L-notation

From HandWiki
Revision as of 22:34, 6 March 2023 by Jport (talk | contribs) (fixing)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Short description: Notation describing limiting behavior in computational number theory

L-notation is an asymptotic notation analogous to big-O notation, denoted as [math]\displaystyle{ L_n[\alpha,c] }[/math] for a bound variable [math]\displaystyle{ n }[/math] tending to infinity. Like big-O notation, it is usually used to roughly convey the rate of growth of a function, such as the computational complexity of a particular algorithm.

Definition

It is defined as

[math]\displaystyle{ L_n[\alpha,c]=e^{(c+o(1))(\ln n)^\alpha(\ln\ln n)^{1-\alpha}} }[/math]

where c is a positive constant, and [math]\displaystyle{ \alpha }[/math] is a constant [math]\displaystyle{ 0 \leq \alpha \leq 1 }[/math].

L-notation is used mostly in computational number theory, to express the complexity of algorithms for difficult number theory problems, e.g. sieves for integer factorization and methods for solving discrete logarithms. The benefit of this notation is that it simplifies the analysis of these algorithms. The [math]\displaystyle{ e^{c(\ln n)^\alpha(\ln\ln n)^{1-\alpha}} }[/math] expresses the dominant term, and the [math]\displaystyle{ e^{o(1)(\ln n)^\alpha(\ln\ln n)^{1-\alpha}} }[/math] takes care of everything smaller.

When [math]\displaystyle{ \alpha }[/math] is 0, then

[math]\displaystyle{ L_n[\alpha,c] = L_n[0, c] = e^{(c + o(1)) \ln\ln n} = (\ln n)^{c + o(1)}\, }[/math]

is a polylogarithmic function (a polynomial function of ln n);

When [math]\displaystyle{ \alpha }[/math] is 1 then

[math]\displaystyle{ L_n[\alpha,c] = L_n[1, c] = e^{(c + o(1)) \ln n} = n^{c + o(1)}\, }[/math]

is a fully exponential function of ln n (and thereby polynomial in n).

If [math]\displaystyle{ \alpha }[/math] is between 0 and 1, the function is subexponential of ln n (and superpolynomial).

Examples

Many general-purpose integer factorization algorithms have subexponential time complexities. The best is the general number field sieve, which has an expected running time of

[math]\displaystyle{ L_n[1/3, c] = e^{(c+o(1))(\ln n)^{1/3}(\ln \ln n)^{2/3}} }[/math]

for [math]\displaystyle{ c = (64/9)^{1/3} \approx 1.923 }[/math]. The best such algorithm prior to the number field sieve was the quadratic sieve which has running time

[math]\displaystyle{ L_n[1/2, 1] = e^{(1+o(1))(\ln n)^{1/2}(\ln \ln n)^{1/2}}.\, }[/math]

For the elliptic curve discrete logarithm problem, the fastest general purpose algorithm is the baby-step giant-step algorithm, which has a running time on the order of the square-root of the group order n. In L-notation this would be

[math]\displaystyle{ L_n[1, 1/2] = n^{1/2+o(1)}.\, }[/math]

The existence of the AKS primality test, which runs in polynomial time, means that the time complexity for primality testing is known to be at most

[math]\displaystyle{ L_n[0, c] = (\ln n)^{c+o(1)}\, }[/math]

where c has been proven to be at most 6.[1]

History

L-notation has been defined in various forms throughout the literature. The first use of it came from Carl Pomerance in his paper "Analysis and comparison of some integer factoring algorithms".[2] This form had only the [math]\displaystyle{ c }[/math] parameter: the [math]\displaystyle{ \alpha }[/math] in the formula was [math]\displaystyle{ 1/2 }[/math] for the algorithms he was analyzing. Pomerance had been using the letter [math]\displaystyle{ L }[/math] (or lower case [math]\displaystyle{ l }[/math]) in this and previous papers for formulae that involved many logarithms.

The formula above involving two parameters was introduced by Arjen Lenstra and Hendrik Lenstra in their article on "Algorithms in Number Theory".[3] It was introduced in their analysis of a discrete logarithm algorithm of Coppersmith. This is the most commonly used form in the literature today.

The Handbook of Applied Cryptography defines the L-notation with a big [math]\displaystyle{ O }[/math] around the formula presented in this article.[4] This is not the standard definition. The big [math]\displaystyle{ O }[/math] would suggest that the running time is an upper bound. However, for the integer factoring and discrete logarithm algorithms that L-notation is commonly used for, the running time is not an upper bound, so this definition is not preferred.

References

  1. Hendrik W. Lenstra Jr. and Carl Pomerance, "Primality testing with Gaussian periods", preprint, 2011, http://www.math.dartmouth.edu/~carlp/aks041411.pdf.
  2. Carl Pomerance, "Analysis and comparison of some integer factoring algorithms", In Mathematisch Centrum Computational Methods in Number Theory, Part 1, pp. 89-139, 1982, http://www.math.dartmouth.edu/~carlp/PDF/analysiscomparison.pdf
  3. Arjen K. Lenstra and Hendrik W. Lenstra, Jr, "Algorithms in Number Theory", in Handbook of Theoretical Computer Science (vol. A): Algorithms and Complexity, 1991.
  4. Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996. ISBN 0-8493-8523-7. http://www.cacr.math.uwaterloo.ca/hac/.