Certification of Minimal Approximant Bases

Abstract

For a given computational problem, a certificate is a piece of data that one (the prover) attaches to the output with the aim of allowing efficient verification (by the verifier) that this output is correct. Here, we consider the minimal approximant basis problem, for which the fastest known algorithms output a polynomial matrix of dimensions m x m and average degree D/m using O~(mømega D/m) field operations. We propose a certificate which, for typical instances of the problem, is computed by the prover using O(mømega D/m) additional field operations and allows verification of the approximant basis by a Monte Carlo algorithm with cost bound O(mømega + m D). Besides theoretical interest, our motivation also comes from the fact that approximant bases arise in most of the fastest known algorithms for linear algebra over the univariate polynomials; thus, this work may help in designing certificates for other polynomial matrix computations. Furthermore, cryptographic challenges such as breaking records for discrete logarithm computations or for integer factorization rely in particular on computing minimal approximant bases for large instances: certificates can then be used to provide reliable computation on outsourced and error-prone clusters.