Linear Gaps Between Degrees for the Polynomial Calculus Modulo Distinct Primes

Sam Buss1,2 Dima Grigoriev Department of Mathematics Computer Science and Engineering Univ. of Calif., San Diego Pennsylvania State University La Jolla, CA 92093-0112 University Park, PA 16802-6106 [email protected] [email protected] Russell Impagliazzo1,3 Toniann Pitassi1,4 Computer Science and Engineering Computer Science Univ. of Calif., San Diego University of Arizona La Jolla, CA 92093-0114 Tucson, AZ 85721-0077 [email protected] [email protected]

Abstract efficient search algorithms and in part by the desire to extend lower bounds on proposition proof complexity This paper gives nearly optimal lower bounds on the to stronger proof systems. minimum degree of polynomial calculus refutations of The Nullstellensatz proof system is a propositional Tseitin’s graph tautologies and the mod p counting proof system based on Hilbert’s Nullstellensatz and principles, p 2. The lower bounds apply to the was introduced in [1]. The polynomial calculus (PC) ≥ polynomial calculus over fields or rings. These are is a stronger propositional proof system introduced the first linear lower bounds for polynomial calculus; first by [4]. (See [8] and [3] for subsequent, more moreover, they distinguish linearly between proofs over general treatments of algebraic proof systems.) In the fields of characteristic q and r, q = r, and more polynomial calculus, one begins with an initial set of 6 generally distinguish linearly the rings Zq and Zr where polynomials and the goal is to prove that they cannot q and r do not have the identical prime factors. be simultaneously equal to zero over a field F .A polynomial calculus (PC) derivation of Pl from a set of 1 Introduction polynomials Q is a sequence of polynomials P1,...,Pl such that each polynomial is either an initial polynomial The problem of recognizing when a proposition formula from Q, or follows from one of the following two rules: is a tautology is dual to the satisfiability problem and (i) If Pi and Pj are previous polynomials, then cPi +dPj is therefore central to computer science. A principal can be derived, where c, d F ; (ii) if P is a previous ∈ i method of establishing that a formula is a tautology polynomial, then xPi can be derived. The degree of a is to find a proof of it in a formal system such as PC derivation is the maximum degree of the Pi’s. We resolution or (extended) Frege systems. In fact, many identify polynomials Pi with the equations Pi = 0 and algorithms for establishing propositional validity are a PC refutation of Q (a proof that the equations Q =0 essentially a search for a proof in a particular formal are not solvable over F ) is simply a PC derivation of 1 system. In recent years, several algebraic proof systems, (i.e., of 1 = 0). including the Nullstellensatz system and the polynomial The definition of the polynomial calculus depends calculus (also called the ‘Gr¨obner’ system) have been implicitly on the choice of a field F such that all proposed: these systems are motivated in part by the polynomials are over the field F . A number of authors desire to identify powerful proof systems which support also consider the polynomial calculus over rings ([3, 2]).

1Supported in part by international grant INT-9600919/ME-103 The only difference in the definition of the PC system from the NSF (USA) and the MSMTˇ (Czech republic) is that a PC refutation over a ring is a derivation of r 2 Supported in part by NSF grant DMS-9803515 (i.e., of r = 0) for some non-zero r in the ring. Our 3Supported in part by NSF grant CCR-9734911, Sloan Research Fellowship BR-3311, and US-Israel BSF grant 97-00188. main results apply to both fields and rings. 4Supported in part by NSF grant CCR-9457783 and US-Israel The mod p counting principle can be formulated as BSF grant 95-00238. n a set MODp of constant-degree polynomials expressing the negation of the counting principle, and the present paper gives linear lower bounds on the degree of n polynomial calculus refutations of MODp over fields of characteristic q = p. A couple lower bounds on the 6 degree of Nullstellensatz proofs of the mod p counting F of characteristic different from 2: There will be rn/2 principles have been given in prior work: [1] gave underlying variables, one for each edge of Gn. We will non-constant lower bounds and [3] gave lower bounds of denote the variable corresponding to the edge e = i, j ² { } the form n . For the polynomial calculus, the best lower from i to j by ye = y i,j . For each variable ye,we n 2 { } bound on the degree of PC refutations of MODp was have the equation ye 1 = 0; this forces the variables Kraj´ıˇcek’s Ω(log log n) lower bound based on a general to take on values of− either 1 or 1, with y = 1 − e − lower bound for symmetrically specified polynomials [6]. corresponding to the presence of e in the subgraph E0. A couple polynomial calculus lower bounds have Secondly, corresponding to each vertex i in Gn, we will been obtained for other families of tautologies. have the equation 1 + y i,j1 y i,j2 y i,jr = 0, where { } { } ··· { } Razborov [9] established √n lower bounds on the j1,...,jrare the neighbors of i in Gn. This corresponds degree of polynomial calculus proofs of the pigeon-hole to saying that the degree of i in the subgraph E0 is odd. principle. Kraj´ıˇcek [6] proves log log n lower bounds for This set of equations, representing the Tseitin mod 2 a wide variety of symmetric tautologies. graph formula, will be denoted by TSn(2). Recently, Grigoriev [5] succeeded in giving very sim- For any prime p, we can generalize the above ple linear lower bounds on the degree of Nullstellensatz principle to obtain a mod p version as follows. Again, refutations of the Tseitin mod 2 graph tautologies. we fix an underlying r-regular, undirected graph Gn, The present work is motivated by this paper, and in and then let Gn0 be the corresponding directed graph particular by the idea of working in the Fourier basis where each undirected edge is replaced by two directed which greatly simplifies the argument. edges. Each vertex in Gn0 will have an associated The present paper establishes linear lower bounds label, or charge in [0,p 1] such that the sum of the to the polynomial calculus by proving that over a field vertex charges is congruent− to 1 mod p. The mod p n of characteristic q - p, any PC refutation of the MODp principle states that it is impossible to assign values polynomials requires degree δ n, for a constant δ which in [0,p 1] to each of the directed edges so that: depends on p and q. In section· 8 we generalize this (i) for any− pair of complementary edges i, j and j, i , linear lower bound to the polynomial calculus over v( i, j )+v( j, i ) 0 (mod p), and (ii) forh everyi vertexh i h i h i ≡ rings Zq provided p and q are relatively prime. i, the sum of the edge values coming out of vertex i is As it is well-known to be easy to give constant congruent to the charge of that vertex mod p. Again, degree polynomial calculus (and even Nullstellensatz) this is impossible since if we sum the edges in pairs, we n refutations of the MODp polynomials over Fp, our obtain 0 mod p, but summing them by vertices gives n results imply that the MODp polynomials have a the total charge of 1 mod p. linear gap between proof complexity for the polynomial Let F be a finite field with characteristic q = p that 6 calculus over Fp and over Fq. contains a primitive p-th root of unity ω. Assume all It follows from a result of Kraj´ıˇcek [7] that our charges of vertices are 1, and that n 1 (mod p). We ≡ linear lower bounds on the degree of PC refutations can express the mod p Tseitin principle for Gn0 as the imply exponential lower bounds of AC0[q]-Frege proofs unsatisfiability of the following system of polynomials of the mod p principles when Mod-q gates are present over F : We have rn underlying variables ye, one only at the top (root) of formulas. for every directed edge e. For each variable ye we p have the equation ye 1 = 0; this forces variables to − 2 p 1 2 Tseitin tautologies: polynomial version take on values in 1,ω,ω ,...,ω − . (The power of ω corresponds to the value assigned to e.) Secondly,

Tseitin’s (mod 2) graph tautologies are based on the for each vertex i in Gn0 , we will have the equation following idea. Let Gn be a connected undirected y i,j1 y i,j2 ,...,y i,jr ω = 0, where j1,...,jr are the h i h i h i − graph on n vertices, where each node in the graph has neighbors of i. Third, for each edge e = i, j we have h i an associated charge of either 0 or 1, and where the the equation y i,j y j,i 1 = 0. This set of equations, h i h i − total sum of the charges is odd. Then it is impossible to representing the Tseitin mod p formula, will be denoted choose a subset of the edges E0 from E so that for every by TSn(p). vertex v V , the number of E0-edges incident to v is ∈ equal mod 2 to the charge of v. This impossibility 3 The mod p principle and low degree reductions follows from a simple parity argument, since summing the degrees of all vertices in the subgraph counts each A related principle is the mod p counting principle. edge twice, and so is even, whereas it should also be Intuitively, it states that it is not possible to partition the sum of all the charges, which is odd. a set of size n into groups of size p,ifnis congruent to For an r-regular graph Gn with n odd, and charges 1modp. We will express this by polynomial equations all 1, we can express this principle as the inconsistency as follows. The underlying variables are xe, where e of the following system of polynomials over a finite field ranges over all p element subsets of [1,n]. The degree 2 equations expressing the negation of the principle are: them with the first (p a`) elements in U from (j`,i, ). (1) x2 x = 0 for each e; (2) x x = 0, for each e, f (This gives us rp-partitions− so far.) Note that the num-∗ e − e e f such that e f = and e = f; (3) 1 e,i e xe =0, ber of remaining, ungrouped elements associated with ∩ 6 ∅ 6 − ∈ for each i [1,n]. Let the above set ofP equations be node i is (p a1)+(p a2)+ +(p ar)+1, which is con- ∈ n − − ··· − denoted by MODp . gruent to 0 mod p as long as (a1 + +ar)modp=1. We want to show that a low degree PC refutation of We then group these remaining,··· ungrouped elements the mod p counting principle implies a low degree PC associated with i, p at a time, in accordance with the refutation of the Tseitin mod p graph equations. To following ordering. Ungrouped elements from (i, j1, ) ∗ do this, we define the following general notion of a low are first, followed by ungrouped elements from (i, j2, ), degree reduction. and so on until we get to the ungrouped elements from∗ Definition. Let P (x), Q(y) be two sets of polynomials (i, jr, ), and lastly the element (i). It∗ should be intuitively clear that if the values y over a field F . Then P is (d1,d2)-reducible to Q if: i,j satisfy TS (p), that is, if they are set so that the mod p (1) For every yi, there is a degree d1 definition of yi n in terms of the x’s. That is, for every i, there exists a sum coming out of each vertex in Gn0 is congruent to 1 mod p, and y y = 1 and yp = 1, then the degree d1 polynomial ri where yi will be viewed as being i,j j,i i,j corresponding partition of U is a proper p partition. defined by ri(x1,...,xn); (2) there exists a degree d2 We want to prove this now formally, with small-degree PC derivation of the polynomials Q(r(x1,...,xn)) from the polynomials P (x). PC refutations. There are two steps to this reduction. First, for each variable x underlying MODm, we want Lemma 1 Suppose that P (x) is (d ,d )-reducible to e p 1 2 to define a degree at most rp polynomial, call it r (y), Q(y). Then if there is a degree d PC refutation of Q(y), e 3 in the y variables that corresponds to the above then there is a degree max(d ,d d ) PC refutation of i,j 2 3 1 reduction. Secondly, we want to show that there is a P (x). m small degree PC derivation of MODp (re) from TSn(p). Lemma 2 For all n and p, and for any field F of characteristic q, where q p, and F includes the - Step 1: Defining re. We will first describe the primitive p-th root of unity, TSn(p) is (d1,d2)-reducible defining polynomial r for x . Recall that e is a m e e to MODp over F , where m = n + nrp, d1 =2pr and particular p-set from U. In the above reduction, d2 =2pr. the valid p-partitions are of two types: (i) where the

Proof of Lemma 2. Let Gn0 be a directed Tseitin elements of e are a subset of the elements associated graph on n vertices, where n 1 (mod p). That is, the with a pair of nodes i, j in G0 ; (ii) where the elements ≡ n underlying Gn0 is an r-regular graph; each vertex of Gn0 of e are a subset of the elements associated with a node has a charge of 1, and the edges of Gn0 are labeled with i. Thus, if the underlying p elements from e are not values from [0,p 1]. Thus, the total number of directed one of these two types, then x is just set to 0. − e edges of Gn0 is rn. From G we will define a universe U of Now consider case (i); that is, the elements of size m, and a corresponding p-partition of this universe, e are a subset of the elements associated with the where m = n + nrp.InU, there will be one element pair of nodes i, j. Suppose that e is the set corresponding to each vertex of G0 , and there will also (i, j, 1), (i, j, 2),...,(i, j, a1), (j, i, 1),...,(j, i, p a1) . n { − } be p elements corresponding to each directed edge of That is, e consists of an initial segment of size a1 of the G0 . We will denote the element of U corresponding to p elements associated with directed edge i, j and an n h i vertex i in G0 by (i), and the vector of p elements of U initial segment of size p a1 of the p elements associated n − corresponding to the edge i, j in Gn0 will be denoted with j, i . (If e is not of this form, then again xe is just h i h i a p a by (i, j, )= (i, j, 1), (i, j, 2),...,(i, j, p) . 0.) Then x should be 1 if y = ω 1 , y = ω − 1 and ∗ h i e i,j j,i Definition. The elements in U associated with node should be 0 otherwise. This is defined by the following i will be (i), plus all elements (i, k, ). (That is, the polynomial: rp elements corresponding to outgoing∗ edges from i plus a a 1 a p a b 1 b (ω 1 ω )− (y ω ) (ω − 1 ω )− (y ω ) the element corresponding to node i.) The elements in − i,j− × − j,i− aY=a b=Yp a U associated with the pair of nodes i, j will be the rp 6 1 6 − 1 elements corresponding to the directed edge i, j plus (1) h i More generally, suppose that we want to define a 0-1 the rp elements corresponding to the directed edge j, i . p p h i valued variable x so that x =1ify1 =ω 1 and y2 = ω 2 The partition of U is defined as follows. We pk and ... and yk = ω , and otherwise x = 0. Then this will consider node i in Gn0 , and the r labeled is accomplished by the following degree kp polynomial: edges, (i, j1), (i, j2),...,(i, jr), leading out of i, where j1 Binomial systems and bounds for PC set of binomials B = t1 t2 t1 d t2 and a set ≡d { − | ≡ } of polynomials S d = SPANR(B d ), the set of linear In the previous section, we reduced the problem of combinations of binomials≡ in B ≡. proving lower bounds for the mod counting principles ≡d R will usually be a field, but in section 8 we will need to that of proving lower bounds for the Tseitin graph the more general version. Intuitively, represents the tautologies. The reason this is progress is that the d set of pairs of terms that can be proved≡ equal using Tseitin graph tautologies are expressed as a system of equational-type reasoning, where we are allowed to polynomials of a very simple form: each polynomial multiply both sides of a known equation by a constant is a binomial, the difference of two terms (i.e., the or variable, as long as we don’t exceed degree d. weighted sum of two monomials with coefficients over We now show that lower bounds on polynomial the field.) (This fact was earlier used by Grigoriev [5] calculus proofs can be established by exhibiting a non- in giving lower bounds for Nullstellensatz.) A binomial trivial d-Laurent relation. a1m1 a2m2 can be viewed as the equation between − Theorem 4 Let Q be a set of R∗ binomials. If two terms, a1m1 = a2m2. Intuitively, an algebraic ≡d proof for a binomial system should be expressible as is a d-Laurent relation with Q B d and 1 d a for ⊆ ≡ 6≡ any a R∗,a =1, then Q has no degree d polynomial a sequence of such equations. In the final paper, we ∈ 6 shall formalize this intuition by giving a formal defi- calculus refutation over R. nition of the Laurent proof system on such equations, The proof of this theorem follows from a sequence of and showing equivalence to PC for binomial systems. lemmas that take up the rest of this section. Lemma 5 However, we will only present the consequences of this is the main technical lemma, and the other lemmas characterization that we need for the lower bound in describe how to use it to prove the theorem. this version. Lemma 5 Assume d is d-Laurent. Suppose f S d . We use a general characterization of things provable Then f can be rewritten≡ as a linear combination∈ f≡= in PC, and then show that this characterization can be T =1 aj(tj tj0 ) of binomials from B d such that no j − ≡ refined for binomial systems. This characterization is monomialP completely cancels out, i.e., every monomial from [4]. tj,tj0 in the linear combination appears in f with non- Definition. Adegreedpseudo-ideal I is a vector space zero coefficient. of degree at most d polynomials so that if p I and p Proof. Let f = j aj(tj tj0 ), where each pair of has degree d 1, then xp I for every variable∈ x. − monomials in the aboveP sum is a polynomial from B d . ≤ − ∈ ≡ Theorem 3 [4] Let P be a system of polynomials, and We prove the lemma by induction on the number of let Id(P ) be the set of all polynomials q that have a degree distinct monomials in the above sum. At each step, d PC proof from P . Then Id(P ) is a d-pseudo-ideal, if cancellation of a monomial occurs, we will rewrite and for any d-pseudo-ideal I containing P , I (P ) I. f by an equivalent sum of elements of Rd such that d ⊆ So pseudo-ideals capture provability in polynomial the number of monomials in the new sum is strictly calculus. If equational reasoning is complete for poly- smaller. nomial calculus for binomial systems, it should follow Assume m appears in the sum, without loss of that the pseudo-ideals for such systems are determined generality in exactly the first T 0 differences, but has zero coefficient in f. Because each element a R∗, and so by which terms are “provably equal” from the system. j ∈ In other words, pseudo-ideals should be determined by has an inverse, by factoring out the coefficient of m in each term, we can rewrite any elements that m appears an equivalence relation on degree d terms with certain 1 in: c (a m a0 m0 )=c a (m a0a− m0)=d (m t ) closure properties. This is formalized below. k k − k k k k − k k k k − k for some R∗ term tk. Also, by the closure properties of Definition. Let R be a ring and R∗ a multiplicative d for multiplication by constants from R∗, m d tk. subgroup of R, and let x1,...,xn be variables. (i.e., R∗ ≡ ≡ Now, since m has coefficient 0 in f, dk =0. consists only of invertible elements and is closed under k We claim that the sum of binomialsP containing m, products and inverses). An R -term is a term whose ∗ T 0 d (m t ), can be rewritten as T 0 d (t t ). coefficient is from R .AnR-binomial is the difference k=1 k k k=2 k 1 k ∗ ∗ − T 0 T0 − PThis is because d (t1 t )=(P d )(t1) of two R∗-terms. A d-Laurent relation over R∗-terms k=2 k − k k=2 k − P P T 0 T 0 T 0 d t = d1(t1) d t = d t = the TSn(2) polynomials are easily seen to be satisfiable k=2 k k − − k=2 k k − k=1 k k P T 0 T 0 P T 0 P (trivially, since 1 = 1), and there is no PC-refutation ( k=1 dk)m k=1 dktk = k=1 dk(m tk). − − − of TSn(2) at all. PSince d isP transitive, t1P tk for all k. So this substitution≡ rewrites f as a weighted≡ sum of members It is an easy corollary of Theorem 8 and Lemmas of B . The new sum is without m and without any 1 and 2 that over a field of characteristic q = 2, PC- ≡d n 6 monomial not in the previous sum, so contains one refutations of the MOD2 polynomials require size linear fewer monomial. 2 in n: this is established as Corollary 18 below for general p in place of 2. Lemma 6 If is d-Laurent, and there is a c R, c = ≡d ∈ 6 Preparatory to proving Theorem 8, we establish 0 with c S , then there is an a R∗,a =1with ∈ ≡d ∈ 6 some definitions and lemmas. In what follows, we will 1 d a. 2 ≡ reduce all polynomials by yi,j = 1 for all variables, thus Proof. If c S d , by Lemma 5, c can be written as obtaining only multilinear polynomials. ∈ ≡ a sum of equivalent terms which only have monomials fi Definition. For a monomial m = i yi , define the that appear in c, i.e, are constants. Thus, at least two fi mod 2 1 multilinearization m of m to be iQyi . For a distinct constants a d a0, and then 1 d a0a− . 2 ≡ ≡ multilinear monomial m we defineQEm to be the set of Lemma 7 If d is d-Laurent, then S is a degree d d edges e such that ye is a factor of m. pseudo-ideal. ≡ ≡ Definition. For two sets A, B, A +2 B denotes the Proof. By definition, S is a vector space of poly- d disjoint union of A and B. nomials of degree at most≡ d, so we just need to show Definition. Let S V , where V is the set of vertices closure under multiplication by a variable, provided in G . Then E(S) is⊆ defined to be the set of edges with the total degree is at most d. Assume f S n d exactly one endpoint in S and one endpoint outside of has degree at most d 1. By Lemma 5, we∈ can≡ T − S. write f = ci(ti t0 ), where ti d t0 and each i=1 − i ≡ i Proposition 9 Let G be an expander graph with ti,t0 comesP from a monomial with non-zero coefficient n i expansion ².IfS V, S n/2, then E(S) ²S. in f. In particular, each ti,ti0 has degree at most ⊆ | |≤ | |≥ | | d 1. Therefore, xt xt by the second closure Proof Since S n/2, N(S) (1 + ²) S by the i i0 | |≤ | |≥ | | property− in the definition≡ of d-Laurent relation. So definition of expansion. Then N(S) S ²S, and T each node in N(S) S is the endpoint| − of|≥ at least| | one xf = =1 ci(xti xti0 ) S d . 2 i − ∈ ≡ − P edge in E(S). Proof (of Theorem 4). Let d be a d-Laurent ≡ We shall prove Theorem 8 as a corollary to Theo- relation with Q B d , and that 1 d a for any ⊆ ≡ 6≡ rem 4: for this, we let R = F and R∗ = 1, 1 . The 1 = a R∗. Assume Q has a polynomial calculus {− } 6 ∈ R∗-terms are thus just the terms m and m where m is refutation of degree d over R, i.e., proves some c =0, − c R. Then c S , since the latter is a pseudo-ideal6 a monomial. ∈ ∈ ≡d containing Q. But then 1 a for some a =1,a R∗. Definition. We define an equivalence relation d on ≡d 6 ∈ ≡ This contradiction proves the theorem. 2. the R∗-terms of degree at most d multilinear monomial, b1 b2 as follows. Let b1,b2 0,1 ,( 1) m1 d ( 1) m2 if there exists a set S ∈{V such} that− ≡ − 6 PC lower bound for mod 2 ⊂ 1. Em1m2 = E(S). We first prove linear lower bounds for the Tseitin 2. S 2, provided the underlying graph is We will show that there is no degree d < ²n/8PC an expander graph. refutation of TSn(2) by showing that that d is a Definition. Let G =(V,E) be an undirected graph. d-Laurent relation. ≡ G has expansion ² if for any subset S of vertices with S V /2, N(S) (1 + ²) S , where N(S) is the set | |≤| | | |≥ | | Lemma 10 If d < ²n/8, then the relation d is an of nodes adjacent to nodes in S. equivalence relation. ≡ Theorem 8 Let F be a field and let Gn have expansion Proof. It is easy to see from the definitions that ². For all d < ²n/8, there is no degree d PC refutation b b b1 b2 ( 1) m d ( 1) m and that ( 1) m1 d ( 1) m2 of TS (2) over F . − b2≡ − b1 − ≡ − n iff ( 1) m2 d ( 1) m1. We need to show that if −b1 ≡ −b2 b2 b3 Note that there is no restriction on the charac- ( 1) m1 d ( 1) m2 and ( 1) m2 d ( 1) m3, − b≡ − b − ≡ − teristic q of the field F . When q is an odd prime or then ( 1) 1 m1 ( 1) 3 m3. Let S1 be the set of ver- − ≡d − zero, then the TSn(2) polynomials are unsatisfiable and tices such that E(S1)=E , S1 b2 b1 (mod 2), m1m2 | |≡ − therefore have a PC refutation over F , of degree which S1 multisets sets. Then ²S1, and thus it follows that S1 2d/² < n/4. | | | |≤ A +p B denotes the multiset, where if x occurs in A Similarly, S2 n/4. Thus, S0 S1 + S2 multiset over the∈ b b of . Also, the fact that ( 1) 1 m1 ( 1) 2 m2 is − ≡d − ≡d − vertices V in G, where vertex i occurs in the set with defined in terms of the linearization of m1m2 means multiplicity si. E(S) will denote a multiset of edges that condition (b) of the definition of d-Laurent is also from Gn0 as follows. Edge i, j occurs with multiplicity satisfied. 2. 0ifs s is negative, andh i occurs with multiplicity i− j Lemma 12 Every polynomial of TSn(2) is a binomial si sj otherwise. from B . − d The size of S, S , will be k if and only if the number ≡ | | Proof. There are two kinds of polynomials in TSn(2). of nonzero elements in S is k. In other words, the size 2 2 For the equations y 1, we must show that y d 1. of a multiset is the number of elements that appear at e − e ≡ This is easily done by taking S = and noting that least once in the multiset. The size of E(S) is defined 2 ∅ since ye 1 = 1, the three conditions of the definition similarly. of d are trivially satisfied. For the equations of the ≡ Proposition 14 Let Gn be an expander graph with form 1 + y i,j1 y i,j2 y i,jr = 0, we must show that { } { } ··· { } expansion ².If S n/2, then E(S) ²S. 1 d ( 1)y i,j1 y i,j2 y i,jr . This is easily seen to | |≤ | |≥ | | hold≡ with− S{ = }i {. 2} ··· { } Proof. Even though S and E(S) are multisets and { } the definition of ‘size’ is correspondingly modified, Proof of Theorem 8. This is a consequence of the proof of Proposition 9 still applies word-for-word. Theorem 4. First, Lemma 11 shows d is d-Laurent. (In fact, when members of S have different non-zero ≡ Second, Lemma 12 shows TSn(2) B . It remains to multiplicities, it only makes the size of E(S) increase.) ⊂ ≡d show that 1 d ( 1). To prove this suppose 1 d ( 1) 2 holds with some6≡ − set S satisfying the conditions≡ of− the Definition. We define the binary relation d on the definition d. Now we must have E(S)= . But b ≡ ≡ ∅ R∗-terms ω m where m is a degree at most d monomial on the other hand, S δn, for some constant δ>0. introducing rings with roots of unity. Following that, we discuss the reduction of the Tseitin principle to the Proof. Choose constants ² and r so that there mod p counting principle and then discuss the lower are r-regular graphs Gn of expansion ² for all n. m bound for Tseitin principle. Let d1 = d2 =2pr. Suppose MODp has a de- gree d PC refutation, where m = n + nrp.By 3 8.1 Rings with roots of unity Lemmas 1 and 2 TSn(p) has a degree d3d1 PC refutation, so by Theorem 13, d3d1 > ²n/(8pr). Thus, We are mostly interested in lower bounds on the degree 2 2 d3 > ²m/(16p r (1+rp)). Since ², r, p, d are constants, of polynomial calculus refutations over rings R = Zq; this proves the Corollary. 2 however, our method of proof depends strongly on the use of p-th roots of unity, and on the existence 8 Polynomial calculus over rings of inverses of certain terms involving the p-th root of unity. In this section, we prove that there exist rings We now consider the polynomial calculus over rings containing Zq with the desired p-th roots of unity. instead of over fields. For this, we consider a fixed Theorem 19 Let p, q > 1 be relatively prime. Then ring R and the polynomials have coefficients from R. there is a finite ring R Zq which contains a p-th root (By ‘ring’ we always mean ‘commutative ring’.) Since of unity ω such that ⊃ the definition of the polynomial calculus did not use any (a) p is the least positive integer i such that ωi =1, field-specific properties, e.g., since the definition did (b) For all 0 jaddition where q is a product of distinct primes q = r1 r2 rm. h iii · ··· and multiplication. However, we modify the definition For this, let GFr be the field of order r and let Fi = p of a PC refutation of Q to be a PC derivation that ends GFr[√1] be the extension of GFr obtained by adjoining with a constant polynomial m where m R is non-zero a p-th root of unity. We use ωi to denote a p-th root of ∈ (and its derivation thus corresponds to a derivation of unity in Fi. Define R to be the ring with domain i Fi the contradiction m = 0). and component-wise addition and multiplication.Q An element of R is an m-tuple a1,...,a with a F . It is known that the polynomial calculus over rings h mi i ∈ i is complete with respect to Boolean reasoning, i.e., By the Chinese remainder theorem, a copy of Zq is 2 embedded in R by n n mod r1,...,nmod r . The if the initial polynomials include x x = 0 for each 7→ h mi − element a1,...,a has an inverse in R iff each a =0. variable x then any unsatisfiable set of polynomials has h mi i 6 Letting ω = ω1,...,ω , it is easy to see that ω is a PC refutation. However, the polynomial calculus h mi over rings is not complete for general derivations, see a p-th root of unity in R and satisfies property (a). k j the examples in [2]. In this respect the polynomial Likewise, ωi ωi Fi is non-zero for all i and thus k j 1 − ∈ (ω ω )− exists in R. calculus over a field is stronger than the polynomial − calculus over a ring. On the other hand, if the ring R Now consider the general case, where q is not a product of distinct primes. (We don’t use any special is Zm where m = p1 p2 for distinct primes p1,p2, · 1 then it is well-known that there are constant-degree properties of Zq beyond the fact that p− exists in Zq, polynomial calculus proofs of MODn and MODn . But which follows from the fact that p and q are relatively p1 p2 Theorem 13 implies that there is no single field for which prime.) Consider a primitive p-th root of unity, ν, the polynomial calculus has constant degree proofs of over the field of rationals. As a root of unity, ν is p 1 p 2 2 both these principles. a root of the polynomial x − + x − + + x + ···p/` The situation is a little analogous to an important x+ 1. Likewise, for any `

Lemma 21 Let z1,...,zk be variables, and f(~z) be a polynomial. Suppose that in the ring R, f(z ,...,z )= k 1 k Claim: (ω 1)f(ω)=`holds in R. 2 p 1 − 0 for all values of z1,...,zk 1,ω,ω ,...,ω − . Then there is PC derivation of f(∈{~z) from the polynomials} Since ` has an inverse in Z , the claim immediately q zp 1,ofdegree pk deg(f). implies that (ωk 1) has in inverse in R, namely, i − ≤ · 1 − Proof. We give the proof for the case k = 1 and leave `− f(ω). In R we have it the reader to formulate the proof by induction for the case k>1. (All the essential difficulties arise already `1 ` 1 − − in the case k = 1.) Let Pa be the polynomial (ωk 1) f(ω)= nωin+k nωin − · − nX=0 nX=0 0 1 a 1 a+1 p 1 (z1 ω )(z1 ω ) (z1 ω − )(z1 ω ) (z1 ω − ). ` ` 1 − − ··· − − ··· − i − i = (n 1)ω n nω n Note that P (z ωa) is the polynomial zp 1 (this − − a 1 1 nX=1 nX=1 is immediate· from− the fact that they are the− same ` 1 − polynomial in each field Fqi ). =(` 1) ωi` ωin − · − nX=1 a Claim: Let c = f(ω ) R. The polynomial Pa The constant δ depends on p and q. To prove ∈ p · (f(z1) c) is PC derivable from zi 1 in degree (p Theorem 22, we need merely note that the proof of The- − − − 2 p 1 1) deg(f). orem 13 still applies: We take R∗ = 1,ω,ω ,...,ω − · and then, as already noted near the{ beginning of sec-} The claim is proved by induction on the size of tion 7, the proof of Theorem 13 establishes Theorem 22. the polynomial f. The base case where f is a constant is trivial. The second base case where f(z ) 1 Acknowledgement. We thank A. Wadsworth for is just z1 is immediate from the observation above that a p discussions about ring extensions. Pa (z1 ω )=z1 1. The induction steps of addition and· multiplication− − are handled by the following two constructions: References ´ˇ Pa (f c) Pa (g d) [1] P. Beame, R. Impagliazzo, J. Krajıcek, · − · − T. Pitassi, and P. Pudlak´ Pa ((f + g) (c + d)) , Lower bounds on · − Hilbert’s Nullstellensatz and propositional proofs, and Proceedings of the London Mathematical Society, P (f c) P (g d) a · − a · − 73 (1996), pp. 1–26. P (fg cg) P (cg cd) a · − a · − [2] S. R. Buss, Lower bounds on Nullstellensatz proofs P (fg cd) a · − via designs, in Proof Complexity and Feasible and this proves the claim. Arithmetics, P. Beame and S. Buss, eds., American ` i Now let Pa be the polynomial i ` (z1 ω ). We Mathematical Society, 1998, pp. 59–71. i=≥a − only use this polynomial when a Q`. 6 [3] S. R. Buss, R. Impagliazzo, J. Kraj´ıcek,ˇ ≥ P. Pudlak,´ A. A. Razborov, and J. Sgall, Claim: Let ` 0 and let c = f(ωa) R. The Proof complexity in algebraic systems and bounded ` ≥ ∈ p depth Frege systems with modular counting, Com- polynomial Pa f(z1) is PC derivable from zi 1in degree (p 1) deg(· f). − putational Complexity, 6 (1996/1997), pp. 256– − 298. The second claim is proved by induction on `. The [4] M. Clegg, J. Edmonds, and R. Impagliazzo, base case, where ` = 0 is already established by the first Using the Groebner basis algorithm to find proofs 0 claim, since Pa = Pa. For the induction step, let a of unsatisfiability, in Proceedings of the Twenty- ` ≥ ` + 1. The induction hypothesis tells us that P` f(z1) eighth Annual ACM Symposium on the Theory of ` and P f(z1) are both PC derivable. Subtracting these Computing, 1996, pp. 174–183. a · gives [5] D. Grigoriev, Nullstellensatz lower bounds for ` a `+1 (ω ω )Pa f(z1). Tseitin tautologies, in Proceedings of the 39th − · Since (ω` ωa) is invertible in R, we may multiply by Annual IEEE Symposium on Foundations of Com- ` a −1 `+1 puter Science, IEEE Computer Society Press, 1998, (ω ω )− to derive Pa f(z1), and the claim is proved.− · pp. 648–652. [6] J. Kraj´ıcekˇ , On the degree of ideal membership The base case k = 1 of Lemma 20 is immediate from proofs from uniform families of polynomials over a the second claim, with ` = p. The argument for the finite field. To appear in Illinois J. of Mathematics. induction step is similar and is left to the reader. 2 [7] , Lower bounds for a proof system with an exponential speed-up over constant depth Frege 8.3 PC lower bound for rings systems and over polynomial calculus, in Mathe- matical Foundations of Computer Science (MFCS), We now prove the main theorems giving lower bounds Lecture Notes in Computer Science #1295, Berlin, the degrees of of PC derivations over Zq. Fix p, q,Ras 1997, Spring-Verlag. above. [8] T. Pitassi, Algebraic propositional proof systems, Theorem 22 Let Gn be an r-regular graph with expan- in Descriptive Complexity and Finite Models, sion ². Then, for all d < ²n/4, there is no degree d PC N. Immerman and P. Kolaitis, eds., DIMACS refutation of TSn(p) over R. Series in Discrete Mathematics and Theoretical This plus Lemmas 1 and 20 immediately imply: Computer Science #31, American Mathematics Corollary 23 Let p, q 2 be relatively prime. Any PC- Society, 1996, pp. 215–244. ≥ n [9] A. A. Razborov, Lower bounds for the polyno- refutation over Zq of the MODp polynomials requires degree >δn, for some constant δ>0. mial calculus, Computation Complexity, 7 (1998), pp. 291–324. [10] R. Smolensky, Algebraic methods in the theory of lower bounds for Boolean circuit complexity, in Proceedings of the Nineteenth Annual ACM Symposium on the Theory of Computing, ACM Press, 1987, pp. 77–82.