(x) + s’(x)s(x) = 1 → r’(x) r(x) = 1 (mod s(x)) → r’ = r-1

Splitting field F’ is the splitting field of a polynomial r(x) in F 1. if r(x) decomposes into linear factors in F’. 2. F’ is the smallest field with this property Remark: if (r’(x),r(x)) = 1, then all linear factors are different.

Linear spaces (classical approach) S = Fn(dimension =n) S = {(x1,x2,…,xn) | xi ЄF } Subspace: S’ ≤ S, iff S’ is closed under linear combinations: x,yЄ S → λx + μyЄ S

Affine subspaces 1 dimensional affine subspaces = lines Lx,y = { x+λy | λЄ F } 2 dimensionalaffine subspaces = planes Px,y,z = { x+λy+μz | λ,μЄ F } n-1 dimensionalaffine subspaces = hyperplanes S = { a1x1 + a2x2 + … + anxn =b}

Probabilistic verification