An iterative algorithm for parametrization of shortest length shift registers over finite rings M. Kuijper and R. Pinto∗† 2 1 January 31, 2012 0 2 n a Abstract J 8 TheconstructionofshortestfeedbackshiftregistersforafinitesequenceS1,...,SN isconsidered 2 over the finite ring Zpr. A novel algorithm is presented that yields a parametrization of all shortest feedbackshiftregistersforthesequenceofnumbersS ,...,S , thussolvinganopenprobleminthe 1 N ] literature. Thealgorithmiterativelyprocesseseachnumber,startingwithS ,andconstructsateach T 1 step a particular type of minimal Gro¨bner basis. The construction involves a simple update rule I . at each step which leads to computational efficiency. It is shown that the algorithm simultaneously s computes a similar parametrization for the reciprocal sequence S ,...,S . c N 1 [ 1 1 Introduction v 1 Minimal Gr¨obner bases have been identified in the literature [6, 14] as ideal tools for various types of 2 minimal interpolation problems. Among the most fundamental of those is the problem of constructing 9 5 shortest feedback shift registers for a given sequence of numbers S1,...,SN. This problem is motivated . by coding applications as well as cryptographic applications. In recent coding theoretic papers [27, 2] 1 0 a parametrization of solutions is used for the purpose of list decoding of Reed-Solomon codes. In this 2 paper we focus on the iterative construction of such a parametrization. 1 The recent paper [14] provides a conceptual framework for a noniterative solution based on minimal : v Gr¨obner bases. However, the “off the shelf” construction of the minimal Gr¨obner basis leads to ineffi- i X ciency. In this paper we aim for an iterative Gr¨obner-based solution much in the way of the efficient Berlekamp-Massey algorithm. Via a simple update rule, at each step k, the algorithm constructs a min- r a imal Gr¨obner basis that yields a parametrization of all shortest feedback shift registers for the sequence S ,...,S for k =1,...,N. Thus the Gr¨obner basis construction is tailored to the problem at hand. 1 k We find that the use of minimal Gr¨obner bases enhances the insightfulness of proofs due to the fact that we can explicitly use properties such as the ’predictable leading monomial property”, explained in the paper. Forthefieldcase, theideaofaGr¨obnerbasedalgorithmisalreadyinthe1995paper[6]. Infact,acloser inspectionshowsthatthealgorithmof[6]ispracticallyidenticaltoouralgorithminsubsection4.1onthe ∗M. Kuijper is with the Department of Electrical and Electronic Engineering, University of Melbourne, VIC 3010, Australia [email protected]; R. Pinto is with the Department of Mathematics, University of Aveiro, Aveiro, [email protected] †Partly supported by the Australian Research Council(ARC); partly supported by FEDER founds through COM- PETE–Operational Programme Factors of Competitiveness (“Programa Operacional Factores de Competitividade”) and by Portuguese founds through the Center for Research and Development in Mathematics and Applications (University of Aveiro) and the Portuguese Foundation for Science and Technology (“FCT–Fundac¸˜ao para a Ciˆencia e a Tecnologia”), withinprojectPEst-C/MAT/UI4106/2011withCOMPETEnumberFCOMP-01-0124-FEDER-022690. 1 field case. However, our formulation differs to such an extent that it leads to a reinterpretation of some of the auxiliary polynomials as shortest feedback shift registers for the reciprocal sequence S ,...,S . N 1 This connection with the reciprocal sequence leads us to results on bidirectionality which is relevant for cryptographic applications, see [25]. Mostimportantlyhowever,ourformulationenablesourmainresultinsubsection4.2whichisanextension to sequences over the finite ring Z (where p is a prime integer and r is a positive integer). More pr specifically, Algorithm 4.8 is an iterative algorithm that constructs a parametrization of all shortest feedbackshiftregistersforasequenceS ,...,S inZ . Again,thealgorithmproceedsbyconstructinga 1 N pr particulartypeofminimalGr¨obnerbasisateachstep. Thisiswhereitdiffersfromthe1985Reeds-Sloane algorithm from [24] which also constructs a shortest feedback shift register for a sequence S ,...,S in 1 N Z , as a generalization of the Berlekamp-Massey algorithm. In fact, our Gr¨obner methodology yields pr a novel parametrization as well as insightful proofs, thus extending Massey’s parametrization result to the ring case. Note that a parametrization for the Z case is posed as an open problem in the 1999 pr paper [22]. Our proofs and results on sequences over the finite ring Z are nontrivial and cannot be regarded as pr straightforward extensions from the field case. In fact, our methodology in subsection 4.2 relies heavily on a recently developed new framework [12, 14] for dealing with polynomial vectors in Z [x]q. In our pr earlier paper [10] this methodology was applied to solve an open problem regarding minimal trellises of convolutional codes over Z . pr Further preliminary studies for this paper are [16] and [11]. 2 Preliminaries Minimal Gr¨obner bases are recognized as effective tools for minimal realization and interpolation prob- lems, see e.g. [6, 5, 18]. In recent papers [14, 13] this effectiveness was ascribed to a powerful property of minimal Gr¨obner bases, explicitly identified as the “Predictable Leading Monomial Property”. Before recalling this property let us first recall some terminology and basic results on Gr¨obner bases. Recall that a ring is called Noetherian if all of its ideals are finitely generated. Let us first present some preliminariesonpolynomialvectorswithcoefficientsinanoetheriancommutativeringR. NotethatR[x] is then also a noetherian ring. Weconsiderpolynomialsasrowvectors. Lete ,...,e denotetheunit(row)vectorsinRq. Theelements 1 q xαe with i ∈ {1,...,q} and α ∈ N are called monomials. Let us consider two types of orderings on i 0 these monomials, see also the textbook [1]: • The Term Over Position (top) ordering, defined as xαe <xβe :⇔ α<β or (α=β and i<j). i j • The Position Over Term (pot) ordering, defined as xαe <xβe :⇔ i<j or (i=j and α<β). i j Clearly, whatever ordering is chosen, every nonzero element f ∈R[x]q can be written uniquely as L (cid:88) f = c X , i i i=1 where L∈N, the c ’s are nonzero elements of R for i=1,...,L and X ,...,X are monomials, ordered i 1 L as X >···>X . Using the terminology of [1] we define 1 L 2 • lm(f):=X as the leading monomial of f 1 • lt(f):=c X as the leading term of f 1 1 • lc(f):=c as the leading coefficient of f 1 Writing X1 =xα1ei1, where α1 ∈N0 and i1 ∈{1,...,q}, we define • lpos(f):=i as the leading position of f 1 • deg(f):=α as the degree of f. 1 Below we denote the submodule generated by polynomials f , ..., f by (cid:104)f ,...,f (cid:105). There are several 1 n 1 n ways to define Gr¨obner bases, here we adopt the definition of [1] which requires us to first define the concept of ”leading term submodule”. Definition 2.1 ([1]) Let F be a subset of R[x]q. Then the submodule L(F), defined as L(F):=(cid:104)lt(f) | f ∈F(cid:105) is called the leading term submodule of F. Definition 2.2 ([1]) Let M ⊆ R[x]q be a module and G ⊆ M. Then G is called a Gr¨obner basis of M if L(G)=L(M). In order to define a concept of minimality we have the following definition. Definition 2.3 ([1, Def.4.1.1]) Let 0(cid:54)=f ∈R[x]q and let F ={f ,...,f } be a set of nonzero elements 1 s of R[x]q. Let α ,...,α ∈N and β ,...,β be nonzero distinct elements of R, where 1≤j ≤s for j1 jm 0 j1 jm i i=1,...,m, such that 1. lm(f)=xαji lm(fji) for i=1,...,m and 2. lt(f)=βj1xαj1 lt(fj1)+···+βjmxαjm lt(fjm). Define h:=f −(βj1xαj1fj1 +···+βjmxαjmfjm). Then we say that f reduces to h modulo F in one step and we write F f −→h. If f cannot be reduced modulo F, we say that f is minimal with respect to F. F Lemma 2.1 ([1, Lemma 4.1.3]) Let f, h and F be as in the above definition. If f −→ h then h = 0 or lm(h)<lm(f). Definition 2.4 ([1]) A Gro¨bner basis G is called minimal if all its elements g are minimal with respect to G\{g}. Elements of a minimal Gr¨obner basis have the convenient property that all their leading monomials are different from each other. In the case that R = F is a field, they have exactly dim (M) elements and exhibit another powerful property, see the next theorem which merely formulates a well known result. 3 Theorem 2.2 ([14])LetM beasubmoduleofF[x]q withminimalGr¨obnerbasisG={g ,...,g }. Then 1 m for any 0(cid:54)=f ∈M, written as f =a g +···+a g , (1) 1 1 m m where a ,...,a ∈F[x], we have 1 m lm(f)= max (lm(a g )). (2) i i 1≤i≤m;ai(cid:54)=0 Conform [14] we call the property of the above theorem the Predictable Leading Monomial (PLM) property. Note that this property involves not only degree information (as in the ‘predictable degree property’ first introduced in [7]) but also leading position information. The above theorem holds no matter which monomial ordering is chosen; here we only consider top or pot, but one could also employ reflected versions of top or pot, as in [14] or weighted versions of top or pot, as in [2]. The next corollary follows immediately from the above theorem. Corollary 2.3 Let M be a submodule of F[x]2 of dimension 2 with minimal Gr¨obner basis G={g ,g }. 1 2 Suppose that lpos(g ) = 2. Then g is the lowest degree vector in M with 2 as leading position. A 2 2 parametrization of all such lowest degree vectors f is given by f =a g +a g , 2 2 1 1 with 0(cid:54)=a ∈F and the polynomial a ∈F[x] chosen such that lm(a g )≤lm(g ). 2 1 1 1 2 Theorem 2.2 also leads to parametrizations of other types of minimal vectors in M. This is outlined in a general formulation in the next theorem. Theorem 2.4 Let M be a submodule of F[x]q with minimal Gr¨obner basis G = {g ,...,g }. Let (cid:96) ∈ 1 m {1,...,m} and let P be a property of g that is absent in span {g }. Then among all elements in (cid:96) i(cid:54)=(cid:96) i M with property P, g has minimal leading monomial. More specifically, a parametrization of all such (cid:96) elements is given by: (cid:88) f =a g + a g , (cid:96) (cid:96) i i i(cid:54)=(cid:96) with 0(cid:54)=a ∈F and for all i(cid:54)=(cid:96) the polynomials a ∈F[x] chosen such that lm(a g )≤lm(g ). (cid:96) i i i (cid:96) Proof Suppose f ∈ M has property P and has minimal leading monomial. Obviously we can write f as a linear combination of g ,...,g . Because of the assumptions on G, it follows that this linear 1 m combination must use g . The parametrization now follows immediately from Theorem 2.2, that is, (cid:96) the PLM property of G. In particular, it follows that lm(f) = lm(g ), that is, g has minimal leading (cid:96) (cid:96) monomial among all elements in M with property P. Corollary 2.5 Let M be a submodule of F[x]2 of dimension 2 with minimal Gr¨obner basis G={g ,g }, 1 2 where g =[g g ] and g =[g g ]. Suppose that g (0)=0 and g (0)(cid:54)=0. Then g is the lowest 1 11 12 2 21 22 12 22 2 degree vector in M that satisfies g (0) (cid:54)= 0. More specifically, a parametrization of all lowest degree 22 f =[f f ] in M that satisfy f (0)(cid:54)=0 is given by 1 2 2 f =a g +a g , 2 2 1 1 with 0(cid:54)=a ∈F and the polynomial a ∈F[x] chosen such that lm(a g )≤lm(g ). 2 1 1 1 2 4 Proof Define f =[f f ] to have property P if f (0)(cid:54)=0. The result then follows immediately from 1 2 2 the previous theorem. We also have the following theorem, which merely reformulates the wellknown result of [8] that the maximum degree of the full size minors of a row reduced polynomial matrix equals the sum of its row degrees, see also [2]. Theorem 2.6 Let M be a module in F[x]q. Let G = {g ,...,g } be a minimal Gr¨obner basis of M 1 m with respect to the top ordering; denote the corresponding top degrees by (cid:96) := degg for i = 1,...,m. i i Let G˜ = {g˜ ,...,g˜ } be a minimal Gr¨obner basis of M with respect to the pot ordering; denote the 1 m corresponding pot degrees by (cid:96)˜ :=degg˜ for i=1,...,m. Then i i m m (cid:88)(cid:96) =(cid:88)(cid:96)˜. (3) i i i=1 i=1 We call the sum in (3) the degree of M, denoted by deg(M). 3 Gro¨bner bases for modules in Z [x]q pr In this section we turn our attention to the case where R is a finite ring of the form Z where r is a pr positive integer and p is a prime integer. For the sake of completeness we repeat several preliminaries from [12] and [14]. 3.1 Preliminaries on Z pr Asetthatplaysafundamentalroleinthissectionisthesetof“digits”,denotedbyA ={0,1,...,p−1}⊂ p Z . Recall that any element a ∈ Z can be written uniquely as a = θ +pθ +···+pr−1θ , where pr pr 0 1 r−1 θ ∈A for (cid:96)=0,...,r−1 (p-adic expansion). (cid:96) p Next, adopting terminology from [26], a scalar a in Z is said to have order k if the additive subgroup pr generated by a has pk elements. Scalars of order r are called units. Thus the scalars 1,p,p2,...,pr−1 have orders r,r −1,r −2,...,1, respectively. For any choice of monomial ordering (top or pot), we extend the above notion of ”order” for scalars to polynomial vectors as follows. Definition 3.1 The order of a nonzero polynomial vector f ∈ Z [x]q, is defined as the order of the pr scalar lc(f), denoted as ord(f). To deal with zero divisors occurring in Z [x]q, it is useful to use notions defined in [12] of ”p-linear pr dependence”and“p-generatorsequence”(suchnotionswerefirstintroducedfor”constant”modules,i.e., modules in Zq in [26]). pr Definition 3.2 ([12]) Let {v ,...,v } ⊂ Z [x]q. A p-linear combination of v ,...,v is a vec- 1 N pr 1 N N (cid:88) tor a v , where a ∈ A [x] for j = 1,...,N. Furthermore, the set of all p-linear combinations of j j j p j=1 v ,...,v is denoted by p-span{v ,...,v }, whereas the set of all linear combinations of v ,...,v 1 N 1 N 1 N with coefficients in Z [x] is denoted by span{v ,...,v }. pr 1 N Definition 3.3 ([12]) An ordered sequence (v ,...,v ) of vectors in Z [x]q is said to be a p-generator 1 N pr sequence if pv =0 and pv is a p-linear combination of v ,...,v for i=1,...,N −1. N i i+1 N 5 Theorem 3.1 ([12]) Let v ,...,v ∈Z [x]q. If (v ,...,v ) is a p-generator sequence then 1 N pr 1 N p−span{v ,...,v }= span{v ,...,v }. 1 N 1 N In particular, p−span{v ,...,v } is a submodule of Z [x]q. 1 N pr All submodules of Z [x]q can be written as the p-span of a p-generator sequence. In fact, if M = pr span{g ,...,g } then M is the p-span of the p-generator sequence 1 m (g ,pg ,...,pr−1g ,g ,pg ,...,pr−1g ,...,g ,pg ,...,pr−1g ). 1 1 1 2 2 2 m m m Definition 3.4 ([12]) The vectors v ,...,v ∈ Z [x]q are said to be p-linearly independent if the 1 N pr only p-linear combination of v ,...,v that equals zero is the trivial one. 1 N Definition 3.5 ([12]) Let M be a submodule of Z [x]q, written as the p-span of a p-generator sequence pr (v ,··· ,v ). Then (v ,··· ,v ) is called a p-basis of M if the vectors v ,...,v are p-linearly indepen- 1 N 1 N 1 N dent in Z [x]q. pr For consistency with the field case, here we call the number of elements of a p-basis the p-dimension of M, denoted as pdim(M). The following definition adjusts the PLM property from the previous section to the specific structure of Z . pr Definition 3.6 ([14]) Let M = p−span {v ,...,v } be a submodule of Z [x]q. Then {v ,...,v } has 1 N pr 1 N the p-Predictable Leading Monomial (p-PLM) property if for any 0(cid:54)=f ∈M, written as f =a v +···+a v , (4) 1 1 N N where a ,...,a ∈A [x], we have 1 N p lm(f)= max (lm(a f )). i i 1≤i≤N;ai(cid:54)=0 Note that, in contrast to the field case of the previous section, the above definition requires a ∈ A [x] i p rather than a ∈R[x]. i The next theorem is the analogon of Theorem 2.4; we omit its proof as it is very similar to the proof of Theorem 2.4. Theorem 3.2 Let M = p−span {v ,...,v } be a submodule of Z [x]q. Assume that {v ,...,v } has 1 N pr 1 N the p-PLM property. Let, for some (cid:96) ∈ {1,...,m}, P be a property of v that is absent in p-linear (cid:96) combinations of the other v ’s. Then among all elements in M with property P, v has minimal leading i (cid:96) monomial. More specifically, a parametrization of all such elements is given by: (cid:88) f =a v + a v , (cid:96) (cid:96) i i i(cid:54)=(cid:96) with 0(cid:54)=a ∈A and for all i(cid:54)=(cid:96) the polynomials a ∈A [x] chosen such that lm(a v )≤lm(v ). (cid:96) p i p i i (cid:96) Theabovetheoremgivesrisetotwocorollaries. ThefirstcorollaryistheringanalogonofCorollary2.3. Corollary 3.3 Let M =p−span{v ,...,v } be a submodule of Z [x]2. Assume that {v ,...,v } has 1 2r pr 1 2r the p-PLM property. Let j(cid:63) be such that lpos(v ) = 2 and ord(v ) = r. Then v is the lowest degree j(cid:63) j(cid:63) j(cid:63) vector in M that has order r and leading position 2. A parametrization of all such lowest degree vectors f is given by (cid:88) f =av + a v , j(cid:63) i i i∈{1,...,2r}\{j(cid:63)} with 0(cid:54)=a∈A and for all i(cid:54)=j(cid:63) the polynomials a ∈A [x] chosen such that lm(a v )≤lm(v ). p i p i i j(cid:63) 6 Proof Clearlyallvectorsin{v ,...,v }musthaveeitherdifferentordersordifferentleadingposition, 1 2r for otherwise the p-PLM property would not hold. In particular, this implies that j(cid:63) is unique. Now define f to have property P if ord f = r and lpos(f) = 2. It follows that this property is absent in p-linear combinations of the v ’s with i∈{1,...,2r}\{j(cid:63)}. The result now follows from Theorem 3.2. i The next corollary is the ring analogon of Corollary 2.5. Corollary 3.4 Let M =p−span{v ,...,v } be a submodule of Z [x]2. Assume that {v ,...,v } has 1 2r pr 1 2r the p-PLM property and write v =[v v ] for i=1,...,2r. Also assume that i i1 i2 v (0)=0 for i=1,...,r and ordv (0)=2r−i+1 for i=r+1,...,2r. (5) i2 i2 Then a parametrization of all lowest degree f =[f f ] in M with ordf (0)=r is given by 1 2 2 (cid:88) f =a v + a v , r+1 r+1 i i i(cid:54)=r+1 with0(cid:54)=a ∈A andforalli(cid:54)=r+1thepolynomialsa ∈A [x]chosensuchthatlm(a v )≤lm(v ). r+1 p i p i i r+1 Proof Define f =[f f ] to have property P if ordf (0)=r, that is, f (0) is a unit. The result now 1 2 2 2 follows immediately from Theorem 3.2. The question arises whether p-bases with the p-PLM property exist. The affirmative answer is provided by the next theorem from [14] which is the ring analogon of Theorem 2.2; the theorem shows that the natural ordering of elements of a minimal Gr¨obner basis gives rise to a p-basis with the p-PLM property. Theorem 3.5 ([14]) Let M be a submodule of Z [x]q with minimal Gr¨obner basis G = {g ,...,g }, pr 1 m ordered so that lm(g )>···>lm(g ). For 1≤j ≤m define 1 m β :=ord(g )−ord(g ), j j i where i is the smallest integer > j with lpos(g ) = lpos(g ). If i does not exist we define β := ord (g ). i j j j Then N =pdim(M)=β +β +···+β and the sequence V given as 1 2 m V =(g ,pg ,··· ,pβ1−1g ,g ,pg ,··· ,pβ2−1g ,··· ,g ,pg ,··· ,pβm−1g ) 1 1 1 2 2 2 m m m is a p-basis of M that has the p-PLM property. Conform [14] we call V a minimal Gr¨obner p-basis of M. Note that the degrees of vectors in V are nonincreasing. 4 Iterative algorithm Let R be a noetherian ring, as in the previous sections. Consider a sequence S ,...,S over R. A 1 N polynomial λ(x) = λ +λ x+···+λ xL ∈ R[x], with λ a unit is called a feedback polynomial of 0 1 L 0 length L if L (cid:88) λ S + λ S =0 for j =1,...,N −L. 0 L+j i L+j−i i=1 Note that λ may be zero. Now consider the module M in R[x]2 defined as the rowspace of L (cid:20) xN+1 0 (cid:21) . (6) −(S xN +S xN−1+···+S x) 1 N N−1 1 7 We seek to find a lowest top degree vector [γ(x) λ(x)] in M for which λ(0) is a unit. In terms of trajectories this vector can be interpreted as an annihilator: we have [−γ(σ) λ(σ)]b = 0, where σ is the forward shift operator and b:Z (cid:55)→R2 is given by − (cid:18) (cid:20) (cid:21) (cid:20) (cid:21) (cid:20) (cid:21) (cid:20) (cid:21) (cid:20) (cid:21)(cid:19) 0 1 0 0 0 b:= ... , , , ,..., . (7) 0 0 S S S 1 2 N Our objective in this paper is to develop an iterative algorithm to construct feedback polynomials of shortest length. This length is called the complexity of the sequence. We require the algorithm to construct, at each step k, an annihilator for σN−kb of lowest top degree. Remark 4.1 Note that the requirement to process S ,...,S at step k (rather than S ,...,S ) 1 k N N−k+1 necessitates our formulation in terms of “feedback polynomial” λ, rather than its reciprocal version, denoted as d in [14]. In this paper we call d a characteristic polynomial of the sequence S ,...,S ; the 1 N degreeofaminimalcharacteristicpolynomialequalsthecomplexityofthesequence. Thus, apolynomial d written as d(x)=d xL+···+d is a characteristic polynomial of S ,...,S if d is a unit and L 0 1 N L L (cid:88) d S + d S =0 for j =1,...,N −L. L L+j L−i L+j−i i=1 Consider the reciprocal module Mrec in R[x]2, defined as the rowspace of (cid:20) xN+1 0 (cid:21) . (8) −(S xN +S xN−1+···+S x) 1 1 2 N It is easily verified that a minimal characteristic polynomial d for S ,...,S is found in any vector 1 N [h d] in Mrec of leading position 2 that has minimal leading monomial, see [14]. Note that, by defi- nition, whenever λ is a unit, a feedback polynomial λ(x) = λ +λ x+···+λ xL of length L for a L 0 1 L sequenceS ,...,S alsoservesasacharacteristicpolynomialofthereciprocalsequenceS ,...,S ;such 1 N N 1 a polynomial is called bidirectional as in [25], see also [23]. 4.1 The field case In this subsection we focus on the case that R is a field F. Note that F is not required to be finite. The Berlekamp-Massey algorithm is a famous iterative algorithm that constructs a feedback polynomial of shortest length for a sequence S ,...,S in F. It processes a new data element S at each step k 1 N k for k = 1,...,N and then produces a feedback polynomial of shortest length for S ,...,S . In this 1 k subsection we present an algorithm that is identical to the Berlekamp-Massey algorithm apart from a slight modification of the update rule. Due to this modification, our algorithm iteratively constructs a minimal Gr¨obner basis at each step. The algorithm shares several useful properties with the Berlekamp- Massey algorithm, namely that it processes the data in a natural order and that it allows us to read off the solution at once. A closer inspection shows that the algorithm of [6] is practically identical to our algorithm. Our formulation is different however, using 2×2 polynomial matrices, as in Berlekamp’s original work [3], see also its formulation in the textbook [4]. This formulation facilitates explicit use of thePLMpropertyyieldingaparametrizationofallsolutionsaswellasaresultonthereciprocalsequence, seeTheorem4.5below. Furthermore,thisformulationfacilitatesanextensiontosequencesoverthefinite ring Z , presented in subsection 4.2 below. This extension proves nontrivial as it involves a careful use pr of the minimal Gr¨obner p-bases of the previous section. InthissubsectionwefocusonmodulesinF[x]q,whereFisafield. Insection2minimalGr¨obnerbaseswere defined, theycanbecomputedfor anymoduleusingcomputationalpackagessuchas Singular. Herewe will not use such packages, instead we iteratively construct minimal Gr¨obner bases in a computationally 8 efficient way. In order to be able to do this we first need to answer the following question: given a set of vectors in M, how do we recognize this set as a minimal Gr¨obner basis? The next theorem considers the specialcaseinwhichM isafullrankmodule; thetheoremholdsforeithertoporpotmonomialordering and uses the definition of a module’s “degree” following from Theorem 2.6. Theorem 4.2 Let M ∈F[x]q be a module of dimension q and degree δ and let G={g (x),...,g (x)}⊂ 1 q M. Then G is a minimal Gr¨obner basis of M if and only if the following two conditions hold: q (cid:88) 1. degg =δ; i i=1 2. all leading positions of the vectors g (x),...,g (x) are different. 1 q Proof Let G˜ = {g˜ ,...,g˜ } be a minimal Gr¨obner basis of M, ordered as lm(g˜ ) > lm(g˜ ) > ··· > 1 q 1 2 lm(g˜ ). Leti∈{1,...,q}. Itisobviousthatallleadingpositionsofg˜ (x),...,g˜ (x)aredifferent. Without q 1 q restrictions we may therefore assume that g and g˜ have the same leading position. The predictable i i leadingmonomialpropertyofG˜ (seeTheorem2.2)nowimpliesthatg isalinearcombinationofg˜ ,...,g˜ i 1 q that uses g˜ and it follows that lm(g ) ≥ lm(g˜). Since g and g˜ have the same leading position, this i i i i i implies that degg ≥degg˜. Consequently, by condition 1) of the theorem i i q q (cid:88) (cid:88) δ = degg ≥ degg˜ =δ, i i i=1 i=1 so that it follows that deg g = deg g˜ for i = 1,...,q. We also conclude that lt(g ) = a lt(g˜) for some i i i i i 0(cid:54)=a ∈F for i=1,...,q. As a result L(G)=L(G˜)=L(M), so that, by Definition 2.2, G is a Gr¨obner i basis for M. Furthermore, clearly G cannot be reduced, so that G is a minimal Gr¨obner basis for M. In the next algorithm the unit vectors e and e are defined as e := [1 0] and e := [0 1]; the two 1 2 1 2 rows of the matrix Rk are denoted by gk and gk, respectively. Recall that σ denotes the forward shift 1 2 operator. Algorithm 4.3 Input data: S ,...,S . 1 N Initialization: Define (cid:20) (cid:21) x 0 R0(x):= . 0 1 Proceed iteratively as follows for k =1,...,N. • Define the error trajectory ek :=(...,0,0,∆k):=Rk−1(σ)b , k where b is given as b :=σN−kb, with b given by (7). k k • Denote ∆k =(cid:2) ∆k ∆k (cid:3)T. 1 2 • Define Pk :={i∈{1,2}:∆k (cid:54)=0}. i • Define i(cid:63) :=arg min {lm(gk−1)}. i∈Pk i • Define the update matrix Ek(x):= x eTe +eT(−∆ke +∆ke ). ∆ki∗ 1 i(cid:63) 2 2 1 1 2 • Define Rk(x):=Ek(x)Rk−1(x). Output: R(x):=RN(x). 9 Lemma 4.4 Let S ,...,S be a sequence over a field F and let k ∈ {0,...,N}. Let Rk be the matrix 1 N obtained by applying Algorithm 4.3 to S ,...,S . Denote the two rows of Rk by gk := [gk gk ] and 1 k 1 11 12 gk :=[gk gk ]. Then, with respect to the top monomial ordering: 2 21 22 i) deggk+deggk =k+1 1 2 ii) lpos(gk)(cid:54)=lpos(gk) 1 2 iii) gk(0)=[0 0] and gk (0)=1 1 22 iv) ∆k+1 =1 1 v) Rk(σ)b =0 k Proof Clearlythelemmaholdsfork =0. Letusnowproceedbyinductionandassumethatthelemma holds for some k ∈{0,1,...,N −1}. To prove (iv) we observe that, by definition, gk+1(x)= x gk(x) 1 ∆k+1 1 1 if i∗ =1, or gk+1(x)= x gk(x) if i∗ =2. Thus, if i∗ =1 then 1 ∆k+1 2 2 1 1 1 gk+1(σ)b = gk(σ)σb = gk(σ)b = (...,0,0,∆k+1)=(...,0,0,1), 1 k+2 ∆k+1 1 k+2 ∆k+1 1 k+1 ∆k+1 1 1 1 1 in other words ∆k+2 = 1. Similarly, if i∗ = 2 then also gk+1(σ)b = (...,0,0,1), so that also in 1 1 k+2 this case ∆k+2 = 1. To prove (v), observe that Rk+1(x) := Ek+1(x)Rk(x) so that Rk+1(σ)b = 1 k+1 Ek+1(σ)Rk(σ)b = Ek+1(σ)e equals the zero trajectory by definition of Ek+1. Thus (v) holds. k+1 k+1 Further, using again the definition of Ek+1 as well as the induction hypotheses, it follows that (i)-(iii) hold. Thus all properties hold for k+1 and this proves the lemma by induction. Theorem 4.5 Let S ,...,S be a sequence over a field F and let R be the matrix obtained by applying 1 N Algorithm 4.3 to S ,...,S . Denote the two rows of R by g =[g g ] and g =[g g ]; denote L˜ := 1 N 1 11 12 2 21 22 deg g and L:=deg g with respect to the top monomial ordering. Then the complexity of the sequence 1 2 equals L and g is a feedback polynomial of shortest length L. More specifically, a parametrization of all 22 shortest length feedback polynomials is given by ag +bg , (9) 22 12 where 0(cid:54)=a∈F and b∈F[x] such that degb≤L−L˜. Furthermore, if lpos(g ) = 2 then the feedback polynomial g is bidirectional and (9) also parametrizes 2 22 all bidirectional minimal characteristic polynomials of the reciprocal sequence S ,...,S . Otherwise, i.e. N 1 if lpos(g ) = 1 then the complexity of the reciprocal sequence S ,...,S equals L˜ and g is a minimal 2 N 1 12 characteristicpolynomialofS ,...,S . Morespecifically, aparametrizationofallminimalcharacteristic N 1 polynomials of S ,...,S is given by N 1 ag +bg , (10) 12 22 where 0 (cid:54)= a ∈ F and b ∈ F[x] such that deg b ≤ L˜ −L. In particular, any choice of b ∈ F[x] such that degb≤L˜−L and b(0)(cid:54)=0 gives a bidirectional minimal characteristic polynomial of S ,...,S . N 1 Proof Let M be defined as the row space of (6). From Theorem 4.2 and (i) and (ii) of the previous lemma,itfollowsthatforallk ∈{0,...,N}theset{gk,gk}isaminimalGr¨obnerbasisfortherowspace 1 2 of (cid:20) xk+1 0 (cid:21) . −(S xk+S xk−1+···+S x) 1 k k−1 1 10