Fast systematic encoding of multiplicity codes
Nicholas Coxon (GRACE)

TL;DR
This paper introduces efficient systematic encoding algorithms for multiplicity codes, enabling practical use in private information retrieval protocols by building on advanced multivariate interpolation techniques.
Contribution
It generalizes existing fast interpolation algorithms to Hermite-type problems, providing the first quasi-linear time encoding methods for multiplicity codes.
Findings
Achieves quasi-linear encoding time for multiplicity codes
Enables practical application of private information retrieval protocols
Extends multivariate interpolation algorithms to Hermite-type problems
Abstract
We present quasi-linear time systematic encoding algorithms for multiplicity codes. The algorithms have their origins in the fast multivariate interpolation and evaluation algorithms of van der Hoeven and Schost (2013), which we generalise to address certain Hermite-type interpolation and evaluation problems. By providing fast encoding algorithms for multiplicity codes, we remove an obstruction on the road to the practical application of the private information retrieval protocol of Augot, Levy-dit-Vehel and Shikfa (2014).
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Fast systematic encoding of multiplicity codes
Nicholas Coxon
INRIA and Laboratoire d’Informatique de l’École polytechnique, Palaiseau, France.
Abstract.
We present quasi-linear time systematic encoding algorithms for multiplicity codes. The algorithms have their origins in the fast multivariate interpolation and evaluation algorithms of van der Hoeven and Schost (2013), which we generalise to address certain Hermite-type interpolation and evaluation problems. By providing fast encoding algorithms for multiplicity codes, we remove an obstruction on the road to the practical application of the private information retrieval protocol of Augot, Levy-dit-Vehel and Shikfa (2014).
††copyright: ©2017: Nicholas Coxon
1. Introduction
Multiplicity codes [17, 18] generalise the classical family of Reed–Muller codes by augmenting their construction to include the evaluations of derivatives up to a given order. They inherit the property of being locally correctable from Reed–Muller codes, allowing any specified coordinate of a codeword in a multiplicity code to be recovered with high probability after examining only a sublinear, in the dimension of the code, number of entries in a possibly corrupted version of the codeword. Restricting to Reed–Muller codes while retaining sublinear local correction also restricts the maximum attainable information rate of the codes to roughly a half. Moving to multiplicity codes allows sublinear local correction and rates approaching one [17].
A closely related notion to local correction is that of local decoding [14]. Whereas local correctability is a property of the codewords of a code, local decodability is a property of an encoding function of a code. For local decoding, one is required to recover a specified coordinate of a message after examining only a small number of coordinates in a possibly corrupted version of its encoding. It follows that a locally correctable code that is equipped with a systematic encoding function, i.e., one that embeds messages into their encodings, is also locally decodable. Augot, Levy-dit-Vehel and Ngô [2] provide a systematic encoding function for multiplicity codes by combining results of Kopparty [16] and Key, McDonough and Mavron [15]. By using their encoding function, multiplicity codes offer sublinear local decoding, while still allowing high rates.
The local decoding algorithm of multiplicity codes is randomised, with the queries to a codeword appearing uniformly distributed over its entries when viewed individually. As a result, an information-theoretically secure private information retrieval protocol may be built upon multiplicity codes by using the construction of Katz and Trevisan [14, Section 4]. Private information retrieval [9] allows a user to retrieve entries from an online database without revealing which entries are being retrieved to the database servers. Using multiplicity codes in the construction of Katz and Trevisan yields a protocol with low communication complexity, when compared to the trivial solution of downloading the entire database, since the amount of data transferred to recover a single database entry is roughly equal to amount of codeword data examined during one round of local decoding.
Augot, Levy-dit-Vehel and Shikfa [3] exploit geometric properties of multiplicity codes to improve upon the protocol obtain by the Katz–Trevisan construction, with their protocol incurring a smaller storage overhead and requiring fewer database servers. The protocol begins by systematically encoding the database as a codeword in a multiplicity code. The codeword is then distributed amongst the database servers. It follows that the encoding increases the amount of stored data by a factor equal to the inverse of the information rate of the code. Thus, the protocol favours the use of multiplicity codes over Reed–Muller codes.
For the protocol of Augot, Levy-dit-Vehel and Shikfa to be realisable for large databases, it is necessary that the initial encoding may be performed efficiently. In this paper, we show that it is possible to perform the encoding in time that is quasi-linear in the number of field elements that appear in the codeword.
1.1. Multiplicity codes
Let denote the finite field with elements. We enumerate the field as and let denote its index set. Then the elements of are identified with vectors in by defining \mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}}=(\alpha_{j_{1}},\dotsc,\alpha_{j_{n}}) for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}=(j_{1},\dotsc,j_{n})\in[q]^{n}. The ring of polynomials over in indeterminates is denoted by \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]=\mathbb{F}_{q}[X_{1},\dotsc,X_{n}], and we define \mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}^{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}=X^{i_{1}}_{1}\dotsm X^{i_{n}}_{n} for \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}=(i_{1},\dotsc,i_{n})\in\mathbb{N}^{n}.
A codeword of a multiplicity code is constructed by taking a polynomial in \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}] and evaluating its Hasse derivatives up to a given order at all points in . The Hasse derivatives of a polynomial F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}] are given by the coefficients (in \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]) of the shifted polynomial F(\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}+\mathchoice{\mbox{\boldmath\displaystyle Z}}{\mbox{\boldmath\textstyle Z}}{\mbox{\boldmath\scriptstyle Z}}{\mbox{\boldmath\scriptscriptstyle Z}})\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}][\mathchoice{\mbox{\boldmath\displaystyle Z}}{\mbox{\boldmath\textstyle Z}}{\mbox{\boldmath\scriptstyle Z}}{\mbox{\boldmath\scriptscriptstyle Z}}]=\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}][Z_{1},\dotsc,Z_{n}] for algebraically independent indeterminates over \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]. For \mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}=(s_{1},\dotsc,s_{n})\in\mathbb{N}^{n}, the coefficient of \mathchoice{\mbox{\boldmath\displaystyle Z}}{\mbox{\boldmath\textstyle Z}}{\mbox{\boldmath\scriptstyle Z}}{\mbox{\boldmath\scriptscriptstyle Z}}^{\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}}=Z^{s_{1}}_{1}\dotsm Z^{s_{n}}_{n} in the shifted polynomial is called the th Hasse derivative of , which we denote by H(F,\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}). Accordingly, we have
[TABLE]
We define the weight of a vector \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in\mathbb{N}^{n}, denoted \mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}\right|, to be the sum of its entries. Then the th Hasse derivative is said to have order \mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}}\right|.
The polynomials that have their derivatives evaluated in a multiplicity code are restricted by their (total) degree. Consequently, we let \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{d} denote the vector space of polynomials in \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}] that have degree at most . We index the derivatives of order less than by the set S_{s,n}=\{\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}\in\mathbb{N}^{n}\mid\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}}\right|<s\}, and let denote its cardinality. Then for such that , the multiplicity code is defined to be the image of the map
[TABLE]
Thus, the multiplicity code is a vector space over of dimension , while its minimum distance is at least [10, Lemma 8] and its information rate is \binom{n+d}{n}/\mathopen{}\mathclose{{}\left(\binom{n+s-1}{n}q^{n}}\right).
1.2. Systematic encoding of multiplicity codes
Given a multiplicity code , it is natural to consider encoding functions that are -linear functions from onto the code, where is the code’s dimension. The elements of are then called the message vectors, or simply messages, of the code. Such an encoding function is systematic if the th entry of each message vector , for , always appears in the encoding at some fixed location. Recording these locations yields a set such that the map
[TABLE]
is a bijection. Conversely, a set such that the map is a bijection induces a systematic encoding function
[TABLE]
Indeed, the function is systematic since the entries of a message vector each reappear in its encoding as the value of some fixed derivative. Such a set is called an interpolating set [16, Appendix A] or an information set [2, Definition 4] of the multiplicity code .
Kopparty [16, Appendix A] provides a method of constructing information sets, and thus a construction of systematic encoding functions, for multiplicity codes. However, Kopparty does not provide explicit examples of the construction. Augot, Levy-dit-Vehel and Ngô [2] subsequently provide an explicit family of information sets by supplementing Kopparty’s construction with a result of Key, McDonough and Mavron [15, Theorem 1].
Theorem 1** ([15, 16, 2]).**
For such that ,
[TABLE]
is an information set of .
We let denote the systematic encoding function of provided by Theorem 1. A codeword of a multiplicity code contains elements of , and thus contains field elements in total. Consequently, if the encoding function is to be used in the private information retrieval protocol of Augot, Levy-dit-Vehel and Shikfa [3], then it is important that the function may be evaluated in time that is close to linear in . Augot, Levy-dit-Vehel and Ngô [2, Appendix] show that can be evaluated in operations in , where and the notation indicates that polylogarithmic factors are omitted from the complexity. The quadratic dependency on the dimension of the code means that their algorithm is not suitable for use in the private information retrieval context, where must be greater than or equal to the number of bits in the database, and is the number of (non-colluding) servers. However, we note that the cost of evaluating with their algorithm can be reduced to operations in by replacing the matrix–vector products they use to perform multivariate interpolation with the quasi-linear time interpolation algorithm of van der Hoeven and Schost [23].
1.3. Our contribution
In Sections 3 and 4, we present two algorithms that evaluate the encoding function in , or more simply , operations in . The algorithm of Section 3 combines fast polynomial interpolation and evaluation algorithms to first invert the map then evaluate . The algorithm of Section 4 follows a similar interpolation–evaluation approach, but aims to trade a more expensive interpolation step for a cheaper evaluation step. While the two encoding algorithms achieve the same asymptotic complexity, comparing lower order terms of their complexities suggests that they outperform each other at opposing ends of the rate spectrum, with the algorithm of Section 3 being faster for low-rate codes. Consequently, the two encoding algorithms provide complementary practical performance.
For the private information retrieval protocol of Augot, Levy-dit-Vehel and Shikfa [3] one desires to use multiplicity codes with high rates in order to obtain small storage overheads. However, storage overhead must be balanced with other aspects of the protocol when choosing parameters for the codes. The problem of parameter selection is yet to be addressed in the literature, and it remains unclear as to which rates will occur in practice. We do not address this problem here since it is out of the scope of the paper. As a result, we are prevented from determining if one of the two encoding algorithms is better suited to this application.
The interpolation and evaluation algorithms that make up the two encoding algorithms have their origins in the quasi-linear time multivariate interpolation and evaluation algorithms of van der Hoeven and Schost [23]. In Section 2, we generalise their algorithms to address certain multivariate Hermite interpolation and evaluation problems. Thus, we provide algorithms for recovering multivariate polynomials from their Hasse derivatives, as well as for the inverse problem of computing their derivatives.
The algorithms of van der Hoeven and Schost are recursive in nature, reducing each problem to multiple instances of the same problem in a single variable. Solving the univariate problems in quasi-linear time, then leads to an overall quasi-linear time algorithm. Our Hermite interpolation and evaluation algorithms similarly reduce the multivariate problems to multiple instances of the univariate problems. Applying the quasi-linear time algorithms of Chin [8] to these univariate instances then yields multivariate algorithms with quasi-linear complexity.
Conventions
We let denote a function such that two univariate polynomials over of degree less than can be multiplied in operations in . For example, the algorithm of Cantor and Kaltofen [7] implies that may be taken to be in . Throughout the paper, we assume that is a nondecreasing function of .
We make frequently use of the shorthand vector notation (f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I} for sets . So that this notation is well-defined, we order the entries f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}} by increasing weight \mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}\right| of their multi-indices, with ties broken lexicographically. Similarly, for sets , we assume that the entries of a vector (f_{(\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}},\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}})})_{(\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}},\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}})\in\mathcal{I}} are ordered by increasing \mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q}\right|, with ties broken by comparing the vectors \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q lexicographically.
For \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}=(i_{1},\dotsc,i_{n})\in\mathbb{Z}^{n} and , we define \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu\mkern 5.0mu\mathbin{\operator@font div}\penalty 900\mkern 5.0mu\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu{j}=(\mathopen{}\mathclose{{}\left\lfloor i_{1}/j}\right\rfloor,\dotsc,\mathopen{}\mathclose{{}\left\lfloor i_{n}/j}\right\rfloor) and \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\bmod{j}=\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}-(\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu\mkern 5.0mu\mathbin{\operator@font div}\penalty 900\mkern 5.0mu\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu{j})j. Similarly, for such that , we write for the residue of modulo that has degree less than .
2. Multivariate Hermite interpolation and evaluation
The interpolation algorithm of van der Hoeven and Schost [23], when applied over , takes as an input a vector of field elements (m_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}})_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I} for some , and returns the unique polynomial F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}] that has support contained in and satisfies F(\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}})=m_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}} for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I. Their evaluation algorithm performs the inverse computation, evaluating a polynomial with support contained in at the points \mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}} for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I. Both algorithms require to be an initial segment for the partial order on defined by \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\leq\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}} if and only if \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}-\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in\mathbb{N}^{n}: a subset is then an initial segment if it is nonempty and contains all \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in\mathbb{N}^{n} such that \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\leq\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}} for some \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I.
For , let \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I} denote the vector space of polynomials in \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}] that have support contained in . Then a key feature of the algorithms of van der Hoeven and Schost is the representation of polynomials in \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I}, where is an initial segment, with respect to a multivariate Newton basis. This basis consists of the polynomials
[TABLE]
where
[TABLE]
are the Newton polynomials associated with the enumeration of the field. The Newton basis polynomial N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}} vanishes at all points \mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}} with \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\ngeq\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}, allowing van der Hoeven and Schost to address the interpolation and evaluation problems one variable at a time in a manner similar to the earlier work of Pan [21]. In doing so, they obtain algorithms for both problems that each perform \mathcal{O}(\mathopen{}\mathclose{{}\left|I}\right|n\log^{2}\mathopen{}\mathclose{{}\left|I}\right|\log\log\mathopen{}\mathclose{{}\left|I}\right|) field operations.
In this section, we generalise the interpolation and evaluation algorithms of van der Hoeven and Schost to address multivariate Hermite interpolation and evaluation problems. The generalised algorithms yield analogous complexities to those of the algorithms of van der Hoeven and Schost. Thus, they allow the fast recovery of polynomials from the values of their Hasse derivatives, in addition to allowing the fast evaluation of their derivatives.
2.1. Hermite interpolation and evaluation
We generalise the interpolation and evaluation problems considered by van der Hoeven and Schost through generalising the use of the multivariate Newton basis. To allow initial segments that are not contained in , we extend the definition of the Newton basis by introducing repeated roots to the basis polynomials. We define
[TABLE]
and N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}(\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}})=N_{i_{1}}(X_{1})\dotsm N_{i_{n}}(X_{n}) for \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}=(i_{1},\dotsc,i_{n})\in\mathbb{N}^{n}. Then, for \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in\mathbb{N}^{n}, the polynomial N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}} may be written in the form \sum_{\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}\leq\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}n_{\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}}\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}^{\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}} with coefficients n_{\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}}\in\mathbb{F}_{q} and n_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}=1. Therefore, under the extended definition we retain the property that \{N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}\mid\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I\} is a basis of \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I} when is an initial segment. However, having introduced repeated roots to the basis polynomials, the vanishing property of the Newton basis now extends to include the Hasse derivatives of the basis polynomials.
Lemma 2**.**
For \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in\mathbb{N}^{n} and (\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}},\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}})\in[q]^{n}\times\mathbb{N}^{n}, we have H(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}},\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}})(\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}})=0 if \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}+\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}}q\ngeq\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}, and H(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}},\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}})(\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}})\neq 0 if \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}+\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}}q=\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}.
Proof.
It is sufficient to prove the lemma for all N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q} with (\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}},\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}})\in[q]^{n}\times\mathbb{N}^{n}. Let (\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}},\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}),(\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}},\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}})\in[q]^{n}\times\mathbb{N}^{n} with \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}=(i_{1},\dotsc,i_{n}), \mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}=(s_{1},\dotsc,s_{n}), \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}=(j_{1},\dotsc,j_{n}) and \mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}}=(t_{1},\dotsc,t_{n}). Then, for algebraically independent indeterminates over \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}], the definition of the Hasse derivative implies that H(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q},\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}})(\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}}) is equal to the coefficient of \mathchoice{\mbox{\boldmath\displaystyle Z}}{\mbox{\boldmath\textstyle Z}}{\mbox{\boldmath\scriptstyle Z}}{\mbox{\boldmath\scriptscriptstyle Z}}^{\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}}}=Z^{t_{1}}_{1}\dotsm Z^{t_{n}}_{n} in the polynomial N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q}(\mathchoice{\mbox{\boldmath\displaystyle Z}}{\mbox{\boldmath\textstyle Z}}{\mbox{\boldmath\scriptstyle Z}}{\mbox{\boldmath\scriptscriptstyle Z}}+\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}})\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle Z}}{\mbox{\boldmath\textstyle Z}}{\mbox{\boldmath\scriptstyle Z}}{\mbox{\boldmath\scriptscriptstyle Z}}]=\mathbb{F}_{q}[Z_{1},\dotsc,Z_{n}].
For , let be the indicator function defined by if and only if . Then
[TABLE]
Letting \mathchoice{\mbox{\boldmath\displaystyle\varepsilon}}{\mbox{\boldmath\textstyle\varepsilon}}{\mbox{\boldmath\scriptstyle\varepsilon}}{\mbox{\boldmath\scriptscriptstyle\varepsilon}}=(\varepsilon_{1}(j_{1}),\dotsc,\varepsilon_{n}(j_{n})), it follows that
[TABLE]
If \mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}}\geq\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}+\mathchoice{\mbox{\boldmath\displaystyle\varepsilon}}{\mbox{\boldmath\textstyle\varepsilon}}{\mbox{\boldmath\scriptstyle\varepsilon}}{\mbox{\boldmath\scriptscriptstyle\varepsilon}}, then \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}+\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}}q\geq(\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}+\mathchoice{\mbox{\boldmath\displaystyle\varepsilon}}{\mbox{\boldmath\textstyle\varepsilon}}{\mbox{\boldmath\scriptstyle\varepsilon}}{\mbox{\boldmath\scriptscriptstyle\varepsilon}}q)+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q\geq\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q. Therefore, if \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}+\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}}q\ngeq\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q, then H(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q},\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}})(\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}})=0 since \mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}}\ngeq\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}+\mathchoice{\mbox{\boldmath\displaystyle\varepsilon}}{\mbox{\boldmath\textstyle\varepsilon}}{\mbox{\boldmath\scriptstyle\varepsilon}}{\mbox{\boldmath\scriptscriptstyle\varepsilon}} and \mathchoice{\mbox{\boldmath\displaystyle Z}}{\mbox{\boldmath\textstyle Z}}{\mbox{\boldmath\scriptstyle Z}}{\mbox{\boldmath\scriptscriptstyle Z}}^{\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}+\mathchoice{\mbox{\boldmath\displaystyle\varepsilon}}{\mbox{\boldmath\textstyle\varepsilon}}{\mbox{\boldmath\scriptstyle\varepsilon}}{\mbox{\boldmath\scriptscriptstyle\varepsilon}}} divides N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q}(\mathchoice{\mbox{\boldmath\displaystyle Z}}{\mbox{\boldmath\textstyle Z}}{\mbox{\boldmath\scriptstyle Z}}{\mbox{\boldmath\scriptscriptstyle Z}}+\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}}) in \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle Z}}{\mbox{\boldmath\textstyle Z}}{\mbox{\boldmath\scriptstyle Z}}{\mbox{\boldmath\scriptscriptstyle Z}}]. If \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}+\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}}q=\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q, then (\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}},\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}})=(\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}},\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}) and \mathchoice{\mbox{\boldmath\displaystyle\varepsilon}}{\mbox{\boldmath\textstyle\varepsilon}}{\mbox{\boldmath\scriptstyle\varepsilon}}{\mbox{\boldmath\scriptscriptstyle\varepsilon}}=\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}. By substituting into (1) and computing the coefficient of \mathchoice{\mbox{\boldmath\displaystyle Z}}{\mbox{\boldmath\textstyle Z}}{\mbox{\boldmath\scriptstyle Z}}{\mbox{\boldmath\scriptscriptstyle Z}}^{\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}}=\mathchoice{\mbox{\boldmath\displaystyle Z}}{\mbox{\boldmath\textstyle Z}}{\mbox{\boldmath\scriptstyle Z}}{\mbox{\boldmath\scriptscriptstyle Z}}^{\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}+\mathchoice{\mbox{\boldmath\displaystyle\varepsilon}}{\mbox{\boldmath\textstyle\varepsilon}}{\mbox{\boldmath\scriptstyle\varepsilon}}{\mbox{\boldmath\scriptscriptstyle\varepsilon}}}, we find that
[TABLE]
which is nonzero. ∎
In the interpolation and evaluation problems considered by van der Hoeven and Schost, the initial segment is the support of both the polynomials and the evaluation points. In order to maintain this property when generalising these problems, we define E(F,\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}})=H(F,\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu\mkern 5.0mu\mathbin{\operator@font div}\penalty 900\mkern 5.0mu\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu{q})(\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\bmod{q}}) for \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in\mathbb{N}^{n} and F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]. Then our problem of Hermite interpolation takes a vector (m_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}})_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I} of field elements for some finite initial segment and asks that we compute the polynomial F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I} that satisfies E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}})=m_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}} for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I. Our Hermite evaluation problem is the inverse problem, asking for the computation of the vector (E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}))_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I} when given a polynomial F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I}. Importantly, Lemma 2 implies that E(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}},\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}})=0 for all \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}},\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in\mathbb{N}^{n} such that \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\nleq\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}, allowing us to address both problems by generalising the algorithms of van der Hoeven and Schost. Existence and uniqueness of a solution to the Hermite interpolation problem is provided by the following lemma.
Lemma 3**.**
Let be a finite initial segment and (m_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}})_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I}\in\mathbb{F}^{\mathopen{}\mathclose{{}\left|I}\right|}_{q}. Then there exists a unique polynomial F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I} such that E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}})=m_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}} for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I.
Proof.
If is a finite initial segment, then \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I} and \mathbb{F}^{\mathopen{}\mathclose{{}\left|I}\right|}_{q} are \mathopen{}\mathclose{{}\left|I}\right|-dimensional -vector spaces, and for s>\max_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I}\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}\right|. Therefore, it is sufficient to prove following statement: for all positive , if is an initial segment, then the homomorphism \operatorname{ev}_{I}:\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I}\rightarrow\mathbb{F}^{\mathopen{}\mathclose{{}\left|I}\right|}_{q} given by F\mapsto(E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}))_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I} is injective. We prove this statement by induction on . The statement holds trivially for , since \{\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}\} is the only initial segment contained in , and \operatorname{ev}_{\{\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}\}}:\mathbb{F}_{q}\rightarrow\mathbb{F}_{q} is the identity map. Therefore, suppose that the statement is true for some integer . Let be an initial segment, and F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I} such that E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}})=0 for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I. Then to complete the proof of the lemma, it is sufficient to show that is equal to zero.
Let . Then is an initial segment since and are initial segments. Moreover, if \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I\setminus J, then its weight \mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}\right| is maximal amongst the elements of . Consequently, if \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I\setminus J, then \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\ngeq\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}} for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I\setminus\{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\}. As Hasse derivatives are linear functions and evaluation is a homomorphism, the functions E({}\cdot{},\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}):\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]\rightarrow\mathbb{F}_{q} for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in\mathbb{N} are linear. Therefore, if we write F=\sum_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I}f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}} such that f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}\in\mathbb{F}_{q} for all \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I, then Lemma 2 implies that
[TABLE]
As is an initial segment, the induction hypothesis implies that \sum_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in J}f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}} is equal to zero. Applying Lemma 2 once again, it follows that
[TABLE]
Moreover, the lemma states that E(N_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}},\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}})\neq 0 for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I\setminus J. Therefore, f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}=0 for \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I\setminus J. Hence, is equal to zero. ∎
Define by (\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}},\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}})\mapsto\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q. Then \kappa_{n}(\mathcal{I}_{d,n})=\{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in\mathbb{N}^{n}\mid\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}\right|\leq d\} is a finite initial segment for . Moreover, for F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{d}=\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{\kappa_{n}(\mathcal{I}_{d,n})} we have (H(F,\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}})(\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}}))_{(\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}},\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}})\in\mathcal{I}_{d,n}}=(E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}))_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in\kappa_{n}(\mathcal{I}_{d,n})}. Thus, the problem of computing the polynomial that corresponds to a message vector of a multiplicity code is an instance of the Hermite interpolation problem with initial segment . Similarly, the problem of encoding a polynomial as a codeword in , i.e., evaluating the map for some polynomial of degree at most , is an instance of the Hermite evaluation problem with initial segment . In Section 3, we apply the fast algorithms developed in this section to these two instances to obtain a fast systematic encoding algorithm for low-rate codes, while in Section 4, the interpolation algorithm is applied with as part of the encoding algorithm for higher rate codes.
As we have no need to represent polynomials with respect to the monomial basis during encoding, we only require that the output of the interpolation algorithm and input of the evaluation algorithm are written on the Newton basis. Consequently, if is an initial segment, then we write F\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I} for the vector of coefficients of F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I} when written on the basis (N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I}. That is, if F=\sum_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I}f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}} such that the coefficients f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}\in\mathbb{F}_{q}, then F\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I}=(f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I}. Similarly, we write F\dashv(\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}^{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I} for the coefficient vector of when written on the monomial basis. To allow us to bound the size of a finite initial segment in each of its dimensions, we extend the notation by defining for positive . Using this notation, we can state the main result of this section as follows.
Theorem 4**.**
Let be an initial segment such that for positive integers . Then given the vector (E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}))_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I} for some polynomial F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I}, the vector F\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I} can be computed in
[TABLE]
operations in . Conversely, given the vector F\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I} for some polynomial F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I}, the vector (E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}))_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I} can be computed within the same bound on the number of operations in .
Theorem 4 directly generalises the bounds obtained by van der Hoeven and Schost [23, Propostions 2 and 3] for interpolation and evaluation. By letting equal \mathopen{}\mathclose{{}\left|I}\right|, and taking to be in , the bound (2) simplifies to \mathcal{O}(\mathopen{}\mathclose{{}\left|I}\right|n\log^{2}\mathopen{}\mathclose{{}\left|I}\right|\log\log\mathopen{}\mathclose{{}\left|I}\right|), matching the bound for the algorithms of van der Hoeven and Schost stated at the beginning of the section.
In other settings it may be preferable to have the output of the Hermite interpolation algorithm or the input of the Hermite evaluation algorithm represented with respect to the monomial basis. For univariate polynomials, conversion between the Newton and monomial bases can be performed in quasi-linear time by the algorithms discussed in the next section. These algorithms extend to multivariate polynomials by applying the approach of van der Hoeven and Schost [23, Section 4]. Using these algorithms, it is possible to preserve the bound (2) while having the input and output polynomials of the Hermite interpolation and evaluation algorithms given on the monomial basis.
The remainder of this section is devoted to proving Theorem 4. We begin in the next section by reviewing existing fast algorithms for solving the Hermite interpolation and evaluation problems in univariate case. Then we complete the proof of the theorem by generalising the multivariate interpolation and evaluation algorithms of van der Hoeven and Schost in Section 2.3.
2.2. Univariate algorithms
Hermite interpolation and evaluation for univariate polynomials can be performed in quasi-linear time with respect to the monomial basis by the algorithms of Chin [8]. In these algorithms, derivative is taken to mean the formal derivative rather than the Hasse derivative, as required here. However, by using the fact that the th formal derivative is equal to times the th Hasse derivative, it is readily shown that only superficial changes to Chin’s algorithms are required to allow them to work with the Hasse derivative. We note that the convolution-based algorithm of Aho, Steiglitz and Ullman [1] that is used by Chin to compute Taylor shifts of polynomials cannot be used if the characteristic of the field is not greater than their degrees. In this case, the convolution-based algorithm may be replaced by the algorithm of Olshevsky and Shokrollahi [20, Section 4.2] (see also [24, 25]), which is slower by a logarithmic factor.
Each finite initial segment in is of the form for some positive integer . For the Hermite interpolation and evaluation problems defined by these initial segments, applying Chin’s algorithms with modifications just described provides the following complexity bounds.
Lemma 5**.**
Let be positive and . Then given , the vector can be computed in operations in . Conversely, given , the vector can be computed in operations in .
Closely related alternatives to Chin’s algorithms that provide the same complexity bounds are given by Olshevsky and Shokrollahi [20] and texts [22, Chapter 3], [4, Chapter 1, Section 4] and [6, Exercise 3.14]. In situations where precomputation is permitted, the asymptotic complexity of these algorithms and Chin’s algorithms may be improved upon by using the techniques described by van der Hoeven [13].
Combining Lemma 5 with the following result of Gerhard [12] completes the proof of Theorem 4 for the univariate case.
Lemma 6**.**
Let be positive and . Then given , the vector can be computed in operations in . Conversely, given , the vector can be computed in operations in .
When converting from the monomial basis to the Newton basis, the algorithm of Gerhard is improved upon in practice by the algorithm of Bostan and Schost [5].
2.3. Multivariate algorithms
By design, the Hermite interpolation and evaluation problems allow the algorithms of van der Hoeven and Schost to be generalised in a straightforward manner. However, we follow a slightly different course by presenting the generalised algorithms in an iterative, rather than recursive, form. This small change is used to simplify the description of modifications to the algorithms that are made in the encoding context.
We begin by introducing some geometric operations on initial segments. For and \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}=(i_{1},\dotsc,i_{\ell})\in\mathbb{N}^{\ell} such that , define
[TABLE]
and
[TABLE]
Let \mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{\ell} denote the -dimensional vector of zeros. Then, given an initial segment and a positive integer , the set \lambda(I,\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{\ell}) is the projection of onto the -coordinate plane, while \rho(I,\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{\ell}) is the projection of onto the -coordinate plane. Consequently, if F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I} has coefficient vector F\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I}=(f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I}, then
[TABLE]
where
[TABLE]
for i_{n}\in\rho(I,\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{n-1}). For F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}] and , we define to be the polynomial given by (4) for and (f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in\mathbb{N}^{n}}=F\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in\mathbb{N}^{n}}. Then (3) and (4) still hold whenever F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I} for some initial segment , but the definition of is now independent of .
We base our Hermite interpolation and evaluation algorithms on the following analogue of [23, Proposition 1] for the functions E({}\cdot{},\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}).
Lemma 7**.**
Let be a finite initial segment and F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I}. Then
[TABLE]
for all \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}=(j_{1},\dotsc,j_{n})\in I.
Proof.
We begin the proof by establishing a multiplicative property of the functions E({}\cdot{},\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}). Let and . Then it follows from the definition of the Hasse derivative that H(UV,\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}})=H(U,(s_{1},\dotsc,s_{n-1}))H(V,s_{n}) for \mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}=(s_{1},\dotsc,s_{n})\in\mathbb{N}^{n}. As evaluation is a homomorphism, we conclude that E(UV,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}})=E(U,(j_{1},\dotsc,j_{n-1}))E(V,j_{n}) for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}=(j_{1},\dotsc,j_{n})\in\mathbb{N}^{n}.
Suppose now that is a finite initial segment, F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I} and \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}=(j_{1},\dotsc,j_{n})\in I. Then (3) holds, from which it follows that
[TABLE]
As E\mathopen{}\mathclose{{}\left({}\cdot{},j_{n}}\right):\mathbb{F}_{q}[X_{n}]\rightarrow\mathbb{F}_{q} is a linear function, the proof of the lemma will be complete if we show that for i_{n}\in\rho(I,\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{n-1})\setminus\rho\mathopen{}\mathclose{{}\left(I,(j_{1},\dotsc,j_{n-1})}\right). If i_{n}\in\rho(I,\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{n-1}) and , then i_{n}\in\rho\mathopen{}\mathclose{{}\left(I,(j_{1},\dotsc,j_{n-1})}\right) since is an initial segment and . As a result, for i_{n}\in\rho(I,\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{n-1})\setminus\rho\mathopen{}\mathclose{{}\left(I,(j_{1},\dotsc,j_{n-1})}\right). Hence, Lemma 2 implies that for i_{n}\in\rho(I,\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{n-1})\setminus\rho\mathopen{}\mathclose{{}\left(I,(j_{1},\dotsc,j_{n-1})}\right). ∎
Lemma 7 sets up a natural recursive approach to the Hermite interpolation and evaluation problems by reducing each problem to a combination of univariate problems in the variable , and the recovery or evaluation of the -variate polynomials . To allow us to instead present iterative algorithms, we must introduce some additional geometric operations on initial segments. For , and , we define
[TABLE]
to be the projection of onto the -coordinate plane. For \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}=(i_{1},\dotsc,i_{\ell-1},i_{\ell+1},\dotsc,i_{n})\in\pi_{\ell}(I), we define
[TABLE]
We extend these definitions to by defining and . When is an initial segment, so too are the sets \mu_{\ell}(I,\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}) for \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in\pi_{\ell}(I).
The multivariate Hermite evaluation and interpolation algorithms are presented in Algorithms 1 and 2, respectively. We require that the univariate algorithms they use to be in-place algorithms in the sense that inputs are overwritten by their corresponding output. In particular, the input and output specifications of the univariate algorithms should match those of their corresponding multivariate algorithm for . However, we do not impose restrictions on the memory usage of the algorithms, as is usual when defining the notion of “in-place”, so that any univariate algorithm can be modified to fit this description. We are deliberately non-committal about the choice of univariate algorithms, since any algorithms that solve the univariate problems may be used. One may, of course, take these algorithms to be the corresponding algorithm of Chin with the modifications described in Section 2.2, including basis conversion to ensure that input and output polynomials are written on the Newton basis. In particular, it is this combination of algorithms that is used to prove Theorem 4.
We prove that Algorithm 1 is correct in Lemma 8. Combining the lemma with Lemma 3 then establishes the correctness of Algorithm 2, since the algorithm simply reverses the steps of the Algorithm 1, inverting each evaluation along the way.
Lemma 8**.**
Algorithm 1 is correct.
Proof.
We prove the lemma by induction on . If , then Algorithm 1 simply calls the univariate algorithm on the input. Accordingly, correctness holds trivially for univariate inputs. It is illustrative to consider the case separately before proceeding by induction. Therefore, suppose that Algorithm 1 is called on a finite initial segment and the vector for some . Then the first iteration of the outer loop of the algorithm calls the univariate algorithm on each of the vectors
[TABLE]
Here, is equal to the coefficient vector . Therefore, after the first iteration of the outer loop has been performed, the input vector is equal to . It follows that the second iteration of the outer loop calls the univariate algorithm on each of the vectors
[TABLE]
Thus, Lemma 7 implies that after the second iteration of the outer loop has been performed, we have for . As this is the last iteration of the loop, it follows that the input vector is equal to at the end of the algorithm. Hence, Algorithm 1 is correct for the inputs and , and the lemma holds for .
Suppose now that and Algorithm 1 is correct for all inputs on variables. Furthermore, suppose that Algorithm 1 is called on a finite initial segment and the vector F\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I}=(f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I} for some polynomial F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I}. Then the subvectors for i_{n}\in\rho(I,\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{n-1}) are modified independently of one another during the first iterations of the outer loop of the algorithm. Indeed, during the first iterations of the outer loop, the univariate algorithm is only ever called on a subvector of one of these subvectors. For , the family of sets
[TABLE]
for i_{n}\in\rho(I,\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{n-1}) form a partition of . Moreover, for i_{n}\in\rho(I,\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{n-1}) and \mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}^{\prime}=(j_{1},\dotsc,j_{\ell-1},i_{\ell+1},\dotsc,i_{n-1})\in\pi_{\ell}\mathopen{}\mathclose{{}\left(\lambda(I,i_{n})}\right), we have
[TABLE]
Thus, performing the first iterations of the outer loop is equivalent to recursively calling the algorithm on the initial segment and the subvector for each i_{n}\in\rho(I,\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{n-1}). Initially, we have
[TABLE]
for i_{n}\in\rho(I,\mathchoice{\mbox{\boldmath\displaystyle 0}}{\mbox{\boldmath\textstyle 0}}{\mbox{\boldmath\scriptstyle 0}}{\mbox{\boldmath\scriptscriptstyle 0}}_{n-1}). Therefore, the induction hypothesis implies that after iterations of the outer loop have been performed, the input vector is equal to . It follows that the last iteration of the outer loop calls the univariate algorithm on each of the vectors
[TABLE]
for \mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}=(j_{1},\dotsc,j_{n-1})\in\pi_{n}(I)=\lambda(I,0). Hence, Lemma 7 implies that Algorithm 1 returns the vector (E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}))_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I}. That is, the algorithm is correct for the inputs and F\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I}. Thus, the lemma follows by induction. ∎
It is clear that the complexity of each multivariate algorithm is determined by the complexity of the corresponding univariate algorithm. We capture the nature of this dependency in the next two lemmas.
Lemma 9**.**
Suppose that for some function the univariate Hermite evaluation algorithm used in Algorithm 1 performs at most operations in when given the initial segment as an input, and that is a nondecreasing function of . Then given an input such that for positive integers , Algorithm 1 performs at most
[TABLE]
operations in .
Proof.
If the univariate Hermite evaluation algorithm has complexity given by such a function , then Algorithm 1 performs at most
[TABLE]
operations in . It follows that if for positive integers , and thus \mu_{\ell}(I,\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}})\subseteq[s_{\ell}] for and \mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}\in\pi_{\ell}(I), then the algorithm performs at most
[TABLE]
operations in . ∎
Lemma 10**.**
Suppose that for some function the univariate Hermite interpolation algorithm used in Algorithm 2 performs at most operations in when given the initial segment as an input, and that is a nondecreasing function of . Then given an input such that for positive integers , Algorithm 2 performs at most
[TABLE]
operations in .
We omit the proof of Lemma 10 since it uses identical arguments to those of Lemma 9. Combining the two lemmas with Lemmas 5 and 6 then completes the proof of Theorem 4. We note that Lemmas 9 and 10, and thus Theorem 4, do not account for the cost of computing the sets and \mu_{\ell}(I,\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}) during the algorithm. For the initial segments that are used in the encoding algorithms, we have simple explicit formulae that allow the sets to be computed with low complexity. The general problem is not considered here.
As for the complexities of the multivariate algorithms, their space requirements are largely determined by those of the univariate algorithms. The amount of auxiliary space used by either multivariate algorithm, i.e., storage in addition to the input array, is equal to that of the index manipulations plus the maximum amount of auxiliary space used by the corresponding univariate algorithm over all calls to it. Therefore, if the univariate algorithm is a true in-place algorithm, in the sense that it uses only auxiliary space, and the index manipulations also require only auxiliary space, then the multivariate algorithm enjoys the same auxiliary space bound.
3. Encoding algorithm for low-rate codes
In this section, we present the first of our fast systematic encoding algorithms for multiplicity codes. Although, the algorithm is suitable for multiplicity codes of all rates, we somewhat falsely refer to it as an encoding algorithm for low-rate codes since the encoding algorithm of Section 4 is faster for codes with sufficiently high rates. Recall that our goal is to efficiently evaluate the encoding function defined in Section 1.2. The algorithm of this section achieves this goal by using the fast Hermite interpolation and evaluation algorithms of Section 2 to successively evaluate its constituent maps and .
We use the map , given by (\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}},\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}})\mapsto\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}+\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}q, to translate the encoding problem into the language of Section 2. To this end, we let denote the -image of the information set defined in Theorem 1. Then we have
[TABLE]
For notational convenience, we extend this definition to , by defining to be the empty set for . For nonzero , we define . Finally, for such that and , we define . With this notation, a message of a multiplicity code is written as a vector m=(m_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}})_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I_{d,n}}. Its systematic encoding is then equal to
[TABLE]
where is the unique polynomial in \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{d} such that E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}})=m_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}} for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I_{d,n}. It follows that it is sufficient to consider the problem of computing the vector (E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}))_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in C_{s,n}} when given . In fact, we need only compute (E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}))_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in R_{d,s,n}} since the remaining entries are present in the message to begin with.
For such that , we have \mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{d}=\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I_{d,n}}\subset\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{C_{s,n}}. Therefore, as noted in Section 2.1, computing the polynomial that corresponds to a message of the multiplicity code (i.e., computing ) is an instance of the Hermite interpolation problem with initial segment , while computing the vector (E(F,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}))_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in C_{s,n}} (i.e., computing the entries of ) is an instance of Hermite evaluation problem with initial segment . Applying the algorithms of Section 2 to these instances of the interpolation and evaluation problems yields our first systematic encoding algorithm, presented in Algorithm 3, and the complexity bound of Theorem 11.
Theorem 11**.**
Given a message vector of a multiplicity code , its systematic encoding can be computed in
[TABLE]
operations in .
Proof.
Taking the univariate algorithms used by Algorithms 1 and 2 to be the corresponding algorithms of Chin, as modified in Section 2.2, Theorem 4 implies that Algorithm 3 performs
[TABLE]
operations in . As the parameters and satisfy the inequality , and thus , the second term of the bound dominates. ∎
By taking to be in , it follows from Theorem 11 that systematic encoding for can be performed in \mathcal{O}(\mathopen{}\mathclose{{}\left|C_{s,n}}\right|n\log^{2}(sq)\log\log(sq)) operations in , matching the quasi-linear bound stated in the introduction. While we have only bounded the number of field operations performed by the encoding algorithm, the cost of the index manipulations performed by Algorithms 1 and 2 during encoding is low in practice. Indeed, for , we have the simple explicit formulae and \mu_{\ell}(I_{d,n},\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}})=I_{d-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}}\right|,1} for \mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}\in I_{d,n-1}. Similarly, and \mu_{\ell}(C_{s,n},\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}})=C_{s-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu\mkern 5.0mu\mathbin{\operator@font div}\penalty 900\mkern 5.0mu\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu{q}}\right|,1} for \mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}\in C_{s,n-1}.
While the encoding algorithm has quasi-optimal asymptotic complexity, it is clear that it performs more operations than is necessary. This excess is most apparent in the evaluation step of the algorithm, which recomputes the entries of original input message. We address this problem in the next section by describing some modifications to the encoding algorithm that can be used to eliminate unnecessary computations. Each modification requires modifications to be made to one or both of the univariate algorithms. As we are being non-committal about our choice of these algorithms, we only describe how the behaviour of univariate algorithms should be changed, rather than describing how to obtain the desired behaviour.
3.1. Practical improvements
Our first modification occurs at the interface of Algorithms 1 and 2. Suppose that, as occurs for the algorithms of Section 2.2, the univariate interpolation algorithm performs monomial to Newton basis conversion as its last step, and the univariate evaluation algorithm performs the inverse conversion as its first step. Then the conversions performed during the last iteration of the interpolation algorithm cancel with those performed during the first iteration of the evaluation algorithm. Consequently, these basis conversions can be avoided altogether, saving \Omega(\mathopen{}\mathclose{{}\left|I_{d,n}}\right|) operations.
For our second improvement, we modify the evaluation step of the encoding algorithm to take advantage of the fact that the polynomial being evaluated has support contained in , a proper, and possibly much smaller, subset of the initial segment for which we apply Algorithm 1. In the univariate case, we need only modify the algorithm to take advantage of the fact that the polynomial has degree at most rather than at most . And it is straightforward to modify the algorithm of Section 2.2 accordingly. The following lemma allows us to extend the modified univariate algorithm to the multivariate case.
Lemma 12**.**
If the inputs of Algorithm 1 satisfy and f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}=0 for \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I\setminus I_{d,n}, for some , then at the beginning of the th iteration of the outer loop of the algorithm, for , we have f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}=0 for all \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}=(i_{1},\dotsc,i_{n})\in I such that .
Proof.
We prove the lemma by induction on . The statement holds trivially for the first iteration. Therefore, suppose that at the beginning of the th iteration of the outer loop, for some , we have f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}=0 for all \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}=(i_{1},\dotsc,i_{n})\in I such that . Then for all \mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}=(j_{1},\dotsc,j_{\ell-1},i_{\ell+1},\dotsc,i_{n})\in\pi_{\ell}(I) such that , the subvector (f_{(j_{1},\dotsc,j_{\ell-1},i_{\ell},i_{\ell+1},\dotsc,i_{n})})_{i_{\ell}\in\mu_{\ell}(I,\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}})} contains all zeros and is consequently unchanged by the call to the univariate algorithm. As the sets
[TABLE]
for \mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}=(j_{1},\dotsc,j_{\ell-1},i_{\ell+1},\dotsc,i_{n})\in\pi_{\ell}(I) form a partition of , it follows that at the beginning of the next iteration we have f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}=0 for all \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}=(i_{1},\dotsc,i_{n})\in I such that . ∎
It follows from Lemma 12 that during the evaluation step of the encoding algorithm, the inner loop of Algorithm 1 need only be performed for such that . Moreover, for each such , the univariate algorithm evaluates a polynomial of degree at most . Consequently, it is straightforward to extend the modified univariate algorithm to the multivariate case. To give some indication of the number of operations saved by this modification, we observe that the number of zero entries described by Lemma 12 over all iterations is equal to
[TABLE]
Hence, the modification saves the most operations when the rate \mathopen{}\mathclose{{}\left|I_{d,n}}\right|/\mathopen{}\mathclose{{}\left|C_{s,n}}\right| of the code is low.
For the final modification, we stop the evaluation step of the encoding algorithm from recomputing the input message, saving \Omega(\mathopen{}\mathclose{{}\left|I_{d,n}}\right|) operations. These entries of the input and output are indexed by the information set . Consequently, during the last iteration of the outer loop of Algorithm 1, where we call the univariate algorithm on (f_{(j_{1},\dotsc,j_{n-1},i_{n})})_{i_{n}\in C_{s-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu\mkern 5.0mu\mathbin{\operator@font div}\penalty 900\mkern 5.0mu\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu{q}}\right|,n}} for each \mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}=(j_{1},\dotsc,j_{n-1})\in C_{s,n-1}, the univariate algorithm need only return correct values in those entries with . The entries indexed by will then be correct at the end of the algorithm, while the remaining entries will contain meaningless values. Therefore, if the modification can be implement for the univariate case, then it readily extends to the multivariate case.
4. Encoding algorithm for high-rate codes
Let m=(m_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}})_{\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I_{d,n}} be a message vector of a multiplicity code . Then Lemma 3 implies that there exists a unique polynomial F_{C}\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{C_{s,n}} such that
[TABLE]
Let F_{C}\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in C_{s,n}}=(f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in C_{s,n}}, and define polynomials F_{I}=\sum_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I_{d,n}}f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}} and F_{R}=-\sum_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in R_{d,s,n}}f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}. Then . As is an initial segment that is disjoint with , we have \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\ngeq\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}} for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in I_{d,n} and \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in R_{d,s,n}. Thus, Lemma 2 implies that
[TABLE]
It follows that F_{I}\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{I_{d,n}}=\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{d} is the polynomial that corresponds to the message . Moreover, as E(F_{I},\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}) and E(F_{R},\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}) agree for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in R_{d,s,n}, the polynomial may be used to compute the unknown entries of the systematic encoding of . In this section, we show that when the rate \mathopen{}\mathclose{{}\left|I_{d,n}}\right|/\mathopen{}\mathclose{{}\left|C_{s,n}}\right| of is sufficiently close to one, so that has much fewer nonzero coefficients on the Newton basis than , the unknown entries of the systematic encoding can be computed more efficiently by using in place of . When this gain is sufficient to compensate for the extra cost of computing (for which we first compute ), when compared to that of directly computing , we also gain an advantage over the encoding algorithm of Section 3.
To compute the values E(F_{R},\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}) for \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}\in R_{d,s,n}, we use Algorithm 1 with as our starting point. Then following an approach similar to that used in Section 3.1, we eliminate unnecessary operations from the algorithm by taking advantage of the fact that F_{R}\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in C_{s,n}} has zeros in those entries with indices in . Once again we find that the multivariate case follows readily from the univariate case. Consequently, we begin this section by considering the univariate problem.
4.1. Univariate algorithm
Let be a positive integer and . Then the definition of the Hasse derivative implies that
[TABLE]
Thus, computing the values for is equivalent to computing the polynomials on the monomial basis for . Suppose now that for some nonnegative integer , the polynomial is of the form with coefficients . Then divides , allowing us to reduce the problem of computing the values for to the lower degree problems of computing and for , with polynomial multiplications modulo to combine the results. We improve upon this approach by replacing by its largest factor that is invariant under Taylor shifts.
Let r=\mathopen{}\mathclose{{}\left\lfloor(d+1)/q}\right\rfloor. Then divides since , and
[TABLE]
Therefore, if we let , then
[TABLE]
Hence, we can compute the values for by first computing the polynomials on the monomial basis for , for which we can use Chin’s Hermite evaluation algorithm, then multiplying each shifted polynomial by . Applying this approach, we obtain Algorithm 4. We allow the input of the algorithm to be negative, in which case , in order to simplify the description of the multivariate algorithm in the next section.
Lemma 13**.**
Algorithm 4 performs \mathcal{O}\mathopen{}\mathclose{{}\left(\operatorname{\mathsf{M}}((s-r)q)\log((s-r)q)}\right) operations in , where r=\max(\mathopen{}\mathclose{{}\left\lfloor(d+1)/q}\right\rfloor,0).
Proof.
Equation (6) implies that for . Consequently, in Line 4 of the algorithm, the coefficient vector of on the Newton basis can be read directly from the coefficient vector of . As , Lemma 6 therefore implies that Line 4 performs \mathcal{O}\mathopen{}\mathclose{{}\left(\operatorname{\mathsf{M}}\mathopen{}\mathclose{{}\left((s-r)q}\right)\log\mathopen{}\mathclose{{}\left((s-r)q}\right)}\right) operations in . Similarly, Lemma 5 implies that Line 5 performs \mathcal{O}\mathopen{}\mathclose{{}\left(\operatorname{\mathsf{M}}\mathopen{}\mathclose{{}\left((s-r)q}\right)\log\mathopen{}\mathclose{{}\left((s-r)q}\right)}\right) operations in . Finally, Lines 6–8 perform multiplications of polynomials with degree less than , requiring at most operations in . Hence, Algorithm 4 performs \mathcal{O}\mathopen{}\mathclose{{}\left(\operatorname{\mathsf{M}}((s-r)q)\log((s-r)q)}\right) operations in . ∎
We have included the polynomial as an input to Algorithm 4 for the benefit of the multivariate algorithm of the next section, which is able to reuse these inputs for multiple calls to the algorithm. For an instance of the univariate problem, this input can be computed in \mathcal{O}(\operatorname{\mathsf{M}}(\mathopen{}\mathclose{{}\left\lceil(s-r)/(q-1)}\right\rceil)\log r) operations in by the square and multiply algorithm for exponentiation. Alternatively, one can use the binomial theorem and Lucas’ lemma [19, p. 230] (see also [11]).
4.2. Multivariate algorithm
Recall that the polynomial defined in Section 4 has support on the monomial basis that is contained in , while its coefficient vector F_{R}\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in C_{s,n}} has zeros in those entries with indices in for some . The following lemma implies that if Algorithm 1 is called on and the coefficient vector of , then the zeros in the entries indexed by persist throughout the algorithm.
Lemma 14**.**
If the inputs of Algorithm 1 satisfy f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}=0 for \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I\cap I_{d,n}, for some , then at the beginning of the th iteration of the outer loop of the algorithm, for , we have f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}=0 for \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I\cap I_{d,n}.
Proof.
We prove the lemma by induction on . The statement holds trivially for the first iteration. Therefore, suppose that for some and we have f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}=0 for \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I\cap I_{d,n} at the beginning of the th iteration of the outer loop. Let \mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}=(j_{1},\dotsc,j_{\ell-1},i_{\ell+1},\dotsc,i_{n})\in\pi_{\ell}(I). Then for i_{\ell}\leq d-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}}\right|, and Lemma 2 implies that
[TABLE]
for j_{\ell}\in\mu_{\ell}(I,\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}). Thus, the entries of (f_{(j_{1},\dotsc,j_{\ell-1},i_{\ell},i_{\ell+1},\dotsc,i_{n})})_{i_{\ell}\in\mu_{\ell}(I,\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}})} with i_{\ell}\leq d-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}}\right| are still zero after the univariate Hermite evaluation algorithm has been called on the vector in Line 5. Hence, f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}=0 for \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I\cap I_{d,n} at the end of the th iteration of the outer loop. ∎
Let such that , and F\in\mathbb{F}_{q}[\mathchoice{\mbox{\boldmath\displaystyle X}}{\mbox{\boldmath\textstyle X}}{\mbox{\boldmath\scriptstyle X}}{\mbox{\boldmath\scriptscriptstyle X}}]_{C_{s,n}} such that its coefficient vector F\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in C_{s,n}}=(f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in C_{s,n}} satisfies f_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}}=0 for \mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in I_{d,n}. Then it follows from Lemma 14 that if Algorithm 1 is called on and F\dashv(N_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}})_{\mathchoice{\mbox{\boldmath\displaystyle i}}{\mbox{\boldmath\textstyle i}}{\mbox{\boldmath\scriptstyle i}}{\mbox{\boldmath\scriptscriptstyle i}}\in C_{s,n}}, then each time Line 5 of the algorithm is executed, the vector
[TABLE]
has zeros in those entries with i_{\ell}\in I_{d-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}}\right|,1}. We can take advantage of these zero entries by modifying Line 5 so that Algorithm 4 is called on the vector (f_{(j_{1},\dotsc,j_{\ell-1},i_{\ell},i_{\ell+1},\dotsc,i_{n})})_{i_{\ell}\in R_{d-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}}\right|,s-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu\mkern 5.0mu\mathbin{\operator@font div}\penalty 900\mkern 5.0mu\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu{q}}\right|,1}}. This modification requires that Algorithm 4 is provided with the polynomial
[TABLE]
Therefore, along with the modification to Line 5 of the algorithm, we can introduce a precomputation step to the algorithm where the polynomials
[TABLE]
are computed on the monomial basis. Then each call to Algorithm 4 only requires that one of these polynomials be trivially reduced modulo some power of . By making these modifications to Algorithm 1, we obtain Algorithm 5.
We streamline notation during the complexity analysis of Algorithm 5 by defining \Delta_{d,s}=\mathopen{}\mathclose{{}\left(s-\max(\mathopen{}\mathclose{{}\left\lfloor(d+1)/q}\right\rfloor,0)}\right)q for , and for nonzero . Then Lemma 13 implies that Algorithm 4 performs \mathcal{O}(\operatorname{\mathsf{M}}^{*}(\Delta_{d-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}}\right|,s-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu\mkern 5.0mu\mathbin{\operator@font div}\penalty 900\mkern 5.0mu\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu{q}}\right|})) operations in during Line 9 of Algorithm 5. The following lemma is used to bound the total number of operations performed by Algorithm 4 over each iteration of the main loop.
Lemma 15**.**
For and such that and ,
[TABLE]
Proof.
We prove the lemma by induction on . Suppose that such that and . Then for all integers , we have
[TABLE]
It follows that
[TABLE]
Therefore, the lemma is true for since
[TABLE]
and
[TABLE]
Suppose now that and that the lemma is true for all smaller values of . Let such that and . Then
[TABLE]
For , we have and . Thus, the induction hypothesis implies that for each , the inner sum on the right-hand side of (9) is at most
[TABLE]
Here, the first factor is always less than or equal to 1+\max(\mathopen{}\mathclose{{}\left\lfloor d/q}\right\rfloor+1,0)/s. Therefore, combining and substituting these upper bounds into (9) yields the inequality
[TABLE]
Equation (8) with implies that the sum on the right-hand side of this inequality is equal to \mathopen{}\mathclose{{}\left|R_{d,s,n}}\right|. Hence, (7) holds and the lemma follows by induction. ∎
Lemma 16**.**
Algorithm 5 performs
[TABLE]
operations in , where \delta=sq-\max\mathopen{}\mathclose{{}\left(d+1-n(q-1),0}\right).
Proof.
Each polynomial is of the form for some polynomial of degree less than \mathopen{}\mathclose{{}\left\lceil(s-r)/(q-1)}\right\rceil. Thus, Lines 4–6 of the algorithm perform at most \mathopen{}\mathclose{{}\left\lceil(s-1)/(q-1)}\right\rceil\mathopen{}\mathclose{{}\left\lfloor(d+1)/q}\right\rfloor operations in . As the polynomials are written on the monomial basis, no operations in are performed in order to compute their residues in Line 9. Consequently, Lemma 13 implies that Line 9 performs \mathcal{O}(\operatorname{\mathsf{M}}^{*}(\Delta_{d-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}}\right|,s-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu\mkern 5.0mu\mathbin{\operator@font div}\penalty 900\mkern 5.0mu\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu{q}}\right|})) operations in . Hence, Algorithm 5 performs
[TABLE]
operations in . As is a nondecreasing function of , so too is . Moreover, for \mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}\in C_{s,n-1},
[TABLE]
Letting \delta=sq-\max\mathopen{}\mathclose{{}\left(d+1-n(q-1),0}\right), it follows that
[TABLE]
Combining this inequality with (7) and (11) completes the proof. ∎
The factor 1+(\mathopen{}\mathclose{{}\left\lfloor d/q}\right\rfloor+1)/s of the first term of the complexity bound (10) measures the penalty that results from the complexity of Algorithm 4 being a function of rather than a function of \mathopen{}\mathclose{{}\left|R_{d,s,1}}\right|. The former may be larger by a factor of , while the penalty incurred by Algorithm 5 is limited to a factor of . We have made no attempt to optimise the size of this factor, which would require strengthening the bound of Lemma 15. For such that , contains the vectors \mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}+\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}}q for all (\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}},\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}})\in[q]^{n}\times\mathbb{N}^{n} such that \mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle j}}{\mbox{\boldmath\textstyle j}}{\mbox{\boldmath\scriptstyle j}}{\mbox{\boldmath\scriptscriptstyle j}}}\right|\geq q and \mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle t}}{\mbox{\boldmath\textstyle t}}{\mbox{\boldmath\scriptstyle t}}{\mbox{\boldmath\scriptscriptstyle t}}}\right|=s-1. Thus, we obtain the crude lower bound
[TABLE]
From this bound, it is readily deduce that the value defined in Lemma 16 is \mathcal{O}(\mathopen{}\mathclose{{}\left|R_{d,s,n}}\right|) for . Similarly, the second term of (10) is \mathcal{O}(\mathopen{}\mathclose{{}\left|R_{d,s,n}}\right|) for . Thus, if is taken to be in , then Algorithm 5 performs \tilde{\mathcal{O}}(\mathopen{}\mathclose{{}\left|R_{d,s,n}}\right|) operations in for . For , the second term of (10) is only guaranteed to be \mathcal{O}(\mathopen{}\mathclose{{}\left|C_{s,2}}\right|), which is all that is required for fast encoding. Recall that the second term of (10) counts the cost of Lines 4–6 of Algorithm 5, which may be performed as a precomputation in many settings. With this precomputation and fast polynomial arithmetic, Algorithm 5 attains quasi-linear complexity for .
4.3. Encoding algorithm
The systematic encoding algorithm for high-rate multiplicity codes is presented in Algorithm 6. The algorithm follows the approach described in Section 4: first, the extended interpolation problem is solved in order to recover the polynomial , after which is deduced and used to compute the non-message entries of the encoding. Taking the univariate algorithm used by Algorithm 2 to be Chin’s interpolation algorithm, as modified in Section 2.2, it follows from Theorem 4 that Line 3 of the algorithm performs
[TABLE]
operations in . Line 4 then performs \mathopen{}\mathclose{{}\left|R_{d,s,n}}\right| (cheap) multiplications by . Lines 6 and 7 perform operations in if (see Section 4.1), while Lemma 16 bounds the number of operations performed by Line 9 if . Combining the bounds provides a second proof of Theorem 11.
5. Conclusion
We presented two quasi-linear time systematic encoding algorithms for multiplicity codes which provide complimentary performance in practical settings. Of the two algorithms, the one that provides the shortest encoding time for a given set of parameters will vary with the choice of univariate algorithms. Moreover, their encoding times depend on additional factors besides the number of field operations they perform. Consequently, we cannot draw solid conclusions about the relative performance of the two algorithms in a given practical setting by comparing their stated complexities (which would also require estimating hidden constants). However, as the encoding algorithms share the same underlying subroutines, implementing both algorithms on a particular architecture should not require much more effort than implementing just one of the algorithms, and would allow for direct comparisons to be made.
In Section 3.1, we described modifications to the encoding algorithm for low-rate codes which were aimed at improving its practical performance by eliminating some unnecessary operations. Similar modifications may also be made to the encoding algorithm for high-rate codes, but we omit details here. The algorithm for high-rate codes would also benefit from improving or replacing Algorithm 4 so that Line 9 of Algorithm 5 can always be performed in \tilde{\mathcal{O}}(\mathopen{}\mathclose{{}\left|R_{d-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}}\right|,s-\mathopen{}\mathclose{{}\left|\mathchoice{\mbox{\boldmath\displaystyle k}}{\mbox{\boldmath\textstyle k}}{\mbox{\boldmath\scriptstyle k}}{\mbox{\boldmath\scriptscriptstyle k}}\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu\mkern 5.0mu\mathbin{\operator@font div}\penalty 900\mkern 5.0mu\nonscript\mskip-4.0mu plus -2.0mu minus -4.0mu{q}}\right|,1}}\right|) operations and without the need to provide the additional polynomial input.
The Hermite interpolation and evaluation algorithms of Section 2 may be of independent interest. The dependency of the multivariate algorithms on the univariate algorithms draws our attention to the problem of optimising the choice of univariate algorithms. In this direction, it would be interesting to develop fast univariate Hermite interpolation and evaluation algorithms that work natively on the Newton basis, which would allow us to avoid the basis conversions that are necessary when using the algorithms discussed in Section 2.2. Encouragingly, such algorithms already exist for instances that do not involve derivatives [5, Section 5.1]. It would also be interesting to further investigate the benefits offered by the techniques of van der Hoeven [13] when using the algorithms of Section 2.2.
Acknowledgements
The author would like to thank Daniel Augot and Françoise Levy-dit-Vehel for their helpful comments on this and earlier versions of the paper, and Joris van der Hoeven for bringing reference [13] to the author’s attention.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] A. V. Aho, K. Steiglitz, and J. D. Ullman, Evaluating polynomials at fixed sets of points , SIAM J. Comput. 4 (1975), no. 4, 533–539.
- 2[2] Daniel Augot, Françoise Levy-dit-Vehel, and Cuong M. Ngô, Information sets of multiplicity codes , Proceedings of the 2015 IEEE International Symposium on Information Theory (ISIT), IEEE, June 2015, pp. 2401–2405.
- 3[3] Daniel Augot, Françoise Levy-dit-Vehel, and Abdullatif Shikfa, A storage-efficient and robust private information retrieval scheme allowing few servers , Cryptology and network security, Lecture Notes in Comput. Sci., vol. 8813, Springer, Cham, 2014, pp. 222–239.
- 4[4] Dario Bini and Victor Y. Pan, Polynomial and matrix computations. Vol. 1 , Progress in Theoretical Computer Science, Birkhäuser Boston, Inc., Boston, MA, 1994, Fundamental algorithms.
- 5[5] Alin Bostan and Éric Schost, Polynomial evaluation and interpolation on special sets of points , J. Complexity 21 (2005), no. 4, 420–446.
- 6[6] Peter Bürgisser, Michael Clausen, and M. Amin Shokrollahi, Algebraic complexity theory , Grundlehren der Mathematischen Wissenschaften, vol. 315, Springer-Verlag, Berlin, 1997.
- 7[7] David G. Cantor and Erich Kaltofen, On fast multiplication of polynomials over arbitrary algebras , Acta Inform. 28 (1991), no. 7, 693–701.
- 8[8] Francis Y. Chin, A generalized asymptotic upper bound on fast polynomial evaluation and interpolation , SIAM J. Comput. 5 (1976), no. 4, 682–690.
