Grobner¨ Bases

Martin R. Albrecht

DTU Crypto Group

óó October óþÕì Contents

Sage

Polynomial Rings

Ideals

Grobner¨ Bases

Buchberger’s Algorithm

Quotient Rings

Solving Polynomial Systems with Grobner¨ Bases

e F¦ Algorithm Why not ...

is course involves implementing algorithms in multivariate polynomial rings for which we will be using the Sage mathematics soŸware.

You already know Maple, so why not use it? Õ. I do not know Maple so I could not help you with problems you might encounter. ó. Maple is an expensive piece of soŸware that you might not have access to outside of this university, cutting you oš the tool you know. Sage does not have this problem. ì. Maple is a closed source piece of soŸware which means you cannot study, learn from and improve it. is goes against fundamental principles of reproducible science. Blurb

Sage open-source mathematical soŸware system “Creating a viable free open source alternative to Magma, Maple, Mathematica and Matlab.”

Sage is a free open-source mathematics soŸware system licensed under the GPL. It combines the power of many existing open-source packages into a common Python-based interface.

First release óþþ¢ Latest version ¢.ÕÕ released óþÕì-þ˜-Õì > ìþþ releases Shell, webbrowser (GUI), library > ՘þ developers ∼ Õþþ components > óþþ papers cite Sage > óÕþþ subscribers [sage-support] > Õþþ,þþþ web visitors/month > ä, ¢þþ downloads/month Python & Cython

Sage does not come with yet-another ad-hoc mathematical programming language, it uses Python instead. ▸ one of the most widely used programming languages (Google, IML, YouTube, NASA), ▸ easy for you to dene your own data types and methods on it (bitstreams, ciphers, rings, whatever), ▸ very clean language that results in easy to read code, ▸ a huge number of libraries: statistics, networking, databases, bioinformatic, physics, video games, ìd graphics, numerical computation (scipy), and serious “pure” mathematics (via Sage) ▸ easy to use existing C/C++ libraries from Python (via Cython) How to use SageI

Use Sage via ▸ as a command line programme, ▸ as a webapp hosted on your local computer and ▸ as a webapp on the Internet How to use SageII

To install Sage on your computer head to http://sagemath.org

and download the right version for your operating system (Mac OS X, Windows, Linux ...)

You can then either run Sage on the command line or start a local webapp. How to use Sage III

Calling sage How to use SageIV

Calling sage -notebook How to use SageV You can also use Sage online: http://www.sagenb.org/ and https://cloud.sagemath.com/ How to use SageVI

If you just want to do a quick calculation (and share it with others), try

http://aleph.sagemath.org How to use Sage VII

You can access a Sage ¢.Õþ installed on IMM servers using your account credentials.

malb@road:~ $ ssh [email protected] Password : Last login: Mon Oct 7 17:20:54 2013 from 10.16.166.157 Sun Microsystems Inc. SunOS 5.10 Generic January 2005

sunray4 :~ $ gridterm perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LC_ALL = (unset), LC_CTYPE ="iso_8859_1", LANG ="en_US.utf8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C"). Last login: Mon Oct 7 17:30:24 CEST 2013 from sunray4.imm.dtu.dk on pts/18

grid03 :~ $ sage +------+ |SageVersion5.10,ReleaseDate:2013-06-17 | | Type"notebook()" for the browser-based notebook interface. | | Type"help()" forhelp. | +------+ sage : 1+1 2 Intro to Programming in Sage

Go to Sage Worksheet.

See also

http://sagemath.org/doc/thematic_tutorials/tutorial-programming-python.html Contents

Sage

Polynomial Rings

Ideals

Grobner¨ Bases

Buchberger’s Algorithm

Quotient Rings

Solving Polynomial Systems with Grobner¨ Bases

e F¦ Algorithm NotationI

▸ By F we denote any eld eld in which we can ešectively compute, e.g. Q, or

▸ Fq is the nite eld of order q where q is a prime power, e.g. Fóì or Fß

▸ P = F[xÕ ,..., xn] is the polynomial ring in xÕ ,..., xn over F. ▸ We assume n is nite in this lecture.

sage: P. = PolynomialRing(FiniteField(7)) sage: f = x*y + 3*y*z -3 sage: g = x^2 - 2*y^2 sage:f*g x^3*y - 2*x*y^3 + 3*x^2*y*z + y^3*z - 3*x^2 - y^2 sage:f+g x^2 + x*y - 2*y^2 + 3*y*z - 3 NotationII

Let f = ìxy + ó, we call monomials ìxy + ó ⋅ Õ coe›cientsì xy + ó ⋅ Õ terms ìxy + ó

is follows [Cox et al., óþþß] and is consistent with the usage in Sage. sage: P. = PolynomialRing(FiniteField(7)) sage: f = 2*x*y +3 sage: f.monomials() [x*y, 1] sage: f.coefficients() [2, 3]

But [Becker and Weispfenning, ÕÉÉÕ] swap the notion of term and monomial. Monomial OrderingsI

We will have to make decisions based on the “leading monomial” of a polynomial, which begs the question what that is. i j ▸ In F[x] this question is straight-forward: x > x iš i > j. ▸ But what about F[x, y] is xó or xy bigger?

▸ Hence, we adjoin a monomial ordering to our ring F[xÕ ,..., xn] Monomial OrderingsII

Denition (Lexicographical) Let αÕ αó αn mÕ = xÕ xó ⋯xn with α = (αÕ ,..., αn) and βÕ βó βn mó = xÕ xó ⋯xn with β = (βÕ ,..., βn). n We say mÕ >lex mó if, in the vector dišerence α − β ∈ Z , the leŸmost nozero entry is positive.

Like in the dictionary: rst you check x, then y ....

¢ ì ó É (þ, ¢, ì) − (þ, ó, É) = (þ, ì, −ä) ⇒ y z >lex y z ∈ F[x, y, z] Monomial Orderings III

Denition (Degree Lexicographical) Let αÕ αó αn mÕ = xÕ xó ⋯xn with α = (αÕ ,..., αn) and βÕ βó βn mó = xÕ xó ⋯xn with β = (βÕ ,..., βn).

We say mÕ >deglex mó if,

n n SαS = Q αi > SβS = Q βi, or SαS = SβS and α >lex β. i=Õ i=Õ

We rst check for degrees and only if those are equal we compare lexicographically.

ó É ¢ ì y z >deglex y z ∈ F[x, y, z] Monomial OrderingsIV

Denition (Degree Reverse Lexicographical) Let αÕ αó αn mÕ = xÕ xó ⋯xn with α = (αÕ ,..., αn) and βÕ βó βn mó = xÕ xó ⋯xn with β = (βÕ ,..., βn).

We say mÕ >degrevlex mó if,

n n SαS = Q αi > SβS = Q βi, or i=Õ i=Õ n SαS = SβS and the rightmost nonzero entry of α − β ∈ Z is negative.

>deglex is not >degrevlex with reversed variables:

ó ó ì ó ó ì x yz >>~degrevlex xy z vs. x yz >deglex xy z. Monomial OrderingsV

sage: P. = PolynomialRing(FiniteField(7), order="lex") sage: x^2*y*z^2 > x*y^3*z True

sage: P. = PolynomialRing(FiniteField(7), order="deglex") sage: x^2*y*z^2 > x*y^3*z True

sage: P. = PolynomialRing(FiniteField(7), order="degrevlex") sage: x^2*y*z^2 > x*y^3*z False Monomial OrderingsVI

▸ We write > for any monomial ordering (such as >lex) when it is clear from context which we mean ▸ LM (f ): We call leading monomial of f that monomial in f which is largest wrt to >. ▸ LC (f ), LT (f ): We dene the leading coe›cient and leading term of f analogously. ▸ We extend the notion of > to polynomials f , g in the natural way by comparing LM (f ) and LM (g) rst and move on to smaller monomials if they are equal. ▸ deg(f ): We call the degree of f the maximal degree of any monomial in f . In particular, deg(f ) can be ≠ deg(LM (f )). Exercises

▸ Construct Fß[x, y, z] with term order deglex in Sage ▸ Reorder the monomials of f = ¦x¢yz¦ + óxóy˜ − xy¦ + xyzì + ¦yz + ìx wrt to the ▸ lexicographical, ▸ degree lexicographical and ▸ degree reverse lexicographical ordering. Check your result with Sage. Polynomial DivisionI

We will need to divide polynomials (with remainder) later:

αÕ αn βÕ βn Division of monomials is easy: xÕ ⋯xn is divisible by xÕ ⋯xn if α − β ≥ (þ, . . . , þ) where α = (αÕ ,..., αn) and β = (βÕ ,..., βn).

But what about polynomials? Polynomial DivisionII

Example

Õ begin p = ìxóy + óyó + x + Õ, ó ó aÕ ,..., as ← þ, . . . , þ; r ← þ; fÕ = óx + Õ, ì while p ≠ þ do fó = y + Õ ∈ Fß[x, y] with deglex ¦ division ← False; Õ. xó S xóy ∶ ¢ for Õ ≤ i ≤ s do ó aÕ = −óy, p = óy + x + óy + Õ ä if LM (fi) divides LM (p) then ß ai ← ai + LT (p) ~LT (fi); ó. break and jump to line ì. ó ˜ p ← p − LT (p) ~LT (fi) ⋅ fi; ì. y S y ∶ É division ← True; aó = óy, p = x + Õ Õþ break; ¦. break and jump to line ì. ó ÕÕ if division = False then ¢. Neither y nor x divide x: Õó r ← r + LT (p); division = False Õì p ← p − LT (p); ä. r = x, p = Õ ß. Neither y nor xó divide x: Algorithm Õ: Polynomial Division division = False ˜. r = x + Õ, p = þ Polynomial Division III

sage: P. = PolynomialRing(FiniteField(7),order="deglex") sage: f = 3*x^2*y + 2*y^2 + x + 1 sage: f1 = 2*x^2 + 1 sage:f2=y+1 sage: f == (-2*y)*f1 + (2*y)*f2 + (x+1) True Exercises

ß ó ì ó ó ì ▸ Let f = x y + x y − y + Õ, fÕ = xy − x and fó = x − y ∈ Fß[x, y] with deglex. Divide f by (fÕ , fó). en use lex and divde again. ▸ ó ó Let f = xy − x, fÕ = xy + Õ and fó = y − Õ ∈ Fß[x, y] with >lex. Divide f by (fÕ , fó) and by (fó , fÕ) and compare the remainders. ó ó ó ì ó ▸ Let f = xy z + xy − yz, fÕ = x − y , fó = y − z and fì = z − Õ ∈ Fß[x, y, z] with deglex. Divide f by (fÕ , fó , fì), (fó , fì , fÕ) and (fì , fÕ , fó) and compare the remainders. Contents

Sage

Polynomial Rings

Ideals

Grobner¨ Bases

Buchberger’s Algorithm

Quotient Rings

Solving Polynomial Systems with Grobner¨ Bases

e F¦ Algorithm Denition

Let I be an ideal ⊂ P.

at is, ▸ þ ∈ I, ▸ If f , g ∈ I, then f + g ∈ I, and ▸ if f ∈ P, g ∈ I, then f ⋅ g ∈ I.

We denote by ⟨fÕ ,..., fs⟩ is the ideal spanned by fÕ ,..., fs, i.e. all

f = aÕfÕ + ⋯ + asfs .

sage: P. = PolynomialRing(FiniteField(127),order=’deglex’) sage: I = ideal(x*y + z, y^3 + 1, z^2 - x*5 - 1) sage: (x*y + z) + (y^3 + 1) inI True sage: x*z*(z^2 - x*5 - 1) inI True VarietiesI

Denition

Let F be a eld, and let fÕ ,..., fs be polynomials in F[xÕ ,..., xn]. en we set n V(fÕ ,..., fs) = {(aÕ ,..., an) ∈ F ∶ fi(aÕ ,..., an) = þ for all Õ ≤ i ≤ s}.

We call V(fÕ ,..., fs) the a›ne variety dened by fÕ ,..., fs.

It’s the set of all solutions to fi(xÕ ,..., xn) = þ for all Õ ≤ i ≤ s.

ó ó For example, fÕ = x + y − Õ ∈ R[x, y] is the unit circle. VarietiesII

Lemma

V(I) is an a›ne variety. In particular, if I = ⟨fÕ ,..., fm⟩, then V(I) = V(fÕ ,..., fm).

Corollary

If fÕ ,..., fs and gÕ ,..., gt are bases of the same ideal in F[xÕ ,..., xn], so that ⟨fÕ ,..., fs⟩ = ⟨gÕ ,..., gt⟩, then we have V(fÕ ,..., fs) = V(gÕ ,..., gt).

...so nding a good basis gÕ ,..., gt for ⟨fÕ ,..., fs⟩ such that nding V(fÕ ,..., fs) = (gÕ ,..., gt) is easy would allow to solve non-linear systems of equations. Varieties III

Example ó ó Consider I = ⟨x + y − Õ, xy⟩ ∈ Fß[x, y]. e set of all points satisfying all polynomials in I are (þ, Õ), (þ, −Õ), (Õ, þ), (−Õ, þ).

e same in Sage: sage: P. = PolynomialRing(FiniteField(7)) sage: I = Ideal(x^2 + y^2 - 1, x*y) sage: I.variety() [{y: 0, x: 1}, {y: 0, x: 6}, {y: 1, x: 0}, {y: 6, x: 0}] Exercises

ó Õ. Construct the Ideal I = ⟨xy + Õ, y − Õ⟩ ∈ Fß[x, y] in Sage with monomial ordering deglex. ó. Show that x + y ∈ I. ì. Is {Õ} an ideal? Is {x + Õ, y − ó} an ideal? ¦. Show that ⟨Õ⟩ and ⟨x + Õ, x − Õ, y − ó⟩ are the same. ¢. What is V({Õ})? ä. What is V(⟨x + Õ, y − Õ⟩)? ß. What is V(x + y, x + Õ)? Contents

Sage

Polynomial Rings

Ideals

Grobner¨ Bases

Buchberger’s Algorithm

Quotient Rings

Solving Polynomial Systems with Grobner¨ Bases

e F¦ Algorithm DenitionI

Denition (Grobner¨ Basis)

Let I be an ideal in F[xÕ ,..., xn] and x a monomial ordering. A nite subset

G = {gÕ ,..., gm} ⊂ I

is said to be a Grobner¨ basis of I if for any f ∈ I there exists gi ∈ G such that

LM (gi)S LM (f ) . DenitionII

Grobner¨ bases generalise greatest common divisors over F[x]: the GCD divides all its multiples. sage: R. = PolynomialRing(FiniteField(7)) sage: f = x^2 + 6 sage: I = Ideal(map(P, [R.random_element() * f for_ in range(5)])) sage: I.groebner_basis() [x^2 - 1] Denition III

n ...and row echelon forms over F : if y + tail is in the vector space, the row echelon form has an element y + tail′. sage: F = Sequence([-3*y, -2*x - y - 3*z + 2, x + y + 2*z - 1]) sage: F.groebner_basis() [x - 1, y, z] sage: A,v = F.coefficient_matrix() sage: A.echelonize() sage: (A*v).T [x - 1 y z] DenitionIV

You can use Sage to check if a list of polynomials is a Grobner¨ basis: sage: P. = PolynomialRing(FiniteField(7),order="degrevlex") sage: I = Ideal([x*y^2 - z, 2*x^2*y - 2, x*y - z + 1]) sage: I.basis_is_groebner() False

sage: I.groebner_basis() [y^2 - y - z + 1, y*z - y -z, z^2 - y - 2*z + 1, x - y + 1] Reduced Grobner¨ BasesI

Denition (Reduced Grobner¨ Basis) A reduced Grobner¨ basis for a polynomial ideal I is a Grobner¨ basis G such that: Õ. LC (f ) = Õ for all f ∈ G; ó. ∀f ∈ G, ∃~ m ∈ the set of monomials of f such that m is divisible by any LM (g) ∈ G ∖ {f }.

Reduced Grobner¨ bases generalise reduced row echelon forms:

⎛ ó ¦ ¢ ä ì ¢ ó ¢ ⎞ ⎛ Õ þ þ þ þ þ þ Õ ⎞ ⎜ ⎟ ⎜ ⎟ ⎜ ¢ ó ó ó Õ þ ó ⎟ ⎜ Õ þ þ þ ¢ þ ä ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ ä ¢ ä ó Õ ä ⎟ ⎜ Õ þ þ ä þ Õ ⎟ ⎜ ⎟ ⇒ ⎜ ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ ó ì ä ¦ þ ⎟ ⎜ Õ þ ì þ þ ⎟ ⎜ ì þ ì Õ ⎟ ⎜ Õ þ þ ä ⎟ ⎝ Õ ä ⎠ ⎝ Õ ä ⎠ Reduced Grobner¨ BasesII

By default, Sage will always computes the reduced Grobner¨ basis when computing a Grobner¨ basis. If a Grobner¨ basis was obtained by other means, the function MPolynomialIdeal.interreduced_basis()

can be used to compute the reduced Grobner¨ basis. sage: rgb = Ideal(gb).interreduced_basis() ApplicationsI

Representation Reduced Grobner¨ bases are a unique representation of an ideal with respect to a monomial ordering. So to check that two ideals are the same you only need to compute their reduced Grobner¨ bases. sage: P. = PolynomialRing(FiniteField(7)) sage: I = Ideal(P.random_element() for_ in range(5)) sage: J = Ideal(P.random_element() for_ in range(5)) sage: I = Ideal(f - f((2,3,1)) forf in I.gens()) sage: J = Ideal(f - f((2,3,1)) forf in J.gens()) sage: I.groebner_basis() == J.groebner_basis() True sage: I == J True sage: I.gens() == J.gens() False sage: I.groebner_basis() [x -2, y -3, z - 1] ApplicationsII

Membership e remainder r of the division of any f ∈ P by G is unique. Hence, we can check whether f ∈ ⟨fÕ ,..., fs⟩ by computing a Grobner¨ basis G G = (gÕ ,..., gt) for ⟨fÕ ,..., fs⟩ and check if f = þ. sage: P. = PolynomialRing(FiniteField(7)) sage: I = Ideal(P.random_element() for_ in range(5)) sage: I = Ideal(f - f((2,3,1)) forf in I.gens())

sage: f = P.random_element() sage: f inI False

sage: f = f - f((2,3,1)) sage: f inI True

sage: f.reduce(I.gens()) 2*z^2 + y - 3*z - 2 sage: f.reduce(I.groebner_basis()) 0 Applications III

Solving Grobner¨ bases with respect to the lex ordering allow for nding V(I) easily. We can “read oš” the solution similarly to reading the solution from a row echelon form of a matrix. sage: P. = PolynomialRing(FiniteField(7), order="lex") sage: I = Ideal(P.random_element() for_ in range(5)) sage: I = Ideal(f - f((2,3,1)) forf in I.gens()) sage: I.groebner_basis() [x -2, y -3, z - 1] Exercises

▸ Let fÕ ,..., fm be polynomials in F[xÕ ,..., xn]. Assume that V(fÕ ,..., fm) = {(sÕ ,..., sn)}. Show that the reduced Grobner¨ basis of I = ⟨fÕ ,..., fm⟩ is [xÕ − sÕ ,..., xn − sn]. ▸ If we use degrevlex order with x > y > z, is

{x¦yó − z¢ , xìyì − Õ, xóy¦ − óz}

a Grobner¨ basis or the ideal generated by these polynomials? Why or why not? ▸ {x + Õ, y − ó, xy − óx + y − ó} is a Grobner¨ basis wrt the degrevlex ordering in Fß[x, y]. Is it a reduced Grobner¨ basis? Is {óx + ó, ìy + Õ}? If not, why not? Contents

Sage

Polynomial Rings

Ideals

Grobner¨ Bases

Buchberger’s Algorithm

Quotient Rings

Solving Polynomial Systems with Grobner¨ Bases

e F¦ Algorithm S-PolynomialsI

Let G = {fÕ ,..., fs} ⊂ F[xÕ ,..., xn] and I = ⟨G⟩. If there exists any f ∈ I with

LM (f ) is not divisible by any LM (fÕ) , . . . , LM (fm) ,

then G is not a Grobner¨ basis for ⟨G⟩; by denition. S-PolynomialsII

To obtain a candidate for such f from fÕ ,..., fs, we may choose two elements fi and fj of G and compute α β s = ax fi − bx fj with a, b ∈ F. α β We know that LM ‰ax fi − bx fjŽ is divisible by an element of the Grobner¨ basis of I α β because ax fi − bx fj ∈ I. S-Polynomials III

α β Now assume that in s the terms ax LT (fi) and bx LT (fj) cancel each other out.

α β If as a result LM ‰ax fi − bx fjŽ is not divisible by any LM (fÕ) , . . . , LM (ft) we know that G cannot be a Grobner¨ basis. S-PolynomialsIV

S-polynomials are a (in fact: the) way to construct the required cancellations of leading terms:

Denition (S-Polynomial)

Let f , g ∈ F[xÕ ,..., xn] be non-zero polynomials. γ Õ. Let x be the least common multiple of LM (f ) and LM (g), written as

γ x = LCM(LM (f ) , LM (g)).

ó. e S-polynomial of f and g is dened as xγ xγ S(f , g) = ⋅ f − ⋅ g. LT (f ) LT (g)

γ γ f g generators S(f g) x ⋅ f x ⋅ g components We call and the of , and LT(f ) and LT(g) the of S(f , g). S-PolynomialsV

Example ì ó ó Let fÕ = x − óxy and fó = x y − óy + x. e leading monomials with respect to ì ó γ ì degrevlex and x > y are LM (fÕ) = x and LM (fó) = x y and thus x = x y. e S-polynomial is: xγ xγ S(fÕ , fó) = ⋅ fÕ − ⋅ fó LT (fÕ) LT (fó) ì ì x y ì x y ó ó S(fÕ , fó) = ⋅ (x − óxy) − ⋅ (x y − óy + x) xì xóy ì ó ó S(fÕ , fó) = y ⋅ (x − óxy) − x ⋅ (x y − óy + x) ì ó ì ó ó S(fÕ , fó) = x y − óxy − x y + óxy − x ó S(fÕ , fó) = −x S-PolynomialsVI

e same example in Sage: sage: P. = PolynomialRing(QQ,order=’degrevlex’) sage: f0 = x^3 - 2*x*y sage: f1 = x^2*y -2*y^2 + x sage: (x^3*y)//x^3 * f0 - (x^3*y)//(x^2*y) * f1 -x^2 S-Polynomials VII

It is su›cient to consider only S-polynomials since any reduction of leading terms can be attributed to S-polynomials.

[Bucä¢] Bruno Buchberger Ein Algorithmus zum Au›nden der Basiselemente des Restklassenrings nach einem nulldimensionalen Polynomideal, Phd esis at Universitat¨ Innsbruck, ÕÉä¢. [Bucþä] Bruno Buchberger Bruno Buchberger’s PhD thesis ÕÉä¢: An algorithm for nding the basis elements of the residue class ring of a zero dimensional polynomial ideal Journal of Symbolic Computation, ¦Õ:ì-¦, p. ¦ß¢-¢ÕÕ, óþþä. Buchberger’s CriterionI

Buchberger’s Criterion

Let I be an ideal. G = {gÕ ,..., gs} is a Grobner¨ basis for I, if and only if for all pairs i ≠ j, the remainder r of the division of S(gi , gj) by G (listed in some order) is zero, i.e. G we have that f = þ.

Proof. See [Cox et al., óþþß, p.˜¢š] Buchberger’s CriterionII

Example ì ó ó ó Let fÕ = x − óxy and fó = x y − óy + x. e S-polynomial is −x which is not reducible ì ó by either LM (fÕ) = x or LM (fó) = x y. us, (fÕ , fó) is not a Grobner¨ basis. Buchberger’s Algorithm

Input: F – a nite subset of P Correctness and termination: Result: a Grobner¨ basis for the ideal I spanned by F Õ. At every stage of the algorithm, Õ begin G ⊂ I and ⟨G⟩ = I hold. ó G ←Ð F; G ó. If Gó = G then S(f , g) = þ for all ì G ←Ð ∅ ó ; f , g ∈ G and, by Buchberger’s ¦ while G ≠ G do ó criterion, G is a Grobner¨ basis. ¢ Gó ←Ð G; ì. e equality Gó = G occurs in ä for f , g ∈ Gó × Gó do ß if LM (f ) < LM (g) then nitely many steps since the G ideals ⟨LM (G)⟩, in iterations of ˜ s ←Ð S(f g) ˜ , ; the loop, form an ascending É if s ≠ then ˜ þ chain. is chain of ideals Õþ s G add ˜ to ; stabilizes aŸer a nite number of iterations and at that moment ÕÕ return G; ⟨LM (G)⟩ = ⟨LM (Gó)⟩ holds, = Algorithm ó: Buchberger’s Algorithm which implies Gó G. Complexity

e running time of Buchberger’s algorithm is not polynomial in the number of variables, as the intermediate bases Gó grow exponentially during the calculations. eorem [Faugere` and Ars, óþþ¦] Let I be an ideal in Fq[xÕ ,..., xn] generated by polynomials fÕ ,..., fn of degrees dÕ ,..., dn respectively. Assume V(I) is nite. ▸ A Grobner¨ basis computation for a lex monomial order reaches at most degree n−Õ D ≤ ∏i=þ di. ▸ A Grobner¨ basis computation for a degrevlex monomial order reaches at most n−Õ degree D ≤ Õ − n + ∑i=þ di. Optional ImprovementsI

Buchberger’s algorithm leaves a lot of freedom to implement. e runtime can be reduced by applying a variety of improvements: ▸ e order in which the critical pairs f , g are selected. G ▸ If S(f , g) = þ we learn nothing new, we can employ criteria to lter out such computations. ▸ Algorithms exist [Faugere` et al., ÕÉÉì] to convert a Grobner¨ basis (of an ideal with V(I) nite) in one monomial order to a Grobner¨ basis in another monomial order, thus we may compute with respect to the degrevlex ordering rst and then convert the result to lex. Optional ImprovementsII

Buchberger himself gave two criteria to avoid useless reductions to zero. We only give the rst one here: Denition (Buchberger’s First Criterion)

Let f , g ∈ F[xÕ ,..., xn] with disjoint leading terms, i.e. G LCM(LM (f ) , LM (g)) = LM (f ) ⋅ LM (g). en S(f , g) = þ.

Proof. See [Becker and Weispfenning, ÕÉÉÕ, p.óóó]. Exercises

Õ. In Fß[x, y] with deglex compute a Grobner¨ basis for

⟨xóy + ä, xyó − x⟩

G using Buchberger’s algorithm. How many reductions to zero S(f , g) = þ did you observe?

ó. Repeate Exercise Õ in Fß[x, y, z] with deglex for

⟨xó + y, x¦ + óxóy + yó + ì⟩

what does the result tell you abour V(I)? ì. Repeate Exercise ó with ⟨x − z¦ , y − z¢⟩ and use Buchberger’s First Criterion to avoid useless reductions to zero. How many did you avoid? Contents

Sage

Polynomial Rings

Ideals

Grobner¨ Bases

Buchberger’s Algorithm

Quotient Rings

Solving Polynomial Systems with Grobner¨ Bases

e F¦ Algorithm Quotient RingsI

▸ Recall that we considered nite extension elds as Fp[x]~f (x) for some irreducible polynomial f (x). ▸ By this we mean that all multiplies of f (x) are zero, i.e., we quotient out by elements in ⟨f (x)⟩. ▸ In fact, we can quotient out by any ideal I and dene the quotient ring Q = R~I.

eorem [Cox et al., óþþß, p.óóä]

Let I be an ideal in F[xÕ ,..., xn]. e ideals in the quotient ring F[xÕ ,..., xn]~I are in one-to-one correspondence with the ideals in F[xÕ ,..., xn] containing I (that is, the ideals J satisfying I ⊂ J ⊂ P).

In particular, we may identify

q q I = ⟨fÕ ,..., fm , xÕ − xÕ ,..., xn − xn⟩ ∈ Fq[xÕ ,..., xn]

with q q J = ⟨fÕ ,..., fm⟩ ∈ Fq[xÕ ,..., xn]~⟨xÕ − xÕ ,..., xn − xn⟩. Sage

sage: P. = PolynomialRing(FiniteField(2)) sage:I= sage.rings.ideal.FieldIdeal(P) sage: Q = P.quotient_ring(I); Q Quotient of Multivariate Polynomial Ring inx,y,z\ over Finite Field of size 2 by the ideal (x^2 + x, y^2 + y, z^2 + z)

sage: P. = BooleanPolynomialRing()# much faster! sage: P.defining_ideal() Ideal (x^2 + x, y^2 + y, z^2 + z) of Multivariate Polynomial Ring \ in x, y, z over Finite Field of size 2 Contents

Sage

Polynomial Rings

Ideals

Grobner¨ Bases

Buchberger’s Algorithm

Quotient Rings

Solving Polynomial Systems with Grobner¨ Bases

e F¦ Algorithm Elimination IdealsI

Given an ideal I in a polynomial ring P = F[xÕ ,..., xn] over a eld F and a number j ∈ {Õ,..., n}, consider the set of all polynomials in I which involve only the variables xj ,..., xn. is set I ∩ F[xj ,..., xn] is an ideal in F[xj ,..., xn]. Elimination IdealsII

Denition (Elimination Ideal)

Given I = ⟨fÕ ,..., fm⟩ ⊂ F[xÕ ,..., xn], the ℓ-th elimination ideal Iℓ is the ideal of

Fxl ,...,xn dened by Iℓ = I ∩ F[xl ,..., xn]. Elimination Ideals III

If we could compute Grobner¨ bases for these elimination ideals, we could start with n = ℓ to get a univariate polynomial. We could then factor it and substitute, which again would produce a univariate polynomial but this time in xn−Õ etc. PreprocessingI

In what follows we augment our ideal in Fq[xÕ ,..., xn] with polynomials q q xÕ − xÕ ,..., xn − xn which we call eld polynomials.

q at is I = I ∪ {xi − xi S Õ ≤ i ≤ n}, which makes sure, ▸ that our ideal has only nitely many points in V(I) and ▸ that our ideal is “radical”. Both of these conditions are needed for what follows. Elimination eoremI

Elimination eorem

Let I ⊂ F[xÕ ,..., xn] be an ideal and let G be a Grobner¨ basis of I with respect to the lex monomial ordering where xÕ > xó > ⋅ ⋅ ⋅ > xn. en for every Õ ≤ ℓ ≤ n, the set

Gℓ = G ∩ F[xℓ ,..., xn]

is a Grobner¨ basis fo the ℓ-th elimination ideal Iℓ.

In other words, the Grobner¨ basis G has triangular shape, which we can use to solve. Elimination eoremII

Example

Let P = FÕóß[x, y, z], the monomial ordering lex and consider the ideal

I = ⟨x + y + z, xy + xz + yz, xyz − Õ⟩

We add the eld polynomials and compute the reduced Grobner¨ basis:

x + y + z, yó + yz + zó , zì − Õ,

which has a triangular shape as predicted by the Elimination eorem. Elimination eorem III

is result can be computed using Sage as follows: sage: P. = PolynomialRing(FiniteField(127),order=’lex’) sage:I= sage.rings.ideal.Cyclic(P) sage:I Ideal (x + y + z, x*y + x*z + y*z, x*y*z - 1) of \ Multivariate Polynomial Ring in x, y, z over \ Finite Field of size 127 sage:J=I+ sage.rings.ideal.FieldIdeal(P) sage: g0,g1,g2 = J.groebner_basis(); g0,g1,g2 (x + y + z, y^2 + y*z + z^2, z^3 - 1)

sage: factor(g2) (z - 19) * (z - 1) * (z + 20)

sage: factor(g1(x,y,19)) (y - 1) * (y + 20)

sage: factor(g0(x,1,19)) x + 20

sage: all(f(107,1,19)==0 forf in I.gens()) True sage: J.variety() [{y: 19, z: 1, x: 107}, {y: 107, z: 1, x: 19}, {y: 1, z: 19, x: 107}, {y: 107, z: 19, x: 1}, {y: 1, z: 107, x: 19}, {y: 19, z: 107, x: 1}] An ExampleI

y

circle at (Õ, ó) with radius ì

circle at (−Õ,Õ) with radius ó

x An ExampleII

sage: x,y = var("x,y") sage: p1 = (x-1)^2 + (y-2)^2 - 3^2 == 0 sage: p2 = (x+1)^2 + (y-1)^2 - 2^2 == 0 sage: sols = solve([p1,p2],x,y) sage: sols [x == -2/5*sqrt(5) - 1, y == 4/5*sqrt(5) + 1], [x == 2/5*sqrt(5) - 1, y == -4/5*sqrt(5) + 1]] An Example III

sage: P. = PolynomialRing(QQ, order=’lex’) sage: f1 = (x-1)^2 + (y-2)^2 - 3^2 sage: f2 = (x+1)^2 + (y-1)^2 - 2^2 sage: I = Ideal(f1,f2) sage: I.groebner_basis() [x + 1/2*y + 1/2, y^2 - 2*y - 11/5]

sage: I.variety() []

sage: I.variety(CC) [{y: -0.788854381999832, x: -0.105572809000084}, {y: 2.788854381999830, x: -1.89442719099992}]

sage: sage: P. = QQ[] sage: I.variety(NumberField(z^2-5,’a’)) [{y: -4/5*a + 1, x: 2/5*a - 1}, {y: 4/5*a + 1, x: -2/5*a - 1}] Contents

Sage

Polynomial Rings

Ideals

Grobner¨ Bases

Buchberger’s Algorithm

Quotient Rings

Solving Polynomial Systems with Grobner¨ Bases

e F¦ Algorithm Warm Up

As a warm-up, consider a linear system of equations over FÕóß[x, y, z].

f = óäy + ¢óz + äó = þ þ óä ¢ó äó g = ¢¦y + ÕÕÉz + ¢¢ = þ ⎛ ⎞ ⎜ þ ¢¦ ÕÕÉ ¢¢ ⎟ h = x + z + = ¦Õ ÉÕ Õì þ ⎝ ¦Õ þ ÉÕ Õì ⎠ AŸer Gaussian elimination: f ′ = x + = ⎛ Õ þ þ óÉ ⎞ óÉ þ ⎜ ⎟ ′ Õ þ ì˜ g = y + ì˜ = þ ⎝ Õ ß¢ ⎠ ′ h = z + ߢ = þ

us, x = −óÉ, y = −ì˜ and z = −ߢ is a solution. We know this because Gaussian elimination produced small enough elements (z + ߢ) such that we can simply read of the solution. Generalising to Non-Linear Polynomials

Now consider two polynomials in FÕóß[x, y, z] with term ordering deglex.

f = xó + óxy − óyó + Õ¦zó + óóz − Œ Õ ó ó Õ¦ þ óó ‘ g = xó + xy + yó + zó + x + óz Õ Õ Õ Õ Õ ó

f = xó + yó − zó + x − z − − ¦ Õó ó ՘ Œ Õ þ ¦ Õó ó ՘ ‘ ′ ó ó − − g = xy + −ìy + Õìz − x + óþz Õ ì Õì Õ óþ

Gaussian elimination still “reduces” the system. Limits of this ApproachI

is approach fails for

ó f = x − óxy − óyó + Õ¦zó , g = x + y + óz.

since x is not a monomial of f .

However, x divides two monomials of f : xó and xy.

To account for those include multiples m ⋅ g of g such that

LM (m ⋅ g) = m ⋅ LM (g) ∈ the monomials of f . Limits of this ApproachII

f = xó − óxy − óyó + ... ó ⎛ Õ −ó −ó þ þ Õ¦ þ . . . ⎞ x ⋅ g = x + xy ... ⎜ Õ Õ þ ó þ þ þ . . . ⎟ ó ⎜ ⎟ y ⋅ g = xy + y + ... ⎜ Õ Õ þ ó þ þ . . . ⎟ ⎝ ⎠ g = x + y + óz Õ...

′ f = xó + ¦yz + Õ¦zó , ⎛ Õ þ þ þ ... þ ... ⎞ ⎜ Õ þ ó . . . þ . . . ⎟ hÕ = xy + óxz + −¦yz − ..., ⎜ ⎟ ⎜ Õ −ó . . . þ . . . ⎟ h = yó − xz + yz + ó ó ä ..., ⎝ ...Õ... ⎠ g = x + y + óz

Let’s call the preprocessing we performed “symbolic preprocessing” ...but that alone is still not enough to solve the system. Adding S-Polynomials

Finally, consider

f = yx + Õ, g = zx + ó.

Neither LM (f ) nor LM (g) divides any monomial in the other polynomial. However, we have

zf − yg = z(yx + Õ) − y(zx + ó), = xyz + z − xyz − óy, = z − óy.

We constructed multiples of f and g such that when we subtract them their leading terms cancel out and something smaller is produced: we constructed an S-polynomial. e F¦ AlgorithmI

Input: F = [fÕ ,..., fm] – list of polynomials Output: a Grobner¨ basis for ⟨fÕ ,..., fm−Õ⟩ Õ begin ó while True do ì F ← multiply all pairs fi , fj ∈ F by mi , mj such that LM (mifi) = LM (mjfj); ¦ F ← perform “symbolic preprocessing” on F ∪ F; ¢ F˜ ← peform Gaussian elimination on F ; ä F ← F ∪ {f ∈ F˜ with ∀g ∈ F we have LM (g) ∤ LM (f )}; ß if F didn’t change in the last iteration then ˜ return F;

Algorithm ì: simplied F¦ e F¦ AlgorithmII

Õ begin ó while True do ì F ← multiply all pairs fi , fj ∈ F by mi , mj such that LM (mifi) = LM (mjfj); ¦ F ← perform “symbolic preprocessing” on F ∪ F; ¢ F˜ ← peform Gaussian elimination on F; ä F ← F ∪ {f ∈ F˜ with ∀g ∈ F we have LM (g) ∤ LM (f )}; ß if F didn’t change in the last iteration then ˜ return F;

Buchberger select one pair in line ì and use polynomial division instead of Gaussian elimination in line ¢; implemented everywhere

F¦ use Buchberger’s criteria in line ì to avoid useless pairs (= zero rows in the matrix); implemented in MZ“Z,P™íB™R†, FGB

F¢ use criteria in lines ì and ¦ such that all matrices have full rank under some assumption; implementation worked on in S†•¶Z§ e F¦ Algorithm III

Õ begin ó while True do ì F ← multiply all pairs fi , fj ∈ F by mi , mj such that LM (mifi) = LM (mjfj); ¦ F ← perform “symbolic preprocessing” on F ∪ F; ¢ F˜ ← peform Gaussian elimination on F; ä F ← F ∪ {f ∈ F˜ with ∀g ∈ F we have LM (g) ∤ LM (f )}; ß if F didn’t change in the last iteration then ˜ return F;

Re-Linearisation Gaussian elimination is enough because we have so many equations (Mutant)XL multiply by everything up to some degree in line ì and skip line ¦ (worse than Simple F¦ because of redundancies) Fin

Questions? LiteratureI

Becker, T. and Weispfenning, V. (ÕÉÉÕ). Grobner¨ Bases – A Computational Approach to Commutative Algebra. Springer Verlag, Berlin, Heidelberg, New York. Cox, D., Little, J., and O’Shea, D. (óþþß). Ideals, Varieties, and Algorithms. Springer Verlag, Berlin, Heidelberg, New York. Faugere,` J.-C. and Ars, G. (óþþ¦). Comparison of XL and Grobner¨ basis algorithms over nite elds. Technical Report ¢ó¢Õ, Institut National de Recherche en Informatique et en Automatique (INRIA). Faugere,` J.-C., Gianni, P. M., Lazard, D., and Mora, T. (ÕÉÉì). E›cient computation of zero-dimensional Grobner¨ Bases by change of ordering. Journal of Symbolic Computation, Õä:ìóɖ즦.