Block Wiedemann algorithm
The block Wiedemann algorithm for computing kernel vectors of a matrix over a finite field is a generalization by Don Coppersmith of an algorithm due to Doug Wiedemann.
Wiedemann's algorithm
Let [math]\displaystyle{ M }[/math] be an [math]\displaystyle{ n\times n }[/math] square matrix over some finite field F, let [math]\displaystyle{ x_{\mathrm {base}} }[/math] be a random vector of length [math]\displaystyle{ n }[/math], and let [math]\displaystyle{ x = M x_{\mathrm {base}} }[/math]. Consider the sequence of vectors [math]\displaystyle{ S = \left[x, Mx, M^2x, \ldots\right] }[/math] obtained by repeatedly multiplying the vector by the matrix [math]\displaystyle{ M }[/math]; let [math]\displaystyle{ y }[/math] be any other vector of length [math]\displaystyle{ n }[/math], and consider the sequence of finite-field elements [math]\displaystyle{ S_y = \left[y \cdot x, y \cdot Mx, y \cdot M^2x \ldots\right] }[/math]
We know that the matrix [math]\displaystyle{ M }[/math] has a minimal polynomial; by the Cayley–Hamilton theorem we know that this polynomial is of degree (which we will call [math]\displaystyle{ n_0 }[/math]) no more than [math]\displaystyle{ n }[/math]. Say [math]\displaystyle{ \sum_{r=0}^{n_0} p_rM^r = 0 }[/math]. Then [math]\displaystyle{ \sum_{r=0}^{n_0} y \cdot (p_r (M^r x)) = 0 }[/math]; so the minimal polynomial of the matrix annihilates the sequence [math]\displaystyle{ S }[/math] and hence [math]\displaystyle{ S_y }[/math].
But the Berlekamp–Massey algorithm allows us to calculate relatively efficiently some sequence [math]\displaystyle{ q_0 \ldots q_L }[/math] with [math]\displaystyle{ \sum_{i=0}^L q_i S_y[{i+r}]=0 \;\forall \; r }[/math]. Our hope is that this sequence, which by construction annihilates [math]\displaystyle{ y \cdot S }[/math], actually annihilates [math]\displaystyle{ S }[/math]; so we have [math]\displaystyle{ \sum_{i=0}^L q_i M^i x = 0 }[/math]. We then take advantage of the initial definition of [math]\displaystyle{ x }[/math] to say [math]\displaystyle{ M \sum_{i=0}^L q_i M^i x_{\mathrm {base}} = 0 }[/math] and so [math]\displaystyle{ \sum_{i=0}^L q_i M^i x_{\mathrm {base}} }[/math] is a hopefully non-zero kernel vector of [math]\displaystyle{ M }[/math].
The block Wiedemann (or Coppersmith-Wiedemann) algorithm
The natural implementation of sparse matrix arithmetic on a computer makes it easy to compute the sequence S in parallel for a number of vectors equal to the width of a machine word – indeed, it will normally take no longer to compute for that many vectors than for one. If you have several processors, you can compute the sequence S for a different set of random vectors in parallel on all the computers.
It turns out, by a generalization of the Berlekamp–Massey algorithm to provide a sequence of small matrices, that you can take the sequence produced for a large number of vectors and generate a kernel vector of the original large matrix. You need to compute [math]\displaystyle{ y_i \cdot M^t x_j }[/math] for some [math]\displaystyle{ i = 0 \ldots i_\max, j=0 \ldots j_\max, t = 0 \ldots t_\max }[/math] where [math]\displaystyle{ i_\max, j_\max, t_\max }[/math] need to satisfy [math]\displaystyle{ t_\max \gt \frac{d}{i_\max} + \frac{d}{j_\max} + O(1) }[/math] and [math]\displaystyle{ y_i }[/math] are a series of vectors of length n; but in practice you can take [math]\displaystyle{ y_i }[/math] as a sequence of unit vectors and simply write out the first [math]\displaystyle{ i_\max }[/math] entries in your vectors at each time t.
Invariant Factor Calculation
The block Wiedemann algorithm can be used to calculate the leading invariant factors of the matrix, ie, the largest blocks of the Frobenius normal form. Given [math]\displaystyle{ M \in F_q^{n \times n} }[/math] and [math]\displaystyle{ U, V \in F_q^{b \times n} }[/math] where [math]\displaystyle{ F_q }[/math] is a finite field of size [math]\displaystyle{ q }[/math], the probability [math]\displaystyle{ p }[/math] that the leading [math]\displaystyle{ k \lt b }[/math] invariant factors of [math]\displaystyle{ M }[/math] are preserved in [math]\displaystyle{ \sum_{i=0}^{2n-1}UM^iV^T x^i }[/math] is
[math]\displaystyle{ p \geq \begin{cases} 1/64, & \text{if }b = k+1\text{ and } q=2 \\ \left( 1 - \frac{3}{2^{b-k}} \right)^2 \geq 1/16 & \text{if }b \geq k+2\text{ and } q=2 \\ \left( 1 - \frac{2}{q^{b-k}} \right)^2 \geq 1/9 & \text{if }b \geq k+1\text{ and }q \gt 2\end{cases} }[/math].[1]
References
- ↑ Harrison, Gavin; Johnson, Jeremy; Saunders, B. David (2022-01-01). "Probabilistic analysis of block Wiedemann for leading invariant factors" (in en). Journal of Symbolic Computation 108: 98–116. doi:10.1016/j.jsc.2021.06.005. ISSN 0747-7171. https://www.sciencedirect.com/science/article/pii/S0747717121000419.
- Wiedemann, D., "Solving sparse linear equations over finite fields," IEEE Trans. Inf. Theory IT-32, pp. 54-62, 1986.
- D. Coppersmith, Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm, Math. Comp. 62 (1994), 333-350.
- Villard's 1997 research report 'A study of Coppersmith's block Wiedemann algorithm using matrix polynomials' (the cover material is in French but the content in English) is a reasonable description.
- Thomé's paper 'Subquadratic computation of vector generating polynomials and improvement of the block Wiedemann algorithm' uses a more sophisticated FFT-based algorithm for computing the vector generating polynomials, and describes a practical implementation with imax = jmax = 4 used to compute a kernel vector of a 484603×484603 matrix of entries modulo 2607−1, and hence to compute discrete logarithms in the field GF(2607).
 |  |
