33,239 research outputs found
Doctor of Philosophy
dissertationWith the spread of internet and mobile devices, transferring information safely and securely has become more important than ever. Finite fields have widespread applications in such domains, such as in cryptography, error correction codes, among many others. In most finite field applications, the field size - and therefore the bit-width of the operands - can be very large. The high complexity of arithmetic operations over such large fields requires circuits to be (semi-) custom designed. This raises the potential for errors/bugs in the implementation, which can be maliciously exploited and can compromise the security of such systems. Formal verification of finite field arithmetic circuits has therefore become an imperative. This dissertation targets the problem of formal verification of hardware implementations of combinational arithmetic circuits over finite fields of the type F2k . Two specific problems are addressed: i) verifying the correctness of a custom-designed arithmetic circuit implementation against a given word-level polynomial specification over F2k ; and ii) gate-level equivalence checking of two different arithmetic circuit implementations. This dissertation proposes polynomial abstractions over finite fields to model and represent the circuit constraints. Subsequently, decision procedures based on modern computer algebra techniques - notably, Gr¨obner bases-related theory and technology - are engineered to solve the verification problem efficiently. The arithmetic circuit is modeled as a polynomial system in the ring F2k [x1, x2, · · · , xd], and computer algebrabased results (Hilbert's Nullstellensatz) over finite fields are exploited for verification. Using our approach, experiments are performed on a variety of custom-designed finite field arithmetic benchmark circuits. The results are also compared against contemporary methods, based on SAT and SMT solvers, BDDs, and AIG-based methods. Our tools can verify the correctness of, and detect bugs in, up to 163-bit circuits in F2163 , whereas contemporary approaches are infeasible beyond 48-bit circuits
Software Engineering and Complexity in Effective Algebraic Geometry
We introduce the notion of a robust parameterized arithmetic circuit for the
evaluation of algebraic families of multivariate polynomials. Based on this
notion, we present a computation model, adapted to Scientific Computing, which
captures all known branching parsimonious symbolic algorithms in effective
Algebraic Geometry. We justify this model by arguments from Software
Engineering. Finally we exhibit a class of simple elimination problems of
effective Algebraic Geometry which require exponential time to be solved by
branching parsimonious algorithms of our computation model.Comment: 70 pages. arXiv admin note: substantial text overlap with
arXiv:1201.434
Evaluating Matrix Circuits
The circuit evaluation problem (also known as the compressed word problem)
for finitely generated linear groups is studied. The best upper bound for this
problem is , which is shown by a reduction to polynomial
identity testing. Conversely, the compressed word problem for the linear group
is equivalent to polynomial identity testing. In
the paper, it is shown that the compressed word problem for every finitely
generated nilpotent group is in . Within
the larger class of polycyclic groups we find examples where the compressed
word problem is at least as hard as polynomial identity testing for skew
arithmetic circuits
Consistency of circuit lower bounds with bounded theories
Proving that there are problems in that require
boolean circuits of super-linear size is a major frontier in complexity theory.
While such lower bounds are known for larger complexity classes, existing
results only show that the corresponding problems are hard on infinitely many
input lengths. For instance, proving almost-everywhere circuit lower bounds is
open even for problems in . Giving the notorious difficulty of
proving lower bounds that hold for all large input lengths, we ask the
following question: Can we show that a large set of techniques cannot prove
that is easy infinitely often? Motivated by this and related
questions about the interaction between mathematical proofs and computations,
we investigate circuit complexity from the perspective of logic.
Among other results, we prove that for any parameter it is
consistent with theory that computational class , where is one of
the pairs: and , and , and
. In other words, these theories cannot establish
infinitely often circuit upper bounds for the corresponding problems. This is
of interest because the weaker theory already formalizes
sophisticated arguments, such as a proof of the PCP Theorem. These consistency
statements are unconditional and improve on earlier theorems of [KO17] and
[BM18] on the consistency of lower bounds with
Arithmetic circuits: the chasm at depth four gets wider
In their paper on the "chasm at depth four", Agrawal and Vinay have shown
that polynomials in m variables of degree O(m) which admit arithmetic circuits
of size 2^o(m) also admit arithmetic circuits of depth four and size 2^o(m).
This theorem shows that for problems such as arithmetic circuit lower bounds or
black-box derandomization of identity testing, the case of depth four circuits
is in a certain sense the general case. In this paper we show that smaller
depth four circuits can be obtained if we start from polynomial size arithmetic
circuits. For instance, we show that if the permanent of n*n matrices has
circuits of size polynomial in n, then it also has depth 4 circuits of size
n^O(sqrt(n)*log(n)). Our depth four circuits use integer constants of
polynomial size. These results have potential applications to lower bounds and
deterministic identity testing, in particular for sums of products of sparse
univariate polynomials. We also give an application to boolean circuit
complexity, and a simple (but suboptimal) reduction to polylogarithmic depth
for arithmetic circuits of polynomial size and polynomially bounded degree
Shallow Circuits with High-Powered Inputs
A polynomial identity testing algorithm must determine whether an input
polynomial (given for instance by an arithmetic circuit) is identically equal
to 0. In this paper, we show that a deterministic black-box identity testing
algorithm for (high-degree) univariate polynomials would imply a lower bound on
the arithmetic complexity of the permanent. The lower bounds that are known to
follow from derandomization of (low-degree) multivariate identity testing are
weaker. To obtain our lower bound it would be sufficient to derandomize
identity testing for polynomials of a very specific norm: sums of products of
sparse polynomials with sparse coefficients. This observation leads to new
versions of the Shub-Smale tau-conjecture on integer roots of univariate
polynomials. In particular, we show that a lower bound for the permanent would
follow if one could give a good enough bound on the number of real roots of
sums of products of sparse polynomials (Descartes' rule of signs gives such a
bound for sparse polynomials and products thereof). In this third version of
our paper we show that the same lower bound would follow even if one could only
prove a slightly superpolynomial upper bound on the number of real roots. This
is a consequence of a new result on reduction to depth 4 for arithmetic
circuits which we establish in a companion paper. We also show that an even
weaker bound on the number of real roots would suffice to obtain a lower bound
on the size of depth 4 circuits computing the permanent.Comment: A few typos correcte
- …