[Applied Algebra] MQ equation solution on GF(2): Wu elimination method implementation

${\mathbb{F}}_2$Realization of Wu Elimination Method of Upper MQ Equation

---

Due to the difficulty of solving the MQ problem with the Groebner-based method, we have tried the MQ-to-SAT method and the MQ-to-SMT method to solve the problem, but the solution effect is still limited. After further research, we designed a solution algorithm based on the Wu elimination method ; More importantly, we have identified the next path: only by sticking to the path of experimental algorithm can we hope to improve $F_2$Solving such NP-problems on the MQ equation;

The source code of this article: the implementation of the Wu elimination method of the MQ equation

---

$F_2$The Difficulty of Searching for the Solution of the Upper MQ Equation

Let's first look at $F_2$The solution distribution characteristics of the above MQ equation: In the figure, we do not really show the relative position of the solution (because it is in nnin$n$$A\; point\; in\; n$ -dimensional space (in$F_2^n$above) embedded in $on\; the\; x-$ axis, so$Adjacent\; points\; in\; the\; n$ -dimensional space do not reflect the adjacency on the line, but it does not hinder our intuitive understanding of the random distribution characteristics of the number of equations that can be satisfied by the solution. It can be seen that to find M = 16 M =$M=The\; point\; of\; 16$ (that is, the solution of the equation) is a difficult search problem;

---

Wu elimination method to solve ${\mathbb{F}}_2$On the MQ problem

The core algorithm of Wu's elimination method is "quasi-division". We assume that there is a polynomial $f,g\in k[x_1,...,x_n]$ , they all contain the variable$x_i$, also assuming that the variable $x_i$The item order of is the most front, which is the next variable to be eliminated, then we use the quasi-division method $\mathrm{REM}(f,g,x_i)$ can get the quotient and remainder polynomials q , rq, rof the quasi-division result$q,r$ , where$r$ is without variable$x_i$, so we get the elimination result (of course what we don't want to see is $r=0$ ); Note that the Wu elimination method is often more efficient than the Groebner basis method in practical applications[1];

We assume that the existing polynomial equations $g_1,...,g_m\in k[x_1,...,x_n]$ , we hope to obtain the feature column in the following form through the method of zero elimination:

$$\begin{array}{rl}{f}_1& =f_1(x_1)\\ f_2& =f_2(x_1,x_2)\\ & ⋮\\ f_n& =f_n(x_1,\dots ,x_n)\end{array}$$

We expect $f_1\ne 0,...,f_n\ne 0$ , so that we can solve$x_1...x_n$, but in reality, the system of polynomial equations $g_1,...,g_m$With multiple feature columns, we have a high probability of not getting such a strict triangular column (our experiments have also proved this point), in most cases, we can only get a triangular column of the following form:

$$\begin{array}{rl}{f}_1& =f_1(x_1)=0\\ f_2& =f_2(x_1,x_2)=0\\ & ⋮\\ f_n& =f_n(x_1,\dots ,x_i)=0\\ & ⋮\\ f_n& =f_n(x_1,\dots ,x_{n-1})\ne 0\\ f_n& =f_n(x_1,\dots ,x_{n-1},x_n)\ne 0\end{array}$$

Such a triangular sequence is also a characteristic sequence of the original equation system, but we cannot rely on it to solve the original equation; we will discuss later that if we want to find a strict triangular sequence, its essence is a search problem (we I originally wanted to escape the original solution space search problem by eliminating elements, but fell into another search problem, so the intuitive feeling is that the essence of the MQ problem is a search problem);

Example. 1. (Wu elimination method to find the feature sequence) : consider $k[x_1...x_4]$ on polynomial equations: orderP = { P 1 , P 2 , P 3 } \mathcal{P}=\{P_{1}, P_{2}, P_{3}\}P={ P1​,P2​,P3​} , where

$$\begin{array}{rl}& P_1=x_1{x}_4^2+x_4^2-x_1{x}_2{x}_4-x_2{x}_4+x_1{x}_2+3x{\_}_2\\ & P_2=x_1{x}_4+x_3-x_1{x}_2\\ & P_3=x_3{x}_4-2x{\_}_2^2-x_1{x}_2-1\end{array}$$

The elimination process is as follows (input polynomial set $P$ , the output feature column$\mathcal{C}$):

P = F 1 = { P 1 , P 2 , P 3 } ⊂ F 2 = { P 1 , ⋯   , P 5 } ⊂ F 3 = { P 1 , ⋯   , P 6 } B 1 = [ P 2 ] B 2 = [ P 4 , P 2 ] B 3 = [ P 6 , P 4 , P 2 ] = C R 1 = { P 4 , P 5 } R 2 = { P 6 } R 3 = ∅ , \begin{aligned} \mathcal{P}=&\mathcal{F}_{1}=\{P_{1}, P_{2}, P_{3}\} \quad \subset \mathcal{F}_{2}=\{P_{1}, \cdots, P_{5}\} \quad \subset \mathcal{F}_{ {3}}=\{P_{1}, \cdots, P_{ {6}}\} \\ &\mathcal{B}_{1}=[P_{2}] \quad \quad \quad \mathcal{B}_{2}=[P_{4}, P_{2}] \quad \quad \quad \mathcal{B}_{3}=[P_{6}, P_{4}, P_{2}]=\mathcal{C}\\ &\mathcal{R}_{1}=\{P_{4}, P_{5}\} \quad \quad \quad \mathcal{R}_{2}=\{P_{6}\} \quad \quad \quad \mathcal{R}_{3}=\varnothing, \end{aligned} P=​F1​={ P1​,P2​,P3​}⊂F2​={ P1​,⋯,P5​}⊂F3​={ P1​,⋯,P6​}B1​=[P2​]B2​=[P4​,P2​]B3​=[P6​,P4​,P2​]=CR1​={ P4​,P5​}R2​={ P6​}R3​=∅,​

where, $P_4=\mathrm{REM}(P_1,P_2,x_4)$ ,$P_4=\mathrm{REM}(P_3,P_2,x_4)$ , and$P_6=\mathrm{REM}(P_4,P_5,x_3)$ ; Finally we can get the triangular feature column:

$$\begin{array}{rl}\mathbb{C}& =[C_1,C_2,C_3]\\ & =[\begin{array}{l}{x}_1(2x{\_}_1{x}_2^2+2x{\_}_2^2-2x{\_}_1{x}_2+x_1+1)\\ x_1{x}_3^2+x_3^2-x_1^2{x}_2{x}_3-x_1{x}_2{x}_3+x_1^3{x}_2+3x{\_}_1^2{x}_2]\\ x_1{x}_4+x_3-x_1{x}_2\end{array}.\end{array}$$

The algorithm for finding feature columns we used in the above example is formalized as follows, where $\mathrm{BasSet}(\mathcal{F},ord)$ is according to the item order$ordFind$ the system of equations$The\; essence\; of\; the\; base\; column\; of\; F$ is to find the next division formula used for quasi-division.

As we said earlier, the feature columns calculated by the above algorithm are not necessarily strict triangular columns. In fact, it is very difficult to find a strict triangular column (although it often exists in the solution of MQ problems); So is there an algorithm that must find a strict triangular sequence? Obviously, you only need to follow the item order $x_1,...,x_n$, it is enough to do pairwise elimination of variables one by one, but this kind of calculation complexity is very high, we now assume that $F$ is the number of arguments$n$ , the number of equations$The\; equation\; system\; of\; m$ , the first round of elimination$x_1$After that we get $C_m^2$equations, the second round of elimination $x_2$Then we get $C_{m(m-1)}^2$equations (of course, there will be 0 equations, but even if it is 0 equations, we only get it after the quasi-division operation)... and so on, for $n$ variables, the computational complexity of the elimination algorithm is$\mathcal{O}(m^n)$, this is simply more complex than the violent search solution$Of\left(m{2}^n\right)$is also higher;

Based on the above analysis, we can see that the computational complexity is $O\left(m^{The\; search\; strategy\; of\; the\; elimination\; algorithm\; of\; n}\right)$is breadth-first, that is, it must find out the characteristic elimination polynomial of each variable, which is actually unnecessary, because in fact, only the one corresponding to the strict triangular sequence needs to be found" Elimination path" is enough, so we designed a depth-first elimination algorithm;

During the running of the Wu elimination algorithm, the schematic diagram of the change of the number of elimination polynomials corresponding to the variables arranged according to the order of items, we start from $x_1$Start to eliminate, expect to get non-zero $f_n$, in this process, the number of polynomials will expand rapidly at the beginning, and then decrease quickly as the number of variables decreases, so that our elimination path often ends up at a certain xi $x_i$When the 0 polynomial is obtained and terminated (as shown in the path $w_2$Shown) We expect to find the path w 1 w_1 through depth-first search$w_1$, to get a strict non-zero triangular feature column:

The implementation of the depth-first Wu-elimination algorithm is as follows:

while VAR_ELIMINATED != ITEMS_VARS_USED[-1]:
    print(' ============  '+ str(VAR_ELIMINATED) +'  ================= ');
    INDEX_VAR = ITEMS_VARS_USED.index(VAR_ELIMINATED);
    print('R_m = '+str(len(CHARASTIC_SETS[VAR_ELIMINATED])));
    print('R_m+1 = '+str(len(CHARASTIC_SETS[ITEMS_VARS_USED[INDEX_VAR+1]])));
    if RUNNING_TIMES>50000:break;
    # --- checking stopping ---
    VAR_ELIMINATED_NEXT = ITEMS_VARS_USED[ ITEMS_VARS_USED.index(VAR_ELIMINATED_START)+1 ];
    if len(CHARSET_NUM_RECORD[VAR_ELIMINATED_NEXT])>2000:
        if CHARSET_NUM_RECORD[VAR_ELIMINATED_NEXT][-2000] == len(CHARASTIC_SETS[VAR_ELIMINATED_NEXT]):
           VAR_ELIMINATED_START = ITEMS_VARS_USED[ ITEMS_VARS_USED.index(VAR_ELIMINATED_START) +1];
           VAR_ELIMINATED = VAR_ELIMINATED_START;continue;
    if len(CHARASTIC_SETS[VAR_ELIMINATED])<2:
        VAR_ELIMINATED = VAR_ELIMINATED_START;continue; # back-tracing;
    if len(CHARASTIC_SETS[ITEMS_VARS_USED[-4]])>200 and (ITEMS_VARS_USED.index(VAR_ELIMINATED_START) < ITEMS_VARS_USED.index(ITEMS_VARS_USED[-5])):
        VAR_ELIMINATED_START = ITEMS_VARS_USED[-5];
        VAR_ELIMINATED = VAR_ELIMINATED_START;continue;
    # --- choosing polynomials ---
    if VAR_ELIMINATED==VAR_ELIMINATED_START:POLYNOMIAL_WUBAS = CHARASTIC_SETS[VAR_ELIMINATED][ np.random.randint( len(CHARASTIC_SETS[VAR_ELIMINATED]) ) ];
    POLYNOMIAL_DIV   = CHARASTIC_SETS[VAR_ELIMINATED][ np.random.randint( len(CHARASTIC_SETS[VAR_ELIMINATED]) ) ];
    while POLYNOMIAL_DIV == POLYNOMIAL_WUBAS:POLYNOMIAL_DIV = CHARASTIC_SETS[VAR_ELIMINATED][ np.random.randint( len(CHARASTIC_SETS[VAR_ELIMINATED]) ) ];
    INDEX_i = CHARASTIC_SETS[VAR_ELIMINATED].index(POLYNOMIAL_WUBAS);INDEX_j = CHARASTIC_SETS[VAR_ELIMINATED].index(POLYNOMIAL_DIV);
    while (VAR_ELIMINATED,(INDEX_i,INDEX_j)) in VISITED_POINTS:
        if VAR_ELIMINATED==VAR_ELIMINATED_START:POLYNOMIAL_WUBAS = CHARASTIC_SETS[VAR_ELIMINATED][ np.random.randint( len(CHARASTIC_SETS[VAR_ELIMINATED]) ) ];
        POLYNOMIAL_DIV   = CHARASTIC_SETS[VAR_ELIMINATED][ np.random.randint( len(CHARASTIC_SETS[VAR_ELIMINATED]) ) ];
        while POLYNOMIAL_DIV == POLYNOMIAL_WUBAS:POLYNOMIAL_DIV = CHARASTIC_SETS[VAR_ELIMINATED][ np.random.randint( len(CHARASTIC_SETS[VAR_ELIMINATED]) ) ];
        INDEX_i = CHARASTIC_SETS[VAR_ELIMINATED].index(POLYNOMIAL_WUBAS);INDEX_j = CHARASTIC_SETS[VAR_ELIMINATED].index(POLYNOMIAL_DIV);
        RUNNING_TIMES_VIS+=1;
        if RUNNING_TIMES_VIS>2000:
            NEED_TO_BACKT = True;RUNNING_TIMES_VIS=0;break;
    if NEED_TO_BACKT:
        NEED_TO_BACKT = False;
        VAR_ELIMINATED_START = ITEMS_VARS_USED[ ITEMS_VARS_USED.index(VAR_ELIMINATED_START) +1];
        VAR_ELIMINATED = VAR_ELIMINATED_START;continue;        
    CHARSET_NUM_RECORD[ITEMS_VARS_USED[INDEX_VAR+1]].append( len(CHARASTIC_SETS[ITEMS_VARS_USED[INDEX_VAR+1]]) );
    VISITED_POINTS.append( (VAR_ELIMINATED,(INDEX_i,INDEX_j)) );
    # --- Doing reduction on x_n ---
    POLYNOMIAL_QUO,POLYNOMIAL_REM = pseudo_division(POLYNOMIAL_WUBAS,POLYNOMIAL_DIV,VAR_ELIMINATED);
    if POLYNOMIAL_REM==0 or (POLYNOMIAL_REM in CHARASTIC_SETS[ITEMS_VARS_USED[INDEX_VAR+1]]):
        VAR_ELIMINATED = VAR_ELIMINATED_START;continue; # back-tracing;
    CHARASTIC_SETS[ITEMS_VARS_USED[INDEX_VAR+1]].append(POLYNOMIAL_REM);
    VAR_ELIMINATED = ITEMS_VARS_USED[INDEX_VAR+1];
    POLYNOMIAL_WUBAS = POLYNOMIAL_REM;
    RUNNING_TIMES+=1;print('Running --- '+str(RUNNING_TIMES));
    if VAR_ELIMINATED==ITEMS_VARS_USED[-1]:print(POLYNOMIAL_REM);

In fact, our above code adopts the idea of ​​depth-first, real-time detection of the location of the elimination. When the elimination process has passed the peak area of ​​the number of characteristic equations of the elimination, the number of equations decreases sharply, and it is easier at this time get $0$ polynomial, then we need to adjust the starting position of the search, and properly carry out the strategy of breadth first, so that it is easier to obtain strict feature columns, the following is for$m=16,n=As\; a\; result\; of\; running\; the\; MQ\; equations\; of\; 8$ , the equations were successfully solved:

 ============  t1  ================= 
R_m = 16
R_m+1 = 0
Running --- 1
 ============  t2  ================= 
R_m = 1
R_m+1 = 0
 ============  t1  ================= 
R_m = 16
R_m+1 = 1
Running --- 2
 ============  t2  ================= 
R_m = 2
R_m+1 = 0
Running --- 3
 ============  t3  ================= 
R_m = 1
R_m+1 = 0
 ============  t1  ================= 
R_m = 16
R_m+1 = 2
Running --- 4
 ============  t2  ================= 
R_m = 3
R_m+1 = 1
Running --- 5
 ============  t3  ================= 
R_m = 2
R_m+1 = 0
Running --- 6
 ============  t4  ================= 
R_m = 1
R_m+1 = 0
 ============  t1  ================= 
R_m = 16
R_m+1 = 3
... ... 

... ...
============  t5  ================= 
R_m = 533
R_m+1 = 41
... ...
 ============  t5  ================= 
R_m = 533
R_m+1 = 41
Running --- 13272
 ============  t6  ================= 
R_m = 42
R_m+1 = 5
Running --- 13273
 ============  t7  ================= 
R_m = 6
R_m+1 = 0
Running --- 13274
f_n = t8 + 1;

Among them, the order of variable elimination items is $t_1,...,t_8$,${\mathcal{R}}_m$Represents the current variable corresponding to the characteristic polynomial $f_m$The number of (non-zero), ${\mathcal{R}}_{m+1}$Represents the characteristic polynomial fm + 1 f_{m+1} corresponding to the current variable$f_{m+1}$(non-zero) number; finally get $f_n=t_8+1=0$ , which means$t_8=1$ , and then substituting the previous equations one by one to solve all the solutions (according to the zero point theorem, this is the original equation system (in the problem it is$0-$ dimensional ideal) corresponds to the cluster);

---

Summarize

In the process of solving the MQ equation by the Wu elimination method, when we use the quasi-division operation to eliminate variables according to a certain item order, we cannot always get non-0 $0$ polynomial, then the elimination will be interrupted, so that you can't get a non-zero$0$ triangular column to solve the equation in reverse, so we have to use the search problem processing strategy to solve this problem;

---

references

[1] Ideals, Varieties, and Algorithms,2004,DA Cox and Little, J. and D O’Shea;

[2] Algorithm design and analysis of satisfiability problems, 1997, He Simin;