ON THE COMPUTATION OF RATIONAL POINTS OF A HYPERSURFACE OVER A FINITE FIELD 1 ´ EDA CESARATTO1,2 , GUILLERMO MATERA1,2 , AND MARIANA PEREZ
Abstract. We analyze a family of algorithms for computing rational points of hypersurfaces defined over a finite field based on searches on “vertical strips”, namely searches on parallel lines in a given direction. We consider two basic models of generation of vertical strips: an “independent” model, where repetitions are allowed, and a “nonindependent one”, where repetitions are avoided. We determine the asymptotic probability distribution of the number of searches and show that it decays with an exponential ratio in both models. We also analyze the probability distribution of outputs, using the notion of Shannon entropy, and prove that both models are somewhat close to any “ideal” equidistributed algorithm.
1. Introduction Let Fq be the finite field of q elements, let X1 , . . . , Xr be indeterminates over Fq and let Fq [X1 , . . . , Xr ] denote the ring of r–variate polynomials with coefficients in Fq for any positive integer r. Let Fr,d := {F ∈ Fq [X1 , . . . , Xr ] : deg(F ) ≤ d} for integers r ≥ 2 and d ≥ 2 and let F be an arbitrary element of Fr,d . In this paper we address the problem of finding an Fq –rational zero of F , namely a point x ∈ Fqr with F (x) = 0. It is well–known that the elements of Fr,d have q r−1 zeros in Fqr on average. More precisely, we have the following result (see, e.g., [15, Theorem 6.16]): X 1 (1.1) N (F ) = q r−1 , |Fr,d | F ∈Fr,d
Fqr
where N (F ) := |{x ∈ : F (x) = 0}|. The average deviation from the expected value q r−1 has also been analyzed (see, e.g., [15, Theorem 6.17]). If the polynomial F under consideration is absolutely irreducible, that is, it is irreducible as an element of Fq [X1 , . . . , Xr ], where Fq denotes the algebraic closure of Fq , then explicit upper bounds on the deviation |N (F ) − q r−1 | are known (see, e.g., [5]). We remark that “most” elements of Fr,d are absolutely irreducible (see [22] for a precise estimate on the number of absolutely irreducible elements of Fr,d ). This suggests a strategy to find an Fq –rational zero of a given F ∈ Fr,d . Since the expected number of zeros of F is equal to the number of elements of Fqr−1 , given a1 ∈ Fqr−1 , one may try to find a zero of F having a1 in its first r − 1 coordinates. This amounts to compute a zero in Fq of the univariate polynomial F (a1 , Xr ), which can be done from the vector of coefficients of F (a1 , Xr ) with O(d log q) arithmetic operations in Fq , up to logarithmic factors (see, e.g., [20, Corollary 14.16]). As an � element of Fr,d has D := d+r coefficients, the number of arithmetic operations r in Fq required to compute the vector of coefficients of F (a1 , Xr ) is O(D), up to logarithmic factors. If the polynomial F (a1 , Xr ) has no zeros in Fq , then a further element a2 ∈ Fqr−1 can be picked up to see whether F (a2 , Xr ) has a zero in Fq . The algorithm proceeds in this way until a zero of F in Fqr is obtained. As a Date: April 20, 2015. 1991 Mathematics Subject Classification. 68W40, 11G25, 14G05, 14G15. Key words and phrases. Finite fields, hypersurfaces, rational points, algorithms, probability distribution, value sets, Shannon entropy. The authors were partially supported by the grants PIP CONICET 11220130100598, PIO CONICET-UNGS 14420140100027 and UNGS 30/3084. 1
2
´ E. CESARATTO, G. MATERA, AND M. PEREZ
� consequence, the whole procedure requires O N S(F ) · D arithmetic operations in Fq , where N S(F ) is the number of elements a ∈ Fqr−1 which has to be picked until a polynomial F (a, Xr ) with a zero in Fq is obtained. In the case r = 2, this idea was proposed and analyzed in [21]. The corresponding strategy was called a “Search on Vertical Strips” (SVS for short). This paper will be devoted to analyze the SVS strategy for elements of Fr,d from a probabilistic point of view. For this purpose, we shall concentrate on the critical point of this algorithm, namely the number of vertical strips which must be generated. There are two possible approaches to generate vertical strips. On one hand, one may generate vertical strips, that is, elements of Fqr−1 , randomly and independently. This will be called the independent model in what follows. On the other hand, as repeated vertical strips lead to useless searches, one may require that each new vertical strip is distinct from all the previous ones. More precisely, given an input polynomial F ∈ Fr,d , let 1 ≤ s ≤ q r−1 and assume that the SVS algorithm has performed s − 1 unsuccessful searches on the vertical strips determined by a1 , . . . , as−1 ∈ Fqr−1 . Then the sth step of this variant of the SVS algorithm generates at random an element as ∈ Fqr−1 \ {a1 , . . . , as−1 } and searches for an Fq –rational zero of F (as , Xr ). This is what we call the nonindependent model. Each choice of vertical strips determines a concrete “version” of the SVS algorithm. Therefore, our analysis takes all these versions into account. In Sections 2 and 4 we analyze, for a given s ≥ 1 the probability distribution of the number of searches performed by the algorithm. For this purpose, we consider sets Find and Fnind which represent all possible choices of vertical strips, and the random ind nind variables Cr,d : Find × Fr,d 7→ N ∪ {∞} and Cr,d : Fnind × Fr,d 7→ N ∪ {∞} which count the number of vertical strips that are searched in both models. Our main result asserts that the probability that s vertical strips are searched is (1.2)
var Pr,d [Cr,d = s] = (1 − µd )s−1 µd + O(q −1/2 ),
Pd where µd := j=1 (−1)j−1 /j!. We remark that the quantity µd arises also in connection with another classical combinatorial problem over finite fields, that of the value set of univariate polynomials (cf. [15], [17]). More precisely, for a polynomial f ∈ Fq [T ] of degree d, the cardinality V(f ) of the value set of f is defined as V(f ) := |{f (c) : c ∈ Fq }|. In [4], Birch and Swinnerton–Dyer established the following classical result: if f ∈ Fq [T ] is a generic polynomial of degree d, then V(f ) = µd q + O(1). The estimate (1.2) relies on the analysis of Section 3, where the behavior of the SVS algorithm for a fixed choice of the first s vertical strips a1 , . . . , as ∈ Fqr−1 is determined. More precisely, we consider the behavior of the variant of the SVS algorithm which proceeds to evaluate the input polynomial F in each ai successively with i := 1, 2, . . . , until a root in Fq of a polynomial F (ai , Xr ) is obtained. It turns out that the probability that the s vertical strips are searched is essentially that of the right–hand side of (1.2). This may be considered as a “realistic” version of the SVS algorithm in the sense of [1]. As the author states, “when a randomized algorithm is implemented, one always uses a sequence whose later values come from earlier ones in a deterministic fashion. This invalidates the assumption of independence and might cause one to regard results about probabilistic algorithms with suspicion.” Our results show that the probabilistic behavior of the SVS algorithm is not essentially altered when a fixed choice of vertical strips is considered. Another critical aspect in the analysis of the SVS strategy is the distribution of outputs. Given F ∈ Fr,d , any of the variants of the SVS algorithm outputs an Fq –rational zero of F . This zero is determined by certain random choices which are made during the execution of the algorithm. As a consequence, a relevant point in the analysis of the SVS algorithm is the probability distribution of the outputs. For an ideal algorithm, outputs should be equidistributed. For this reason, in [21] the basic SVS strategy for bivariate polynomials over Fq is modified so that all possible Fq –rational zeros of the input polynomial have the same probability of being the
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
3
output. Such a modification can be also be applied to both variants of the SVS algorithm considered here. Nevertheless, we shall pursue here a different course of action, analyzing the average distribution of outputs by means of the concept of Shannon entropy. If the output of the SVS algorithm on a given input polynomial F tends to be concentrated on a few Fq –rational zeros of F , then the “amount of information” that we obtain might be said to be “small”. On the other hand, if all the Fq –rational zeros of F are equally possible outputs, then the amount of information provided by the algorithm may be considered to be larger. Following [3] (see also [2]), where homotopy algorithms for polynomials systems over the complex numbers are analyzed, we define a Shannon entropy HFvar associated to an input F ∈ Fr,d and any of the variants var ∈ {ind, nind} of the SVS algorithm, which measures how “concentrated” are the outputs of the SVS algorithm on input F . Then we analyze the average entropy of both variants of the SVS algorithm when F runs through all the elements of Fr,d , namely H var :=
X 1 HFvar . |Fr,d | F ∈Fr,d
For an “ideal” algorithm for the search of Fq –rational zeros of elements of Fr,d , from the point of view of the probability distribution of outputs, and F ∈ Fr,d , it is easy to see that HFideal = log N (F ). It follows that H ideal ≤ log(q r−1 ).
(1.3)
The main results of Section 5 assert that, for var ∈ {ind, nind}, (1.4)
H var ≥
1 log(q r−1 )(1 + O(q −1 )). 2µd
Since 1/2µd ≈ 0.79 for large d, in view of (1.3) we may paraphrase (1.4) as saying that both variants of the SVS algorithm are at least 79 per cent as good as any “ideal” algorithm, from the point of view of the distribution of the outputs. The proof of (1.4) relies on an analysis of the expected number of vertical strips of the elements of Fr,d which may be of independent interested. Denote by N S(r, d) be the average number of vertical strips with Fq –rational zeros of F , when F runs through all the elements of Fr,d . We prove that (1.5)
N S(r, d) = µd q r−1 + O(q r−2 ).
We also estimate the variance of the number of vertical strips with Fq –rational zeros. The paper is organized as follows. Section 2 is devoted to the analysis of the probability that one or two vertical strips are searched. In Section 3 we estimate the expected number of vertical strips to be searched for a given choice of s ≥ 3 (distinct) vertical strips. We express the probability that s vertical strips are searched in terms of average cardinalities of value sets and apply estimates for the latter in order to establish an explicit estimate of the former. In Section 4 we apply the results of Section 3 to establish (1.2). Section 5 is concerned with the probability distribution of outputs in both models. In Section 5.1 we establish (1.5) and an estimate of the corresponding variance. In Section 5.2 we apply these estimates to prove (1.4). Finally, in Section 6 we exhibit a few simulations aimed at confirming the asymptotic result (1.2). 2. Analysis of the probability of C = 1 and C = 2 We start the probabilistic analysis of the SVS algorithm discussing how frequently one or two vertical strips are searched. As it will become evident, this will happen in most cases. Therefore, accurate estimates on the probability of these two cases is critical for an accurate description of the behavior of the algorithm.
´ E. CESARATTO, G. MATERA, AND M. PEREZ
4
2.1. Estimates for the probability of C = 1. For positive integers r ≥ 2 and d ≥ 2, we shall estimate the probability that the SVS algorithm, on input an element of Fr,d := {F ∈ Fq [X1 , . . . , Xr ] : deg(F ) ≤ d}, finds a root in the first vertical strip, under any of the two models of generation of vertical strips mentioned in the introduction. Observe that both models proceed in the same way at the first step. Therefore we shall not distinguish them and shall drop the superscript var ∈ {ind, nind} from the notations of this section. As r and d are fixed, we shall also drop the indices r and d from the notations. Each possible choice for the first vertical strip is represented by an element of Fqr−1 . As a consequence, we may represent the situation by means of the random var variable C1 := C1,r,d : Fqr−1 × Fr,d → {1, ∞} defined in the following way: � 1 if F (a, Xr ) has an Fq –rational zero, C1 (a, F ) := ∞ otherwise. We consider the set Fqr−1 × Fr,d endowed with the uniform probability P1 := P1,r,d and study the probability of the set {C1 = 1}. In the next result we provide an exact formula for this probability. Theorem 2.1. For q > d, we have the identity � � � � d X q −j q − 1 −d−1 P1 [C1 = 1] = (−1)j−1 q + (−1)d q . j d j=1 Proof. For any F ∈ Fr,d , we denote by V S(F ) the set of vertical strips where F has an Fq –rational zero and by N S(F ) the number of such vertical strips, that is, V S(F ) := {a ∈ Fqr−1 : (∃ xr ∈ Fq ) F (a, xr ) = 0}, N S(F ) := |V S(F )|. S It is easy to see that {C1 = 1} = F ∈Fr,d V S(F ) × {F }. Since this is a union of disjoint subsets of Fqr−1 × Fr,d , it follows that (2.1)
P1 [C1 = 1] =
1 q r−1 |F
X r,d |
N S(F ).
F ∈Fr,d
Fix F ∈ Fr,d . Observe that V S(F ) =
[
{a ∈ Fqr−1 : F (a, x) = 0}.
x∈Fq
As a consequence, by the inclusion–exclusion principle we obtain [ r−1 N S(F ) = {a ∈ Fq : F (a, x) = 0} x∈Fq
=
q X
(−1)j−1
X {a ∈ Fqr−1 : (∀x ∈ Xj ) F (a, x) = 0} , Xj ⊂Fq
j=1
where Xj runs through all the subsets of Fq of cardinality j. We conclude that X F ∈Fr,d
N S(F ) =
q X X
(−1)j−1
F ∈Fr,d j=1
X {a ∈ Fqr−1 : (∀x ∈ Xj ) F (a, x) = 0} . Xj ⊂Fq
For any j with 1 ≤ j ≤ q, we denote X X 1 {a ∈ Fqr−1 : (∀x ∈ Xj ) F (a, x) = 0} , Nj := r−1 q |Fr,d | F ∈Fr,d Xj ⊂Fq
where Xj runs trough all the subsets of Fq of cardinality j. If j ≤ d and Xj ⊂ Fq is a set of cardinality j, then the equalities F (a, x) = 0 (x ∈ Xj ) are j linearly– independent conditions on the coefficients of F in the Fq –vector space Fr,d . It
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
5
follows that Nj =
(2.2)
=
1
X
q r−1 |F
r,d |
X {F ∈ Fr,d : (∀x ∈ Xj ) F (a, x) = 0}
Xj ⊂Fq a∈Fqr−1
1
X
q r−1+dim Fr,d
X
q dim Fr,d −j =
Xj ⊂Fq a∈Fqr−1
� � q −j q . j
On the other hand, if j > d and Xj ⊂ Fq is subset of cardinality j, then the condition F (a, x) = 0 is satisfied for every x ∈ Xj if and only if F (a, Xr ) = 0. The condition F (a, Xr ) = 0 is expressed by means of d + 1 linearly–independent linear equations on the coefficients of F in Fr,d . We conclude that X X 1 {F ∈ Fr,d : (∀x ∈ Xj ) F (a, x) = 0} Nj = r−1 q |Fr,d | Xj ⊂Fq a∈Fqr−1 � � X X 1 q −d−1 = r−1+dim Fr,d (2.3) q dim Fr,d −(d+1) = q . j q r−1 Xj ⊂Fq a∈Fq
Combining (2.2) and (2.3) we obtain � � � � q d X X j−1 q −j j−1 q (−1) q + (−1) q −d−1 . P1 [C1 = 1] = Nj = j j j=1 j=1 q X
j=d+1
Finally, since (2.4)
q X
j−1
(−1)
j=d+1
� � � � � � X d q j q d q−1 = (−1) = (−1) , j d j j=0
we readily deduce the statement of the theorem.
�
Next we discuss the asymptotic behavior of the probability P1 [C1 = 1]. Fix d ≥ 2. From Theorem 2.1 it can be seen that P1 [C1 = 1] = µd + O(q −1 ),
µd :=
d X (−1)j−1 j=1
j!
.
� � To show this, given positive integers k, j with k ≤ j, we shall denote by kj the unsigned Stirling number of the first kind, namely the number of permutations of n elements with k disjoint cycles. The following properties of the Stirling numbers are well–known (see, e.g., [12, §A.8]): � � � � � � X j � � j j j j = 1, = , = j!. j j−1 2 k k=0
We shall also use the following well–known identity: � � X � � j q (−1)j−k j k (2.5) = q . j j! k k=0
According to Theorem 2.1 and (2.5), we have � � � � j d X X (−1)j−k j k−j q − 1 −d−1 P1 [C1 = 1] = (−1)j−1 q + (−1)d q j! k d j=1 k=0
=
d X j=1
+
� � X � � d (−1)j−1 j (−1)j j + q −1 j! j j! j − 1 j=1
� � � � j−2 d X X (−1)k−1 j k−j q − 1 −d−1 q + (−1)d q . j! k d j=1 k=0
´ E. CESARATTO, G. MATERA, AND M. PEREZ
6
It follows that P1 [C1 = 1] = µd +
� � � � X � � j−2 d d X 1 X (−1)j j (−1)k j k−j (−1)d q − 1 . − q + d+1 d q j=1 j! 2 j! k q j=1 k=0
As a consequence, we obtain d � � � � � � d j−2 1 X (−1)j j X X 1 j 1 1 q−1 |P1 [C1 = 1] − µd | ≤ + + d q j=1 j! 2 j=1 j! k q 2 q d+1 k=0
1 1 d + . + 4q q 2 2q We have therefore the following result. ≤
Corollary 2.2. For q > d, P1 [C1 = 1] − µd ≤ 2 . q As d tends to infinity, the number P1 [C1 = 1] tends to 1 − e−1 = 0.6321 . . ., where e denotes the basis of the natural logarithm. This explains the numerical results in the first row of the tables of the simulations of Section 6. It is worth remarking that the quantity P1 [C1 = 1] is closely connected with the probability that a univariate polynomial of degree at most d has Fq –rational roots. More precisely, consider the set F1,d of univariate polynomials of degree at most d with coefficients in Fq , endowed with the uniform probability p1,d , and the random variable N1,d : F1,d → Z≥0 which counts the number of Fq –rational zeros, namely N1,d (f ) := |{x ∈ Fq : f (x) = 0}|. The random variable N1,d has been implicitly studied in the literature (see, e.g., [9, §2] or [14, Theorem 3]). It can be proved that, for d < q, p1,d [N1,d > 0] = P1 [C1 = 1]. 2.2. Estimates on the probability that C = 2. Next we analyze the probability that the SVS algorithm performs exactly two searches in both models of generation of vertical strips. We start with the independent model. In this model, each possible choice for the r−1 × Fqr−1 . first two vertical strips is an arbitrary element a := (a1 , a2 ) ∈ Find 2 := Fq ind ind ind Therefore, we introduce the random variable C2 := C2,r,d : F2 ×Fr,d → {1, 2, ∞} defined as follows: 1 if N1,d (F (a1 , Xr )) > 0, ind 2 if N1,d (F (a1 , Xr )) = 0 and N1,d (F (a2 , Xr )) > 0, C2 (a, F ) := ∞ otherwise. ind ind We consider the set Find := P2,r,d 2 × Fr,d endowed with the uniform probability P2 and analyze the probability P2ind [C2ind = 2]. Now we consider the nonindependent model. Here we appreciate for the first time a difference among both models: since repetitions are only allowed in the independent model, elements a ∈ Fq2(r−1) of the form a := (a1 , a1 ) cannot not be the set of all chosen for the first two vertical strips. Therefore, we denote by Fnind 2 possible choices for the first two vertical strips and by N2nind its cardinality, that is,
Fnind := {a := (a1 , a2 ) ∈ Find 2 2 : a1 6= a2 },
N2nind = |Fnind | = q r−1 (q r−1 − 1). 2
nind We shall study the random variable C2nind := C2,r,d : Fnind × Fr,d → {1, 2, ∞} 2 nind defined as in the independent model, where the set F2 × Fr,d is endowed with nind the uniform probability P2nind := P2,r,d . We aim to determine the probability nind nind P2 [C2 = 2]. The probability P2var [C2var = 2] in both models will be expressed in terms of probabilities concerning the random variables Ca,r,d : Fr,d → {1, 2, ∞} which count the number of searches that are performed on the vertical strips defined by a :=
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
7
(a1 , a2 ) ∈ Find until an Fq –rational zero is obtained, Ca,r,d (F ) = ∞ meaning that 2 F does not have Fq –rational zeros on these two vertical strips. For this purpose, the set Fr,d is considered to be endowed with the uniform probability pr,d . The relation between these random variables and the probability P2nind [C2nind = 2] is expressed in the following lemma. Lemma 2.3. Denote N2ind := q 2(r−1) . We have X 1 pr,d [Ca,r,d = 2], P2ind [C2ind = 2] = ind N2 ind a∈F2
P2nind [C2nind = 2] =
1
X
N2nind a∈Fnind 2
pr,d [Ca,r,d = 2].
Proof. We prove the first assertion. Observe that [ {C2ind = 2} = {a ∈ Find 2 : Ca,r,d (F ) = 2} × {F }. F ∈Fr,d
Since this is union of disjoint sets, we conclude that X 1 {a ∈ Find P2ind [C2ind = 2] = ind 2 : Ca,r,d (F ) = 2} . N2 |Fr,d | F ∈F r,d
Observe that X X 1 1 |{a ∈ Find 2 : Ca,r,d (F ) = 2}| = |Fr,d | |Fr,d | F ∈Fr,d
X
1
F ∈Fr,d a∈Find 2 :Ca,r,d (F )=2
=
X 1 |Fr,d | ind a∈F2
=
X a∈Find 2
=
X
X
1
F ∈Fr,d :Ca,r,d (F )=2
1 {F ∈ Fr,d : Ca,r,d (F ) = 2} |Fr,d | pr,d [Ca,r,d = 2],
a∈Find 2
which readily implies the first assertion. The second assertion follows with a very similar argument. � Next we estimate the probability pr,d [Ca,r,d = 2] for a given a ∈ Fnind . 2 Proposition 2.4. For q > d and a := (a1 , a2 ), we have pr,d [Ca,r,d = 2] − µd (1 − µd ) ≤ 2 . q Proof. Observe that {Ca,r,d = 2} = {F ∈ Fr,d : N1,d (F (a2 , T )) > 0} \ {F ∈ Fr,d : N1,d (F (a1 , T )) > 0}. The number of elements of Fr,d having Fq –rational zeros in the vertical strip defined by a2 is determined in Theorem 2.1. Therefore, it remains to find the number Na,2 of elements of Fr,d having Fq –rational zeros both in the vertical strips defined by a1 and a2 . We have [ [ Na,2 = {F ∈ Fr,d : F (a1 , x) = F (a2 , y) = 0} . x∈Fq y∈Fq
Given sets X ⊂ Fq and Y ⊂ Fq , we denote Sa (X , Y) := {F ∈ Fr,d : F (a1 , x) = F (a2 , y) = 0 for all x ∈ X and y ∈ Y}. Then the inclusion–exclusion principle implies (2.6)
Na,2 =
q X q X j=1 k=1
(−1)j+k
X X Sa (Xj , Yk ) . Xj ⊂Fq Yk ⊂Fq
´ E. CESARATTO, G. MATERA, AND M. PEREZ
8
where the sum runs over all subsets Xj ⊂ Fq and Yk ⊂ Fq of j and k elements respectively. Claim.
�2 Na,2 = P1 [C1 = 1] . |Fr,d |
Proof of Claim. For 1 ≤ j, k ≤ q, let X X |Sa (Xj , Yk )|. Nj,k := Xj ⊂Fq Yk ⊂Fq
We determine Nj,k according to whether one of the following four cases occurs. First suppose that j, k ≤ d. As a1 6= a2 , the equalities F (a1 , x) = 0, F (a2 , y) = 0 for all x ∈ Xj and y ∈ Yk impose j + k linearly–independent conditions on the coefficients of F ∈ Fr,d . Therefore, |Sa (Xj , Yk )| = q dim Fr,d −j−k , which implies � �� � X X q q dim Fr,d −j−k q dim Fr,d −j−k = Nj,k = q . j k Xj ⊂Fq Yk ⊂Fq
The second case is determined by the conditions j > d and k ≤ d. If j > d and Xj ⊂ Fq is subset of cardinality j, then the condition F (a1 , x) = 0 is satisfied for every x ∈ Xj if and only if F (a1 , Xr ) = 0. The condition F (a1 , Xr ) = 0 is expressed by d + 1 linearly–independent linear equations on the coefficients of F ∈ Fr,d . On the other hand, the equalities F (a2 , y) = 0 for every y ∈ Yk impose k additional linearly–independent conditions on the coefficients of F . We conclude that � �� � X q q dim Fr,d −(d+1)−k dim Fr,d −(d+1)−k Nj,k = q = q . j k Xj ,Yk ⊂Fq
The third case, namely j ≤ d and k > d, is completely analogous to the second one. Finally, when j > d and k > d, the conditions under consideration imply F (a, Xr ) = F (b, Xr ) = 0. We readily deduce that � �� � q q −2(d+1) Nj,k = q . j k From the expression for Nj,k of the four cases under consideration, we infer that q
q
Na,2 1 XX = (−1)j+k Nj,k |Fr,d | |Fr,d | j=1 k=1
=
d X d X
j=1 k=1 q X
+
� �� � � �� � q d X X q −j−(d+1) q q −j−k q q q +2 (−1)j+k j k j k j=1 k=d+1 � �� � q X q −j−(d+1) j+k q (−1) q . j k
(−1)j+k
j=d+1 k=d+1
By (2.4) and elementary calculations we obtain !2 ! � � � � � � d d X X Na,2 q q j −j j −j d q−1 = (−1) q −2 (−1) q (−1) q −d−1 |Fr,d | j j d j=1 j=1 �� � �2 q − 1 −d−1 + q . d This and Theorem 2.1 readily imply the claim.
�
Combining the previous claim and Theorem 2.1 we deduce that � Na,2 pr,d [Ca,r,d = 2] = P1 [C1 = 1] − = 1 − P1 [C1 = 1] P1 [C1 = 1]. |Fr,d | Let f : R → R, f (x) := (1 − x)x. The Mean Value theorem shows that there exists ξ ∈ (0, 1) such that � � 1 − P1 [C1 = 1] P1 [C1 = 1] − (1 − µd )µd = f 0 (ξ) P1 [C1 = 1] − µd .
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
9
As the function x 7→ f 0 (x) maps the real interval [0, 1] to [−1, 1], we conclude that |f 0 (ξ)| ≤ 1. Therefore, from Corollary 2.2 it follows that (1 − P1 [C1 = 1])P1 [C1 = 1] − (1 − µd )µd ≤ P1 [C1 = 1] − µd ≤ 2 . q This immediately implies the statement of the proposition. � Proposition 2.4 is the critical step in the analysis of the behavior of the probability P2var [C2var = 2] in both models, which is estimated in the next result. Theorem 2.5. For any q > d and var ∈ {ind, nind}, |P2var [C2var = 2] − (1 − µd )µd | ≤
2 . q
Proof. We first consider the nonindependent model. By Lemma 2.3 and Proposition 2.4 we obtain X nind nind 1 pr,d [Ca,r,d = 2] − (1 − µd )µd ≤ 2 . P2 [C2 = 2] − (1 − µd )µd ≤ nind q N2 nind a∈F2
On the other hand, concerning the independent model, we observe that, if an element a := (a1 , a2 ) ∈ Find 2 with a1 = a2 is generated, then the SVS algorithm will never stop at the second search, that is, pr,d [C(a1 ,a1 ),r,d = 2] = 0. As a consequence, X ind ind P2 [C2 = 2] − (1 − µd )µd ≤ 1 pr,d [Ca,r,d = 2] − (1 − µd )µd ind N2 ind a∈F2
≤
N2nind N2ind
2 2 ≤ . q q
This finishes the proof of the theorem.
�
We finish the section with a remark concerning the spaces we have considered so far to discuss the probability that the SVS algorithm searches only the first or the first two vertical strips. For the analysis of the probability of one search, we r−1 and the random variable C1var : Fvar have considered Fvar 1 × Fr,d → {1, ∞}, 1 := Fq while the analysis of the probability of two searches has been done considering the random variable C2var : Fvar 2 × Fr,d → {1, 2, ∞}. To link both analysis, in Lemma 4.1 below we shall prove that P2var [C2var = 1] = P1var [C1var = 1], which shows the consistency of the models underlying Theorems 2.1 and 2.5. In the Section 4 we shall show that the analysis of the probability that s vertical strips are searched can be done in a unified framework for any s ≥ 1. 3. The number of searches for given vertical strips As can be inferred from Section 2, a critical step in the probabilistic analysis of SVS algorithm for both models is the determination of the probability that s vertical strips are searched, for a given choice of s pairwise–distinct vertical strips. The cases s = 1 and s = 2 were discussed in Section 2. In this section the analysis of the general case is carried� out. r−1 Fix 2 ≤ s ≤ min{ d+r−1 } and a1 , . . . , as ∈ Fqr−1 . Suppose that ai 6= aj r−1 , q for i 6= j and denote a := (a1 , . . . , as ). In this section we analyze the probability that the SVS algorithm performs s trials until it reaches a vertical strip with an Fq –rational zero of the polynomial under consideration, assuming that a1 , . . . , as are the choices for the first s vertical strips to be considered. s Let T be an indeterminate over Fq and Φ := Φa : Fr,d → F1,d the Fq –linear mapping defined as � (3.1) Φ(F ) := F (a1 , T ), . . . , F (as , T ) . We first obtain a characterization of the image of Φ. This characterization will allow us to express the probability that the SVS algorithm performs s trials in
10
´ E. CESARATTO, G. MATERA, AND M. PEREZ
terms of the average cardinality of the value set of certain families of univariate polynomials with prescribed coefficients. As we explain below, there exists a unique positive integer κs ≤ d such that � � � � κs + r − 2 κs + r − 1
···
ω Dj
as
has maximal rank min{Dj , s} for 1 ≤ j ≤ κs . We briefly argue that this is a mild requirement which is likely to be satisfied by any “reasonable” choice of the elements a1 , . . . , as ∈ Fqr−1 . Let A1 , . . . , As be (r − 1)–tuples of indeterminates over Fq , that is, Ai := (Ai,1 , . . . , Ai,r−1 ) for 1 ≤ i ≤ s, and denote by Vj the following min{Dj , s} × min{Dj , s} Vandermonde matrix with entries in Fq [A1 , . . . , As ]: ω min{Dj ,s} 1 Aω · · · A1 1 .. .. . Vj := . . ω min{Dj ,s} 1 Aω · · · A min{Dj ,s} min{Dj ,s} Assume that the numbering of Ωj := {ω 1 , . . . , ω Dj } ⊂ (Z≥0 )r−1 is made according to degrees, i.e., |ω k | ≤ |ω l | whenever k ≤ l. In particular, ω 1 = (0, . . . , 0). By [10, Theorem 1.5] it follows that det Vj is absolutely irreducible, namely it is an irreducible element of Fq [A1 , . . . , As ], for 1 ≤ j ≤ κs . Let δj denote the degree of det Vj . We have the upper bound δj ≤ jDj . Then [5, Theorem 5.2] proves that the number Nj of (r − 1)–tuples a1 , . . . , as ∈ Fqr−1 annihilating det Vj satisfies the following estimate: (3.3)
3
13
|Nj − q s(r−1)−1 | ≤ (δj − 1)(δj − 2)q s(r−1)− 2 + 5δj3 q s(r−1)−2 .
Any choice of a1 , . . . , as avoiding these Nj = O(q s(r−1)−1 ) tuples for 1 ≤ j ≤ κs will satisfy our requirements. Furthermore, many “bad” choices a1 , . . . , as annihilating the polynomial det Vj for a given j will also work, as other minors of the Vandermonde matrix Mj of (3.2) may be nonsingular. In particular, for s ≤ r and a1 , . . . , as affinely independent,Qour requirement is satisfied. κs Summarizing, denote V s := j=1 det Vj ∈ Fq [A1 , . . . , As ] and let (3.4)
Bs := {a := (a1 , . . . , as ) ∈ Fqs(r−1) : V s (a) = 0}.
Then |Bs | = O(q s(r−1)−1 ) and all the results of this section will be valid for any a ∈ Fqs(r−1) \ Bs . 3.1. A characterization of the image of Φ. In order to characterize the image Im(Φ) of Φ, we shall express each element of the Fq –linear space Fr,d by its coordinates in the standard monomial basis B of Fr,d , considering the monomial order we now define. Denote by Bi the set of monomials of Fq [X1 , . . . , Xr−1 ] of degree at most i for 0 ≤ i ≤ d, with the standard lexicographical order defined by setting X1 < X2 < · · · < Xr−1 . Then the basis B is considered with the order B = {Xrd , Xrd−1 B1 , . . . , Xr Bd−1 , Bd }, where each set Xrd−i Bi is ordered following the order induced by the one of Bi . In other words, any F ∈ Fr,d can be uniquely
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
11
expressed as F =
d X
Fi (X1 , . . . , Xr−1 )Xri ,
i=0
where each Fi has degree at most d − i for 0 ≤ i ≤ d. Then the vector � of coefficients (F )B of F in the basis B is given by (F )B = (Fd )B0 , . . . , (F0 )Bd . On the other s hand, we shall express the elements of F1,d in the basis B 0 := {T d , . . . , T, 1}s . Let � � � � d X i+r−1 d+r Di := = |Bi | (0 ≤ i ≤ d), D := = |B| = |Bi |. r−1 r i=0 We also set D−1 := 0. Observe that the sequence (Di )i≥−1 is strictly increasing. Therefore, there exists a unique κs ∈ N such that Dκs −1 < s ≤ Dκs . By definition it follows that κs ≤ d. s(d+1)×D of Φ with respect to the bases defined above can The matrix MΦ ∈ Fq be written as the following block matrix: M1 MΦ = ... , Ms (d+1)×D
where Mi ∈ Fq
Mi,0
Mi :=
is the diagonal block matrix Mi,1 ..
,
.
� 1×Dj Mi,j := aα . i : |α| ≤ j ∈ Fq
Mi,d Our first result concerns the dimension of Im(Φ). Lemma 3.1. For s ≤ min{Dd , q r−1 }, we have dim Im(Φ) =
κs −1+r r
�
+s(d−κs +1).
Proof. Let h := (h1 , . . . , hs ) be an element of Im(Φ). Then � there exists F ∈ Fr,d with h = Φ(F ). Denote by (F )B = (Fd )B0 , . . . , (F0 )Bd the coordinates of F in the basis B. Then the block structure of the matrix MΦ implies M1,j d X .. d−j (3.5) Φ(F ) = . . (Fd−j )Bj T j=0 Ms,j As a ∈ Bs , we have M1,j � Dj .. rank . = min{Dj , s} = s Ms,j
for 0 ≤ j ≤ κs−1 , for κs ≤ j ≤ d.
As a consequence, κs−1
dim Im(Φ) =
X j=0
This proves the lemma.
� Dj + s(d − κs + 1) =
� κs − 1 + r + s(d − κs + 1). r �
We shall rewrite the expression for the dimension of Im(Φ) in a suitable form for our needs. For this purpose, we shall use the following simple combinatorial identity.
´ E. CESARATTO, G. MATERA, AND M. PEREZ
12
Remark 3.2. For positive integers R, K, we have � � � K � X j+R R+1+K (3.6) j = (R + 1) . R R+2 j=0 Indeed, � X � � K � K K−1 X X �j + R + 1 � j+R (j + R)! R+1+K j = = (R+1) = (R+1) . R R!(j − 1)! R+1 R+2 j=0 j=1 j=0 This shows (3.6).
�
Now we rewrite the expression for the dimension of Im(Φ). Remark 3.3. Under the above notations, dim Im(Φ) = Dd,r,s :=
κX s −1
(d + 1 − j)(Dj − Dj−1 ) + (d + 1 − κs )(s − Dκs −1 ).
j=0
Pk Indeed, since j=0 (Dj − Dj−1 ) = Dk , we conclude that Dd,r,s may be expressed in the following way: Dd,r,s = −
κX s −1
j(Dj − Dj−1 ) + (d + 1 − κs )s + κs Dκs −1 .
j=0
Taking into account (3.6), we obtain � � κs + r − 2 Dd,r,s = −(r − 1) + (d + 1 − κs )s + κs Dκs −1 . r A simple calculation finishes the proof of the remark.
�
Next we determine a suitable parameterization of Im(Φ). To this end, let Φ∗ : D Im(Φ) → Fq d,r,s be the Fq –linear mapping defined by Φ∗ (h) := h∗ , where h := (h1 , . . . , hs ), hi := (hd,i , . . . , h0,i ) ∈ Fqd+1 for 1 ≤ i ≤ s and h∗ := (h∗1 , . . . , h∗s ) is defined in the following way: ( (hd−j,i , . . . , h0,i ) for Dj−1 < i ≤ Dj , 0 ≤ j ≤ κs − 1, ∗ (3.7) hi := (hd−κs ,i , . . . , h0,i ) for Dκs −1 < i ≤ s. Remark 3.3 shows that Φ∗ is well–defined. Lemma 3.4. Φ∗ is an isomorphism. Proof. Since Φ∗ is a linear mapping between Fq –vector spaces of the same dimension, it suffices to show that, if h ∈ Im(Φ) and Φ∗ (h) := h∗ = 0, then h = 0, where 0 denotes the zero vector of both vector spaces. Fix h := Φ(F ) ∈ Im(Φ) with h∗ = 0. From (3.5) we deduce that M1,j hd−j,1 .. .. (3.8) . (Fd−j )Bj = . . Ms,j
hd−j,s
Fix j with 0 ≤ j ≤ κs − 1. Then the element hd−j,i is included in the definition of h∗i if and only if i ≤ Dj . As h∗ = 0 by hypothesis, it follows that hd−j,i = 0 for 1 ≤ i ≤ Dj and we have the identity: M1,j 0 .. .. . . MDj ,j 0 (Fd−j )B = j MDj +1,j hd−j,Dj +1 . .. .. . . hd−j,s Ms,j
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
13
Since the upper (Dj ×Dj )–submatrix of the matrix in the left–hand side is invertible, we conclude that (Fd−j )Bj = 0. This implies hd−j,Dj +1 = · · · = hd−j,s = 0. On the other hand, for j ≥ κs the element hd−j,i is included in the definition of h∗i for 1 ≤ i ≤ s and therefore hd−j,i = 0 for 1 ≤ i ≤ s. This shows that h = 0. � D
Denote by Ψ := (ψ1 , . . . , ψs ) : Fq d,r,s → Im(Φ) the inverse mapping of Φ∗ . We need further information concerning the mappings ψi . Lemma 3.5. Let be given h∗i := (hd−ji ,i , . . . , h0,i ) ∈ Fqd−ji +1 for 1 ≤ i ≤ s, where ji is the unique nonnegative integer with 0 ≤ ji ≤ κs and Dji −1 < i ≤ Dji . Let D h∗ := (h∗1 , . . . , h∗s ) ∈ Fq d,r,s and h := Ψ(h∗ ). Denote hi := ψi (h∗ ) := hd,i T d + · · · + hd−ji +1,i T d−ji +1 + hd−ji ,i T d−ji + · · · + h0,i . Then hd,i , . . . , hd−ji +1,i are uniquely determined by h∗1 , . . . , h∗i−1 . Proof. Fix k with 0 ≤ k ≤ ji − 1. Write h := Φ(F ). In the proof of Lemma 3.1 we prove that M1,k hd−k,1 .. .. (Fd−k )Bk = , . . MDk ,k
hd−k,Dk
where the (Dk × Dk )–matrix in the left–hand side is invertible. The element hd−k,l is included in the definition of h∗l if and only if l ≤ Dk . Furthermore, we have k ≤ ji − 1 ≤ ji−1 . We conclude that the vector in the right–hand side is uniquely determined by h∗1 , . . . , h∗i−1 , and thus so is (Fd−k )Bk . Therefore, the identity hd−k,1 M1,k .. .. , . (Fd−k )Bk = . hd−k,i
Mi,k
shows that the element hd−k,i is uniquely determined by h∗1 , . . . , h∗i−1 .
�
3.2. The probability of s searches in terms of cardinalities of value sets. For a := (a1 , . . . , as ) ∈ Fqs(r−1) as before, we are interested in estimating the probability of the set of polynomials of Fr,d for which the SVS algorithm performs s trials on the vertical strips determined by a1 , . . . , as . For this purpose, we consider the set Fr,d endowed with the uniform probability pr,d and the random variable Ca := Ca,r,d : Fr,d → {1, 2, . . . , s, ∞} which counts the number of searches that the SVS algorithm performs for a given input on the vertical strips determined by a1 , . . . , as , Ca (F ) = ∞ meaning that F has no Fq –rational zeros on these s vertical strips. We start with the following elementary result. Lemma 3.6. Let V and W be Fq –linear spaces of finite dimension and Φ : V → W any Fq –linear mapping. Consider V and W endowed with the uniform probabilities PV and PW respectively. Then for any A ⊂ W we have PV (Φ−1 (A)) =
PW (A ∩ Im(Φ)) |A ∩ Im(Φ)| = =: PImΦ (A). |Im(Φ)| PW (Im(Φ))
Proof. We have 1 1 X −1 1 |Φ−1 (A)| = |Φ (w)| = |Ker(Φ)| |A ∩ Im(Φ)|. |V| |V| |V| w∈A
By the Dimension theorem and the equality |S| = q dim S , which holds for any Fq – linear space S, we obtain 1 |A ∩ Im(Φ)| PW (A ∩ Im(Φ)) |Φ−1 (A)| = = . |V| |Im(Φ)| PW (Im(Φ)) This finishes the proof of the lemma.
�
´ E. CESARATTO, G. MATERA, AND M. PEREZ
14
Consider the Fq –linear mapping Φ of (3.1). Since Im(Φ) is an Fq –linear space, by Lemma 3.6 it follows that ({N = 0}s−1 × {N > 0}) ∩ Im(Φ) (3.9) pr,d [Ca = s] = , |Im(Φ)| where N := N1,d denotes the random variable which counts the number zeros in Fq of the elements of F1,d . As a consequence, we need an estimate of the quantity � Rs := {N = 0}s−1 × {N > 0} ∩ Im(Φ) . According to Lemma 3.4, each element h ∈ Im(Φ) can be uniquely expressed in the form h = Ψ(h∗ ), where h∗ is defined as in (3.7). Hence, X � (3.10) Rs = 1{N =0}s−1 ×{N >0} Ψ(h∗ ) , h∗ ∈FqDd,r,s s where 1{N =0}s−1 ×{N >0} : F1,d → {0, 1} denotes the characteristic function of the s−1 set {N = 0} × {N > 0}. By Lemma 3.5, the coordinate ψi (h∗ ) depends only on h∗i := (h∗1 , . . . , h∗i ) for 1 ≤ i ≤ s. We shall therefore write ψi (h∗ ) as ψi (h∗i ) for 1 ≤ i ≤ s, with a slight abuse of notation. First, we rewrite the expression (3.10) for Rs in a suitable form for our purposes. Pd Pd Lemma 3.7. Let h := ( j=0 hj,1 T j , . . . , j=0 hj,s T j ) be an arbitrary element of Dd,r,s
Im(Φ) and let h∗ := Φ∗ (h) ∈ Fq the following identity holds: X Rs = ··· d+1 h∗ 1 ∈Fq N (ψ1 (h∗ 1 ))=0
be defined as in (3.7). For s ≤ min{Dd , q r−1 }, X
X
d−j
+1
∗
� 1{N >0} ψs (h∗s ) .
d−κs +1
s−1 hs ∈Fq h∗ s−1 ∈Fq N (ψs−1 (h∗ s−1 ))=0
Proof. Recall that h∗ := (h∗1 , . . . , h∗s ) is defined as follows: ( (hd−j,i , . . . , h0,i ) for Dj−1 < i ≤ Dj , 0 ≤ j ≤ κs − 1, ∗ hi := (hd−κs ,i , . . . , h0,i ) for Dκs −1 < i ≤ s. We may rewrite (3.10) in the following way: X X � 1{N =0}s−1 ×{N >0} Ψ(h∗ ) . Rs = ··· d+1 h∗ 1 ∈Fq
d−κs +1 h∗ s ∈Fq
As a consequence of the remarks before Lemma 3.7, it follows that Y � � � s−1 1{N =0}s−1 ×{N >0} Ψ(h∗ ) = 1{N =0} ψi (h∗ ) · 1{N >0} ψs (h∗ ) i=1
=
s−1 Y
� � 1{N =0} ψi (h∗i ) · 1{N >0} ψs (h∗s ) .
i=1
Then the previous expression for Rs can be rewritten as follows: X X � � X � Rs = 1{N =0} ψ1 (h∗1 ) · · · 1{N =0} ψs−1 (h∗s−1 ) 1{N >0} ψs (h∗s ) , d+1 h∗ 1 ∈Fq
d−js−1 +1
h∗ s−1 ∈Fq
d−κs +1 h∗ s ∈Fq
which readily implies the statement of the lemma.
�
For 1 ≤ i ≤ s − 1, fix h∗i := (hd−ji ,i , . . . , h0,i ) ∈ Fqd−ji +1 , where ji is the unique integer with 0 ≤ ji ≤ κs and Dji −1 < i ≤ Dji . For each h∗s := (hd−κs ,s , . . . , h0,s ) ∈ Fqd−κs +1 , denote by fh∗s the polynomial fh∗s := ψs (h∗1 , . . . , h∗s ) := hd,s T d +· · ·+hd−κs +1,s T d−κs +1 +hd−κs ,s T d−κs +· · ·+h0,s . According to Lemma 3.7, we are interested in estimating the sum X (3.11) 1{N >0} (fh∗s ). d−κs +1 h∗ s ∈Fq
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
We observe that X
X
X
(hd−κs ,s ,...,h1,s )∈Fqd−κs
h0,s ∈Fq
1{N >0} (fh∗s ) =
d−κs +1 h∗ s ∈Fq
(3.12)
X
=
15
1{N >0} (fh∗s )
V(fbh∗ ), s
d−κs b h∗ s :=(hd−κs ,s ,...,h1,s )∈Fq
where fbh∗ := hd,s T d + · · · + hd−κs +1,s T d−κs +1 + hd−κs ,s T d−κs + · · · + h1,s T is the s polynomial obtained from fh∗s by setting its constant coefficient to zero and V(f ) denotes the cardinality of the value set of f ∈ Fq [T ], namely V(f ) := |{f (c) : c ∈ Fq }|. As a consequence, the quantity (3.11) can also be described as the sum of the cardinalities of the value sets of the family {fbh∗ : b h∗s ∈ Fqd−κs } of polynomials s of F1,d . Lemma 3.5 proves that hd,s , . . . , hd−κs +1,s are uniquely determined by h∗s−1 := (h∗1 , . . . , h∗s−1 ). Thus, the sum in the right–hand side of (3.12) takes as argument the cardinalities of the value sets of all the elements of F1,d having its first κs coefficients (hd,s , . . . , hd−κs +1,s ) prescribed (and the constant coefficient set to zero). Set ψsfix (h∗s−1 ) := (hd,s , . . . , hd−κs +1,s ) and denote by V(d, κs , ψsfix (h∗s−1 )) the average cardinality of the value set of the family {fbh∗ : b h∗s ∈ Fqd−κs }, namely s
V(d, κs , ψsfix (h∗s−1 )) :=
(3.13)
1 q d−κs
X
V(fbh∗ ). s
d−κs b h∗ s ∈Fq
Now we express the probability that Ca = s in terms of V(d, κs , ψsfix (h∗s−1 )). Proposition 3.8. For s ≤ min{Dd , q r−1 }, the following identity holds: X X V(d, κs , ψsfix (h∗s−1 )) 1 1 pr,d [Ca = s] = d+1 . · · · d−js−1 +1 q q q ∗ d+1 d−j +1 h1 ∈Fq N (ψ1 (h∗ 1 ))=0
s−1 h∗ s−1 ∈Fq N (ψs−1 (h∗ s−1 ))=0
Proof. By Remark 3.3 we deduce that dim Im(Φ) =
κX s −1
(d + 1 − j)(Dj − Dj−1 ) + (d + 1 − κs )(s − Dκs −1 )
j=0
=
κs min{D X Xj , s}
(d − j) + s =
j=0 i=Dj−1 +1
s X
(d − ji ) + s.
i=1
Combining this with (3.9) and Lemma 3.7 we obtain pr,d [Ca = s] = X 1 1 · · · d−js−1 +1 d+1 q q ∗ d+1 h1 ∈Fq N (ψ1 (h∗ 1 ))=0
1
X d−j
+1
s−1 h∗ s−1 ∈Fq N (ψs−1 (h∗ s−1 ))=0
q d−κs +1
X
� 1{N >0} ψs (h∗s ) .
d−κs +1 h∗ s ∈Fq
Then (3.12) and (3.13) complete the proof of the proposition.
�
Suppose further that s ≤ min{Dd−2 , q r−1 }. As we explain in the next section, for any h∗s−1 such that fbh∗ is of degree d, the average cardinality in (3.13) can be s estimated in the following way: (3.14)
|V(d, κs , ψsfix (h∗s−1 )) − µd q| ≤ εd,s q 1/2 + ηd,s ,
where εd,s > 0 and ηd,s > 0 are constants which admit a universal upper bound independent of q. More generally, for 1 ≤ i ≤ s − 1 and 1 ≤ k ≤ i − 1, fix h∗k := (hd−jk ,k , . . . , h0,k ) ∈ Fqd−jk +1 , where jk is the unique nonnegative integer with 0 ≤ jk ≤ κs and Djk −1 < k ≤ Djk . For each h∗i := (hd−ji ,i , . . . , h0,i ) ∈ Fqd−ji +1 , denote by fh∗i the polynomial fh∗i := ψi (h∗1 , . . . , h∗i ) := hd,i T d + · · · + hd−ji +1,i T d−ji +1 + hd−ji ,i T d−ji + · · · + h0,i .
´ E. CESARATTO, G. MATERA, AND M. PEREZ
16
According to Lemma 3.5, the coefficients hd,i , . . . , hd−ji +1,i are uniquely determined by h∗i−1 := (h∗1 , . . . , h∗i−1 ). Consequently, we set ψifix (h∗i−1 ) := (hd,i , . . . , hd−ji +1,i ) and consider the average cardinality V(d, ji , ψifix (h∗i−1 )) of the value set of the family {fbh∗ : b h∗i ∈ Fqd−ji }, namely i X 1 (3.15) V(d, ji , ψifix (h∗i−1 )) := d−ji V(fbh∗ ). i q d−j b h∗ i ∈Fq
i
where fbh∗ := hd,i T d + · · · + hd−ji +1,i T d−ji +1 + hd−ji ,i T d−ji + · · · + h1,i T is the i polynomial obtained from fh∗i by setting its constant coefficient to zero. In the next section we shall exhibit quantities εd,i > 0 and ηd,i > 0, which admit a universal upper bound independent of q, such that (3.16)
|V(d, ji , ψifix (h∗i−1 )) − µd q| ≤ εd,i q 1/2 + ηd,i
for any h∗i−1 for which fbh∗ is of degree d. We need the following remark. i
Remark 3.9. For each h := (h1 , . . . , hs ) ∈ Im(Φ), we have hd,1 = . . . = hd,s . Indeed, from (3.5) we deduce that M1,0 1 hd,1 .. . . . (Fd )B0 = .. (Fd )B0 = .. . Ms,0 1 hd,s This implies hd,1 = . . . = hd,s = (Fd )B0 . In particular, the coefficient hd,1 of the monomial T d in the polynomial h1 uniquely determines the coefficient hd,j of the monomial T d in hj for 2 ≤ j ≤ s. � Our next result expresses the probability of s searches in terms of the quantities εd,i and ηd,i (1 ≤ i ≤ s). Theorem 3.10. For s ≤ min{Dd−2 , q r−1 }, we have � � s s X X pr,d [Ca = s] − (1 − µd )s−1 µd ≤ εd,i q −1/2 + 1 + ηd,i q −1 . i=1
i=1
Proof. Denote C := Ca . We split the expression for pr,d [C = s] of Proposition 3.8 into two sums, depending on whether hd,1 = 0 or not. More precisely, we write pr,d [C = s] = pr,d [C = s, Fd = 0] + pr,d [C = s, Fd 6= 0], where pr,d [C = s, Fd = 0] =
1
X
q d+1
···
d+1 h∗ 1 ∈Fq N (ψ1 (h∗ 1 ))=0 hd,1 =0
pr,d [C = s, Fd 6= 0] =
1
X
q d+1
···
d+1 h∗ 1 ∈Fq N (ψ1 (h∗ 1 ))=0 hd,1 6=0
=
q−1 q d+1
X
···
d+1 h∗ 1 ∈Fq N (ψ1 (h∗ 1 ))=0 hd,1 =1
1
X
q d−js−1 +1
d−j
V(d, κs , ψsfix (h∗s−1 )) , q +1
s−1 h∗ s−1 ∈Fq N (ψs−1 (h∗ s−1 ))=0
1
X
q d−js−1 +1
d−j
V(d, κs , ψsfix (h∗s−1 )) , q +1
s−1 h∗ s−1 ∈Fq N (ψs−1 (h∗ s−1 ))=0
1
X
q d−js−1 +1
d−j
V(d, κs , ψsfix (h∗s−1 )) . q +1
s−1 h∗ s−1 ∈Fq N (ψs−1 (h∗ s−1 ))=0
Concerning the first term, we are considering the intersection of the Fq –linear s space Im(Φ) with the linear subspace F1,d−1 . As the former is not contained in the latter, the dimension of the intersection falls at least by one, and Lemma 3.6 implies s |Im(Φ) ∩ F1,d−1 | q dim Im(Φ)−1 1 pr,d [C = s, Fd = 0] ≤ ≤ dim Im(Φ) = . |Im(Φ)| q q
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
17
On the other hand, it is easy to see that the expression for pr,d [C = s, Fd = 6 0] may be rewritten in the following way: X X q−1 1 pr,d [C = s, Fd 6= 0] = µd d+1 1 + Ts , · · · d−js−1 +1 q q ∗ d+1 d−j +1 h1 ∈Fq N (ψ1 (h∗ 1 ))=0 hd,1 =1
s−1 h∗ s−1 ∈Fq N (ψs−1 (h∗ s−1 ))=0
where (3.17) Ts :=
q−1 q d+1
X
···
d+1 h∗ 1 ∈Fq N (ψ1 (h∗ 1 ))=0 hd,1 =1
1
�
X
q d−js−1 +1
d−j
+1
� V(d, κs , ψsfix (h∗s−1 )) − µd . q
s−1 h∗ s−1 ∈Fq N (ψs−1 (h∗ s−1 ))=0
In particular, from (3.14) and Remark 3.9 we conclude that |Ts | ≤ Observe that 1 d−j q s−1 +1
� q−1 εd,s q −1/2 + ηd,s q −1 . q
X
1=1−
d−js−1 +1 h∗ s−1 ∈Fq N (ψs−1 (h∗ s−1 ))=0
=1−
1
X
q d−js−1 +1
1
d−js−1 +1 h∗ s−1 ∈Fq N (ψs−1 (h∗ s−1 ))>0
fix V(d, js−1 , ψs−1 (h∗s−2 )) . q
Therefore, we may rewrite pr,d [C = s, Fd 6= 0] in the following way: X X 1 1 pr,d [C = s, Fd 6= 0] = (1−µd )µd d+1 · · · d−js−2 +1 q q ∗ d+1 d−j h1 ∈Fq N (ψ1 (h∗ 1 ))=0 hd,1 =1
h∗ s−2 ∈Fq
1+Ts−1 +Ts ,
s−2 +1
N (ψs−2 (h∗ s−2 ))=0
where Ts−1 :=
µd (q − 1) q d+1
X
···
d+1 h∗ 1 ∈Fq N (ψ1 (h∗ 1 ))=0 hd,1 =1
1
�
X
q d−js−2 +1
µd −
d−j
+1
� fix V(d, js−1 , ψs−1 (h∗s−2 )) . q
s−2 h∗ s−2 ∈Fq N (ψs−2 (h∗ s−2 ))=0
Furthermore, from (3.16) and Remark 3.9 it follows that |Ts−1 | ≤ µd
� q−1 εd,s−1 q −1/2 + ηd,s−1 q −1 . q
Arguing as above, we see that s
pr,d [C = s, Fd 6= 0] = (1 − µd )s−1 µd
X q−1 + Ti , q i=1
where Ts is defined as in (3.17) and q−1 · q 1 · · · d−ji−1 +1 q
Ti :=µd (1 − µd )s−(i+1) 1 qd
X d+1 h∗ 1 ∈Fq N (ψ1 (h∗ 1 ))=0 hd,1 =1
�
X d−j
µd − +1
V(d, ji , ψifix (h∗i−1 )) q
�
i−1 h∗ i−1 ∈Fq N (ψi−1 (h∗ i−1 ))=0
for 1 ≤ i ≤ s − 1. From (3.16) and Remark 3.9 we easily deduce the statement of the theorem. �
18
´ E. CESARATTO, G. MATERA, AND M. PEREZ
3.3. Estimates for average cardinalities of value sets and the probability of Ca = s. Theorem 3.10 shows that the probability that the SVS algorithm stops after s ≤ min{Dd−2 , q r−1 } attempts can be expressed in terms of the average cardinality of the value set of certain families of univariate polynomials. Value sets are a classical subject of combinatorics over finite fields (cf. [15], [17]). Let V(d, 0) denote the average cardinality of the value set of all monic polynomials in Fq [T ] of degree d with f (0) = 0. It is well-known that � � d X q 1−j (3.18) V(d, 0) = (−1)j−1 q = µd q + O(1), j j=1 Pd where µd := j=1 (−1)j−1 /j! and the constant underlying the O–notation depends only on d (see [18], [9]). On the other hand, if we consider the average cardinality V(f ) for all the monic polynomial f of degree d with some coefficients prescribed, the results are less precise. Indeed, let be given j with 1 ≤ j ≤ d − 2 and a := (ad−1 , . . . , ad−j ) ∈ Fqs . For every b := (bd−j−1 , . . . , b1 ), let fba := T d +
s X
ad−i T d−i +
i=1
d−1 X
bd−i T d−i .
i=s+1
In [8] it is shown that, for p := char(Fq ) > d, X 1 V(fb ) = µd q + O(q 1/2 ), V(d, j, a) := d−j−1 q d−j−1 b∈Fq
where the constant underlying the O–notation depends only on d and j (see also [19]). Suppose that q > d. In [7], the following explicit estimate for 1 ≤ j ≤ d/2 − 1 is obtained: √
(3.19)
e−1 (d − 2)5 e2 |V(d, j, a) − µd q| ≤ + 2 2d−2
d
7 + . q
This result holds without any restriction on the characteristic p of Fq . On the other hand, in [16] it is proved that, if p > 2 and 1 ≤ j ≤ d − 3, then (3.20)
1
√
|V(d, j, a) − µd q| ≤ d2 2d−1 q 2 + 133 dd+5 e2
d−d
.
Estimates (3.19) and (3.20) provide admissible expressions for the quantities εd,i and ηd,i (1 ≤ i ≤ s) of the statement of Theorem 3.10. As a consequence, we have the following result. Theorem 3.11. Let be given a := (a1 , . . . , as ) ∈ Fqs(r−1) \ Bs , where the set Bs is � � r−1 defined in (3.4). For s ≤ min d/2+r−1 ,q , we have r−1 √ � −1 � 5 2 d pr,d [Ca,r,d = s] − (1 − µd )s−1 µd ≤ s e + (d − 2) e + 1 q −1 + 7sq −2 . 2 2d−2 � � r−1 On the other hand, if p > 2 and s ≤ min d+r−3 , then r−1 , q √ 1 pr,d [Ca,r,d = s] − (1 − µd )s−1 µd ≤ sd2 2d−1 q − 2 + (133 sdd+5 e2 d−d + 1)q −1 . Proof. With notations as in Section 3.2, fix i with 1 ≤ i ≤ s and fix h∗k := (hd−jk ,k , . . . , h0,k ) ∈ Fqd−jk +1 for 1 ≤ k ≤ i − 1, where jk is the unique nonnegative integer with 0 ≤ jk ≤ κs and Djk −1 < k ≤ Djk . For each h∗i := (hd−ji ,i , . . . , h0,i ) ∈ Fqd−ji +1 , denote fh∗i := ψi (h∗1 , . . . , h∗i ) := hd,i T d + · · · + hd−ji +1,i T d−ji +1 + hd−ji ,i T d−ji + · · · + h0,i . Lemma 3.5 shows that the coefficients hd,i , . . . , hd−ji +1,i are uniquely determined by h∗i−1 := (h∗1 , . . . , h∗i−1 ). Consequently, set ψifix (h∗i−1 ) := (hd,i , . . . , hd−ji +1,i ) and
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
19
consider the average cardinality V(d, ji , ψifix (h∗i−1 )) :=
1 q d−ji
X
V(fbh∗ ). i
d−ji b h∗ i ∈Fq
where fbh∗ := hd,i T d + · · · + hd−ji +1,i T d−ji +1 + hd−ji ,i T d−ji + · · · + h1,i T is the i polynomial obtained from fh∗i by setting its constant coefficient to zero. According to (3.19), for 1 ≤ ji − 1 ≤ d2 − 1 and any h∗i−1 such that fbh∗ is of degree d we have i √ � � −1 ∗ fix 5 V(d, ji , ψi (hi−1 )) e (d − 2) e2 d −1 q + 7q −2 . − µd ≤ + (3.21) q 2 2d−2 On the other hand, from (3.20) it follows that, if p > 2 and ji − 1 ≤ d − 3, then √ V(d, ji , ψifix (h∗i−1 )) 2 d−1 − 21 (3.22) q + 133 dd+5 e2 d−d q −1 . − µ d ≤ d 2 q � � r−1 Suppose that s ≤ min d/2+r−1 ,q . Therefore js := κs ≤ d/2 and (3.21) r−1 holds for 1 ≤ i ≤ s. This implies that √ � � −1 (d − 2)5 e2 d e + + 7q −1 εd,i := 0, ηd,i := 2 2d−2 are admissible definitions for εd,i and ηd,i (1 ≤ i ≤ s) in the statement of Theorem 3.10, which shows the first assertion of the theorem. � � r−1 On the other hand, for p > 2 and s ≤ min d+r−3 , we have js := κs ≤ r−1 , q d − 2. It follows that (3.21) holds for 1 ≤ i ≤ s and hence εd,i := d2 2d−1 ,
ηd,i := 133 dd+5 e2
√ d−d
are admissible definitions for εd,i and ηd,i (1 ≤ i ≤ s) in the statement of Theorem 3.10. This readily implies the second assertion of the theorem. � We remark that the approach of the proof of Theorem 3.11 cannot be applied � d+r−3 ∗ to estimate the probability that s > s := r−1 vertical strips are searched, s since the behavior of the mapping Φ := Φa : Fr,d → F1,d of (3.1) may change significantly in this case. In what concerns “large” values of s, from Theorem 3.11 one easily deduces that ∗
pr,d [Ca,r,d ≥ s∗ ] = (1 − µd )s + O(q −1/2 ). As |1 − µd | ≤ 1/2, from the expression of s∗ it follows that the main term of this probability decreases exponentially with r and d. 4. Probabilistic analysis of the SVS algorithm In this section we determine the probability distribution of the number searches that the SVS algorithm performs in both models of generation of vertical strips. Similarly to Section 2, for s ≥ 3 we denote Find := Fqr−1 × · · · × Fqr−1 (s times), s Fnind := {(a1 , . . . , as ) ∈ Find : ai 6= aj for i 6= j}, s s
Nsind := |Find s |, Nsnind := |Fnind |, s
var and consider the random variable Csvar := Cs,r,d : Fvar × Fr,d → {1, . . . , s, ∞} s var defined for a := (a1 , . . . , as ) ∈ Fs and F ∈ Fr,d in the following way: � min{j : N1,d (F (aj , Xr )) > 0} if ∃j with N1,d (F (aj , Xr )) > 0, var Cs (a, F ) := ∞ otherwise.
We consider the set Fvar × Fr,d as before endowed with the uniform probability s var Psvar := Ps,r,d and analyze the probability Psvar [Csvar = s]. To link the probability var spaces determined by Fvar for all s ≥ 1, we have the following result. s ×Fr,d and Ps var Lemma 4.1. Let s > 1, var ∈ {ind, nind} and let πs : Fvar s × Fr,d → Fs−1 × Fr,d be var var the mapping induced by the projection Fs → Fs−1 on the first s − 1 coordinates. var −1 var If S ⊂ Fvar s−1 × Fr,d , then Ps [πs (S)] = Ps−1 [S].
´ E. CESARATTO, G. MATERA, AND M. PEREZ
20
Proof. We first consider the case var = nind. Note that [ πs−1 (S) = {(a1 , . . . , as ) ∈ Fnind : (a1 , . . . , as−1 , F ) ∈ S} × {F } s F ∈Fr,d
[
=
[
{(a1 , . . . , as−1 )} × (Fqr−1 \ {a1 , . . . , as−1 }) × {F }.
nind F ∈Fr,d (a ,...,a 1 s−1 )∈Fs−1 : (a1 ,...,as−1 ,F )∈S
It follows that Psnind [πs−1 (S)] = =
1
X
X
Nsnind |Fr,d | F ∈Fr,d a∈Fnind s−1 :(a,F )∈S
(q r−1 − s + 1)
X 1 nind {a ∈ Fnind s−1 : (a, F ) ∈ S} = Ps−1 [S]. nind Ns−1 |Fr,d | F ∈F r,d
The identity
Psind [πs−1 (S)]
=
ind Ps−1 [S]
is shown by a similar argument.
�
According to the Kolmogorov extension theorem (see, e.g., [11, Chapter IV, Section 5, Extension Theorem]), the conditions of “consistency” of Lemma 4.1 imply that the probabilities Ps (s ≥ 1) can be put in a unified framework. More precisely, in the independent model we define Find := (Fqr−1 )N . For every s ≥ 1, denote by πs∞ : Find × Fr,d → Find s × Fr,d the mapping induced by the projection ind ind F → Fs on the first s coordinates. Then there exists a unique probability measure P ind defined on Find × Fr,d such that � � P ind (πs∞ )−1 (S) = Psind [S] × Fr,d . On the other hand, in the nonindependent model for every S ⊂ Find s nind r−1 and P we simply define Fnind := Fqnind := Pqnind In other words, for var ∈ r−1 . {ind, nind} there exists a probability measure P var defined on Fvar , which allows us to interpret consistently all the results of this paper. In the same vein, the sequence of variables (Csvar )s∈N is naturally extended to a random variable C var : Fvar × Fr,d → N ∪ {∞}. Consequently, we shall drop the subscript s from the notations Psvar and Csvar in what follows. For the analysis of the probability distribution of the number of searches, we express the probability P var [C var = s] in terms of probabilities concerning the random variables Ca,r,d : Fr,d → N, a ∈ Find s , which count the number of vertical strips that are searched when the choice for the first s vertical strips is a. As the result is a slight generalization of Lemma 2.3, we shall only sketch its proof. Lemma 4.2. For var ∈ {ind, nind}, we have X 1 P var [C var = s] = var pr,d [Ca,r,d = s]. Ns var a∈Fs
Proof. The set {C var = s} can be expressed as the following union of disjoint sets: [ {C var = s} = {a ∈ Fvar s : Ca,r,d (F ) = s} × {F }. F ∈Fr,d
Therefore, P var [C var = s] =
1
X {a ∈ Fvar s : Ca,r,d (F ) = s}
Nsvar |Fr,d | F ∈Fr,d
X {F ∈ Fr,d : Ca,r,d (F ) = s} 1 = var Ns |Fr,d | var a∈Fs
X 1 = var pr,d [Ca,r,d = s], Ns var a∈Fs
which shows the lemma.
�
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
21
In Theorem 3.11 we determine the asymptotic behavior of the probability pr,d [Ca,r,d = s] for “general” a. More precisely, let Bs ⊂ Find be the set of (3.4). s For each a ∈ Find \ B , the estimate of Theorem 3.11 holds. By (3.3) it follows s s that |Bs | = O(q s(r−1)−1 ), where the O–constant depends on s, d and r, but is independent of q. Now we are ready to estimate the probability P var [C var = s]. First we consider the nonindependent model. By the definition of Bs we easily conclude that Find s \ Bs ⊂ Fnind . Lemma 4.2 implies s X 1 P nind [C nind = s] = nind pr,d [Ca,r,d = s] Ns nind a∈Fs
= =
1
X
Nsnind a∈Fnind \Bs s 1
X
Nsnind a∈Find s \Bs
pr,d [Ca,r,d = s] +
1
X
Nsnind a∈B s
pr,d [Ca,r,d = s]
pr,d [Ca,r,d = s] + O(q −1 ).
� we have \ Bs . According to Theorem 3.11, for s ≤ d/2+r−1 Let a ∈ Find s r−1 s−1 −1 pr,d [Ca,r,d = s] = (1 − µd ) µd + O(q ). On the other hand, for p > 2 and � s−1 s ≤ d+r−3 µd + O(q −1/2 ). As a r−1 , it holds that pr,d [Ca,r,d = s] = (1 − µd ) consequence, we have the following result. � Theorem 4.3. For s ≤ d/2+r−1 , we have r−1 P nind [C nind = s] = (1 − µd )s−1 µd + O(q −1 ). � On the other hand, if p > 2 and s ≤ d+r−3 r−1 , then P nind [C nind = s] = (1 − µd )s−1 µd + O(q −1/2 ). Next we analyze the probability that s vertical strips are searched in the independent model. Given a := (a1 , . . . , as ) ∈ Find s , we denote by n(a) the maximum consists of the a ∈ Find number of ai which are pairwise distinct. In particular, Fnind s s ind with n(a) = s. Assume that s > 1 and let be given a ∈ Fs with n(a) = 1. Then pr,d [Ca,r,d = s] = 0, since all the elements of Fr,d having Fq –rational zeros on the vertical strip defined by as have also Fq –rational zeros on the vertical strip defined by a1 . As a consequence, we may write P ind [C ind = s] =
=
s 1 X Nsind j=2
X
pr,d [Ca,r,d = s]
a :n(a)=j
s−1 Nsnind nind nind 1 X P [C = s] + Nsind Nsind j=2
Nsind |{a
Find s
X
pr,d [Ca,r,d = s].
a :n(a)=j
1−r
Observe that ∈ : n(a) = j}| = O(q ) for 2 ≤ j ≤ s − 1. Therefore, from Theorem 4.3 we deduce the following result. � Theorem 4.4. For s ≤ d/2+r−1 , we have r−1 P ind [C ind = s] = (1 − µd )s−1 µd + O(q −1 ). � On the other hand, if p > 2 and s ≤ d+r−3 r−1 , then P ind [C ind = s] = (1 − µd )s−1 µd + O(q −1/2 ). 5. On the probability distribution of the outputs This section is devoted to the analysis of the probability distribution of the outputs of both variants of the SVS algorithm. For this purpose, following [3] (see also [2]), we use the concept of Shannon entropy. For F ∈ Fr,d , denote Z(F ) := {x ∈ Fqr : F (x) = 0} and N (F ) := |Z(F )|. We define a Shannon entropy HFvar
´ E. CESARATTO, G. MATERA, AND M. PEREZ
22
associated with F and a variant Avar of the SVS algorithm, with var ∈ {ind, nind}, as X var var (5.1) HFvar = −Px,F log(Px,F ), x∈Z(F ) var Px,F
where is the probability that the algorithm Avar outputs x on input F and log denotes the natural logarithm. It is well–known that HFvar ≤ log |Z(F )|, and var equality holds if and only if Px,F = 1/|Z(F )| for every x ∈ Z(F ). We shall consider the average entropy of both variants of the SVS algorithm when F runs through all the elements of Fr,d , namely X 1 (5.2) H var := HFvar . |Fr,d | F ∈Fr,d
For an “ideal” algorithm for the search of Fq –rational zeros of elements of Fr,d , from the point of view of the probability distribution of outputs, and F ∈ Fr,d , the ideal probability Px,F that a given x ∈ Z(F ) occurs as output is equal to 1/N (F ). As a consequence, according to the definition (5.1), the corresponding entropy is X X log N (F ) ideal ideal HFideal := −Px,F log(Px,F )= = log N (F ). N (F ) x∈Z(F )
x∈Z(F )
By the concavity of the function x 7→ log x and (1.1), we conclude that ! P X 1 F ∈Fr,d N (F ) ideal ideal (5.3) H := = log(q r−1 ), HF ≤ log |Fr,d | |Fr,d | F ∈Fr,d
where the last identity is due to (1.1). In our analysis below, we shall exhibit lower bounds on the average entropy H var with var ∈ {ind, nind} which nearly match this upper bound. 5.1. On the number of vertical strips. As it will become apparent, a critical point in the study of the behavior of H var for var ∈ {ind, nind} is the analysis of the probability distribution of the random variable N S : Fr,d → Z≥0 which counts the number of vertical strips of the elements of Fr,d . Recall that, for an element F ∈ Fr,d , we denote by V S(F ) the set of vertical strips where F has an Fq –rational zero and by N S(F ) its cardinality, that is, V S(F ) := {a ∈ Fqr−1 : (∃ xr ∈ Fq ) F (a, xr ) = 0},
N S(F ) := |V S(F )|.
We start with the following result, which concerns the average number N S(r, d) of vertical strips in Fr,d , namely X 1 N S(r, d) := N S(F ). |Fr,d | F ∈Fr,d
Lemma 5.1. The number N S(r, d) satisfies � � � � d X q r−1−k q − 1 r−d−2 N S(r, d) = (−1)k−1 q + (−1)d q k d k=1
= µd q r−1 + O(q r−2 ). Proof. According to (2.1), N S(r, d) = q r−1 P [C = 1]. Then the first assertion of the lemma follows immediately from Theorem 2.1. The second assertion follows from Corollary 2.2. � Next we determine the variance N S2 (r, d) of the random variable which counts the number of vertical strips of the elements of Fr,d , that is, X X �2 1 1 N S2 (r, d) := N S(F )−N S(r, d) = N S(F )2 −N S(r, d)2 . |Fr,d | |Fr,d | F ∈Fr,d
F ∈Fr,d
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
23
Proposition 5.2. The variance N S2 (r, d) satisfies �2 N S2 (r, d) = −q 1−r N S(r, d) + N S(r, d) = µd (1 − µd ) q r−1 + O(q r−2 ). r−1 r−1 Proof. Recall the notations Find × Fqr−1 , Fnind := Find } 2 := Fq 2 2 \ {(a, a) : a ∈ Fq nind nind and N2 := |F2 |. Fix F ∈ Fr,d . We have [ . {(a1 , a2 ) ∈ Find : F (a , x) = F (a , y) = 0} N S(F )2 = 1 2 2 x,y∈Fq
Then the inclusion–exclusion principle implies X
N S(F )2 =
F ∈Fr,d
q X q X X
F ∈Fr,d j=1 k=1
=
q X q X
X X
(−1)j+k
S(Xj , Yk )
Xj ⊂Fq Yk ⊂Fq
(−1)j+k
X X
X
S(Xj , Yk ),
Xj ⊂Fq Yk ⊂Fq F ∈Fr,d
j=1 k=1
where Xj and Yk run through all the subsets of Fq of cardinality j and k, respectively, and, for arbitrary subsets X ⊂ Fq and Y ⊂ Fq , S(X , Y) := {(a1 , a2 ) ∈ Find 2 : (∀x ∈ X )(∀x ∈ Y) F (a1 , x) = 0, F (a2 , y) = 0} . For a := (a1 , a2 ) ∈ Find and subsets X ⊂ Fq and Y ⊂ Fq , denote 2 Sa (X , Y) := {F ∈ Fr,d : (∀x ∈ X )(∀x ∈ Y) F (a1 , x) = 0, F (a2 , y) = 0}. It follows that q X q X X X X 2 N S(F ) = (−1)j+k F ∈Fr,d
|Sa (Xj , Yk )|
Xj ⊂Fq Yk ⊂Fq a∈Find 2
j=1 k=1
=
X
q X q X X
(−1)j+k
j=1 k=1 a∈Find 2
X X
|Sa (Xj , Yk )| =:
Xj ⊂Fq Yk ⊂Fq
X
Na,2 ,
a∈Find 2
where Na,2 is defined as in (2.6). If a ∈ Fnind , then the claim in the proof of 2 Proposition 2.4 asserts that �2 Na,2 = P [C = 1] . |Fr,d | nind On the other hand, for (a, a) ∈ Find , by elementary calculations it can be 2 \ F2 seen that q X q q X X X X X N(a,a),2 := (−1)j+k |S(a,a) (Xj , Yk )| = (−1)j−1 |Sa (Xj )|, j=1 k=1
Xj ⊂Fq Yk ⊂Fq
Xj ⊂Fq
j=1
where Sa (Z) := {F ∈ Fr,d : (∀z ∈ Z) F (a, z) = 0} for any subset Z ⊂ Fq . As a consequence, q X X Na,2 X X X 1 1 N S(F )2 = + (−1)j−1 |Sa (Xj )| |Fr,d | |Fr,d | |Fr,d | r−1 j=1 nind F ∈Fr,d
a∈F2
= N2nind
Xj ⊂Fq
a∈Fq
�2 q 1−r N S(r, d) +
1 |Fr,d |
X
N S(F ).
F ∈Fr,d
The statement of the proposition follows easily from Lemma 5.1.
�
As a consequence of the Chebyshev inequality we obtain a lower bound on the number of F ∈ Fr,d whose number N S(F ) of vertical strips differs roughly a half from the expected value N S(r, d). Corollary 5.3. The number of F ∈ Fr,d for which N S(F ) ≤ N S(r, d)/2 is at most O(q Fr,d −r+1 ).
24
´ E. CESARATTO, G. MATERA, AND M. PEREZ
Proof. By Lemma 5.1 and Proposition 5.2, the Chebyshev inequality implies � � � 4 1 − q 1−r N S(r, d) N S(r, d) pr,d |N S(F ) − N S(r, d)| ≥ ≤ . 2 N S(r, d) Taking into account that � 4 1 − q 1−r N S(r, d) 4(1 − µd ) 1−r = q + O(q −r ), N S(r, d) µd the corollary readily follows.
�
5.2. A lower bound for the entropy in both models. In order to analyze the var Shannon entropy (5.2), it is necessary to determine the probability Px,F that an r element x := (a, x) ∈ Fq occurs as output of the SVS algorithm on input F ∈ Fr,d . Given an input polynomial F ∈ Fr,d , and the vertical strip defined by an element a ∈ Fqr−1 , the SVS algorithm proceeds to search for Fq –rational zeros of the univariate polynomial f := F (a, T ). If this search is done using the randomized algorithm of Cantor and Zassenhaus (see [6]), then all the Fq –rational zeros of f are equiprobable. Indeed, the algorithm splits f recursively into two factors, one of which is gcd(T (q−1)/2 − 1, f (T + b)) for a random b ∈ Fq , and continues with the smaller factor. In the sequel we shall assume that the search of roots in Fq of elements of F1,d is performed using a randomized algorithm of the Cantor–Zassenhaus type for which all outputs are equiprobable. For the analysis of the distribution of outputs, we slightly modify the probabilistic model considered so far. For a suitable rd ∈ N, denote by Ωd ⊂ Fqrd the set of all possible random choices of elements of Fq made by the routine of the SVS algorithm which searches for Fq –rational zeros of the elements of F1,d . We consider Ωd with the uniform probability, Fvar × Fr,d with the probability measure P var defined in Section 4 for var ∈ {ind, nind}, and the space Fvar × Fr,d × Ωd with the product probability PΩvar . Finally, we shall consider probabilities related to the d var : Fvar × Fr,d × Ωd → Fqr ∪ {∅} defined in the following way: random variable Cout for a triple (a, F, γ) ∈ Fvar × Fr,d × Ωd , if F has an Fq –rational zero on any of the vertical strips defined by a, and aj is the first vertical strip with this property, var then Cout (a, F, γ) := (aj , x), where x ∈ Fq is the zero of F (aj , T ) computed by the corresponding routine in the SVS algorithm determined by the random choice var var γ. Otherwise, we define Cout (a, F, γ) := ∅. In these terms, the probability Px,F r that an element x := (a, x) ∈ Fq occurs as output of the SVS algorithm on in� var � put F ∈ Fr,d may be expressed as the conditional probability PΩvar Cout = x|F , d namely � var � � var � PΩvar {Cout = x} ∩ (Fvar × {F } × Ωd ) var var d � � Px,F := PΩd Cout = x|F := . PΩvar Fvar × {F } × Ωd d var Now we are ready to determine the probability Px,F in both models. For this purpose, we shall denote by Na (F ) the number of Fq –rational zeros of F in the vertical strip defined by a, i.e.,
Na (F ) := |{x ∈ Fq : F (a, x) = 0}|. We have the following result. Lemma 5.4. Let F ∈ Fr,d , x := (a, x) ∈ Z(F ) and var ∈ {ind, nind}. Then var Px,F =
1 . N S(F ) Na (F )
Proof. In both models, if x occurs as output at the jth step, then the SVS algorithm must have chosen elements a1 , . . . , aj−1 for the first j − 1 searches such that Nak (F ) = 0 for 1 ≤ k ≤ j − 1, and the element a for the jth search. Finally, the routine searching for roots in Fq of F (a, T ) must output x, which occurs with probability 1/Na (F ).
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
25
Now we consider the independent model. Given k ∈ N, the probability of choosing ak with Nak (F ) = 0 is equal to 1/(q r−1 − N S(F )). As a consequence, � r−1 �j−1 1 q − N S(F ) · r−1 . P ind (Na1 (F ) = 0, . . . , Naj−1 (F ) = 0, aj = a|F ) = q r−1 q Since the number of steps may be arbitrarily large, it follows that ∞ X ind Px,F = P ind (Na1 (F ) = 0, . . . , Naj−1 (F ) = 0, aj = a|F ) · j=1 ∞
X 1 = r−1 q Na (F ) j=1
�
q r−1 − N S(F ) q r−1
�j−1 =
1 Na (F )
1 . N S(F ) Na (F )
This shows the assertion of the lemma in the independent model. Next we consider the nonindependent model. Recall that, in this model, the element aj ∈ Fqr−1 for the jth search is randomly chosen among the elements of Fqr−1 \ {a1 , . . . , aj−1 } with equiprobability. Therefore, if a arises as the choice for the jth step, then the SVS algorithm must have chosen pairwise–distinct elements a1 , . . . , aj−1 ∈ Fqr−1 \ N S(F ) for the first j − 1 searches. The probability of these choices is � j−2 Y� 1 N S(F ) · r−1 P nind (Na1 (F ) = 0, . . . , Naj−1 (F ) = 0, aj = a|F ) = 1 − r−1 q −k q −j+1 k=0 � q r−1 −N S(F ) 1 j−1 = r−1 � . q r−1 −1 q j−1
r−1
Fqr−1
As there are q − N S(F ) elements b ∈ with Nb (F ) = 0, the algorithm performs at most q r−1 − N S(F ) + 1 searches. Finally, when the element a is chosen, the probability to find x as the root in Fq of F (a, T ) is equal to 1/Na (F ). It follows that q r−1 −N S(F )+1 nind Px,F
=
X
P nind (Na1 (F ) = 0, . . . , Naj−1 (F ) = 0, aj = a|F ) ·
j=1
1 = r−1 q Na (F )
q r−1 −N S(F )
X j=0
q r−1 −N S(F ) j � q r−1 −1 j
1 Na (F )
� .
According to, e.g., [13, §5.2, Problem 1], q r−1 −N S(F )
X j=0
q r−1 −N S(F ) j � q r−1 −1 j
� =
q r−1 . N S(F )
We conclude that q r−1 1 = . N S(F ) N S(F ) Na (F ) This completes the proof of the lemma. nind Px,F =
1
q r−1 Na (F )
�
var As a consequence of Lemma 5.4, we see that the probability Px,F that an arbitrary element x ∈ Fqr occurs as output of the SVS algorithm is the same in both models. Therefore, the entropy HFvar will be the same in both models. For this reason, we shall drop the superscript var ∈ {ind, nind} and consider the entropy � X log N S(F ) Na (F ) . (5.4) HF = N S(F ) Na (F ) (a,x)∈Z(F )
We shall determine the asymptotic behavior of the average entropy � X X X log N S(F ) Na (F ) 1 1 H := HF = . |Fr,d | |Fr,d | N S(F ) Na (F ) F ∈Fr,d
F ∈Fr,d (a,x)∈Z(F )
´ E. CESARATTO, G. MATERA, AND M. PEREZ
26
Observe that X (5.5)
X
1=
F ∈Fr,d (a,xr )∈Z(F )
X
|{F ∈ Fr,d : F (a, x) = 0}| = q dim Fr,d +r−1
(a,x)∈Fqr
Further, the function f : (0, +∞) → R, f (x) := log x/x is increasing in the interval [e, +∞) and convex in the interval [e3/2 , +∞). By Corollary 5.3, the probability of the set of F ∈ Fr,d having up to e3/2 = 4.48 . . . vertical strips is O(q 1−r ). Therefore, we have X X X X log(N S(F ) N (F )) a 1 N S(F ) Na (F ) H=
F ∈Fr,d (a,x)∈Z(F )
F ∈Fr,d (a,x)∈Z(F )
|Fr,d |
X
X
1
F ∈Fr,d (a,x)∈Z(F )
X
X
N S(F ) Na (F )
F ∈F (a,x)∈Z(F ) r,d X X ≥ q r−1 f
(5.6)
1
(1 + O(q 1−r )).
F ∈Fr,d (a,x)∈Z(F )
Next we analyze the numerator X N :=
X
N S(F ) Na (F )
F ∈Fr,d (a,x)∈Z(F )
in the argument of f in the last expression. Lemma 5.5. We have N = 2 µd q 2r−2+dim Fr,d (1 + O(q −1 )). Proof. For F ∈ Fr,d and a ∈ V S(F ), we have [ r−1 {a ∈ Fq : F (a, x) = 0} , Na (F ) = |{x ∈ Fq : F (a, x) = 0}| . N S(F ) = x∈Fq
As a consequence, X X N =
X
[ r−1 {b ∈ Fq : F (b, z) = 0}
F ∈Fr,d (a,x)∈Fqr z∈Fq y∈Fq F (a,x)=0 F (a,y)=0
=
X
X
X
q X
(−1)k−1
F ∈Fr,d (a,x)∈Fqr k=1 y∈Fq F (a,x)=0 F (a,y)=0
=
q X
(−1)k−1
X XX X
X {b ∈ Fqr−1 : F (b, T )|Z ≡ 0} k Zk ⊂Fq |Zk |=k
Na,x,y,Zk ,
a∈Fqr−1 x∈Fq y∈Fq Zk ⊂Fq |Zk |=k
k=1
where X
Na,x,y,Zk :=
{b ∈ Fqr−1 : F (b, T )|Z ≡ 0} k
F ∈Fr,d F (a,x)=F (a,y)=0
=
X {F ∈ Fr,d : F (a, x) = 0, F (a, y) = 0, F (b, T )|Z ≡ 0} . k b∈Fqr−1
Suppose that k ≤ d. For b 6= a and x 6= y, the equalities F (a, x) = 0, F (a, y) = 0, F (b, T )|Zk ≡ 0 are linearly–independent conditions on the coefficients of F . If b 6= a and x = y, then we have k + 1 linearly–independent conditions. Finally, for b = a, the number of linearly–independent conditions depends on the size of the intersection {x, y} ∩ Zk . It follows that Na,x,y,Zk = (q r−1 − 1) q dim Fr,d −k−|{x,y}| + q dim Fr,d −min{d+1,|{x,y}∪Zk |} .
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
27
Therefore, by elementary calculations we obtain � � � � XX X q dim Fr,d −k q 2 − q q + (1 + O(q 1−r )) Na,x,y,Zk = (q r−1 − 1) q k q2 q x∈Fq y∈Fq Zk ⊂Fq |Zk |=k
� � 2q − 1 r−1 q dim Fr,d −k = (q − 1) q (1 + O(q 1−r )). q k Now assume that k > d. Then the condition F (b, T )|Zk ≡ 0 is equivalent to F (b, T ) = 0. Arguing as above, we deduce that � � XX X q dim Fr,d −(d+1) 2q − 1 r−1 (q − 1) q (1 + O(q 1−r )). Na,x,y,Zk = q k x∈Fq y∈Fq Zk ⊂Fq |Zk |=k
Putting these equalities together and using (2.4), we obtain 2q − 1 (1 − q 1−r ) 2q �X � � � � � q d X k−1 q −k k−1 q −d−1 (−1) q + (−1) q (1 + O(q 1−r )) k k
N =2q 2r−2+dim Fr,d
k=1
=2 µd q
k=d+1
2r−2+dim Fr,d
(1 + O(q −1 )).
This finishes the proof of the lemma.
�
Combining (5.6) with (5.5) and Lemma 5.5, it follows that � � 2 µd q 2r−2+dim Fr,d (1 + O(q −1 )) r−1 (1 + O(q 1−r )). H≥q f q r−1+dim Fr,d In other words, we have the following result. Theorem 5.6. If H denotes the average entropy for any of the models of generation of vertical strips, then 1 H≥ log(q r−1 )(1 + O(q −1 )). 2µd Recall that, according to (5.3), for an algorithm for which the outputs are equidistributed we have the upper bound H ≤ log(q r−1 ). For large d we have 1 1 ≈ 0.79. ≈ 2µd 2(1 − e−1 ) We may therefore paraphrase Theorem 5.6 as saying that any of the variants of the SVS algorithm under consideration is at least 79 per cent as good as any “ideal” algorithm. 6. Simulations on test examples Now we describe the results on the distribution of the number of searches that were obtained by executing the SVS algorithm on random samples of elements Fr,d , for given values of q, r and d. Recall that C var : Fvar × Fr,d 7→ N ∪ {∞} denotes the random variable which counts the number of searches that are performed for all possible choices of vertical strips, with or without repetitions according to the model var ∈ {ind, nind}. Theorems 4.3 and 4.4 shows that P var [C var = s] ≈ (1 − µd )s−1 µd . The simulations we exhibit were aimed to test whether the right–hand side of the previous expression approximates the left–hand side on the examples that were considered. For this purpose, given a random sample S ⊂ Fr,d and a ∈ Fvar s , we shall use the following notations: var pvar a := pr,d [S ∩ Ca,r,d = s],
pbs := (1 − µd )s−1 µd .
´ E. CESARATTO, G. MATERA, AND M. PEREZ
28
We shall take N := 30 choices of a ∈ Fvar s , and compute the sample means µind := s
N X pind a i=1
N
,
µnind := s
N X pnind a i=1
N
.
Furthermore, we shall consider the corresponding relative errors: |µnind − pbs | |µind bs | s s −p nind , � := . s nind µind µ s s We shall only consider relatively moderate values of s, since for higher values of nind s the probabilities pind are so small that the corresponding information a and pa becomes uninteresting. �ind := s
6.1. Examples with q := 67 and r := 2. In this section we consider random samples of bivariate polynomials with coefficients in the finite field F67 . In Table 1 we consider a random sample S of 1000000 polynomials of F67 [X1 , X2 ] of degree at most d := 30 and analyze how many vertical strips are searched on this sample. Therefore, we have pbs := (1 − µ30 )s−1 µ30 , where µ30 := 0.6321205588 . . . . Table 1. Random sample with q = 67, r = 2 and d = 30. s 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
µind s 0.634698 0.185658 0.114003 0.04165 0.015201 0.005168 0.001574 0.001259 0.000501 0.000178 0.000058 0.000025 0.000017 0.000003 0.000005
µnind s 0.635031 0.231664 0.084627 0.030921 0.011279 0.004101 0.001509 0.000553 0.000199 0.000076 0.000025 0.000010 0.000038 0.000011 0.000001
pbs 0.632121 0.232544 0.085548 0.031471 0.011578 0.004259 0.001567 0.000576 0.000212 0.000078 0.000029 0.000011 0.000003 0.000001 0.000001
�ind s 0.004061 0.252542 0.249588 0.244378 0.238349 0.175788 0.004656 0.541979 0.576572 0.562479 0.511103 0.577700 0.775498 0.579764 0.902662
�nind s 0.004583 0.003799 0.010889 0.017789 0.026473 0.038575 0.038166 0.042349 0.067918 0.030513 0.161872 0.038441 0.022074 0.339501 0.051253
Our second example concerns a sample 1000000 polynomials of F67 [X1 , X2 ] of degree at most d := 5. Therefore, we have pbs := (1 − µ5 )s−1 µ5 , where µ5 := 0.6333333 . . . . The corresponding results are summarized in Table 2. 6.2. Examples with q := 11 and r := 2. Next we consider random samples of polynomials of F11 [X1 , X2 ]. Our first example is a sample of 1000000 polynomials of degree at most d := 3. On the other hand, we consider a further sample of 1000000 polynomials of degree at most d := 8. Results are given in Tables 3 and 4 respectively.
6.3. Examples with r = 3 and q := 11, q := 67 and q := 8. Finally, we consider two samples of 1000000 polynomials of Fq [X1 , X2 , X3 ]. The first sample contains polynomials of degree at most d := 5 with coefficients in F11 , while the second one contains polynomials of degree at most d := 5 with coefficients in F67 . Results are exhibited in Tables 5 and 6 respectively.
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
29
Table 2. Random sample with q = 67, r = 2 and d = 5. s 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
µind s 0.635736 0.231624 0.081522 0.030461 0.012368 0.004872 0.001932 0.000903 0.000349 0.000131 0.000049 0.000025 0.000015 0.000007 0.000003
µnind s 0.635885 0.231459 0.084318 0.030727 0.011188 0.004091 0.001481 0.000543 0.000195 0.000069 0.000029 0.000009 0.000003 0.000002 0.000001
pbs 0.633333 0.232222 0.085148 0.031221 0.011448 0.004197 0.001539 0.000564 0.000207 0.000076 0.000028 0.000010 0.000003 0.000001 0.000001
�ind s 0.003778 0.002582 0.044487 0.024966 0.074405 0.138482 0.203540 0.375166 0.408009 0.421127 0.432258 0.593068 0.743825 0.805016 0.842862
�nind s 0.004012 0.003298 0.009844 0.016085 0.023224 0.025996 0.039029 0.040109 0.056976 0.085938 0.030685 0.129198 0.133380 0.085740 0.057169
Table 3. Random sample with q = 11, r = 2 and d = 3. s 1 2 3 4 5 6
µind s 0.661352 0.215778 0.073214 0.019652 0.015875 0.007855
µnind s 0.661205 0.223355 0.075859 0, 025931 0.008932 0.003059
pbs 0.666666 0.222222 0.074074 0.024691 0.008230 0.002743
�ind s 0.008036 0.029865 0.011752 0.256421 0.481548 0.650716
�nind s 0.008260 0.005071 0.023530 0.047821 0.078591 0.103016
Table 4. Random sample with q = 11, r = 2 and d = 8. s 1 2 3 4 5 6
µind s 0.649549 0.212382 0.060788 0.038429 0.014678 0.009916
µnind s 0.649403 0.227706 0.079794 0.027974 0.009829 0.003444
pbs 0.632118 0.232545 0.085549 0.031472 0.011578 0.004259
�ind s 0.026835 0.094936 0.407326 0.181043 0.211189 0.570442
�nind s 0.026617 0.021249 0.072113 0.125043 0.177915 0.236641
We end this section by considering random samples of polynomials with coefficients in a non–prime field, namely F8 [X1 , X2 , X3 ]. In Table 7 the results for a sample of 100000 polynomials of degree at most d := 3 are exhibited. Summarizing, the results of Tables 1–7 show that the behavior predicted by the asymptotic estimates of Theorems 4.3 and 4.4 can also be appreciated in the numerical experiments we performed. In general, it seems that experiments using the non–independent model fit better the main term of our asymptotic estimates. Nevertheless, as the cost of the SVS algorithm grows exponentially with the number r of variables under consideration, our experiments only considered the cases r = 2 and r = 3. References 1. E. Bach, Realistic analysis of some randomized algorithms, J. Comput. System Sci. 42 (1991), 30–53.
´ E. CESARATTO, G. MATERA, AND M. PEREZ
30
Table 5. Random sample with q = 11, r = 3 and d = 5. s 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
µind s 0.649683 0.227548 0.077141 0.029618 0.010095 0.003725 0.001347 0.000545 0.000192 0.000068 0.000022 0.000011 0.000004 0.000001 0.000001
µnind s 0.649494 0.227637 0.079769 0.027999 0.009822 0.003419 0.001213 0.000421 0.000149 0.000050 0.000017 0.000002 0.000002 0.000001 0.000000
pbs 0.633333 0.232222 0.085148 0.031221 0.011448 0.004198 0.001539 0.000564 0.000207 0.000076 0.000028 0.000010 0.000004 0.000001 0.000001
�ind s 0.025166 0.020543 0.103804 0.054119 0.133993 0.126953 0.142230 0.035909 0.078273 0.119590 0.281997 0.052593 0.072689 0.210049 0.206037
�nind s 0.024881 0.020145 0.067430 0.115075 0.165519 0.227683 0.269344 0.340555 0.382851 0.504379 0.662509 0.500062 0.726225 0.523767 2.017058
Table 6. Random sample with q = 67, r = 3 and d = 5. s 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
µind s 0.635842 0.231469 0.084408 0.030693 0.011192 0.004061 0.001485 0.000526 0.000205 0.000076 0.000027 0.000009 0.000004 0.000002 0.000000
µnind s 0.635802 0.231571 0.084285 0.030732 0.011192 0.004081 0.001482 0.000541 0.000199 0.000071 0.000027 0.000010 0.000003 0.000001 0.000000
pbs 0.633333 0.232222 0.085148 0.031221 0.011447 0.004197 0.001539 0.000564 0.000207 0.000076 0.000028 0.000010 0.000004 0.000001 0.000001
�ind s 0.003945 0.003255 0.008764 0.017209 0.022803 0.033550 0.036417 0.073753 0.007567 0.002699 0.026543 0.066246 0.064961 0.124645 0.508529
�nind s 0.003883 0.002810 0.010237 0.015898 0.022809 0.028645 0.038865 0.042865 0.039628 0.062618 0.017780 0.003320 0.078891 0.111938 0.257107
Table 7. Random sample with q = 8, r = 3 and d = 3. s 1 2 3 4 5 6
µind s 0.663445 0.200555 0.075050 0.031267 0.016340 0.005855
µnind s 0.662976 0.223378 0.075137 0.025553 0.008646 0.002822
pbs 0.666666 0.222222 0.074074 0.024691 0.008230 0.002743
�ind s 0.004855 0.108038 0.013008 0.210306 0.496310 0.531402
�nind s 0.005566 0.005176 0.014151 0.033719 0.048099 0.027708
2. C. Beltr´ an and A. Leykin, Certified numerical homotopy tracking, Exp. Math. 21 (2012), no. 1, 69–83. 3. C. Beltr´ an and L.M. Pardo, Fast linear homotopy to find approximate zeros of polynomial systems, Found. Comput. Math. 11 (2011), 95–129. 4. B. Birch and H. Swinnerton-Dyer, Note on a problem of Chowla, Acta Arith. 5 (1959), no. 4, 417–423. 5. A. Cafure and G. Matera, Improved explicit estimates on the number of solutions of equations over a finite field, Finite Fields Appl. 12 (2006), no. 2, 155–185.
COMPUTATION OF RATIONAL POINTS ON HYPERSURFACES
31
6. D.G. Cantor and H. Zassenhaus, A new algorithm for factoring polynomials over finite fields, Math. Comp. 36 (1981), 587–592. 7. E. Cesaratto, G. Matera, M. P´ erez, and M. Privitelli, On the value set of small families of polynomials over a finite field, I, J. Combin. Theory Ser. A 124 (2014), no. 4, 203–227. 8. S. Cohen, Uniform distribution of polynomials over finite fields, J. Lond. Math. Soc. (2) 6 (1972), no. 1, 93–102. 9. , The values of a polynomial over a finite field, Glasg. Math. J. 14 (1973), no. 2, 205–208. 10. C. D’Andrea and L. Tabera, Tropicalization and irreducibility of generalized Vandermonde determinants, Proc. Amer. Math. Soc. 137 (2009), no. 11, 3647–3656. 11. W. Feller, An introduction to probability theory and its applications. Vol. II, 2nd ed., John Wiley and Sons, Inc., New York. 12. P. Flajolet and R. Sedgewick, Analytic combinatorics, Cambridge Univ. Press, Cambridge, 2008. 13. R. Graham, D. Knuth, and O. Patashnik, Concrete mathematics: a foundation for computer science, 2nd ed., Addison–Wesley, Reading, Massachusetts, 1994. 14. A. Knopfmacher and J. Knopfmacher, Counting polynomials with a given number of zeros in a finite field, Linear Multilinear Algebra 26 (1990), no. 4, 287–292. 15. R. Lidl and H. Niederreiter, Finite fields, Addison–Wesley, Reading, Massachusetts, 1983. 16. G. Matera, M. P´ erez, and M. Privitelli, On the value set of small families of polynomials over a finite field, II, Acta Arith. 165 (2014), no. 2, 141–179. 17. G. Mullen and D. Panario, Handbook of finite fields, CRC Press, Boca Raton, FL, 2013. 18. S. Uchiyama, Note on the mean value of V (f ), Proc. Japan Acad. 31 (1955), no. 4, 199–201. 19. , Note on the mean value of V (f ). II, Proc. Japan Acad. 31 (1955), no. 6, 321–323. 20. J. von zur Gathen and J. Gerhard, Modern computer algebra, Cambridge Univ. Press, Cambridge, 1999. 21. J. von zur Gathen, I. Shparlinski, and A. Sinclair, Finding points on curves over finite fields, SIAM J. Comput. 32 (2003), no. 6, 1436–1448. 22. J. von zur Gathen, A. Viola, and K. Ziegler, Counting reducible, powerful, and relatively irreducible multivariate polynomials over finite fields, SIAM J. Discrete Math. 27 (2013), no. 2, 855–891. 1 Instituto del Desarrollo Humano, Universidad Nacional de General Sarmiento, ´rrez 1150 (B1613GSX) Los Polvorines, Buenos Aires, Argentina J.M. Gutie E-mail address: {ecesarat, gmatera, vperez}@ungs.edu.ar 2
National Council of Science and Technology (CONICET), Argentina
