Vandermonde Matrix with Roots of Cyclotomic Polynomial over Ring (ℤp)

Theorem A-11.4 (in §A-11.4) showed that

V ⋅ V^{T} = n ⋅ I_{n}^{R}

, where

V

is the Vandermonde matrix

V = 𝑉𝑎𝑛𝑑𝑒𝑟 (x_{0}, x_{1},⋯, x_{n−1})

, where each

x_{i}

is the primitive

μ

-th root of unity over

X ∈ ℂ

(i.e., complex number) and

μ

is a power of 2. In this subsection, we will show that the relation

V ⋅ V^{T} = n ⋅ I_{n}^{R}

holds even if each

x_{i}

is the primitive

μ

-th root of unity over

X ∈ ℤ_{p}

(i.e., ring). In particular, we will prove Theorem A-11.4:

$⟨$ Theorem A-11.5 $⟩$ Vandermonde Matrix with Roots of (power-of-2)-th Cyclotomic Polynomial over Ring ( $ℤ_{p}$ )

The proof takes the same format as that of Theorem A-11.4 (in §A-11.4). Suppose we have an $n ×n$ (where $n$ is a power of 2) Vandermonde matrix comprised of $n$ distinct roots of the $μ$ -th cyclotomic polynomial over $X ∈ ℤ_{p}$ (ring), where $μ$ is a power of 2 and $n = \frac{μ}{2}$ . In other words, $V = 𝑉𝑎𝑛𝑑𝑒𝑟 (x_{0}, x_{1},⋯, x_{n−1})$ , where each $x_{i}$ is the root of $X^{n} + 1$ (i.e., the primitive $(μ = 2n)$ -th roots of unity). Then, the following holds:

$V ⋅ V^{T} = [\begin{matrix} 0 & ⋯ & 0 & 0 & n \\ 0 & ⋯ & 0 & n & 0 \\ 0 & ⋯ & n & 0 & 0 \\ ⋮ & ... & ⋮ & ⋮ & ⋮ \\ n & 0 & 0 & ⋯ & 0 \end{matrix}] = n⋅ I_{n}^{R}$

And $V^{−1} = n^{−1} ⋅ V^{T} ⋅ I_{n}^{R}$

Proof.

1.

V ⋅ V^{T}

is expanded as follows:

$V ⋅ V^{T} = [\begin{matrix} 1 & (ω) & {(ω)}^{2} & ⋯ & {(ω)}^{n−1} \\ 1 & (ω^{3}) & {(ω^{3})}^{2} & ⋯ & {(ω^{3})}^{n−1} \\ 1 & (ω^{5}) & {(ω^{5})}^{2} & ⋯ & {(ω^{5})}^{n−1} \\ ⋮ & ⋮ & ⋮ & ⋱ & ⋮ \\ 1 & (ω^{2n−1}) & {(ω^{2n−1})}^{2} & ⋯ & {(ω^{2n−1})}^{n−1} \end{matrix}] ⋅ [\begin{matrix} 1 & 1 & 1 & ⋯ & 1 \\ (ω) & (ω^{3}) & (ω^{5}) & ⋯ & (ω^{2n−1}) \\ {(ω)}^{2} & {(ω^{3})}^{2} & {(ω^{5})}^{2} & ⋯ & {(ω^{2n−1})}^{2} \\ ⋮ & ⋮ & ⋮ & ⋱ & ⋮ \\ {(ω)}^{n−1} & {(ω^{3})}^{n−1} & {(ω^{5})}^{n−1} & ⋯ & {(ω^{2n−1})}^{n−1} \end{matrix}]$

$= [\begin{matrix} ∑_{k=0}^{n−1} ω^{2k} & ∑_{k=0}^{n−1} ω^{4k} & ∑_{k=0}^{n−1} ω^{6k} & ⋯ & ∑_{k=0}^{n−1} ω^{2nk} \\ ∑_{k=0}^{n−1} ω^{4k} & ∑_{k=0}^{n−1} ω^{6k} & ∑_{k=0}^{n−1} ω^{8k} & ⋯ & ∑_{k=0}^{n−1} ω^{2k(n+1)} \\ ∑_{k=0}^{n−1} ω^{6k} & ∑_{k=0}^{n−1} ω^{8k} & ∑_{k=0}^{n−1} ω^{10k} & ⋯ & ∑_{k=0}^{n−1} ω^{2k(n+2)} \\ ⋮ & ⋮ & ⋮ & ⋱ & ⋮ \\ ∑_{k=0}^{n−1} ω^{2nk} & ∑_{k=0}^{n−1} ω^{2(n+1)k} & ∑_{k=0}^{n−1} ω^{2(n+2)k} & ⋯ & ∑_{k=0}^{n−1} ω^{2(n+n−1)k} \end{matrix}]$

, where $ω$ (i.e., the primitive $(μ = 2n)$ -th root of unity) has the order $2n$ .

2.

Note that the

V ⋅ V^{T}

matrix’s anti-diagonal elements are

∑_{k=0}^{n−1} ω^{2nk}

. It can be seen that

ω^{2n} ≡1 mod p

, because

{𝖮𝗋𝖽}_{p} (ω) = 2n

. Thus, the

V ⋅ V^{T}

matrix’s every anti-diagonal element is

∑_{k=0}^{n−1} 1 = n

3.

Next, we will prove that the

V ⋅ V^{T}

matrix has

0

for all other positions than the anti-diagonal ones. In other words, we will prove the following:

$∑_{k=0}^{n−1} ω^{2k} = ∑_{k=0}^{n−1} ω^{4k} = ∑_{k=0}^{n−1} ω^{6k} = ⋯ = ∑_{k=0}^{n−1} ω^{2(n−1)k} = ∑_{k=0}^{n−1} ω^{2(n+1)k} = ⋯ = ∑_{k=0}^{n−1} ω^{2(2n−1)k} = 0$

The above is true by the Geometric Sum formula (Theorem A-11.4.1). As shown in the proof step 3 of Theorem A-11.4, each element is of the form $∑_{k=0}^{n−1} {(ω^{2m})}^{k}$ for some integer $m$ (where $2m$ is not a multiple of $2n$ ). Let $r = ω^{2m}$ . Then:

$∑_{k=0}^{n−1} r^{k} = \frac{r^{n} −1}{r −1} = \frac{{(ω^{2m})}^{n} −1}{ω^{2m} −1} = \frac{{(ω^{n})}^{2m} −1}{ω^{2m} −1}$

Since $ω$ is a root of $X^{n} + 1$ , we know $ω^{n} ≡−1 mod p$ . Thus:

$\frac{{(−1)}^{2m} −1}{ω^{2m} −1} = \frac{1 −1}{ω^{2m} −1} = 0$

Therefore, the sum is 0 for all off-anti-diagonal positions.

4.

According to step 1 and 2, the

V ⋅ V^{T}

matrix has

n

on its anti-diagonal positions and

0

for all other positions.

5.

Now we will derive the formula for

V^{−1}

. Given

V ⋅ V^{T} = n ⋅ I_{n}^{R}

$V^{−1} ⋅V ⋅ V^{T} = V^{−1} ⋅n ⋅ I_{n}^{R}$

$V^{T} = V^{−1} ⋅n ⋅ I_{n}^{R}$

$V^{T} ⋅ I_{n}^{R} = V^{−1} ⋅n ⋅ I_{n}^{R} ⋅ I_{n}^{R}$

$V^{T} ⋅ I_{n}^{R} = V^{−1} ⋅n$ # since $I_{n}^{R} ⋅ I_{n}^{R} = I_{n}$

Now, there is one caveat: modulo operation does not support direct number division (as explained in §A-1.4). This means that the formula $V^{−1} = \frac{V^{T} ⋅ I_{n}^{R}}{n}$ in Theorem A-11.4 (in §A-11.4) is inapplicable in our case, because our modulo $p$ arithmetic does not allow direct division of $V^{T} ⋅ I_{n}^{R}$ by $n$ . Therefore, we instead multiply $V^{T} ⋅ I_{n}^{R}$ by the inverse of $n$ (i.e., $n^{−1}$ ). We continue as follows:

$V^{T} ⋅ I_{n}^{R} = V^{−1} ⋅n$

$V^{T} ⋅ I_{n}^{R} ⋅ n^{−1} = V^{−1} ⋅n ⋅ n^{−1}$

$V^{−1} = n^{−1} ⋅ V^{T} ⋅ I_{n}^{R}$

□

We finally proved that

V ⋅ V^{T} = n ⋅ I_{n}^{R}

, and

V^{−1} = n^{−1} ⋅ V^{T} ⋅ I_{n}^{R}

. Later in the BFV scheme (§D-2), we will use

V^{−1}

to encode an integer vector into a vector of polynomial coefficients, and

V^{T}

to decode it back to the integer vector (§D-2.2).

Condition for

𝛍

: Like in CKKS, it’s worthwhile to note that the property

V ⋅ V^{T} = n ⋅ I_{n}^{R}

does not hold if

μ

(denoting the

μ

-th cyclotomic polynomial) is not a power of 2. In particular, step 3 of the proof does not hold anymore if

μ

is not a power of 2:

∑_{k=0}^{n−1} ω^{2k} ≠ ∑_{k=0}^{n−1} ω^{4k} ≠ ∑_{k=0}^{n−1} ω^{6k} ≠⋯≠ ∑_{k=0}^{n−1} ω^{2(n−1)k} ≠ ∑_{k=0}^{n−1} ω^{2(n+1)k} ≠⋯≠ ∑_{k=0}^{n−1} ω^{2(2n−1)k} ≠0

A-11.5 Vandermonde Matrix with Roots of Cyclotomic Polynomial over Ring (ℤp)

A-11.5 Vandermonde Matrix with Roots of Cyclotomic Polynomial over Ring ( $ℤ_{p}$ )