Embed Size (px)
Citation preview
Grobner Bases
Martin R. Albrecht
DTU Crypto Group
22 October 2013
Contents
Sage
Polynomial Rings
Ideals
Grobner Bases
Buchberger’s Algorithm
Quotient Rings
Solving Polynomial Systems with Grobner Bases
�e F4 Algorithm
Why not . . .
�is course involves implementing algorithms in multivariate polynomial rings forwhich we will be using the Sage mathematics so�ware.
You already know Maple, so why not use it?
1. I do not knowMaple so I could not help you with problems you might encounter.2. Maple is an expensive piece of so�ware that you might not have access to outside
of this university, cutting you o� the tool you know. Sage does not have thisproblem.
3. Maple is a closed source piece of so�ware which means you cannot study, learnfrom and improve it. �is goes against fundamental principles of reproduciblescience.
Blurb
Sage open-source mathematical so�ware system“Creating a viable free open source alternative to Magma, Maple,Mathematica and Matlab.”
Sage is a free open-source mathematics so�ware system licensed under the GPL. Itcombines the power of many existing open-source packages into a commonPython-based interface.
First release 2005 Latest version 5.11 released 2013-08-13> 300 releases Shell, webbrowser (GUI), library> 180 developers ∼ 100 components> 200 papers cite Sage > 2100 subscribers [sage-support]> 100,000 web visitors/month > 6, 500 downloads/month
Python & Cython
Sage does not come with yet-another ad-hoc mathematical programming language, ituses Python instead.
▸ one of the most widely used programming languages (Google, IML, YouTube,NASA),
▸ easy for you to de�ne your own data types and methods on it (bitstreams,ciphers, rings, whatever),
▸ very clean language that results in easy to read code,▸ a huge number of libraries: statistics, networking, databases, bioinformatic,physics, video games, 3d graphics, numerical computation (scipy), and serious“pure” mathematics (via Sage)
▸ easy to use existing C/C++ libraries from Python (via Cython)
How to use Sage I
Use Sage via▸ as a command line programme,▸ as a webapp hosted on your local computer and▸ as a webapp on the Internet
How to use Sage II
To install Sage on your computer head to
http://sagemath.org
and download the right version for your operating system(Mac OS X, Windows, Linux . . . )
You can then either run Sage on the command line or start a local webapp.
How to use Sage III
Calling sage
How to use Sage IV
Calling sage -notebook
How to use Sage VYou can also use Sage online:
http://www.sagenb.org/ and https://cloud.sagemath.com/
How to use Sage VI
If you just want to do a quick calculation (and share it with others), try
http://aleph.sagemath.org
How to use Sage VII
You can access a Sage 5.10 installed on IMM servers using your account credentials.malb@road :~ $ ssh [email protected]
Password:
Last login: Mon Oct 7 17:20:54 2013 from 10.16.166.157
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
sunray4 :~ $ gridterm
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LC_ALL = (unset),
LC_CTYPE = "iso_8859_1",
LANG = "en_US.utf8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
Last login: Mon Oct 7 17:30:24 CEST 2013 from sunray4.imm.dtu.dk on pts/18
grid03 :~ $ sage
+--------------------------------------------------------------------+
| Sage Version 5.10, Release Date: 2013 -06 -17 |
| Type "notebook ()" for the browser -based notebook interface. |
| Type "help()" for help. |
+--------------------------------------------------------------------+
sage: 1+1
2
Intro to Programming in Sage
Go to Sage Worksheet.
See also
http://sagemath.org/doc/thematic_tutorials/tutorial-programming-python.html
Contents
Sage
Polynomial Rings
Ideals
Grobner Bases
Buchberger’s Algorithm
Quotient Rings
Solving Polynomial Systems with Grobner Bases
�e F4 Algorithm
Notation I
▸ By F we denote any �eld �eld in which we can e�ectively compute, e.g.Q, or▸ Fq is the �nite �eld of order q where q is a prime power, e.g. F23 or F7
▸ P = F[x1 , . . . , xn] is the polynomial ring in x1 , . . . , xn over F.▸ We assume n is �nite in this lecture.
sage: P.<x,y,z> = PolynomialRing(FiniteField (7))sage: f = x*y + 3*y*z -3sage: g = x^2 - 2*y^2sage: f * gx^3*y - 2*x*y^3 + 3*x^2*y*z + y^3*z - 3*x^2 - y^2sage: f + gx^2 + x*y - 2*y^2 + 3*y*z - 3
Notation II
Let f = 3xy + 2, we call
monomials 3xy + 2 ⋅ 1coe�cients 3xy + 2 ⋅ 1
terms 3xy + 2
�is follows [Cox et al., 2007] and is consistent with the usage in Sage.sage: P.<x,y> = PolynomialRing(FiniteField (7))sage: f = 2*x*y +3sage: f.monomials ()[x*y, 1]sage: f.coefficients ()[2, 3]
But [Becker and Weispfenning, 1991] swap the notion of term and monomial.
Monomial Orderings I
We will have to make decisions based on the “leading monomial” of a polynomial,which begs the question what that is.
▸ In F[x] this question is straight-forward: xi > xj i� i > j.▸ But what about F[x, y] is x2 or xy bigger?▸ Hence, we adjoin amonomial ordering to our ring F[x1 , . . . , xn]
Monomial Orderings II
De�nition (Lexicographical)Let
m1 = xα11 xα22 ⋯xαnn with α = (α1 , . . . , αn)
andm2 = xβ11 xβ22 ⋯xβnn with β = (β1 , . . . , βn).
We saym1 >lex m2 if, in the vector di�erence α − β ∈ Zn , the le�most nozero entry ispositive.
Like in the dictionary: �rst you check x, then y . . . .
(0, 5, 3) − (0, 2, 9) = (0, 3,−6)⇒ y5z3 >lex y2z9 ∈ F[x, y, z]
Monomial Orderings III
De�nition (Degree Lexicographical)Let
m1 = xα11 xα22 ⋯xαnn with α = (α1 , . . . , αn)
andm2 = xβ11 xβ22 ⋯xβnn with β = (β1 , . . . , βn).
We saym1 >deglex m2 if,
∣α∣ =n
∑i=1
αi > ∣β∣ =n
∑i=1
βi , or ∣α∣ = ∣β∣ and α >lex β.
We �rst check for degrees and only if those are equal we compare lexicographically.
y2z9 >deglex y5z3 ∈ F[x, y, z]
Monomial Orderings IV
De�nition (Degree Reverse Lexicographical)Let
m1 = xα11 xα22 ⋯xαnn with α = (α1 , . . . , αn)
andm2 = xβ11 xβ22 ⋯xβnn with β = (β1 , . . . , βn).
We saym1 >degrevlex m2 if,
∣α∣ =n
∑i=1
αi > ∣β∣ =n
∑i=1
βi , or
∣α∣ = ∣β∣ and the rightmost nonzero entry of α − β ∈ Zn is negative.
>deglex is not >degrevlex with reversed variables:
x2yz2 >/>degrevlex xy3z vs. x2yz2 >deglex xy3z.
Monomial Orderings V
sage: P.<x,y,z> = PolynomialRing(FiniteField (7), order="lex")sage: x^2*y*z^2 > x*y^3*zTrue
sage: P.<x,y,z> = PolynomialRing(FiniteField (7), order="deglex")sage: x^2*y*z^2 > x*y^3*zTrue
sage: P.<x,y,z> = PolynomialRing(FiniteField (7), order="degrevlex")sage: x^2*y*z^2 > x*y^3*zFalse
Monomial Orderings VI
▸ We write > for any monomial ordering (such as >lex) when it is clear fromcontext which we mean
▸ LM (f ): We call leading monomial of f that monomial in f which is largest wrtto >.
▸ LC (f ), LT (f ): We de�ne the leading coe�cient and leading term of fanalogously.
▸ We extend the notion of > to polynomials f , g in the natural way by comparingLM (f ) and LM (g) �rst and move on to smaller monomials if they are equal.
▸ deg(f ): We call the degree of f the maximal degree of any monomial in f . Inparticular, deg(f ) can be ≠ deg(LM (f )).
Exercises
▸ Construct F7[x, y, z] with term order deglex in Sage▸ Reorder the monomials of f = 4x5yz4 + 2x2y8 − xy4 + xyz3 + 4yz + 3x wrt to the
▸ lexicographical,▸ degree lexicographical and▸ degree reverse lexicographical
ordering. Check your result with Sage.
Polynomial Division I
We will need to divide polynomials (with remainder) later:
Division of monomials is easy: xα11 ⋯xαnn is divisible by xβ11 ⋯xβnn if α − β ≥ (0, . . . , 0)where α = (α1 , . . . , αn) and β = (β1 , . . . , βn).
But what about polynomials?
Polynomial Division II
1 begin2 a1 , . . . , as ← 0, . . . , 0; r ← 0;3 while p ≠ 0 do4 division← False;5 for 1 ≤ i ≤ s do6 if LM (fi) divides LM (p) then7 ai ← ai + LT (p) /LT (fi);8 p← p − LT (p) /LT (fi) ⋅ fi ;9 division← True;10 break;
11 if division = False then12 r ← r + LT (p);13 p← p − LT (p);
Algorithm 1: Polynomial Division
Examplep = 3x2y + 2y2 + x + 1,f1 = 2x2 + 1,f2 = y + 1 ∈ F7[x, y] with deglex
1. x2 ∣ x2y ∶a1 = −2y, p = 2y2 + x + 2y + 1
2. break and jump to line 3.3. y ∣ y2 ∶
a2 = 2y, p = x + 14. break and jump to line 3.5. Neither y nor x2 divide x:
division = False6. r = x, p = 17. Neither y nor x2 divide x:
division = False8. r = x + 1, p = 0
Polynomial Division III
sage: P.<x,y> = PolynomialRing(FiniteField (7), order="deglex")sage: f = 3*x^2*y + 2*y^2 + x + 1sage: f1 = 2*x^2 + 1sage: f2 = y + 1sage: f == (-2*y)*f1 + (2*y)*f2 + (x+1)True
Exercises
▸ Let f = x7y2 + x3y2 − y + 1, f1 = xy2 − x and f2 = x − y3 ∈ F7[x, y] with deglex.Divide f by (f1 , f2). �en use lex and divde again.
▸ Let f = xy2 − x, f1 = xy + 1 and f2 = y2 − 1 ∈ F7[x, y] with >lex .Divide f by (f1 , f2) and by (f2 , f1) and compare the remainders.
▸ Let f = xy2z2 + xy − yz, f1 = x − y2 , f2 = y − z3 and f3 = z2 − 1 ∈ F7[x, y, z] withdeglex.Divide f by (f1 , f2 , f3), (f2 , f3 , f1) and (f3 , f1 , f2) and compare the remainders.
Contents
Sage
Polynomial Rings
Ideals
Grobner Bases
Buchberger’s Algorithm
Quotient Rings
Solving Polynomial Systems with Grobner Bases
�e F4 Algorithm
De�nition
Let I be an ideal ⊂ P.
�at is,▸ 0 ∈ I ,▸ If f , g ∈ I , then f + g ∈ I , and▸ if f ∈ P, g ∈ I , then f ⋅ g ∈ I .
We denote by ⟨f1 , . . . , fs⟩ is the ideal spanned by f1 , . . . , fs , i.e. all
f = a1f1 +⋯ + asfs .
sage: P.<x,y,z> = PolynomialRing(FiniteField (127), order=’deglex ’)sage: I = ideal(x*y + z, y^3 + 1, z^2 - x*5 - 1)sage: (x*y + z) + (y^3 + 1) in ITruesage: x*z*(z^2 - x*5 - 1) in ITrue
Varieties I
De�nitionLet F be a �eld, and let f1 , . . . , fs be polynomials in F[x1 , . . . , xn]. �en we set
V(f1 , . . . , fs) = {(a1 , . . . , an) ∈ Fn∶ fi(a1 , . . . , an) = 0 for all 1 ≤ i ≤ s}.
We call V(f1 , . . . , fs) the a�ne variety de�ned by f1 , . . . , fs .
It’s the set of all solutions to fi(x1 , . . . , xn) = 0 for all 1 ≤ i ≤ s.
For example, f1 = x2 + y2 − 1 ∈ R[x, y] is the unit circle.
Varieties II
LemmaV(I) is an a�ne variety. In particular, if I = ⟨f1 , . . . , fm⟩, then V(I) = V(f1 , . . . , fm).
CorollaryIf f1 , . . . , fs and g1 , . . . , gt are bases of the same ideal in F[x1 , . . . , xn], so that⟨f1 , . . . , fs⟩ = ⟨g1 , . . . , gt⟩, then we have V(f1 , . . . , fs) = V(g1 , . . . , gt).
. . . so �nding a good basis g1 , . . . , gt for ⟨f1 , . . . , fs⟩ such that �ndingV(f1 , . . . , fs) = (g1 , . . . , gt) is easy would allow to solve non-linear systems ofequations.
Varieties III
ExampleConsider I = ⟨x2 + y2 − 1, xy⟩ ∈ F7[x, y]. �e set of all points satisfying allpolynomials in I are (0, 1), (0,−1), (1, 0), (−1, 0).
�e same in Sage:sage: P.<x,y> = PolynomialRing(FiniteField (7))sage: I = Ideal(x^2 + y^2 - 1, x*y)sage: I.variety ()[{y: 0, x: 1}, {y: 0, x: 6}, {y: 1, x: 0}, {y: 6, x: 0}]
Exercises
1. Construct the Ideal I = ⟨xy + 1, y2 − 1⟩ ∈ F7[x, y] in Sage with monomialordering deglex.
2. Show that x + y ∈ I .3. Is {1} an ideal? Is {x + 1, y − 2} an ideal?4. Show that ⟨1⟩ and ⟨x + 1, x − 1, y − 2⟩ are the same.5. What is V({1})?6. What is V(⟨x + 1, y − 1⟩)?7. What is V(x + y, x + 1)?
Contents
Sage
Polynomial Rings
Ideals
Grobner Bases
Buchberger’s Algorithm
Quotient Rings
Solving Polynomial Systems with Grobner Bases
�e F4 Algorithm
De�nition I
De�nition (Grobner Basis)Let I be an ideal in F[x1 , . . . , xn] and �x a monomial ordering. A �nite subset
G = {g1 , . . . , gm} ⊂ I
is said to be a Grobner basis of I if for any f ∈ I there exists gi ∈ G such that
LM (gi) ∣ LM (f ) .
De�nition II
Grobner bases generalise greatest common divisors over F[x]: the GCD divides all itsmultiples.
sage: R.<x> = PolynomialRing(FiniteField (7))sage: f = x^2 + 6sage: I = Ideal(map(P, [R.random_element () * f for _ in range (5)]))sage: I.groebner_basis ()[x^2 - 1]
De�nition III
. . . and row echelon forms over Fn : if y + tail is in the vector space, the row echelonform has an element y + tail′.sage: F = Sequence ([-3*y, -2*x - y - 3*z + 2, x + y + 2*z - 1])sage: F.groebner_basis ()[x - 1, y, z]sage: A,v = F.coefficient_matrix ()sage: A.echelonize ()sage: (A*v).T[x - 1 y z]
De�nition IV
You can use Sage to check if a list of polynomials is a Grobner basis:
sage: P.<x,y,z> = PolynomialRing(FiniteField (7),order="degrevlex")sage: I = Ideal([x*y^2 - z, 2*x^2*y - 2, x*y - z + 1])sage: I.basis_is_groebner ()False
sage: I.groebner_basis ()[y^2 - y - z + 1, y*z - y - z, z^2 - y - 2*z + 1, x - y + 1]
Reduced Grobner Bases I
De�nition (Reduced Grobner Basis)A reduced Grobner basis for a polynomial ideal I is a Grobner basis G such that:1. LC (f ) = 1 for all f ∈ G;2. ∀f ∈ G, /∃ m ∈ the set of monomials of f such thatm is divisible by any
LM (g) ∈ G ∖ {f }.
Reduced Grobner bases generalise reduced row echelon forms:
⎛⎜⎜⎜⎜⎜⎜⎜⎜⎝
2 4 5 6 3 5 2 55 2 2 2 1 0 2
6 5 6 2 1 62 3 6 4 0
3 0 3 11 6
⎞⎟⎟⎟⎟⎟⎟⎟⎟⎠
⇒
⎛⎜⎜⎜⎜⎜⎜⎜⎜⎝
1 0 0 0 0 0 0 11 0 0 0 5 0 6
1 0 0 6 0 11 0 3 0 0
1 0 0 61 6
⎞⎟⎟⎟⎟⎟⎟⎟⎟⎠
Reduced Grobner Bases II
By default, Sage will always computes the reduced Grobner basis when computing aGrobner basis. If a Grobner basis was obtained by other means, the function
MPolynomialIdeal.interreduced_basis ()
can be used to compute the reduced Grobner basis.
sage: rgb = Ideal(gb). interreduced_basis ()
Applications I
Representation Reduced Grobner bases are a unique representation of an ideal withrespect to a monomial ordering. So to check that two ideals are thesame you only need to compute their reduced Grobner bases.sage: P.<x,y,z> = PolynomialRing(FiniteField (7))sage: I = Ideal(P.random_element () for _ in range (5))sage: J = Ideal(P.random_element () for _ in range (5))sage: I = Ideal(f - f((2,3,1)) for f in I.gens ())sage: J = Ideal(f - f((2,3,1)) for f in J.gens ())sage: I.groebner_basis () == J.groebner_basis ()Truesage: I == JTruesage: I.gens() == J.gens()Falsesage: I.groebner_basis ()[x - 2, y - 3, z - 1]
Applications II
Membership �e remainder r of the division of any f ∈ P by G is unique. Hence,we can check whether f ∈ ⟨f1 , . . . , fs⟩ by computing a Grobner basisG = (g1 , . . . , gt) for ⟨f1 , . . . , fs⟩ and check if f
G= 0.
sage: P.<x,y,z> = PolynomialRing(FiniteField (7))sage: I = Ideal(P.random_element () for _ in range (5))sage: I = Ideal(f - f((2,3,1)) for f in I.gens ())
sage: f = P.random_element ()sage: f in IFalse
sage: f = f - f((2,3,1))sage: f in ITrue
sage: f.reduce(I.gens ())2*z^2 + y - 3*z - 2sage: f.reduce(I.groebner_basis ())0
Applications III
Solving Grobner bases with respect to the lex ordering allow for �ndingV(I) easily. We can “read o�” the solution similarly to reading thesolution from a row echelon form of a matrix.sage: P.<x,y,z> = PolynomialRing(FiniteField (7), order="lex")sage: I = Ideal(P.random_element () for _ in range (5))sage: I = Ideal(f - f((2,3,1)) for f in I.gens ())sage: I.groebner_basis ()[x - 2, y - 3, z - 1]
Exercises
▸ Let f1 , . . . , fm be polynomials in F[x1 , . . . , xn]. Assume thatV(f1 , . . . , fm) = {(s1 , . . . , sn)}. Show that the reduced Grobner basis ofI = ⟨f1 , . . . , fm⟩ is [x1 − s1 , . . . , xn − sn].
▸ If we use degrevlex order with x > y > z, is
{x4y2 − z5 , x3y3 − 1, x2y4 − 2z}
a Grobner basis or the ideal generated by these polynomials? Why or why not?▸ {x + 1, y − 2, xy − 2x + y − 2} is a Grobner basis wrt the degrevlex ordering inF7[x, y]. Is it a reduced Grobner basis? Is {2x + 2, 3y + 1}? If not, why not?
Contents
Sage
Polynomial Rings
Ideals
Grobner Bases
Buchberger’s Algorithm
Quotient Rings
Solving Polynomial Systems with Grobner Bases
�e F4 Algorithm
S-Polynomials I
Let G = {f1 , . . . , fs} ⊂ F[x1 , . . . , xn] and I = ⟨G⟩. If there exists any f ∈ I with
LM (f ) is not divisible by any LM (f1) , . . . , LM (fm) ,
then G is not a Grobner basis for ⟨G⟩; by de�nition.
S-Polynomials II
To obtain a candidate for such f from f1 , . . . , fs , we may choose two elements fi and fjof G and compute
s = axα fi − bxβ fj with a, b ∈ F .
We know that LM (axα fi − bxβ fj) is divisible by an element of the Grobner basis of Ibecause axα fi − bxβ fj ∈ I .
S-Polynomials III
Now assume that in s the terms axαLT (fi) and bxβLT (fj) cancel each other out.
If as a result LM (axα fi − bxβ fj) is not divisible by any LM (f1) , . . . , LM (ft) we knowthat G cannot be a Grobner basis.
S-Polynomials IV
S-polynomials are a (in fact: the) way to construct the required cancellations ofleading terms:
De�nition (S-Polynomial)Let f , g ∈ F[x1 , . . . , xn] be non-zero polynomials.1. Let xγ be the least common multiple of LM (f ) and LM (g), written as
xγ = LCM(LM (f ) , LM (g)).
2. �e S-polynomial of f and g is de�ned as
S(f , g) =xγ
LT (f )⋅ f −
xγ
LT (g)⋅ g .
We call f and g the generators of S(f , g) and xγ
LT(f ) ⋅ f andxγ
LT(g) ⋅ g the components ofS(f , g).
S-Polynomials V
ExampleLet f1 = x3 − 2xy and f2 = x2y − 2y2 + x. �e leading monomials with respect todegrevlex and x > y are LM (f1) = x3 and LM (f2) = x2y and thus xγ = x3y. �eS-polynomial is:
S(f1 , f2) =xγ
LT (f1)⋅ f1 −
xγ
LT (f2)⋅ f2
S(f1 , f2) =x3yx3
⋅ (x3 − 2xy) − x3yx2y
⋅ (x2y − 2y2 + x)
S(f1 , f2) = y ⋅ (x3 − 2xy) − x ⋅ (x2y − 2y2 + x)S(f1 , f2) = x3y − 2xy2 − x3y + 2xy2 − x2
S(f1 , f2) = −x2
S-Polynomials VI
�e same example in Sage:
sage: P.<x,y> = PolynomialRing(QQ,order=’degrevlex ’)sage: f0 = x^3 - 2*x*ysage: f1 = x^2*y -2*y^2 + xsage: (x^3*y)//x^3 * f0 - (x^3*y)//(x^2*y) * f1-x^2
S-Polynomials VII
It is su�cient to consider only S-polynomials since any reduction of leading termscan be attributed to S-polynomials.
[Buc65] Bruno BuchbergerEin Algorithmus zum Au�nden der Basiselemente des Restklassenrings nacheinem nulldimensionalen Polynomideal,Phd�esis at Universitat Innsbruck, 1965.
[Buc06] Bruno BuchbergerBruno Buchberger’s PhD thesis 1965: An algorithm for �nding the basis elementsof the residue class ring of a zero dimensional polynomial idealJournal of Symbolic Computation, 41:3-4, p. 475-511, 2006.
Buchberger’s Criterion I
Buchberger’s CriterionLet I be an ideal. G = {g1 , . . . , gs} is a Grobner basis for I , if and only if for all pairsi ≠ j, the remainder r of the division of S(gi , gj) by G (listed in some order) is zero, i.e.we have that f
G= 0.
Proof.See [Cox et al., 2007, p.85�]
Buchberger’s Criterion II
ExampleLet f1 = x3 − 2xy and f2 = x2y − 2y2 + x. �e S-polynomial is −x2 which is not reducibleby either LM (f1) = x3 or LM (f2) = x2y. �us, (f1 , f2) is not a Grobner basis.
Buchberger’s Algorithm
Input: F – a �nite subset of PResult: a Grobner basis for the ideal I
spanned by F1 begin2 G←Ð F;3 G2 ←Ð ∅;4 while G2 ≠ G do5 G2 ←Ð G;6 for f , g ∈ G2 ×G2 do7 if LM (f ) < LM (g) then8 s←Ð S(f , g)
G;
9 if s ≠ 0 then10 add s to G;
11 return G;Algorithm 2: Buchberger’s Algorithm
Correctness and termination:1. At every stage of the algorithm,
G ⊂ I and ⟨G⟩ = I hold.
2. If G2 = G then S(f , g)G= 0 for all
f , g ∈ G and, by Buchberger’scriterion, G is a Grobner basis.
3. �e equality G2 = G occurs in�nitely many steps since theideals ⟨LM (G)⟩, in iterations ofthe loop, form an ascendingchain. �is chain of idealsstabilizes a�er a �nite number ofiterations and at that moment⟨LM (G)⟩ = ⟨LM (G2)⟩ holds,which implies G2 = G.
Complexity
�e running time of Buchberger’s algorithm is not polynomial in the number ofvariables, as the intermediate bases G2 grow exponentially during the calculations.
�eorem [Faugere and Ars, 2004]Let I be an ideal in Fq[x1 , . . . , xn] generated by polynomials f1 , . . . , fn of degreesd1 , . . . , dn respectively. Assume V(I) is �nite.
▸ A Grobner basis computation for a lexmonomial order reaches at most degreeD ≤∏
n−1i=0 di .
▸ A Grobner basis computation for a degrevlexmonomial order reaches at mostdegree D ≤ 1 − n +∑n−1
i=0 di .
Optional Improvements I
Buchberger’s algorithm leaves a lot of freedom to implement. �e runtime can bereduced by applying a variety of improvements:
▸ �e order in which the critical pairs f , g are selected.
▸ If S(f , g)G= 0 we learn nothing new, we can employ criteria to �lter out such
computations.▸ Algorithms exist [Faugere et al., 1993] to convert a Grobner basis (of an idealwith V(I) �nite) in one monomial order to a Grobner basis in anothermonomial order, thus we may compute with respect to the degrevlex ordering�rst and then convert the result to lex.
Optional Improvements II
Buchberger himself gave two criteria to avoid useless reductions to zero. We only givethe �rst one here:
De�nition (Buchberger’s First Criterion)Let f , g ∈ F[x1 , . . . , xn] with disjoint leading terms, i.e.LCM(LM (f ) , LM (g)) = LM (f ) ⋅ LM (g). �en S(f , g)
G= 0.
Proof.See [Becker and Weispfenning, 1991, p.222].
Exercises
1. In F7[x, y] with deglex compute a Grobner basis for
⟨x2y + 6, xy2 − x⟩
using Buchberger’s algorithm. How many reductions to zero S(f , g)G= 0 did
you observe?2. Repeate Exercise 1 in F7[x, y, z] with deglex for
⟨x2 + y, x4 + 2x2y + y2 + 3⟩
what does the result tell you abour V(I)?3. Repeate Exercise 2 with
⟨x − z4 , y − z5⟩
and use Buchberger’s First Criterion to avoid useless reductions to zero. Howmany did you avoid?
Contents
Sage
Polynomial Rings
Ideals
Grobner Bases
Buchberger’s Algorithm
Quotient Rings
Solving Polynomial Systems with Grobner Bases
�e F4 Algorithm
Quotient Rings I
▸ Recall that we considered �nite extension �elds as Fp[x]/f (x) for someirreducible polynomial f (x).
▸ By this we mean that all multiplies of f (x) are zero, i.e., we quotient out byelements in ⟨f (x)⟩.
▸ In fact, we can quotient out by any ideal I and de�ne the quotient ring Q = R/I .
�eorem [Cox et al., 2007, p.226]Let I be an ideal in F[x1 , . . . , xn]. �e ideals in the quotient ring F[x1 , . . . , xn]/I arein one-to-one correspondence with the ideals in F[x1 , . . . , xn] containing I (that is,the ideals J satisfying I ⊂ J ⊂ P).
In particular, we may identify
I = ⟨f1 , . . . , fm , xq1 − x1 , . . . , xqn − xn⟩ ∈ Fq[x1 , . . . , xn]
withJ = ⟨f1 , . . . , fm⟩ ∈ Fq[x1 , . . . , xn]/⟨xq1 − x1 , . . . , xqn − xn⟩.
Sage
sage: P.<x,y,z> = PolynomialRing(FiniteField (2))sage: I = sage.rings.ideal.FieldIdeal(P)sage: Q = P.quotient_ring(I); QQuotient of Multivariate Polynomial Ring in x, y, z \
over Finite Field of size 2 by the ideal (x^2 + x, y^2 + y, z^2 + z)
sage: P.<x,y,z> = BooleanPolynomialRing () # much faster!sage: P.defining_ideal ()Ideal (x^2 + x, y^2 + y, z^2 + z) of Multivariate Polynomial Ring \
in x, y, z over Finite Field of size 2
Contents
Sage
Polynomial Rings
Ideals
Grobner Bases
Buchberger’s Algorithm
Quotient Rings
Solving Polynomial Systems with Grobner Bases
�e F4 Algorithm
Elimination Ideals I
Given an ideal I in a polynomial ring P = F[x1 , . . . , xn] over a �eld F and a numberj ∈ {1, . . . , n}, consider the set of all polynomials in I which involve only the variablesxj , . . . , xn . �is set I ∩ F[xj , . . . , xn] is an ideal in F[xj , . . . , xn].
Elimination Ideals II
De�nition (Elimination Ideal)Given I = ⟨f1 , . . . , fm⟩ ⊂ F[x1 , . . . , xn], the ℓ-th elimination ideal Iℓ is the ideal ofFxl , . . . ,xn de�ned by
Iℓ = I ∩ F[xl , . . . , xn].
Elimination Ideals III
If we could compute Grobner bases for these elimination ideals, we could start withn = ℓ to get a univariate polynomial. We could then factor it and substitute, whichagain would produce a univariate polynomial but this time in xn−1 etc.
Preprocessing I
In what follows we augment our ideal in Fq[x1 , . . . , xn] with polynomialsxq1 − x1 , . . . , xqn − xn which we call �eld polynomials.
�at is I = I ∪ {xqi − xi ∣ 1 ≤ i ≤ n}, which makes sure,▸ that our ideal has only �nitely many points in V(I) and▸ that our ideal is “radical”.
Both of these conditions are needed for what follows.
Elimination�eorem I
Elimination�eoremLet I ⊂ F[x1 , . . . , xn] be an ideal and let G be a Grobner basis of I with respect to thelexmonomial ordering where x1 > x2 > ⋅ ⋅ ⋅ > xn . �en for every 1 ≤ ℓ ≤ n, the set
Gℓ = G ∩ F[xℓ , . . . , xn]
is a Grobner basis fo the ℓ-th elimination ideal Iℓ .
In other words, the Grobner basis G has triangular shape, which we can use to solve.
Elimination�eorem II
ExampleLet P = F127[x, y, z], the monomial ordering lex and consider the ideal
I = ⟨x + y + z, xy + xz + yz, xyz − 1⟩
We add the �eld polynomials and compute the reduced Grobner basis:
x + y + z, y2 + yz + z2 , z3 − 1,
which has a triangular shape as predicted by the Elimination�eorem.
Elimination�eorem III
�is result can be computed using Sage as follows:sage: P.<x,y,z> = PolynomialRing(FiniteField (127), order=’lex’)sage: I = sage.rings.ideal.Cyclic(P)sage: IIdeal (x + y + z, x*y + x*z + y*z, x*y*z - 1) of \Multivariate Polynomial Ring in x, y, z over \Finite Field of size 127sage: J = I + sage.rings.ideal.FieldIdeal(P)sage: g0,g1,g2 = J.groebner_basis (); g0,g1 ,g2(x + y + z, y^2 + y*z + z^2, z^3 - 1)
sage: factor(g2)(z - 19) * (z - 1) * (z + 20)
sage: factor(g1(x,y,19))(y - 1) * (y + 20)
sage: factor(g0(x,1 ,19))x + 20
sage: all(f(107 ,1 ,19)==0 for f in I.gens ())Truesage: J.variety ()[{y: 19, z: 1, x: 107}, {y: 107, z: 1, x: 19},{y: 1, z: 19, x: 107}, {y: 107, z: 19, x: 1},{y: 1, z: 107, x: 19}, {y: 19, z: 107, x: 1}]
An Example I
x
y
circle at (1, 2) with radius 3
circle at (−1, 1) with radius 2
An Example II
sage: x,y = var("x, y")sage: p1 = (x-1)^2 + (y-2)^2 - 3^2 == 0sage: p2 = (x+1)^2 + (y-1)^2 - 2^2 == 0sage: sols = solve ([p1,p2],x,y)sage: sols[x == -2/5* sqrt (5) - 1, y == 4/5* sqrt (5) + 1],[x == 2/5* sqrt (5) - 1, y == -4/5* sqrt (5) + 1]]
An Example III
sage: P.<x,y> = PolynomialRing(QQ, order=’lex’)sage: f1 = (x-1)^2 + (y-2)^2 - 3^2sage: f2 = (x+1)^2 + (y-1)^2 - 2^2sage: I = Ideal(f1,f2)sage: I.groebner_basis ()[x + 1/2*y + 1/2, y^2 - 2*y - 11/5]
sage: I.variety ()[]
sage: I.variety(CC)[{y: -0.788854381999832 , x: -0.105572809000084} ,
{y: 2.788854381999830 , x: -1.89442719099992}]
sage: sage: P.<z> = QQ[]sage: I.variety(NumberField(z^2-5,’a’))[{y: -4/5*a + 1, x: 2/5*a - 1},{y: 4/5*a + 1, x: -2/5*a - 1}]
Contents
Sage
Polynomial Rings
Ideals
Grobner Bases
Buchberger’s Algorithm
Quotient Rings
Solving Polynomial Systems with Grobner Bases
�e F4 Algorithm
Warm Up
As a warm-up, consider a linear system of equations over F127[x, y, z].
f = 26y + 52z + 62 = 0g = 54y + 119z + 55 = 0h = 41x + 91z + 13 = 0
A�er Gaussian elimination:
f ′ = x + 29 = 0g′ = y + 38 = 0h′ = z + 75 = 0
⎛⎜⎝
0 26 52 620 54 119 5541 0 91 13
⎞⎟⎠
⎛⎜⎝
1 0 0 291 0 38
1 75
⎞⎟⎠
�us, x = −29, y = −38 and z = −75 is a solution. We know this because Gaussianelimination produced small enough elements (z + 75) such that we can simply read ofthe solution.
Generalising to Non-Linear Polynomials
Now consider two polynomials in F127[x, y, z] with term ordering deglex.
f = x2 + 2xy − 2y2 + 14z2 + 22zg = x2 + xy + y2 + z2 + x + 2z
f = x2 + 4y2 − 12z2 + 2x − 18zg′ = xy + −3y2 + 13z2 − x + 20z
(1 2 −2 14 0 221 1 1 1 1 2 )
(1 0 4 −12 2 −18
1 −3 13 −1 20 )
Gaussian elimination still “reduces” the system.
Limits of this Approach I
�is approach fails for
f = x2 − 2xy − 2y2 + 14z2 ,g = x + y + 2z.
since x is not a monomial of f .
However, x divides two monomials of f : x2 and xy.
To account for those include multiplesm ⋅ g of g such that
LM (m ⋅ g) = m ⋅ LM (g) ∈ the monomials of f .
Limits of this Approach II
f = x2 − 2xy − 2y2 + . . .x ⋅ g = x2 + xy . . .y ⋅ g = xy + y2 + . . .
g = x + y + 2z
f ′ = x2 + 4yz + 14z2 ,h1 = xy + 2xz + −4yz − . . . ,h2 = y2 − 2xz + 6yz + . . . ,g = x + y + 2z
⎛⎜⎜⎜⎝
1 −2 −2 0 0 14 0 . . .1 1 0 2 0 0 0 . . .
1 1 0 2 0 0 . . .1 . . .
⎞⎟⎟⎟⎠
⎛⎜⎜⎜⎝
1 0 0 0 . . . 0 . . .1 0 2 . . . 0 . . .
1 −2 . . . 0 . . .. . . 1 . . .
⎞⎟⎟⎟⎠
Let’s call the preprocessing we performed “symbolic preprocessing” . . .but that aloneis still not enough to solve the system.
Adding S-Polynomials
Finally, consider
f = yx + 1,g = zx + 2.
Neither LM (f ) nor LM (g) divides any monomial in the other polynomial. However,we have
zf − yg = z(yx + 1) − y(zx + 2),= xyz + z − xyz − 2y,= z − 2y.
We constructed multiples of f and g such that when we subtract them their leadingterms cancel out and something smaller is produced: we constructed anS-polynomial.
�e F4 Algorithm I
Input: F = [f1 , . . . , fm] – list of polynomialsOutput: a Grobner basis for ⟨f1 , . . . , fm−1⟩
1 begin2 while True do3 F ←multiply all pairs fi , fj ∈ F bymi ,mj such that LM (mifi) = LM (mjfj);4 F ← perform “symbolic preprocessing” on F ∪ F;5 F ← peform Gaussian elimination on F ;6 F ← F ∪ {f ∈ F with ∀g ∈ F we have LM (g) ∤ LM (f )};7 if F didn’t change in the last iteration then8 return F;
Algorithm 3: simpli�ed F4
�e F4 Algorithm II
1 begin2 while True do3 F ←multiply all pairs fi , fj ∈ F bymi ,mj such that LM (mifi) = LM (mjfj);4 F ← perform “symbolic preprocessing” on F ∪ F;5 F ← peform Gaussian elimination on F;6 F ← F ∪ {f ∈ F with ∀g ∈ F we have LM (g) ∤ LM (f )};7 if F didn’t change in the last iteration then8 return F;
Buchberger select one pair in line 3 and use polynomial division instead of Gaussianelimination in line 5; implemented everywhere
F4 use Buchberger’s criteria in line 3 to avoid useless pairs (= zero rows in thematrix); implemented in Magma, PolyBoRi, FGB
F5 use criteria in lines 3 and 4 such that all matrices have full rank under someassumption; implementation worked on in Singular
�e F4 Algorithm III
1 begin2 while True do3 F ←multiply all pairs fi , fj ∈ F bymi ,mj such that LM (mifi) = LM (mjfj);4 F ← perform “symbolic preprocessing” on F ∪ F;5 F ← peform Gaussian elimination on F;6 F ← F ∪ {f ∈ F with ∀g ∈ F we have LM (g) ∤ LM (f )};7 if F didn’t change in the last iteration then8 return F;
Re-Linearisation Gaussian elimination is enough because we have so many equations
(Mutant)XL multiply by everything up to some degree in line 3 and skip line 4 (worsethan Simple F4 because of redundancies)
Fin
Questions?
Literature I
Becker, T. and Weispfenning, V. (1991).Grobner Bases – A Computational Approach to Commutative Algebra.Springer Verlag, Berlin, Heidelberg, New York.
Cox, D., Little, J., and O’Shea, D. (2007).Ideals, Varieties, and Algorithms.Springer Verlag, Berlin, Heidelberg, New York.
Faugere, J.-C. and Ars, G. (2004).Comparison of XL and Grobner basis algorithms over �nite �elds.Technical Report 5251, Institut National de Recherche en Informatique et enAutomatique (INRIA).
Faugere, J.-C., Gianni, P. M., Lazard, D., and Mora, T. (1993).E�cient computation of zero-dimensional Grobner Bases bychange of ordering.Journal of Symbolic Computation, 16:329–344.
