Tao R. Finite Automata and Application to Cryptography
Подождите немного. Документ загружается.
102 3. R
a
R
b
Transformation Method
G
k
R
−1
a
[P
k
]
−→ G
k
is said to be linear over GF (q), if P
k
is a matrix over
GF (q) and for some r
k+1
the k-height of G
k
, the first r
k+1
rows of B
0k
is linearly independent over GF (q)andB
0k
has zeros in the last m − r
k+1
rows whenever r
k+1
<m,whereB
0k
is the submatrix of the first l columns
of G
k
. G
k+1
R
−1
b
[r
k+1
]
−→ G
k
is said to be linear over GF (q), if the first r
k+1
rows of B
0k
is linearly independent over GF (q). An R
−1
a
R
−1
b
transformation
sequence
G
k+1
R
−1
b
[r
k+1
]
−→ G
k
,G
k
R
−1
a
[P
k
]
−→ G
k
,k= h,...,1, 0 (3.26)
is said to be linear over GF (q), if G
k+1
R
−1
b
[r
k+1
]
−→ G
k
and G
k
R
−1
a
[P
k
]
−→ G
k
are
linear over GF (q)fork = h,...,1, 0.
Lemma 3.3.3.
G
k
R
a
[P
k
]
−→ G
k
,G
k
R
b
[r
k+1
]
−→ G
k+1
,k=0, 1,...,τ − 1
is a linear modified R
a
R
b
transformation sequence if and only if
G
k+1
R
−1
b
[r
k+1
]
−→ G
k
,G
k
R
−1
a
[P
−1
k
]
−→ G
k
,k= τ − 1,...,1, 0
is a linear R
−1
a
R
−1
b
transformation sequence.
Proof. From Lemma 3.2.2,
G
k
R
a
[P
k
]
−→ G
k
,G
k
R
b
[r
k+1
]
−→ G
k+1
,k=0, 1,...,τ − 1
is a modified R
a
R
b
transformation sequence if and only if
G
k+1
R
−1
b
[r
k+1
]
−→ G
k
,G
k
R
−1
a
[P
−1
k
]
−→ G
k
,k= τ − 1,...,1, 0
is an R
−1
a
R
−1
b
transformation sequence. It is easy to see that G
k
R
a
[P
k
]
−→ G
k
is linear if and only if G
k
R
a
[P
−1
k
]
−→ G
k
is linear and that G
k
R
b
[r
k+1
]
−→ G
k+1
is
linear if and only if G
k+1
R
−1
b
[r
k+1
]
−→ G
k
is linear. From the definition of linear
transformation sequence, the lemma follows.
Theorem 3.3.4. Let M be a finite automaton defined by (3.12) and G
0
=
[B
0
, ..., B
τ
],τ r.
(a) M is a weak inverse finite automaton with delay τ if and only if there
exist an m × l(τ +1) (l, τ)-echelon matrix G
τ
over GF (q) and a linear R
−1
a
R
−1
b
transformation sequence
G
k+1
R
−1
b
[r
k+1
]
−→ G
k
,G
k
R
−1
a
[P
k
]
−→ G
k
,k= τ − 1,...,1, 0 (3.27)
3.3 Invertibility of Quasi-Linear Finite Automata 103
such that the rank of the submatrix B
0τ
of the first l columns of G
τ
is m.
(b) M is weakly invertible finite automaton with delay τ if and only if
there exist an m × l(τ +1) (l, τ)-echelon matrix G
τ
over GF(q) and a linear
R
−1
a
R
−1
b
transformation sequence (3.27) such that the rank of the submatrix
B
0τ
of the first l columns of G
τ
is l.
Proof. (a) Suppose that M is a weak inverse with delay τ. Clearly, there
exists a linear modified R
a
R
b
transformation sequence
G
k
R
a
[P
k
]
−→ G
k
,G
k
R
b
[r
k+1
]
−→ G
k+1
,k=0, 1,...,τ − 1.
From Theorem 3.3.3, the rank of B
0τ
is m,whereB
0τ
is the submatrix of
the first l columns of G
τ
. From Lemma 3.3.3, taking P
k
= P
−1
k
for k =
0, 1,...,τ − 1, (3.27) is a linear R
−1
a
R
−1
b
transformation sequence.
Conversely, suppose that (3.27) is a linear R
−1
a
R
−1
b
transformation se-
quence and the rank of B
0τ
is m.LetP
k
=(P
k
)
−1
, k =0, 1,...,τ − 1. From
Lemma 3.3.3,
G
k
R
a
[P
k
]
−→ G
k
,G
k
R
b
[r
k+1
]
−→ G
k+1
,k=0, 1,...,τ − 1
is a linear modified R
a
R
b
transformation sequence. Using Theorem 3.3.3, M
is a weak inverse with delay τ .
(b) This part is similar to part (a).
We use R
c
to denote an operator: shift the last c rows l columns to the
right entering zeros to the left.
Clearly, (3.27) is a linear R
−1
a
R
−1
b
transformation sequence if and only if
the following conditions hold:
G
k
= R
m−r
k+1
G
k+1
,G
k
= P
k
G
k
,
k = τ − 1,...,1, 0,
P
k
is an m × m invertible matrix over GF (q) in the form
P
k
=
E
r
k
0
P
k1
P
k2
,
r
k
is the k-height of G
k
, G
k+1
is an (l, k + 1)-echelon matrix over GF (q)with
(k +1)-heightr
k+1
r
k
and the first r
k+1
rows of the submatrix of the first
l columns of G
k+1
are linear independent over GF (q), k = τ − 1,...,1, 0,
where E
r
k
is the r
k
× r
k
identity matrix. In computing elements of P
k
G
k
,we
define u · u = u +u = u, v · u = u · v = u,0· u = u · 0=0andw + u = u + w =
u,whereu stands for undefined symbol, v(=0)andw are any elements in
GF (q). Notice that the k-height of G
k
isthesameasthek-height of G
τ
and
the submatrices consisting of the first l columnsandthefirstr
k
rows of G
k
and G
τ
are the same, for k<τ. From Theorem 3.3.4, we obtain the following.
104 3. R
a
R
b
Transformation Method
Theorem 3.3.5. Let M be a finite automaton defined by (3.12).
(a) M is a weak inverse finite automaton with delay τ if and only if there
exist an m×l(τ +1) (l, τ)-echelon matrix G
τ
and m×m nonsingular matrices
P
k
=
E
r
k
0
P
k1
P
k2
,k=0, 1,...,τ − 1
such that the rank of the submatrix B
0τ
of the first l columns of G
τ
is m,
and
[B
0
,...,B
τ
]=P
0
R
m−r
1
(P
1
R
m−r
2
(...(P
τ−1
R
m−r
τ
(G
τ
)) ...))
if τ>0 and [B
0
,...,B
τ
]=G
τ
otherwise, where E
r
k
is the r
k
× r
k
identity
matrix, and r
k
is the k-height of G
τ
.
(b) M is a weakly invertible finite automaton with delay τ if and only if
there exist an m × l(τ +1) (l, τ)-echelon matrix G
τ
and m × m nonsingular
matrices
P
k
=
E
r
k
0
P
k1
P
k2
,k=0, 1,...,τ − 1
such that the rank of the submatrix B
0τ
of the first l columns of G
τ
is l, the
first r
τ
rows of B
0τ
are linearly independent over GF (q), and
[B
0
,...,B
τ
]=P
0
R
m−r
1
(P
1
R
m−r
2
(...(P
τ−1
R
m−r
τ
(G
τ
)) ...))
if τ>0 and [B
0
,...,B
τ
]=G
τ
otherwise, where E
r
k
is the r
k
× r
k
identity
matrix, and r
k
is the k-height of G
τ
.
Denote r
τ+1
= m.Leth =min k { r
k
= m, 1 k τ +1}. Notice that
inthecaseofr
k
= m, R
m−r
k
is the identity operator and P
k
is the identity
matrix. In the case of h τ,wehave
P
0
R
m−r
1
(P
1
R
m−r
2
(...(P
τ−1
R
m−r
τ
(G
τ
)) ...))
= P
0
R
m−r
1
(P
1
R
m−r
2
(...(P
h−2
R
m−r
h−1
(P
h−1
G
τ
)) ...)).
Since P
h−1
is nonsingular, the rank of the submatrix of the first l columns of
P
h−1
G
τ
is the same as the rank of the submatrix of the first l columns of G
τ
.
Since h τ,wehaver
τ
= m. Therefore, the first r
τ
rows of the submatrix of
the first l columns of P
h−1
G
τ
are linearly independent over GF (q)ifandonly
if the first r
τ
rows of the submatrix of the first l columns of G
τ
are linearly
independent over GF (q). Clearly, P
h−1
G
τ
is also an m×l(τ +1) (l, τ)-echelon
matrix over GF(q)ofwhichthei-height is the same as the i-height of G
τ
for
any i,0 i τ. From Theorem 3.3.5, taking G = P
h−1
G
τ
,wethenhave
the following theorem.
3.3 Invertibility of Quasi-Linear Finite Automata 105
Theorem 3.3.6. Let M be a finite automaton defined by (3.12).
(a) M is a weak inverse finite automaton with delay τ if and only if there
exist an m ×l(τ +1) (l, τ)-echelon matrix G and m × m nonsingular matrices
P
k
=
E
r
k
0
P
k1
P
k2
,k=0, 1,...,h− 2
such that the rank of the submatrix of the first l columns of G is m, and
[B
0
,...,B
τ
]=P
0
R
m−r
1
(P
1
R
m−r
2
(...(P
h−2
R
m−r
h−1
(G)) ...))
if h>1 and [B
0
,...,B
τ
]=G otherwise, where E
r
k
is the r
k
× r
k
identity
matrix,r
k
is the k-height of G, and h =min k { r
k
= m, 1 k τ +1}
(r
τ+1
= m by convention).
(b) M is a weakly invertible finite automaton with delay τ if and only if
there exist an m × l(τ +1) (l, τ)-echelon matrix G and m × m nonsingular
matrices
P
k
=
E
r
k
0
P
k1
P
k2
,k=0, 1,...,h− 2
such that the rank of the submatrix G
l
0
of the first l columns of G is l, the
first r
τ
rows of G
l
0
are linearly independent over GF (q), and
[B
0
,...,B
τ
]=P
0
R
m−r
1
(P
1
R
m−r
2
(...(P
h−2
R
m−r
h−1
(G)) ...))
if h>1 and [B
0
,...,B
τ
]=G otherwise, where E
r
k
is the r
k
× r
k
identity
matrix,r
k
is the k-height of G, and h =min k { r
k
= m, 1 k τ +1}
(r
τ+1
= m by convention).
Let G be an m × l(τ + 1) incompletely specified matrix over GF (q). If
there are k
m
,...,k
1
such that 0 k
m
··· k
1
τ, and for each j,
1 j m,inrowj of G elements in the first l(1 + k
j
) columns are defined
andinthelastl(τ − k
j
) columns are undefined, that is, G is in the form
⎡
⎢
⎢
⎢
⎢
⎣
G
10
... G
1,k
m
G
1,k
m
+1
... G
1,k
j
G
1,k
j
+1
... G
1,k
1
∗ ... ∗
... ... ... ... ... ... ... ... ... ...
G
j0
... G
j,k
m
G
j,k
m
+1
... G
j,k
j
∗ ... ∗∗... ∗
... ... ... ... ... ... ... ... ... ...
G
m0
... G
m,k
m
∗ ... ∗∗ ... ∗∗... ∗
⎤
⎥
⎥
⎥
⎥
⎦
,
where ∗ stands for the 1 × l “undefined matrix”, G
ij
is a 1 × l completely
specified matrix, G is called an echelon matrix and k
j
is called the j-length of
G,forj =1,...,m.
Let G be an m × l(τ +1) (l, τ)-echelon matrix over GF (q)withi-height
r
i
, i =0, 1,...,τ.Let
106 3. R
a
R
b
Transformation Method
k
j
= τ − min i { 0 i τ, r
i
<j r
i+1
},j=1,...,m, (3.28)
where r
τ+1
= m.ThenG is an echelon matrix with j-length k
j
, j =1,...,m.
In fact, for any j, 1 j m,whenr
i
<j r
i+1
for some i, 0 i τ ,
from the definition of i-height, we have that in row j of G elements in the
first l(τ +1− i) columns are defined and elements in the last li columns
are undefined. From (3.28), k
j
= τ − i.Theninrowj of G elements in
the first l(1 + k
j
) columns are defined and elements in the last l(τ − k
j
)
columns are undefined. Since r
0
r
1
··· r
τ
,itiseasytoverifythat
0 k
m
··· k
1
τ.
Conversely, let G be an m × l(τ + 1) echelon matrix over GF (q)with
j-length k
j
, j =1,...,m.Let
r
i
=min c { 0 c m, k
j
<τ+1− i if c<j m },i=1,...,τ.
Then G is an (l, τ)-echelon matrix with i-height r
i
, i =1,...,τ.
Since 0 = r
0
r
1
··· r
τ
r
τ+1
= m,usingk
m
= τ − min i { 0
i τ, r
i
<m r
i+1
},wehavek
m
= τ − min i { 0 i τ,m = r
i+1
}.It
follows immediately that
min k { 1 k τ +1,m = r
k
}−1=min i { 0 i τ,m = r
i+1
}
= τ − k
m
.
From the above discussion, Theorem 3.3.6 can be restated as follows.
Theorem 3.3.7. Let M be a finite automaton defined by (3.12).
(a) M is a weak inverse finite automaton with delay τ if and only if there
exist an m × l(τ +1) echelon matrix G with j-length k
j
, j =1,...,m, and
m × m nonsingular matrices
P
k
=
E
r
k−1
0
P
k1
P
k2
,k=1, 2,...,τ − k
m
such that the rank of the submatrix of the first l columns of G is m, and
[B
0
,...,B
τ
]=P
1
R
m−r
1
(P
2
R
m−r
2
(...(P
τ−k
m
R
m−r
τ −k
m
(G)) ...))
if k
m
<τ and [B
0
,...,B
τ
]=G otherwise, where E
r
k−1
is the r
k−1
× r
k−1
identity matrix,r
0
=0,
r
i
=min c { 0 c m, k
j
<τ+1− i if c<j m },i=1,...,τ.
(b) M is a weakly invertible finite automaton with delay τ if and only if
there exist an m × l(τ +1) echelon matrix G with j-length k
j
,j =1,...,m,
and m × m nonsingular matrices
Historical Notes 107
P
k
=
E
r
k−1
0
P
k1
P
k2
,k=1, 2,...,τ − k
m
such that the rank of the submatrix G
l
0
of the first l columns of G is l, the
first r
τ
rows of G
l
0
are linearly independent over GF (q), and
[B
0
,...,B
τ
]=P
1
R
m−r
1
(P
2
R
m−r
2
(...(P
τ−k
m
R
m−r
τ −k
m
(G)) ...))
if k
m
<τ and [B
0
,...,B
τ
]=G otherwise, where E
r
k−1
is the r
k−1
× r
k−1
identity matrix,r
0
=0,
r
i
=min c { 0 c m, k
j
<τ+1− i if c<j m },i=1,...,τ.
Historical Notes
The R
a
R
b
transformation method is first proposed in [96, 98] to deal with the
invertibility problem of linear finite automata over finite fields. The method is
then used to quasi-linear finite automata over finite fields in [21]. References
[135, 136] use the R
a
R
b
transformation method to finite automata over rings,
and [22] to quadratic finite automata. The R
a
R
b
transformation method is
also generalized to generate a kind of weakly invertible finite automata and
their weak inverses in [118, 127]. Sections 3.1 and 3.2 are based on [127] and
Sect. 3.3 is based on [21].
4. Relations Between Transformations
Renji Tao
Institute of Software, Chinese Academy of Sciences
Beijing 100080, China trj@ios.ac.cn
Summary.
In application to public key cryptosystems, for finite automata in public
keys no feasible inversion algorithm had been found. In Sect. 3.1 of the
preceding chapter, an inversion method by R
a
R
b
transformation was given
implicitly. In this chapter, a relation between two R
a
R
b
transformation
sequences beginning at the same equation is derived. It means that in
the inversion process it is enough to choose any one of the linear R
a
R
b
transformation sequences. Then, by exploring properties of “composition”
of two R
a
R
b
transformation sequences, it is shown that the inversion
method by R
a
R
b
transformation works for some special compound finite
automata.
Other two inversion methods are by reduced echelon matrices, and by
canonical diagonal matrix polynomials. Results in the last two sections
show that the two inversion methods are “equivalent” to the inversion
method by R
a
R
b
transformation.
This chapter provides a foundation for assertions on the weak key of
the public key cryptosystem based on finite automata in Sect. 9.4.
Key words: R
a
R
b
transformation, reduced echelon matrix, canonical di-
agonal matrix polynomial
In application to public key cryptosystems, for finite automata in public keys
no feasible inversion algorithm had been found. In Sect. 3.1 of the preceding
chapter, an inversion method by R
a
R
b
transformation was given implicitly.
That is, from a given finite automaton M make an equation eq
0
(i), choose
an R
a
R
b
transformation sequence of length 2τ beginning at eq
0
(i), check
whether the variable x
i
in the equation eq
τ
(i) has at most one solution (re-
spectively a solution), if so, then an weak inverse (respectively original weak
inverse) finite automaton with delay τ of M can be feasibly constructed from
110 4. Relations Between Transformations
eq
τ
(i). In the first section of this chapter, a relation between two R
a
R
b
trans-
formation sequences beginning at the same equation is derived. It means that
in the inversion process it is enough to choose any one of the linear R
a
R
b
transformation sequences.
By exploring properties of “composition” of two R
a
R
b
transformation
sequences, it is shown that the inversion method by R
a
R
b
transformation
works for some special compound finite automata, for example, one com-
ponent belongs to quasi-linear finite automata, and another component is a
weakly invertible or weak inverse finite automaton generated by linear R
a
R
b
transformation or with delay 0.
Another inversion method is to solve equations corresponding to an output
sequence of length τ + 1 by means of finding the reduced echelon matrix of
the coefficient matrix of the equations. Section 4.3 proves that for a weakly
invertible finite automaton with delay τ, its weak inverse can be found by
the reduced echelon matrix method if and only if it can be found by the R
a
R
b
transformation method.
Using a “time shift” operator z, coefficient matrices of pseudo-memory
finite automata may be expressed by matrix polynomials of z.Bymeans
of reducing to canonical diagonal matrix polynomials, an inversion method
was derived. In Sect. 4.4, relations between terminating and elementary R
a
R
b
transformation sequences and canonical diagonal matrix polynomials and
the existence of such R
a
R
b
transformation sequence are investigated. From
presented results, it is easy to see that the inversion method by canonical
diagonal matrix polynomial works if and only if the inversion method by R
a
R
b
transformation works.
This chapter provides a foundation for assertions on the weak key of the
public key cryptosystem based on finite automata in Sect. 9.4.
4.1 Relations Between R
a
R
b
Transformations
Throughout this chapter, for any integer i, any nonnegative integer k and any
symbol string z,weusez(i, k) to denote the symbol string z
i
,z
i−1
,...,z
i−k+1
.
Let X and U be two finite nonempty sets. Let Y be a column vector space
of dimension m over a finite commutative ring R with identity, where m is
a positive integer. In this section, for any integer i,weusex
i
, u
i
and y
i
to
denote elements in X, U and Y , respectively.
Let ψ
l
μν
be a column vector of dimension l of which each component is
a single-valued mapping from U
μ+1
× X
ν+1
to Y for some integers μ −1,
ν 0andl 1. For any integers h 0andi,let
4.1 Relations Between R
a
R
b
Transformations 111
ψ
lh
μν
(u, x, i)=
⎡
⎢
⎣
ψ
l
μν
(u(i, μ +1),x(i, ν +1))
.
.
.
ψ
l
μν
(u(i − h, μ +1),x(i − h, ν +1))
⎤
⎥
⎦
.
In the case of μ = −1, ψ
l
μν
(u, x)andψ
lh
μν
(u, x, i) are abbreviated to ψ
l
ν
(x)
and ψ
lh
ν
(x, i), respectively.
In this section, for any nonnegative integer c,leteq
c
(i) be an equation
ϕ
c
(y(i + c, c + t +1))+[B
0c
,...,B
hc
]ψ
lh
μν
(u, x, i)=0,
and let eq
c
(i) be an equation
ϕ
c
(y(i + c, c + t +1))+[B
0c
,...,B
hc
]ψ
lh
μν
(u, x, i)=0,
where ϕ
c
and ϕ
c
are two single-valued mappings from Y
c+t+1
to Y , B
jc
and
B
jc
are m × l matrices over R, j =0, 1,...,h. Similarly, for any nonnegative
integer c,let ¯eq
c
(i) be an equation
¯ϕ
c
(y(i + c, c + t +1))+[
¯
B
0c
,...,
¯
B
hc
]ψ
lh
μν
(u, x, i)=0,
and let ¯eq
c
(i) be an equation
¯ϕ
c
(y(i + c, c + t +1))+[
¯
B
0c
,...,
¯
B
hc
]ψ
lh
μν
(u, x, i)=0,
where ¯ϕ
c
and ¯ϕ
c
are two single-valued mappings from Y
c+t+1
to Y ,
¯
B
jc
and
¯
B
jc
are m × l matrices over R, j =0, 1,...,h.
For such expressions, eq
c
(i)
R
a
[P
c
]
−→ eq
c
(i)issaidtobelinear over R,ifP
c
is a matrix over R, and for some r
c+1
0 the first r
c+1
rows of B
0c
is linearly
independent over R and B
0c
has zeros in the last m − r
c+1
rows whenever
r
c+1
<m. eq
c
(i)
R
b
[r
c+1
]
−→ eq
c+1
(i)issaidtobelinear over R, if the first
r
c+1
rows of B
0c
is linearly independent over R.AnR
a
R
b
transformation
sequence
eq
c
(i)
R
a
[P
c
]
−→ eq
c
(i),eq
c
(i)
R
b
[r
c+1
]
−→ eq
c+1
(i),c=0, 1,...,n (4.1)
is said to be linear over R,ifeq
c
(i)
R
a
[P
c
]
−→ eq
c
(i)andeq
c
(i)
R
b
[r
c+1
]
−→ eq
c+1
(i)
are linear over R for c =0, 1,...,n.TheR
a
R
b
transformation sequence (4.1)
is said to be elementary over R, if (4.1) is linear over R and P
c
is in the form
P
c
=
E
r
c
0
P
c1
P
c2
,
c =0, 1,...,n,whereE
r
stands for the r × r identity matrix for any r,and
r
0
=0.
112 4. Relations Between Transformations
For any integers n and r with 0 r n,weuseE
n,r
to denote the n × n
matrix
0
E
n−r
E
r
0
,andE
n,−r
to denote E
n,n−r
.Denotethen × r zero matrix
by 0
n,r
.AlsoweuseDIA
P,n
to denote the quasi-diagonal matrix
P
.
.
.
P
with n occurrences of P .
Below the ring R is restricted to a finite field GF (q), and the R
a
trans-
formation means multiplying two sides of an equation on the left by a matrix
over GF (q).
Lemma 4.1.1. Let c>0,andlet
eq
c−1
(i)
R
a
[P
c−1
]
−→ eq
c−1
(i),eq
c−1
(i)
R
b
[r
c
]
−→ eq
c
(i) (4.2)
be linear over GF (q) and
¯eq
c−1
(i)
R
a
[
¯
P
c−1
]
−→ ¯eq
c−1
(i), ¯eq
c−1
(i)
R
b
[¯r
c
]
−→ ¯eq
c
(i). (4.3)
If
h
j=0
¯
B
j,c−1
z
j
=
c−1
j=0
Q
j,c−1
z
j
h
j=0
B
j,c−1
z
j
(4.4)
for some m × m matrices Q
j,c−1
over GF (q), j =0, 1,...,c− 1,thenthere
exist m × m matrices Q
jc
over GF (q), j =0, 1, ..., c such that
h
j=0
¯
B
jc
z
j
=
c
j=0
Q
jc
z
j
h
j=0
B
jc
z
j
. (4.5)
Moreover, if Q
0,c−1
is nonsingular and (4.3) is linear over GF (q),thenQ
0c
is nonsingular and ¯r
c
= r
c
.
Proof.LetR
1
= E
m,¯r
c
, R
2
=[0
m,¯r
c
E
m
0
m,m−¯r
c
], R
3
= DIA
¯
P
c−1
,2
,
R
4
=
Q
0,c−1
Q
1,c−1
... Q
c−1,c−1
00
0 Q
0,c−1
... Q
c−2,c−1
Q
c−1,c−1
0
,
R
5
= DIA
P
−1
c−1
,c+2
, R
6
= E
m(c+2),r
c
, R
7
= DIA
E
m,−r
c
,c+2
.Thenwehave
R
−1
5
= DIA
P
c−1
,c+2
, R
−1
6
= E
m(c+2),−r
c
, R
−1
7
= DIA
E
m,r
c
,c+2
.
Let Q = R
1
R
2
R
3
R
4
R
5
R
6
R
7
. Partition Q =[Q
0c
, ..., Q
c+1,c
], where Q
jc
has m columns, j =0, 1,...,c +1. We prove that Q
c+1,c
is 0. For any j,
0 j c − 1, let Q
j,c−1
=
¯
P
c−1
Q
j,c−1
P
−1
c−1
and Q
j,c−1
=
Q
1
j,c−1
Q
3
j,c−1
Q
2
j,c−1
Q
4
j,c−1
,