The complexity of the annihilating polynomial.

Neeraj Kayal ∗
[email protected]

February 11, 2009

Abstract
Let F be a field and f1 , . . . , fk ∈ F[x1 , . . . , xn ] be a set of k polynomials of degree d in n
variables over the field F. These polynomials are said to be algebraically dependent if there exists
a nonzero k-variate polynomial A(t1 , . . . , tk ) ∈ F[t1 , . . . , tk ] such that A(f1 , . . . , fk ) = 0. A is
then called an (f1 , . . . , fk )-annihilating polynomial.
Within computer science, the notion of algebraic dependence was used in Dvir, Gabizon and
Wigderson [DGW07] to construct explicit deterministic extractors from low-degree polynomial
sources. They also observed that given (f1 , . . . , fk ) as arithmetic circuits, there exists an efficient
randomized algorithm for testing their algebraic independence. The problems of determining
good bounds on the degree of the annihilating polynomial and of computing it explicitly were
posed as open questions. We solve the two posed problems in the following way:
1. We give closely matching upper and lower bounds for the degree of the annihilating poly-
nomial.
2. We show that it is NP-hard to decide if A(0, . . . , 0) equals zero and #P-hard to evaluate
A(0, . . . , 0)(mod p) for a given prime p. Indeed the annihilating polynomial A(t1 , . . . , tk )
does not even admit a small circuit representation unless the polynomial hierarchy col-
lapses.
This then, to the best of our knowledge, is the only natural computational problem where
determining the existence of an object (the annihilating polynomial in our case) can be done
efficiently but the actual computation of the object is provably hard.

1 Introduction
Motivation
The notion of algebraic dependence between a set of polynomials is defined as follows.
Definition 1. Algebraic Dependence. Let f = (f1 , . . . , fk ) be a vector of k polynomials (of
degree ≤ d) where each fi ∈ F[x1 , . . . , xn ] is an n-variate polynomial over the field F. A nonzero
polynomial A(t1 , . . . , tk ) ∈ F[t1 , . . . , tk ] is said to be an f -annihilating polynomial if A(f1 , . . . , fk ) =
0. The polynomials f1 , . . . , fk are said to be algebraically dependent if there exists an f -annihilating
polynomial.

Example: The polynomials f1 (x, y) := (x2 + y)2 and f2 (x, y) := (x2 + y)3 + 1 are algebraically
dependent for they satisfy the equation f13 = (f2 − 1)2 . Thus A(t1 , t2 ) = t31 − (t2 − 1)2 is a (f1 , f2 )-
annihilating polynomial. On the other hand the monomials x and y in F[x, y] are algebraically
independent.
∗
Microsoft Research India.

1
 The concept of algebraic dependence is a basic concept in algebra and algebraic geometry (cf.
the texts by Schinzel [Sch82] and by Hartshorne [Har77]). It was used by Dvir, Gabizon and
Wigderson [DGW07] to construct deterministic extractors for sources which are polynomial maps
over finite fields. In this paper we study this relationship between polynomials from a computational
perspective. This kind of study has been done before by L’vov [L’v84]. L’vov was motivated to
work on this problem for it amounts to computing the ‘invariant relationships’ that exist between
the values computed at an intermediate stage of execution of an arithmetic straight-line program.
An invariant relationship is an algebraic equation satisfied by the intermediate values which holds
true for any choice of input values to the program, and thus its the same thing as an annihilating
polynomial.

Discussion and statement of results

Let us quickly review some useful combinatorial properties of this relationship. Observe that when
the polynomials all have degree d = 1 then algebraic independence coincides with the notion of
linear independence. From the definition of algebraic dependence it quickly follows that, as with
linear dependence, this relationship gives rise to a matroid over the set of polynomials. That is, it
satisfies the following combinatorial properties.
• If f1 , . . . , fk are algebraically independent, then any subset of polynomials in {f1 , . . . , fk } are
also algebraically independent.
• If a polynomial g is algebraically dependent on f1 , . . . , fk but not on f1 , . . . , fk−1 then fk is
algebraically dependent upon f1 , . . . , fk−1 , g.
These properties imply that all maximal algebraically independent subsets of f1 , . . . , fk have
the same cardinality. This number is defined to be the algebraic rank of the set of polynomials
f1 , . . . , fk . As we shall see, algebraic dependence also gives rise to a number of very interesting
algebraic properties. Now suppose that f = (f1 , . . . , fk ) are algebraically dependent polynomials,
no proper subset of which are algebraically dependent. We will see (Lemma 7) that the minimal
degree f -annihilating polynomial A(t1 , . . . , tk ) is unique upto constant factors. In this case a monic
minimal degree f -annihilating polynomial A(t) is uniquely defined and this polynomial A(t) we
shall refer to as the f -annihilating polynomial. The above discussion motivates the following two
questions:

• What is the complexity of testing the algebraic dependence of a given set of polynomials?
• What is the complexity of computing the smallest annihilating polynomial of a given set of
algebraically dependent polynomials?

For the sake of concreteness, we shall fix the underlying field F to be the field Q of rational
numbers. The questions posed above make sense for any field and many of the results contained
here also hold for any field F, especially if the field has a large enough characteristic. At first
sight, the two questions posed above appear to have the same complexity but it turns out that the
decision problem concerning the existence of an annihilating polynomial turns out to be far easier.
Let Jf (x) be the partial derivative matrix,
 
def ∂fi
Jf (x) = .
∂xj k×n

This matrix is known as the jacobian of the set of polynomials in f . The following is a classical
theorem (cf. Ehrenborg and Rota [ER93] for a proof).

2
Theorem 2. The Jacobian Criterion for algebraic independence: Let f1 , . . . , fk ∈
F[x1 , . . . , xn ] be a set of k polynomials in n variables over the field F. Then these polynomials
are algebraically independent if and only if the Jacobian matrix, Jf (x), matrix has rank k.

From this result follows easily an efficient randomized algorithm due to [DGW07] for testing
algebraic dependence.

Corollary 3. There exists a randomized polynomial time algorithm that on input a set of k arith-
metic circuits over a field F, determines if the polynomials computed by these arithmetic circuits
are algebraically dependent or not.

Proof. Let the polynomial computed by the i-th circuit be fi (x1 , . . . , xn ). By the result of Baur-
∂fi
Strassen-Morgenstern [BS83, Mor85] we can efficiently construct another circuit that computes ∂x j
for all j ∈ [n]. With these circuits for partial derivatives in hand, we can determine the rank
of the partial derivative matrix by plugging in random values. As in the randomized Schwarz-
Zippel identity testing algorithm [Sch80, Zip90] the rank of the jacobian matrix with these random
values of the variables plugged in will equal the algebraic rank of the jacobian matrix with high
probability.

The above theorem gave rise to the hope that we may also be able to compute the f -annihilating
polynomial (perhaps by examining the null space and the range space of Jf (x) more closely). As
we shall see, however, the task of computing the annihilating polynomial turns out to be much
more difficult. In studying the complexity of various computational problems, it is rather unusual
to come across a computational problem for which we can determine the existence of a solution
to a computational problem without being able to compute the solution explicitly. So let us take
a moment to understand what is going on here. A key observation that is used in the proof of
theorem 2 is the following:

Lemma 4. Over any field and for any set of polynomials in n variables, their algebraic rank is at
most n. In particular, a set of (n + 1) polynomials in n variables is algebraically dependent.

The proof of this lemma is via a dimension counting argument and it is the chief non-constructive
ingredient in the proof of Theorem 2. Our main technical contribution is is to analyse this situation
and to give, in Lemma 9, a much more insightful description of the minimal annihilating polynomial
for a set of n + 1 polynomials in n variables. This description is then used to prove the degree and
complexity lower bounds.
Let us first ask the question - ‘If the input polynomials have degree at most d, then what is the
maximum possible degree of the annihilating polynomial’ ? We show that if the fi ’s are dependent
then there exists an annihilating polynomial of degree at most (r + 1) · dr , where r is the algebraic
rank of the input polynomials. We also give a very explicit family of polynomials whose minimal
annihilating polynomial has degree at least dr . These bounds give a satisfactory answer to the last
question. They also imply a PSPACE-algorithm for computing the annihilating polynomial.
Let us now look a the problem of computing A(t). Let us assume that we are given as input
a set of polynomials f1 , . . . , fk in the usual dense representation of polynomials, wherein

a poly-
d+n
nomial of degree d in n variables is specified by specifying the coefficients of all the n possible
monomials. The degree lower bound means that it may take exponential time to write down the
polynomial A(t1 , . . . , tk ) in the usual dense representation of polynomials. But perhaps it is fea-
sible to compute the coefficients of some specific monomials of A(t) or to evaluate A(t) at some
specific points of interest? So let us look at the complexity of computing just the constant term,
or equivalently, of evaluating A(t) at the point (0, . . . , 0). We show that it is NP-hard to decide

3
if A(0, . . . , 0) equals zero and #P-hard to evaluate A(0, . . . , 0) modulo a given prime p. Even if
A(t1 , . . . , tk ) cannot be computed efficiently, does there at least exist a small circuit representation
of A(t1 , . . . , tk )? We show that A(t1 , . . . , tk ) does not admit a small circuit representation unless
the polynomial hierarchy collapses

Comparison with previous work. As mentioned earlier these questions were investigated earlier
by [L’v84]. For the degree an upper bound of (n + 1)dn was previously established. Note that the
algebraic rank r is always less than or equal to the number of variables n (Lemma 4) and thus our
degree upper bound of (r + 1)dr is an improvement on the previous bound. In cases where r is
significantly smaller than n, this is much better. For example, when r = 1, our bound is linear
whereas the previous bound is exponential. To the best of our knowledge no lower bounds were
known previously.

Remark. For many of the usual fields F such as finte fields, real numbers and rational func-
tion fields over C, the converse problem of deciding whether a given polynomial A(t1 , . . . , tk ) ∈
F[t1 , . . . , tk ] admits a solution in the ring F[x] of polynomials over F is known to be undecidable
[KR92, Vid94, Den78].

The rest of this paper is organized as follows: after reviewing some preliminaries in section 2,
we prove the unqueness and other fundamental properties of the minimal annihilating polynomial
in section 3. These are then used to give degree bounds for the annihilating polynomial in section
4 and computational complexity bounds in section 5. For lack of space, we push some of the proofs
to the appendix.

2 Preliminaries
We will use [n] to denote the set of integers {1, 2, . . . , n}. F will denote a field and F its algebraic
closure. F[x1 , . . . , xn ] shall denote the ring of polynomials in variables {xi |i ∈ [n]} over F and
F(x1 , . . . , xn ) the field of rational functions in these variables. For f ∈ F[x1 , . . . , xn ], deg(f ) will
denote the total degree of f and degxi (f ) will denote the degree of f with respect to the variable
xi . We shall say that f (x) is monic if the coefficient of the largest monomial in antilexicographic
order occuring in f (x) is 1. For f1 , . . . , fk ∈ F[x1 , . . . , xn ], F[f1 , . . . , fk ] ⊆ F[x1 , . . . , xn ] shall denote
the subalgebra of F[x1 , . . . , xn ] generated by f1 , . . . , fk . That is,
def
F[f1 , . . . , fk ] = {B(f1 , . . . , fk ) | B(t1 , . . . , tk ) ∈ F[t1 , . . . , tk ]}.

We shall use bold letters such as x to denote a vector with the number of elements in the vector
being understood from the context in which it appears.

2.1 Algebraic Preliminaries

Absolute Irreducibility.
Definition 5. A polynomial f (x1 , . . . , xn ) ∈ F[x1 , . . . , xn ] is said to be absolutely irreducible if it
is irreducible over the algebraic closure of F.

Example: For example, (y 2 − x3 ) ∈ Q[x, √ y] is absolutely

√ irreducible whereas (y 2√+ x2 ) ∈ Q[x, y]
is irreducible over Q but factors into (y + −1x)(y − −1x) over the extension Q( −1) and hence
is not absolutely irreducible.

4
 We shall require the following special case of the Hilbert Nullstellensatz.

Lemma 6. Let F be an algebraically closed field and f, g ∈ F[x1 , . . . , xn ] be (multivariate) polyno-

n
mials over F. Let g(x) be F-irreducible. If every zero a ∈ F of f (x) is also a zero of g(x) then the
polynomial f (x) is a power of g(x). That is, there exists an integer t ∈ Z≥0 such that f (x) = g(x)t .

Rings, characteristic polynomials and resultants.

Let R ⊇ F be a ring whose elements constitute a finite dimensional vector space over the field
F. Then for any α ∈ R, the map φα : R 7→ R, φα (r) = r · α is a linear transformation on this
vector space. We will refer to the characteristic polynomial (in the indeterminate z) of this linear
tranformation φα as the characteristic polynomial of α and denote it by charpolyα∈R/F (z) ∈ F[z].
Recall that charpolyα∈R/F (z) has a zero constant term (i.e. charpolyα∈R/F (0) = 0) if and only if
the element α ∈ R is a zero divisor in the ring R.
Now suppose that R is of the form R := F[x]/hg(x)i, where g(x) ∈ F[x] is a univariate polyno-
mial. Viewing an arbitary polynomial f (x) ∈ F[x] as an element of R via the natural homomorphism
f (x) 7→ f (x) mod g(x), we will denote by charpolyf (x) mod g(x) (z) ∈ F[z] the characteristic poly-
nomial of this element of R. Then charpolyf (x)mod g(x) (z) has a zero constant term if and only
if f (x) and g(x) have a common zero in the algebraic closure F of F. Finally, the resultant with
respect to the variable xi of two polynomials f (x) and g(x) shall be denoted by Resx (f, g).

3 Properties of the annihilating polynomial.

Let F be a field and f1 , . . . , fk ∈ F[x1 , . . . , xn ] be a set of k polynomials in n variables over the
field F. Suppose that these polynomials are algebraically dependent. Then the set of f -annihilating
polynomials forms an ideal U of the polynomial ring F[t1 , . . . , tk ] (easy verification). In this section
we investigate the properties of this ideal U and the minimal degree polynomials in U. We shall
establish that when f := (f1 , . . . , fk ) forms a minimal set of algebraically dependent polynomials
then there exists a unique (upto constant factors) minimal f -annihilating polynomial A(t1 , . . . , tk ).
Moreover this polynomial A(t) is absolutely irreducible and it generates the ideal U.

Lemma 7. Let f1 , f2 , . . . , fk ∈ F[x1 , . . . , xn ] be a set of algebraically dependent polynomials in n

variables over the field F, no proper subset of which is algebraically dependent. Then the ideal U
of f -annhilating polynomials is generated by a single absolutely irreducible polynomial A(t). More-
over, A(t) remains the minimal annihilating polynomial of {f1 , f2 , . . . , fk } when they are viewed as
polynomials over the algebraic closure F of F.

Proof. See appendix.

We now investigate the annihilating polynomial more closely and show its relationship to a
certain characteristic polynomial. We begin with an easy observation.

Lemma 8. Let f1 , . . . , fk ∈ F[x1 , . . . , xn ] be polynomials such that the system of equations

f1 = . . . = fk = 0
n
has a common solution P ∈ F . If f1 , . . . , fk happen to be algebraically dependent with an annihi-
lating polynomial A(t1 , . . . , tk ) then A(0, . . . , 0) = 0.

5
Proof. Since A(t) is f -annihilating, we have

A(f1 (x), . . . , fk (x)) = 0

⇒ A(f1 (P ), . . . , fk (P )) = 0
⇒ A(0, . . . , 0) = 0.

At this point, it is natural to wonder if the converse of the above lemma is true. If the converse
were true, it would have immediately implied the NP-hardness of determining if A(0, . . . , 0) = 0.
As it turns out, the converse is not true as the following example shows.
Example: Consider the following polynomials over C:
def def def
f1 = x1 , f2 = x1 x2 − 1, f3 = x21 x2

The polynomial
def
A(t1 , t2 , t3 ) = t3 − t1 · (t2 + 1)
is an (f1 , f2 , f3 )-annihilating polynomial (easy verification), is absolutely irreducible (since it is
linear with respect to t3 ) and is therefore the unique minimal f -annihilating polynomial. Note that
A(0, 0, 0) = 0. However, the system of equations

f1 = f2 = f3 = 0

has no common solution in C because x2 f1 − f2 = 1 (Hilbert Nullstellensatz).

Nevertheless, we shall show that a partial converse to Lemma 8 does hold true. This partial con-
verse will fall out of a nice characterization of the annihilating polynomial as a certain characteristic
polynomial.
Lemma 9. For each i ∈ [n], let fi (x1 , . . . , xi ) ∈ F[x1 , . . . , xi ] be a polynomial in the variables
x1 , . . . , xi . Suppose further that fi when viewed as a univariate polynomial in xi with coefficients
from F[x1 , . . . , xi−1 ] is monic. Let g(x1 , . . . , xn ) ∈ F[x1 , . . . , xn ] be some n-variate polynomial over
F. Define r(v1 , . . . , vn , u) ∈ F(v1 , . . . , vn )[u] to be the polynomial
def
r(v1 , . . . , vn , u) = charpolyg(x) mod (f1 −v1 ,...,fn −vn ) (u).

Then the set of polynomials f := (f1 , . . . , fn , g) has algebraic rank n and r(v1 , . . . , vn , u) is a power
of the minimal f -annihilating polynomial.
Proof.
Claim 9.1. The set of polynomials f1 , . . . , fn , g has algebraic rank n.
Proof of Claim 9.1: Observe that the polynomial fi depends only on the variables x1 , . . . , xi and
∂fi
by being monic in xi we also have that ∂x i
is nonzero. Thus the n × n partial derivative matrix
 
def ∂fi
J =
∂xj n×n

is a lower triangular matrix with non-zero entries on the diagonal. This means that J is non-
singular and by Theorem 2 we get that f1 , . . . , fn are algebraically independent. 1 Thus the rank
1
This proof fails when F has a small characteristic but nevertheless it can be shown that f1 , . . . , fn are algebraically
independent over any field F.

6
of f1 , . . . , fn , g is at least n. Moreover f1 , . . . , fn , g being polynomials in n variables, their rank is
most n. Thus this set of polynomials has rank exactly n. 

Since the minimal annihilating polynomial remains unchanged when we move from F to F
(Lemma 7), we can assume without loss of generality that F itself is algebraically closed. We now
claim that:

n+1
Claim 9.2. If (b1 , . . . , bn , a) ∈ F is any zero of r(v1 , . . . , vn , u) then it is also a zero of
A(v1 , . . . , vn , u).
Assuming this claim, and using the absolute irreducibility of A(v1 , . . . , vn , u) (lemma 7), we get
the desired result immediately from an application of the Nullstellensatz (Lemma 6).
Proof of Claim 9.2: Note that A(v1 , . . . , vn , u) is the minimal (f1 , . . . , fn , g)-annihilating poly-
nomial if and only if A(v1 + b1 , . . . , vn + bn , u + a) is the minimal (f1 − b1 , . . . , fn − bn , fn+1 − a)-
annihilating polynomial. Replacing fi by fi − bi and g by g − a throughout, we can assume without
loss of generality that (b1 , . . . , bn , a) = (0, . . . , 0, 0). Let
def n
V = {a := (α1 , . . . , αn ) ∈ F | f1 (a) = . . . = fn (a) = 0}

be the set of common zeroes to the system of equations f1 = . . . = fn = 0 in F. Note that by

assumption, this system of equations is a diagonal system of equations
Q with each fi being monic
with respect to xi . Thus the number of points in V is precisely i∈[n] di . In particular V is finite
and non-empty. Let R be the ring
def
R = F[x1 , . . . , xn ]/hf1 (x1 ), . . . , fn (x1 , . . . , xn )i.

Then the ring R is isomorphic to the ring

M
F[x1 , . . . , xn ]/hx1 − α1 , . . . , xn − αn i.
(α1 ,...,αn )∈V

Let θ be the isomorphism mapping elements of R to the direct-sum ring above. Viewing
g(x1 , . . . , xn ) as an element of R via the canonical map g(x) 7→ g(x) (mod f1 (x), . . . , fn (x)), θ(g)
equals
M M
g(x1 , . . . , xn ) (mod x1 − α1 , . . . , xn − αn ) = g(α1 , . . . , αn ).
(α1 ,...,αn )∈V (α1 ,...,αn )∈V

Thus the set of eigenvalues of the linear transformation corresponding to multiplication by g in the
ring R is precisely the set
{g(α1 , . . . , αn ) | (α1 , . . . , αn ) ∈ V}.
This means that the characteristic polynomial of g(x1 , . . . , xn ) in the ring R is
Y
(u − g(α1 , . . . , αn )).
(α1 ,...,αn )∈V

That is Y
r(0, . . . , 0, u) = (u − g(α1 , . . . , αn )).
(α1 ,...,αn )∈V

7
By assumption of the claim r(0, . . . , 0, 0) = 0 and therefore there exists

(α1 , . . . , αn ) ∈ V such that g(α1 , . . . , αn ) = 0.

def n
This means that the point P = (α1 , . . . , αn ) ∈ F is a common zero to the system of equations

f1 = . . . = fn = g = 0.

By lemma 8 we get A(0, . . . , 0, 0) = 0 as required. 

This completes the proof of the theorem.

4 Degree bounds for the annihilating polynomial.

4.1 Upper bound for the degree of the annihilating polynomial.
By a dimension counting argument followed by induction, [DGW07] showed that

Theorem 10. [DGW07] Let f = (f1 , . . . , fk )) be a set of algebraically dependent polynomials of

degree d in n variables over the field F. Then there exists an f -annihilating polynomial of degree at
most D = (n + 1) · dn .

We will improve the bound on the degree D to (r + 1) · dr , where r is the algebraic rank of f .
Note that r ≤ n and thus our bound is an improvement over the previous bound.

Theorem 11. Let F be a field and let f = (f1 , . . . , fk+1 ) be a set of polynomials of degree d in n
variables over the field F having algebraic rank r. Then there exists an f -annihilating polynomial
of degree at most D = (r + 1) · dr .

Proof. See appendix.

4.2 Lower bound for the degree of the annihilating polynomial.

Theorem 12. Let F be any field of characteristic zero. For any d ∈ Z≥1 , there exists a set of
polynomials f1 , . . . , fn , g ∈ F[x1 , . . . , xn ] of degree at most d and algebraic rank n such that the
minimal (f1 , . . . , fn , g)-annihilating polynomial has degree at least dn .

Proof. Define the polynomials fi ’s as follows. For each i ∈ [n],

def def
fi = xdi − 1 and g = x1 + . . . + xn − n.

We shall denote by ω a primitive d-th root of unity. Then for each i ∈ [n], we have
Y
fi (xi ) = (xi − ω j ).
j∈[d]

Let A(v1 , . . . , vn , u) be the minimal (f1 , . . . , fn , g)-annihilating polynomial. We claim that

A(v1 , . . . , vn , u) is precisely the charecterictic polynomial
def
r(v1 , . . . , vn , u) = charpolyg(x) mod (f1 (x1 )−v1 ,...,fn (xn )−vn ) (u) ∈ F[v1 , . . . , vn ][u].

8
By lemma 9 we get that

r(v1 , . . . , vn , u) = A(v1 , . . . , vn , u)t for some integer t ≥ 1.

Thus we need to show that t = 1, or equivalently that r is not a proper power. We show this by
showing that r(0, . . . , 0, u) is not a proper power. This is in turn shown by showing that u divides
r(0, . . . , 0, u) but u2 does not divide it. To see this note that

r(0, . . . , 0, u) = charpolyg (mod f1 ,...,fn ) (u) (1)

Y
= (u − (ω i1 + . . . + ω in − n)) (2)
(i1 ,...,in )∈[d]n

Also
ω i1 + . . . + ω in = n if and only if i1 = . . . = in = 0 (mod d).
and thus u exactly divides r(0, . . . , 0, u). Consequently, as argued above we get t = 1 and

r(v1 , . . . , vn , u) = A(v1 , . . . , vn , u).

Thus we get
deg(A) = deg(r) ≥ degu (r) ≥ dn (By eqn (2)).
Thus any annihilating polynomial for the above set of polynomials as degree at least dn .

Thus our lower bound on the degree of the annihilating polynomial of a set of algebraically
dependent polynomials of algebraic rank n and degree d closely (upto a factor of n) matches the
upper bound.

5 Complexity bounds for the annihilating polynomial.

Suppose that some set of polynomials f1 , . . . , fk ∈ F[x] is algebraically dependent of rank k − 1 and
we wish to compute their unique minimal monic annihilating polynomial A(t1 , . . . , tk ). We will work
over the field of rational numbers. We can then assume that the input polynomials all have having
integer coefficients. Our degree lower bounds show that the annihilating polynomial itself may have
exponential degree. This means that for an integer point a ∈ Zn , one may require an exponential
number of digits to write down the number A(a). So we need to define the problem of computing
the minimal annihilating polynomial more carefully. So we shall define the computational problem
of computing the annihilating polynomial as computing the value A(a)(mod p) for a given integer
p ∈ Z. The motivation for defining it this way is that if A(t) admitted a small (polynomial in the
input size) arithemtic circuit representation that could be computed efficiently then we would also
have an efficient algorithm for computing A(a)(mod p). Let us make this more precise by defining
two concrete computational problems.
Definition 13. ANNIHILATING-AT-ZERO shall denote the following decision problem:
Given a set of polynomials f1 , . . . , fk ∈ F[x1 , . . . , xn ] of algebraic rank (k − 1), having minimal
annihilating polynomial A(t1 , . . . , tk ), determine if A(0, . . . , 0) equals zero or not.
Definition 14. ANNIHILATING-EVALUATION is the functional problem of evaluating the
annihilating polynomial at a given point. The input consists of
• A set of polynomials f1 , . . . , fk ∈ Z[x1 , . . . , xn ] with integer coefficients having the minimal
monic annihilating polynomial A(t1 , . . . , tk ) ∈ Z[t1 , . . . , tk ].

9
 • A prime p.

The output is the integer A(0, . . . , 0) (mod p).

For both these problems the input polynomials are assumed to be given using the dense represen-
tation. The degree bounds for the annihilating polynomial imply that both these problems lie in the
complexity class PSPACE. We will now show that over the field Q, the ANNIHILATING-AT-ZERO
problem is NP-hard and ANNIHILATING-EVALUATION is #P-hard. The proof can be easily
adapted to work for any finite field, including fields of small characteristic.

Theorem 15. ANNIHILATING-AT-ZERO is NP-hard and ANNIHILATING-EVALUATION is

#P-hard.

Proof. See appendix.

Having shown that it is not possible to evaluate minimum annihilating polynomial at any point
unless P = NP, let us examine if the annihilating polynomial admits polynomial sized circuit, even
if these circuits may be difficult to compute. We will show this by observing that if this happens
then coNP ⊆ AM and therefore the polynomial hierarchy collapses.

Theorem 16. Unless coNP ⊆ AM , there exist a set of algebraically dependent cubic polynomials
whose minmal annihilating polynomial has superpolynomial circuit complexity.

The proof of this theorem is by a very similar reduction.

These complexity-theoretic lower bounds improve the gap in our understanding of the compu-
tational complexity of computing the annihilating polynomial. The best upper bounds that we
have for both ANNIHILATING-AT-ZERO as well as for the general problem ANNIHILATING-
EVALUATION is PSPACE. This then invites work on the following questions.

Question 1. The NP-hardness result of ANNIHILATING-AT-ZERO was via the problem of deter-
mining if a given system of polynomial equations over integers have a common solution in C or not.
This later problem, famously known as the Nullstellensatz problem was shown to be in AM under
the generalized Riemann Hypothesis by Koiran [Koi96]. Is it then true that the ANNIHILATING-
AT-ZERO problem is also in AM , assuming the generalized Riemann Hypothesis?

Question 2. Is ANNIHILATING-EVALUATION in #P? . . . or is it PSPACE-complete?

The proofs of theorem 2 and its algorithmic Corollary 3 are valid only over fields of characteristic
p > (r + 1) · dr .

Question 3. ([DGW07]:) Does there exist an RP algorithm for testing algebraic dependence over
any finite field Fq ?

Acknowledgements
We would like to thank Avi Wigderson for posing the problems that led to this research, for
suggesting avenues of investigation and for many helpful conversations. We also want to thank
Vladimir Trifonov and Jonathan Kelner for helpful conversations and Zeev Dvir for commenting
on an earlier draft of this work.

10
References
[BS83] Walter Baur and Volker Strassen. The complexity of partial derivatives. Theoretical
Computer Science, 22:317–330, 1983.

[Den78] J. Denef. The Diophantine problem for polynomial rings and fields of rational functions.
Transactions of the American Mathematical Society, 242:391–399, Aug 1978.

[DGW07] Z. Dvir, A. Gabizon, and A. Wigderson. Extractors and rank extractors for polynomial
sources. In Proceesings of FOCS 2007, 2007.

[ER93] Richard Ehrenborg and Gian-Carlo Rota. Apolarity and canonical forms for homoge-
neous polynomials. European Journal of Combinatorics, 14(3):157–181, 1993.

[Har77] Robin Hartshorne. Algebraic Geometry, volume 52 of Graduate Texts in Mathematics.

Springer-Verlag, New York, 1977.

[Koi96] Pascal Koiran. Hilbert’s nullstellensatz is in the polynomial hierarchy. Journal of Com-
plexity, 12(4):273–286, 1996.

[KR92] K. H. Kim and F. W. Roush. Diophantine undecidability of C(t1 , t2 ). Journal of Algebra,

150(1):35–44, 1992.

[L’v84] M.S. L’vov. Calculation of invariants of programs interpreted over an integrality domain.
Kibernetika, 4:23–28, 1984.

[Mor85] Jacques Morgenstern. How to compute fast a function and all its derivatives, A variation
on the theorem of Baur-Strassen. SIGACT News, 16:60–62, 1985.

[Sch80] Jacob T. Schwartz. Fast probabilistic algorithms for verification of polynomial identities.
J. ACM, 27(4):701–717, 1980.

[Sch82] A. Schinzel. Selected Topics on Polynomials. University of Michigan Press, Ann Arbor,
MI., 1982.

[Vid94] Carlos R Videla. Hilbert’s tenth problem for rational function fields in characteristic 2.
Proceedings of the American Mathematical Society, 120(1):249–253, 1994.

[Zip90] R. Zippel. Interpolating polynomials from their values. JSC, 9(3):375–403, March 1990.

11
Appendix
Here we give the proofs that were omitted above due to lack of space.
Lemma 7. Let f1 , f2 , . . . , fk ∈ F[x1 , . . . , xn ] be a set of algebraically dependent polynomials in
n variables over the field F, no proper subset of which is algebraically dependent. Then the ideal
U of f -annhilating polynomials is generated by a single absolutely irreducible polynomial A(t).
Moreover, A(t) remains the minimal annihilating polynomial of {f1 , f2 , . . . , fk } when they are
viewed as polynomials over the algebraic closure F of F.

Proof of Lemma 7:
Let A(t1 , . . . , tk ) ∈ U ⊆ F[t1 , . . . , tk ] be a minimal degree (f1 , . . . , fk )-annihilating polynomial.
We shall prove that this polynomial A(t) is unique and it satisfies the properties claimed in the
theorem. We carry out this proof through a sequence of observations. We begin with the simple
observation that A(t) must be F-irreducible.
Claim 7.1. A(t) is F-irreducible.
Proof of Claim 7.1: If A(t1 , . . . , tk ) is F-reducible then

A(t1 , . . . , tk ) = a1 (t1 , . . . , tk ) · A2 (t1 , . . . , tk ),

where A1 and A2 both have degrees smaller than A. Now since

A(f1 , . . . , fk ) = 0

therefore either
A1 (f1 , . . . , fk ) = 0 or A2 (f1 , . . . , fk ) = 0.
In either case, we get an annihilating polynomial of smaller degree, a contradiction. 

Now suppose that deg(A(t)) = d. Can there exist an f -annihilating polynomial with coefficients
from the algebraic closure F of F which has degree smaller than d? We next observe that this is
not possible.
Claim 7.2. Any minimal degree f -annihilating polynomial B(t1 , . . . , tk ) over the algebraic closure
F of F has degree at least d.
Proof of Claim 7.2: Suppose to the contrary that there exists a B(t1 , . . . , tk ) ∈ F[t1 , . . . , tk ] of
total degree less than d such that
B(f1 , . . . , fk ) = 0. (3)
Then the coefficients of various monomials appearing in B all come from some finite extension field
K ⊇ F of dimension say ` over F. Any finite extension field of F is generated by some single primitive
element and so suppose that K = F(γ) where γ is algebraic over F with minimal polynomial of
degree `.
Then {1, γ, γ 2 , . . . , γ `−1 } form a basis of K over F and consequently B can be expressed as

B(t) = B0 (t) + γ · B1 (t) + . . . + γ `−1 B`−1 (t),

where the Bi (t)’s are polynomials in F[t]. Since

B(f ) = 0 (by equation (3))

12
therfore we get that for all i ∈ [`]:
Bi (f ) = 0
By assumption the degree of B(t) is less than d and therefore the degree of every Bi (t) is also less
than d. By the assumption that A(t) is a minimal degree f -annihilating polynomial we get that
any annihilating polynomial over F has degree at least d and therefore every Bi (t) is zero and thus
B(t) = 0, a contradiction. 

Note that this means that A(t) is also absolutely irreducible for if it were to factor over F then
we would get an f -annihilating polynomial over F of smaller degree (as in Claim 7.1). The next
observation gives a characterization of the ideal U of annihilating polynomials. It says that the
ideal U is a principal ideal is of the form U = hA(t)i and thus any minimal degree polynomial in U
is a constant multiple of A(t).
Claim 7.3. If B(t1 , . . . , tk ) ∈ F[t1 , . . . , tk ] is any f -annihilating polynomial then A(t) divides B(t).
Proof of Claim 7.3: Note that A(t) does depend on t1 for it not then {f2 , . . . , fk } which is a
proper subset of {f1 , . . . , fk } forms an algebraically dependent set contrary to the assumption of
the theorem. Let
def
ρ(t2 , . . . , tk ) = Rest1 (A(t), B(t)).
Suppose if possible that ρ(t2 , . . . , tk ) 6= 0. By the resultant properties, there exist polynomials Â(t)
and B̂(t) such that
ρ(t2 , . . . , tk ) = Â(t) · A(t) + B̂(t) · B(t).
Making the substitution (t2 , . . . , tk ) := (f2 , . . . , fk ), we get

ρ(f2 , . . . , fk ) = 0,

which contradicts the algebraic independence of f2 , . . . , fk . This means that our assumption
ρ(t2 , . . . , tk ) is untenable and it must be that ρ = 0. But this happens if and only if A(t) and
B(t) share a common factor. By the F-irreducibility of A(t) (Claim 7.1) we get that A(t) divides
B(t). 

This completes the proof of the lemma. 

Theorem 11. Let F be a field and let f = (f1 , . . . , fk+1 ) be a set of polynomials of degree d in n
variables over the field F having algebraic rank r. Then there exists an f -annihilating polynomial
of degree at most D = (r + 1) · dr .

Proof of Theorem 11:

We begin with a claim.
Claim 11.1. Let F be an algebraically closed field and let f = (f1 , . . . , fk ) be a set polynomials of
degree d in n variables over the field F having algebraic rank r. Then there exists a homomorphism
σ : F[x1 , . . . , xn ] 7→ F[y1 , . . . , yr ] of the form

σ : xi 7→ ai1 · y1 + ai2 · y2 + . . . + air · yr + bi

such that the set of polynomials {σ(f1 ), . . . , σ(fk )} ⊂ F[y1 , . . . , yr ] has algebraic rank r.

13
Proof of Claim 11.1:
We can assume without loss of generality that f1 , . . . , fr are algebraically independent polynomi-
als. We will choose the homomorphism σ such that σ(f1 ), . . . , σ(fr ) are algebraically independent.
This will ensure that {σ(f1 ), . . . , σ(fk )} ⊂ F[y1 , . . . , yr ] has algebraic rank r. Since {f1 , . . . , fr } has
rank r, therefore there must exist indices {j1 , j2 , . . . , jr } ⊂ [n] such that
 ∂f ∂fr

1
∂xj1 . . . ∂x j1
def  . .. .. 
J(x1 , . . . , xn ) = Det   . . . . 

∂f1 ∂fr
∂xj . . . ∂x j
r r

is a nonzero polynomial in the variables x1 , . . . , xn . By renaming the variables if necessary we can

assume without loss of generality that (j1 , . . . , jr ) = (1, . . . , r). Since J(x) is a nonzero polynomial
in F[x], there exist elements b1 , . . . , bn−r ∈ F such that J(x1 , . . . , xr , b1 , . . . , bn−r ) 6= 0. Fix these
elements b1 , . . . , bn−r . Consider the homomorphism σ : F[x1 , . . . , xn ] 7→ F[y1 , . . . yr ] defined by
(
yj if 1 ≤ j ≤ r,
σ(xj ) = (4)
bj−r if j > r.

For i ∈ [r], let

def
gi (y1 , . . . , yr ) = σ(fi (x1 , . . . , xn )).
Its easy to verify that for all i, j ∈ [r],
 
∂gi ∂fi
=σ .
∂yj ∂xj

Consequently,
     
∂g1 ∂gr ∂f1 ∂fr
σ ... σ
 
∂y1 ... ∂y1  ∂x1 ∂x1

.. .. .. .. .. ..
 = Det 
   
Det  . . . .
.  .  

∂g1 ∂gr

... ∂f1 ∂fr
∂yr ∂yr σ ∂x r
. . . σ ∂x r
     
∂f1 ∂fr
...
 ∂x1 ∂x1 
= σ(Det  .. .. ..
)
 
.
  .   .  
∂f1 ∂fr
∂xr ... ∂xr )
= σ(J(x))
= J(y1 , . . . , yr , b1 , . . . , bn−r )
6= 0.

Thus the σ chosen above ensures that σ(f1 ), . . . , σ(fr ) are algebraically independent and con-
sequently that σ(f1 ), . . . , σ(fk ) have algebraic rank r. 

By induction on k. If the rank r is less than k − 1 then there exists an (r + 1)-sized subset of
polynomials in {f1 , . . . , fk } which are algebraically dependent and the theorem would be proved by
the inductive assumption. Henceforth we shall assume r = (k −1). Let A(t1 , . . . , tk ) be the minimal
f -annihilating polynomial. By lemma 7, A(t) is absolutely irreducible. By lemma 11.1 there exists

14
a rank-preserving homomorphism σ : F[x1 , . . . , xn ] 7→ F[y1 , . . . , yr ] in which every variable xi is
mapped to an affine combination of the yj ’s. For i ∈ [k], let
def
gi (y1 , . . . , yr ) = σ(fi ) ∈ F[y1 , . . . , yk ]

and
def
g = (g1 , . . . , gk ).
This implies that deg(σ(fi )) ≤ d for all i ∈ [k]. By theorem 10 there exists an absolutely irreducible,
g-annihilating polynomial B(t1 , . . . tk ) of degree at most D. That is,

deg(B) ≤ (r + 1) · dr . (5)

Now note that

A(f1 , . . . , fk ) = 0
⇒ σ(A(f1 , . . . , fk )) = 0
and since σ is a homomorphism that is fixed everywhere on F, we have

A(σ(f1 ), . . . , σ(fk )) = 0.

This means that A(t) is also a g-annihilating polynomial. Since the ideal of g-annihilating poly-
nomials is a principal ideal (Lemma 7), B(t) divides A(t). But A(t) is absolutely irreducible and
therefore B(t) equals A(t) up to constant factors. This means that

Deg(A(t)) = Deg(B(t))
≤ (r + 1) · dr (by (5)),

as was required. 

Theorem 15. ANNIHILATING-AT-ZERO is NP-hard and ANNIHILATING-EVALUATION is

#P-hard.

Proof of Theorem 15: Let us start out with an observation. Note that for any (a1 , . . . , ak ) ∈ Zk ,
A(t1 , . . . , tk ) is the minimal (f1 , . . . , fk )-annihilating polynomial if and only if A(t1 +a1 , . . . , tk +ak )
is the minimal (f1 − a1 , . . . , fk − ak )-annihilating polynomial. Thus the problem of comput-
ing A(a1 , . . . , ak )(mod p) for a given point (a1 , . . . , ak ) ∈ Zk is equivalent to ANNIHILATING-
EVALUATION.
For clarity of presentation we shall first describe these reductions using arithmetic formula
representation of polynomials and then make remarks towards the end on how to do this for the
usual dense representation of polynomials. We will give complexity lower bounds for these problems
via reduction from 3SAT and #3SAT respectively. Let us therefore define a very usual and natural
”algebraization” of a 3CNF formula. Let Φ(b1 , . . . , bn ) := φ1 ∧ . . . ∧ φm be a boolean 3CNF formula
in the boolean variables b1 , . . . , bn having m clauses. Corresponding to Φ we shall construct a
polynomial GΦQ (x1 , . . . , xn ) such that Φ(b) = GΦ (b) for all b ∈ {0, 1}n . The polynomial GΦ (x)
shall equal 1 − i∈[m] gi (x) where each gi (x) is a multilinear cubic polynomial polynomial with the

15
property that for any boolean setting b ∈ {0, 1}n of the variables x, gi (b) = φi (b) ∈ {0, 1}. For a
clause φi of the form φi = x1 ∨ x2 ∨ x3 , the corresponding polynomial gi is given by
gi (x) := x1 x2 x3 − (x1 x2 + x2 x3 + x3 x1 ) + (x1 + x2 + x3 ).
For a negated literal ¬xj occuring in φi , we simply replace xj by 1 − xj in gi . This construction
gives the following property of the polynomial GΦ (x):
(
n 0 ifΦ(a) = 1,
∀a ∈ {0, 1} , GΦ (a) = (6)
1 ifΦ(a) = 0.
Let the number of Φ-satisfying assignments be
def
N = |{b ∈ {0, 1}n | Φ(b) = 1}| .
From the property (6), it immediately follows that
N = |{b ∈ {0, 1}n | GΦ (b) = 0}| . (7)
def
For all i ∈ [n], let us also define auxilliary polynomials fi (xi ) = x2i − xi . Let A(v1 , . . . , vn , u) be
the minimal degree monic (f1 , . . . , fn , GΦ )-annihilating polynomial. Also let
def
r(v1 , . . . , vn , u) = charpolyGΦ (x) mod (f1 (x1 )−v1 ,...,fn (xn )−vn ) (u) ∈ F(v1 , . . . , vn )[u]
Then f1 (x1 ), . . . , fn (xn ) form a diagonal system so that by lemma 9 we have
r(v1 , . . . , vn , u) = A(v1 , . . . , vn , u)t for some t ≥ 1 (8)
The reduction of 3SAT to ANNIHILATING-AT-ZERO simply involves outputting f1 , . . . , fn , GΦ .
The correctness of the reduction involves the following claim.
Claim 15.1. A(0, . . . , 0, 0) = 0 if and only if Φ is satisfiable.
Proof of Claim 15.1: By equation 6 we get that Φ is satisfiable if and only if the system of
equations
f1 (x1 ) = f2 (x2 ) = . . . = fn (xn ) = GΦ (x1 , . . . , xn ) = 0 (9)
has a common solution. From the proof of lemma 9 we also get that the above system of equations
(9) has a solution if and only if r(0, . . . 0, 0) = 0 . By equation (8) we have r(0, . . . , 0, 0) = 0 if and
only if A(0, . . . , 0, 0) = 0. Putting these equivalences together we have that Φ is satisfiable if and
only if A(0, . . . , 0, 0) = 0. 

This shows that ANNIHILATING-AT-ZERO is NP-hard. Let us go further and see how eval-
uation of A(v1 , . . . , vn , u) at various points can allow us to count the number of Φ-satisfying as-
signments. For this, we need to show that in this reduction the annihilating polynomial A(v, u)
in fact equals the characteristic polynomial r(v, u). Towards that direction we first make an en-
abling observation. Since the polynomial x2i − xi has roots xi = 0 and 1, by the definition of the
characteristic polynomial r, we get that
Y
r(0, . . . , 0, u) = (u − GΦ (a))
a∈{0,1}n
Y
or, A(0, . . . , 0, u)t = (u − GΦ (a)) (By equation 8)
a∈{0,1}n
n −N
= uN · (u − 1)2 (By equation (6) )

16
This implies that t divides N as well as (2n − N ) and also that
n −N
A(0, . . . , 0, 2)t = 2N and A(0, . . . , 0, −1)t = 22 . (10)
def N def 2n −N
Let M1 = t and M2 = t .

Claim 15.2. Given an oracle for evaluating A(0, . . . , 0, 2)(mod p) for a few small primes p, we can
compute the integer M1 .

Proof of Claim 15.2: Our strategy to compute M1 using an oracle for ANNIHILATING-
EVALUATION is by evaluating M1 (mod `) for several small (Θ(n log n)) values of ` and thereby
obtaining M1 through chinese remaindering, knowing that M1 must lie in the range 0 ≤ M1 ≤ 2n .
Let p be an odd integer. ` shall be the order of 2(mod p). In time Θ(p) we can compute `
and the smallest integer L such that A(0, . . . , 0, 2) = 2L (mod p). From this we can deduce that
M1 = L (mod `). Doing this for all odd p between 3 to Θ(n log n), we collect enough information
about M1 modulo various integers ` that we can compute the actual value of M1 . The details of
this last calculation are routine and we leave it to the reader to verify. 

Similarly, using the values of A(0, . . . , 0, −1)(mod p) for a few p, we can compute the integer
M2 . Then the desired number of Φ-satisfying assignments N is simply given by
M1
N= 2n .
M1 + M2
This completes the complexity lower bound proof for ANNIHILATING-AT-ZERO and
ANNIHILATING-EVALUATION for polynomials represented as arithmetic formulas. Finally, we
note that all the polynomials involved in the above reduction were quadratic except for the poly-
nomial GΦ (x) which had degree 3m. We can use usual trick of introducing additional variables for
denoting the ‘intermediate steps in the computation of GΦ (x)’ and then adjoining these additional
polynomials to the input of the oracle call. This makes all the polynomials involved in the reduction
cubic and gives the same complexity lower bound for densely represented polynomials.
This completes the proof of the theorem. 

17