Schwartz-Zippel for multilinear polynomials mod N

04/11/2022
by   Benedikt Bünz, et al.
0

We derive a tight upper bound on the probability over 𝐱=(x_1,…,x_μ) ∈ℤ^μ uniformly distributed in [0,m)^μ that f(𝐱) = 0 N for any μ-linear polynomial f ∈ℤ[X_1,…,X_μ] co-prime to N. We show that for N=p_1^r_1,...,p_ℓ^r_ℓ this probability is bounded by μ/m + ∏_i=1^ℓ I_1/p_i(r_i,μ) where I is the regularized beta function. Furthermore, we provide an inverse result that for any target parameter λ bounds the minimum size of N for which the probability that f(𝐱) ≡ 0 N is at most 2^-λ + μ/m. For μ =1 this is simply N ≥ 2^λ. For μ≥ 2, log_2(N) ≥ 8 μ^2+ log_2(2 μ)·λ the probability that f(𝐱) ≡ 0 N is bounded by 2^-λ +μ/m. We also present a computational method that derives tighter bounds for specific values of μ and λ. For example, our analysis shows that for μ=20, λ = 120 (values typical in cryptography applications), and log_2(N)≥ 416 the probability is bounded by 2^-120+20/m. We provide a table of computational bounds for a large set of μ and λ values.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset