Fast Computation of the Roots of Polynomials Over the Ring of Power Series

(1)

HAL Id: hal-01457954

https://hal.inria.fr/hal-01457954v2

Submitted on 2 Jun 2017

HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

Fast Computation of the Roots of Polynomials Over the Ring of Power Series

Vincent Neiger, Johan Rosenkilde, Éric Schost

To cite this version:

Vincent Neiger, Johan Rosenkilde, Éric Schost. Fast Computation of the Roots of Polynomials Over the Ring of Power Series. ISSAC ’17, Jul 2017, Kaiserslautern, Germany. �10.1145/3087604.3087642�.

�hal-01457954v2�

(2)

Over the Ring of Power Series

Vincent Neiger

Technical University of Denmark Kgs. Lyngby, Denmark

vinn@dtu.dk

Johan Rosenkilde

Technical University of Denmark Kgs. Lyngby, Denmark

jsrn@jsrn.dk

´Eric Schost

University of Waterloo Waterloo ON, Canada eschost@uwaterloo.ca

ABSTRACT

We give an algorithm for computing all roots of polynomials over a univariate power series ring over an exact fieldK. More precisely, given a precisiond, and a polynomialQwhose coefficients are power series inx, the algorithm computes a representation of all power seriesf(x)such thatQ(f(x))=0 modx^d. The algorithm works unconditionally, in particular also with multiple roots, where Newton iteration fails. Our main motivation comes from coding theory where instances of this problem arise and multiple roots must be handled.

The cost bound for our algorithm matches the worst-case input and output sizeddeg(Q), up to logarithmic factors. This improves upon previous algorithms which were quadratic in at least one ofd and deg(Q). Our algorithm is a refinement of a divide & conquer algorithm by Alekhnovich (2005), where the cost of recursive steps is better controlled via the computation of a factor ofQwhich has a smaller degree while preserving the roots.

KEYWORDS

Polynomial root-finding algorithm; power series; list decoding.

1 INTRODUCTION

In what follows,Kis an exact field, andK[[x]][y] denotes the set of polynomials inywhose coefficients are power series inxoverK.

Problem and main result.Given a polynomial inK[[x]][y], we are interested in computing its power series roots to some precision, as defined below.

Definition 1.1. LetQ∈K[[x]][y]andd∈Z>0. A power series f ∈K[[x]]is called aroot ofQto precisiondifQ(f)=0 modx^d; the set of all such roots is denoted byR(Q,d).

Our main problem (Problem 1) asks, givenQandd, to compute a finite representation ofR(Q,d); the fact that such a representation exists is explained below (Theorem 2.8). In all the paper, we count operations inKat unit cost, and we use the soft-O notationO^∼(·) to give asymptotic bounds with hidden polylogarithmic factors.

ISSAC ’17, Kaiserslautern, Germany

This is the author’s version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published inProceedings of ISSAC ’17, July 25-28, 2017, http://dx.doi.org/10.1145/3087604.3087642.

Problem 1.

Input:

• a precisiond∈Z>0,

• a polynomialQ∈K[[x]][y]known at precisiond.

Output:

• (finite) list of pairs(fi,ti)₁_≤i_≤` ⊂K[x]×Z≥0such that R(Q,d) =S

1≤i≤`(fi+x^tⁱK[[x]])

An algorithm solving this problem must involve finding roots of polynomials inK[y]. The existence, and complexity, of root- finding algorithms for univariate polynomials overKdepends on the nature ofK. In this paper, we assume thatKis such that we can find roots inKof a degreenpolynomial inK[y] in timeR_K(n), for some functionR_K:Z^≥0→R; the underlying algorithm may be deterministic or randomized. For instance, ifK=Fq, we can takeR_K(n)∈O^∼(n)using either a Las Vegas algorithm (in which case the runtime can be more precisely stated asO^∼(nlog(q))[19, Cor. 14.16]), or a deterministic one (with for instance a runtime O^∼(nk²√

p), where we writeq=p^k,pprime [17]).

We now state our main result: we separate the cost of the root- finding part of the algorithm, which may be randomized, and the rest of the algorithm which is deterministic.

Theorem 1.2. There is an algorithm which solves Problem 1 us- ingO^∼(dn)deterministic operations in K, together with an extra O(dR_K(n))operations, wheren=deg(Q).

A cost inO^∼(dn)is essentially optimal for Problem 1. Indeed, if Q=(y−f₁)· · ·(y−f_n), for some power seriesf₁, . . . ,f_nsuch that fi−fj is a unit for alli,j, then the roots ofQto precisiondare all the power series of the formf_i+x^dK[[x]], for somei. In this case, solving Problem 1 involves computing allf_i modx^d, which amounts todnelements inK.

Previous work.When the discriminant ofQ ∈ K[[x]][y] hasx- valuation zero, or equivalently, when ally-roots ofQ_|x=0are simple (as in the example above), our problem admits an obvious solution:

first, compute ally-roots ofQ_|x=0inK, sayy₁, . . . ,y_`, for some

`≤n, wheren=degQ. Then, apply Newton iteration to each of these roots to lift them to power series rootsf₁, . . . ,f_`of precision d; to go from precision sayd/2 tod, Newton iteration replacesfi

by

fi − Q(f_i)

Q⁰(fi) modx^d,

whereQ⁰∈K[[x]][y] is the formal derivative ofQ. The bottleneck of this approach is the evaluation of allQ(fi)andQ⁰(fi). Using an algorithm for fast multi-point evaluation in the ring of univariate

(3)

ISSAC ’17, July 25-28, 2017, Kaiserslautern, Germany Vincent Neiger, Johan Rosenkilde, and ´Eric Schost

polynomials overK[[x]]/(x^d), these evaluations can both be done inO^∼(dn)operations inK. Taking all steps into account, we obtain the rootsf₁, . . . ,f_`modulox^dusingO^∼(dn)operations inK; this is essentially optimal, as we pointed out above. In this case, the total time for root-finding isR_K(n).

Thus, the non-trivial cases of Problem 1 arise whenQ_|x=0has multiple roots. In this case, leaving aside the cost of root-finding, which is handled in a non-uniform way in previous work, we are not aware of an algorithm with a cost similar to ours. The best cost bounds known to us areO^∼(n²d), obtained in [1] and with this cost estimate being showed in [13], andO^∼(nd²), obtained in [4].

WhenQ_|x=0has multiple roots, a natural generalization of our problem consists in computing Puiseux series solutions ofQ. It is then customary to consider a two-stage computation: first, compute sufficiently many terms of the power series / Puiseux series solutions in order to be able toseparatethe branches, then switch to another algorithm to compute many terms efficiently.

Most algorithms for the first stage compute the so-called singular parts of rational Puiseux expansions [7] of the solutions. They are inspired by what we will call theNewton-Puiseuxalgorithm, that is, Newton’s algorithmic proof that the field of Puiseux seriesKhhxiiis algebraically closed whenKis algebraically closed of characteristic zero [12, 20]. In the case of Puiseux series roots, one starts by reading off the leading exponentγ of a possible solution on the Newton polygon of the input equationQ∈Khhxii[y]. The algorithm then considers ˆQ=Q(x^γy)/x^s ∈Khhxii[y], wheresis the valuation atxofQ(x^γy). Ify₁, . . . ,y_`are they-roots of ˆQ_|x=0, then these give thex^γ terms of the Puiseux series roots ofQ. For eachiwe then replaceQwithQ(x^γ(y_i +y))/x^s⁰, wheres⁰is the valuation atxofQ(x^γ(yi+y)). This allows us to compute the terms of the solutions one by one. The best algorithms to date [14, 15] use an expected number ofO^∼(n²ν+n³+n²log(q))operations inK, if K=Fqand whereνis the valuation of the discriminant ofQ. These algorithms are randomized of the Las Vegas type, since they rely on Las Vegas root-finding inFq[y].

In the second stage, given the singular parts of the solutions, it becomes for instance possible to apply Newton iteration, as in [9].

IfQis actually inK[x][y], one may alternatively derive from it a linear recurrence with polynomial coefficients satisfied by the coefficients of the solutions we are looking for; this allows us to compute them at precisiondusingO(dn)operations, that is, in time genuinely linear inn,d[5, 6] (keeping in mind that in both cases, we may need to know aboutνterms of the solutions before being able to switch to the faster algorithm). We will discuss a similar observation in the context of our algorithm, in Section 4.

Using ideas akin to the Newton-Puiseux algorithm, Berthomieu, Lecerf, and Quintin gave in [4] an algorithm that computes roots of polynomials inL[y], for a wide class of local ringsL. In the particular caseL=FqJxKwithq =p^s, the expected runtime of their algorithm isO^∼(nd²+nlog(q)+ndlog(k)/p)operations inFq. Let us finally mention algorithms for polynomial factorization over local fields. Using the Montes algorithm [10], it is proved in [3]

that one can compute a so-called OM-factorization of a degreen polynomialQinFqhhxii[y] at precisiondusingO^∼(n²ν+nν² + nνlog(q)), whereνis the valuation of the discriminant ofQ; the relation tobasic root sets, defined below, remains to be elucidated.

Sudan’s and Guruswami-Sudan’s algorithms for the list-decoding of Reed-Solomon codes [8, 18] have inspired a large body of work, some of which is directly related to Problem 1. These algorithms operate in two stages: the first stage finds a polynomial inK[x,y]

with some constraints; the second one finds its factors of the form y−f(x), forf inK[x].

The Newton-Puiseux algorithm can easily be adapted to compute such factors; in this context, it becomes essentially what is known as the Roth-Ruckenstein algorithm [16]; its cost is inO(d²n²), omitting the work for univariate root-finding.

In the context of Sudan’s and Guruswami-Sudan’s algorithms, we may actually be able to use Newton iteration directly, by ex- ploiting the fact that we are looking forpolynomialroots. Instead of computing power series solutions (that is, the Taylor expansions of these polynomial roots at the origin), one can as well start from another expansion pointx₀inK; if the discriminant ofQdoes not vanish atx₀, Newton iteration applies. IfKis finite, one cannot exclude the possibility that allx₀inKare roots ofQ; if needed, one may then look forx₀in an extension ofKof small degree. Augot and Pecquet showed in [2] that in the cases appearing in Sudan’s algorithm, there is always a suitablex₀inK.

However, for example for the Wu list decoding algorithm [21] or for the list-decoding of certain algebraic geometry codes [13], one does seek truncated power series roots. In this case, one may use Alekhnovich’s algorithm [1, App.], which is a divide and conquer variant of the Roth-Ruckenstein algorithm. It solves Problem 1 us- ingn^O(1)O^∼(d)operations inKplus calls to univariate root-finding;

the refined analysis in [13] gives the runtimeO^∼(n²d+ndlogq). Outline.We start by giving properties about the structure of the set of roots in Section 2. We will see in particular howR(Q,d)can be described recursively as the finite union of set of roots at a lower precision for shifts ofQ, that is, polynomials of the formQ(f+x^ty). From this, we will be able to derive a divide-and-conquer algorithm which is essentially Alekhnovich’s.

The reason why the runtime of this algorithm is quadratic inn is the growth of the (sum of the) degrees of these shifts. Having in mind to control this degree growth, we conclude Section 2 with the definition of so-calledreduced root sets, for which we establish useful degree properties.

In Section 3, we detail a fast algorithm for the computation of affine factors, which are polynomials having the same roots as the shifts but which can be computed more efficiently thanks to the degree properties of our reduced root sets. Finally, in Section 4, we incorporate this into the divide and conquer approach, leading to our fast power series roots algorithm.

2 STRUCTURE OF THE SET OF ROOTS

Recall the notation of Problem 1. In the following analysis, we consider knowingQto arbitrary precision, i.e.Q∈K[[x]][y]. For convenience, we also define for anyd ≤0 thatR(Q,d) =K[[x]].

First, we introduce basic notation.

• v_x:K[[x]][y]\ {0} →Z≥0denotes the valuation atx, that is,vx(Q)is the greatest power ofxwhich dividesQ, for any nonzeroQ∈K[[x]][y].

• ForQ∈K[[x]][y], we writeQ_|x=0for the univariate polynomial inK[y] obtained by replacingxby 0 inQ.

(4)

• We denote byS_d =K[[x]]/(x^d)the ring of power series in xoverKtruncated at precisiond.

• To avoid confusion, deg(·)stands for the degree of some polynomial inyoverK, overK[[x]], or overS_d, whereas the degree of polynomials inK[x] is denoted using deg_x(·). The next lemma follows from the above definitions, and shows that we can focus on the casevx(Q)=0.

Lemma 2.1. LetQ ∈ K[[x]][y]be nonzero and letd ∈ Z>0. If Q_|x=0=0, thenR(Q,d)=R(x⁻^sQ,d−s), wheres=vx(Q).

Now, we will focus on a compact way of representing root sets, and we will see thatR(Q,d)always admit such a representation even though it is usually an infinite set. Similar representations are also behind the correctness and the efficiency of the algorithms of Roth-Ruckenstein [16], of Alekhnovich [1, App.], and of Berthomieu-Lecerf-Quintin [4, Sec. 2.2]. To support the divide- and-conquer structure of our algorithm, we further describe how these representations compose.

Definition 2.2. LetQ∈K[[x]][y]be nonzero and letd∈Z>0. A basic root setofQto precisiondis a finite set of pairs(f_i,t_i)₁_≤i_≤`, each inK[x]×Z≥0, such that:

• vx(Q(fi+x^tⁱy))≥dfor1≤i≤`,

• we have the identity R(Q,d)= [

1≤i≤`

(fi +x^tⁱK[[x]]) .

Ford≤0, we define the unique basic root set ofQto precisiondas being{(0,0)}; note that it satisfies both conditions above.

We remark that the first restriction on being a basic root set is key: for instance,Q =y²+y ∈ F2[[x]][y] hasR(Q,1) =F2[[x]].

But{(0,0)}isnota basic root set because it does not satisfy the first property; rather a basic root set is given by expanding the first coefficient:{(0,1),(1,1)}.

At precisiond =1, one can easily build a basic root set ofQ which has small cardinality:

Lemma 2.3. LetQ ∈ K[[x]][y]be such thatQ_|x=0 ,0, and let y₁, . . . ,y_`be the roots ofQ_|x=0. Then,(y_i,1)₁≤i≤`is a basic root set ofQto precision1.

Proof. Takeiin{1, . . . , `}and write the Taylor expansion of Q(yi+xy)asQ(yi+xy)=Q(yi)+xRi(y), for someRi ∈K[[x]][y].

Since both terms in the sum have valuation at least 1, we obtain thatsi =vx(Q(yi+xy))is at least 1. Furthermore, we remark that

R(Q,1)={f ∈K[[x]]|Q(f)=0 modx}

={f ∈K[[x]]|Q_|x=0(f₀)=0},

wheref₀is the constant coefficient off. Thus,R(Q,1)is the set of f ∈K[[x]] whose constant coefficient is in{y₁, . . . ,y_`}. Proposition 2.4. LetQ∈K[[x]][y]be such thatQ_|x=0,0and letd⁰,dbe inZ≥0, withd⁰≤d. Suppose thatQadmits a basic root set (fi,ti)₁_≤i_≤`to precisiond⁰. Suppose furthermore that, for1≤i≤`, Q(f_i+x^tⁱy)/x^sⁱadmits a basic root set(f_i,j,t_i,_j)₁_≤j_≤`_i to precision d−s_i, wheres_i =v_x(Q(f_i +x^tⁱy)). Then, a basic root set ofQto precisiondis given by

(f_i+f_i,_jx^tⁱ,t_i +t_i,j)₁_≤j_≤`_i_,1_≤i_≤`.

Proof. For 1≤i ≤`, letQ_i =Q(f_i+x^tⁱy)/x^sⁱ. Then, for all i,j, from the definition of basic root sets, we have

v_x

Q(f_i+f_i,jx^tⁱ+x^tⁱ^+t^i,j) =v_x

x^sⁱQ_i

|y=fi,j+x^ti,jy

≥si+(d−si).

This proves that the first property of Definition 2.2 holds.

For the second property, we prove both inclusions leading to the identityR(Q,d)=∪_i,j{f_i+x^tⁱf_i,j+x^tⁱ^+t^i,^jK[[x]]}.

First, consider somef ∈ R(Q,d); sinced⁰≤d,f is inR(Q,d⁰), so we can writef =fi+x^tⁱд, for someiin{1, . . . , `}andдinK[[x]].

Then,Q(f)=x^sⁱQ_i(д)=0 modx^d, and soд∈ R(Q_i,d−s_i). This implies thatд∈fi,j+x^tⁱ^,^jK[[x]] for somej.

Now consider a power seriesд∈ R(Q_i,d−s_i)for somei. This means thatQ_i(д) = 0 modx^max(0,d−sⁱ⁾, so thatQ(f_i +x^tⁱд) = x^sⁱQi(д)=0 modx^d, and thereforefi+x^tⁱдis inR(Q,d). We now deduce, by induction ond, that anyQ∈K[[x]][y] admits a finite basic root set to precisiondfor anyd∈Z≥0. By Lemma 2.1 we can reduce to the case wherev_x(Q)=0 andQ_|x=0 ,0. The claim is readily seen to be true ford≤0 (take{(0,0)}) andd=1 (Lemma 2.3). Suppose the claim holds for alld⁰<d, for somed≥2;

we can then apply this property tod−1, obtaining a basic root set(fi,ti)₁_≤i_≤`ofQto precisiond−1. We know that, with the notation of Proposition 2.4,s_i ≥d−1 holds for alli, so in particular si ≥1, and thusd−si <d. Then, applying again the induction property to each of(Q_i,d−s_i)_i, the conclusion of Proposition 2.4 establishes our claim.

These results can be used to build basic root sets recursively, by either applying Lemma 2.3 iteratively or using Proposition 2.4 in a divide-and-conquer fashion with Lemma 2.3 applied at the leaves. As discussed in Section 1, this recursive approach is similar to the Newton-Puiseux algorithm. These iterative and divide and conquer solutions to Problem 1 are known in coding theory as the Roth-Ruckenstein algorithm [16] and the Alekhnovich algorithm [1, App.]. Below, we describe the latter algorithm in detail (Algorithm 1), since our new algorithm runs along the same lines (Algorithm 4). We will not further discuss the correctness or complexity of Algorithm 1, but rather refer to [1, App.] or [13, App. A].

Algorithm 1 :DnCSeriesRoots[1]

Input: d∈Z>0andQ∈ S_d[y] withQ_|x=0,0.

Output: A basic root set ofQto precisiond.

1 ifd=1then

2 (y_i)₁≤i≤`←roots ofQ|x=0∈K[y]

3 return(yi,1)₁_≤i_≤`

4 else

5 (fi,ti)₁_≤i_≤`←DnCSeriesRoots(Qmodx^dd/2^e,dd/2e)

6 (Q_i)₁_≤i_≤`←(Q(f_i+x^tⁱy)modx^d)₁_≤i_≤`

7 (si)₁_≤i_≤`←(vx(Qi))₁_≤i_≤`

8 for1≤i≤`do

9 ifs_i ≥dthen

10 (f_i,1,t_i,1)←(0,0)and`i ←1

11 else

12 (fij,tij)₁_≤j_≤`_i ←DnCSeriesRoots(x^−sⁱQi,d−si)

13 return(f_i+x^tⁱf_i,j,t_i+t_i,j)₁_≤j_≤`_i_,1_≤i_≤`.

(5)

The next step is to prove that there are special, small basic root sets, and that these also compose in a way similar to Proposition 2.4.

In order to formulate this, we first introduce a generalization of root multiplicity to our setting.

Definition 2.5. Let(f,t)∈K[x]×Z>0be such thatf is nonzero andf =д+ft−1x^t−¹for someд∈K[x]withdeg_x(д)<t−1. For Q∈K[[x]][y]\ {0}, we consider the polynomial of valuation zero

R=Q(д+x^t−¹y)/x^v^x^(Q(д+x^t−¹^y))∈K[[x]][y].

Then, theroot multiplicity of(f,t)inQis the root multiplicity of f_t−₁inR_|x=0∈K[y].

Note that ifft−1is not a root ofR_|x=0, the root multiplicity of (f,t)is 0. Also, ift=1, so thatf =f₀is inK, and ifQ|x=0,0, the root multiplicity of(f₀,1)is simply the multiplicity off₀inQ_|x=0. Definition 2.6. LetQ ∈K[[x]][y]be such thatQ|x=0,0and letdbe inZ. Suppose that(fi,ti)₁_≤i_≤` is a basic root set ofQat precisiond. Then, we say that(f_i,t_i)₁_≤i_≤`is areduced root set, if the following holds:

• eitherd≤0,

• ord>0, and all thef_i’s are nonzero, and the following points are all satisfied, where for1≤i≤`, we writesi =vx(Q(fi+x^tⁱy)), Qi =Q(fi+x^tⁱy)/x^sⁱ, and we writemifor the root multiplicity of(f_i,t_i)inQ:

(1) mi ≥1for1≤i≤`,

(2) deg(Qi|x=0)≤m_ifor1≤i≤`, and (3) P

1≤i≤`mi ≤deg(Q_|x=0).

It follows from the restrictions(1)and(3)that`≤deg(Q|x=0).

Mimicking the structure of the first half of the section, we now prove the existence of reduced root sets ford=1 and then give a composition property. The next lemma is inspired by [1, Lem. 1.1].

Lemma 2.7. LetQ∈K[[x]][y]be such thatQ_|x=0,0. The basic root set ofQto precision1defined in Lemma 2.3 is reduced.

Proof. Lety₁, . . . ,y_`be the roots ofQ_|x=0, and, for 1≤i≤`, letsi =vx(Q(yi+xy)),Qi =Q(yi+xy)/x^sⁱ, and letmibe the root multiplicity ofy_iinQ_|x=0.

The inequalitiesmi ≥1, for 1≤i≤`, andP

imi ≤deg(Q_|x=0) are clear. Consider now a fixed indexi; it remains to prove that deg(Qi|x=0)≤mi. There areP∈K[y] andR∈K[[x]][y] such that P(yi),0 andQ=(y−yi)^mⁱP(y)+xR. Then

x^sⁱQi =Q(yi+xy)=(xy)^mⁱP(yi+xy)+xR(yi+xy). The right-hand side reveals the following:

• Any monomialx^αy^βinx^sⁱQi satisfiesα ≥β, and hence deg(Qi|x=0)≤s_i.

• x^sⁱQicontains the term(xy)^mⁱP(yi), since this appears in (xy)^mⁱP(y_i+xy)and it cannot be cancelled by a term in xR(yi+xy)since all monomials there have greaterx-degree thany-degree.

These two points imply deg(Qi|x=0)≤s_i ≤m_i. The following theorem is exactly the statement of Proposition 2.4 except that “basic” has been replaced by “reduced”.

Theorem 2.8. LetQ ∈K[[x]][y]be such thatQ_|x=0,0and let d⁰,dbe inZ≥0, withd⁰≤d. Suppose thatQadmits a reduced root set(f_i,t_i)₁_≤i_≤`to precisiond⁰. Fori=1, . . . , `, suppose furthermore thatQ(fi+x^tⁱy)/x^sⁱ admits a reduced root set(fi,j,ti,j)₁_≤j_≤`_i to precisiond−si, wheresi =vx(Q(fi +x^tⁱy)). Then a reduced root set ofQto precisiondis given by

(f_i +f_i,_jx^tⁱ,t_i+t_i,j)₁_≤j_≤`_i_,1_≤i_≤`.

Proof. By Proposition 2.4 it is clear that the specified set is a basic root set, and we should verify the additional restrictions of Definition 2.6. Introduce for eachi,j

Qi,j=Q(fi+fi,jx^tⁱ+x^tⁱ^+tî,^jy)/x^sî,^j =Qi(fi,j+x^tî,^jy)/x^sî,^j, whereQi =Q(fi+x^tⁱy)/x^sⁱ andsi,j =vx(Qi(fi,j+x^tî,^jy)).

Consider first for somei the cased−s_i ≤ 0. Then`_i = 1 and(f_i,1,t_i,1) =(0,0), and so the root multiplicitym_i,1of(fi + f_i,1x^tⁱ,t_i+t_i,₁)inQism_i which is positive by assumption. Also Qi,j =Qi so deg(Qi,j|x=0)=deg(Qi|x=0)which is at mostmi = m_i,1by assumption. Finally,P

jm_i,_j=m_i,1=m_i. We will collect the latter fact momentarily to prove the third item of the reduced root definition.

Consider next aniwhered−s_i >0. In this caset_i,j >0 for all 1≤j ≤`i, and the root multiplicity of(fi+fi,jx^tⁱ,ti+ti,j)inQ equals the root multiplicitymi,jof(f_i,j,t_i,_j)inQ_iwhich is positive by assumption. The assumptions also ensure that deg(Qi,j|x=0)≤ m_i,j, andP

jm_i,j ≤deg(Qi|x=0)≤m_i.

Thus, the two first restrictions on being a reduced root set is satisfied for each element. All that remains is the third restriction:

but using our previous observations, we haveP

iP

jmi,j ≤P

imi

and this is at most deg(Q_|x=0)by assumption.

To solve Problem 1 we will compute a reduced root set using Lemma 2.7 and Theorem 2.8. Note that it follows that a reduced root set is essentially unique: apart from possible redundant elements among thefi, non-uniqueness would only be due to unnecessarily expanding a coefficient in a root(f,t), that is, replace that root by the|K|roots(f +ax^t,t+1)_a_∈_K. Of course this could only be an issue ifKis finite and if deg(Q_|x=0)is very large. Our algorithm as well as previous ones are computing the “minimal” set of reduced roots. According to Theorem 2.8, the total number of field elements required to represent this minimal set cannot exceed ddeg(Q_|x=0)≤ddeg(Q).

3 AFFINE FACTORS OF THE SHIFTS

The appendix A of [13] gives a careful complexity analysis of Al- gorithm 1, and proves that it runs in timeO^∼(dn²+dnR_K), where n=deg(Q). The main reason why the cost is quadratic in deg(Q) is that all the shifted polynomialsQi =x^−sⁱQ(fi+x^tⁱy)can have large degree, namely up to deg(Q). Thus, merely representing the Qi’s may use a number of field elements quadratic in deg(Q).

Nonetheless, we are actually not interested in these shifts them- selves, but only in their reduced root sets. The number of these roots is well controlled: the shifts have altogether a reduced root set of at most deg(Q_|x=0)elements. Indeed, by definition, we know that deg(Qi|x=0)is at most the multiplicitymiof the root(fi,ti), and the sum of these multiplicities is at most deg(Q_|x=0).

(6)

The difficulty we face now is that we want to efficiently compute reduced root sets of the shifts without fully computing these shifts.

To achieve this, we compute for each shiftQ_ia factor of it which has the same roots and whose degree is deg(Qi|x=0)≤mi,without entirely computingQi itself. We design a fast algorithm for computing these factors, by using ideas from [11, Algo. Q], in which we also incorporate fast modular reduction techniques so as to care- fully control the quantity of information we process concerning the shifts.

The next result formalizes the factorization we will rely on. It is a direct consequence of the Weierstrass preparation theorem for multivariate power series [22, VII.§1. Cor. 1 of Thm. 5].

Theorem 3.1. LetQ ∈ K[[x]][y]be such thatQ_|x=0 ,0. Then, there exist uniqueA,B ∈K[[x]][y]such thatQ=AB,Ais monic and B_|x=0∈K\ {0}.

In the case at hand, one may as well derive existence and uniqueness ofAandB(together with a slow algorithm to compute them) by writing their unknown coefficients asA=a₀(y)+xa₁(y)+· · · B=b₀+xb1(y)+· · ·, withb₀inK\ {0}and allai’s (i≥1) of degree less than that ofa₀. Extracting coefficients ofx⁰,x¹, . . ., we deduce that the relationQ=ABdefines thea_i’s andb_i’s uniquely.

In what follows,Ais called theaffine factorofQ. Remark that if we start fromQinS_d[y], we can still define its affine factor as a polynomial inS_d[y], by reducing modulox^dthe affine factor of an arbitrary lift ofQtoK[[x]][y] (the construction above shows that the result is independent of the lift).

Our algorithm will compute the affine factors(Ai)₁_≤i_≤`of the shifts(Q_i)₁_≤i_≤` at some prescribed precisiondinx, having as inputQand the shifting elements(fi+x^tⁱy)₁_≤i_≤`. A factorization Q_i =A_iB_ican be computed modulo any powerx^dofxfrom the knowledge ofQiby means of Hensel lifting [11, Algo. Q], doubling the precision at each iteration. However, the above-mentioned degree bounds indicate that neither the shifts(Qi)_inor the cofactors (Bi)_imay be computed modulox^din time quasi-linear in deg(Q) andd: the key of our algorithm is to show how to compute the affine factorsAiat precisionddirectly fromQwithin the prescribed time bounds. (Hensel lifting factorization techniques were also used in [4], but in a context without the degree constraints that prevent us from computing the shiftsQi). Hereafter,AquoBand AremBdenote the quotient and the remainder in the division of the polynomialAby the monic polynomialB.

The input of the algorithm is the polynomialQknown modulo x^d, as output, we compute the affine factorsAi of the shifts at respective precisionsd−si, together with the valuationsi; ifsi ≥d, we detect it and return(0,d). The initialization consists in computing the affine factors of thex-constant polynomials(Qi|x=0)₁_≤i_≤`. If these polynomials are known, this is straightforward: the affine factor ofQi|x=0is itself divided by its leading coefficient, which is a nonzero constant fromK. It turns out that computing these polynomials is not an issue; remark that the sum of their degrees is at mostm₁+· · ·+m_` ≤ deg(Q). Explicitly, we first compute the remainders(Q(fi +x^tⁱy)remy^mⁱ⁺¹)_i via fast modular reduction techniques; then, we can both retrieve the valuations (s_i)_i = (v_x(Q(f_i +x^tⁱy)))_i (or, more precisely,s_i^∗ = min(si,d)), and, whensi <d, thex-constant terms ofQi =x^−sⁱQ(fi+x^tⁱy)to carry out the initialization step (Line 1 to Line 11 in Algorithm 3).

Before continuing to describe the algorithm, we detail one of its main building blocks (Algorithm 2): the fast computation of simultaneous shifted remainders via multiple modular reduction.

Algorithm 2 :ShiftedRem

Input: a commutative ringA, a polynomialQ∈ A[y], and triples (Ai,fi,ri)₁_≤i_≤` ∈ A[y]× A × A, with theAi’s monic.

Output: the remaindersQ(fi +riy)remAi for 1≤i≤`.

1 (A¯_i)₁_≤i_≤`←(P

0≤j≤δir_i^δⁱ^−ja_i,jy^j)₁_≤i_≤`

2 where(A_i)₁≤i≤`=(P

0≤j≤δia_i,_jy^j)₁≤i≤`witha_i,δ_i =1

3 (Aˆ_i)₁_≤i_≤`←(A¯_i(y−f_i))₁_≤i_≤`

4 (Rˆ_i)₁_≤i_≤`←(Qrem ˆA_i)₁_≤i_≤`

5 (R_i)₁_≤i_≤`←(Rˆ_i(f_i+r_iy))₁_≤i_≤`

6 return(Ri)₁_≤i_≤`

Proposition 3.2. Algorithm 2 is correct and uses O^∼(deg(Q)+deg(A₁· · ·A_`)) operations inA.

Proof. Leti∈ {1, . . . , `}. Since Â_iis monic, the remainder ˆR_i = Qrem Âiis well-defined, andQ=PiAî+Rîwith deg(Rî)<deg(Q) andPi ∈ A[y]. Then, we have

Q(f_i+r_iy)=P_i(f_i+r_iy)Aˆ_i(f_i+r_iy)+Rˆ_i(f_i+r_iy)

=P_i(f_i+r_iy)A¯_i(r_iy)+R_i(y)

=Pi(fi+riy)r_i^δAi(y)+Ri(y),

which ensuresRi =Q(fi+riy)remAi(y), hence the correctness.

Concerning the cost bound, the polynomial ¯A_iis computed using at most 2δi multiplications inA, whereδi =deg(Ai), and then Aîis computed by fast shifting usingO^∼(δi)operations inA[19, Thm. 9.15]. The conclusion follows, since fast remaindering can be used to compute all remainders(Rˆ₁, . . . ,Rˆ_`)simultaneously in O^∼(deg(Q)+δ₁+· · ·+δ_`)operations inA. Indeed, we start by computing the subproduct tree inO^∼(δ₁+· · ·+δ_`)operations [19, Lem. 10.4], which gives us in particular the product Â₁· · ·Aˆ_`. Then, we compute the remainder ˆR=Qrem Â₁· · ·Aˆ_`, which can be done inO^∼(deg(Q)+δ₁+· · ·+δ_`)operations inAusing fast division [19, Thm. 9.6]. Finally, the sought ˆRi =Rˆmod Âi are computed by going down the subproduct tree, which costsO^∼(δ₁+· · ·+δ_`)

operations inA[19, Cor. 10.17].

Now, let us describe how we implement the Hensel lifting strategy to manage to compute the sought affine factors without fully computing the shifts. In addition to the affine factors, we will make use of partial information on the inverse of the cofactor: we compute this inverse modulo the affine factor. Let 1≤i≤`and assume that we have computed, at precisionK,

• the affine factorA_i ∈ S_K[y] ofQ_i modx^K,

• Ci=B_i⁻¹remAi ∈ S_K[y], whereBi ∈ S_K[y] denotes the cofactor such thatA_iB_i =Q_i modx^K.

Note thatB_i is invertible as a polynomial ofS_K[y] since by defini- tionBi|x=0∈K\ {0}. Thus, our requirement is that the inverse of B_icoincides withC_iwhen working moduloA_i.

(7)

Algorithm 3 :AffineFacOfShifts

Input: a precisiond ∈ Z>0, a polynomialQ ∈ S_d[y] such that Q_|x=0,0, and triples(f_i,t_i,m_i)₁_≤i_≤` ⊂ S_d×Z>0×Z>0. Output: (A_i,s_i)₁_≤i_≤` with(A_i,s_i) = (0,d)ifQ(f_i +x^tⁱy) = 0

inS_d[y], and otherwisesi = vx(Q(fi +x^tⁱy)) < d and A_i ∈ S_d−s

i[y] is the affine factor ofQ_i =x^−sⁱQ(f_i+x^tⁱy) at precisiond−si.

Requires:mi is such thatAi=0 or deg(Ai)≤mi, for 1≤i≤`.

1 I ←(1, . . . , `) /*list of not yet computed factors*/

2 (Ri)₁_≤i_≤`←ShiftedRem(S_d,Q,(y^mⁱ⁺¹,fi,x^tⁱ)₁_≤i_≤`)

3 /*Process trivial affine factors*/

4 for1≤i≤`such thatRi =0do

5 (A_i,s_i)←(0,d), and removeifromI

6 /*Set valuations and compute affine factorsmodx*/

7 fori∈ Ido

8 s_i ←v_x(R_i)

9 R¯i ∈K[y] ←(x^−sⁱRi)_|x=0

10 C_i ∈K\ {0} ←inverse of the leading coefficient of ¯R_i

11 Ai ∈ S₁[y] ←CiR¯i

12 /*Each iteration doubles the precision*/

13 for1≤k≤ dlog₂(d)edo

14 fori∈ Isuch thatd−si ≤2^k−¹do

15 removeifromI

16 K←2^k−¹; (δi)_i_∈I←(min(K,d−si−K))_i∈I 17 /*Lift the affine factors(A_i)_i to precisionsδ_i+K*/

18 (Ri)_i_∈I←ShiftedRem(S_d,Q,(A¯i,fi,x^tⁱ)_i_∈I),

19 where ¯A_i isA_ilifted intoS_d[y]

20 (A_i>∈ S_δ

i[y])_i∈I←((x^−sⁱ^−KR_iC_i)remAi)_i∈I,

21 withx^−sⁱ^−KR_i,C_i, andA_itruncated at precisionδ_i

22 (A_i ∈ S_δ

i+K[y])_i∈I ←(A_i+x^KA_i>)_i∈I

23 /*Find the cofactor inverses(Ci)_i at precisionsδi+K*/

24 (S_i)_i_∈I←ShiftedRem(S_d,Q,(A¯²_i,f_i,x^tⁱ)_i_∈I),

25 where ¯Ai isAilifted inS_d[y]

26 (C_i ∈ S_δ

i+K[y])_i_∈I←(((x^−sⁱS_i)quoAi)⁻¹remA_i)_i_∈I,

27 withx^−sⁱS_iandA_i truncated at precisionδ_i+K

28 return(A_i,s_i)₁_≤i_≤`

Now, we want to find similar polynomials when we increase the precision to 2K. The main point concerning efficiency is that we will be able to do this by only considering computations modulo the affine factorsA_iand their squares; remember that we control the sum of their degrees. In the algorithm, we increase for each ithe precision fromKtoK+δ_i, which is taken as the minimum of 2Kandd−si: in the latter case, this is the last iteration which affectsA_i, since it will be known at the wanted precisiond−s_i.

First, we use fast remaindering to getRi =Q(fi+x^tⁱy)remAiat precisiondinx, simultaneously for alli(see Line 18); this gives us QiremAi =x^−sⁱRiremAiat precisiond−si, and thusK+δi. Since Ai is the affine factor ofQi at precisionK,QiremAi is divisible byx^K.

We then look forA_i>∈ S_δ

i[y] such that ˆA_i =A_i+x^KA_i>is the affine factor ofQiat precisionK+δi; to ensure that ˆAiis still monic, we require that deg(Ai>)<deg(Ai). Thus, we can determineA_i>

by working moduloA_i: having

(Ai+x^KAi>)(Bi+x^KBi>)=Qi, at precisionK+δi, for someB_i>∈ S_δ

i[y], implies that the identity A_i>B_i =x^−KQ_i

holds moduloAiand at precisionδi. Multiplying byCi =B⁻_i¹on both sides yields

Ai>=(x^−KQiCi)remAi =(x^−K^−sⁱRiCi)remAi. Therefore, Line 20 and Line 22 correctly lift the affine factor ofQ_i from precisionKto precisionK+δi.

From now on, we work at precisionK+δi, and, as in the pseudo- code, we denote byAi the affine factor obtained through the lifting step above (that is,A_i ← Aˆ_i). Besides, letC_i now denote the cofactor inverse at precisionK+δi:Ci =B⁻_i¹remAi, where B_i ∈ S_K+δ

i[y] is the cofactor such thatQ_i=A_iB_i. Our goal is to computeCi, without computingBibut onlyBiremAi.

We remark that the remainderS_i =Q(f_i+x^tⁱy)remA²_i (as in Line 24) is such thatx^−sⁱS_i =Q_iremA²_i =A_i(B_iremAi);x^−sⁱS_i is known at precisiond−si ≥K+δi. Thus,

(x^−sⁱS_i)quoAi =B_iremAi, and thereforeCican be obtained as

C_i =B⁻_i¹remA_i=((x^−sⁱS_i)quoA_i)⁻¹remAi.

This shows that Line 26 correctly computesCiat precisionK+δi. Proposition 3.3. Algorithm 3 is correct and uses

O^∼

d(deg(Q)+m₁+· · ·+m_`) operations inK.

Proof. The correctness follows from the above discussion. Con- cerning the cost bound, we will use the following degree properties. SinceAi is monic, we have the degree bound deg(Ai) = deg(Ai|x=0)≤m_ifor alliand at any iteration of the loop; and since Ciis always computed moduloAi, we also have deg(Ci)<mi.

The cost of the initialization (Line 1 to Line 11) is dominated by the computation of shifted remainders at Line 2, which costs O^∼(d(deg(Q)+m1+· · ·+m`))operations inKaccording to Propo- sition 3.2. The same cost bound holds for each call toShiftedRemat Line 18 or Line 24, since we have deg(Ai)≤miand deg(A²_i)≤2mi. At both Line 20 and Line 26, the degrees ofR_i,C_i, andA_i are at mostmi; besides, we haveδi ≤dandδi+K ≤2d. Thus, the quotient and remainder computations useO^∼(d(m₁+· · ·+m_`)) operations inKaccording to [19, Thm. 9.6].

Finally, at Line 26 we are performing the inversion of the polynomial((x^−sⁱRi)quoAi)moduloAi; it is invertible inS_δ

i+K[y]/(Ai) since itsx-constant coefficient is a nonzero field element. As a consequence, this this inversion can be done inO^∼((δ_i+K)deg(Ai)) field operations using Newton iteration [19, Thm. 9.4], and altogether Line 26 costsO^∼(d(m₁+· · ·+m_`))operations inK.

Summing these cost bounds over thedlog₂(d)eiterations yields

the announced total cost bound.

(8)

4 FAST SERIES ROOTS ALGORITHM

In this section, we describe our fast algorithm for solving Problem 1.

As explained above, it follows the divide and conquer strategy of Algorithm 1, with the main modification being that we incorporate the fast computation of the affine factors of the shifts (Algorithm 3).

This leads to a better efficiency by yielding more control on the degrees of the polynomials that are passed as arguments to the recursive calls. Besides, we also propagate in recursive calls the information of the multiplicities of the roots, which is then used as an input of Algorithm 3 to specify the list of degree upper bounds for the affine factors.

We start with a lemma which states that taking affine factors preserves reduced root sets.

Lemma 4.1. LetQbe inK[[x]][y], withQ_|x=0 ,0, and letA ∈ K[[x]][y]be its affine factor. Then, any reduced root set ofAat precision dis a reduced root set ofQat precisiond.

Proof. The claim follows from the factorizationQ=AB, with B_|x=0∈K\ {0}. Indeed, as a result,B(P)is a unit inK[[x]][y] for anyPinK[[x]][y], henceR(Q,d)=R(A,d)for anyd; similarly, for any(f,t),Q(f +x^ty)andA(f +x^ty)have the same valuation, say s, andQ(f +x^ty)/x^sandA(f +x^ty)/x^sdiffer by a constant factor.

In particular, if{(f_i,t_i)}_iis a basic root set ofA, it is a basic root set ofQ, and the multiplicities of(fi,ti)inAandQare the same. This implies that if{(f_i,t_i)}_iis in fact a reduced root set ofA, it remains

so forQ.

We continue with a procedure that operates on polynomials in K[[x]][y], without applying any truncation with respect tox: as such, this is not an algorithm overK, as it defines objects that are power series inx, but it is straightforward to prove that it outputs a reduced root set. Remark that this procedure uses affine factors at

“full precision”, that is, inK[[x]][y], so Algorithm 3 is not used yet.

Algorithm 4 :SeriesRoots∞

Input: d∈Z>0andQ∈K[[x]][y] such thatQ_|x=0,0.

Output: List of triples(fi,ti,mi)₁_≤i_≤` ⊂K[x]×Z^≥0×Z>0formed by a reduced root set ofQto precisiondwith multiplicities.

1 ifd=1then

2 (y_i,m_i)₁_≤i_≤`←roots with multiplicity ofQ_|x=0∈K[y]

3 return(yi,1,mi)₁_≤i_≤`

4 else

5 (f_i,t_i,m_i)₁_≤i_≤`←SeriesRoots∞(Q,dd/2e)

6 (si)₁_≤i_≤`←(vx(Q(fi+x^tⁱy))₁_≤i_≤`

7 (A_i)₁_≤i_≤`←(AffineFactor(Q(f_i+x^tⁱy)/x^sⁱ))₁_≤i_≤`

8 for1≤i≤`do

9 ifs_i ≥dthen

10 (f_i,1,ti,1,m_i,1)←(0,0,mi)and`i ←1

11 else

12 (f_i,_j,t_i,j,m_i,_j)₁≤j≤`i ←SeriesRoots∞(A_i,d−s_i)

13 return(fi+x^tⁱfi,j,ti+ti,j,mi,j)₁_≤j_≤`_i_,1_≤i_≤`.

Proposition 4.2. Algorithm 4 is correct.

Proof. We prove this by induction ond ≥1. By Lemma 2.7, the algorithm is correct for the induction base cased=1. Take

d>1, and assume that the algorithm is correct for alld⁰<d. Then, we obtain a reduced root set(fi,ti)from the first recursive call, so in particular the valuationss_iare at least equal tod⁰≥1. This shows thatd−si <d, so the second recursive call is made at a lower precision, and the procedure terminates.

By induction, in all cases,(f_i,_j,t_i,j)₁≤j≤`iis a reduced root set of Qito precisiond−si: this is obvious whensi ≥d, and follows from Lemma 4.1 whens_i <d. Theorem 2.8 implies that(f_i+x^tⁱf_i,_j,t_i+ ti,j)₁_≤j_≤`_i_,1_≤i_≤`is a reduced root set ofQto precisiond. We verify that the integersm_i,j are the associated multiplicities as we did in

the proof of that theorem.

Next, we describe a similar algorithm, where we maintain the input polynomial with degree less thandinx(when it is the case, we say that it isreduced modulox^d). To differentiate this version from the previous one and facilitate proving the correctness, we add a superscript^∗to the objects handled here when they differ from their counterpart in Algorithm 4. Remark that we do not claim that the output forms a reduced root set ofQ^∗, merely a basic root set; we also do not claim that them_i’s in the output are the corresponding multiplicities.

Algorithm 5 :SeriesRootsTrc

Input: d∈Z>0andQ^∗∈K[[x]][y] reduced modulox^dsuch that Q^∗_|x=0,0.

Output: List of triples(f_i,t_i,m_i)₁_≤i_≤` ⊂K[x]×Z≥0×Z>0formed by a basic root set ofQ^∗to precisiond.

1 ifd=1then

2 (yi,mi)₁_≤i_≤`←roots with multiplicity ofQ^∗_|x=0∈K[y]

3 return(y_i,1,m_i)₁_≤i_≤`

4 else

5 (fi,ti,mi)₁_≤i_≤`←SeriesRootsTrc(Q^∗remx^d^d/2^e,dd/2e)

6 (A^∗_i,s_i^∗)₁≤i≤`←AffineFacOfShifts(Q^∗,d,(f_i,t_i,m_i)₁≤i≤`)

7 for1≤i≤`do

8 ifs_i^∗=dthen

9 (f_i,1,t_i,1,m_i,1)←(0,0,mi)and`i ←1

10 else

11 (fi,j,ti,j,mi,j)₁_≤j_≤`_i ←SeriesRootsTrc(A^∗_i,d−s^∗_i)

12 return(f_i+x^tⁱf_i,j,t_i+t_i,j,m_i,_j)₁≤j≤`i,1≤i≤`.

Proposition 4.3. Algorithm 5 is correct.

Proof. We claim that ford>0 and anyQandQ^∗inK[[x]][y]

such thatQ^∗=Qremx^d, the outputs ofSeriesRoots∞(Q,d)and SeriesRootsTrc(Q^∗,d) are the same. Before proving this claim, remark that it implies the correctness of Algorithm 5: we know that this output is a reduced, and thus basic, root set ofQto precisiond.

SinceQandQ^∗are equal modulox^d, one verifies easily that this output is thus a basic root set ofQ^∗to precisiondas well.

We prove the claim by induction ond. Ifd=1, the result is clear, as we compute the same thing on both sides.

Ford > 1, sinceQ^∗remx^dd^/2ê = Qremx^dd/2ê, the induction assumption shows that(fi,ti,mi)₁_≤i_≤às computed in either SeriesRoots∞orSeriesRootsTrcare the same.