Faster truncated integer multiplication

Let n > 1 and let u and v be integers in the interval 0 6 u, v < 2. We write M(n) for the cost of computing the full product of u and v, which is just the usual 2n-bit product uv. Unless otherwise specified, by ‘cost’ we mean the number of bit operations, under a model such as the multitape Turing machine [12]. In this paper we are interested in two types of truncated product. The low product of u and v is the unique integer w in the interval 0 6 w < 2 such that w = uv (mod 2), or in other words, the low n bits of uv. We denote the cost of computing the low product by Mlo(n). The high product of u and v is defined to be any integer w in the range 0 6 w 6 2 such that |uv− 2nw| < 2. Thus there are at most two possible values for the high product, and an algorithm that computes it is permitted to return either one. The high product consists of, more or less, the high n bits of uv, except that we allow a small error in the lowest bit. We denote the cost of computing the high product by Mhi(n). There are many applications of truncated products in computer arithmetic. The most obvious example is high-precision arithmetic on real numbers: to compute an n-bit approximation to the product of two real numbers with n-bit mantissae, one may scale by an appropriate power of two to convert the inputs into n-bit integers, and then compute the high product of those integers. Further examples include Barrett’s and Montgomery’s algorithms for modular arithmetic [1, 10]. It is natural to ask whether a truncated product can be computed more quickly than a full product. This is indeed the case for small n: in the classical quadratictime regime, one can compute a truncated product in about half the time of a full product, because essentially only half of the n bit-by-bit products contribute to the desired output. However, as n grows, and more sophisticated multiplication algorithms are deployed, these savings begin to dissipate. Consider for instance Karatsuba’s algorithm, which has complexity M(n) = O(n) for α = log 3/ log 2 ≈ 1.58. Mulders showed [11] that one can adapt Karatsuba’s algorithm to obtain bounds for Mhi(n) and Mlo(n) around 0.81M(n). However, it is not known how to reach 0.5M(n) in this regime.