Freivalds’ Algorithm
Freivalds, Rusins. “Probabilistic Machines Can Use Less Running Time.” IFIP congress. Vol. 839. 1977.
Problem Statement
Suppose we are given as input two n × n n \times n n×n matrices A A A and B B B over F p \mathbb{F}_p Fp, where p > n 2 p > n^2 p>n2 is a prime number. The fastest known algorithm for accomplishing this task in time roughly O ( n 2.37286 ) \mathcal{O}(n^{2.37286}) O(n2.37286).
Suppose someone hands us a matrix C C C. Our goal is to check whether or not the product matrix A ⋅ B = C A \cdot B = C A⋅B=C in O ( n 2 ) \mathcal{O}(n^{2}) O(n2) time.
Algorithm
First, choose a random r ∈ F p r \in \mathbb{F}_p r∈Fp, and let x = ( 1 , r , r 2 , . . . , r n − 1 ) x = (1,r,r^2,...,r^{n−1}) x=(1,r,r2,...,rn−1). Then compute y = C x y =Cx y=Cx and z = A ⋅ B x z = A \cdot Bx z=A⋅Bx, outputting 1 1 1 if y = z y = z y=z and 0 0 0 otherwise.
Time Cost
- vector x = ( 1 , r , r 2 , . . . , r n − 1 ) x = (1,r,r^2,...,r^{n−1}) x=(1,r,r2,...,rn−1) can be done with O ( n ) \mathcal{O}(n) O(n) total multiplication operations.
- Multiply an n × n n \times n n×n matrix by an n-dimensional vector can be done in O ( n 2 ) \mathcal{O}(n^{2}) O(n2) time.
2.1. y = C x y = Cx y=Cx : O ( n 2 ) \mathcal{O}(n^{2}) O(n2) time
2.2. w = B x w = Bx w=Bx : O ( n 2 ) \mathcal{O}(n^{2}) O(n2) time
2.3. z = A w z = Aw z=Aw : O ( n 2 ) \mathcal{O}(n^{2}) O(n2) time
Explaination
Recall the Reed-Solomon Fingerprinting: Encode vector a a a and b b b with Reed-Solomon Encoding: p a ( x ) = ∑ i = 1 n a i r i − 1 p_a(x) = \sum_{i=1}^na_ir^{i-1} pa(x)=∑i=1nairi−1, p b ( x ) = ∑ i = 1 n b i r i − 1 p_b(x) = \sum_{i=1}^nb_ir^{i-1} pb(x)=∑i=1nbiri−1. If a i = b i a_i = b_i ai=bi for all i = 1 , . . . , n i = 1,...,n i=1,...,n, then p a ( r ) = p b ( r ) p_a(r)=p_b(r) pa(r)=pb(r) for every possible choice of r r r. Otherwise, if there is even one i i i such that a i ≠ b i a_i \neq b_i ai=bi, p a ( r ) = p b ( r ) p_a(r)=p_b(r) pa(r)=pb(r) with probability at least 1 − ( n − 1 ) / p 1 − (n − 1)/p 1−(n−1)/p. (It can be proved by Schwartz-Zippel Lemma.)
The encoding is distance-amplifying: if a a a and b b b differ on even a single coordinate, then their encodings will differ on a 1 − ( n − 1 ) / p 1−(n−1)/p 1−(n−1)/p fraction of coordinates. Due to the distanceamplifying nature of the code, checking equality of two vectors a and b was reduced to checking equality of a single randomly chosen entry of the encodings.
