Definition and Basic Properties

The paper by [Babai et al., 1995] also introduces the method of random pre-fixes, which is an alternative to the applications of random subproducts. Ran-dom prefixes can be used to reduce generating sets roughly with the asymp-totic efficiency as the algorithm in the proof of Theorem 2.3.6 and to speed up asymptotically the computation of algebraic closures and commutator sub-groups (cf. Theorems 2.3.9 and 2.3.12).

Given asequence of group elementsg₁,g₂, . . . ,gk, arandom prefixof this sequence is the product of a randomly chosen initial segment of a random order-ing of thegi. To apply random prefixes, we need an analogue of Lemma 2.3.2 to ensure that a random prefix of generators has a fair chance to avoid any given proper subgroup. Our first goal is the deduction of such an analogue.

We start with some technical results concerningspreader permutations. Let M = {1,2, . . . ,m},M¯ =M∪ {0,m+1},H⊆M, a nd ¯H=H∪ {0,m+1}.

Forx∈H, let

This quantity, thespreading factor of H, measures how evenly the set H is distributed withinM. We sa y tha tH isε-spreadif spread(H)≥ε.

c(m+1). Suchkelements can be chosen

For 6≤ h ≤ 200, (2.10) can be checked by computer. (GAPneeds about 10 seconds on a SparcStation2 to do that.) For larger values, we use Stirling’s formula. Note that the sequence√

2πn(n/e)ⁿ in the numerator gives an upper estimate for the left-hand side of (2.10).

Using that for 1/3<x<1/2

(3x−1)^3x−1(1−2x)^1−2x>4^x(29e/8)^x−1, (2.11)

in the casek/3<l <k/2 the term (3l−k)^3l−k(k−2l)^k−2l can be estimated from below byk^l4^l(29e/8)^l−k. Also, (h+2−k)^h+2−k>e²(h/2)^h+2−k. Using these estimates, it is straightforward to check that (2.10) holds. Ifl∈ {k/3,k/2}

then (_k−^l_2l)=1, and Stirling’s formula easily yields (2.10).

What does it mean thatA(c) fails? LetA=(a₀,a₁, . . . ,ah+1) be the sequence of elements ofH∪ {0,m+1}, listed in increasing order. Then let A1, . . . ,An

be the maximal subsequences of consecutive elements with difference less than c(m+1); that is,ai+1−ai <c(m+1) ifai andai+1are in the same Aj, but min(Aj+1)−max(Aj)≥c(m+1). EachAj of size greater than 1 can be par-titioned into subsequences of length two and three, which can be considered as the f-images of the setH₀^∗. Therefore, ifA(c) fails then _j∈J|Aj|<k, where the summation runs over theAjwith|Aj|>1. Hence more thanh−kelements x∈Hare in one-element setsAj, which means thatδH(x)≥c(m+1). In particu-lar, ifhis even then we choosec:=2ε/hand obtain that spread(H)≥(h−k)c= εwith probability greater than 1−(15ε)^k−l≥1−(15ε)^h/4. Ifhis odd then we choosec:=2ε/(h+1) and obtain that spread(H)≥(h−k)c=εwith probabil-ity greater than 1−(15εh/(h+1))^k−l≥1−(15εh/(h+1))^(h−1)/4>1−(15ε)^h/4. (The last inequality is the only point in the proof of caseh≥6 where we used

the lower boundε≥1/30.)

Theorem 2.4.2. Let1/30≤ε <1/15,C >0, and r >(4+4(C+1) logm)/

log(1/(15ε)). Furthermore, let P = {p₁, . . . ,pr}be a set of r random permu-tations of{1,2, . . . ,m}. Then P is an(ε,m)-spreader with probability at least 1−m^−C.

Proof. Let H be anonempty subset of {1,2, . . . ,m} and h:= |H|. By Lemma 2.4.1, the probability that spread(H) < εfor all permutations in P is at most (15ε)^hr/4. Hence the probability that not all nonempty subsets are ε-spread is at most

m h=1

m h

(15ε)^hr/4=

1+(15ε)^r/4m

−1<2(15ε)^r/4m<m^−C. Here, the first inequality is true because the condition imposed onrimplies that (15ε)^r/4<1/(me), and (1+x)^m<1+2xmfor 0<x<1/(me). The second inequality is a straightforward consequence of the condition imposed onr. Now we are in position to connect spreader permutations, random prefixes, and expansion of subgroups.

Lemma 2.4.3. Let G = Sbe a black-box group and P = {p1, . . . ,pr}be an(ε,|S|)-spreader, and let KG. Moreover, let g be a random prefix of S, obtained from a randomly chosen element of P. ThenProb(g ∈K)≥ε/(2r).

Proof. Let H:= {s∈S|s ∈K} and let a1<a2<· · ·<ah denote the posi-tions corresponding to the elements of H in the randomly chosen permuta-tion p∈P. We also definea₀:=0 a ndah+1:= |S| +1 and letgj denote the random prefix of S corresponding to the first j elements of p. Then, for a fixedi∈[1,h], eithergj ∈K for all j withai−1 ≤ j <ai or gj ∈K for all j with ai ≤ j < ai+1 (it is also possible that both of these events occur).

So Prob(g ∈K)≥spread({a1, . . . ,ah})/2 and, since P is an (ε,|S|)-spreader, spread({a1, . . . ,ah})≥εwith probability at least 1/r.

2.4.2. Applications

We shall apply random prefixes toG-closure computations. We consider the same situation as in Section 2.3.3, namely,G= Sacts onH, we can compute h^g∈Hfor anyh∈H,g∈G, and an upper boundlHis known for the length of subgroup chains inH.

Lemma 2.4.4. Suppose that G = S acts on H and U ≤ H is not closed for the G-action. Let P= {p1, . . . ,pr₁} be an (ε,|S|)-spreader and Q= {q1, . . . ,qr₂}be an (ε,|U|)-spreader. Moreover, let g and u be random prefixes on the sets S and U , respectively, obtained from randomly chosen elements of P and Q. ThenProb(u^g ∈ U)≥ε²/(4r1r2).

Proof. By hypothesis,K:= {k∈G| U^k= U}G. Hence, by Lemma2.4.3, Prob(g ∈K)≥ε/(2r1). If g ∈K then X := U^g−1 ∩ U = U. Thus, by Lemma2.4.3, Prob(u ∈X)≥ε/(2r2). Combining the two probabilities, we ob-tain Prob(u^g ∈ U)≥Prob(u ∈X|g ∈K)Prob(g ∈K)≥ε²/(4r1r2).

Theorem 2.4.5. Suppose that G = Sacting on a group H , an upper bound lHfor the length of subgroup chains in H , a subset A⊆H , and a constantδ >0 are given. Then there is a Monte Carlo algorithm that, with probability at least 1−δ, constructs O(lHlog|S|(loglH+log log|S|))generators forA^G, using

O(lHlog|S|(loglH+log log|S|)³+ |A|loglH+ |S|log|S|) group operations.

Proof. We can suppose that |A| ∈O(lH) because if |A| is too big then we construct O(lH) generators for A. By Theorem 2.3.6, this can be done by O(|A|loglH) group operations.

We would like to apply Lemma 2.4.4. We can fix a valueεin the interval [1/30,1/15), and there is no problem concerning the setS: We can construct an (ε,|S|)-spreaderP = {p1, . . . ,pr₁}of sizeO(log|S|) and collect in a setTGall products of elements ofScorresponding to initial segments of the permutations inP. For the construction of random permutations inP, see Exercise 2.1. The construction ofTGrequiresO(|S|log|S|) group operations.

However, the setU containing the already constructed generators forA^G changes during the algorithm, so we cannot precompute the product of initial segments in random permutations ofU. Computing spreader permutations of increasing degree as|U| changes would take too much time. Therefore, we proceed in the following way.

Letm =clHlog|S|(loglH+log log|S|) for a sufficiently large constantc and letQ= {q₁, . . . ,qr2}be an (ε,m)-spreader of sizeO(logm)=O(loglH+ log log|S|). We can suppose thatm is apower of 2. We use anm-long array Uto store generators forA^G. Initially,Ucontains the elements ofAand the rest ofU is padded with the identity element. As new generatorsx forA^G are constructed, we replace one of the identity elements inUbyx. Now comes the idea that speeds up the computation. Instead of products of initial segments of theU^qi, we store the product of elements in positionsl2^j+1,l2^j+2, . . . , (l +1)2^j inU^qi for all i∈[1,r₂],j∈[0,logm], andl∈[0,m/2^j−1]. This requires the storage of less than 2mr2group elements.

From this data structure TH, the product of the first k elements of U^qi can be computed with O(logm)=O(loglH +log log|S|) group operations, by taking segments of lengths corresponding to the terms in the binary ex-pansion ofk. Also, after replacing an element of U, the data structure can be updated by at mostr2logm∈O((loglH +log log|S|)²) group operations, since after updating segments of length 2^j, ther₂ segments of length 2^j+1 containing the new element can be updated by one multiplication per seg-ment.

This gives us the following algorithm: Replace the identity elements inUby group elements of the formu^gas described in Lemma 2.4.4, always updating the data structureTH. If the construction of the spreadersP,Qwas successful then Lemma 2.4.4 and an application of the basic type of Lemma 2.3.3 imply that by the time allm−|A| ∈O(lHr₁r₂) identity elements are replaced,Ugenerates A^G with probability greater than 1−e^−clH for some constantc > 0. The number of group operations required isO(mr₂logm)=O(lHlog|S|(loglH+

log log|S|)³).

Corollary 2.4.6. Suppose that an upper bound lG is known for the length of subgroup chains in a group G and that O(lG)generators are given for G and for some H≤G. Letδ >0. Then there is a Monte Carlo algorithm that, with probability at least1−δ, constructs O(lG)generators for the normal closure H^G, using O(lGlog⁴lG)group operations.

Proof. By Theorem 2.4.5,O(lGlog²lG) generators can be obtained by the indi-cated number of group operations. By Theorem 2.3.6, this generating set can be reduced to one of sizeO(lG) withO(lGlog³lG) further group operations.

Our last application is the asymptotic speedup of commutator subgroup com-putations.

Lemma 2.4.7. Let H = Uand K = Vbe two subgroups of a common par-ent group, and let N[H,K],NH,K. Moreover, let P = {p1, . . . ,pr₁} be an(ε,|U|)-spreader and Q= {q₁, . . . ,qr2}be an(ε,|V|)-spreader, and let u andv be random prefixes on the sets U and V , respectively, obtained from randomly chosen elements of P and Q. ThenProb([u, v] ∈N)≥ε²/(4r₁r₂).

Proof. By Lemma2.3.10, X:= {h∈H|[h,K]≤N}is asubgroup of H and, by hypothesis,X =H. So Lemma2.4.3 implies that Prob(u ∈X)≥ε/(2r1). If u ∈X thenY:= {k∈K|[u,k]∈N} =K, so, by Lemma2.4.3, Prob([u, v] ∈ N)≥ε/(2r₂). Combining the two probabilities, we obtain Prob([u, v] ∈N)≥ Prob([u, v] ∈N|u ∈X)Prob(u ∈X)≥ε²/(4r1r2).

Theorem 2.4.8. Suppose that H= Uand K = Vare subgroups of G and an upper bound lGfor the length of subgroup chains in G is known. Letδ >0.

Then there is a Monte Carlo algorithm that, with probability at least1−δ, constructs O(lG)generators for[H,K], using O(lGlog⁴lG+(|U|+|V|) loglG) group operations.

Proof. With O((|U| + |V|) loglG) group operations, we can construct gener-ating sets of size O(lG) for H and K. So we suppose that |U| ∈O(lG) a nd

|V| ∈O(lG).

A generating set for [H,K] is obtained in two phases. In the first phase, we construct an (ε,|U|)-spreaderP = {p1, . . . ,pr₁}and an (ε,|V|)-spreader Q= {q₁, . . . ,qr2}, and we place the products of initial segments ofU^pi,V^qiinto the setsTUandTV, respectively. This requiresO(|U|log|U| + |V|log|V|)= O(lGloglG) group operations. Then, for a sufficiently large constant c, we placeclGr1r2∈O(lGlog²lG) commutators [u, v] into asetT, whereu andv

are randomly chosen elements of TU andTV, respectively. After that, using O(lGlog³lG) group operations, we constructO(lG) generators forT.

By Lemma2.4.7, the normal closure ofTinH,Kis [H,K] with high probability. In the second phase, we compute generators for this normal closure.

By Corollary 2.4.6, this requiresO(lGlog⁴lG) group operations.

Exercises

2.1. Design an algorithm that constructs a uniformly distributed random ele-ment ofSn inO(n) time. (You can suppose that a random element of a list can be chosen inO(1) time.)Hint:We have to construct an injective function f : [1,n]→[1,n]. When f(1), . . . , f(k) are already defined, store the remainingn−kpossible function values in an array of length n−k. How should this array be modified when f(k+1) is defined?

2.2. Design an algorithm that constructs a uniformly distributed random ele-ment ofAn.

2.3. LetM be a finite state Markov chain, with transition probability matrix P. Prove thatp^(k)_{i j} is the (i,j)-entry inP^k.

2.4. Let M be a Markov chain and suppose that statesu, v can be reached from each other. Prove thatuandvare both aperiodic or they have the same period.

2.5. Prove that the stationary distribution of a finite, irreducible, aperiodic Markov chain is the uniform one if and only if the column sums of the transition probability matrix are all 1.

2.6. Prove the inequality (2.11).

2.7. [Beals and Babai, 1993] Suppose that G is a nonabelian black-box group and NG,N =G. Suppose also that a subset A:= {g1, . . . , gk} ⊆G\{1}is given, and we know that A∩N = ∅. Design aMonte Carlo algorithm that, with high probability, computes a nontrivial ele-ment of aproper normal subgroup ofG.Hint:If{a,b} ∩N = ∅then [a,b]∈N. Wha t ca n we do ifaandbcommute?

3