Fast Polynomial Multiplication over F_(2^60)

Can post-Schönhage–Strassen multiplication algorithms be competitive in practice for large input sizes? So far, the GMP library still outperforms all implementations of the recent, asymptotically more efficient algorithms for integer multiplication by Fürer, De–Kurur–Saha–Saptharishi, and ourselves. In this paper, we show how central ideas of our recent asymptotically fast algorithms turn out to be of practical interest for multiplication of polynomials over finite fields of characteristic two. Our Mathemagix implementation is based on the automatic generation of assembly codelets. It outperforms existing implementations in large degree, especially for polynomial matrix multiplication over finite fields

Decoding Generalized Reed-Solomon Codes and Its Application to RLCE Encryption Schemes

This paper compares the efficiency of various algorithms for implementing quantum resistant public key encryption scheme RLCE on 64-bit CPUs. By optimizing various algorithms for polynomial and matrix operations over finite fields, we obtained several interesting (or even surprising) results. For example, it is well known (e.g., Moenck 1976 \cite{moenck1976practical}) that Karatsuba's algorithm outperforms classical polynomial multiplication algorithm from the degree 15 and above (practically, Karatsuba's algorithm only outperforms classical polynomial multiplication algorithm from the degree 35 and above ). Our experiments show that 64-bit optimized Karatsuba's algorithm will only outperform 64-bit optimized classical polynomial multiplication algorithm for polynomials of degree 115 and above over finite field $GF(2^{10})$. The second interesting (surprising) result shows that 64-bit optimized Chien's search algorithm ourperforms all other 64-bit optimized polynomial root finding algorithms such as BTA and FFT for polynomials of all degrees over finite field $GF(2^{10})$. The third interesting (surprising) result shows that 64-bit optimized Strassen matrix multiplication algorithm only outperforms 64-bit optimized classical matrix multiplication algorithm for matrices of dimension 750 and above over finite field $GF(2^{10})$. It should be noted that existing literatures and practices recommend Strassen matrix multiplication algorithm for matrices of dimension 40 and above. All our experiments are done on a 64-bit MacBook Pro with i7 CPU and single thread C codes. It should be noted that the reported results should be appliable to 64 or larger bits CPU architectures. For 32 or smaller bits CPUs, these results may not be applicable. The source code and library for the algorithms covered in this paper are available at http://quantumca.org/

PUBLIC KEY CRYPTOGRAPHY USING PERMUTATION P-POLYNOMIALS OVER FINITE FIELDS

In this paper we propose an efficient multivariate public key cryptosystem based on permutation p-polynomials over finite fields. We first characterize a class of permutation p-polynomials over finite fields $F_{q^{m}}$ and then construct a trapdoor function using this class of permutation p-polynomials. The complexity of encryption in our public key cryptosystem is $O(m^{3})$ multiplication which is equivalent to other multivariate public key cryptosystems. However the decryption is much faster than other multivariate public key cryptosystems. In decryption we need $O(m^{2})$ left cyclic shifts and $O(m^{2})$ xor operations

Deterministic root finding over finite fields using Graeffe transforms

We design new deterministic algorithms, based on Graeffe transforms, to compute all the roots of a polynomial which splits over a finite field F q . Our algorithms were designed to be particularly efficient in the case when the cardinality q − 1 of the multiplicative group of F q is smooth. Such fields are often used in practice because they support fast discrete Fourier transforms. We also present a new nearly optimal algorithm for computing characteristic polynomials of multiplication endomorphisms in finite field extensions. This algorithm allows for the efficient computation of Graeffe transforms of arbitrary orders

The parity of the number of irreducible factors for some pentanomials

AbstractIt is well known that the Stickelberger–Swan theorem is very important for determining the reducibility of polynomials over a binary field. Using this theorem the parity of the number of irreducible factors for some kinds of polynomials over a binary field, for instance, trinomials, tetranomials, self-reciprocal polynomials and so on was determined. We discuss this problem for Type II pentanomials, namely xm+xn+2+xn+1+xn+1∈F2[x] for even m. Such pentanomials can be used for the efficient implementation of multiplication in finite fields of characteristic two. Based on the computation of the discriminant of these pentanomials with integer coefficients, we will characterize the parity of the number of irreducible factors over F2 and establish necessary conditions for the existence of this kind of irreducible pentanomials.Our results have been obtained in an experimental way by computing a significant number of values with Mathematica and extracting the relevant properties

On the Limits of Depth Reduction at Depth 3 Over Small Finite Fields

Recently, Gupta et.al. [GKKS2013] proved that over Q any $n^{O(1)}$-variate and $n$-degree polynomial in VP can also be computed by a depth three $\Sigma\Pi\Sigma$ circuit of size $2^{O(\sqrt{n}\log^{3/2}n)}$. Over fixed-size finite fields, Grigoriev and Karpinski proved that any $\Sigma\Pi\Sigma$ circuit that computes $Det_n$ (or $Perm_n$) must be of size $2^{\Omega(n)}$ [GK1998]. In this paper, we prove that over fixed-size finite fields, any $\Sigma\Pi\Sigma$ circuit for computing the iterated matrix multiplication polynomial of $n$ generic matrices of size $n\times n$, must be of size $2^{\Omega(n\log n)}$. The importance of this result is that over fixed-size fields there is no depth reduction technique that can be used to compute all the $n^{O(1)}$-variate and $n$-degree polynomials in VP by depth 3 circuits of size $2^{o(n\log n)}$. The result [GK1998] can only rule out such a possibility for depth 3 circuits of size $2^{o(n)}$. We also give an example of an explicit polynomial ($NW_{n,\epsilon}(X)$) in VNP (not known to be in VP), for which any $\Sigma\Pi\Sigma$ circuit computing it (over fixed-size fields) must be of size $2^{\Omega(n\log n)}$. The polynomial we consider is constructed from the combinatorial design. An interesting feature of this result is that we get the first examples of two polynomials (one in VP and one in VNP) such that they have provably stronger circuit size lower bounds than Permanent in a reasonably strong model of computation. Next, we prove that any depth 4 $\Sigma\Pi^{[O(\sqrt{n})]}\Sigma\Pi^{[\sqrt{n}]}$ circuit computing $NW_{n,\epsilon}(X)$ (over any field) must be of size $2^{\Omega(\sqrt{n}\log n)}$. To the best of our knowledge, the polynomial $NW_{n,\epsilon}(X)$ is the first example of an explicit polynomial in VNP such that it requires $2^{\Omega(\sqrt{n}\log n)}$ size depth four circuits, but no known matching upper bound