Schwartz-Zippel for multilinear polynomials mod N

Abstract

We derive a tight upper bound on the probability over x=(x1,…,xμ) ∈ Zμ uniformly distributed in [0,m)μ that f(x) = 0 N for any μ-linear polynomial f ∈ Z[X1,…,Xμ] co-prime to N. We show that for N=p1r1,...,pr this probability is bounded by μm + Πi=1 I1pi(ri,μ) where I is the regularized beta function. Furthermore, we provide an inverse result that for any target parameter λ bounds the minimum size of N for which the probability that f(x) 0 N is at most 2-λ + μm. For μ =1 this is simply N ≥ 2λ. For μ ≥ 2, 2(N) ≥ 8 μ2+ 2(2 μ)· λ the probability that f(x) 0 N is bounded by 2-λ +μm. We also present a computational method that derives tighter bounds for specific values of μ and λ. For example, our analysis shows that for μ=20, λ = 120 (values typical in cryptography applications), and 2(N)≥ 416 the probability is bounded by 2-120+20m. We provide a table of computational bounds for a large set of μ and λ values.