A§†±„“u±†h C†§h¶†±« Z•o Iou•±†±í Tu«±†•

+

× × ×

+ + + + + +

xý xÔ xò

;amprasad >aptharishi

ARITHMETIC CIRCUITS

AND

IDENTITY TESTING

Thesis submitted in Partial Fulfilment of the Master of Science (M.Sc.) in Computer Science

by

Ramprasad Saptharishi

Chennai Mathematical Institute Plot HÔ SIPCOT IT Park Padur PO, Siruseri âýç Ôýç

May 2009

Abstract

We study the problem of polynomial identity testing (PIT) in arithmetic circuits. is is a fundamental problem in computational algebra and has been very well studied in the past few decades. Despite many ešorts, a deterministic polynomial time algorithm is known only for restricted circuits of depth ç. A recent result of Agrawal and Vinay show that PIT for depth ¥ circuit is almost as hard as the general case, and hence explains why there is no progress beyond depth ç. e main contribution of this thesis is a new approach to designing a polynomial time algorithm for depth ç circuits.

We rst provide the background and related results to motivate the problem. We dis- cuss the connections of PIT with arithmetic circuit lower bounds, and also briežy the re- sults in depth reduction. We then look at the deterministic algorithms for PIT on restricted circuits.

We then proceed to the main contribution of the thesis which studies the power of arithmetic circuits over higher dimensional algebras. We consider the model of ΠΣ circuits over the algebra of upper-triangular matrices and show that PIT in this model is equivalent to identity testing of depth three circuits over elds. Further we also show that ΠΣ circuits over upper-triangular matrices is computationally very weak. In the case when the underlying algebra is a constant dimensional commutative alge- bra, we present a polynomial time algorithm. PITs on arbitrary dimensional commutative algebras, however, are as hard as PIT on depth ç circuits.

us ΣΠ circuits over upper-triangular matrices, the smallest non-commutative alge- bra, captures PIT on depth ç circuits. We hope that ideas used in the commutative case would be useful to design a polynomial time identity test for depth ç circuits.

Acknowledgements

I’dlike to thank my advisor Manindra Agrawal for giving me absolute freedom regard- ing the contents of this thesis and otherwise. is independence helped me mull over the subject more and hence understand it better. Most of the work over the last two years were done at IIT Kanpur. Manindra has been extremely helpful in arranging accommodation, despite severe shortage in hostel space. e faculty and students at IITK have been very friendly. I greatly beneted from various discussions with faculty like Piyush Kurur, Somenath Biswas, Sumit Ganguly, Shashank Mehta, and all SIGTACS members. Chandan Saha, in particular, has been subjected to numerous hours of discussion, besides other torture, by me over the last two years. I’m very grateful to him, and Nitin Saxena, for having me a part of their work.

I’m deeply indebted to Chennai Mathematical Institute and the Institute of Mathemat- ical Sciences for a truly wonderful undergraduate course. My sincere thanks Madhavan Mukund, Narayan Kumar and V Vinay, who were instrumental in my decision to join CMI. My interaction with Samir Dutta, V Arvind and Meena Mahajan were also a great inspiration to make me work in complexity theory and computational algebra. S P Suresh (LKG) introduced me to logic. anks to him for enlightening discussions on research(!), also for helping me get these lovely fonts (Minion Pro and Myriad Pro (for sans-serif)) for LaTeX. Besides excellent professors, CMI is endowed with a very e›cient and ašable o›ce staš as well. Sripathy, Vijayalakshi and Rajeshwari (a.k.a Goach) do a spectacular job at administration. I’m very grateful to them for a completely hassle free stay at CMI.

anks to V Vinay for — well everything. He has been my primary motivation to do mathematics and theoretical computer science. My salutations to him, and to my aunt Subhashini, for countless pieces of advice over all these years.

Salutations to my father, L C Saptharishi for giving me complete liberty in whatever I do. He is, by far, the one who is proudest of what I am. My humble namaskarams to him, and everyone at home — amma, pati, thatha; my sister Kamakshi gets a not-an-elder version of a namaskaram.

Since it would be very di›cult to make the list exhaustive, let me just thank everyone that need be thanked.

Contents

Ô IntroductionÔ Ô.Ô Problem denition...... ç Ô.ò Current Status...... ¥ Ô.ç Circuits over algebras...... â Ô.¥ Contributions of the thesis...... Þ Ô.¥.Ô Identity testing...... Þ

Ô.¥.ò Weakness of the depth ò model over Uò(F) and Mò(F) ...... — Ô. Organization of the thesis...... À

ò Randomized Algorithms for PITÔÔ ò.Ô e Schwarz-Zippel test...... ÔÔ ò.ò Chen-Kao: Evaluating at irrationals...... Ôò ò.ò.Ô Algebraically d-independent numbers...... Ôò ò.ò.ò Introducing randomness...... Ôç ò.ò.ç Chen-Kao over nite elds...... Ôç ò.ç Agrawal-Biswas: Chinese Remaindering...... Ô¥ ò.ç.Ô Univariate substitution...... Ô¥ ò.ç.ò Polynomials sharing few factors...... Ô ò.¥ Klivans-Spielman: Random univariate substitution...... Ôâ ò.¥.Ô Reduction to univariate polynomials...... ԗ ò.¥.ò Degree reduction (a sketch)...... ÔÀ

ç Deterministic Algorithms for PIT òÔ ç.Ô e Kayal-Saxena test...... òò ç.Ô.Ô e idea...... òò ç.Ô.ò Local Rings...... òç ç.Ô.ç e identity test...... ò¥ vi Contents

ç.ò Rank bounds and ΣΠΣ(n, k, d) circuits...... òâ ç.ò.Ô Rank bounds to black-box PITs...... ò— ç.ç Saxena’s test for diagonal circuits...... òÀ

¥ Chasm at Depth ¥ çÔ ¥.Ô Reduction to depth O(log d) ...... çÔ ¥.Ô.Ô Computing degrees...... çò ¥.Ô.ò Evaluation through proof trees...... çò ¥.ò Reduction to depth ¥...... ç¥ ¥.ç Identity testing for depth ¥ circuits...... ç¥ ¥.ç.Ô Hardness vs randomness in arithmetic circuits...... ç

Depth ò Circuits Over Algebras çÀ .Ô Equivalence of PIT with ΣΠΣ circuits...... çÀ .Ô.Ô Width-ò algebraic branching programs...... ¥Ô .ò Identity testing over commutative algebras...... ¥ç .ç Weakness of the depth ò model...... ¥Þ

.ç.Ô Depth ò model over Uò(F) ...... ¥Þ .ç.ò Depth ò model over Mò(F) ...... ¥À

â Conclusion ç Introduction Ô

e interplay between mathematics and computer science demands algorithmic approaches to various algebraic constructions. e area of computational algebra addresses precisely this. e most fundamental objects in algebra are polynomials and it is natural to desire a classication based on their “simplicity”. e algorithmic approach suggests that the simple polynomials are those that can be computed easily. e ease of computation is measured in terms of the number of arithmetic operations required to compute the polynomial. is yields a very robust denition of simple (and hard) polynomials that can be studied ana- lytically. It is worth remarking that the number of terms in a polynomial is not a good measure of its simplicity. For example, consider the polynomials

fÔ(xÔ, ⋯, xn) = (Ô + xÔ)(Ô + xò)⋯(Ô + xn)

fò(xÔ, ⋯, xn) = (Ô + xÔ)(Ô + xò)⋯(Ô + xn) − xÔ − xò − ⋯ − xn.

e former has n more terms than the later, however, the former is easier to describe as well as compute. We use arithmetic circuits (formally dened in the Section Ô.Ô) to represent the compu- tation of a polynomial. is also allows us to count the number of operations required in computation. A few examples are the following:

ò ò (xÔ + xò) (xÔ + xò) (Ô + xÔ)(Ô + xò)⋯(Ô + xn)

+ × ×

ò

× × × + + + ⋯ +

xÔ xò xÔ xò Ô xÔ xò ⋯ xn

Example Ô Example ò Example ç ò Chapter Ô. Introduction

e complexity of a given polynomial is dened as the size (the number of operations) of the smallest arithmetic circuit that computes the polynomial. With this denition, how do we classify “simple” polynomials? For this, we need to de- ne the intuitive notion of “polynomials that can be computed easily”. Following standard ideas from computer science, we call any polynomial that can be computed using at most nO(Ô) operations an easy polynomial. Strictly speaking, this denition applied to an innite family of polynomials over n variables, one for each n, as otherwise every polynomial can be computed using O(Ô) operations rendering the whole exercise meaningless. However, oŸen we will omit to explicitly mention the innite family to which a polynomial belongs when talking about its complexity; the family would be obvious. e class VP is the class of low degreeÔ polynomial families that are easy in the above sense. e polynomials in VP are essentially represented by the determinant polynomial: the determinant of an n × n matrix whose entries are a›ne linear combinations of vari- ables. It is known that determinant polynomial belongs to the class VP [Sam¥ò, Ber—¥, Chi— , MVÀÞ] and any polynomial in VP over n variables can be written as a determinant polynomial of a m × m matrix with m = nO(log n) [TodÀÔ]. is provides a excellent classication of easy polynomials. Hence, any polynomial that cannot be written as a determinant of a small sized matrix is not easy. A simple counting argument shows that there exist many such polynomials. However, proving an explicitly given polynomial to be hard has turned out to be a challenging problem which has not been solved yet. In particular, the permanent polynomial, the permanent of a matrix with a›ne linear entries, is believed to be very hard to compute — requiring òΩ(n)-size circuits for an n × n matrix in general. However, there is no proof yet of this. It is not even known if it requires ω(nò) operations! A general way of classifying a given polynomial is to design an algorithm that, given a polynomial as an arithmetic circuit as input, outputs the smallest size arithmetic circuit computing the polynomial. Such an algorithm is easy to design: given an arithmetic circuit C computing a polynomial, run through all the smaller circuits D and check if any com- putes the same polynomial (this check can be performed easily as we discuss in the next paragraph). However, the algorithm is not e›cient: it will take exponential time (in the size of the given circuit) to nd the classication of a polynomial. No e›cient algorithm for this is known; further, it is believed that no e›cient algorithm exists.

ÔA polynomial is said to have low degree if its degree is less than the size of the circuit Ô.Ô. Problem denition ç

A closely related problem that occurs above is to check if given two arithmetic circuits C and D compute the same polynomial. e problem is equivalent to asking if the circuit C−D is the zero polynomial or not. is problem of checking if a circuit computes the zero polynomial is called polynomial identity testing (PIT). It turns out that this problem is easy to solve algorithmically. We give later several randomized polynomial time algorithms for solving it. Moreover, in a surprising connection, it has been found that if there is a deterministic polynomial time algorithm for solving PIT, then certain explicit polynomials are hard to compute [KIýç, Agrý ]! erefore, the solution to PIT problem has a key role in our attempt to computationally classify polynomials. In this article, we will focus on this connection between PIT and polynomial classication. We now formally dene arithmetic circuits and the identity testing problem.

Ô.Ô Problem denition

We shall x an underlying eld F.

enition Ô.Ô (Arithmetic Circuits and formulas). An arithmetic circuit is a directed acyclic graph with one sink (which is called the output gate). Each of the source vertices (which are called input nodes) are either labelled by a variable xi or an element from an underlying eld F. Each of the internal nodes are labelled either by + or × to indicate if it is an addition or multiplication gate respectively. Sometimes edges may carry weights that are elements from the eld. Such a circuit naturally computes a multivariate polynomial at every node. e circuit is said to compute a polynomial f ∈ F[xÔ, ⋯, xn] if the output node computes f . Sometimes edges may carry weights that are elements from the eld. If the underlying eld F has characteristic zero, then a circuit is said to be monotone if none of the constants are negative. An arithmetic circuit is a formula if every internal node has out-degree Ô.

Without loss of generality, the circuit is assumed to be layered, with edges only between successive layers. Further, it is assumed it consists of alternating layers of addition and multiplication gates. A layer of addition gates is denoted by Σ and that of multiplication gates by Π. ¥ Chapter Ô. Introduction

Some important parameters of an arithmetic circuit are the following:

• Size: the number of gates in the circuit

• Depth: the longest path from a leaf gate to the output gate

• Degree: the syntactic degree of the polynomial computed at the output gate. is is computed recursively at every gate in the most natural way (max of the degrees of children at an addition gate, and the sum of the degrees at a multiplication gate).

is needn’t be the degree of the polynomial computed at the output gate (owing to cancellations) but this is certainly an upper bound.

A circuit evaluating a polynomial provides a succinct representation of the polynomial. For instance, in Example ç, though the polynomial has òn terms, we have a circuit size O(n) computing the polynomial. e PIT problem is deciding if a given succinct representation is zero or not. Also, a circuit of size s can potential compute a polynomial of exponential degree. But usually in identity testing, it is assumed that the degree of the polynomial is O(n) where n is the number of variables. Most interesting polynomials, like the determinant or permanent, satisfy this property.

9roblem Ô.ò (Polynomial Identity Testing). Given an arithmetic circuit C with input vari- ables xÔ,..., xn and constants taken from a eld F, check if the polynomial computed is iden- tically zero.

e goal is to design a deterministic algorithm for PIT that runs in time polynomial in n, size of C and SFS. A much stronger algorithm is one that doesn’t look into the structure of the circuit at all, but just evaluates it at chosen input points. Such an algorithm that just uses the circuit as a “black box” is hence called a black-box algorithm.

Ô.ò Current Status

A likely candidate of a hard polynomial is the permanent polynomial. It is widely believed that it requires circuits of exponential size, but this is still open. However, progress has been made in restricted settings. Raz and Yehudayoš [RYý—] showed that monotone circuits for Ô.ò. Current Status permanent require exponential size. Nisan and Wigderson [NWÀ ] showed that “homoge- n Ω(d) neous” depth ç circuits for the òd-th symmetric polynomial requires ‰ ¥d Ž size. Shpilka and Wigderson [SWÀÀ] showed that depth ç circuits for determinant or permanent over Q require quadratic size. Over nite elds, Grigoriev and Karpinsky [GKÀ—] showed that determinant or permanent required exponential sized depth ç circuit.

As for PIT,the problem has drawn signicant attention due to its role in various elds of theoretical computer science. Besides being a natural problem in algebraic computation, identity testing has found applications in various fundamental results like Shamir’s IP = PSPACE [ShaÀý], the PCP eorem [ALM+À—] etc. Many other important results such as the AKS Primality Test [AKSý¥], check if some special polynomials are identically zero or not. Algorithms for graph matchings [LovÞÀ] and multivariate polynomial interpolation [CDGKÀÔ] also involve identity testing. Another promising role of PIT is its connection to the question of “hardness of polynomials”. It is known that strong algorithms for PIT can be used to construct polynomials that are very hard [KIýç, Agrý ]. ere is a score of randomized algorithms proposed for PIT. e rst randomized polynomial time algorithm for identity testing was given by Schwartz and Zippel [Sch—ý, ZipÞÀ]. Several other randomness-e›cient algorithms [CKÀÞ, LVÀ—, ABÀÀ, KSýÔ] came up subsequently, resulting in a signicant improvement in the number of random bits used. However, despite numerous attempts a deterministic polynomial time algorithm has re- mained unknown. Nevertheless, important progress has been made both in the designing of deterministic algorithms for special circuits, and in the understanding of why a general deterministic solution could be hard to get. Kayal and Saxena [KSýÞ] gave a deterministic polynomial time identity testing algo- rithm for depth ç (ΣΠΣ) circuits with constant top fan-in (the top addition gate has only constantly many children). When the underlying eld if Q, this was further improved to a black-box algorithm by Kayal and Saraf [KSýÀ]. Saxena [Saxý—] gave a polynomial time algorithm for a restricted form of depth ç circuits called “diagonal circuits”. As such, no polynomial time PIT algorithm is known for general depth ç circuits.

Most of the progress made appears to stop at around depth ç. A “justication” behind the hardness of PIT even for small depth circuits was provided recently by Agrawal and Vinay [AVý—]. ey showed that a deterministic polynomial time black-box identity test â Chapter Ô. Introduction for depth ¥ (ΣΠΣΠ) circuits would imply a quasi-polynomial (nO(log n)) time deterministic PIT algorithm for any circuit computing a polynomial of low degree. us, PIT for depth ¥ circuits over a eld is almost the general case. us we see that the non-trivial case for identity testing starts with depth ç circuits; whereas circuits of depth ¥ are almost the general case. us, the rst step to attack PIT is general ΣΠΣ circuits. It is natural to ask what is the complexity of PIT, if the constants of the circuit are taken from a nite dimensional algebra over F. We shall assume that the algebra is given in its basis form.

Ô.ç Circuits over algebras

e PIT problem for depth two circuits over an algebra is the following:

9roblem Ô.ç. Given an expression,

d P = M (Aiý + AiÔxÔ + ... + Ainxn) i=Ô where Ai j ∈ R, an algebra over F given in basis form, check if P is zero.

Since elements of a nite dimensional algebra, given in basis form, can be expressed as matrices over F we can equivalently write the above problem as,

9roblem Ô.¥. Given an expression,

d P = M (Aiý + AiÔxÔ + ... + Ainxn) (Ô.Ô) i=Ô where Ai j ∈ Mk(F), the algebra of k×k matrices over F, check if P is zero using poly(k⋅n⋅d) number of F-operations.

A result by Ben-Or and Cleve [BC——] shows that any polynomial computed by an arith- metic formula of size s can be computed by an expression as in Equation Ô.Ô consisting of ç × ç matrices. erefore, solving Problem Ô.¥ for k = ç is almost the general case. ere- fore, it is natural to ask how the complexity of PIT for depth ò circuits over Mò(F) relates to PIT for arithmetic circuits. Ô.¥. Contributions of the thesis Þ

In this thesis, we provide an answer to this. We show a connection between PIT of depth ò circuits over Uò(F), the algebra of upper-triangular ò × ò matrices, and PIT of depth ç circuits over elds. e reason this is a bit surprising is because we also show that, a depth ò circuit over Uò(F) is not even powerful enough to compute a simple polynomial like, xÔxò + xçx¥ + x xâ!

Ô.¥ Contributions of the thesis

A depth ò circuit C over matrices, as in Equation Ô.Ô, naturally denes a computational model. Assuming R = Mk(F) for some k, a polynomial P ∈ R[xÔ,..., xn] outputted by C can be viewed as a k × k matrix of polynomials in F[xÔ,..., xn]. We say that a polynomial ò f ∈ F[xÔ,..., xn] is computed by C if one of the k polynomials in P is f . Sometimes we would abuse terminology a bit and say that P computes f to mean the same. Our main results are of two types. Some are related to identity testing and the rest are related to the weakness of the depth ò computational model over Uò(F) and Mò(F).

Ô.¥.Ô Identity testing

We ll in the missing information about the complexity of identity testing for depth ò cir- cuits over ò × ò matrices by showing the following result.

Ceorem Ô. . Identity testing for depth ò (ΠΣ) circuits over Uò(F) is polynomial time equiv- alent to identity testing for depth ç (ΣΠΣ) circuits.

e above result has an interesting consequence on identity testing for Algebraic Branching Program (ABP) [NisÀÔ]. It is known that identity testing for non-commutative ABP can be done in deterministic polynomial time (a result due to Raz and Shpilka [RSý¥]). But no result is known for identity testing of even width-ò commutative ABP’s. e following result explains why this is the case.

orollary Ô.â. Identity testing of depth ç circuits is equivalent to identity testing of width-ò ABPs with polynomially many paths from source to sink.

Further, we give a deterministic polynomial time identity testing algorithm for depth ò circuits over any constant dimensional commutative algebra given in basis form. — Chapter Ô. Introduction

Ceorem Ô.Þ. Given an expression,

d P = M (Aiý + AiÔxÔ + ... + Ainxn) i=Ô where Ai j ∈ R, a commutative algebra of constant dimension over F that is given in basis form, there is a deterministic polynomial time algorithm to test if P is zero.

In a way, this result establishes the fact that the power of depth ò circuits is primarily de- rived from the non-commutative structure of the underlying algebra.

It would be apparent from the proof of eorem Ô. that our argument is simple in nature. Perhaps the reason why such a connection was overlooked before is that, unlike a depth ò circuit over Mç(F), we do not always have the privilege of exactly computing a polynomial over F using a depth ò circuit over Uò(F). Showing this weakness of the latter computational model constitutes the other part of our results.

Ô.¥.ò Weakness of the depth ò model over Uò(F) and Mò(F) Although eorem Ô. shows an equivalence of depth ç circuits and depth ò circuits over

Uò(F) with respect to PIT,the computational powers of these two models are very dišerent. e following result shows that a depth ò circuit over Uò(F) is computationally strictly weaker than depth ç circuits.

Ceorem Ô.—. Let f ∈ F[xÔ,..., xn] be a polynomial such that there are no two linear func- tions lÔ and lò (with Ô ∈~ (lÔ, lò), the ideal generated by lÔ and lò) which make f mod (lÔ, lò) also a linear function. en f is not computable by a depth ò circuit over Uò(F).

It can be shown that even a simple polynomial like xÔxò + xçx¥ + x xâ satises the con- dition stated in the above theorem, and hence it is not computable by any depth ò circuit over Uò(F), no matter how large! is contrast makes eorem Ô. surprising as it estab- lishes an equivalence of identity testing in two models of dišerent computational strengths.

At this point, it is natural to investigate the computational power of depth ò circuits if we graduate from Uò(F) to Mò(F). e following result hints that even such a model is severely restrictive in nature. Ô. . Organization of the thesis À

A depth ò circuit over M ( ) computes P = d (A + A x + ... + A x ) with A ∈ ò F ∏i=Ô iý iÔ Ô in n i j M ( ). Let P = d (A + A x + ... + A x ), where ℓ ≤ d, denote the partial product. ò F ℓ ∏i=ℓ iý iÔ Ô in n

enition Ô.À. A polynomial f ∈ F[xÔ,..., xn] is computed by a depth ò circuit over Mò(F) under a degree restriction of m if the degree of each of the partial products Pℓ is bounded by m.

Ceorem Ô.Ôý. ere exists a class of polynomials of degree n that cannot be computed by a depth ò circuit over Mò(F), under a degree restriction of n.

e motivation for imposing a condition like degree restriction comes very naturally from depth ò circuits over Mç(F). Given a polynomial f = ∑i mi, where mi’s are the monomials of f , it is easy to construct a depth ò circuit over Mç(F) that literally forms these monomials and adds then one by one. is computation is degree restricted, if we extend our denition of degree restriction to Mç(F). However, the above theorem sug- gests that no such scheme to compute f would succeed over Mò(F).

;emark- By transferring the complexity of an arithmetic circuit from its depth to the di- mension of the underlying algebras while xing the depth to ò, our results provide some ev- idence that identity testing for depth ç circuits appears to be mathematically more tractable than depth ¥ circuits. Besides, it might be possible to exploit the properties of these un- derlying algebras to say something useful about identity testing. A glimpse of this indeed appears in our identity testing algorithm over commutative algebras.

Ô. Organization of the thesis

In chapterò, we look at some randomized algorithms for identity testing. We then proceed to some deterministic algorithms for restricted circuits in chapterç. Chapter¥ covers the result by Agrawal and Vinay[AVý—] to help understand why depth ¥ circuits are “as hard as it can get”. We then move to study circuits over algebras, the main contribution of the thesis, in chapter , and then conclude in chapterâ. Ôý Chapter Ô. Introduction Randomized Algorithms for PIT ò

ough deterministic algorithms for PIT have remained elusive, a number of randomized solutions are available. Quite an extensive study has been made on reducing the number of random bits through various techniques. In this chapter, we shall inspect a few of them. We start with the simplest and the most natural test.

ò.Ô e Schwarz-Zippel test

e Schwarz-Zippel test is the oldest algorithm for PIT. e idea of the test is that, if the polynomial computed is non-zero then the value of the polynomial at a random point would probably be non-zero too. is intuition is indeed true.

(emma ò.Ô. [Sch—ý, ZipÞÀ]Let p(xÔ, ⋯, xn) be a polynomial over F of total degree d. Let S be any subset of F and let aÔ, ⋯, an be randomly and independently chosen from S. en, d Pr [p(aÔ, aò, ⋯, an) = ý] ≤ aÔ ,⋯,an SSS Proof. e proof proceeds by induction on n. For the base case when n = Ô, we have a univariate polynomial of degree d and hence has at most d roots. erefore, the probability that p(a) = ý at a randomly chosen a is at most d . SSS ò k For n > Ô, rewrite p(xÔ, ⋯, xn) = pý + pÔxn + pòxn⋯pk xn where each pi is a polynomial over the variables xÔ, ⋯, xn−Ô and k is the degree of xn in p. en,

Pr[p(aÔ, ⋯, an) = ý] ≤ Pr[p(aÔ, ⋯, an−Ô, xn) = ý]

+ Pr[p(aÔ, ⋯, an) = ýSp(aÔ, ⋯, an−Ô, xn) ≠ ý]

≤ Pr[pk(aÔ, ⋯, an−Ô) = ý]

+ Pr[p(aÔ, ⋯, an) = ýSp(aÔ, ⋯, an−Ô, xn) ≠ ý] d − k k d ≤ + = SSS SSS SSS Ôò Chapter ò. Randomized Algorithms for PIT

d If we wish to get the error less than ε, then we need a set S that is as large as ε . Hence, d the total number of random bits required would be n ⋅ log ε .

ò.ò Chen-Kao: Evaluating at irrationals

Let is consider the case where the circuit computes an integer polynomial. We wish to derandomize the Schwarz-Zippel test by nding out a small number of special points on which we can evaluate and test if the polynomial is non-zero. Suppose the polynomial was univariate, can we nd out a single point on which we can evaluate to test if it is non-zero? Indeed, if we evaluate it at some transcendental number like π; p(π) = ý for an integer polynomial if and only if p = ý. More generally, if we can nd suitable irrationals such that there exists no degree d multivariate relation between them, we can use those points to evaluate and test if p is zero or not. is is the basic idea in Chen-Kao’s paper [CKÀÞ]. However, it is infeasible to actually evaluate at irrational points since they have innitely many bits to represent them. Chen and Kao worked with approximations of the numbers, and introduced randomness to make their algorithm work with high probability.

ò.ò.Ô Algebraically d-independent numbers

e goal is to design an identity test for all n-variate polynomials whose degree in each variable is less than d. e following denition is precisely what we want for the identity test.

enition ò.ò (Algebraically d-independence). A set of number {πÔ, ⋯, πn} is said to be algebraically d-independent over F if there exists no polynomial relation p(πÔ, ⋯, πn) = ý over F with the degree of p(xÔ, ⋯, xn) in each variable bounded by d. It is clear that if we can nd such a set of numbers then this is a single point that would be non-zero at all non-zero polynomials with degree bounded by d. e following lemma gives an explicit construction of such a point.

(emma ò.ç. Set k = log(d + Ô) and K = nk. Let pÔÔ, pÔò, ⋯, pÔk , pòk⋯, pnk be rst K distinct √ primes and let π = k p . en {π , ⋯, π } is algebraically d-independent. i ∑j=Ô i j Ô n √ √ Proof. Let Aý = Bý = Q and inductively dene Ai = Ai−Ô(πi) and Bi = Bi−Ô( piÔ, ⋯, pik).

We shall prove by induction that An = Bn. Of course it is clear when i = ý. Assuming that ò.ò. Chen-Kao: Evaluating at irrationals Ôç

Ai−Ô = Bi−Ô, we now want to show that Ai = Bi. It is of clear that Ai ⊆ Bi. Since none of √ k the square roots ™ pi jž lie in Bi Ô, we have that Bi is a degree ò extension over Bi Ô. And √ j − − ′ if πi = ∑j α j pi j where each α j = ±Ô, we have an automorphism of Ai that xes Ai−Ô and ′ k sends π to πi. Since there are ò distinct automorphisms, we have that Ai is indeed equal k to Bi and is a ò degree extension over Ai−Ô.

Hence there is no univariate polynomial pi(x) over Ai−Ô with degree bounded by d such that pi(πi) = ý. Unfolding the induction, there is no polynomial p(xÔ, ⋯, xn) over Q with degree in each variable bounded d such that p(πÔ, ⋯, πn) = ý.

ò.ò.ò Introducing randomness

As remarked earlier, it is not possible to actually evaluate the polynomial at these irrational points. Instead we consider approximations of these irrational points and evaluate them. However, we can no longer have the guarantee that all non-zero polynomials will be non- zero at this truncated value. Chen and Kao solved this problem by introducing randomness in the construction of the πi’s. √ It is easy to observe that Lemma ò.ç would work even if each π = k α p where i ∑j=Ô i j i j each αi j = ±Ô. Randomness is introduced by setting each αi j to ±Ô independently and ′ uniformly at random, and then we evaluate the polynomial at the πis truncated to ℓ decimal places. Chen and Kao showed that if we want the error to be less than ε, we would have to O Ô choose ℓ ≥ d ( ) log n. Randomness used in this algorithm is for choosing the αi j’s and hence n log d random bits are usedÔ; this is independent of ε! erefore, to get better ac- curacy, we don’t need to use a single additional bit of randomness but just need to look at better approximations of πi’s.

ò.ò.ç Chen-Kao over nite elds

ough the algorithm that is described seems specic to polynomials over Q, they can be extended to nite elds as well. Lewin and Vadhan [LVÀ—] showed how use the same idea over nite elds. Just like of using square root of prime numbers in Q, they use square roots of irreducible polynomials. e innite decimal expansion is paralleled by the innite

Ô In fact, if the degree in xi is bounded by di , then ∑i log(di + Ô) random bits would be su›cient Ô¥ Chapter ò. Randomized Algorithms for PIT power series expansion of the square roots, with the approximation as going modulo xℓ. Lewin and Vadhan achieve more or less the exact same parameters as in Chen-Kao and involves far less error analysis as they are working over a discrete nite eld. ey also present another algorithm that works over integers by considering approximations over p-adic numbers, i.e. solutions modulo pℓ. is again has the advantage that there is little error analysis.

ò.ç Agrawal-Biswas: Chinese Remaindering

Agrawal and Biswas [ABÀÀ] presented a new approach to identity testing via Chinese re- maindering. is algorithm works in randomized polynomial time in the size of the circuit and also achieves the time-error tradeoš as in the algorithm by Chen and Kao. It works over all elds but we present the case when it is a nite eld Fq. e algorithm proceeds in two steps. e rst is a deterministic conversion to a univari- ate polynomial of exponential degree. e second part is a novel construction of a sample space consisting of “almost coprime” polynomials that is used for chinese remaindering.

ò.ç.Ô Univariate substitution

Let f (xÔ, ⋯, xn) be the polynomial given as a circuit of size s. Let the degree of f in each variable be less than d. e rst step is a conversion to a univariate polynomial of exponen- tial degree that maps distinct monomials to distinct monomials. e following substitution achieves this d i xi = y

laim ò.¥. Under this substitution, distinct monomials go to distinct monomials.

dÔ dn Proof. Each monomial of f is of the form xÔ ⋯xn where each di < d. Hence each mono- mial can be indexed by d-bit number represented by ⟨dÔ, ⋯, dn⟩ and this is precisely the exponent it is mapped to.

Let the univariate polynomial thus produced by P(x) and let the degree be D. We now wish to test that this univariate polynomial is non-zero. is is achieved by picking ò.ç. Agrawal-Biswas: Chinese Remaindering Ô a polynomial g(x) from a suitable sample space and doing all computations in the circuit modulo g(x) and return zero if the polynomial is zero modulo g(x). Suppose these g(x)’s came from a set such that the lcm of any ε fraction of them has degree at least D, then the probability of success would be Ô − ε. One way of achieving this is to choose a very large set of mutually coprime polynomials say ™(z − α) ∶ α ∈ Fqž. But if every epsilon fraction of them must have an lcm of degree D, then the size of the sample D space must be at least ε . is might force us to go to an extension eld of Fq and thus require additional random bits. Instead, Agrawal and Biswas construct a sample space of polynomials that share very few common factors between them which satises the above property.

ò.ç.ò Polynomials sharing few factors

We are working with the eld Fq of characteristic p. For a prime number r, let Qr(x) = Ô + x + ⋯ + xr−Ô. Let ℓ ≥ ý be a parameter that would be xed soon. For a sequence of bits bý, ⋯, bℓ−Ô ∈ {ý, Ô} and an integer t ≥ ℓ, dene

ℓ−Ô t i Ab,t(x) = x + Q bi x i=ý Tr,b,t(x) = Qr(Ab,t(x))

e space of polynomials consists of Tr,b,t for all values of b, having suitably xed r and t.

(emma ò. . Let r ≠ p be a prime such that r does not divide any of q − Ô, qò − Ô, ⋯, qℓ−Ô − Ô.

en, Tr,b,t(x) does not have any factor of degree less than ℓ, for any value of b and t.

Proof. Let U(x) be an irreducible factor of Tr,b,t(x) of degree δ and let α be a root of U(x).

en, Fq(α) is an extension eld of degree δ. erefore, Qr(Ab,t(α)) = ý as U(x) divides r Tr,b,t(x). If β = Ab,t(α), then Qr(β) = ý. Since r ≠ p, we have β ≠ Ô. And β = Ô in Fqδ therefore r S qδ − Ô which forces δ ≥ ℓ.

(emma ò.â. Let r be chosen as above. en for any xed t, a polynomial U(x) can divide

Tr,b,t(x) for at most r − Ô many values of b.

Proof. Let U(x) be an irreducible polynomial that divides Tr,bÔ,t(x), ⋯, Tr,bk ,t(x) and let the degree of U(x) be δ. As earlier, consider the eld extension Fqδ = Fq(α) where α is a root of U(x). en, Abi ,t(α) is a root of Qr(x) for every Ô ≤ i ≤ k. Ôâ Chapter ò. Randomized Algorithms for PIT

Suppose A (α) = A ′ (α) for b ≠ b′, then α is a root of A (x) − A ′ (x) which bi ,t bi ,t i i bi ,t bi ,t whose degree is less than ℓ. is isn’t possible as U(x) is the minimum polynomial of α and by Lemma ò. must have degree at least ℓ. erefore, {Ab ,t(α)} are infact distinct i Ô≤i≤k roots of Qr(x). Hence clearly k ≤ r − Ô.

(emma ò.Þ. Let r be chosen as above and let t be xed. en, the lcm of any K polynomials from the set has degree at least K ⋅ t.

Proof. e degree of the product of any K of them is K ⋅ t ⋅ (r − Ô). And by Lemma ò.â, any U(x) can be a factor of at most r − Ô of them and hence the claim follows.

e algorithm is now straightforward:

Ô Ô. Set parameters ℓ = log D and t = max ™ℓ, ε ž.

ò. Let r is chosen as the smallest prime that doesn’t divide any of p, q − Ô, qò − Ô, ⋯, qℓ−Ô − Ô.

ç. Let bý, bÔ, ⋯, bℓ−Ô be randomly and uniformly chosen from {ý, Ô}.

¥. Compute P(x) modulo Tr,b,t(x) and accept if and only if P(x) = ý mod Tr,b,t(x).

Since P(x) was obtained from a circuit of size S, we have D ≤ òs. It is easy to see that the Ô algorithm runs in time poly ‰s, ε , qŽ, uses log D random bits and is correct with probability at least Ô − ε.

;emark: Saha [Sahý—] observed that there is a deterministic algorithm to nd an irre- ducible polynomial g(x) over Fq of degree roughly d in poly(d, log q) time. erefore, by going to a suitable eld extension, we may even use a sample space of coprime polynomials t Ô of the form x + α and choose t = ε to bound the error probability by ε. is also uses only log D random bits and the achieves a slightly better time complexity.

ò.¥ Klivans-Spielman: Random univariate substitution

All the previous randomized discussed uses Ω(n) random bits. It is easy to see that iden- tity testing for n-variate polynomials of degree bounded by total d need Ω(d log n) ran- dom bits. For polynomials with m monomials, one can prove a lower bound of Ω(log m). ò.¥. Klivans-Spielman: Random univariate substitution ÔÞ

Klivans and Spielman [KSýÔ] present a randomized identity test that uses O(log(mnd)) random bits which works better than the earlier algorithms if m was subexponential.

e idea is to reduce the given multivariate polynomial f (xÔ, ⋯, xn) to a univariate polynomial whose degree is not too large. is reduction will be randomized and the re- sulting univariate polynomial would be non-zero with probability Ô − ε if the polynomial was non-zero to begin with. r One possible approach is to just substitute xi = y i for each i where ri’s are randomly chosen in a suitable range. is indeed works due to the following lemma. e original ver- sion of the Isolation lemma was by Mulmuley, Vazirani and Vazirani which isolates a single element of a family of sets. eir lemma was extended by Chari, Rohatgi and Srinivasan [CRSÀ ] where they show that the number of random bits could be reduced if the size of the family was small. A multi-set version has been proposed by many people through a proof that closely follows the original proof of Mulmuley, Mulmuley and Vazirani. Here we present the version in the paper by Klivans and Spielman.

ò.— (Isolation Lemma). Let F be a family of distinct linear forms { n c x } where (emma ∑i=Ô i i each ci is an integer less than C. If each xi is randomly set to a value in {Ô, ⋯, Cn~ε}, then with probability at least Ô − ε there is a unique linear form of minimum value.

Proof. For any xed assignment, an index i is said to be singular if there are two linear forms in F with dišerent coe›cients of xi that attain minimum value under this assign- ment. It is clear that if there are no singular indices, then there is a unique linear form of minimum value.

Consider an assignment for all variables other than xi. is makes the value of each linear form a linear function of xi. Partition F into sets Sý, ⋯, SC depending on what the coe›cient of xi is. In each set, the minimum value would be attained by polynomials with the smallest constant term. For each class St, choose one such representative and let its weight be at xi + bt.

Now randomly assign xi to a value in {Ô, ⋯, Cn~ε}.e index i would be critical if and only if there are two representatives of dišerent classes that give the same value aŸer as- signment of xi. is means that xi must be set to one of the critical points of the following piece-wise linear function:

w(xi) = min {at xi + bt} ý≤t≤C ԗ Chapter ò. Randomized Algorithms for PIT

Clearly, there can be at most C many such critical points. erefore, there are at most C values of xi that makes an index singular and hence the probability that an assignment makes i singular is at most C = ε . A union bound over indices completes the proof. Cn~ε n

e isolation lemma gives a simple randomized algorithm for identity testing of poly- r nomials whose degree in each variable is bounded by d: make the substitution xi = y i for

dÔ dn di ri ri ∈ {Ô, ⋯, dn~ε}. Each monomial xÔ ⋯xn is now mapped to y∑ . Since ri’s are chosen at random, there is a unique monomial which has least degree and hence is never cancelled. dn However, the number of random bits required is n log ‰ ε Ž. Klivans and Spielman use a mnd dišerent reduction to univariate polynomials which uses O ‰log ‰ ε ŽŽ random bits where m is the number of monomials. is technique closely parallels ideas in the work by Chari, Rohatgi and Srinivasan. Just as Chari et al wish to isolate a single element from a family of sets, Klivans and Spielman try to isolate a single monomial. e ideas are very similar.

ò.¥.Ô Reduction to univariate polynomials

Let t be a parameter that shall be xed later. Pick a prime p larger than t and d. e reduction picks a k at random from {ý, ⋯, p − Ô} and makes the following substitution:

ai i xi = y where ai = k mod p

(emma ò.À. Let f (xÔ, ⋯, xn) be a non-zero polynomial whose degree is bounded by d. en, each monomial of f is mapped to dišerent monomials under the above substitution, with mò n probability at least ‰Ô − t Ž.

αÔ αn βÔ βn Proof. Suppose not. Let xÔ ⋯xn and xÔ ⋯xn be two xed monomials. If these two are i i mapped to the same value, then ∑ αi k = ∑ βi k mod p. And two dišerent polynomials of degree n, which they are as p > d, can agree at at most n points. erefore the probability of n choosing such a k is hence at most t . A union bound over all pairs of monomials completes the proof.

mò n If we want the error to be less than ε, then choose t ≥ ε . is would make the nal mònd degree of the polynomial bounded by ε on which we can use a Schwarz-Zippel test by going to a large enough extension. Klivans and Spielman deal with this large degree (since it depends on m) by using the Isolation Lemma. We now sketch the idea. ò.¥. Klivans-Spielman: Random univariate substitution ÔÀ

ò.¥.ò Degree reduction (a sketch)

e previous algorithm described how a multivariate polynomial can be converted to a univariate polynomial while still keeping each monomial separated. Now we look at a small modication of that construction that uses the Isolation lemma to isolate a single non-zero monomial, if present. a e earlier algorithm made the substitution xi = y i for some suitable choice of ai. Let us assume that each ai is a q bit number and let ℓ = O(log(dn)). Represent each ai in base òℓ as q ℓ ‰ −Ԏℓ ai = biý + biÔò + ⋯ + b q Ô ò ℓ i‰ ℓ − Ž e modied substitution is the following:

i Ô. Pick k at random from {ý, ⋯, p − Ô} and let ai = k mod p.

ℓ ò. Represent ai in base ò as above.

ç. Pick rý, ⋯, r q Ô values independently and uniformly at random from a small range ℓ − {Ô, ⋯, R}.

ci ¥. Make the substitution xi = y where ci = biýrý + biÔrÔ + ⋯ + b q Ô r q Ô. i‰ ℓ − Ž ℓ − AŸer this substitution, each monomial in the polynomial is mapped to a power of y where the power is a linear function over ri’s.

laim ò.Ôý. Assume that the choice of k is a positive candidate in Lemma ò.À. en, under the modied substitution, dišerent monomials are mapped to exponents that are dišerent linear functions of the ri’s.

iℓ Proof. A particular assignment of the ri’s, namely ri = ò maps is precisely the mapping in Lemma ò.À and by assumption produces dišerent values. Hence, the linear functions have to be distinct.

erefore, each exponent of y in the resulting polynomial is a distinct linear function of the ri’s. It is a simple calculation to check that the coe›cients involved are poly(n, d) and we can choose our range {Ô, ⋯, R} appropriately to make sure that the Isolation Lemma guarantees a unique minimum value linear form. is means that the exponent of least degree will be contributed by a unique monomial and hence the resulting polynomial is òý Chapter ò. Randomized Algorithms for PIT

Ô non-zero. e degree of the resulting polynomial is poly ‰n, d, ε Ž and the entire reduction mnd uses only O ‰log ‰ ε ŽŽ random bits.

We now proceed to study some deterministic algorithms for PIT. Deterministic Algorithms for PIT ç

In this chapter we look at deterministic algorithms for PIT for certain restricted circuits. Progress has been only for restricted version of depth ç circuits.

Easy cases

Depth ò circuits can only compute “sparse” polynomials, i.e. polynomials with few (poly- nomially many) monomials in them. In fact PIT of any circuit, not just depth ò, that computes a sparse polynomial can be solved e›ciently. e following observation can be directly translated to a polynomial time algorithm.

0bservation ç.Ô. Let p(xÔ, ⋯, xn) be a non-zero polynomial whose degree in each variable is less than d and the number of monomials is m. en there exists an r ≤ (mn log d)ò such that p ‰Ô, y, yd , ⋯, ydn−Ô Ž ≠ ý mod yr − Ô

Proof. We know that q(y) = p ‰Ô, y, yd , ⋯, ydn−Ô Ž is a non-zero polynomial and let ya be a non-zero monomial in p. If p = ý mod yr − Ô, then there has to be another monomials yb = ya mod yr − Ô and this is possible if and only if r S b − a. is would not happen if r was chosen such that r ∤ M (b − a) ≤ dnm = R. yb ∈q(y) Since R has at most log R = mn log d prime factors, and since we’dencounter at least log R+Ô in the range Ô ≤ r ≤ (mn log d)ò it is clear that at least one such r we’d get q(y) ≠ ý mod yr − Ô.

Several black-box tests have also been devised for depth ò circuits but considerable progress has been made for restricted depth ç circuits as well. òò Chapter ç. Deterministic Algorithms for PIT

e case when root is a multiplication gate is easy to solve. is is because the polyno- mial computed by a ΠΣΠ circuit is zero if and only if one of the addition gates compute the zero polynomial. erefore, it reduces to depth ò circuits. us, the non-trivial case is ΣΠΣ circuits. PIT for general ΣΠΣ circuits is still open but polynomial time algorithms are known for restricted versions.

ç.Ô e Kayal-Saxena test

Let C be a ΣΠΣ circuit over n variables and degree d such that the top addition gate has k children. For sake of brevity, we shall refer to such circuits as ΣΠΣ(n, k, d) circuits. Kayal and Saxena [KSýÞ] presented a poly(n, dk , SFS) algorithm for PIT. Hence, for the case when the top fan-in is bounded, this algorithm runs in polynomial time.

ç.Ô.Ô e idea

Let C be the given circuit, with top fan-in k, that computes a polynomial f . erefore, f = T + ⋯ + T where each T = d L is a product of linear forms. Fix an ordering of Ô k i ∏j=Ô i j the variables to induce a total order ⪯ on the monomials. For any polynomial g, let LM(g) denote the leading monomial of g. We can assume without loss of generality that

LM(TÔ) ⪰ LM(Tò) ⪰ ⋯ ⪰ LM(Tk)

If f is zero then the coe›cient of the LM( f ) must be zero, and this can be checked easily.

Further, if we are able to show that f ≡ ý mod TÔ, then f = ý. And this would be done by induction on k.

Let us assume that TÔ consists of distinct linear forms. erefore by Chinese Remainder

eorem, f ≡ ý mod TÔ if and only if f ≡ ý mod LÔi for each i. To check if f ≡ ý mod L for some linear form L, we replace L by variable xÔ and transform the rest to make it an invertible transformation. us the equation reduces to the form f mod x ∈ F[xÔ,⋯,xn] = Ô xÔ F[xò, ⋯, xn]. e polynomial f mod xÔ is now a ΣΠΣ circuit with top fan-in k − Ô (as

TÔ ≡ ý mod xÔ), and using induction, can be checked if it is zero. Repeating this for every

LÔi, we can check if f is identically zero or not. ç is method fails if TÔ happens to have repeated factors. For e.g., if TÔ = xÔ xò, we should ç F[xÔ,⋯,xn] instead be checking if f mod xÔ and f mod xò are zero or not. Here f mod xÔ ∈ = xÔ ç.Ô. e Kayal-Saxena test òç

F[xÔ] Š  [xò, ⋯, xn] is a polynomial over a local ring. us, in the recursive calls, we would xÔ be over a local ring rather than over the eld. erefore, we need to make sure that Chinese Remaindering works over local rings; Kayal and Saxena showed that it indeed does.

ç.Ô.ò Local Rings

We shall now look at a few properties that local rings inherit from elds.

enition ç.ò. (Local ring) A ring R is said to be local if it contains a unique maximal ideal. is unique maximal ideal M is the ideal of all nilpotent elements.

act ç.ç. Every element a ∈ R can be written uniquely as α + m where α ∈ F and m ∈ M.

is therefore induces a natural homomorphism gφ ∶ R Ð→ F such that φ(a) = α, which can also be liŸed as φ ∶ R[xÔ, ⋯, xn] Ð→ F[xÔ, ⋯, xn]. e following lemma essentially states that Chinese Remaindering works over local rings as well.

(emma ç.¥. [KSýÞ] Let R be a local ring over F and let p, f , g ∈ R[zÔ, ⋯, zn] be multivariate polynomials such that φ( f ) and φ(g) are coprime.

If p ≡ ý mod f and p ≡ ý mod g then p ≡ ý mod f g

Proof. Let the total degree of f and g be d f and dg. Without loss of generality, using a suitable invertible transformation on the variables, we can assume that the coe›cients of

d f dg xn and xn in f and g respectively are units.

inking of f and g as univariate polynomials R(xÔ, ⋯, xn−Ô)[xn] (the ring of frac- tions), we have φ( f ) and φ(g) coprime over F(xÔ, ⋯, xn−Ô) as well. Hence, there exists a, b ∈ F(xÔ, ⋯, xn−Ô) such that aφ( f ) + bφ(g) = Ô. is can be re-written as

a f + bg = Ô mod R(xÔ, ⋯, xn−Ô)[xn]~M where M = {r ∶ r ∈ R(xÔ, ⋯, xn−Ô)[xn] is nilpotent}. Since M is nilpotent, let t be such that Mt = ý. Using repeated applications of Hensel liŸing, the above equation becomes

∗ ∗ ∗ ∗ t a f + b g = Ô mod R(xÔ, ⋯, xn−Ô)[xn]~M

= Ô mod R(xÔ, ⋯, xn−Ô)[xn] ò¥ Chapter ç. Deterministic Algorithms for PIT

And there exists a m ∈ M such that a∗ f + b∗ g = Ô + m, which is invertible. Setting a′ = a∗(Ô + m)−Ô and b′ = b∗(Ô + m)−Ô, we get

′ ′ a f + b g = Ô in R(xÔ, ⋯, xn−Ô)[xn]

p = ý mod f

Ô⇒ p = f q for q ∈ R(xÔ, ⋯, xn)[xn] Ô⇒ f q = ý mod g Ô⇒ q = ý mod g

Ô⇒ q = gh for h ∈ R(xÔ, ⋯, xn)[xn]

Ô⇒ p = f gh in R(xÔ, ⋯, xn−Ô)[xn]

Since p, f , g are polynomials in R[xÔ, ⋯, xn] and f , g monic, by Gauss’s lemma we have

p = f gh in R[xÔ, ⋯, xn] itself.

We are now set to look at the identity test.

ç.Ô.ç e identity test

Let C be a ΣΠΣ arithmetic circuit, with top fan-in k and degree d computing a polyno- mial f . e algorithm is recursive where each recursive call decreases k but increases the dimension of the base ring (which is F to begin with).

Input

e algorithm takes three inputs:

• A local ring R over a eld F with the maximal ideal M presented in its basis form. e initial setting is R = F and M = ⟨ý⟩.

• A set of k coe›cients ⟨βÔ, ⋯, βk⟩, with βi ∈ R for all i.

• A set of k terms ⟨TÔ, ⋯, Tk⟩. Each Ti is a product of d linear functions in n variables over R. at is, T = d L . i ∏j=Ô i j ç.Ô. e Kayal-Saxena test ò

Output

Let p(xÔ, ⋯, xn) = βÔTÔ + ⋯, βk Tk. e output, ID(R, ⟨βÔ, ⋯, βk⟩ , ⟨TÔ, ⋯, Tk⟩) is YES if and only if p(xÔ, ⋯, xn) = ý in R.

Algorithm

Step Ô: (Rearranging Ti’s) If necessary, rearrange the Ti’s to make sure that

LM(TÔ) ⪰ ⋯ ⪰ LM(Tk)

Also make sure that coe›cient of LM(TÔ) is a unit.

Step ò: (Single multiplication gate) If k = Ô, we need to test if βÔTÔ = ý in R. Since the leading coe›cient of TÔ is a unit, it su›ces to check if βÔ = ý.

Step ç: (Checking if p = ý mod TÔ) Write TÔ as a product of coprime factors, where each factor is of the form

S = (l + mÔ)(l + mò)⋯(l + mt) where l ∈ F[xÔ, ⋯, xn] and mi ∈ M for all i. For each such factor S, do the following:

Step ç.Ô: (Change of variables) Apply an invertible linear transformation σ on the vari- ables to make convert l to xÔ. us, S divides p if and only if σ(S) divides σ(p).

Step ç.ò: (Recursive calls) e new ring R′ = R[xÔ]~(σ(S)) which is a local ring as well. For ò ≤ i ≤ k, the transformation σ might convert some of the factors of Ti to an ′ ′ ′ element of R . Collect all such ring elements of σ(Ti) as γi ∈ R and write σ(Ti) = γi Ti . ′ ′ ′ Recursively call ID(R , ⟨βòγò, ⋯, βkγk⟩ , aTò , ⋯, Tkf). If the call returns NO, exit and output NO.

Step ¥: Output YES.

Ceorem ç. . e algorithm runs in time poly(dim R, n, dk) outputs YES if and only if p(xÔ, ⋯, xn) = ý in R.

Proof. e proof is an induction on k. e base case when k = Ô is handled in step ò. For k ≥ ò, let TÔ = SÔSò⋯Sm. By induction we verify in step ç if p(xÔ, ⋯, xn) = ý mod Si for each òâ Chapter ç. Deterministic Algorithms for PIT

Si. erefore, by Lemma ç.¥ we have p(xÔ, ⋯, xn) = ý mod TÔ. Since p = ∑ Ti, the leading monomial in TÔ and p are the same. But since we also checked that the coe›cient of the leading monomial is zero, p has to be zero. For the running time analysis, let r be the dimension of the ring R. In every recursive call, k decreases by Ô and the dimension of the ring R grows by a factor of at most R′. If

T(r, k) is the time taken for ID(R, ⟨βÔ, ⋯, βk⟩ , ⟨TÔ, ⋯, Tk⟩), we have the recurrence

T(r, k) ≤ d ⋅ T(dr, k − Ô) + poly(n, dk , r) which is poly(n, dk , r).

is completes the Kayal-Saxena identity test for ΣΠΣ circuits with bounded top fan- in.

ç.ò Rank bounds and ΣΠΣ(n, k, d) circuits

e rank approach asks the following question: if C is a ΣΠΣ circuit that indeed computes the zero polynomial, then how many variables does it really depend on? To give a reason- able answer, we need to assume that the given circuit is not “redundant” in some ways.

enition ç.â (Minimal and simple circuits). A ΣΠΣ circuit C = PÔ + ⋯ + Pk is said to be minimal if no proper subset of {P } sums to zero. i Ô≤i≤k e circuit is said to be simple there is no non-trivial common factor between all the Pi’s.

enition ç.Þ (Rank of a circuit). For a given circuit ΣΠΣ circuit, the rank of the circuit is the maximum number of independent linear functions that appear as a factor of any product gate.

Suppose we can get an upper-bound R on the rank of any minimal and simple ΣΠΣ(n, k, d) circuit computing the zero polynomial. en we have a partial approach towards identity testing.

Ô. If k is a constant, it can be checked recursively if C is simple and minimal.

ò. Compute the rank r of the circuit C.

ç. If the r < R is small, then the circuit is essentially a circuit on just R variables. We can check in dR time if C is zero or not. ç.ò. Rank bounds and ΣΠΣ(n, k, d) circuits òÞ

¥. If the rank is larger than the upper-bound then the circuit computes a non-zero poly- nomial.

is was infact the idea in Dvir and Shpilka’s nO(log n) algorithm [DSý ] for ΣΠΣ cir- cuits of bounded top fan-in (before the algorithm by Kayal and Saxena [KSýÞ]). It was conjectured by Dvir and Shpilka that R(k, d) is a polynomial function of k alone. How- ever, Kayal and Saxena [KSýÞ] provided a counter-example over nite elds. Karnin and Shpilka showed how rank bounds can be turned into black-box identity tests.

Ceorem ç.—. [KSý—] Fix a eld F. Let R(k, d) be an integer such that every minimal, simple ΣΠΣ(n, k, d) circuit computing the zero polynomial has rank at most R(k, d). en, there is a black-box algorithm to test if a given ΣΠΣ(n, k, d) circuit is zero or not, in deterministic time poly(dR(k,d), n).

We’ll see the proof of this theorem soon but we rst look at some consequences of the above theorem with some recent developments in rank bounds. Saxena and Seshadri recently showed rank upper bounds that are almost tight.

Ceorem ç.À. [SSýÀ] Let C be a minimal, simple ΣΠΣ(n, k, d) circuit that is identically zero. en, rank(C) = O(kç log d). And there exist identities with rank Ω(k log d).

Using the bound by Saxena and Seshadri, this gave a nO(log n) black-box test for depth ç circuits with bounded top fan-in.

ough the conjecture of Dvir and Shpilka was disproved over nite elds, the ques- tion remained if R(k, d) is a function of k alone over Q or R. is was answered in the a›rmative by Kayal and Saraf [KSýÀ] very recently.

Ceorem ç.Ôý. [KSýÀ] Every minimal, simple ΣΠΣ(n, k, d) circuit with coe›cients from R that computes the zero polynomial has rank bounded by çk((k + Ô)!) = òO(k log k).

is, using with eorem ç.—, gives a black-box algorithm for ΣΠΣ circuits with bounded top fan-in.

Ceorem ç.ÔÔ. [KSýÀ] ere is a deterministic black-box algorithm for ΣΠΣ(n, k, d) circuits O(k log k) over Q, running in time poly(dò , n).

We now see how rank bounds can be converted to black-box PITs ò— Chapter ç. Deterministic Algorithms for PIT

ç.ò.Ô Rank bounds to black-box PITs

e proof of eorem ç.— crucially uses the following Lemma by Gabizon and Raz [GRý ].

(emma ç.Ôò. [GRý ] For integers n ≥ t > ý and an element α ∈ F, dene the linear trans- formation ⎡ ⎤ ⎡ ⎤ ⎢ ò n−Ô ⎥ ⎢ ⎥ ⎢ Ô α α ⋯ α ⎥ ⎢ xÔ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ò ¥ ò(n−Ô) ⎥ ⎢ ⎥ ⎢ Ô α α ⋯ α ⎥ ⎢ xò ⎥ φα,t,n(xÔ, ⋯, xn) = ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⋮ ⋮ ⋮ ⋱ ⋮ ⎥ ⎢ ⋮ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ t òt t(n−Ô) ⎥ ⎢ ⎥ ⎣ Ô α α ⋯ α ⎦ ⎣ xn ⎦ n Fix any number of subspaces WÔ, ⋯, Ws ⊆ F of dimension at most t. en, there are at most t+Ô s ⋅ (n − Ô) ⋅ ‰ ò Ž elements α ∈ F such for some Wi with dim(φα,t,n(Wi)) < dim(Wi). Using this lemma, we shall come up with a small set of linear transformations such that for each non-zero ΣΠΣ(n, k, d) circuit, at least one of the linear transformations continues to keep it non-zero. We’ll assume that all linear functions that appear in the circuit are linear forms i.e. they don’t have a constant term. is is because we can assume that a linear function aý + aÔxÔ + ⋯anxn is actually aýxý + ⋯anxn. We shall assume that R(k, d) is a rank bound for minimal, simple ΣΠΣ(n, k, d) circuits that evaluate to zero.

Ceorem ç.Ôç. [KSý—] Let C be a ΣΠΣ(n, k, d) circuit that is non-zero. Let S ⊆ F such that dk R(k, d) + ò SSS ≥ ‹‹  + òk ⋅ n ⋅ ‹  + Ô ò ò

en there is some α ∈ S such that Vα(C) = φα,n,R(k,d)+Ô(C) is non-zero.

Proof. Let C = TÔ + ⋯ + Tk. We shall dene sim(C) as follows: C sim(C) = gcd(TÔ, ⋯, Tk) e proof proceeds by picking up a few subspaces of linear functions of small dimension such that, if all their dimensions were preserved, then the circuit has to be non-zero aŸer the transformation. e subspaces are as follows:

Ô. For every pair of linear forms ℓi , ℓ j that appear in the circuit, let Wℓi ,ℓ j = ‰ℓi , ℓ jŽ.

ò. For every subset ∅ ≠ A ⊆ [k], dene C = T and let A ∑i∈A i

rA = min {R(k, d) + Ô, rank(sim(CA))}

Let WA be the space spanned by rA linearly independent vectors that appear in sim(CA). ç.ç. Saxena’s test for diagonal circuits òÀ

e claim is that, if each of the Wℓi ,ℓ j ’s and WA’s are preserved, then the circuit will continue to be non-zero. Suppose not. e rst observation is that the transformation cannot map two linear functions that appear in the circuit to the same linear function since it preserves Wℓi ,ℓ j ’s. Hence, we have

Vα(sim(CA)) = sim(Vα(CA)). We shall just argue on the simple part of the circuit so we shall assume that C (and hence Vα(C) as well) is simple.

If Vα(C) = ý, then the rank bound says that either Vα(C) is not minimal or we have rank(Vα(C)) ≤ R(k, d). If the rank was small, since we are preserving WA’s, and in par- ticular W[k], the circuit C has to be preserved.

Suppose the Vα(C) is not minimal. Let A be a minimal subset such that Vα(CA) =

ý with CA ≠ ý. Hence, Vα(sim(CA)) is a simple, minimal circuit that evaluates to zero and therefore has rank at most R(k, d). But the rank of WA is preserved, CA ≠ ý forces

Vα(CA) ≠ ý which is a contradiction.

Once we have obtained such a rank-preserving transformation, the circuit is now es- sentially over R(k, d) + Ô variables. An application of a brute-force Schwarz-Zippel would complete the proof of eorem ç.—.

ç.ç Saxena’s test for diagonal circuits

In this section we shall look at yet another restricted version of depth ç circuits.

enition ç.Ô¥. A ΣΠΣ circuit C is said to be diagonal if it is of the form

k ei C(xÔ, ⋯, xn) = Q ℓi where ℓi is a linear function over the variables i=Ô e idea is to reduce this problem to a PIT problem of a formula over non-commuting variables. In the setting of formulas over non-commuting variables, Raz and Shpilka [RSý¥] showed that it can be tested in deterministic polynomial time if it zero. e reduction to a non-commutative formula is by a conversion to express a multipli- d cation gate (aý + aÔxÔ + ⋯anxn) to a dual form:

d (aý + aÔxÔ + ⋯anxn) = Q f jÔ(xÔ) f jò(xò)⋯ f jn(xn) j e advantage of using the expression on the RHS is that the variables can be assumed to be non-commuting. erefore if the above conversion can achieved in polynomial time, çý Chapter ç. Deterministic Algorithms for PIT then we have a polynomial algorithm for identity testing of diagonal circuits by just making this transformation and using the algorithm by Raz and Shpilka. Saxena provides a simple way to convert a multiplication gate to its dual. We present the case when F is a eld of characteristic zero though it may be achieved over any eld.

(emma ç.Ô . [Saxý—] Let aý, ⋯, an be elements of a eld F of characteristic zero. en, in poly(n, d) many eld operations, we can compute univariate polynomials fi, j’s such that

nd+d+Ô d (aý + aÔxÔ + ⋯anxn) = Q fiÔ(xÔ) fiò(xò)⋯ fin(xn) i=Ô

xò d Proof. Let E(x) = exp(x) = Ô + x + ò! + ⋯ and let Ed(x) = E(x) mod x be the truncated version. (a + a x + ⋯a x )d ý Ô Ô n n = coe›cient of zd in exp((a + a x + ⋯a x )z) d! ý Ô Ô n n d = coe›cient of z in exp(aýz) exp(aÔxÔz)⋯ exp(anxnz) d = coe›cient of z in Ed(aýz)Ed(aÔxÔz)⋯Ed(anxnz)

Hence, viewing Ed(aýz)Ed(aÔxÔz)⋯Ed(anxnz) as a univariate polynomial in z of degree d′ = nd +d, we just need to nd the coe›cient of the zd. is can be done by evaluating the polynomial at distinct points and interpolating. Hence, for distinct points αÔ, ⋯, αd′ ∈ F, we can compute βÔ, ⋯, βd′ in polynomial time such that

d′ d (aý + aÔxÔ + ⋯anxn) = Q βi Ed(aýαi)Ed(aÔxÔαi)⋯Ed(anxnαi) i=Ô which is precisely what we wanted. Chasm at Depth ¥ ¥

In this chapter we look at a result by Agrawal and Vinay [AVý—] on depth reduction. In- formally, the result states that exponential sized circuits do not gain anything if the depth is beyond ¥. Formally, the main result can be stated as follows:

Ceorem ¥.Ô ([AVý—]). If a polynomial P(xÔ, ⋯, xn) of degree d = O(n) can be computed o d d log n by an arithmetic circuit of size ò ( + d ), it can also be computed by a depth ¥ circuit of size o d d log n ò ( + d ).

n+d It is a simple observation that any polynomial p(xÔ, ⋯, xn) has at most ‰ d Ž monomials n d log n + O(d+d d ) and hence can be trivially computed by a ΣΠ circuit of size ‰ d Ž = ò . Hence, the above theorem implies that if we have subexponential lower bounds for depth ¥ circuits, we have subexponential lower bounds for any depth!

o n orollary ¥.ò. Let p(xÔ, ⋯, xn) be a multivariate polynomial. Suppose there are no ò ( ) sized depth ¥ arithmetic circuits that can compute p. en there is no òo(n) sized arithmetic circuit (of arbitrary depth) that can compute p.

e depth reduction is proceeded in two stages. e rst stage reduces the depth to O(log d) by the construction of Allender, Jiao, Mahajan and Vinay [AJMVÀ—]. Using a careful analysis of this reduction, the circuit is further reduced to a depth ¥ circuit.

¥.Ô Reduction to depth O(log d)

Given as input is a circuit C computing a polynomial p(xÔ, ⋯, xn) of degree d = O(n). Without loss of generality, we can assume that the circuit is layered with alternative layers of addition and multiplication gates. Further, we shall assume that each multiplication gate has exactly two children. çò Chapter ¥. Chasm at Depth ¥

¥.Ô.Ô Computing degrees

ough the polynomial computed by the circuit is of degree less than d, it could be possible that the intermediate gates compute larger degree polynomials which are somehow can- celled later. However, we can make sure that each gate computes a polynomial of degree at most d. Further, we can label each gate by the formal degree of the polynomial computed there.

Each gate gi of the circuit is now replaced by d + Ô gates giý, giÔ, ⋯, gid. e gate gis would compute the degree s homogeneous part of the polynomial computed at gi.

If gý was an addition gate with gý = hÔ+hò+⋯+hk, then we set gýi = hýi +⋯+hki for each i. If g was a multiplication gate with two children h and h , we set g = i h h . ý Ô ò ýi ∑j=ý Ôj ò(i−j) us, every gate is naturally labelled by its degree. As a convention, we shall assume that the degree of the leŸ child of any multiplication gate is smaller than or equal to the degree of the right child.

¥.Ô.ò Evaluation through proof trees

A proof tree rooted at a gate g is a sub-circuit of C that is obtained as follows:

• start with the sub-circuit in C that has gate g at the top and computes the polynomial associated with gate g,

• for every addition gate in this sub-circuit, retain only one of the inputs to this gate and delete the other input lines,

• for any multiplication gate, retain both the inputs.

A simple observation is that a single proof tree computes one monomial of the formal expression computed at g. And the polynomial computed at g is just the sum of the polyno- mial computed at every proof tree rooted at g. We shall denote the polynomial computed by a proof tree T as p(T).

For every gate g, dene [g] to be the polynomial computed at gate g. Also, for every pair of gates g and h, dene [g, h] = ∑T p(T, h) where T runs over all proof trees rooted at g with h occurring on its rightmost path and p(T, h) is the polynomial computed by the proof tree T when the last occurance of h is replaced by the constant Ô. If h does not occur ¥.Ô. Reduction to depth O(log d) çç on the right most path, then [g, h] is zero. e gates of the new circuits are [g], [g, h] and

[xi] for gates g, h ∈ C and variables xi. We shall now describe the connections between the gates.

Firstly, [g] = ∑i[g, xi][xi]. Also, if g is an addition gate with children gÔ, ⋯, gk, then

[g, h] = ∑i[gi , h]. If g is a multiplication gate, it is a little tricker. If the rightmost path from g to h consists of just addition gates, then [g, h] = [gL], the leŸ child of g. Otherwise, for any xed rightmost path, there must be at least a unique intermediate multiplication gate p on this path such that

Ô deg(p ) ≤ (deg g + deg h) ≤ deg p R ò Since there could be rightmost paths between g and h, we just run over all gates p that satisfy the above equation. en, [g, h] = ∑p[g, p][pL][pR, h]. We want to ensure that the degree of each child of [g, h] is at most (deg(g) − deg(h))~ò.

Ô • deg([g, p]) = deg(g) − deg(p) ≤ ò (deg g − deg h)

Ô • deg([pR, h]) = deg(pR) − deg(h) ≤ ò (deg(g) − deg(h))

Ô • deg(pL) ≤ deg(p) ≤ ò deg(g)

Also, deg(pL) ≤ deg(pL) + deg(pR) − deg(h) ≤ deg(g) − deg(h)

us the problem is with pL as the degree hasn’t dropped by a factor of ò. However, we know that deg(pL) ≤ deg(g)~ò. By unfolding this gate further to reduce the degree. Note that [pL] = ∑i[pL, xi][xi] and pL is an addition gate. Let pL = ∑j pL, j where each pL, j is a multiplication gate. erefore [pL, xi] = ∑j[pL, j, xi]. Repeating the same analysis for this gate, we have [pL, xi] = ∑q[pL, q][qL][qR, xi] for states q satisfying the degree constraint. Ô Ô Now, deg(qL) ≤ ò deg(pL) ≤ ò deg([g, h]) as required. We hence have

[g, h] = Q Q Q Q[g, p][pL, j, q][qL][qR, xi][pR, h] p i j q where p and q satisfy the appropriate degree constraints. is completes the description of the new circuit. It is clear that the depth of the circuit is O(log d) and the fan-in of multiplication gates is â. e size of the new circuit is polynomial bounded by size of C. ç¥ Chapter ¥. Chasm at Depth ¥ ¥.ò Reduction to depth ¥

We now construct an equivalent depth ¥ circuit from the reduced circuit. Choose an ℓ ≤ log n d+d d Ô log S where S is the size of the circuit. And let t = ò logâ ℓ. Cut the circuit into two two parts: the top has exactly t layers of multiplication gates and the rest of the layers belonging to the bottom. Let gÔ, ⋯, gk (where k ≤ S) be the output gates at the bottom layer. us, we can think of the top half as computing a polynomial Ptop in new variables yÔ, ⋯, yk and each of the gi computing a polynomial Pi over the input variables. e polynomial computed by the circuit equals

Ptop(PÔ(xÔ, ⋯, xn), Pò(xÔ, ⋯, xn), ⋯, Pk(xÔ, ⋯, xn))

Since the top half consists of t levels of multiplication gates, and each multiplication gate t has at most â children, deg(Ptop) is bounded by â . And since the degree drops by a factor d of two across multiplication gates, we also have deg(Pi) ≤ òt . Expressing each of these as a sum of product, we have a depth ¥ circuit computing the same polynomial. e size of this circuit is t d S + â n + t ‹  + S‹ ò  ât d òt o d d log n It is now just a calculation to see that the choice of t makes this ò ( + d ). And that completes the proof of eorem ¥.Ô.

¥.ç Identity testing for depth ¥ circuits

In this section we briežy describe how the depth reduction implies that PIT for depth ¥ circuits is almost the general case.

9roposition ¥.ç. If there is a PIT algorithm for depth ¥ circuit running in deterministic polynomial time, then there is a PIT algorithm for any general circuit computing a low degree polynomial running in deterministic òo(n) time.

Proof. Given any circuit computing a low degree polynomial, we can convert it to a depth ¥ circuit of size òo(n). Further, this conversion can be done in time òo(n) as well. erefore, a polynomial time PIT algorithm for depth ¥ would yield a òo(n) algorithm for general circuits. ¥.ç. Identity testing for depth ¥ circuits ç

Agrawal and Vinay further showed that if there was a stronger derandomization for identity testing on depth ¥ circuits, then we get stronger results for general circuits. As remarked earlier, a black-box algorithm is one that does not look into the circuit but just evaluations of the circuit at chosen points. is can be equivalently presented as pseudorandom generators for arithmetic circuits.

enition ¥.¥ (Pseudorandom generators for arithmetic circuits). Let F be a eld and C be a class of low degree arithmetic circuits over F. A function f ∶ N Ð→ (F[y])∗ is a s(n)- pseudorandom generator against C if

•f (n) = (pÔ(y), pò(y), ⋯, pn(y)) where each pi(y) is a univariate polynomial over F whose degree is bounded by s(n) and computable in time polynomial in s(n)

• For any arithmetic circuit C ∈ C of size n,

C(xÔ, ⋯, xn) = ý if and only if C(pÔ(y), pò(y), ⋯, pn(y)) = ý

It is clear that given a s(n)-pseudorandom generator f against C, we can solve the PIT problem for circuits in C in time (s(n))O(Ô) by just evaluating the univariate polynomial. A polynomial time derandomization is obtained if s(n) is nO(Ô) and such generators are called optimal pseudorandom generators.

¥.ç.Ô Hardness vs randomness in arithmetic circuits

Just like in the boolean setting, there is a “Hardness vs randomness” tradeoš in arithmetic circuits as well. e following lemma shows that existence of optimal PRGs leads to lower bounds.

(emma ¥. . [Agrý ] Let f ∶ N Ð→ (F(y))∗ be a s(n)-pseudorandom generator against a class C of arithmetic circuit computing a polynomials of degree at most n. If n ⋅ s(n) ≤ òn, then there is a multilinear polynomial computed in òO(n) time that cannot be computed by C.

Proof. Let q(xÔ, ⋯, xn) be a generic multivariate polynomial, that is:

q(xÔ, ⋯, xn) = Q cS M xi S⊆[n] i∈S çâ Chapter ¥. Chasm at Depth ¥

We shall choose coe›cients to satisfy the following condition

Q cS M pi(y) = ý S⊆[n] i∈S where f (n) = (pÔ(y), ⋯, pn(y)). Such a polynomial certainly exists because the coe›- cients can be obtained by solving a set of linear equations in the cS’s. e number of vari- n ables is ò and the number of constraints is at most n ⋅ s(n) (since each pi(y) has degree at most s(n)). As long as n ⋅ s(n) ≤ òn we have an under-determined set of linear equations and there exists a non-trivial solution, which can certainly be computed in time òO(n).

us, in particular, optimal pseudorandom generators would yield lower bounds. It is also known that explicit lower bounds of this kind would yield to black-box algorithms for PIT as well.

(emma ¥.â. [KIýç] Let {q } be a multilinear polynomial over computable in expo- m m≥Ô F nential time and that cannot be computed by subexponential sized arithmetic circuits. en identity testing of low degree polynomial can be solved in time nO(logn).

Proof. Pick subsets SÔ, ⋯, Sn be subsets of [Ô, c log n] such that SSiS = d log n (for suitable constants c and d) and SSi ∩ S jS ≤ log n for i ≠ j. Such a family of sets is called a Nisan-

Wigderson Design [NWÀ¥]. For a tuple of variables (xÔ, ⋯, xn), let (xÔ, ⋯, xn)S denote the tuple that retains only those xi where i ∈ S. Let pi = qd log n(xÔ, ⋯, xn)Si . We claim that the function f ∶ n ↦ (pÔ, ⋯, pn) is a pseudorandom generator for the class of size n arithmetic circuits computing low degree polynomials. Suppose not, then there exists a circuit C of size n computing a polynomial of degree at most n such that C(zÔ, ⋯, zn) ≠ ý but C(pÔ, ⋯, pn) = ý. By an hybrid argument, there must exist an index j such that C(pÔ, ⋯, p j−Ô, z j, z j+Ô⋯, zn) ≠ ý but C(pÔ, ⋯, p j−Ô, p j, z j+Ô, ⋯, zn) =

ý. Fix values for the variables z j+Ô, ⋯, zn and also for the xi’s not occurring in p j to still en- sure that the resulting polynomial in C(pÔ, ⋯, p j−Ô, z j, z j+Ô⋯, zn) ≠ ý. For each pi for i ≤ j, all but log n of the variables have been xed and the degree of pi is bounded by n. Replace each such pi by ΣΠ circuit of size at most n. AŸer all the xing and replacement, we have ò a circuit of size at most n over variables (xÔ, ⋯, xc log n)S j and z j. is circuit computes a non-zero polynomial but becomes zero when z is substituted by p j. Hence, z j − p j divides the polynomial computed by this circuit. We now use can a multivariate polynomial fac- torization algorithm to compute this factor, and hence compute p j. e circuit computing ¥.ç. Identity testing for depth ¥ circuits çÞ the factor has size ne for some constant e independent of d and this gives a ne + nò sized circuit that computes p j contradicting the hardness of qd log n for suitable choice of d. erefore, C would continue to be non-zero even aŸer the substitution. AŸer the sub- stitution, we have a polynomial over d log n variables of degree O(n log n) and it has at most nO(log n) terms. erefore, this gives a nO(log n) algorithm to check if C is zero.

Ceorem ¥.Þ. [AVý—] If there is a deterministic black-box PIT algorithm for depth ¥ circuit running in polynomial time, then there is a deterministic nO(logn) algorithm for PIT on general circuits computing a low degree polynomial.

Proof. Suppose there does indeed exist an optimal pseudorandom generator against depth ¥ circuits. By Lemma ¥. we know that we have a subexponential lower bound in depth

¥ circuits for a family of multilinear polynomials {qm}. By Corollary ¥.ò we know that this implies a subexponential lower bound for {qm} in arithmetic circuits of any depth. To O log n nish, Lemma ¥.â implies such a family {qm} can be used to give a n ( ) algorithm for PIT.

It would be interesting to see if the above result can be tightened to get a polynomial time PIT algorithm for general circuits. ç— Chapter ¥. Chasm at Depth ¥ Depth ò Circuits Over Algebras ... or “Trading Depth for Algebra”

Wenow come to the main contribution of the thesis – a new approach to identity testing for depth ç circuits. e contents this chapter is joint work with Saha and Saxena [SSSýÀ].

As mentioned earlier, we study a generalization of arithmetic circuits where the con- stants come from an algebra instead of a eld. e variables still commute with each other and with elements of the algebra. In particular, we are interested in depth ò circuits over the algebra. ese involve expressions like

d P = M (Aiý + AiÔxÔ + ... + Ainxn) i=Ô where Ai j ∈ R, an algebra over F given in basis form. Without loss of generality, every nite dimensionally associative algebra can be thought of as a matrix algebra. erefore, we are interested in circuits over matrix algebras. us the above equation reduces to a product of matrices, each of whose entries is a linear function of the variables. For convenience, let us call such a matrix a linear matrix. Ben-Or and Cleve showed that any polynomial computed by a small sized arithmetic formula can be computed by a depth ò circuits over the algebra of ç×ç matrices. erefore PIT over depth ò circuits over ç × ç matrices almost capture PIT over general circuits. A natural question to study the setting over ò×ò matrices. We show that this question is very closely related to PIT of depth ç circuits.

.Ô Equivalence of PIT with ΣΠΣ circuits

We will now prove eorem Ô. . ¥ý Chapter . Depth ò Circuits Over Algebras

Ceorem Ô. . (restated) Identity testing for depth ò (ΠΣ) circuits over Uò(F) is polynomial time equivalent to identity testing for depth ç (ΣΠΣ) circuits. e usual trick would be to construct a ΠΣ circuit over matrices that computes the same function f as the ΣΠΣ circuit. However, this isn’t possible in the setting of upper- triangular ò × ò matrices because they are computationally very weak. We shall see soon that they cannot even compute simple polynomials like xÔxò + xçx¥ + x xâ. To circumvent this issue, we shall compute a multiple of f instead of f itself. e fol- lowing lemma shows how this can be achieved.

(emma .Ô. Let f ∈ F[xÔ,..., xn] be a polynomial computed by a ΣΠΣ(n, s, d) circuit. Given circuit C, it is possible to construct in polynomial time a depth ò circuit over Uò(F) of size O((d + n)sò) that computes a polynomial p = L ⋅ f , where L is a product of non-zero linear functions.

Proof. A depth ò circuit over Uò(F) is simply a product sequence of ò × ò upper-triangular linear matrices. We now show that there exists such a sequence of length O((d + n)sò) such that the product ò × ò matrix has L ⋅ f as one of its entries. Since f is computed by a depth ç circuit, we can write f = s P , where each summand ∑i=Ô i

Pi = ∏j li j is a product of linear functions. Observe that we can compute a single Pi using a product sequence of length d as: ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎢ l ⎥ ⎢ l ⎥ ⎢ l ⎥ ⎢ Ô l ⎥ ⎢ L′ P ⎥ ⎢ iÔ ⎥ ⎢ iò ⎥ ⎢ i(d−Ô) ⎥ ⎢ id ⎥ ⎢ i ⎥ ⎢ ⎥ ⎢ ⎥ ⋯ ⎢ ⎥ ⎢ ⎥ = ⎢ ⎥ ( .Ô) ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ Ô ⎦ ⎣ Ô ⎦ ⎣ Ô ⎦ ⎣ Ô ⎦ ⎣ Ô ⎦ ′ where L = liÔ⋯li(d−Ô). e proof will proceed by induction where Equation .Ô serves as the induction basis. ⎡ ⎤ ⎢ ⎥ ⎢ LÔ Lò g ⎥ A generic intermediate matrix would look like ⎢ ⎥ where each Li is a product of ⎢ ⎥ ⎣ Lç ⎦ non-zero linear functions and g is a partial summand of Pi’s. We shall inductively double the number of summands in g at each step. ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ LÔ Lò g ⎥ ⎢ MÔ Mòh ⎥ At the i-th iteration, assume that we have the matrices ⎢ ⎥ and ⎢ ⎥, ⎢ ⎥ ⎢ ⎥ ⎣ Lç ⎦ ⎣ Mç ⎦ each computed by a sequence of ni linear matrices. We now want a sequence that computes a polynomial of the form L ⋅ (g + h). Consider the following sequence, ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ LÔ Lò g ⎥ ⎢ A ⎥ ⎢ MÔ Mòh ⎥ ⎢ ALÔMÔ ALÔMòh + BLòMç g ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ = ⎢ ⎥ ( .ò) ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ Lç ⎦ ⎣ B ⎦ ⎣ Mç ⎦ ⎣ BLçMç ⎦ .Ô. Equivalence of PIT with ΣΠΣ circuits ¥Ô

where A, B are products of linear functions. By setting A = LòMç and B = LÔMò we get the desired sequence, ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ LÔ Lò g ⎥ ⎢ A ⎥ ⎢ MÔ Mòh ⎥ ⎢ LÔLòMÔMç LÔLòMòMç(g + h) ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ = ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ Lç ⎦ ⎣ B ⎦ ⎣ Mç ⎦ ⎣ LÔLçMòMç ⎦ is way, we have doubled the number of summands in g + h. e length of the sequence computing Lò g and Mòh is ni, hence each Li and Mi is a product of ni many linear func- tions. erefore, both A and B are products of at most òni linear functions and the matrix ⎡ ⎤ ⎢ ⎥ ⎢ A ⎥ ⎢ ⎥ can be written as a product of at most òni diagonal linear matrices. e total ⎢ ⎥ ⎣ B ⎦ length of the sequence given in Equation .ò is hence bounded by ¥ni. e number of summands in f is s and the above process needs to be repeated at most log s+Ô times. e nal sequence length is hence bounded by (d +n)⋅¥log s = (d +n)sò.

Proof of eorem Ô. . It follows from Lemma .Ô that, given a depth ç circuit C computing f ⎡ ⎤ ⎢ ⎥ ⎢ LÔ L ⋅ f ⎥ we can e›ciently construct a depth ò circuit over Uò( ) that outputs a matrix, ⎢ ⎥, F ⎢ ⎥ ⎣ Lò ⎦ ⎡ ⎤ ⎢ ⎥ ⎢ Ô ý ⎥ where L is a product of non-zero linear functions. Multiplying this matrix by ⎢ ⎥ to ⎢ ⎥ ⎣ ý ⎦ ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ ý ý ⎥ ⎢ ý L ⋅ f ⎥ the leŸ and ⎢ ⎥ to the right yields another depth ò circuit D that outputs ⎢ ⎥. ⎢ ⎥ ⎢ ⎥ ⎣ Ô ⎦ ⎣ ý ⎦ us D computes an identically zero polynomial over Uò(F) if and only if C computes an identically zero polynomial. is shows that PIT for depth ç circuits reduces to PIT of depth ò circuits over Uò(F). e other direction, that is PIT for depth ò circuits over Uò(F) reduces to PIT for depth ç circuits, is trivial to observe. e diagonal entries of the output ò × ò matrix is just a product of linear functions whereas the oš-diagonal entry is a sum of at most d′ many products of linear functions, where d′ is the multiplicative fan-in of the depth ò circuit over Uò(F).

.Ô.Ô Width-ò algebraic branching programs

e main theorem has an interesting consequence in terms of algebraic branching programs. Algebraic Branching Programs (ABPs) is a model of computation dened by Nisan [NisÀÔ]. ¥ò Chapter . Depth ò Circuits Over Algebras

Formally, an ABP is dened as follows.

enition .ò. (Nisan [NisÀÔ]) An algebraic branching program (ABP) is a directed acyclic graph with one source and one sink. e vertices of this graph are partitioned into levels labelled ý to d, where edges may go from level i to level i + Ô. e parameter d is called the degree of the ABP. e source is the only vertex at level ý and the sink is the only vertex at level d. Each edge is labelled with a homogeneous linear function of xÔ,..., xn (i.e. a function of the form ∑i ci xi). e width of the ABP is the maximum number of vertices in any level, and the size is the total number of vertices. An ABP computes a function in the obvious way; sum over all paths from source to sink, the product of all linear functions by which the edges of the path are labelled.

e following argument shows how Corollary Ô.â follows easily from eorem Ô. .

orollary Ô.â. (restated) Identity testing of depth ç circuits is equivalent to identity testing of width-ò ABPs with polynomially many paths from source to sink.

Proof. It is rstly trivial to see that if the number of paths from source to sink is small, then we one can easily construct a depth ç circuit that computes the same polynomial. us, we only need to show that PIT on depth ç circuits reduces to that on such restricted ABP’s. eorem Ô. constructs a depth ò circuit D that computes a product of the form ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ LÔÔ LÔò ⎥ ⎢ LòÔ Lòò ⎥ ⎢ LmÔ Lmò ⎥ P = ⎢ ⎥ ⎢ ⎥ ⋯ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ LÔç ⎦ ⎣ Lòç ⎦ ⎣ Lmç ⎦ where each Li j is a linear function over the variables. We can make sure that all linear func- tions are homogeneous by introducing an extra variable xý, such that aý + aÔxÔ + ⋯anxn is transformed to aýxý + aÔxÔ + ... + anxn. It is now straightforward to construct a width-ò ABP by making the jth linear matrix in the sequence act as the adjacency matrix between level j and j + Ô of the ABP.

L L L ● ÔÔ ● òÔ ● ● mÔ ●

LÔò Lòò Lmò

L L L ● Ôç ● òç ● ● mç ●

It is clear that the branching program has only polynomially many paths from source to sink. .ò. Identity testing over commutative algebras ¥ç

As a matter of fact, the above argument actually shows that PIT of depth ò circuits over

Mk(F) is equivalent to PIT of width-k ABPs.

.ò Identity testing over commutative algebras

We would now prove eorem Ô.Þ. e main idea behind this proof is a structure theorem for nite dimensional commutative algebras over a eld. To state the theorem we need the following denition.

enition .ç. A ring R is local if it has a unique maximal ideal.

An element u in a ring R is said to be a unit if there exist an element u′ such that uu′ = Ô, where Ô is the identity element of R. An element m ∈ R is nilpotent if there exist a positive integer n with mn = ý. In a local ring the unique maximal ideal consists of all non-units in R.

e following theorem shows how a commutative algebra decomposes into local sub- algebras. e theorem is quite well known in the theory of commutative algebras. But since we need an ešective version of this theorem, we present the proof here for the sake of completion and clarity.

Ceorem .¥. A nite dimensional commutative algebra R over F is isomorphic to a direct sum of local rings i.e.

R ≅ RÔ ⊕ ... ⊕ Rℓ where each Ri is a local ring contained in R and any non-unit in Ri is nilpotent.

Proof. If all non-units in R are nilpotents then R is a local ring and the set of nilpotents forms the unique maximal ideal. erefore, suppose that there is a non-nilpotent zero- divisor z in R. (Any non-unit z in a nite dimensional algebra is a zero-divisor i.e. ∃y ∈ R and y ≠ ý such that yz = ý.) We would argue that using z we can nd an idempotent v ∈~ {ý, Ô} in R i.e. vò = v. Assume that we do have a non-trivial idempotent v ∈ R. Let Rv be the sub-algebra of R generated by multiplying elements of R with v. Since any a = av + a(Ô − v) and Rv ∩R(Ô−v) = {ý}, we get R ≅ Rv ⊕R(Ô−v) as a non-trivial decomposition of R. (Note ¥¥ Chapter . Depth ò Circuits Over Algebras that R is a direct sum of the two sub-algebras because for any a ∈ Rv and b ∈ R(Ô − v), a ⋅ b = ý. is is the place where we use commutativity of R.) By repeating the splitting process on the sub-algebras we can eventually prove the theorem. We now show how to nd an idempotent from the zero-divisor z.

An element a ∈ R can be expressed equivalently as a matrix in Mk(F), where k = (R) R ∈ R ⋅ dimF , by treating a as the linear transformation on that takes b to a b. erefore, z is a zero-divisor if and only if z as a matrix is singular. Consider the Jordan normal form of z. Since it is merely a change of basis we would assume, without loss of generality, that z is already in Jordan normal form. (We won’t compute the Jordan normal form in our algorithm, it is used only for the sake of argument.) Let, ⎡ ⎤ ⎢ ⎥ ⎢ A ý ⎥ z = ⎢ ⎥ ⎢ ⎥ ⎣ ý N ⎦ where A, N are block diagonal matrices and A is non-singular and N is nilpotent. erefore there exits a positive integer t < k such that, ⎡ ⎤ ⎢ B ý ⎥ t ⎢ ⎥ w = z = ⎢ ⎥ ⎢ ⎥ ⎣ ý ý ⎦ where B = At is non-singular. e claim is, there is an identity element in the sub-algebra Rw which can be taken to be the idempotent that splits R. To see this rst observe that the minimum polynomial of w over F is m(x) = x ⋅ m′(x), where m′(x) is the minimum polynomial of B. Also if m(x) = k α x i then α ≠ ý as it is the constant term of m′(x) ∑i=Ô i Ô and B is non-singular. erefore, there exists an a ∈ R such that w ⋅ (aw − Ô) = ý. We can take v = aw as the identity element in the sub-algebra Rw. is v ∈~ {ý, Ô} is the required idempotent in R.

We are now ready to prove eorem Ô.Þ.

Ceorem Ô.Þ (restated.) Given an expression,

d P = M (Aiý + AiÔxÔ + ... + Ainxn) i=Ô where Ai j ∈ R, a commutative algebra of constant dimension over F that is given in basis form, there is a deterministic polynomial time algorithm to test if P is zero. .ò. Identity testing over commutative algebras ¥

Proof. Suppose, the elements eÔ,..., ek form a basis of R over F. Since any element in R can be equivalently expressed as a k × k matrix over F (by treating it as a linear transfor- mation), we will assume that Ai j ∈ Mk(F), for all i and j. Further, since R is given in basis form, we can nd these matrix representations of Ai j’s e›ciently.

If every Ai j is non-singular, then surely P ≠ ý. (is can be argued by xing an ordering xÔ ≻ xò ≻ ... ≻ xn among the variables. e coe›cient of the leading monomial of P, with respect to this ordering, is a product of invertible matrices and hence P ≠ ý.) erefore, assume that ∃Ai j = z such that z is a zero-divisor i.e. singular. From the proof of eorem .¥ it follows that there exists a t < k such that the sub-algebra Rw, where w = zt, contains an identity element v which is an idempotent. To nd the right w we can simply go through all Ô ≤ t < k. We now argue that for the correct choice of w, v can be found by solving a system of linear equations over F. Let bÔ,..., bk′ be a basis of Rw, which we can nd easily from the elements eÔw,..., ekw. In order to solve for v write it as,

v = νÔbÔ + ... + νk′ bk′ where ν j ∈ F are unknowns. Since v is an identity in Rw we have the following equations,

′ (νÔbÔ + ... + νk′ bk′ ) ⋅ bi = bi for Ô ≤ i ≤ k .

Expressing each bi in terms of eÔ,..., ek, we get a set of linear equations in ν j’s. us for the right choice of w (i.e. for the right choice of t) there is a solution for v. On the other hand, a solution for v for any w gives us an idempotent, which is all that we need. Since R ≅ Rv ⊕R(Ô−v) we can now split the identity testing problem into two similar problems, i.e. P is zero if and only if,

d Pv = M (Aiýv + AiÔv ⋅ xÔ + ... + Ainv ⋅ xn) and i=Ô d P(Ô − v) = M (Aiý(Ô − v) + AiÔ(Ô − v) ⋅ xÔ + ... + Ain(Ô − v) ⋅ xn) i=Ô are both zero. What we just did with P ∈ R we can repeat for Pv ∈ Rv and P(Ô − v) ∈

R(Ô − v). By decomposing the algebra each time an Ai j is a non-nilpotent zero-divisor, we have reduced the problem to the following easier problem of checking if

d P = M (Aiý + AiÔxÔ + ... + Ainxn) i=Ô ¥â Chapter . Depth ò Circuits Over Algebras

is zero, where the coe›cients Ai j’s are either nilpotent or invertible matrices.

Let Ti = (Aiý + AiÔxÔ + ... + Ainxn) be a term such that the coe›cient of x j in Ti, i.e.

Ai j is invertible. And suppose Q be the product of all terms other than Ti. en P =

Ti ⋅ Q (since R is commutative). Fix an ordering among the variables so that x j gets the highest priority. e leading coe›cient of P, under this ordering, is Ai j times the leading coe›cient of Q. Since Ai j is invertible this implies that P = ý if and only if Q = ý. (If Aiý is invertible, we can arrive at the same conclusion by arguing with the coe›cients of the least monomials of P and Q under some ordering.) In other words, P = ý if and only if the product of all those terms for which all the coe›cients are nilpotent matrices is zero. But this is easy to check since the dimension of the algebra, k is a constant. (In fact, this is the only step where we use that k is a constant.) If number of such terms is greater than k then P is automatically zero (this follows easily from the fact that the commuting nilpotent matrices can be simultaneously triangularized with zeroes in the diagonal). Otherwise, simply multiply those terms and check if it is zero. is takes O(nk) operations over F.

It is clear from the above discussion that identity testing of depth ò (ΠΣ) circuits over commutative algebras reduces in polynomial time to that over local rings. As long as the dimensions of these local rings are constant we are through. But what happens for non- constant dimensions? e following result justies the hardness of this problem.

Ceorem . . Given a depth ç (ΣΠΣ) circuit C of degree d and top level fan-in s, it is possible to construct in polynomial time a depth ò (ΠΣ) circuit C˜ over a local ring of dimension s(d − Ô) + ò over F such that C˜ computes a zero polynomial if and only if C does so.

Proof. e proof is relatively straightforward. Consider a depth ç (ΣΠΣ) circuit com- puting a polynomial f = s d l , where l ’s are linear functions. Consider the ring ∑i=Ô ∏j=Ô i j i j d R = F[yÔ,..., ys]~I, where I is an ideal generated by the elements {yi y j}Ô≤i

d P = M ‰l jÔ yÔ + ... + l js ysŽ j=Ô d = f ⋅ yÔ .ç. Weakness of the depth ò model ¥Þ is zero if and only if f is zero. Polynomial P can indeed be computed by a depth ò (ΠΣ) circuit over R.

.ç Weakness of the depth ò model

In Lemma .Ô, we saw that the depth ò circuit over Uò(F) computes L ⋅ f instead of f . Is it possible to drop the factor L and simply compute f ? In this section, we show that in many cases it is impossible to nd a depth ò circuit over Uò(F) that computes f .

.ç.Ô Depth ò model over Uò(F)

We will now prove eorem Ô.—. In the following discussion we use the notation (lÔ, lò) to mean the ideal generated by two linear functions lÔ and lò. Further, we say that lÔ is inde- pendent of lò if Ô ∈~ (lÔ, lò).

Ceorem Ô.— (restated.) Let f ∈ F[xÔ,..., xn] be a polynomial such that there are no two linear functions lÔ and lò (with Ô ∈~ (lÔ, lò)) which make f mod (lÔ, lò) also a linear function.

en f is not computable by a depth ò circuit over Uò(F).

Proof. Assume on the contrary that f can be computed by a depth ò circuit over Uò(F). In other words, there is a product sequence MÔ⋯Mt of ò × ò upper-triangular linear matrices ⎡ ⎤ ⎢ ⎥ ⎢ liÔ liò ⎥ such that f appears as the top-right entry of the nal product. Let Mi = ⎢ ⎥, then ⎢ ⎥ ⎣ liç ⎦ ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ lÔÔ lÔò ⎥ ⎢ lòÔ lòò ⎥ ⎢ ltÔ ltò ⎥ ⎢ ý ⎥ f =  Ô ý  ⎢ ⎥ ⎢ ⎥ ⋯ ⎢ ⎥ ⎢ ⎥ ( .ç) ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ lÔç ⎦ ⎣ lòç ⎦ ⎣ ltç ⎦ ⎣ Ô ⎦

Case Ô: Not all the liÔ’s are constants.

Let k be the least index such that lkÔ is not a constant and liÔ = ci for all i < k. To simplify Equation .ç, let ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ B ⎥ ⎢ ý ⎥ ⎢ ⎥ = Mk Ô⋯Mt ⎢ ⎥ ⎢ ⎥ + ⎢ ⎥ ⎣ L ⎦ ⎣ Ô ⎦

 di Di  =  Ô ý  ⋅ MÔ⋯Mi−Ô ¥— Chapter . Depth ò Circuits Over Algebras

Observe that L is just a product of linear functions, and for all Ô ≤ i < k, we have the following relations.

i

di+Ô = M c j j=Ô

Di+Ô = di liò + liçDi

Hence, Equation .ç simplies as ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ lkÔ lkò ⎥ ⎢ B ⎥ f =  dk Dk  ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ lkç ⎦ ⎣ L ⎦ = dk lkÔB + (dk lkò + lkçDk) L

Suppose there is some factor l of L with Ô ∈~ (lkÔ, l). en f = ý mod (lkÔ, l), which is not possible. Hence, L must be a constant modulo lkÔ. For appropriate constants α, β, we have

f = αlkò + βlkçDk (mod lkÔ) ( .¥)

We argue that the above equation cannot be true by inducting on k. If lkç was inde- pendent of lkÔ, then f = αlkò mod (lkÔ, lkç) which is not possible. erefore, lkç must be a constant modulo lkÔ. We then have the following (reusing α and β to denote appropriate constants):

f = αlkò + βDk (mod lkÔ)

= αlkò + β ‰dk−Ôl(k−Ô)ò + l(k−Ô)çDk−Ԏ (mod lkÔ)

Ô⇒ f = ‰αlkò + βdk−Ôl(k−Ô)òŽ + βl(k−Ô)çDk−Ô (mod lkÔ)

e last equation can be rewritten in the form of Equation .¥ with βlkçDk replaced by

βl(k−Ô)çDk−Ô. Notice that the expression ‰αlkò + βdk−Ôl(k−Ô)òŽ is linear just like αlkò. Hence by using the argument iteratively we eventually get a contradiction at DÔ.

Case ò: All the liÔ’s are constants. In this case, Equation .ç can be rewritten as ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ ct ltò ⎥ ⎢ ý ⎥ f =  dt Dt  ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ ltç ⎦ ⎣ Ô ⎦ = dt ltò + ltçDt .ç. Weakness of the depth ò model ¥À

e last equation is again of the form in Equation .¥ (without the mod term) and hence the same argument can be repeated here as well to give the desired contradiction.

e following corollary provides some explicit examples of functions that cannot be computed.

orollary .â. A depth ò circuit over Uò(F) cannot compute the polynomial xÔxò + xçx¥ + x xâ. Other examples include well known functions like detn and permn, the determinant and permanent polynomials, for n ≥ ç.

Proof. It su›ces to show that f = xÔxò +xçx¥ +x xâ satisfy the requirement in eorem Ô.—.

To obtain a contradiction, let us assume that there does exist two linear functions lÔ and lò (with Ô ∈~ (lÔ, lò)) such that f mod (lÔ, lò) is linear. We can evaluate f mod (lÔ, lò) by substituting a pair of the variables in f by linear functions in the rest of the variables (as dictated by the equations lÔ = lò = ý). By the symmetry of f , we can assume that the pair is either {xÔ, xò} or {xÔ, xç}. ′ ′ ′ ′ If xÔ = lÔ and xç = lò are the substitutions, then lÔ xò + łòx¥ can never contribute a term to cancel oš x xâ and hence f mod (lÔ, lò) cannot be linear. ′ ′ ′ ′ Otherwise, let xÔ = lÔ and xò = lò be the substitutions. If f mod (lÔ, lò) = lÔ lò+xçx¥+x xâ ′ ′ is linear, there cannot be a common xi with non-zero coe›cient in both lÔ and lò. Without ′ ′ loss of generality, assume that lÔ involves xç and x and lò involves x¥ and xâ. But then the ′ ′ product lÔ lò would involve terms like xçxâ that cannot be cancelled, contradicting linearity again.

.ç.ò Depth ò model over Mò(F) In this section we show that the power of depth ò circuits is very restrictive even if we take the underlying algebra to be Mò(F) instead of Uò(F). In the following discussion, we will refer to a homogeneous linear function as a linear form.

enition .Þ. A polynomial f of degree n is said to be r-robust if f does not belong to any ideal generated by r linear forms.

For instance, it can be checked that detn and permn, the symbolic determinant and per- manent of an n × n matrix, are (n − Ô)-robust polynomials. For any polynomial f , we th will denote the d homogeneous part of f by [ f ]d. And let (hÔ, ⋯, hk) denote the ideal ý Chapter . Depth ò Circuits Over Algebras

generated by hÔ, ⋯, hk. For the following theorem recall the denition of degree restriction (Denition Ô.À) given in the introduction.

Ceorem .—. A polynomial f of degree n, such that [ f ]n is -robust, cannot be computed by a depth ò circuit over Mò(F) under a degree restriction of n. We prove this with the help of the following lemma, which basically applies Gaussian col- umn operations to simplify matrices.

(emma .À. Let fÔ be a polynomial of degree n such that [ fÔ]n is ¥-robust. Suppose there is a linear matrix M and polynomials fò, gÔ, gò of degree at most n satisfying ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ fÔ ⎥ ⎢ gÔ ⎥ ⎢ ⎥ = M ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ fò ⎦ ⎣ gò ⎦ en, there is an appropriate invertible column operation A such that ⎡ ⎤ ⎢ ⎥ ⎢ Ô hò ⎥ M ⋅ A = ⎢ ⎥ ⎢ ⎥ ⎣ cç h¥ + c¥ ⎦ where cç, c¥ are constants and hò, h¥ are linear forms.

We will defer the proof of this lemma to the end of this section, and shall use it to prove eorem .—.

Proof of eorem .—. Assume, on the contrary, that we do have such a sequence of ma- trices computing f . Since only one entry is of interest to us, we shall assume that the rst matrix is a row vector and the last matrix is a column vector. Let the sequence of minimum length computing f be the following:

f = v¯ ⋅ MÔMò⋯Md ⋅ w¯

Using Lemma .À we shall repeatedly transform the above sequence by replacing Mi Mi+Ô −Ô by (Mi A)(A Mi+Ô) for an appropriate invertible column transformation A. Since A would −Ô consist of just constant entries, Mi A and A Mi+Ô continue to be linear matrices.

T To begin, let v¯ = [lÔ, lò] for two linear functions lÔ and lò. And let [ fÔ, fò] = MÔ⋯Mdw¯. en we have, ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ f ⎥ ⎢ lÔ lò ⎥ ⎢ fÔ ⎥ ⎢ ⎥ = ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ ý ⎦ ⎣ ý ý ⎦ ⎣ fò ⎦ .ç. Weakness of the depth ò model Ô

Hence, by Lemma .À, we can assume v¯ = [Ô, h] and hence f = fÔ+h fò. By the minimality of the sequence, h ≠ ý. is forces fÔ to be ¥-robust and the degree restriction makes [ fò]n = ý. T Let [gÔ, gò] = Mò⋯Mdw¯. e goal is to translate the properties that [ fÔ]n is ¥-robust and [ fò]n = ý to the polynomials gÔ and gò. Translating these properties would show each

Mi is of the form described in Lemma .À. us, inducting on the length of the sequence, we would arrive at the required contradiction. In general, we have an equation of the form ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ fÔ ⎥ ⎢ gÔ ⎥ ⎢ ⎥ = Mi ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ fò ⎦ ⎣ gò ⎦

Since [ fÔ]n is ¥-robust, using Lemma .À again, we can assume that ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ fÔ ⎥ ⎢ Ô hò ⎥ ⎢ gÔ ⎥ ⎢ ⎥ = ⎢ ⎥ ⎢ ⎥ ( . ) ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ fò ⎦ ⎣ cç c¥ + h¥ ⎦ ⎣ gò ⎦ by reusing the variables gÔ, gò and others. Observe that in the above equation if h¥ = ý then

Mi−ÔMi still continues to be a linear matrix (since, by induction, Mi−Ô is of the form as dic- tated by Lemma .À) and that would contradict the minimality of the sequence. erefore h¥ ≠ ý.

th Claim: cç = ý (by comparing the n homogeneous parts of fÔ and gÔ, as explained below).

Proof: As h¥ ≠ ý, the degree restriction forces deg gò < n. And since deg fò < n, we have the relation cç[gÔ]n = −h¥[gò]n−Ô. If cç ≠ ý, we have [gÔ]n ∈ (h¥), contradicting robustness of [ fÔ]n as then [ fÔ]n = [gÔ]n + hò[gò]n−Ô ∈ (hò, h¥).

erefore Equation . gives, ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ fÔ ⎥ ⎢ Ô hò ⎥ ⎢ gÔ ⎥ ⎢ ⎥ = ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ fò ⎦ ⎣ ý c¥ + h¥ ⎦ ⎣ gò ⎦ with h¥ ≠ ý. Also, since [ fò]n+Ô = [ fò]n = ý this implies that [gò]n = [gò]n−Ô = ý. Hence,

[gÔ]n = [ fÔ]n is ¥-robust. is argument can be extended now to gÔ and gò. Notice that the degree of gÔ remains n. However, since there are only nitely many matrices in the sequence, there must come a point when this degree drops below n. At this point we get a contradiction as [gÔ]n = ý (reusing symbol) which contradicts robustness.

We only need to nish the proof of Lemma .À. ò Chapter . Depth ò Circuits Over Algebras

Proof of Lemma .À. Suppose we have an equation of the form ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ fÔ ⎥ ⎢ hÔ + cÔ hò + cò ⎥ ⎢ gÔ ⎥ ⎢ ⎥ = ⎢ ⎥ ⎢ ⎥ ( .â) ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ fò ⎦ ⎣ hç + cç h¥ + c¥ ⎦ ⎣ gò ⎦ On comparing degree n + Ô terms, we have

hÔ[gÔ]n + hò[gò]n = ý

hç[gÔ]n + h¥[gò]n = ý

If hç and h¥ (a similar reasoning holds for hÔ and hò) were not proportional (i.e. not multiple of each other), then the above equation would imply [gÔ]n, [gò]n ∈ (hç, h¥). en,

[ fÔ]n = hÔ[gÔ]n−Ô + hò[gò]n−Ô + cÔ[gÔ]n + cò[gò]n ∈ (hÔ, hò, hç, h¥) contradicting the robustness of [ fÔ]n. us, hç and h¥ (as well as hÔ and hò) are proportional, in the same ratio as [−gò]n and [gÔ]n. Using an appropriate column operation, Equation .â simplies to ⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ fÔ ⎥ ⎢ cÔ hò + cò ⎥ ⎢ gÔ ⎥ ⎢ ⎥ = ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎣ fò ⎦ ⎣ cç h¥ + c¥ ⎦ ⎣ gò ⎦

If cÔ = ý, then together with [gò]n = ý we get [ fÔ]n = hò[gò]n−Ô contradicting robustness.

erefore cÔ ≠ ý and another column transformation would get it to the form claimed. Conclusion â

A deterministic algorithm for PIT continues to evade various attempts by researchers. Nu- merous ideas have been employed for randomized algorithms and for deterministic algo- rithms in restricted settings. Partial evidence for the problem’s hardness has also be pro- vided. In this thesis, we shed some more light on the problem and a possible attack on general ΣΠΣ circuits.

We give a new perspective to identity testing of depth ç arithmetic circuits by showing an equivalence to identity testing of depth ò circuits over Uò(F). e reduction implies that identity testing of a width-ò algebraic branching program is at least as hard as identity testing of depth ç circuits.

e characterization in terms of depth ò circuits over Uò(F) seem more vulnerable than general depth ç circuits. Can we obtain new (perhaps easier) proofs of known results using the characterization in terms of linear matrices, or width ò-ABPs?

We also give a deterministic polynomial time identity testing algorithm for depth ò circuits over any constant dimensional commutative algebra. Our algorithm crucially ex- ploits an interesting structural result involving local rings. is naturally poses the fol- lowing question — Can we use more algebraic insight on non-commutative algebras to solve the general problem? e solution for the commutative case does not seem to give any interesting insight into the non-commutative case. But we have a very specic non- commutative case at hand. e question is - Is it possible to use properties very specic to the ring of ò × ò matrices to solve identity testing for depth ç circuits? We also show that PIT over depth ò circuits over higher dimensional commutative al- gebras capture ΣΠΣ circuits completely. Does this case falter to mathematics as well? Can this approach be used to get a deterministic polynomial time PIT for depth ç circuits. ¥ Chapter â. Conclusion

Hopefully, the new ideas outlined in this thesis renders useful to an algorithm for depth ç circuits. Bibliography

[ABÀÀ] Manindra Agrawal and Somenath Biswas. Primality and Identity Testing via Chinese Remaindering. In FOCS, pages òýò–òýÀ, ÔÀÀÀ. [ , Ô¥]

[Agrý ] Manindra Agrawal. Proving Lower Bounds Via Pseudo-random Generators. In FSTTCS, pages Àò–Ôý , òýý . [ç, , ç ]

[AJMVÀ—] Eric Allender, Jia Jiao, Meena Mahajan, and V. Vinay. Non-Commutative Arithmetic Circuits: Depth Reduction and Size Lower Bounds. eor. Comput. Sci., òýÀ(Ô-ò):¥Þ–—â, ÔÀÀ—. [çÔ]

[AKSý¥] Manindra Agrawal, Neeraj Kayal, and Nitin Saxena. PRIMES is in P. Ann. of Math, Ôâý(ò):Þ—Ô–ÞÀç, òýý¥. [ ]

[ALM+À—] Sanjeev Arora, Carsten Lund, Rajeev Motwani, Madhu Sudan, and Mario Szegedy. Proof Verication and the Hardness of Approximation Problems. Journal of the ACM, ¥ (ç): ýÔ– , ÔÀÀ—. [ ]

[AVý—] Manindra Agrawal and V Vinay. Arithmetic circuits: A chasm at depth four. In FOCS, pages âÞ–Þ , òýý—. [ ,À, çÔ, çÞ]

[BC——] Michael Ben-Or and Richard Cleve. Computing Algebraic Formulas Using a Constant Number of Registers. In STOC, pages ò ¥–ò Þ, ÔÀ——. [â]

[Ber—¥] Stuart J. Berkowitz. On computing the determinant in small parallel time using a small number of processors. Inf. Process. Lett., ԗ(ç):Ô¥Þ–Ô ý, ÔÀ—¥. [ò]

[CDGKÀÔ] Michael Clausen, Andreas W. M. Dress, Johannes Grabmeier, and Marek Karpinski. On Zero-Testing and Interpolation of k-Sparse Multivariate Poly- nomials Over Finite Fields. eor. Comput. Sci., —¥(ò):Ô Ô–Ôâ¥, ÔÀÀÔ. [ ] â Bibliography

[Chi— ] Alexander L. Chistov. Fast parallel calculation of the rank of matrices over a eld of arbitrary characteristic. In FCT ’— : Fundamentals of Computation eory, pages âç–âÀ, London, UK, ÔÀ— . Springer-Verlag. [ò]

[CKÀÞ] Zhi-Zhong Chen and Ming-Yang Kao. Reducing Randomness via Irrational Numbers. In STOC, pages òýý–òýÀ, ÔÀÀÞ. [ ,Ôò]

[CRSÀ ] Suresh Chari, Pankaj Rohatgi, and Aravind Srinivasan. Randomness-optimal unique element isolation with applications to perfect matching and related problems. SIAM J. Comput., ò¥( ):Ôýçâ–Ôý ý, ÔÀÀ . [ÔÞ]

[DSý ] Zeev Dvir and Amir Shpilka. Locally decodable codes with ò queries and poly- nomial identity testing for depth ç circuits. In STOC ’ý : Proceedings of the thirty-seventh annual ACM symposium on eory of computing, pages Àò–âýÔ, New York, NY, USA, òýý . ACM. [òÞ]

[GKÀ—] Dima Grigoriev and Marek Karpinski. An exponential lower bound for depth ç arithmetic circuits. In STOC ’À—: Proceedings of the thirtieth annual ACM symposium on eory of computing, pages ÞÞ– —ò, New York, NY, USA, ÔÀÀ—. ACM. [ ]

[GRý ] Ariel Gabizon and Ran Raz. Deterministic extractors for a›ne sources over large elds. In FOCS ’ý : Proceedings of the ¥âth Annual IEEE Symposium on Foundations of Computer Science, pages ¥ýÞ–¥Ô—, Washington, DC, USA, òýý . IEEE Computer Society. [ò—]

[KIýç] Valentine Kabanets and Russell Impagliazzo. Derandomizing polynomial identity tests means proving circuit lower bounds. In STOC, pages ç –çâ¥, òýýç. [ç, ,çâ]

[KSýÔ] Adam Klivans and Daniel A. Spielman. Randomness e›cient identity testing of multivariate polynomials. In STOC, pages òÔâ–òòç, òýýÔ. [ , ÔÞ]

[KSýÞ] Neeraj Kayal and Nitin Saxena. Polynomial Identity Testing for Depth ç Cir- cuits. Computational Complexity, Ôâ(ò), òýýÞ. [ ,òò,òç,òÞ] Bibliography Þ

[KSý—] Zohar S. Karnin and Amir Shpilka. Black box polynomial identity testing of generalized depth-ç arithmetic circuits with bounded top fan-in. In CCC ’ý—: Proceedings of the òýý— IEEE òçrd Annual Conference on Computational Com- plexity, pages ò—ý–òÀÔ, Washington, DC, USA, òýý—. IEEE Computer Society. [òÞ,ò—]

[KSýÀ] Neeraj Kayal and Shubhangi Saraf. Blackbox polynomial identity testing for depth ç circuits. Electronic Colloquium on Computational Complexity (ECCC), òýýÀ. [ ,òÞ]

[LovÞÀ] László Lovász. On determinants, matchings, and random algorithms. In FCT, pages â – Þ¥, ÔÀÞÀ. [ ]

[LVÀ—] Daniel Lewin and Salil P. Vadhan. Checking Polynomial Identities over any Field: Towards a Derandomization? In STOC, pages ¥ç—–¥¥Þ, ÔÀÀ—. [ , Ôç]

[MVÀÞ] Meena Mahajan and V. Vinay. Determinant: Combinatorics, algorithms, and complexity. Chicago J. eor. Comput. Sci., ÔÀÀÞ, ÔÀÀÞ. [ò]

[MVV—Þ] Ketan Mulmuley, Umesh V.Vazirani, and Vijay V.Vazirani. Matching is as easy as matrix inversion. In STOC ’—Þ: Proceedings of the nineteenth annual ACM symposium on eory of computing, pages ç¥ –ç ¥, New York, NY, USA, ÔÀ—Þ. ACM. []

[NisÀÔ] Noam Nisan. Lower bounds for non-commutative computation. In STOC, pages ¥Ôý–¥Ô—, ÔÀÀÔ. [Þ, ¥Ô,¥ò]

[NWÀ¥] Noam Nisan and Avi Wigderson. Hardness vs. randomness. Jounal of Com- puter Systems and Sciences, ¥À:Ô¥À–ÔâÞ, ò ÔÀÀ¥. [çâ]

[NWÀ ] N. Nisan and A. Wigderson. Lower bounds on arithmetic circuits via par- tial derivatives. In FOCS ’À : Proceedings of the çâth Annual Symposium on Foundations of Computer Science, page Ôâ, Washington, DC, USA, ÔÀÀ . IEEE Computer Society. [ ]

[RSý¥] Ran Raz and Amir Shpilka. Deterministic Polynomial Identity Testing in Non-Commutative Models. In IEEE Conference on Computational Complexity, pages òÔ –òòò, òýý¥. [Þ, òÀ] — Bibliography

[RYý—] Ran Raz and Amir Yehudayoš. Multilinear formulas, maximal-partition dis- crepancy and mixed-sources extractors. In FOCS ’ý—: Proceedings of the òýý— ¥Àth Annual IEEE Symposium on Foundations of Computer Science, pages òÞç– ò—ò, Washington, DC, USA, òýý—. IEEE Computer Society. [¥]

[Sahý—] Chandan Saha. A note on irreducible polynomials and identity test- ing. (Manuscript) http://www.cse.iitk.ac.in/users/csaha/PID_CR. pdf, òýý—. [Ôâ]

[Sam¥ò] P. A. Samuelson. A method of determining explicitly the coe›cients of the characteristic polynomial. Ann. Math. Stat., Ôç(ò):¥ò¥–¥òÀ, ÔÀ¥ò. [ò]

[Saxý—] Nitin Saxena. Diagonal circuit identity testing and lower bounds. In ICALP ’ý—: Proceedings of the ç th international colloquium on Automata, Languages and Programming, Part I, pages âý–ÞÔ, Berlin, Heidelberg, òýý—. Springer-Verlag. [ ,çý]

[Sch—ý] Jacob T.Schwartz. Fast Probabilistic Algorithms for Verication of Polynomial Identities. J. ACM, òÞ(¥):ÞýÔ–ÞÔÞ, ÔÀ—ý. [ ,ÔÔ]

[ShaÀý] Adi Shamir. IP=PSPACE. In FOCS, pages ÔÔ–Ô , ÔÀÀý. [ ]

[SSýÀ] Nitin Saxena and C. Seshadhri. An almost optimal rank bound for depth ç identities. In Conference on Computational Complexity, òýýÀ. [òÞ]

[SSSýÀ] Chandan Saha, Ramprasad Saptharishi, and Nitin Saxena. e power of depth ò circuits over algebras. (Manuscript) http://arxiv.org/abs/0904.2058, òýýÀ. [çÀ]

[SWÀÀ] Amir Shpilka and Avi Wigderson. Depth-ç arithmetic formulae over elds of characteristic zero. In COCO ’ÀÀ: Proceedings of the Fourteenth Annual IEEE Conference on Computational Complexity, page —Þ, Washington, DC, USA, ÔÀÀÀ. IEEE Computer Society. [ ]

[TodÀÔ] S. Toda. Counting problems computationally equivalent to determinant. (Manuscript), ÔÀÀÔ. [ò] Bibliography À

[ZipÞÀ] Richard Zippel. Probabilistic algorithms for sparse polynomials. EUROSAM, pages òÔâ–òòâ, ÔÀÞÀ. [ ,ÔÔ]