¹¹institutetext: IIT Kanpur

On algorithms to find $p$ -ordering

Aditya Gulati Sayak Chakrabarti Rajat Mittal

Abstract

The concept of $p$ -ordering for a prime $p$ was introduced by Manjul Bhargava (in his PhD thesis) to develop a generalized factorial function over an arbitrary subset of integers. This notion of $p$ -ordering provides a representation of polynomials modulo prime powers, and has been used to prove properties of roots sets modulo prime powers. We focus on the complexity of finding a $p$ -ordering given a prime $p$ , an exponent $k$ and a subset of integers modulo $p^{k}$ .

Our first algorithm gives a $p$ -ordering for set of size $n$ in time $\widetilde{\mathcal{O}}(nk\log p)$ , where set is considered modulo $p^{k}$ . The subsets modulo $p^{k}$ can be represented succinctly using the notion of representative roots (Panayi, PhD Thesis, 1995; Dwivedi et.al, ISSAC, 2019); a natural question would be, can we find a $p$ -ordering more efficiently given this succinct representation. Our second algorithm achieves precisely that, we give a $p$ -ordering in time $\widetilde{\mathcal{O}}(d^{2}k\log p+nk\log p+nd)$ , where $d$ is the size of the succinct representation and $n$ is the required length of the $p$ -ordering. Another contribution that we make is to compute the structure of roots sets for prime powers $p^{k}$ , when $k$ is small. The number of root sets have been given in the previous work (Dearden and Metzger, Eur. J. Comb., 1997; Maulick, J. Comb. Theory, Ser. A, 2001), we explicitly describe all the root sets for $p^{2}$ , $p^{3}$ and $p^{4}$ .

Keywords:

root-sets computational complexity

p

-ordering polynomials prime powers

1 Introduction

Polynomials over finite fields have played a crucial role in computer science with impact on diverse areas like error correcting codes [BRC60, Hoc59, RS60, Sud97], cryptography [CR01, Odl85, Len91], computational number theory [AL86, AKS04] and computer algebra [Zas69, LLL82]. Mathematicians have studied almost all aspects of these polynomials; factorization of polynomials, roots of a polynomial and polynomials being irreducible or not are some of the natural questions in this area. There is lot of structure over finite field; we can deterministically count roots and find if a polynomials is irreducible in polynomial time [LN97]. Not just that, we also have efficient randomized algorithms for the problem of factorizing polynomials over finite fields [CZ81, Ber70].

The situation changes drastically if we look at rings instead of fields. Focusing our attention on the case of numbers modulo a prime power (ring $\bbbz_{p^{k}}$ , for a prime $p$ and a natural number $k\geq 2$ ) instead of numbers modulo a prime (field $\mathbb{F}_{p}$ ), we don’t even have unique factorization and the fact that the number of roots are bounded by the degree of the polynomial. Still, there has been some interesting work in last few decades. Maulik [Mau01] showed bound on number of roots sets, sets which are roots for a polynomial modulo a prime power. There has been some recent works giving a randomized algorithm for root finding [BLQ13] and a deterministic algorithm for root counting [DMS19, CGRW19].

The concept of $p$ -ordering and $p$ -sequences for a prime $p$ , introduced by Bhargava [Bha97], is an important tool in studying the properties of roots sets and polynomials over powers of prime $p$ [Mau01, Bha97, Bha09]. Bhargava’s main motivation to introduce $p$ -ordering was to generalize the concept of factorials ( $n!$ for $n\geq 0\in\bbbz$ ) from the set of integers to any subset of integers. He was able to show that many number-theoretic properties of this factorial function (like the product of any $k$ consecutive non-negative integers is divisible by $k!$ ) remain preserved even with the generalized definition for a subset of integers [Bha00].

For polynomials, $p$ -ordering allows us to give a convenient basis for representing polynomials on a subset of ring $\bbbz_{p^{k}}$ . One of the interesting problem for polynomials over rings, of the kind $\bbbz_{p^{k}}$ , is to find the allowed root sets (Definition 3). Maulik [Mau01] was able to use this representation of polynomials over $\bbbz_{p^{k}}$ (from $p$ -ordering) to give asymptotic estimates on the number of root sets modulo a prime power $p^{k}$ ; he also gave a recursive formula for root counting.

Our contributions

While a lot of work has been done on studying the properties of $p$ -orderings [Mau01, Joh09, Bha09], there’s effectively no work on finding the complexity of the problem: given a subset of numbers modulo a prime power, find a $p$ -ordering. Our main contribution is to look at the computational complexity of finding $p$ -ordering in different settings. We also classify and count the root-sets for $\bbbz_{p^{k}}$ , when $k\leq 4$ , by looking at their symmetric structure.

•

$p$ -ordering for a general set: Suppose, we want to find the $p$ -ordering of a set $S\subseteq\bbbz_{p^{k}}$ , such that, $|S|=n$ . A naive approach, given in Bhargava [Bha97], gives a $\widetilde{\mathcal{O}}{(n^{3}k\log(p))}$ time algorithm. We exploit the recursive structure of $p$ -orderings and optimize the resulting algorithm using data structures. These optimizations allow us to give an algorithm that works in $\widetilde{\mathcal{O}}{(nk\log(p))}$ time. The details of the algorithm, its correctness and time complexity is given in Section 3.
•

$p$ -ordering for a subset in representative root representation: A polynomial of degree $d$ in $\bbbz_{p^{k}}$ can have exponentially many roots, but they can have at most $d$ representative roots [Pan95, DMS19, BLQ13] giving a succinct representation. The natural question is, can we have an efficient algorithm for finding a $p$ -ordering where the complexity scales according to the number of representative roots and not the size of the complete set. We answer this in affirmative, and provide an algorithm which works in $\widetilde{\mathcal{O}}{(d^{2}k\log{p}+nk\log{p}+nd)}$ time, where $d$ is the number of representative roots and $n$ is the length of $p$ -ordering. The details of this algorithm and its analysis are presented in Section 4.
•

Roots sets for small powers: A polynomial in $\bbbz_{p^{k}}$ , even with small degree, can have exponentially large number of roots. But not all subsets of $\bbbz_{p^{k}}$ are a root-set for some polynomial. The number of root-sets for the first few values of $k$ were calculated numerically by Dearden and Metzger [DM97]. Building on previous work, Maulik [Mau01] produced an upper bound on the number of root-sets for any $p$ and $k$ . He also gave a recursive formula for the exact number of root-sets using the symmetries in their structure. We look at the structure of these root sets and completely classify all possible root-sets for $k\leq 4$ . In Section 5, we discuss and distinctly describe all the root sets in $\bbbz_{p^{2}}$ , $\bbbz_{p^{3}}$ and $\bbbz_{p^{4}}$ .

2 Preliminaries

Our primary goal is to find a $p$ -ordering of a given set $S\subseteq\bbbz_{p^{k}}$ , for a given prime $p$ and an integer $k>0$ . Since the input size is polynomial in $|S|,\log p,k$ ; an efficient algorithm should run in time polynomial in these parameters. For the sake of clarity, $\log k$ factors will be ignored from complexity calculations; this omission will be expressed by using notation $\widetilde{\mathcal{O}}$ instead of $\mathcal{O}$ in time complexity. We also use $[n]$ for the set $\{0,1,\dots,n-1\}$ .

We begin by defining the valuation of an integer modulo a prime $p$ .

Definition 1.

Let $p$ be a prime and $a\neq 0$ be an integer. The valuation of the integer $a$ modulo $p$ , denoted $v_{p}(a)$ , is the integer $v$ such that $p^{v}\mid a$ but $p^{v+1}\nmid a$ . We also define $w_{p}(a):=p^{v_{p}(a)}$ .

If $a=0$ then both, $v_{p}(a)$ and $w_{p}(a)$ , are defined to be $\infty$ .

Definition 2.

For any ring $S$ with the usual operations $+$ and $\ast$ , we have

S+a:=\{x+a\mid x\in S\}\textit{\quad and\quad}a*S:=\{a\ast x\mid x\in S\}

Definition 3.

A given set $S$ is called a root set in a ring $R$ if there is a polynomial $f(x)\in R[x]$ , whose roots in $R$ are exactly the elements of $S$ .

Representative Roots:

The notion of representative roots in the ring $\bbbz_{p^{k}}$ has been used to concisely represent roots of a polynomial [Pan95, DMS19, BLQ13].

Definition 4.

The representative root $(a+p^{i}\ast)$ is a subset of $\bbbz_{p^{k}}$ ,

a+p^{i}\ast:=\{a+p^{i}y\mid y\in\bbbz_{p^{k-i-1}}\}

Extending, a set $S=\{r_{1},\cdots,r_{l}\}$ of representative roots correspond to $\bigcup\limits_{i=1}^{l}r_{i}\subseteq\bbbz_{p^{k}}$ . Conversely, we show that an $S\subseteq\bbbz_{p^{k}}$ can be uniquely represented by representative roots.

Definition 5.

Let $S\subseteq\bbbz_{p^{k}}$ , then the set of representative roots $S^{\textit{rep}}=\{r_{1}=\beta_{1}+p^{k_{1}}\ast,r_{2}=\beta_{2}+p^{k_{2}}\ast,...,r_{l}=\beta_{l}+p^{k_{l}}\ast\}$ is said to be a minimal root set representation of $S$ if

1.

$S=\bigcup\limits_{i=1}^{l}r_{i}$ ,
2.

$\nexists~{}r_{i},r_{j}\in S^{\textit{rep}}:r_{i}\subseteq r_{j}$ ,
3.

$\forall i:\bigcup\limits_{b\in[p]}\left(r_{i}+p^{k_{i}-1}\cdot b\right)\nsubseteq S$

Theorem 2.1.

Given any set $S\subseteq\bbbz_{p^{k}}$ , the minimal root set representation of $S$ is unique.

Proof.

For the sake of contradiction, let $S^{\textit{rep}}$ and $\widehat{S^{\textit{rep}}}$ be two different minimal representations of a set $S$ . There exists an $a\in S$ such that it belongs to both representations, $r\in S^{\textit{rep}}$ and $\widehat{r}\in\widehat{S^{\textit{rep}}}$ and $r\neq\widehat{r}$ . Then $r$ can be written as $a+p^{k_{1}}\ast$ and $\widehat{r}$ can be written as $a+p^{k_{2}}\ast$ .

By Observation B.1, $r\cap\widehat{r}\neq\emptyset$ implies $r\subset\widehat{r}$ or $\widehat{r}\subset r$ . Without loss of generality, let $\widehat{r}\subset r$ (equivalently $k_{1}<k_{2}$ ).

From $\widehat{r}\subset r$ and $k_{1}<k_{2}$ , $(\widehat{r}+b\cdot p^{k_{2}-1})\subseteq r$ for all $b\in[p]$ . Using $r\subseteq S$ , we get

\bigcup\limits_{b\in[p]}\left(\widehat{r}+b\cdot p^{k_{2}-1}\right)\subseteq S,

contradicting minimality of $\widehat{S^{\textit{rep}}}$ .

$\blacksquare$ ∎

$p$ -ordering and $p$ -sequence

Bhargava [Bha97] introduced the concept of $p$ -ordering for any subset of a Dedekind domain, we restrict to the rings of the form $\bbbz_{p^{k}}$ [Bha00].

Definition 6 ([Bha97]).

$p$ -ordering on a subset $S$ of $\bbbz_{p^{k}}$ is defined inductively.

1.

Choose any element $a_{0}\in S$ as the first element of the sequence.
2.

Given an ordering $a_{0},a_{1},\dots a_{i-1}$ up to $i-1$ , choose $a_{i}\in S\backslash\{a_{0},a_{1}\dots a_{i-1}\}$ which minimizes $v_{p}((a_{i}-a_{0})(a_{i}-a_{1})\dots(a_{i}-a_{i-1}))$ .

The $i$ -th element of the associated $p$ -sequence for a $p$ -ordering $a_{0},a_{1},\dots a_{n}$ is defined by

v_{p}(S,i)=\begin{cases}0\qquad i=0,\\ w_{p}((a_{i}-a_{0})(a_{i}-a_{1})\dots(a_{i}-a_{i-1}))\qquad i>0.\end{cases}

. In the $(i+1)$ -th step, let $x\in S\setminus\{a_{0},a_{1},...,a_{i-1}\}$ then the value $v_{p}((x-a_{0})(x-a_{1})\dots(x-a_{i-1}))$ is denoted as the $p$ -value of $x$ at that step. If the step is clear from context, we call the $p$ -value of that element at that step as its $p$ -value.

The $p$ -ordering on a subset of $\bbbz$ can be defined similarly. Bhargava surprisingly proved the following theorem.

Theorem 2.2 ([Bha97]).

For any two $p$ -orderings of a subset $S\subseteq\bbbz$ and a prime $p$ , the associated $p$ -sequences are same.

Few observations about $p$ -orderings/ $p$ -sequences/ representative roots are listed in Appendix B. We also use a min-heap data structure to optimize our algorithm, details of min-heap are given in Appendix C.

3 Algorithm to find p-ordering on a given set

The naive algorithm for finding the $p$ -ordering, from its definition, has time complexity $\widetilde{\mathcal{O}}(n^{3}k\log(p))$ (Appendix A). The main result of this section is the following theorem.

Theorem 3.1.

Given a set $S\subseteq\bbbz$ , a prime $p$ and an integer $k$ such that each element of $S$ is less than $p^{k}$ , we can find a $p$ -ordering on this set in $\widetilde{\mathcal{O}}(nk\log p)$ time.

The proof of the theorem follows by constructing an algorithm to find the $p$ -ordering.

Outline of the algorithm

We use the recursive structure of $p$ -ordering given by Maulik [Mau01]. Crucially, to find the $p$ -value of an element $a$ at each step, we only need to look at elements congruent $\bmod{p}$ to $a$ (Observation B.3).

Suppose $S_{j}$ is the set of elements of $S$ congruent to $j\bmod p$ . By the observation above, our algorithm constructs the $p$ -ordering of set $S$ by merging the $p$ -ordering of $S_{j}$ ’s. Given a $p$ -ordering up to some step, the next element for the $p$ -ordering of $S$ is computed by just comparing the first elements in $p$ -ordering of $S_{j}$ ’s (not present in the already computed $p$ -ordering). The $p$ -ordering of translated $S_{j}$ ’s is computed recursively (Observation B.4).

While merging the $p$ -orderings on each of the $S_{i}$ ’s, at each step we need to extract and remove the element with the minimum $p$ -value over all $S_{j}$ ’s and replace it with the next element from the $p$ -ordering on the same set $S_{j}$ . Naively, it would need to find the minimum over all $p$ number of elements taking $\widetilde{\mathcal{O}}{(p)}$ time. Instead, we use min heap data structure, using only $\widetilde{\mathcal{O}}{(\log p)}$ time for extraction and insertion of elements.

Each node of the min-heap( $H$ ) consists of the following values,

1.

$p\_value$ : contains $p$ -value of the element when added to $p$ -ordering,
2.

$set$ : contains the index of the set $S_{0},S_{1},...,S_{p-1}$ element belongs to, and
3.

$value$ : contains the value of the element.

These values are used to preserve the properties of the data structures used. With above intuition in mind, we develop Algorithm 1 to find the $p$ -ordering on a subset of $\bbbz$ .

Algorithm 1 Find p-ordering

1:procedure Merge(

S_{0},S_{1},...,S_{p-1}

)

S\leftarrow[\ ]

3: for

i\in[0,1,...,p-1]

4: for

j\in[0,...,len(S_{i})-1]

S_{i}[j].set\leftarrow i

i_{0},i_{1},i_{2},...i_{p-1}\leftarrow(0,0,...,0)

H\leftarrow\textsc{Create\_Min\_Heap($node=\{S_{0}[i_{0}],S_{1}[i_{1}],...,S_{p-1}[i_{p-1}]\},key=p\_value$)}

8: while H.IsEmpty()!=true do

a\leftarrow\textsc{Extract\_Min($H$)}

10:

j\leftarrow a.set

11: if

i_{j}<len(S_{j})

then

12:

i_{j}\leftarrow i_{j}+1

13: Insert(

H,S_{j}[i_{j}]

)

14:

S\leftarrow a

15: return

S

16:procedure Find_

p

-Ordering(

S

)

17: if length(S)==1 then

18:

S[0].p\_value\leftarrow 1

19: Return

S

20:

S_{0},S_{1},...,S_{p-1}\leftarrow([\ ],[\ ],...,[\ ])

21: for

i\in S

22:

S_{i.value\bmod{p}}.append(i)

23: for

i\in[0,1,...,p-1]

24:

S_{i}\leftarrow\textsc{Find\_$p$-Ordering($(S_{i}-i)/p$)}

25: for

j\in[0,...,len(S_{i})-1]

26:

S_{i}[j].value\leftarrow p*S_{i}[j].value+i

27:

S_{i}[j].p\_value\leftarrow S_{i}[j].p\_value+j

28:

S\leftarrow\textsc{Merge($S_{0},S_{1},...,S_{p-1}$)}

29: return

S

In Algorithm 1, we use a sorted list $\mathcal{I}$ of non-empty $S_{i}$ ’s, and only iterate over $\mathcal{I}$ in steps 3-5, 23-28. Hence, decreasing the time complexities of these loops. We can create/update the list $\mathcal{I}$ in the loop at steps 21-22.

3.1 Proof of Theorem 3.1

To prove the correctness of Algorithm 1, we need two results: Merge() procedure works and valuation is computed correctly in the algorithm.

Theorem 3.2 (Correctness of Merge()).

In Algorithm 1, given $S$ be a subset of integers, let for $k\in\{0,1,...,p-1\}$ , $S_{k}=\{s\in S\mid s\equiv k\pmod{p}\}$ , then given a $p$ -ordering on each of the $S_{k}$ ’s, Merge( $S_{0},S_{1},...,S_{p-1}$ ) gives a valid $p$ -ordering on $S$ .

Proof outline.

We start with $p$ -orderings on each of the non-empty sets $(S_{0},S_{1},...,S_{p-1})$ , and create a heap taking the first element of each of these $p$ -ordering. At each successive step, we pick the element in the heap with minimum $p$ -value to add to the $p$ -ordering, and insert the next element from the corresponding $S_{j}$ to the heap.

We know that the valuation of any element in the combined $p$ -ordering is going to be equal to their valuation in the $p$ -ordering over the set $S_{j}$ containing them (by Observation B.3). If we show that at each step the element chosen has the least valuation out of all the elements left Merge() works correctly. We prove this by getting a contradiction if any element other than the ones obtained from the min heap is selected by showing the p_value will be greater than what we get from Merge(). $\blacksquare$

The details of the proof can be found in Appendix D.1. ∎

Theorem 3.3 (Correctness of valuations).

In Algorithm 1, let $S$ be a subset of integers, then Find_ $p$ -Ordering( $S$ ) gives a valid $p$ -values for all elements of $S$ .

Proof outline.

The proof requires two parts: Merge() preserves valuation and changes in the valuation due to translation does not induce errors.

•

To prove that Merge() preserves valuation, we make use of the fact that the combined $p$ -ordering after merge has the individual $p$ -orderings as a sub-sequence. Hence, the valuation of each element in the combined $p$ -ordering is going to be equal to the valuation in the individual $p$ -ordering (by Observation B.3). Hence, Merge() preserves valuations.
•

We show that the change in valuations due to translation (Step 24) are corrected (Step 27). This is easy to show by just updating the valuation according to Observation B.5.

Hence, valuations are correct maintained throughout the algorithm. $\blacksquare$

The details of the proof can be found in Appendix D.2. ∎

Using the above two theorems, we prove the correctness of Algorithm 1.

Proof of Theorem 3.1.

For the base case, if $S$ is a singleton, then the $p$ -ordering over it is just a single element which is also what Find_ $p$ -Ordering( $S$ ) gives. Let Find_ $p$ -Ordering() works for $|S|<k$ , if we show it works for $|S|=k$ , then by induction, Find_ $p$ -Ordering() works for sets of arbitrary sizes.

Let $|S|=k$ , then when we break the set into $S_{0},S_{1},...,S_{p-1}$ (Steps 20-22), either all element belong in a single $S_{i}$ or get distributed into multiple sets. We can argue that if all the elements fall into the same group, then when we keep calling recursion (Step 24), after some point set breaks into multiple $S_{i}$ ’s. Since, by Observation B.4, we know that the $p$ -ordering on reduced elements is preserved, we’ll get the correct $p$ -ordering on the original set. Hence, we only need to prove this for the later case.

Since all the element of the set $S_{i}$ follow $\forall y\in S_{i}$ , $y\equiv i\bmod{p}$ , hence $\forall y\in S_{i}$ , $p\mid(y-i)$ , this implies $(S_{i}-i)/p\subset\bbbz$ . Hence, Find_ $p$ -Ordering( $(S_{i}-i)/p$ ) gives a $p$ -ordering on $(S_{i}-i)/p$ with the correct valuations associated with each element (Theorem 3.3).

From Observation B.4, we know that if $(a_{0},a_{1},...)$ be a $p$ -ordering on some set $A$ , then $(p*a_{0}+i,p*a_{1}+i,...)$ be a $p$ -ordering on $p*A+i$ . Since, Find_ $p$ -Ordering( $(S_{i}-i)/p$ ) is a $p$ -ordering on $(S_{i}-i)/p$ , then $p*\textsc{Find\_$p$-Ordering($(S_{i}-i)/p$)}+x$ is a $p$ -ordering on $S_{i}$ (Step 26).

Next, since we have valid $p$ -orderings on $S_{0},S_{1},...,S_{p-1}$ , Merge( $S_{0},S_{1},...,S_{p-1}$ ) returns a valid $p$ -ordering on $S$ (Theorem 3.2).

By induction, our algorithm returns a valid $p$ -ordering on any subset of integers.

If each element of $S$ is less than $p^{k}$ , then $p$ -ordering on set $S$ requires $\widetilde{\mathcal{O}}(nk\log p)$ time (Theorem D.1 of Appendix D.3). $\blacksquare$ ∎

4 Algorithm to find $p$ -ordering on a set of representative roots

The notion of representative roots (Definition 4) allows us to represent an exponentially large subset of $\bbbz_{p^{k}}$ succinctly. Further imposing a few simple conditions on this representation, namely the minimal representation (Definition 5), our subset is represented in a unique way (Theorem 2.1). A natural question arises, can we efficiently find a $p$ -ordering given a set in terms of representative roots?

In this section we show that the answer is affirmative by constructing an efficient algorithm in terms of the size of the succinct representation.

Theorem 4.1.

Given a set $S\subset\bbbz_{p^{k}}$ , for a prime $p$ and an integer $k$ , that can be represented in terms of $d$ representative roots, we can efficiently find a $p$ -ordering of length $n$ for $S$ in $\widetilde{\mathcal{O}}(d^{2}k\log p+nk\log p+np)$ time.

The proof of the theorem follows by constructing an algorithm to find the $p$ -ordering given a set in representative root notation. We can assume that the representative roots are disjoint. If they are not, one representative root will be contained in another (Observation B.1), all such occurrences can be deleted in $\widetilde{\mathcal{O}}(d^{2}k\log p)$ time.

Outline of the algorithm

The important observation is, we already have a natural $p$ -ordering defined on a representative root (Observation B.6). Since a $p$ -ordering on each representative root is already known, we just need to find a way to merge them. Merging was easy in Algorithm 1 because progress in any one of the $p$ -ordering of an $S_{j}$ did not effect the $p$ -value of an element outside $S_{j}$ . However, in this case the exact increase in the $p$ -value is known by Observation B.2.

Let $d$ be the number of representative roots, we maintain an array of size $d$ to keep the valuations that we would get whenever we add the next element from a representative root. To update the $i$ -th value of this array when an element from the $j$ -th representative root is added, we simply add the value $v_{p}(\beta_{i}-\beta_{j})$ ( $i\neq j$ ). Hence, at each step we find the minimum value in this array (in $\widetilde{\mathcal{O}}($ d $)$ ) and add it to the combined $p$ -ordering (in $\widetilde{\mathcal{O}}($ 1 $)$ ) and we update all the $d$ values in this array (in $\widetilde{\mathcal{O}}($ d $)$ ). We repeat this process till we get the $p$ -ordering of the desired length.

With the above intuition in mind, we develop Algorithm 2 to find the $p$ -ordering of length $n$ on a subset $S$ of $\bbbz_{p^{k}}$ given in representative root representation.

Algorithm 2 Find p-ordering from minimal notation

1:procedure Correlate(

S

)

Corr\leftarrow[0]_{len(S)\times len(S)}

Corr\leftarrow[0]_{len(S)\times len(S)}

4: for

j\in[1,...,len(S)]

5: for

k\in[1,...,len(S)]

Corr[j][k]\leftarrow v_{p}(S[j].value-S[k].value)

7: return

Corr

8:procedure

p

-Exponent_Increase(

n

)

v_{p}(1)\leftarrow 1

10: for

j\in[1,...,n]

11:

v_{p}((j+1)!)\leftarrow v_{p}(j+1)\ast v_{p}(j!)

12:

p\_exponent[j]\leftarrow v_{p}((j+1)!)-v_{p}(j!)

13: return

p\_exponent

14:procedure Find_

p

-Ordering(

S,n

)

15:

corr\leftarrow\textsc{Correlate($S$)}

16:

increase\leftarrow\textsc{$p$-Exponent\_Increase($n$)}

17:

valuations\leftarrow[0]_{|S|}

18:

p\_ordering\leftarrow\{\}

19:

i_{1},i_{2}\dots i_{|S|}\leftarrow 0

20: for

i\in\{1,2,\dots n\}

21:

min\leftarrow\infty

22:

min\_index\leftarrow\infty

23: for

j\in[1,...,len(S)]

24: if

valuations[j]<min

then

25:

min\leftarrow valuations[j]

26:

min\_index\leftarrow j

27:

p\_ordering.append(S[min\_index].value+p^{S[min\_index].exponent}\ast i_{min\_index})

28: for

j\in[1,...,len(S)]

29: if

j=min\_index

then

30:

valuations[j]\leftarrow valuations[j]+S[min\_index].exponent\ast increase[i_{j}]

31: else

32:

valuations[j]\leftarrow valuations[j]+corr(min\_index,j)

33:

i_{min\_index}\leftarrow i_{min\_index}+1

34: return

p\_ordering

4.1 Proof of Correctness

To prove the correctness of our algorithm, we first prove that valuations are correctly maintained.

Theorem 4.2.

In Algorithm 2, Find_ $p$ -Ordering( $S,n$ ) maintains the correct valuations on the set $S$ of representative roots in $valuations$ at every iteration of the loop.

Proof outline.

All elements have 0 valuation at the beginning (Step 17). Also, adding an element from the $i$ -th representative root increases the valuation of the $j$ -th representative root by $corr(i,j)$ (Step 33) for $i\neq j$ (Observation B.2). The increase for the next element of $i$ is exponent times the increase in $p$ -sequence of $\bbbz_{p^{k}}$ (Step 30) (Observation B.6). So, we correctly update the valuations array in each iteration. $\blacksquare$

A detailed proof can be found in Appendix E.1. ∎

Proof of Theorem 4.1.

By the definition of $p$ -ordering we know that at each iteration if we choose the element with the least valuation then we get a valid $p$ -ordering. By Theorem 4.2, we know that $valuations$ array has the correct next valuations. Hence, to find the representative root with gives the least valuation, we find the index of the minimum element in $valuations$ .

To add the next value to the $p$ -ordering, we use Observation B.6 to find the next element in the $p$ -ordering on the representative root. Hence, the element added has the least valuation. Hence, Find_ $p$ -Ordering( $S,n$ ) returns the correct $p$ -ordering.

If $S$ contains $d$ representative roots of $\bbbz_{p^{k}}$ , then Algorithm 2 finds $p$ -ordering on $S$ up to length $n$ in $\widetilde{\mathcal{O}}{(d^{2}k\log{p}+nk\log{p}+nd)}$ time (Theorem E.1 of Appendix E.2). $\blacksquare$ ∎

5 Structure of root sets for a given $k$

We know that $\bbbz_{p^{k}}$ is not a unique factorization domain. In fact, even small degree polynomials can have exponentially large number of roots. Interestingly, not all subsets of $\bbbz_{p^{k}}$ can be a root set (Definition 3). Dearden and Metzger [DM97] showed that $R$ is a root-set iff $R_{j}=\{r\in R\mid r\equiv j\pmod{p}\}$ is also a root-set for all $j\in[p]$ . The size and structure of $R_{j}$ is symmetric for all $j$ . Let $N_{p^{k}}$ be the number of possible $R_{j}$ ’s, then total number of possible root-sets become $(N_{p^{k}})^{p}$ [DM97]. In this section, we discuss and describe all possible $R_{j}$ ’s in $Z_{p^{2}}$ , $Z_{p^{3}}$ and $Z_{p^{4}}$ .

Let $S_{j}=\{s\in\bbbz_{p^{k}}\mid s\equiv j\pmod{p}\}$ , we take the following approach to find all possible root-sets $R_{j}$ ’s. Given an $R_{j}$ , define $R=\{(r-j)/p:r\in R_{j}\}$ to be the translated copy. We show that if $R$ contains at least $k$ many distinct residue classes $\bmod p$ , then $R_{j}=S_{j}$ (Observation F.1). We exhaustively cover all the other cases, when $R$ contains less than $k$ residue classes (possible because $k$ is small).

5.1 $k=2$

We find that the root set $R_{j}$ can only take the following structures (details in Appendix F.1).

1.

$\bm{1}$ root-set is the complete sub-tree under $j$ (more than 1 residue class), equivalently

$R_{j}=j+p\cdot\ast.$
2.

$\bm{p}$ root-sets are a single element congruent to $j\bmod{p}$ (1 residue class), equivalently

$R_{j}=j+p\cdot\alpha\text{, for }\alpha\in[p].$
3.

$\bm{1}$ root-set is empty (no residue classes), equivalently

$R_{j}=\emptyset.$

Hence, total root-sets, $N_{p^{2}}=p+2$ .

5.2 $k=3$

Similar to $k=2$ , the root sets $R_{j}$ can only take the following structure (details in Appendix F.2).

1.

$\bm{1}$ root-set is the complete sub-tree, equivalently

$R_{j}=j+p\cdot\ast.$
2.

$\bm{\frac{p(p-1)}{2}}$ root-sets are the union of 2 sub-trees different at the level $p^{1}$ , equivalently

$R_{j}=(j+p\cdot\alpha_{1}+p^{2}\ast)\cup(j+p\cdot\alpha_{2}+p^{2}\ast)\text{, for }\alpha_{1}\neq\alpha_{2}\in[p].$
3.

$\bm{p}$ root-sets are a sub-tree at the level $p^{1}$ , equivalently

$R_{j}=j+p\cdot\alpha+p^{2}\ast\text{, for }\alpha\in[p].$
4.

$\bm{p^{2}}$ root-sets are a single element congruent to $j\bmod{p}$ , equivalently

$R_{j}=j+p\cdot\alpha_{1}+p^{2}\cdot\alpha_{2}\text{, for }\alpha_{1},\alpha_{2}\in[p].$
5.

$\bm{1}$ root-set is empty, equivalently

$R_{j}=\emptyset.$

Hence, total root-sets, $N_{p^{3}}=\frac{3p^{2}+p+4}{2}$ .

5.3 $k=4$

Similar to $k=2,3$ , the root sets $R_{j}$ can only take the following structure (details in Appendix F.3).

1.

$\bm{1}$ root-set is the complete sub-tree under $j$ , equivalently

$R_{j}=j+p\cdot\ast.$

$\bm{\frac{p(p-1)(p-2)}{6}}$ root-sets under $j$ are the union of 3 sub-trees different at the level $p^{1}$ , equivalently

R_{j}=(j+p\cdot\alpha_{1}+p^{2}\ast)\cup(j+p\cdot\alpha_{2}+p^{2}\ast)\cup(j+p\cdot\alpha_{3}+p^{2}\ast)\text{, for }\alpha_{1}\neq\alpha_{2}\neq\alpha_{3}\in[p].

3.

$\bm{\frac{p(p-1)}{2}}$ root-sets are the union of 2 sub-trees different at the level $p^{1}$ , equivalently

$R_{j}=(j+p\cdot\alpha_{1}+p^{2}\ast)\cup(j+p\cdot\alpha_{2}+p^{2}\ast)\text{, for }\alpha_{1}\neq\alpha_{2}\in[p].$
4.

$\bm{p}$ root-sets are a sub-tree at the level $p^{1}$ , equivalently

$R_{j}=j+p\cdot\alpha+p^{2}\ast\text{, for }\alpha\in[p].$

$\bm{\frac{p^{3}(p-1)}{2}}$ root-sets are a union of 2 sub-trees at the level $p^{2}$ that are different at the level $p^{1}$ , equivalently

R_{j}=(j+p\cdot\alpha_{1}+p^{2}\cdot\beta_{1}+p^{3}\ast)\cup(j+p\cdot\alpha_{2}+p^{2}\cdot\beta_{2}+p^{3}\ast)\text{, for }\alpha_{1}\neq\alpha_{2}\,\beta_{1},\beta_{2}\in[p].

6.

$\bm{p^{2}}$ root-sets are a sub-tree at the level $p^{2}$ , equivalently

$R_{j}=j+p\cdot\alpha_{1}+p^{2}\cdot\alpha_{2}+p^{3}\cdot\ast\text{, for }\alpha_{1},\alpha_{2}\in[p].$
7.

$\bm{p^{3}}$ root-sets are a single element congruent to $j\bmod{p}$ , equivalently

$R_{j}=j+p\cdot\alpha_{1}+p^{2}\cdot\alpha_{2}+p^{3}\cdot\alpha_{3}\text{, for }\alpha_{1},\alpha_{2},\alpha_{3}\in[p].$
8.

$\bm{1}$ root-set is empty, equivalently

$R_{j}=\emptyset.$

Hence, total root-sets, $N_{p^{4}}=\frac{3p^{4}+4p^{3}+6p^{2}+5p+12}{6}$ .

References

[AKS04] Manindra Agrawal, Neeraj Kayal, and Nitin Saxena. Primes is in p. Annals of mathematics, pages 781–793, 2004.
[AL86] Leonard Adleman and Hendrik Lenstra. Finding irreducible polynomials over finite fields. In Proc. 18th Annual ACM Symp. on Theory of Computing (STOC), 350 - 355 (1986), pages 350–355, 11 1986.
[Ber70] E.R. Berlekamp. Factoring polynomials over large finite fields. Mathematics of Computation, 24:713–735, 07 1970.
[Bha97] Manjul Bhargava. P-orderings and polynomial functions on arbitrary subsets of dedekind rings. Journal Fur Die Reine Und Angewandte Mathematik - J REINE ANGEW MATH, 1997:101–128, 01 1997.
[Bha00] Manjul Bhargava. The factorial function and generalizations. American Mathematical Monthly, 107, 11 2000.
[Bha09] Manjul Bhargava. On $p$ -orderings, rings of integer values functions, and ultrametric analysis. Journal of the American Mathematical Society, 22(4):963–993, 2009.
[BLQ13] Jérémy Berthomieu, Grégoire Lecerf, and Guillaume Quintin. Polynomial root finding over local rings and application to error correcting codes. Applicable Algebra in Engineering, Communication and Computing, 24(6):413–443, 2013.
[BRC60] R.C. Bose and D.K. Ray-Chaudhuri. On a class of error correcting binary group codes *. Information and Control, 3:68–79, 03 1960.
[CGRW19] Qi Cheng, Shuhong Gao, J Maurice Rojas, and Daqing Wan. Counting roots for polynomials modulo prime powers. The Open Book Series, 2(1):191–205, 2019.
[CLRS01] T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein. Introduction to Algorithms. MIT Press, Cambridge, MA, 2001.
[CR01] Benny Chor and Ronald Rivest. A knapsack type public key cryptosystem based on arithmetic in finite fields. IEEE Transactions on Information Theory, 34, 09 2001.
[CZ81] David Cantor and Hans Zassenhaus. A new algorithm for factoring polynomials over finite fields. Mathematics of Computation, 36, 04 1981.
[DM97] Bruce Dearden and Jerry Metzger. Roots of polynomials modulo prime powers. Eur. J. Comb., 18:601–606, 08 1997.
[DMS19] Ashish Dwivedi, Rajat Mittal, and Nitin Saxena. Efficiently factoring polynomials modulo $p^{4}$ . International Symposium on Symbolic and Algebraic Computation, pages 139–146, 07 2019.
[Hoc59] A. Hocquenghem. Codes correcteurs d’erreurs. Chiffres, Revue de l’Association Française de Calcul, 2, 01 1959.
[Joh09] Keith Johnson. P-orderings of finite subsets of dedekind domains. Journal of Algebraic Combinatorics, 30:233–253, 2009.
[Len91] H. Lenstra. On the chor—rivest knapsack cryptosystem. Journal of Cryptology, 3:149–155, 01 1991.
[LLL82] Arjen Lenstra, H. Lenstra, and László Lovász. Factoring polynomials with rational coefficients. Mathematische Annalen, 261, 12 1982.
[LN97] Rudolf Lidl and Harald Niederreiter. Finite fields, volume 20. Cambridge university press, 1997.
[Mau01] Davesh Maulik. Root sets of polynomials modulo prime powers. J. Comb. Theory, Ser. A, 93:125–140, 01 2001.
[Odl85] A. Odlyzko. Discrete logarithms and their cryptographic significance. Advances in Cryptography, EUROCRYPT ’84, Proceedings, Lecture Notes in Computer Science, 209:224–314, 1985.
[Pan95] Peter N Panayi. Computation of Leopoldt’s P-adic regulator. PhD thesis, University of East Anglia, 1995.
[RS60] I. Reed and G. Solomon. Polynomial codes over certain finite fields. Journal of the Society for Industrial and Applied Mathematics, 8:300–304, 06 1960.
[Sud97] Madhu Sudan. Decoding reed solomon codes beyond the error-correction bound. Journal of Complexity, 13:180–193, 03 1997.
[Zas69] Hans Zassenhaus. On hensel factorization ii. Journal of Number Theory, 1:291–311, 07 1969.

Appendix A Naive Algorithm to find $p$ -ordering

Given a set of integers $S\subseteq\bbbz_{p^{k}}$ we can find a $p$ -ordering by naively checking the element which will give us the minimum valuation with respect to $p$ for the given expression as in Definition 6. After we have already chosen $\{a_{0},a_{1},\dots a_{t-1}\}$ we choose the next element from $S\backslash\{a_{0},a_{1},\dots a_{t-1}\}$ such that $v_{p}((x-a_{0})(x-a_{1})\dots(x-a_{t-1}))$ is minimum. The naive approach given in [Bha97] iterates over all $x$ in $S\backslash\{a_{0},a_{1},\dots a_{t-1}\}$ and adds the element to the $p$ -ordering which gives the minimum valuation.

Time Complexity:

Every time we keep on adding another element to the already existing $p$ -ordering, say of length $t$ . For any given value of $x\in S\backslash\{a_{0},a_{1},\dots a_{t-1}\}$ , calculating $x-a_{i}$ and multiplying for every $0\geq i<t$ takes $\mathcal{O}((n-t)t)$ operations in $\mathbb{Z}$ and since each of them are less than $p^{k}$ this takes $\mathcal{O}((n-t)tk\log p)\leq\mathbb{O}(n^{2}k\log p)$ . So repeating this $n$ times gives us the time complexity $\mathcal{O}(n^{3}k\log p)$ .

Appendix B Observations about representative roots and $p$ -sequences/ $p$ -orderings

B.1 Representative roots

Observation B.1.

Given any two representative roots $A_{1}=\beta_{1}+p^{k_{1}}\ast$ and $A_{2}=\beta_{2}+p^{k_{2}}\ast$ , then either $A_{1}\subseteq A_{2}$ or $A_{2}\subseteq A_{1}$ or $A_{1}\cap A_{2}=\emptyset$ .

Proof.

Let $A_{1}=\beta_{1}+p^{k_{1}}\ast$ and $A_{2}=\beta_{2}+p^{k_{2}}\ast$ be two root sets such that $A_{1}\cap A_{2}=\tilde{A}\neq\emptyset$ , then we show that $\tilde{A}=A_{1}$ or $\tilde{A}=A_{2}$ .

Case 1:

Let $k_{1}=k_{2}=x$ . Let there is some element $a\in\tilde{A}$ . Then $a\in A_{1}$ and $a\in A_{2}$ , hence, $A_{1}$ can be defined as $A_{1}=a+p^{x}\ast$ and similarly $A_{2}=a+p^{x}\ast$ . Hence, $\tilde{A}=A_{1}=A_{2}$ .

Case 2:

Let $k_{1}\neq k_{2}$ , then without loss of generality, let’s assume that $k_{1}<k_{2}$ . Let there is some element $a\in\tilde{A}$ . Then, $A_{1}$ can be defined as $A_{1}=a+p^{k_{1}}\ast$ and similarly $A_{2}=a+p^{k_{2}}\ast$ .

Let $b\in A_{2}$ , then $b=a+p^{k_{2}}y$ for some $y$ . Now, we know that the elements of $A_{1}$ are of the form $a+p^{k_{1}}\ast$ . Hence, putting $\ast=p^{k_{2}-k_{1}}y$ , we get $a+p^{k_{1}}\cdot(p^{k_{2}-k_{1}}y)=b$ , hence $b\in A_{1}$ . Hence, $A_{2}\subset A_{1}$ . Hence, $\tilde{A}=A_{2}$ . $\blacksquare$ ∎

Observation B.2.

Let $a_{1}\in\beta_{1}+p^{k_{1}}\ast$ and $a_{2}\in\beta_{2}+p^{k_{2}}\ast$ be any 2 elements of the representative roots $\beta_{1}+p^{k_{1}}\ast$ and $\beta_{2}+p^{k_{2}}\ast$ respectively, for $\beta\neq\alpha_{2}$ , then,

w_{p}(a_{1}-a_{2})=w_{p}(\beta_{1}-\beta_{2}).

Proof.

We have $2$ representative roots of the form $\beta_{1}+p^{k_{1}}*$ and $\beta_{2}+p^{k_{2}}*$ . WLOG let us assume that $k_{1}\leq k_{2}$ and $\beta_{1}\in\bbbz_{p^{k_{1}}},\beta_{2}\in\bbbz_{p^{k_{2}}}$ .
We definitely have that these two are different representative roots. So if the first $k_{1}$ elements of the $p$ -adic expansion of $\beta_{2}$ are equal then the second representative root will be contained in the first, as the $*$ portion of the first contains all the values of the second representative root as well as its subset. So for them to be different representative roots, $p^{k_{1}}\nmid\beta_{2}-\beta_{1}$ . Let $v_{p}(\beta_{1}-\beta_{2})=t$ , $t<k_{1}$ , then for any value $y_{1},y_{2}$ in the respective $*$ sets, we will have $p^{t}|(\beta_{1}+p^{k_{1}}y_{1})-(\beta_{2}+p^{k_{2}}y_{2})$ . Note that since $k_{1}>v_{p}(\beta_{1}-\beta_{2})$ we have $v_{p}((\beta_{1}+p^{k_{1}}y_{1})-(\beta_{2}+p^{k_{2}}y_{2}))\geq v_{p}(\beta_{1}-\beta_{2})$ .
Now, since $p^{t}|\beta_{1}-\beta_{2}$ and $p^{t+1}\nmid\beta_{1}-\beta_{2}$ we can write $\beta_{1}-\beta_{2}=p^{t}(a+pb)$ for $a,b\in\bbbz_{p^{k}}$ where $a\in\{1,2,\dots p-1\}$ . This implies that if $p^{t+1}|(\beta_{1}+p^{k_{1}}y_{1})-(\beta_{2}+p^{k_{2}}y_{2})$ , it means $p^{t+1}|p^{t}(a+pb)+p^{k_{1}}(y_{1}-p^{k_{2}-k_{2}}y_{2})\implies p|a+p(\cdots)$ which can not be true as $p\nmid a$ . So for any value of $y_{1},y_{2}$ in the respective $*$ sets of their corresponding representative roots, we will have $v_{p}((\beta_{1}+p^{k_{1}}y_{1})-(\beta_{2}+p^{k_{2}}y_{2}))=v_{p}(\beta_{1}-\beta_{2})$ .
Conversely if $\exists y_{1},y_{2}$ such that $v_{p}((\beta_{1}+p^{k_{1}}y_{1})-(\beta_{2}+p^{k_{2}}y_{2}))>v_{p}(\beta_{1}-\beta_{2})$ , let $l=v_{p}((\beta_{1}+p^{k_{1}}y_{1})-(\beta_{2}+p^{k_{2}}y_{2}))\geq k_{1}$ . Then we have $v_{p}(\beta_{1}-\beta_{2})\leq l-1$ . So if $p^{l}|(\beta_{1}+p^{k_{1}}y_{1})-(\beta_{2}+p^{k_{2}}y_{2})\implies p^{l}|\beta_{1}-\beta_{2}$ (as $l\leq k_{1}$ ). This is a contradiction as $l>v_{p}(\beta_{1}-\beta_{2})$ .
This completes the proof of Observation B.2. $\blacksquare$ ∎

B.2 $p$ -ordering and $p$ -sequence

Observation B.3 ([Mau01]).

Let $S$ be a subset of integers, let $S_{j}=\{s\in S\mid s\equiv j\pmod{p}\}$ for $j=0,1,...,p-1$ , then for any $x\in\bbbz$ , s.t. $x\equiv j\pmod{p}$ ,

w_{p}\left(\displaystyle\prod_{a_{i}\in S}(x-a_{i})\right)=w_{p}\left(\displaystyle\prod_{a_{i}\in S_{j}}(x-a_{i})\right).

(1)

Observation B.4.

Let $S$ be a subset of integers, let ( $a_{0},a_{1},a_{2},...$ ) be a $p$ -ordering on $S$ , then

1.

For any $x\in\bbbz$ , ( $a_{0}+x,a_{1}+x,a_{2}+x,...$ ) is a $p$ -ordering on $S+x$ .
2.

For any $x\in\bbbz$ , ( $x*a_{0},x*a_{1},x*a_{2},...$ ) is a $p$ -ordering on $x*S$ .

Observation B.5.

Let $S$ be a subset of integers, let $(a_{0},a_{1},a_{2},...)$ be a $p$ -ordering on $S$ . Then, for any $x\in\bbbz$

1.

$v_{p}(x*S,k)=v_{p}(S,k)+k\cdot w_{p}(x)$ .
2.

$v_{p}(S+x,k)=v_{p}(S,k)$ .

Observation B.6.

Let $(a_{0},a_{1},...)$ be a $p$ -ordering on $\bbbz_{p^{k}}$ , then $(\beta+a_{0}*p^{j},\beta+a_{1}*p^{j},\beta+a_{2}*p^{j},...)$ is a $p$ -ordering on $\beta+p^{j}\ast$ .

Proof.

A simple proof of this theorem follows from Observation B.4 and the fact that $1,2,3,\dots$ form an obvious $p$ -ordering in $\bbbz_{p^{k}}$ . $\blacksquare$ ∎

Appendix C Min-heap data structure

A min-heap is a data structure in which each node has at most two children and exactly one parent node (except root, no parents). The defining property is that the key value of any node is equal or lesser than the key value of its children.

We will use three standard functions on a min-heap with $n$ nodes [CLRS01].

1.

Create_Min_Heap( $S$ ): Takes a set $S$ as input and returns a min-heap with elements of $S$ as the nodes in $\widetilde{\mathcal{O}}{(n)}$ .
2.

Extract_Min( $H$ ): Removes the element with the minimum key from the heap and rebalances the heap structure in $\widetilde{\mathcal{O}}{(\log(n))}$ .
3.

Insert( $H,a$ ): Inserts the element $a$ into the heap $H$ in $\widetilde{\mathcal{O}}{(\log(n))}$ .

Appendix D Correctness and Complexity of Algorithm 1

D.1 Proof of Theorem 3.2

Let $(a_{0}^{k},a_{1}^{k},...)$ be a $p$ -ordering on each of the $S_{k}$ ’s. We know that Merge() on $(S_{0},S_{1},...,S_{p-1})$ proceeds in such a way that elements are added to the heap in such a way that the element $a_{l}^{k}$ is added to the heap only after $\forall i<l,a_{i}^{k}$ have already been added to the $p$ -ordering. Also, we know at any point, only one element from any $S_{k}$ can belong to the heap.

We know that at any point, let $(a_{0},a_{1},...a_{k-1})$ be a $p$ -ordering on $S$ , then the next element $a_{k}$ in the $p$ -ordering on $S$ if and only if

w_{p}\left(\prod_{i\in\{0,1,...,k-1\}}(a_{k}-a_{i})\right)=\min_{x\in S\setminus\{a_{0},a_{1},...a_{k-1}\}}\left(w_{p}\left(\prod_{i\in\{0,1,...,k-1\}}(x-a_{i})\right)\right).

We know that if at each point, our pick for the next element in the $p$ -ordering satisfies this condition, the $p$ -ordering we get is valid.

Lets say $(a_{0},a_{1},...,a_{i})$ be the $p$ -ordering we have till now. Let elements currently the elements $(a_{0}^{k},a_{1}^{k},...,a_{i_{k}-1}^{k})$ of the given $p$ -ordering on set $S_{k}$ are currently a part of the $p$ -ordering. Let the elements $(a_{i_{0}}^{0},a_{i_{1}}^{1},...,a_{i_{p-1}}^{p-1})$ are a part of the min-heap.

Let when we extract the min from the min-heap, we get some value $a_{i_{k}}^{k}$ . If we show that

w_{p}\left(\prod_{j\in\{0,1,...,i\}}(a_{i_{k}}^{k}-a_{j})\right)=\min_{x\in S\setminus\{a_{0},a_{1},...a_{i}\}}\left(w_{p}\left(\prod_{j\in\{0,1,...,i\}}(x-a_{j})\right)\right),

then we know that $a_{i_{k}}^{k}$ is a valid next element in the $p$ -ordering and hence Merge() gives a correct $p$ -ordering on $S$ .

We prove this by contradiction. Let there is an element $x\in S\setminus\{a_{0},a_{1},..,a_{i},a_{i_{k}}^{k}\}$ such that

w_{p}\left(\prod_{j\in\{0,1,...,i\}}(x-a_{j})\right)<w_{p}\left(\prod_{j\in\{0,1,...,i\}}(a_{i_{k}}^{k}-a_{j})\right).

Then, we have 2 cases, either $x\in S_{k}$ , i.e. $x\equiv k\bmod{p}\equiv a_{i_{k}}^{k}\bmod{p}$ or $x\in S_{l}$ for some $l\neq k$ , i.e. $x\equiv l\bmod{p}\not\equiv a_{i_{k}}^{k}\bmod{p}$ .

Case 1: $x\in S_{k}$

Our assumption is that

w_{p}\left(\prod_{j\in\{0,1,...,i\}}(x-a_{j})\right)<w_{p}\left(\prod_{j\in\{0,1,...,i\}}(a_{i_{k}}^{k}-a_{j})\right).

We know that from our assumption that $S_{k}\cap(a_{0},a_{1},...,a_{i})=(a_{0}^{k},a_{1}^{k},...,a_{i_{k}-1}^{k})$ . From Observation B.3,

w_{p}\left(\prod_{j\in\{0,1,...,i\}}(a_{i_{k}}^{k}-a_{j})\right)=w_{p}\left(\prod_{j\in\{0,1,...,i_{k}-1\}}(a_{i_{k}}^{k}-a_{j}^{k})\right),

and

w_{p}\left(\prod_{j\in\{0,1,...,i\}}(x-a_{j})\right)=w_{p}\left(\prod_{j\in\{0,1,...,i_{k}-1\}}(x-a_{j}^{k})\right).

Since, $(a_{0}^{k},a_{1}^{k},...,a_{i_{k}-1}^{k},a_{i_{k}}^{k},...)$ is a valid $p$ -ordering on $S_{k}$ ,

w_{p}\left(\prod_{j\in\{0,1,...,i\}}(a_{i_{k}}^{k}-a_{j})\right)\leq w_{p}\left(\prod_{j\in\{0,1,...,i\}}(x-a_{j})\right).

But this is a contradiction.

Case 2: $x\in S_{l}$ for some $l\neq k$

Our assumption is that

w_{p}\left(\prod_{j\in\{0,1,...,i\}}(x-a_{j})\right)<w_{p}\left(\prod_{j\in\{0,1,...,i\}}(a_{i_{k}}^{k}-a_{j})\right).

Let the element belonging to the set $S_{l}$ in the heap is $a_{i_{l}}^{l}$ . We know that from our assumption that $S_{l}\cap(a_{0},a_{1},...,a_{i})=(a_{0}^{l},a_{1}^{l},...,a_{i_{l}-1}^{l})$ . From Observation B.3,

w_{p}\left(\prod_{j\in\{0,1,...,i\}}(a_{i_{l}}^{l}-a_{j})\right)=w_{p}\left(\prod_{j\in\{0,1,...,i_{l}-1\}}(a_{i_{l}}^{l}-a_{j}^{l})\right),

and

w_{p}\left(\prod_{j\in\{0,1,...,i\}}(x-a_{j})\right)=w_{p}\left(\prod_{j\in\{0,1,...,i_{l}-1\}}(x-a_{j}^{l})\right).

Since, $(a_{0}^{l},a_{1}^{l},...,a_{i_{l}-1}^{l},a_{i_{l}}^{l},...)$ is a valid $p$ -ordering on $S_{l}$ ,

w_{p}\left(\prod_{j\in\{0,1,...,i\}}(a_{i_{l}}^{l}-a_{j})\right)\leq w_{p}\left(\prod_{j\in\{0,1,...,i\}}(x-a_{j})\right).

Also, since both $a_{i_{l}}^{l}$ and $a_{i_{k}}^{k}$ were part of the heap but $ExtractMin()$ procedure returned $a_{i_{k}}^{k}$ ,

w_{p}\left(\prod_{j\in\{0,1,...,i\}}(a_{i_{k}}^{k}-a_{j})\right)\leq w_{p}\left(\prod_{j\in\{0,1,...,i\}}(a_{i_{l}}^{l}-a_{j})\right).

Using the above two inequalities,

w_{p}\left(\prod_{j\in\{0,1,...,i\}}(a_{i_{k}}^{k}-a_{j})\right)\leq w_{p}\left(\prod_{j\in\{0,1,...,i\}}(x-a_{j})\right).

But this is a contradiction.

Since, we arrive at a contradiction in both the cases, hence, our assumption must be wrong. Hence,

w_{p}\left(\prod_{i\in\{0,1,...,k-1\}}(a_{k}-a_{i})\right)=\min_{x\in S\setminus\{a_{0},a_{1},...a_{k-1}\}}\left(w_{p}\left(\prod_{i\in\{0,1,...,k-1\}}(x-a_{i})\right)\right).

Hence, our procedure Merge() gives a valid $p$ -ordering. $\blacksquare$

D.2 Proof of Theorem 3.3

We prove this by induction on the size of $S$ .

If $S$ is a singleton, then the $p$ -ordering on $S$ is just that element. And hence the corresponding $p$ -value is just $p^{0}=1$ . Find_ $p$ -Ordering( $S$ ) sets this value to $1$ in step 18. Hence, our assumption is true for $|S|=1$ .

Let our assumption is true for $|S|<k$ , if we can show it for $|S|=k$ , then by induction, we know our assumption is true for sets of all sizes.

Let $|S|=k$ , then when we break this set into smaller $S_{0},S_{1},...,S_{p-1}$ (Steps 21-22), either all element belong in a single $S_{i}$ or get distributed into multiple sets. We handle the two case separately.

Case 1:

Let $S$ breaks into smaller $S_{0},S_{1},...,S_{p-1}$ .

In this case, we know all the $S_{0},S_{1},...,S_{p-1}$ have size less that $k$ . Hence, the sizes of $(S_{x}-x)/p$ is also less than $k$ for all $x\in\{0,1,...,p-1\}$ . Hence, we get the correct $p$ -values for all elements when we call $Find\_P\_Ordering((S_{x}-x)/p)$ in step 24.

From Theorem B.5, we know that $v_{p}(S_{i}-i,k)=v_{p}((S_{i}-i)/p,k)+k$ , hence we add $k$ to the $p$ -values of all elements of the output(step 27). We know that $v_{p}(S_{i},k)=v_{p}(S_{i}-i,k)$ , hence, the $p$ -values of each element are correct at the end of step 27.

Next, we show that Merge() preserves the $p$ -values, we’re done, since we know that Merge() doesn’t update the $p$ -values of any of the elements. Let an element $q$ is added at the $j^{th}$ position in the $p$ -ordering output by Merge(). Let all the elements before this element are in the set $X$ . Then, we know that the $p$ -value of this element is $w_{p}\left(\displaystyle\prod_{a_{i}\in X}(q-a_{i})\right)$ . By Observation B.3, we know that this is equal to $w_{p}\left(\displaystyle\prod_{a_{i}\in X_{q\pmod{p}}}(q-a_{i})\right)$ . Since, merge doesn’t re-order the $p$ -orderings on any input $S_{x}$ while merging, we know that this is exactly the $p$ -value of $q$ from before. Hence, Merge() preserves the $p$ -values.

Hence, the $p$ -values at the end of Merge() are correct (step 28). Hence, Find_ $p$ -Ordering( $S$ ) gives the correct $p$ -values.

Case 2:

Let all elements of $S$ go into a single $S_{i}$ .

Since, we recursively keep calling Find_ $p$ -Ordering( $\cdot$ ) on the reduced set, we know at some point, we would reach case 1. As proven above, at this point, we would get the correct $p$ -values. Hence, if we can show that given a correct $p$ -values in step 24, Find_ $p$ -Ordering( $\cdot$ ) outputs the correct $p$ -values, then by a recursive argument, this would output the correct $p$ -values for any set of size $k$ .

Let’s say that all the elements of $S$ fall into some set $S_{x}$ . We assume that Find_ $p$ -Ordering( $(S_{i}-i)/p$ ) outputs the correct $p$ -values, then if we can prove that we get the correct $p$ -values from $S$ , then by the above argument, we are done.

From Theorem B.5, we know that $v_{p}(S_{i}-i,k)=v_{p}((S_{i}-i)/p,k)+k$ , hence we add $k$ to the $p$ -values of all elements of the output (step 27). We know that $v_{p}(S_{i},k)=v_{p}(S_{i}-i,k)$ , hence, the $p$ -values of each element are correct at the end of step 27.

Since, all the elements in $S$ are in just one $S_{i}$ , Merge() acts as identity. Hence, the output at the end of Step 28 has the correct $p$ -values. Hence, Find_ $p$ -Ordering( $\cdot$ ) gives the correct $p$ -values for sets of size $k$ .

Hence, by induction, Find_ $p$ -Ordering( $\cdot$ ) outputs the correct $p$ -values on any subset of integers. $\blacksquare$

D.3 Time complexity of Algorithm 1

Theorem D.1.

Given a set $S\subset\bbbz$ of size $n$ and a prime $p$ , such that for all elements $a\in S$ , $a<p^{k}$ for some $k$ , Algorithm 1 returns a $p$ -ordering on $S$ in $\widetilde{\mathcal{O}}(nk\log p)$ time.

Proof.

We break the complexity analysis into $2$ parts, the time complexity for merging the subsets $S_{i}$ ’s and the time complexity due the to recursive step.

Time complexity of Merge( $S_{0},S_{1},...,S_{p-1}$ ) in Algorithm 1

Let $|S_{0}|+|S_{1}|+...+|S_{p-1}|=m$ . Then, the time complexity of making the heap (Step 7) is $\widetilde{\mathcal{O}}{(\min(m,p))}$ (the size of the heap). Next, the construction of common $p$ -ordering (Steps 8-14) takes $\widetilde{\mathcal{O}}{(m\log{p})}$ time, this is because extraction of an element and addition of an element are both bound by $\widetilde{\mathcal{O}}{(\log{p})}$ and the runs a total of $m$ times. Hence, the total time complexity of Merge( $S_{0},S_{1},...,S_{p-1}$ ) is $\widetilde{\mathcal{O}}{(\min(m,p)+m\log{p})}=\widetilde{\mathcal{O}}{(m\log{p})}$ time.

Time complexity of Algorithm 1

Let $|S|=n$ and $S\subset\bbbz_{p^{k}}$ . Then the recursion depth of Find_ $p$ -Ordering( $S$ ) is bound by $k$ . Now at each depth, all the elements are distributed into multiple heaps(of sizes $m_{1},m_{2},...,m_{q}$ ). Hence, the sum of sizes of all smaller sets at a given depth $\sum_{i=1}^{q}m_{i}<n$ . Hence, the time to run any depth is $\sum_{i=1}^{q}\widetilde{\mathcal{O}}{(m_{i}\log{p})}=\widetilde{\mathcal{O}}{(n\log{p})}$ . Hence, total time complexity for $k$ depth is $\widetilde{\mathcal{O}}{(nk\log{p})}$ . $\blacksquare$ ∎

Appendix E Correctness and Complexity of Algorithm 2

E.1 Proof of Theorem 4.2

In this appendix we prove that the $valuations$ array from Algorithm 2 maintains the correct valuations.

First we initialize the valuations array to zero, which implies that when we have our $p$ -ordering as a null set $\phi$ and add the first element to it, we can select any number according to definition 6.

Suppose we have generated a $p$ -ordering upto length $\tilde{n}$ with $i_{1},i_{2}\dots i_{|S|}$ being the number of elements from each representative root in $S$ . Now if we add another element to this $p$ -ordering, from say the $j^{th}$ representative root, the $p$ -value contributed corresponding to each of the representative roots apart from the $j^{th}$ one will be $v_{p}(\beta_{t}-\beta_{j})$ where $t\neq j$ , according to Observation B.2. Also since we have $i_{t}$ many elements from each of $t^{th}$ representative root, the contribution to $p$ -value will be $i_{t}v_{p}(\beta_{t}-\beta_{j})$ . Next, we find the $p$ -value contributed due to the same representative root.

Notice that, from Observation B.6 we will have the elements of the $j^{th}$ representative root as a $p$ -ordering as well on $\beta_{j}+p^{k_{j}}*$ , of length $i_{j}$ . Now by Theorem B.4, we will have this $p$ -ordering on $\beta_{j}+p^{k_{j}}*$ as $\{\beta_{j},\beta_{j}+p^{k_{j}},\beta_{j}+p^{k_{j}}2,\dots\beta_{j}+p^{k_{j}}(i_{j}-1)\}$ . When we add another element to this the $p$ -value contributed due to $j^{th}$ representative root will be $k_{j}v_{p}(i_{j}!)$ .

Summing them the total $p$ -value at each step, considering the next element to be added being from $j^{th}$ representative root is $\sum_{t\in[|S|];t\neq j}i_{t}v_{p}(\beta_{t}-\beta_{j})+k_{j}v_{p}(i_{j}!)$ . We choose $j$ such that this expression is minimum in our algorithm.

Now, we want to show that $valuations[j]=\sum_{t\in[|S|];t\neq j}i_{t}v_{p}(\beta_{t}-\beta_{j})+k_{j}v_{p}(i_{j}!)$ . We do this inductively. First we already have $0$ stored in each entry of $valuations$ . Let, we have obtained a $p$ -ordering upto length $\tilde{n}$ with the respective indices as $i_{1},i_{2}\dots i_{|}S|$ with the $p$ -value corresponding to addition of next element from $j^{th}$ representative root correctly stored in $valuations[j]$ . Next, when we add an element from say the $t^{th}$ representative root ( $t=min\_index$ ) we need to change the $valuations$ accordingly.

When we add this element we increase $i_{t}$ by one $(i_{t}^{\prime}=i_{t}+1)$ . Now when we add another element, say $m$ , (after the last element from the $t^{th}$ representative root), if $m\neq t$ then the new $p$ -value will be $\sum_{l\in[|S|];l\not\in\{t,m\}}i_{l}v_{p}(\beta_{l}-\beta_{m})+(i_{t}+1)v_{p}(\beta_{t}-\beta_{m})+k_{m}v_{p}(i_{m}!)$ which is $v_{p}(\beta_{t}-\beta_{m})$ more than the previous $valuations[m]$ . So accordingly we add this value in the previous step (when we find $t$ as the $min\_index$ and then update in Steps 29-30).

However if this $m$ (the next $min\_index$ after adding an element from $t^{th}$ representative root) is same as $t$ , then the $p$ -value will be $\sum_{l\in[|S|];l\neq t}i_{l}v_{p}(\beta_{l}-\beta_{t})+k_{t}v_{p}((i_{t}+1)!)$ while the previous value of $valuations[t]$ was $\sum_{l\in[|S|];l\neq t}i_{l}v_{p}(\beta_{l}-\beta_{t})+k_{t}v_{p}(i_{t}!)$ and this difference $v_{p}((i_{t}+1)!)-v_{p}(i_{t}!)$ is stored in $p$ -Exponent_Increase( $i_{j}$ ). We thereby update Steps 31-32 of Algorithm 2 to incorporate this change. Hence $valuations$ correctly stores the $p$ -value as desired. $\blacksquare$

E.2 Time complexity of Algorithm 2

Theorem E.1.

Given a set $S\subset\bbbz_{p^{k}}$ , for a prime $p$ and an integer $k$ , that can be represented in terms of $d$ representative roots, Algorithm 2 finds a $p$ -ordering of length $n$ for $S$ in $\widetilde{\mathcal{O}}(d^{2}k\log p+nk\log p+np)$ time.

Proof.

Let $S$ contains $d$ representative roots of $\bbbz_{p^{k}}$ and we want to find the $p$ -ordering up to length $n$ , then, Correlate( $S$ ) runs a double loop, each of size $d$ , and each iteration takes $\widetilde{\mathcal{O}}{(k\log{p})}$ , hence, Correlate( $S$ ) takes $\widetilde{\mathcal{O}}{(d^{2}k\log{p})}$ . $p$ -Exponent_Increase( $n$ ) runs a single loop of size $n$ where each iteration takes $\widetilde{\mathcal{O}}{(k\log{p})}$ time, hence, it takes $\widetilde{\mathcal{O}}{(nk\log{p})}$ . Then main loop run a loop of size $n$ , inside this loop we do $\mathcal{O}(d)$ operations on elements of size $\log{k}$ , hence, it takes $\widetilde{\mathcal{O}}{(nd)}$ time. Hence, in total, our algorithm takes $\widetilde{\mathcal{O}}{(d^{2}k\log{p}+nk\log{p}+nd)}$ time. $\blacksquare$ ∎

Appendix F Structure of root sets

Observation F.1.

Let $f(x)=\sum_{i=0}^{\infty}b_{i}\cdot x^{i}\in\bbbz_{p^{k}}[x]$ , for $k<p$ ( $k$ is small), be a polynomial with root-set $A$ . Let $\alpha_{i}\equiv j\bmod{p}$ for all $i\in[k]$ , be $k$ numbers such that for no $i,j$ , $\alpha_{i}-\alpha_{j}\nequiv 0\bmod{p^{2}}$ . Let $\alpha_{i}\in A$ , for all $i\in[k]$ , then $S_{j}=\{s\in\bbbz_{p^{k}}\mid s\equiv j\bmod{p}\}\subseteq A$ .

Proof.

Let, for all $i\in[k]$ , $\alpha_{l}=j+p*\beta_{l}$ , then since $\alpha_{l}$ is in the root set of $f(\cdot)$ , therefore,

f(j+p*\beta_{l})=\sum_{i=0}^{\infty}b_{l}\cdot(j+p*\beta_{l})^{i}\equiv 0\bmod{p^{k}}.

Hence,

\sum_{i=0}^{k-1}p^{i}\cdot\beta_{l}^{i}\cdot g_{i}(j)\equiv 0\bmod{p^{k}},

where, $g_{i}(x)=\sum_{n=0}^{\infty}\binom{n+i}{n}\cdot b_{n+i}\cdot x^{n}$ . Writing this system of equations in the form of matrices $B\cdot X=0\bmod{p^{k}}$ , we get,

\begin{bmatrix}1&\beta_{0}&\cdots&\beta_{0}^{k-1}\\ 1&\beta_{1}&\cdots&\beta_{1}^{k-1}\\ \vdots&\vdots&\ddots&\vdots\\ 1&\beta_{k-1}&\cdots&\beta_{k-1}^{k-1}\\ \end{bmatrix}\begin{bmatrix}g_{0}(j)\\ p\cdot g_{1}(j)\\ \vdots\\ p^{k-1}\cdot g_{k-1}(j)\\ \end{bmatrix}=\begin{bmatrix}0\\ 0\\ \vdots\\ 0\\ \end{bmatrix}\bmod{p^{k}}.

Here, $|det(B)|=\left\lvert\prod\limits_{i\neq j\in[k]}(\beta_{i}-\beta_{j})\right\rvert$ . Since $\beta_{i}-\beta_{j}\nequiv 0\bmod{p}$ , therefore, $det(B)\nequiv 0\bmod{p}$ . Hence, $B$ has an inverse. Multiplying by the inverse on both sides, we get,

\begin{bmatrix}g_{0}(j)\\ p\cdot g_{1}(j)\\ \vdots\\ p^{k-1}\cdot g_{k-1}(j)\\ \end{bmatrix}=\begin{bmatrix}0\\ 0\\ \vdots\\ 0\\ \end{bmatrix}\bmod{p^{k}},or,

for $i\in[k]$ , $g_{i}(j)\equiv 0\bmod{p^{k-i}}$ . Hence, for any element $j+p\cdot\beta\in S_{j}$ , $f(j+p*\beta)=\sum_{i=0}^{k-1}p^{i}\cdot\beta_{l}^{i}\cdot g_{i}(j)\equiv 0\bmod{p^{k}}$ (since $p^{i}\cdot g_{i}(j)\equiv 0\bmod{p^{k}}$ ). Therefore, all elements of $S_{j}$ are a root of $f(\cdot)$ , or $S_{j}\subseteq A$ . $\blacksquare$ ∎

F.1 Structure of root sets in $\bbbz_{p^{2}}$

From Section 5.1, we know if $\alpha=\alpha_{0}+\alpha_{1}\cdot p\in\bbbz_{p^{2}}$ be a root of some $f(x)$ in $\bbbz_{p^{2}}$ . Then

f(\alpha_{0})+p\cdot\alpha_{1}\cdot f^{\prime}(\alpha_{0})=0\bmod{p^{2}}.

Fixing $\alpha_{0}$ to some $j$ , we start looking at structures.

F.1.1 Case 1: root set contains atleast two roots

Let, our root set $R_{j}$ contains two distinct roots, say $j+\alpha_{1}^{0}\cdot p$ and $j+\alpha_{1}^{1}\cdot p$ . Then,

f(j)+p\cdot\alpha_{1}^{0}\cdot f^{\prime}(j)=0\bmod{p^{2}},

and

f(j)+p\cdot\alpha_{1}^{1}\cdot f^{\prime}(j)=0\bmod{p^{2}}.

Solving the above 2 equations, we get

f(j)=0\bmod{p^{2}},

and

f^{\prime}(j)=0\bmod{p}.

Hence, any $j+\tilde{\alpha}_{1}\cdot p$ , for $\tilde{\alpha}_{1}\in[p]$ , is a root of the polynomial, or $R_{j}=j+p\cdot\ast.$

Since, there’s no free variable in $R_{j}$ , we just have $1$ root-set of this structure.

F.1.2 Case 2: root set contains one root

Let, our root set $R_{j}$ contains just one root, say $j+\alpha_{1}\cdot p$ . Then,

f(j)+p\cdot\alpha_{1}\cdot f^{\prime}(j)=0\bmod{p^{2}}.

One can easily see that no new roots seep in at this point and a root set of this form is possible¹¹1Namely $f(x)=x-(j+\alpha_{1}\cdot p)$ .. Hence, $R_{j}=j+p\cdot\alpha_{1},$ for $\alpha_{1}\in[p]$ .

Since, $\alpha_{1}\in[p]$ , we just have $p$ root-sets of this structure.

F.1.3 Case 3: root set is empty

Let our root set is empty.²²2Namely $f(x)=a$ , where $a\neq 0$ . Hence, $R_{j}=\emptyset.$

Since, there’s no free variable in $R_{j}$ , we just have $1$ root-set of this structure.

Therefore, $N_{p_{2}}=p+2$ . Hence,

R_{j}=\begin{cases}j+p\cdot\ast\text{,}\\ j+p\cdot\alpha\text{, for }\alpha\in[p]\text{,}\\ \emptyset\text{.}\end{cases}

F.2 Structure of root sets in $\bbbz_{p^{3}}$

From Section 5.2, we know if $\alpha=\alpha_{0}+\alpha_{1}\cdot p+\alpha_{2}\cdot p^{2}\in\bbbz_{p^{3}}$ be a root of some $f(x)$ in $\bbbz_{p^{3}}$ . Then,

f(\alpha_{0})+p\cdot\alpha_{1}\cdot f^{\prime}(\alpha_{0})+\left((\alpha_{1})^{2}\cdot\frac{f^{\prime\prime}(\alpha_{0})}{2}+\alpha_{2}\cdot f^{\prime}(\alpha_{0})\right)\cdot p^{2}=0\bmod{p^{3}}.

Fixing $\alpha_{0}$ to some $j$ , we start looking at structures.

F.2.1 Case 1: root set contains atleast three roots different at $p^{1}$

Let, our root set $R_{j}$ contains three roots, say $j+\alpha_{1}^{0}\cdot p+\alpha_{2}^{0}\cdot p^{2}$ , $j+\alpha_{1}^{1}\cdot p+\alpha_{2}^{1}\cdot p^{2}$ and $j+\alpha_{1}^{2}\cdot p+\alpha_{2}^{2}\cdot p^{2}$ for $\alpha_{1}^{0}\neq\alpha_{1}^{1}\neq\alpha_{1}^{2}$ . Then, substituting the value and solving the 3 equations, we get

f(j)=0\bmod{p^{3}},

f^{\prime}(j)=0\bmod{p^{2}},

and

f^{\prime\prime}(j)=0\bmod{p}.

Hence, any $j+\tilde{\alpha}_{1}\cdot p+\tilde{\alpha}_{2}\cdot p^{2}$ , for $\tilde{\alpha}_{1},\tilde{\alpha}_{2}\in[p]$ , is a root of the polynomial, or $R_{j}=j+p\cdot\ast.$

Since, there’s no free variable in $R_{j}$ , we just have $1$ root-set of this structure.

F.2.2 Case 2: root set contains two roots different at $p^{1}$

Let, our root set $R_{j}$ contains three roots, say $j+\alpha_{1}^{0}\cdot p+\alpha_{2}^{0}\cdot p^{2}$ and $j+\alpha_{1}^{1}\cdot p+\alpha_{2}^{1}\cdot p^{2}$ for $\alpha_{1}^{0}\neq\alpha_{1}^{1}$ . Then, substituting the value and solving the 2 equations, we get

f(j)=0\bmod{p^{2}},

and

f^{\prime}(j)=0\bmod{p}.

Hence, any $j+\alpha_{1}^{0}\cdot p+\tilde{\alpha}_{2}\cdot p^{2}$ , for $\tilde{\alpha}_{2}\in[p]$ , and $j+\alpha_{1}^{1}\cdot p+\tilde{\alpha}_{2}\cdot p^{2}$ , for $\tilde{\alpha}_{2}\in[p]$ , is a root of the polynomial, or $R_{j}=\left(j+p\cdot\alpha_{1}^{0}+p^{2}\cdot\ast\right)\cup\left(j+p\cdot\alpha_{1}^{1}+p^{2}\cdot\ast\right),$ for $\alpha_{1}^{0}\neq\alpha_{1}^{1}$ and $\alpha_{1}^{0},\alpha_{1}^{1}\in\{0,1,...p-1\}.$

Since, $\alpha_{1}^{0}\neq\alpha_{1}^{1}$ and $\alpha_{1}^{0},\alpha_{1}^{1}\in\{0,1,...p-1\}$ , we just have $\frac{p\cdot(p-1)}{2}$ root-sets of this structure.

F.2.3 Case 3: root set contains two roots same at $p^{1}$

Let, our root set $R_{j}$ contains three roots, say $j+\alpha_{1}\cdot p+\alpha_{2}^{0}\cdot p^{2}$ and $j+\alpha_{1}\cdot p+\alpha_{2}^{1}\cdot p^{2}$ for $\alpha_{2}^{0}\neq\alpha_{2}^{1}$ . Then, substituting the value and solving the 2 equations, we get

f(j)=0\bmod{p^{2}},

and

f^{\prime}(j)=0\bmod{p}.

Hence, any $j+\alpha_{1}\cdot p+\tilde{\alpha}_{2}\cdot p^{2}$ , for $\tilde{\alpha}_{2}\in[p]$ , is a root of the polynomial, or $R_{j}=j+p\cdot\alpha_{1}+p^{2}\cdot\ast,$ for $\alpha_{1},\alpha_{1}^{1}\in\{0,1,...p-1\}.$

Since, $\alpha_{1}\in\{0,1,...p-1\}$ , we just have $p$ root-sets of this structure.

F.2.4 Case 4: root set contains one root

Similar to Appendix F.1, we can have just one root $\alpha=j+\alpha_{1}\cdot p+\alpha_{2}\cdot p^{2}$ as a root of $f(x)$ and no new roots seep in. Hence, $R_{j}=j+p\cdot\alpha_{1}+p^{2}\cdot\alpha_{2},$ for $\alpha_{1},\alpha_{2}\in[p]$ .

Since, $\alpha_{1},\alpha_{2}\in[p]$ , we just have $p^{2}$ root-set of this structure.

F.2.5 Case 5: root set is empty

Similar to Appendix F.1, our root set can be empty. Hence, $R_{j}=\emptyset.$

Since, there’s no free variable in $R_{j}$ , we just have $1$ root-set of this structure.

Therefore, $N_{p_{3}}=\frac{3p^{2}+p+4}{2}$ . Hence,

R_{j}=\begin{cases}j+p\cdot\ast\text{,}\\ (j+p\cdot\alpha_{1}+p^{2}\ast)\cup(j+p\cdot\alpha_{2}+p^{2}\ast)\text{, for }\alpha_{1}\neq\alpha_{2}\in[p]\text{,}\\ j+p\cdot\alpha+p^{2}\ast\text{, for }\alpha\in[p]\text{,}\\ j+p\cdot\alpha_{1}+p^{2}\cdot\alpha_{2}\text{, for }\alpha_{1},\alpha_{2}\in[p]\text{,}\\ \emptyset\text{.}\end{cases}

F.3 Structure of root sets in $\bbbz_{p^{4}}$

From Section 5.3, we know if $\alpha=\alpha_{0}+\alpha_{1}\cdot p+\alpha_{2}\cdot p^{2}+\alpha_{3}\cdot p^{3}\in\bbbz_{p^{4}}$ be a root of some $f(x)$ in $\bbbz_{p^{4}}$ . Then,

f(\alpha_{0})+p\cdot\alpha_{1}\cdot f^{\prime}(\alpha_{0})+\left((\alpha_{1})^{2}\cdot\frac{f^{\prime\prime}(\alpha_{0})}{2}+\alpha_{2}\cdot f^{\prime}(\alpha_{0})\right)\cdot p^{2}\\ +\left((\alpha_{1})^{3}\cdot\frac{f^{\prime\prime\prime}(\alpha_{0})}{6}+2\cdot\alpha_{1}\cdot\alpha_{2}\cdot f^{\prime\prime}(\alpha_{0})+\alpha_{3}\cdot f^{\prime}(\alpha_{0})\right)\cdot p^{3}=0\bmod{p^{4}}.

Fixing $\alpha_{0}$ to some $j$ , we start looking at structures.

F.3.1 Case 1: root set contains atleast four roots different at $p^{1}$

Let, our root set $R_{j}$ contains four roots different at $p^{1}$ . Then, substituting the value and solving the 4 equations, we get

f(j)=0\bmod{p^{4}},

f^{\prime}(j)=0\bmod{p^{3}},

f^{\prime\prime}(j)=0\bmod{p^{2}},

and

f^{\prime\prime\prime}(j)=0\bmod{p}.

Hence, $R_{j}=j+p\cdot\ast.$

Since, there’s no free variable in $R_{j}$ , we just have $1$ root-set of this structure.

F.3.2 Case 2: root set contains three roots different at $p^{1}$

Let, our root set $R_{j}$ contains three roots different at $p^{1}$ . Then, substituting the value and solving the 3 equations, we get

f(j)=0\bmod{p^{3}},

f^{\prime}(j)=0\bmod{p^{2}},

and

f^{\prime\prime}(j)=0\bmod{p}.

Hence,

R_{j}=(j+p\cdot\alpha_{1}+p^{2}\ast)\cup(j+p\cdot\alpha_{2}+p^{2}\ast)\cup(j+p\cdot\alpha_{3}+p^{2}\ast)

Since, $\alpha_{1}\neq\alpha_{2}\neq\alpha_{3}\in[p]$ , we have $\frac{p(p-1)(p-2)}{6}$ such root sets.

F.3.3 Case 3: root set contains three roots of which 2 are different at $p^{1}$ and 2 are different at $p^{2}$

Similar to last case, we get

f(j)=0\bmod{p^{3}},

f^{\prime}(j)=0\bmod{p^{2}},

and

f^{\prime\prime}(j)=0\bmod{p}.

Hence,

R_{j}=(j+p\cdot\alpha_{1}+p^{2}\ast)\cup(j+p\cdot\alpha_{2}+p^{2}\ast)

Since, $\alpha_{1}\neq\alpha_{2}\in[p]$ , we have $\frac{p(p-1)}{2}$ such root sets.

F.3.4 Case 4: root set contains two roots different at $p^{2}$

Similar to last case, we get

f(j)=0\bmod{p^{3}},

f^{\prime}(j)=0\bmod{p^{2}},

and

f^{\prime\prime}(j)=0\bmod{p}.

Hence,

R_{j}=(j+p\cdot\alpha_{1}+p^{2}\ast)

Since, $\alpha_{1}\in[p]$ , we have $p$ such root sets.

F.3.5 Case 5: root set contains two roots different at $p^{1}$

Let, our root set $R_{j}$ contains two roots different at $p^{1}$ . Then, substituting the value and solving the 2 equations, we get

f(j)=0\bmod{p^{2}},

and

f^{\prime}(j)=0\bmod{p}.

Hence,

R_{j}=(j+p\cdot\alpha_{1}+p^{2}\cdot\beta_{1}+p^{3}\ast)\cup(j+p\cdot\alpha_{2}+p^{2}\cdot\beta_{2}+p^{3}\ast)

Since, $\alpha_{1},\alpha_{2},\beta_{1},\beta_{2}\in[p]$ and $\alpha_{1}\neq\alpha_{2}$ , we have $\frac{p^{3}(p-1)}{2}$ such root sets.

F.3.6 Case 6: root set contains two roots different at $p^{3}$

Let, our root set $R_{j}$ contains two roots different at $p^{3}$ . Then, substituting the value and solving the 2 equations, we get

f(j)=0\bmod{p^{2}},

and

f^{\prime}(j)=0\bmod{p}.

Hence,

R_{j}=(j+p\cdot\alpha_{1}+p^{2}\cdot\alpha_{2}+p^{3}\cdot\ast)

Since, $\alpha_{1},\alpha_{2}\in[p]$ , we have $p^{2}$ such root sets.

F.3.7 Case 7: root set is a single element

Similar to the Appendix F.2,

R_{j}=(j+p\cdot\alpha_{1}+p^{2}\cdot\alpha_{2}+p^{3}\cdot\alpha_{3})

Since, $\alpha_{1},\alpha_{2},\alpha_{3}\in[p]$ , we have $p^{3}$ such root sets.

F.3.8 Case 8: root set is a empty

R_{j}=\emptyset

We have 1 such root set.

Therefore, $N_{p_{4}}=\frac{3p^{4}+4p^{3}+6p^{2}+5p+12}{6}$ . Hence,

R_{j}=\begin{cases}j+p\cdot\ast\text{,}\\ (j+p\cdot\alpha_{1}+p^{2}\ast)\cup(j+p\cdot\alpha_{2}+p^{2}\ast)\cup(j+p\cdot\alpha_{3}+p^{2}\ast)\text{, for }\alpha_{1}\neq\alpha_{2}\neq\alpha_{3}\in[p]\text{,}\\ (j+p\cdot\alpha_{1}+p^{2}\ast)\cup(j+p\cdot\alpha_{2}+p^{2}\ast)\text{, for }\alpha_{1}\neq\alpha_{2}\in[p]\text{,}\\ j+p\cdot\alpha+p^{2}\ast\text{, for }\alpha\in[p]\text{,}\\ (j+p\cdot\alpha_{1}+p^{2}\cdot\beta_{1}+p^{3}\ast)\cup(j+p\cdot\alpha_{2}+p^{2}\cdot\beta_{2}+p^{3}\ast)\text{, for }\alpha_{1}\neq\alpha_{2}\,\beta_{1},\beta_{2}\in[p]\text{,}\\ j+p\cdot\alpha_{1}+p^{2}\cdot\alpha_{2}+p^{3}\cdot\ast\text{, for }\alpha_{1},\alpha_{2}\in[p]\text{,}\\ j+p\cdot\alpha_{1}+p^{2}\cdot\alpha_{2}+p^{3}\cdot\alpha_{3}\text{, for }\alpha_{1},\alpha_{2},\alpha_{3}\in[p]\text{,}\\ \emptyset\text{.}\end{cases}

On algorithms to find pp-ordering

Abstract

Keywords:

1 Introduction

Our contributions

2 Preliminaries

Definition 1.

Definition 2.

Definition 3.

Representative Roots:

Definition 4.

Definition 5.

Theorem 2.1.

Proof.

pp-ordering and pp-sequence

Definition 6 ([Bha97]).

Theorem 2.2 ([Bha97]).

3 Algorithm to find p-ordering on a given set

Theorem 3.1.

Outline of the algorithm

3.1 Proof of Theorem 3.1

Theorem 3.2 (Correctness of Merge()).

Proof outline.

Theorem 3.3 (Correctness of valuations).

Proof outline.

Proof of Theorem 3.1.

4 Algorithm to find pp-ordering on a set of representative roots

Theorem 4.1.

Outline of the algorithm

4.1 Proof of Correctness

Theorem 4.2.

Proof outline.

Proof of Theorem 4.1.

5 Structure of root sets for a given kk

5.1 k=2k=2

5.2 k=3k=3

5.3 k=4k=4

References

Appendix A Naive Algorithm to find pp-ordering

Time Complexity:

Appendix B Observations about representative roots and pp-sequences/pp-orderings

B.1 Representative roots

Observation B.1.

Proof.

Case 1:

Case 2:

Observation B.2.

Proof.

B.2 pp-ordering and pp-sequence

Observation B.3 ([Mau01]).

Observation B.4.

Observation B.5.

Observation B.6.

Proof.

Appendix C Min-heap data structure

Appendix D Correctness and Complexity of Algorithm 1

D.1 Proof of Theorem 3.2

D.2 Proof of Theorem 3.3

Case 1:

Case 2:

D.3 Time complexity of Algorithm 1

Theorem D.1.

Proof.

Time complexity of Merge(S0,S1,…,Sp−1S_{0},S_{1},...,S_{p-1}) in Algorithm 1

Time complexity of Algorithm 1

Appendix E Correctness and Complexity of Algorithm 2

E.1 Proof of Theorem 4.2

E.2 Time complexity of Algorithm 2

Theorem E.1.

Proof.

Appendix F Structure of root sets

Observation F.1.

Proof.

F.1 Structure of root sets in ℤp2\bbbz_{p^{2}}

F.1.1 Case 1: root set contains atleast two roots

F.1.2 Case 2: root set contains one root

F.1.3 Case 3: root set is empty

F.2 Structure of root sets in ℤp3\bbbz_{p^{3}}

F.2.1 Case 1: root set contains atleast three roots different at p1p^{1}

F.2.2 Case 2: root set contains two roots different at p1p^{1}

On algorithms to find $p$ -ordering

$p$ -ordering and $p$ -sequence

4 Algorithm to find $p$ -ordering on a set of representative roots

5 Structure of root sets for a given $k$

5.1 $k=2$

5.2 $k=3$

5.3 $k=4$

Appendix A Naive Algorithm to find $p$ -ordering

Appendix B Observations about representative roots and $p$ -sequences/ $p$ -orderings

B.2 $p$ -ordering and $p$ -sequence

Time complexity of Merge( $S_{0},S_{1},...,S_{p-1}$ ) in Algorithm 1

F.1 Structure of root sets in $\bbbz_{p^{2}}$

F.2 Structure of root sets in $\bbbz_{p^{3}}$

F.2.1 Case 1: root set contains atleast three roots different at $p^{1}$

F.2.2 Case 2: root set contains two roots different at $p^{1}$

F.2.3 Case 3: root set contains two roots same at $p^{1}$

F.3 Structure of root sets in $\bbbz_{p^{4}}$

F.3.1 Case 1: root set contains atleast four roots different at $p^{1}$

F.3.2 Case 2: root set contains three roots different at $p^{1}$

F.3.3 Case 3: root set contains three roots of which 2 are different at $p^{1}$ and 2 are different at $p^{2}$

F.3.4 Case 4: root set contains two roots different at $p^{2}$

F.3.5 Case 5: root set contains two roots different at $p^{1}$

F.3.6 Case 6: root set contains two roots different at $p^{3}$