Given an $a = \frac1x$ and $b = \frac1y$, is there some algebraic way to get the value $c = \frac1{x+y}$ using $a$ and $b$ without the use of inversions. I can't seem to figure it out and it might be so easy that there are no resources I could find. I am working over cryptography sized finite fields (256bit primes), an inversion is about 30-100 field multiplications depending on the setting, trying to minimize the number of field multiplications
Asked
Active
Viewed 53 times
1
-
Forgot to add, with out using inversions. Its trivial with the use of inversions. – s3binator Apr 24 '16 at 16:12
-
1How about $\frac{1}{xy}\frac{1}{\frac{1}{x}+\frac{1}{y}}$? – Cameron Williams Apr 24 '16 at 16:13
-
2Note that over a finite field of $q$ elements, $x^{q-2} = x^{-1}$, so you can always replace inversions by multiplications. – Magdiragdag Apr 24 '16 at 16:16
1 Answers
3
We can use $$\tag1c=\frac1{x+y}=\frac1{\frac1a+\frac1b} =\frac{ab}{a+b}$$
After an edit to the question, division is forbidden (or at least made very expensive), so we might try to find a solution with no division at all, i.e., with a polynomial in $a,b$. As $x^q=x$ for all $x\in\Bbb F_q$, we can replace $(1)$ with $$\tag2 c=ab(a+b)^{q-2} $$ whenever $a+b\ne0$ (in which case $c$ is not defined in the first place). This is a polynomial of degree $q$ and requires $O(\log q)$ multiplications (by repeated squaring). Can there be a polynomial $f(a,b)$ of lower degree? Note that $f(a,a)=\frac a2$ for all $a\ne 0$ (we assume characteristic $\ne 2$), hence $f$ certainly has degree $\ge q-1$. We conclude that we can beat $(2)$ by at most one degree; apart from the savings being minimal, I doubt that the freedom hidden in not having to produce useful output for $a=b$ allows the formation of a polynomial that can be evaluated any faster (as in: we will trade $\sim q$ additions for that one multiplication).
Hagen von Eitzen
- 374,180