## 数学代写|数论代写Number Theory代考|Chinese remaindering and polynomial interpolation

We remind the reader of the discussion following Theorem 17.17 , where the point was made that when $n_i=\left(\mathrm{x}-b_i\right)$ for $i=1, \ldots, k$, then the Chinese remainder theorem for polynomials reduces to Lagrange interpolation. Thus, Theorem 18.6 says that given distinct elements $b_1, \ldots, b_k \in F$, along with elements $a_1, \ldots, a_k \in F$, we can compute the unique polynomial $z \in F[\mathrm{X}]$ of degree less than $k$ such that
$$z\left(b_i\right)=a_i \quad(i=1, \ldots, k),$$
using $O\left(k^2\right)$ operations in $F$.
It is perhaps worth noting that we could also solve the polynomial interpolation problem using Gaussian elimination, by inverting the corresponding Vandermonde matrix. However, this algorithm would use $O\left(k^3\right)$ operations in $F$. This is a specific instance of a more general phenomenon: there are many computational problems involving polynomials over fields that can be solved using Gaussian elimination, but which can be solved more efficiently using more specialized algorithmic techniques.

EXERCISE 18.7. State and re-work the polynomial analog of Exercises 4.3 and 4.4. In the special case of polynomial interpolation, this algorithm is called Newton interpolation.

## 数学代写|数论代写Number Theory代考|Mutual independence and secret sharing

As we also saw in the discussion following Theorem 17.17, for $\ell \leq k$ and fixed and distinct $b_1, \ldots, b_{\ell} \in F$, the “multi-point evaluation” map $\sigma: F[\mathrm{X}]{{\ell}\right)\right) \in F^{\times \ell}$ is a surjective $F$-linear map.

If $F$ is a finite field, then this has the following probabilistic interpretation: if the coefficient vector $\left(z_0, \ldots, z_{k-1}\right)$ of $z$ is a random variable, uniformly distributed over $F^{\times k}$, then the random variable $\left(z\left(b_1\right), \ldots, z\left(b_{\ell}\right)\right)$ is uniformly distributed over $F^{\times \ell}$ (see part (a) of Exercise 8.22). Put another way, the collection ${z(b): b \in F}$ of random variables is $\ell$-wise independent, where each individual $z(b)$ is uniformly distributed over $F$. Clearly, given $z$ and $b$, we can efficiently compute the value of $z(b)$, so this construction gives us a nice way to build effectively constructible, $\ell$-wise independent collections of random variables for any $\ell$, thus generalizing the constructions in Example 6.17 and Exercise 6.16 of pairwise and 3 -wise independent collections.

As a particular application of this idea, we describe a simple secret sharing scheme. Suppose Alice wants to share a secret among some number $m$ of parties, call them $P_1, \ldots, P_m$, in such a way that if less than $k$ parties share their individual secret shares with one another, then Alice’s secret is still well hidden, while any subset of $k$ parties can reconstruct Alice’s secret.
She can do this as follows. Suppose her secret $s$ is (or can be encoded as) an element of a finite field $F$, and that $b_0, b_1, \ldots, b_m$ are some fixed, distinct elements of $F$, where $b_0=0$. This presumes, of course, that $|F| \geq m+1$. To share her secret $s$, Alice chooses $z_1, \ldots, z_{k-1} \in F$ at random, and sets $z_0:=$ s. Let $z \in F[\mathrm{X}]$ be the polynomial whose coefficient vector is $\left(z_0, \ldots, z_{k-1}\right)$; that is,
$$z=\sum_{i=0}^{k-1} z_i \mathrm{X}^i .$$
For $i=1, \ldots, m$, Alice gives party $P_i$ its share
$$a_i:=z\left(b_i\right) .$$
For the purposes of analysis, it is convenient to define
$$a_0:=z\left(b_0\right)=z(0)=z_0=s .$$

