Content uploaded by Caleb Robelle

Author content

All content in this area was uploaded by Caleb Robelle on Jul 28, 2020

Content may be subject to copyright.

arXiv:2007.08401v1 [cs.DS] 16 Jul 2020

Optimal Vertex Fault-Tolerant Spanners in Polynomial Time

Greg Bodwin∗

University of Michigan

greg.bodwin@gmail.com

Michael Dinitz†

Johns Hopkins University

mdinitz@cs.jhu.edu

Caleb Robelle

UMBC

carobel1@umbc.edu

Abstract

Recent work has pinned down the existentially optimal size bounds for vertex fault-tolerant

spanners: for any positive integer k, every n-node graph has a (2k−1)-spanner on O(f1−1/k n1+1/k)

edges resilient to fvertex faults, and there are examples of input graphs on which this bound

cannot be improved. However, these proofs work by analyzing the output spanner of a certain

exponential-time greedy algorithm. In this work, we give the ﬁrst algorithm that produces vertex

fault tolerant spanners of optimal size and which runs in polynomial time. Speciﬁcally, we give

a randomized algorithm which takes e

Of1−1/kn2+1/k +mf 2time. We also derandomize our

algorithm to give a deterministic algorithm with similar bounds. This reﬂects an exponential

improvement in runtime over [Bodwin-Patel PODC ’19], the only previously known algorithm

for constructing optimal vertex fault-tolerant spanners.

∗Supported in part by NSF awards CCF-1717349, DMS-183932 and CCF-1909756.

†Supported in part by NSF award CCF-1909111.

1 Introduction

Let G= (V, E ) be a graph, possibly with edge lengths w:E→R≥0. A t-spanner of G, for t≥1,

is a subgraph H= (V, E′) that preserves all pairwise distances within a factor of t, i.e.,

dH(u, v)≤t·dG(u, v) (1)

for all u, v ∈V(where dXdenotes the shortest-path distance in a graph X). Since His a subgraph

of Git is also true that dG(u, v)≤dH(u, v), and so distances in Hare the same as in Gup to a

factor of t. The distance preservation factor tis called the stretch of the spanner. Spanners were

introduced by Peleg and Ullman [PU89a] and Peleg and Sch¨aﬀer [PS89], and have a wide range

of applications in routing [PU89b], synchronizers [AP90], broadcasting [ABP91, Pel00], distance

oracles [TZ05], graph sparsiﬁers [KP12], preconditioning of linear systems [EEST08], etc.

The most common objective in spanners research is to achieve the best possible existential

size-stretch trade-oﬀ, and to do this with algorithms that are as fast as possible. Most notably,

a landmark result of Alth¨ofer et al. [ADD+93] analyzed the following simple and natural greedy

algorithm: given an n-node graph Gand an integer k≥1, consider the edges of Gin non-

decreasing order of their weight and add an edge {u, v}to the current spanner Hif and only

if dH(u, v)>(2k−1)w(u, v). They proved that this algorithm produces (2k−1)-spanners of

existentially optimal size : the spanner produced has size O(n1+1/k ), and (assuming the well-known

Erd˝os girth conjecture [Erd64]) there are graphs in which every (2k−1) spanner (and in fact every

2k-spanner) has at least Ω(n1+1/k ) edges.

1.1 Fault Tolerance

A crucial aspect of real-life systems that is not captured by the standard notion of spanners is

the possibility of failure. If some edges (e.g., communication links) or vertices (e.g., computer

processors) fail, what remains of the spanner might not still approximate the distances of what

remains of the original graph. This motivates the notion of fault tolerant spanners:

Deﬁnition 1. A subgraph His an f-vertex fault tolerant (f-VFT) t-spanner of Gif

dH\F(u, v)≤t·dG\F(u, v) (2)

for all u, v ∈Vand F⊆V\ {u, v}with |F| ≤ f.

In other words, an f-VFT spanner contains a spanner of G\Ffor every set of |F| ≤ fnodes

that could fail. The deﬁnition for edge fault tolerance (EFT) is equivalent, with the only change

being that F⊆Erather than F⊆V\ {u, v}.

Fault tolerant spanners were originally introduced in the geometric setting (where the vertices

are points in Rdand the initial graph Gis the complete graph with Euclidean distances) by

Levcopoulos, Narasimhan, and Smid [LNS98a] and have since been studied extensively in that

setting [LNS98b, Luk99, CZ04, NS07]. Chechik, Langberg, Peleg and Roditty [CLPR10] were the

ﬁrst to study fault-tolerant spanners in general graphs, giving a construction of an f-VFT (2k−1)-

spanner of size approximately O(f2kf+1 ·n1+1/k log1−1/k n) and an f-EFT (2k−1)-spanner of size

O(f·n1+1/k). So they showed that introducing tolerance to fedge faults costs us an extra factor

of fin the size of the spanner, while introducing tolerance to fvertex faults costs us a factor of

f2kf+1 in the size (compared to the size of a non-fault tolerant spanner of the same stretch).

Since [CLPR10], there has been a line of work focused on improving these bounds, particularly

for vertex faults (see Table 1). The ﬁrst improvement was by [DK11], who improved the bound for

1

Spanner Size Runtime Greedy? Citation

e

OkO(f)·n1+1/ke

OkO(f)·n3+1/k[CLPR10]

e

Of2−1/k ·n1+1/ke

Of2−2/k ·mn1+1/k[DK11]

Oexp(k)f1−1/k ·n1+1/kOexp(k)·mnO(f)X[BDPW18]

Of1−1/k ·n1+1/kOmnO(f)X[BP19]

Ok2f1−1/k ·n1+1/ke

Of2−1/k ·mn1+1/k(X) [DR20]

Of1−1/k ·n1+1/ke

Of1−1/kn2+1/k +mf 2(X)(this paper)

Table 1: Prior work on f-VFT (2k−1)-spanners of weighted input graphs on nnodes and medges.

Size bounds in red are existentially optimal, and runtimes in blue are polynomial. The (X) entries

indicate a greedy algorithm with slack, as discussed below. With e

Owe hide factors of log n(or k,

since we may assume k≤log n).

vertex faults to O(f2−1

kn1+ 1

klog n) via a black-box reduction to non-fault tolerant spanners. Fol-

lowing this, the area turned towards analyses of the FT-greedy algorithm, the obvious extension of

the greedy algorithm of [ADD+93] to the fault tolerant setting: look at the edges (u, v) of the input

graph Gin order of nondecreasing weight, and add (u, v) to the spanner Hiﬀ currently there exists

a set of |F| ≤ ffaults such that (2) fails. This algorithm was ﬁrst analyzed by [BDPW18] who ob-

tained a size bound of O(exp(k)f1−1/kn1+1/k). They also proved a lower bound of Ω(f1−1/kn1+1/k )

for f-VFT (2k−1)-spanners: assuming the girth conjecture of Erd¨os [Erd64], there are graphs

which require that many edges for any f-VFT (2k−1)-spanner. An improved analysis of the

FT-greedy algorithm was then given by [BP19], who remove the exp(k) factor and so proved that

this algorithm gives existentially optimal VFT spanners.

While the FT-greedy algorithm inherits some of the nice properties of the non-faulty greedy

algorithm (such as simplicity, easy-to-prove correctness, and existential optimality), it unfortunately

has serious issues in runtime. The edge test in the FT greedy algorithm, i.e., whether or not there

exists a fault set under which (2) holds, is an NP-hard problem known as length-bounded

cut [BEH+06], and hence the algorithm inherently runs in exponential time. Addressing this, a

greedy algorithm with slack was recently proposed in [DR20]. This algorithm is an adaptation of

the FT-greedy algorithm which replaces the exponential-time edge test with a diﬀerent subroutine

test(u, v), which accepts every edge (u, v) where there exist |F| ≤ ffaults under which (2) fails,

and possibly some other edges too. This slack maintains correctness and allows one to escape NP-

hardness, but it introduces the challenge of bounding the number of additional edges added. The

approach in [DR20] is to design an O(k)-approximation algorithm for length -bounded cut and

use this in an eﬃciently computable test subroutine. This gives a polynomial runtime, but pays

the approximation ratio of O(k) in spanner size over optimal. So the result in [DR20] takes an

important step forward (polynomial time) but also a step back (non-optimal size, by a factor of

O(k)).

It thus remains an important open problem to design a polynomial time algorithm which obtains

truly optimal size. We note that kfactors are often considered particularly important for spanners,

since the regime k= Θ(log n) yields the sparsest possible spanners and hence arises commonly in

algorithmic applications (see, e.g., [BBG+20] for a recent example), and here an extra factor of k

2

in the size of the spanner is signiﬁcant. Accordingly, for spanners and many related objects there

has been signiﬁcant eﬀort expended to remove unnecessary factors of k. For example, Chechik and

Wulﬀ-Nilsen recently received the best paper award at SODA ’16 for removing a factor of kfrom

the “lightness” bound for spanners [CWN16], and removing the ﬁnal factor of kfrom the size of a

“distance oracle” (a data structure related to spanners) appeared in STOC ’15 [Che15]. It seems

to often be the case that initial algorithms pay a factor of k, which can later be removed through

smarter algorithms and analyses. Our results ﬁt into this tradition, addressing the remaining open

question: can we get truly optimal-size fault tolerant spanners in polynomial time?

1.2 Our Results and Techniques

We answer this in the aﬃrmative, giving both randomized and deterministic algorithms for con-

structing optimal-size fault-tolerant spanners. More formally, we prove the following theorems.

Theorem 1.1. There is a randomized algorithm which runs in expected time

e

Of1−1/kn2+1/k +mf 2

which with high probability returns an f-VFT (2k−1)-spanner with O(f1−1/kn1+1/k)edges.

Theorem 1.2. There is a deterministic algorithm which constructs an f-VFT (2k−1) spanner

with at most O(f1−1/kn1+1/k )edges in time

˜

Of4−1/kn2+1/k +mf 5.

If f=poly(n)(i.e., f≥ncfor some constant c > 0) then the running time improves to

˜

Of1−1/kn2+1/k +mf 2,

where the polynomial exponent cappears in both the spanner size and the running time but is hidden

by the O(·)notation.

So if fis subpolynomial in nthen our deterministic algorithm is slower than our randomized

algorithm by about f3, while if fis polynomial in nthen we get determinism essentially for free

(although the hidden polylogarithmic factors are larger in the deterministic case).

To put these results in context, note that this is an exponential improvement in running time

over [BP19], the only previous algorithm to give optimal-size fault tolerant spanners. And un-

like [DR20,DK11] it gives spanners with existentially optimal size, saving an O(k) factor over [DR20]

and an O(flog n) factor over [DK11]. It is also polynomially faster than both [DR20,DK11]. We

note that not only is k= Θ(log n) (and superconstant kmore generally) a particularly interesting

regime (as discussed), large values of fare also particularly interesting. If we only ever think of f

as small then the dependence on fin the size of the spanner does not matter much, but of course

we are interested in protecting against as many faults as possible! So our results are strongest

(compared to previous work) precisely in one of the most interesting regimes for fault-tolerant

spanners: k= Θ(log n) and fpolynomially large in n.

Additional Properties. Our algorithms and techniques have a few other properties that we

brieﬂy mention here, but which will not be a focus in the paper. First, a corollary of our techniques

and analysis is that we actually speed up the running time of the non-fault tolerant greedy algorithm

3

from O(mn1+1/k) to O(kn2+1/k). Second, our algorithms and bounds continue to hold for edge

fault tolerance, but for simplicity we will only discuss the VFT case. These size bounds are also

not known to be optimal for edge fault tolerance (except for spanners of stretch 3) since the known

lower bounds are weaker, making our results more interesting in the VFT setting. See Section 6

for more discussion of edge fault tolerance. Finally, since our algorithms are slack-greedy, they are

unconditionally optimal: even if the Erd˝os girth conjecture is false, our algorithms still produce

spanners of optimal size (whatever that is).

1.2.1 Our First Algorithm

Our ﬁrst algorithm is a surprisingly simple randomized algorithm that, while not as eﬃcient as the

algorithm we will use to prove Theorem 1.1, achieves our main goal: it has polynomial running time

and produces spanners of optimal size. It also illustrates the main ideas that our more advanced

algorithms (faster and/or deterministic) will utilize.

Theorem 1.3. There is a randomized algorithm which, given an undirected weighted n-node graph

and positive integers fand k, runs in polynomial time and with high probability returns an f-VFT

(2k−1)-spanner with O(f1−1/k n1+1/k)edges.

The main new ingredient is the following simple test(u, v) subroutine. To test an edge (u, v) we

ﬁrst randomly sample Θ(log n) induced subgraphs of the current spanner, each of which is obtained

by including uand vand then including each other node with probability 1/(2f). Then we test

(1) in each of the sampled subgraphs, and we add (u, v) to the spanner iﬀ a large enough fraction

of these subgraphs violate (1). For correctness, one observes that if there exists any set of |F|=f

vertex deletions under which dH\F(u, v) is large, then with high probability a large fraction of the

subgraphs will delete all of F. Hence d(u, v) will be large in these subgraphs, and we will correctly

include (u, v) in the spanner.

The more interesting part of the argument is bounding the size of the output spanner. This

relates to the blocking set technique introduced in [BP19] and also used in [DR20]. This technique

uses the following observation: if the spanner His suﬃciently dense, and one samples a random

induced subgraph on n/f nodes, then that subgraph will still be dense enough that it must have

some ≤2k-cycles. This statement is even somewhat robust, in that one will not be able to destroy

all ≤2k-cycles by deleting only a constant fraction of remaining edges in the subgraph. Thus one

can certify sparsity of the spanner by arguing that it is in fact possible to sample a subgraph,

remove a constant fraction of the surviving edges, and destroy all ≤2k-cycles in the process.

In [BP19, DR20], one roughly predeﬁnes a small set of edges in the spanner (called the “blocking

set”) that intersects all ≤2k-cycles; the strategy is then to sample a subgraph and remove the parts

of the blocking set that survive. This approach works, but it is limited: if we use a slack FT-greedy

algorithm (as in [DR20]) then the size of the blocking set increases with the slack, giving spanners

that no longer have optimal size.

Our main idea is to bypass blocking sets by more closely tying together the algorithm and the

analysis. The analysis of the blocking set technique uses random subgraph sampling, but this does

not appear in the actual algorithm of [DR20] or [BP19]. Our new algorithm, by explicitly sampling

subgraphs as part of the test(u,v) subroutine, is in some sense doing algorithmically exactly the

minimum needed for the analysis to work. As is shown more formally in Section 3, if an edge

passes our new test(u,v) then by construction the probability that it will have to be removed in

the analysis in order to obtain high-girth is at most some constant less than 1. So getting our

sampled subgraph to be high-girth in the analysis requires removing only a constant fraction of the

remaining edges. This is in contrast to the ideas behind blocking sets, where the blocking set is

4

predeﬁned by the algorithm and so an edge either has to be removed from the analysis subgraph

(if it is part of the blocking set) or does not (if it isn’t). Hence another way to think of our idea

is that we are moving from a global analysis of which edges need to be removed (blocking sets,

where edges are either in the set or not) to a local analysis (where each edge has only a constant

probability of being removed).

Details of this algorithm and analysis are given in Section 3.

1.2.2 Our Faster Randomized Algorithm

As discussed, obtaining fast algorithms for spanners – not just any polynomial time – is a long-

standing and important line of research. Once we are able to achieve polynomial time, we naturally

want to minimize this time. Our next algorithm (which achieves the running time bound of Theo-

rem 1.1) optimizes the runtime in two ways:

1. It is costly to randomly sample subgraphs anew in each round of the algorithm. A more

eﬃcient approach is to randomly sample vertex sets once at the very beginning, use these to

perform the test in each round, and incrementally maintain the sampled subgraphs as edges

are added to the spanner. We show that this approach works as long as we sample Θ(f3log n)

total subgraphs in the beginning.

2. Since we incrementally maintain a ﬁxed set of subgraphs, to test (1) on each subgraph we

can use an appropriate incremental data structure rather than computing from scratch each

time. The obvious way of doing this requires using an incremental dynamic distance oracle /

APSP algorithm, but unfortunately known constructions are not suﬃcient for our purposes.

However, in the setting of unweighted input graphs one can easily reduce to reachability

(rather than distance) on a (k+ 1)-layered version of the subgraph, and we can use an

observation from [DR20] to make this reduction work for weighted input graphs as well

thanks to the fact that our algorithm is a slack version of the greedy algorithm. We can then

use a classical data structure for incremental reachability by Italiano [Ita86].

Together, these improvements give the runtime listed in Theorem 1.1. Details are given in

Section 4.

1.2.3 Our Deterministic Algorithm

Our second improvement is to regain determinism. Both the exponential time algorithm of [BDPW18]

and the polynomial time algorithm of [DR20] are deterministic, while the core ideas of our previous

two algorithms seem to require randomization (particularly our ﬁrst, non-optimized algorithm).

But by constructing set systems with speciﬁc properties through the use of almost-universal hash

functions, we are able to derandomize the algorithm of Theorem 1.1.

The main idea is to leverage the fact that our fast randomized algorithm samples vertex sets

only once at the very beginning. By examining the proof of Theorem 1.1 we can determine what

properties we need these sets to have. Informally, we need that for every {u, v} ∈ Ethere are

not many sets containing both uand v, and that for every {u, v} ∈ Eand F⊆V\ {u, v}with

|F| ≤ f, a constant fraction of the sets which contain both uand vdo not contain any vertex in

F(note that this guarantee has to hold simultaneously for all possible fault sets). So we just need

to give a deterministic construction of such a set system. We show how to do this by building an

(almost-)universal hash family from Vto [Θ(f)], and for each hash function in the family creating

Θ(f2) sets based on pairs of hash values. Interestingly, we are able to tolerate relatively large

5

values of “almost”: our spanner construction still works even if the universal hashing guarantee is

violated by large constants. Most of the literature on hashing, on the other hand, is optimized for

the case of only a (1 + ǫ) violation. By taking advantage of our ability to withstand weaker hashing

guarantees, we can design an extremely small hash family based on Message Authentication Codes

from cryptography, which is a standard and classical construction but to the best of our knowledge

has not previously been used in the context of hashing or derandomization. This allows us to obtain

running time that is essentially the same as our fast randomized algorithm when fis polynomial

in n.

These ideas give the deterministic runtime in Theorem 1.2. Details are given in Section 5.

2 Preliminaries and Notation

We will use ˜

O(·) to suppress polylogarithmic (in n) factors. For any integer a≥1, let [a] =

{1,2,...,a}. Given an edge-weighted graph G= (V, E, w), let dG(u, v) denote the shortest-path

distance from uto vin Gaccording to the weight function wand let d∗

G(u, v) denote the unweighted

distance (minimum number of hops) from uto vin G.

Many of our algorithms are randomized, and so we make claims that hold with high probability.

Formally, this means that they hold with probability at least 1 −1/n.1

We will use the following Chernoﬀ bounds (see [DP09]).

Theorem 2.1. Let X=Pn

i=1 Xi, where Xi(i∈[n]) are independently distributed in [0,1]. Then:

•For 0< ǫ < 1:Pr[X < (1 −ǫ)E[X]] ≤exp((−ǫ2/2) E[X]) and Pr[X > (1 + ǫ)E[X]] ≤

exp((−ǫ2/3) E[X]).

•If t > 2eE[X], then Pr[X > t]<2−t.

We will use the following structural lemma about fault-tolerant spanners, which was given

explicitly in [DR20] but appeared implicitly in essentially all previous papers on fault-tolerant

spanners. It essentially says that we only have to worry about spanning edges (not all pairs of

nodes), and only edges for which the shortest path between the endpoints is the edge itself.

Lemma 2.2. Let G= (V, E)be a graph with weight function wand let Hbe a subgraph of G.

Then His an f-VFT t-spanner of Gif and only if dH\F(u, v)≤t·w(u, v)for all F⊆Vwith

|F| ≤ fand u, v ∈V\Fsuch that {u, v} ∈ E.

3 Optimal Fault-Tolerant Spanners in Polynomial Time

In this section we resolve the main open question left by [DR20,BP19,BDPW18] by proving The-

orem 1.3: we give a polynomial time algorithm which constructs optimal-size vertex fault tolerant

spanners. As discussed in Section 1.2.1, the algorithm itself is quite simple: we just use the greedy

algorithm but test whether to include an edge by sampling subgraphs and checking whether the

distance between the two endpoints is too large. This algorithm is given formally as Algorithm 1.

The following deﬁnitions will be useful in our analysis. Let Hbe the ﬁnal spanner, and let H′

be an induced subgraph of Hobtained by including each node, independently, with probability

1By changing the constants in the algorithm/analysis, all high probability claims we make can be made to hold

with probability at least 1 −1/ncfor any constant c. We choose c= 1 only for simplicity.

6

Algorithm 1 Basic f-VFT (2k−1)-Spanner Algorithm

Input: Graph G= (V, E ) on nnodes, edge weights w:E→R+, integers k≥1 and f≥1.

1: H←(V, ∅)

2: for all e={u, v} ∈ Ein nondecreasing weight order do

3: Sample α=clog nsubgraphs {c

Hi

e⊆H}i∈[α], where each is an induced subgraph on a vertex

set obtained by including uand v, and then each other node independently with probability

1/(2f).

4: Let c

Pebe the fraction of these subgraphs in which dc

Hi

e(u, v)>(2k−1) ·w(u, v).

5: if c

Pe≥1/4then

6: Add eto H

7: return H

1/(2f) (note that H′is only an analytical tool, not part of the algorithm). Let He(H′

e) denote the

subgraph of H(H′) containing only the edges considered strictly before ein the algorithm. Let

Pe=(u,v):= Pr dH′

e(u, v)>(2k−1) ·w(u, v)|u, v ∈V(H′)

where the probability is over the random construction of H′. So c

Pein the algorithm is an experi-

mental estimate of Pe, and we can bound its accuracy as follows:

Lemma 3.1. With high probability, for every edge e∈E, we have c

Pe∈Pe±1/8.

Proof. We will prove the lower bound c

Pe≥Pe−1/8; the upper bound is essentially identical. The

random variable αc

Peis the sum of αrandom variables nc

Pi

eo, where

c

Pi

e:=

0 if dc

Hi

e(u, v)≤(2k−1) ·w(u, v)

1 if dc

Hi

e(u, v)>(2k−1) ·w(u, v).

Thus we may apply Chernoﬀ bounds (Theorem 2.1), giving:

Pr hαc

Pe< α(Pe−1/8)i= Pr hαc

Pe<Ehαc

Pe−1/8ii≤Pr αc

Pe<7

8Ehαc

Pei

≤e−(1/8)2

2αE[c

Pe]≤e−α/128

If we set α≥128 ·3 ln n, then the probability is at most 1/n3. So, by a union bound over the

m≤n2edges in the input graph, the probability that the lower bound fails for any edge is at most

1/n, proving the lemma.

We are now ready to prove the properties of Algorithm 1.

Lemma 3.2. With high probability, Algorithm 1 returns an f-VFT (2k−1)-spanner.

Proof. Let e= (u, v) be an edge considered by the algorithm, and suppose there exists a fault set

F⊆V\ {u, v}with |F| ≤ fsuch that

dHe\F(u, v)>(2k−1) ·w(e).

In the event that H′

econtains u, v but it does not contain any node in F, we thus also have

dH′

e(u, v)>(2k−1) ·w(e).

7

Thus Peis at least the probability that none of the nodes in Fsurvive in H′

e, which we may bound:

Pe≥(1 −p)|F|≥1−1

2ff

≥1/2.

By Lemma 3.1, with high probability we have c

Pe≥Pe−1/8≥1/2−1/8>1/4, and so we add e

to Hin the algorithm. So for any edge enot added to the spanner, no such fault set Fexists. It

then follows from Lemma 2.2 that His an f-VFT (2k−1)-spanner.

Lemma 3.3. With high probability, |E(H)| ≤ Of1−1/kn1+1/k.

Proof. Recall that H′is a induced subgraph of Hobtained by including every vertex independently

with probability 1/(2f), and hence E[|V(H′)|] = n/(2f). For each edge (u, v)∈E(H′), we say that

(u, v) is bad if dH′

e(u, v)≤(2k−1) ·w(u, v), and otherwise (if dH′

e(u, v)>(2k−1) ·w(u, v)) we

say that (u, v) is good. Let H′′ ⊆H′be obtained by deleting all bad edges. We will now bound its

expected number of edges E[|E(H′′)|], conditioned on the high probability event from Lemma 3.1

holding, in two diﬀerent ways:

•For any cycle Cin H′with at most 2kedges, notice that the edge (u, v)∈Cconsidered last

by the algorithm is bad, since there is a u vpath around the cycle consisting of at most

2k−1 edges, each of weight at most w(u, v). Thus (u, v) is removed in H′′. It follows that

H′′ has no cycles with at most 2kedges; the folklore Moore Bounds then imply that

E(H′′)=OV(H′′)1+1/k.

Since each of the nnodes in Hare included in H′′ independently with probability 1/(2f), we

have

EE(H′′)=OEhV(H′′)1+1/ki=OEV(H′′)1+1/k=O n

f1+1/k!.(3)

In particular, the reason we can pull the exponent outside the expectation in the second step

is due to the following computation:

EhV(H′′)1+1/k i−EV(H′′)1+1/k ≤EhV(H′′)2i−EV(H′′ )2

=V ar V(H′′)=O(n/f )

and hence the diﬀerence between these two terms may be hidden in the O.

•For an edge e= (u, v)∈E(H), the probability that esurvives in H′′ may be decomposed as

the probability that it survives in H′, times the probability that it survives in H′′ given that

it survives in H′. This gives:

Pr (u, v)∈E(H′′)= Pr u, v ∈V(H′)·Pr (u, v) is good |u, v ∈E(H′)

= Θ(1/f2)·Pe.

Since (u, v) was added to H, we have c

Pe≥1/4, and so (since we condition on Lemma 3.1)

we have Pe≥1/8. Hence the probability of (u, v)∈E(H′′ ) is Θ(1/f2). By linearity of

expectations, we then have

|E(H′′)|= Θ |E(H)|

f2.(4)

8

Combining (3) and (4), we have

Ω|E(H)|

f2=EE(H′′)=O n

f1+1/k!

and so, comparing the left- and right-hand sides and rearranging, we get

|E(H)|=On1+1/kf1−1/k .

Lemma 3.4. Algorithm 1 runs in polynomial time.

Proof. We ﬁrst need to sort the edges by weight, which takes at most O(mlog n) time. Then for each

edge e∈E, we must sample Θ(log n) independent subgraphs and then run a single-source shortest

path computation in each. Sampling such a subgraph takes O(n+|E(H)|)≤O(f1−1/kn1+1/k ) time

(using the bound on |E(H)|from Lemma 3.3). The running time of the shortest path computation

on the subgraph is at most O(|E(H)|log n),2which is at most O(f1−1/kn1+1/k log n). Since we

repeat O(log n) times per round, and we have mtotal rounds in the algorithm, the total runtime

is O(mf1−1/kn1+1/k log2n).

4 An Even Faster Randomized Algorithm

Algorithm 2 is a bit more complicated than Algorithm 1, but it is signiﬁcantly faster: in terms of

runtime, it essentially turns the O(m) factor in Lemma 3.4 into an O(k2n) factor. In Algorithm 1,

up to a logarithmic factor the runtime per sampled subgraph is dominated by the time required to

compute the subgraph rather than the time to measure distances on the subgraph, since sampling

the subgraph requires time linear in |E(H)|while distances are computed in the subgraph itself,

which has fewer edges than H. This leads to essentially O(|E(H)| · mlog n) total runtime, since we

sample O(mlog n) subgraphs in total: O(log n) subgraphs in each round, and mtotal rounds. In

our new algorithm, we improve this by (1) pre-sampling Θ(f3log n) subgraphs and using them in

each round, and (2) measuring relevant distances on these subgraphs using a certain incremental

dynamic algorithm, rather than recomputing from scratch. See Section 1.2.2 for a more detailed

overview. We now state the algorithm formally.

Deﬁnition 2. Let G= (V , E) be an undirected graph, and let k≥1 be an integer. The layered

graph G2kis the directed graph with vertex set V×[2k] and edges

((u, i),(v, i + 1)) for all i∈[2k−1],{u, v} ∈ E, and

((u, i),(u, i + 1)) for all i∈[2k−1], u ∈V.

Notice that the unweighted distance between uand vin Gis at most 2k−1 if and only if there

is a path from (u, 1) to (v, 2k) in G2k.

Theorem 4.1 ( [Ita86]).There is a data structure which takes O(n2)time to initialize on an empty

n-node graph, and which can then support directed edge insertions in O(n)time (amortized) and

reachability queries (answering “is there currently a u vpath in the graph?) in O(1) time.

2This estimate is conservative; except in a small range of parameters the subgraph is much smaller than Hand

thus the running time of the shortest path computation is dominated by the time needed to sample the subgraph in

the ﬁrst place.

9

Algorithm 2 Faster f-VFT (2k−1)-Spanner Algorithm

Input: Graph G= (V, E ), edge weights w:E→R+, integers k≥1 and f≥1.

{preprocessing phase}

1: H←(V, ∅)

2: for i= 1 to α=cf 3log ndo

3: Create Viby including every vertex of Vindependently with probability 1/(2f)

4: Let Hi= (Vi,∅)

5: Create the layered graph H2k

i, and initialize the data structure of Theorem 4.1 for H2k

i

6: for all e={u, v} ∈ Edo Let Le={i|u, v ∈Vi}

{main greedy algorithm}

7: for all e={u, v} ∈ Ein nondecreasing weight order do

8: for all Hi∈Ledo

9: Query whether there is a (u, 1) (v, 2k) path in H2k

i

10: Let Pebe the fraction of subgraphs Hi∈Lewhere the query returns NO

11: Let 0 < τ < 1 be an absolute constant that we choose in the analysis

12: if Pe≥τthen

13: Add eto H

14: for all i∈Ledo

15: Add eto Hi

16: Update the connectivity data structure for H2k

iby inserting the edges ((u, j),(v, j + 1))

and ((v, j),(u, j + 1)) in H2k

ifor all j∈[2k−1]

17: return H

Like for Algorithm 1, we let Hbe the ﬁnal spanner, and now we let H′be a uniform random

subgraph among those selected in the preprocessing phase. Let He(H′

e) denote the subgraph of H

(H′) containing only the edges considered strictly before ein the algorithm. We note that we do

not have separate analogous deﬁnitions of c

Pe, Pethis time: the relevant probability Peis computed

exactly by the algorithm. We start our analysis with the following technical lemma:

Lemma 4.2. With high probability over the choice of random subgraphs in the preprocessing phase,

for every e= (u, v)∈Eand |F| ⊆ V\ {u, v}with |F| ≤ f, we have:

1. |Le|=O(flog n)

2. |{i∈Le|F∩Vi=∅}| = Ω(flog n)

Proof. For the ﬁrst part, by linearity of expectations the expected number of sets Lethat contain

both uand vis exactly α/(2f)2= (c/4)flog n. Applying Chernoﬀ bounds (Theorem 2.1), we have

(for suﬃciently large c):

Pr [|Le|> ce ·flog n] = Pr [|Le|>4eE[|Le|]] <2−ce·flog n<1/(2n3)

A union bound over the m≤n2edges in the graph implies that |Le|=O(flog n) for all e,

simultaneously, with probability at least 1 −1/(2n).

For the second part of the lemma, for any e= (u, v)∈Eand F⊆V\ {u, v}with |F| ≤ f, and

10

for any i∈[α], we compute:

Pr[i∈Leand F∩Vi=∅] = Pr[u, v ∈Vi]·Pr[F∩Vi6=∅]

=1

4f21−1

2f|F|

≥1

4f21−1

2ff

≥1

8f2.

Thus by linearity of expectations,

E[|{i∈Le|F∩Vi=∅}|]≥α

8f2=c

8flog n.

Again by Chernoﬀ bounds, we have

Pr |{i∈Le|F∩Vi=∅}| <1

2c

8flog n≤exp −1

8c

8flog n

≤1

2n4fassuming suﬃciently large c.

Taking a union bound over all ≤nfpossible choices of Fand all m≤n2edges, we have

|{i∈Le|F∩Vi=∅}| = Ω(flog n)

for all choices of e, F , simultaneously, with probability ≥1−1/(2n). Hence, by an intersection

bound, the two parts of the lemma hold jointly with high probability.

We are now ready to prove the properties of Algorithm 2:

Lemma 4.3. With high probability, Algorithm 2 returns an f-VFT (2k−1)-spanner.

Proof. Let e= (u, v). As with our proof of correctness of Algorithm 1 (Lemma 3.2), by Lemma 2.2

we just need to show that when the algorithm considers e, if there is a fault set Ffor which

dHe\F(u, v)>(2k−1) ·w(e),

then the algorithm adds eto H. Notice that this implies

d∗

He\F(u, v)>2k−1,

since by construction the weight of every edge in Heis no larger than w(e) (recall from Section 2

that d∗denotes the unweighted distance). By Lemma 4.2, with high probability a constant fraction

of the i∈Lehave F∩Vi=∅and thus we have d∗(u, v)>2k−1 in the corresponding subgraphs.

Thus Peis at least an absolute constant; by setting τless than this constant, we will add eto

H.

Lemma 4.4. With high probability, |E(H)| ≤ Of1−1/kn1+1/k.

Proof. This loosely follows the proof of Lemma 3.3. For each edge (u, v)∈E(H′), let us say:

(u, v) is bad if d∗

H′

e(u, v)≤2k−1

(u, v) is good if d∗

H′

e(u, v)>2k−1.

Let H′′ ⊆H′be obtained by deleting all bad edges. We now again bound E[|E(H′′ )|] in two ways:

11

•By essentially the same argument as in Lemma 3.3, H′′ has no cycles on ≤2kedges, and thus

EE(H′′)=OEhV(H′′ )1+1/ki=OEV(H′′)1+1/k

where we may pull the exponent outside the expectation by the same argument as in Lemma

3.3. When we choose random subgraphs in the preprocessing phase, the total number of nodes

added to all subgraphs can be viewed as the sum of independent binary random variables, and

the expectation is Θ(nf 2log n). Thus, by Chernoﬀ bounds, with high probability over the

choice of random subgraphs in the preprocessing phase, we do indeed have Θ(nf2log n) total

nodes in our subgraphs. Conditioned on this high probability event, since we have exactly

α= Θ(f3log n) subgraphs, the average sampled subgraph Hihas |V(Hi)|= Θ(n/f ). We

then have E[|V(H′′)|] = Θ(n/f), and so with high probability

EE(H′′)=O n

f1+1/k!

(where the expectation is only over the choice of H′among the subgraphs sampled in the

preprocessing phase).

•By Lemma 4.2, with high probability over the choice of random subgraphs, we have |Le|=

Θ(flog n) for all edges e. In this event, whenever we add an edge e= (u, v) to the spanner

we also add the edge to Θ(flog n) out of the α= Θ(f3log n) subgraphs. Moreover, by

construction, in at least a constant τfraction of these subgraphs Hi, our (u, 1) (v, 2k) path

query returns NO. It follows that the current unweighted u vdistance in these subgraphs

is >2k−1, and hence eis a good edge in Θ(τ·flog n) = Θ(flog n) subgraphs. So the total

number of good edges among the Θ(f3log n) subgraphs is Θ(|E(H)|flog n) We thus have

E|E(H′′)|= Θ |E(H)|

f2.

Combining these, we have

Ω|E(H)|

f2=E|E(H′′)|=O n

f1+1/k!,

and again the lemma follows by comparing the left- and right-hand sides and rearranging.

Lemma 4.5. The expected running time of Algorithm 2 is at most

Ok2f1−1/kn2+1/k log n+mf 2log n.

Proof. We ﬁrst analyze the preprocessing phase. Note that without loss of generality, m≥

f1−1/kn1+1/k ≥f n or else we are already ﬁnished (we can simply return the input graph).

We can create the Visets in time O(nf 3log n) = O(mf2log n) by ﬂipping α=O(f3log n)

weighted coins for each vertex. Once we do this, we may assume that every vertex vhas a sorted

list Lvof the values of ifor which v∈Vi. In expectation, each of the layered graphs H2k

ihas

O(kn/f ) vertices, so we can then create the layered graphs in expected time O((kn/f)f3log n) =

O(knf 2log n) = O(kf1−1/kn2+1/k log n) (by linearity of expectations). Note that this includes

the initial edges of the form ((u, i),(u, i + 1)) in each of the layered graphs. Initializing the data

12

structure of Theorem 4.1 for each of the layered graphs takes time O((kn/f)2) in expectation

(since the number of nodes is binomial random variable and E[X2]≤O(E[X]2) for any bino-

mial random variable X), and thus the total expected time to initialize these data structures is

O((kn/f )2f3log n) = O(k2f n2log n)≤O(k2f1−1/k n2+1/k log n). We also need to insert all of the

initial edges of the form ((u, i),(u, i + 1)) into these data structures, which takes expected time

O(f3log n·(kn/f )·(kn/f)) = O(k2fn2log n)≤O(k2f1−1/kn2+1/k log n) (again using the square of

a binomial random variable). Hence we can construct and initialize the vertex sets and the needed

data structures in expected time at most

O(mf2log n) + O(kf 1−1/k n2+1/k log n) + O(k2f1−1/kn2+1/k log n) + O(k2f1−1/kn2+1/k log n)

=O(mf2log n) + O(k2f1−1/kn2+1/k log n).

To create the Lesets we need to be a little more careful, since doing it naively (looping through

each edge and each i∈[α] and checking if both endpoints are in Vi) would take O(mf 3log n) time.

But we can speed this up: since every vertex vhas Lvin a sorted list, for each edge e={u, v}we

can just do a single pass through Luand Lvto compute Le=Lu∩Lv. Thus this can be done in

O(|Lu|+|Lv|) time, and since |Lv| ≤ O(f2log n) with high probability for every v∈V, this takes

time O(f2log n) per edge and thus O(mf 2log n) total.

Putting all of this together, we get that the preprocessing takes time O(k2f1−1/kn2+1/k log n+

mf2log n).

We now analyze the main loop. For every e={u, v} ∈ E, the algorithm performs a connec-

tivity query in O(flog n) of the layered subgraphs. By Theorem 4.1, this takes O(mf log n) total

time. When we decide to add an edge eto the spanner (which happens at most O(f1−1/k n1+1/k)

times by Lemma 4.4), we have to do O(k) insertions into each of the O(flog n) layered graphs

in Le. The amortized cost of each insertion is O(kn/f) by Theorem 4.1 (since the number of

nodes in each layered graph is O(kn/f) by Lemma 4.2), and hence the total time of all insertions

is O(f1−1/kn1+1/k (kn/f )kf log n) = O(k2f1−1/kn2+1/k log n). This is asymptotically larger than

mlog nsince m < n2, and hence the running time of the main loop is O(k2f1−1/kn2+1/k log n).

5 Deterministic Algorithm

We now design a deterministic algorithm by derandomizing Algorithm 2. Recall that Algorithm 2

uses randomization in the preprocessing phase to create Θ(f3log n) vertex sets. We will derandom-

ize this by deterministically creating sets with the same properties by using appropriately chosen

hash functions. This results in a deterministic algorithm whose running time depends on the size

of the hash family that we use. If we use universal or pairwise-independent hash functions, then

we end up paying additional factors of nin the running time. We can improve this by using

almost-universal hash functions, since our analysis is robust to changes in constants. Standard

constructions then give the same dependence on nas in Algorithm 2, but polynomially worse de-

pendence on f. But in the most important regime where fis polynomial in n, we can use ideas from

message authentication codes in cryptography to design a hash family which is signiﬁcantly more

eﬃcient, allowing us to get running time that is essentially identical to the randomized algorithm!

5.1 Set System

Intuitively, we want sets which “act like” the Θ(f3log n) random sets of Algorithm 2. So they

should each have size about n/f, there shouldn’t be too many sets in each Le(each edge shouldn’t

be in too many of the subsets), and for every fault set Fa constant fraction of the sets in Leshould

13

not intersect F. We will proceed somewhat similarly to the approach of [Par19], who also needed

a set system where a reasonable fraction of the sets both had subsets of some given size and did

not intersect with subsets of a given size. But trying to apply [Par19] as a black box, or even using

the construction from [Par19], gives highly suboptimal bounds: the number of sets we would need

would be exponential in f. So we need to change the construction. We will also use a diﬀerent

hash family, at least for the regime where fis polynomial in n, in order to get even faster running

time.

5.1.1 Almost Universal Hashing

Parter [Par19] began with “almost-pairwise independent” hash families. We will use a slightly

diﬀerent (but related) deﬁnition of “almost-universal” hash families, which is a weaker requirement

but is suﬃcient for our needs and will allow us to design faster algorithms than if we required

almost-pairwise independence.

Deﬁnition 3. A family H={h:U→R}is δ-almost universal if:

1. For all x1, x2∈Uwith x16=x2: Prh∼H[h(x1) = h(x2)] ≤δ

|R|, and

2. For all y∈Rand h∈ H,|{x∈U:h(x) = y}| ≤ O(|U|/|R|).

3. Each h∈ H can be described with ˜

O(1) bits and can be evaluated in ˜

O(1) time.

Setting δ= 1 recovers the standard deﬁnition of universal hash families. The second and third

parts of this deﬁnition are not always part of the standard deﬁnition of universality, but easily

follow from most standard constructions (and, in particular, from the constructions that we will

use). The third property implies that in time ˜

O(|H||U|) we can compute all hash functions from

the family on all elements of the domain.

We will use two diﬀerent constructions of δ-almost universal hash families, one which works for

all regimes and one which only gives meaningful bounds when the size of the range is polynomial

in the size of the domain. The ﬁrst construction we will use is the following:

Theorem 5.1. For every δ > 1, there is a δ-almost universal hash family Hwith O(poly(1/(δ−

1))|R|4log2|U|)functions.

To the best of our knowledge, this theorem does not appear explicitly anywhere in the literature,

since most papers just bound the number of random bits as O(log |R|+ log log |U|). Since the

constant is unspeciﬁed, this is not enough to prove Theorem 5.1. But Theorem 5.1 can easily be

derived from Theorem 2 of [AGHP92] by using N=|U|log |R|bits to deﬁne a hash function and

setting k= 2 log |R|and ǫ= (δ−1)/|R|2.

If |R|is close to |U|, we can use a diﬀerent construction based on ideas from the cryptography

literature, and in particular from Message Authentication Codes (MACs). This construction and

analysis is essentially standard (see [KR09,dB93,Tay94,BJKS93]), but to the best of our knowledge

has not been explicitly phrased as a hash function before in the literature. We will actually use a

slightly weaker (and thus more eﬃcient) version of the standard construction since we only need

almost-universality, not almost-pairwise independence. We give the proof for completeness.

Theorem 5.2. There is a llog |U|

log |R|m-almost universal hash family Hwith O(|R|)functions.

Proof. Without loss of generality, let U={0,1}uand let R={0,1}rwith udivisible by r, and

we interpret Uas F2uand Ras F2r. A single hash function is deﬁned by a single element a∈F2r.

14

Given x∈U, we split xinto u/r chunks x0, x1, x(u/r)−1, each of which has rbits and so is an

element of F2r. This deﬁnes a polynomial Mx(a) = P(u/r)−1

i=0 xiaiof degree (u/r)−1. Given an

element a∈F2r, we deﬁne a hash function ha(x) = Mx(a).

Let H={ha:a∈F2r}. Clearly |H| = 2r=|R|. It is also not hard to see that His a u/r-almost

universal family. To see this, let x, y ∈Uwith x6=y. Then ha(x) = ha(y) if and only if Mx(a) =

My(a), which is equivalent to Mx(a)−My(a) = 0. Clearly Mx(a)−My(a) = P(u/r)−1

i=0 (xi−yi)ai

is a non-zero polynomial (in a) of degree at most u/r, so there are at most u/r roots and thus the

probability that we choose an awhich satisﬁes this is at most (u/r)/2r= (u/r)/|R|.

Clearly we can compute these functions quickly enough, so the third property of Deﬁnition 3

holds. The second property of Deﬁnition 3 also holds, since if we divide the possible x∈Uinto

equivalence classes by everything except their lowest-order chunk x0(so each class has 2relements

and there are 2u−rclasses), then for every ﬁxed aand every equivalence class there is exactly one

element from the class which gets hashed to every possible value.

Since log |U|/log |R|is a constant if Rand Uare polynomially related, Theorem 5.2 gives an

O(1)-almost universal family in the case of |R| ≥ poly(|U|). We will only use this theorem in that

regime.

5.1.2 Creating Our Sets

We will use δ-almost universal hash families to create the subsets in the preprocessing stage of

Algorithm 2 rather than creating these sets randomly. More formally, rather than create O(f3log n)

sets independently, we will use the following construction.

Let Hbe a δ-almost universal hash family with domain Vand range [4δf].3We will create

|H|4δf

2= Θ(|H|f2) sets as follows: for every h∈Hand y, z ∈[4δf] with y6=z, we let

Vh,{y,z}={v∈V:h(v)∈ {y, z}}

In order to keep our previous notation, we will let α=|H|4δf

2and will arbitrarily number

these sets and refer to them as V1,...,Vα. And as before, we will let Le={i∈[α] : e⊆Vi}be

the sets which contain both endpoints of e. We ﬁrst need the equivalent of Lemma 4.2, but now

all bounds are deterministic.

Lemma 5.3. If His δ-universal hash family for some constant δ > 1then there exist constants

c1, c2, c3>0so that for suﬃciently large nthe sets V1,...,Vαhave the following properties:

1. |Vi| ≤ c1n/f for all i∈[α],

2. |Le| ≤ c2δ|H| for all e∈E, and

3. |{i∈Le:F∩Vi=∅}| ≥ c3|H| for all e∈Eand F⊆Vwith |F| ≤ fand F∩e=∅.

Proof. The second property of Deﬁnition 3 implies that each set has size at most O(n/(4δf )) =

O(n/f), so the ﬁrst property is clearly true. For the second property, let e={u, v} ∈ E, and let

h∈ H. If h(u) = h(v) then eis contained in 4δf −1 of the 4δf

2subsets deﬁned by h, and if

3This might seem strange in conjunction with Theorem 5.2, since then the range is a function of δbut δis also

a function of the range. We show how to set the parameters appropriately when we actually instantiate this hash

family in the proof of Theorem 1.2.

15

h(u)6=h(v) then eis contained in 1 of the subsets deﬁned by h. By the ﬁrst part of the deﬁnition

of almost universal, Prh∼H[h(u) = h(v)] ≤δ

4δf =1

4f. Thus

|Le| ≤ X

h∈H

1 + X

h∈H:h(u)=h(v)

(4δf −1) ≤ |H| +δ|H| = (1 + δ)|H|.

For the third property, ﬁx e={u, v} ∈ Eand F⊆V\ {u, v}with |F| ≤ f. For every x∈F,

let Xxu be the indicator random variable for the event that h(x) = h(u), and similarly let Xxv

be the indicator random variable for h(x) = h(v). Note that by the deﬁnition of almost-universal,

both of these random variables have expectation at most δ/(4δf) = 1/(4f). Let Z⊆Fbe the

set of elements of Fthat hash to the same value as uor v(so Zis a random subset). Then

|Z| ≤ Px∈F(Xxu +Xxv), and thus

E[|Z|]≤E"X

x∈F

(Xxu +Xxv)#=X

x∈F

(E[Xxu] + E[Xxv ]) ≤X

x∈F

2

4f≤1

2

So by Markov’s inequality, the probability that |Z| ≥ 1 is at most 1/2. Thus in at least half of

the hash functions from H, nothing from Fhas the same hash value as uor v. If we have such an

h,and if h(u)6=h(v), then this means that F∩Vh,{h(u),h(v)}=∅. As discussed earlier, the number

of hash functions in which h(u) = h(v) is at most |H|/(4f). Thus the number of sets which contain

both uand vbut do not contain any element of Fis at least

|H| 1

2−1

4f·1≥3

8|H|

as claimed.

5.2 The Algorithm and Analysis

Our deterministic algorithm is the same as Algorithm 2, except:

1. Instead of sampling O(f3log n) sets, we use the above construction to create O(|H|f2) sets

which obey Lemma 5.3,

2. We set the threshold τto c3/c2, i.e., we add eto the spanner if Pe≥c3/c2(where c2and c3

are the constants from Lemma 5.3).

We now prove correctness and size bounds in essentially the same way as in the randomized

algorithm. They just hold deterministically rather than with high probability.

Lemma 5.4. This algorithm returns an f-VFT (2k−1)-spanner.

Proof. Let e={u, v}. As with our proofs of correctness of Algorithms 1 and 2, by Lemma 2.2 we

just need to show that if when the algorithm considers ethere is a fault set Fwhich is bad for e

(i.e., |F| ≤ fand dH\F(u, v)>(2k−1)w(e)), then the algorithm adds eto H.

Note that for any i∈[α] where e⊆Vibut F∩Vi=∅, we have dHi(u, v)>(2k−1)w(e) (since

removing Fis enough to make the distance too large) and hence there is no (2k−1)-hop path from

uto vin Hi(since we consider the edges in nondecreasing weight order). This implies that our

reachability query from (u, 1) to (v, 2k) in H2k

iwill return NO. Thus by Lemma 5.3, Pe≥c3|H|

c2|H| =τ,

and so the algorithm will add eto the spanner. Lemma 2.2 then implies the theorem.

16

We can now prove our size bound.

Lemma 5.5. |E(H)| ≤ O(f1−1/kn1+1/k).

Proof. We use randomness in our analysis in the same way it was used in the proof of Lemma 4.3,

but note that the algorithm itself is deterministic.

Choose an i∈[α] uniformly at random, and let H′=Hi. Then for each (2k)-cycle in H′,

remove the heaviest edge to get H′′.

By part 1 of Lemma 5.3, we know that |V(H′′)| ≤ O(n/f). Since H′′ has no (2k)-cycles, this

implies that

|E(H′′)| ≤ O(n/f )1+1/k .(5)

Fix some e={u, v} ∈ E(H). Then the third property of Lemma 5.3 (with F=∅) implies

that Pr[e∈H′]≥Ω(|H|/(|H|f2)) = Ω(1/f2). Conditioned on this, efails to survive to H′′ only

if it was the heaviest edge on some (2k)-cycle in H′. Since the algorithm considers the edges in

nondecreasing weight order, eis the heaviest edge on some (2k)-cycle if and only if when it was

added by the algorithm the hop-distance between uand vin H′was at most 2k−1.

The probability of this happening (conditioned on ebeing in H′) is by deﬁnition equal to 1−Pe,

and so the probability that edoes survive to H′′ (conditioned on being in H′) is precisely Pe. Since

ewas added by the algorithm we know that Pe≥c3/c2, and thus the probability that esurvives

to H′′ (conditioned on being in H′) is at least c3/c2.

Hence

E[|E(H′′)|]≥ |E(H)| · Ω(1/f 2)·(c3/c2)≥Ω(|E(H)|/f 2) (6)

Combining (5) and (6) implies that

|E(H)| ≤ O(f2·(n/f)1+1/k) = O(f1−1/kn1+1/k )

as claimed.

We now analyze the running time. Clearly it depends on |H|, but for now we will leave this as

a parameter.

Lemma 5.6. The running time of the deterministic algorithm is at most

˜

Of−1/kn2+1/k |H| +m|H|f.

Proof. We proceed as in Lemma 4.5 by ﬁrst analyzing the preprocessing, and assuming without

loss of generality that m≥f1−1/kn1+1/k ≥f n.

Our set system has O(|H|f2) sets. For each hash function in H, we can create the fbuckets in

˜

O(n) time (by evaluating the hash function on each vertex in ˜

O(1) time). Then we can build each

of the Θ(f2) sets for that function in time O(n/f ), so the time to create all of the Θ(|H|f2) sets is

˜

O(|H|fn). Creating the layered graphs takes additional O(|H|f2(n/f)k) = O(|H|nfk) = O(mk|H|)

time. Initializing all O(|H|f2) data structures from Theorem 4.1 and inserting the initial edges

takes time O(|H|f2·(kn/f)2) = O(k2n2|H|) = ˜

O(f−1/kn2+1/k |H|). As in the analysis of the fast

randomized algorithm (Lemma 4.5), while creating the sets we can record for each vertex a sorted

list of which sets it is in, and then can create each Leset by simple set intersection. Since each

vertex is in O(|H|f) sets, this takes time O(m|H|f).

Thus our total preprocessing time is ˜

O(f−1/kn2+1/k |H| +m|H|f).

We now analyze the main greedy loop. For every e={u, v} ∈ E, the algorithm performs

a connectivity query in |Le| ≤ O(|H|) of the layered subgraphs. By Theorem 4.1, this takes

17

O(m|H|) total time. When we decide to add an edge eto the spanner (which happens at most

O(f1−1/kn1+1/k ) times by Lemma 5.5), we have to do O(k) insertions into each of the O(|Le|) =

O(|H|) layered graphs in Le. The amortized cost of each insertion is O(kn/f ) by Theorem 4.1 (since

the number of nodes in each layered graph is O(kn/f) by Lemma 5.3), and hence the total time

of all insertions is O(f1−1/kn1+1/k(kn/f)k|H|) = O(k2f−1/kn2+1/k |H|). This is asymptotically

larger than m|H| since m < n2and f < n, and hence the running time of the main loop is

O(k2f−1/kn2+1/k |H|).

This now ﬁnally allows us to prove Theorem 1.2, which we restate here for clarity.

Theorem 1.2. There is a deterministic algorithm which constructs an f-VFT (2k−1) spanner

with at most O(f1−1/kn1+1/k )edges in time ˜

O(f4−1/kn2+1/k +mf 5), and if f=poly(n)(i.e.,

f≥ncfor some constant c > 0) then the running time improves to ˜

O(f1−1/kn2+1/k +mf 2)

Proof. The fault tolerance and size bounds are from Lemmas 5.4 and 5.5. Using Lemma 5.6

with the almost universal construction of Theorem 5.1 (with δ= 2) gives a running time of

˜

O(k2f−1/kn2+1/k f4+mf 5) = ˜

O(f4−1/kn2+1/k +mf 5).

On the other hand, if f≥ncfor some constant c > 0 then we want to use the almost universal

construction of Theorem 5.2. But as discussed earlier, we have to be a little careful since if we

use this construction then the range is a function of δbut δis also a function of the range. So we

need to show that we can set δso that it is a constant and the range is [4δf ] (since that is the

construction we used). We ﬁrst set δ=log n

log f≤1/c and set the range of the hash family to be 4δf.

Then if we use Theorem 5.2 with this range, the theorem implies that this is a δ′=log n

log(4δf )-almost

universal family. But δ′is clearly at most δ, and hence it is also a δ-almost universal family. So

we have, as required, a δ-almost universal family with range [4δf ] where δ≤1/c is a constant.

When we use this family, Lemma 5.6 implies that the running time is ˜

O(k2f−1/kn2+1/k f+mf 2) =

˜

O(f1−1/kn2+1/k +mf 2).

6 Conclusion and Open Questions

In this paper we gave the ﬁrst polynomial-time algorithm to construct optimal-size vertex fault-

tolerant spanners. Our algorithm, after being optimized for running time, is also signiﬁcantly

faster than the previous best (non-optimal) polynomial time algorithm. We also derandomized

our algorithm to get a deterministic algorithm, which is always polynomial time and, in the most

interesting regime of fbeing polynomial in n, is just as fast (ignoring polylogarithmic factors) as

our randomized algorithm.

There are still a number of tantalizing open problems involving fault tolerant spanners. Algo-

rithmically, while we signiﬁcantly optimized the running time to make it surprisingly eﬃcient, even

in the regime f=O(1) it is still not as fast the fastest algorithms for non-FT spanners (e.g., [BS07]

which has running time ˜

O(m)). These fast non-FT spanner algorithms are not the greedy algo-

rithm, which seems to be unable to achieve such an eﬃcient running time. Is it possible to compute

optimal-size fault-tolerant spanners in time ˜

O(m)? Similarly, there has been signiﬁcant work on

computing spanners in other models of computation, most notably in distributed and parallel mod-

els (see [BS07, DGP07, DGP07, PY18, BDG+20] for a small sampling of such results). The greedy

algorithm is typically diﬃcult to parallelize or implement eﬃciently distributedly (particularly in

the presence of congestion), so there is the obvious question of computing optimal-size fault tolerant

spanners eﬃciently in these models.

18

Next, we note that while all of our constructions and bounds work as well in the case of edge

faults, they are not known to be optimal. The best-known lower bound on the size of an f-edge

fault tolerant (2k−1) spanner, proved in [BDPW18], is only Ω f1

2(1−1/k)n1+1/krather than

Ωf1−1/kn1+1/k as for vertex faults (for k≥3; for k= 2 the lower bounds are both Ω f1/2n3/2,

and hence the size bounds achieved here are optimal). Closing this gap for general k, by either

giving improved upper bounds or improved lower bounds (or both), is probably the most important

open question about fault-tolerant spanners.

Finally, there are some additional nice properties of the non-faulty greedy algorithm, and it

would be interesting to determine whether these have desirable analogs for FT (slack-)greedy al-

gorithms as well. In particular: the non-FT greedy algorithm gives optimal spanners for several

important graph classes like Euclidean graphs and doubling metrics [LS19], it produces optimal

spanners as measured by lightness [FS20], and there is experimental evidence that it performs

particularly well on graphs encountered in practice [FG05].

Acknowledgements

We would like to thank Xin Li for many helpful discussions about derandomization, and in particular

for pointing us towards message authentication codes.

References

[ABP91] Baruch Awerbuch, Alan Baratz, and David Peleg. Eﬃcient broadcast and light-weight

spanners. Unpublished manuscript, November, 1991.

[ADD+93] Ingo Alth¨ofer, Gautam Das, David P. Dobkin, Deborah Joseph, and Jos´e Soares. On

sparse spanners of weighted graphs. Discrete & Computational Geometry, 9:81–100,

1993.

[AGHP92] Noga Alon, Oded Goldreich, Johan Hstad, and Ren Peralta. Simple constructions

of almost k-wise independent random variables. Random Structures & Algorithms,

3(3):289–304, 1992.

[AP90] Baruch Awerbuch and David Peleg. Network synchronization with polylogarithmic

overhead. In Foundations of Computer Science, 1990. Proceedings., 31st Annual Sym-

posium on, pages 514–522. IEEE, 1990.

[BBG+20] Aaron Bernstein, Jan van den Brand, Maximilian Probst Gutenberg, Danupon

Nanongkai, Thatchaphol Saranurak, Aaron Sidford, and He Sun. Fully-dynamic graph

sparsiﬁers against an adaptive adversary. arXiv preprint arXiv:2004.08432, 2020.

[BDG+20] Amartya Shankha Biswas, Michal Dory, Mohsen Ghaﬀari, Slobodan Mitrovi, and

Yasamin Nazari. Massively parallel algorithms for distance approximation and span-

ners, 2020.

[BDPW18] Greg Bodwin, Michael Dinitz, Merav Parter, and Virginia Vassilevska Williams. Op-

timal vertex fault tolerant spanners (for ﬁxed stretch). In Artur Czumaj, editor, Pro-

ceedings of the Twenty-Ninth Annual ACM-SIAM Symposium on Discrete Algorithms,

SODA 2018, New Orleans, LA, USA, January 7-10, 2018, pages 1884–1900. SIAM,

2018.

19

[BEH+06] Georg Baier, Thomas Erlebach, Alexander Hall, Ekkehard K¨ohler, Heiko Schilling, and

Martin Skutella. Length-bounded cuts and ﬂows. In Michele Bugliesi, Bart Preneel,

Vladimiro Sassone, and Ingo Wegener, editors, Automata, Languages and Program-

ming, pages 679–690, Berlin, Heidelberg, 2006. Springer Berlin Heidelberg.

[BJKS93] J¨urgen Bierbrauer, Thomas Johansson, Gregory Kabatianskii, and Ben Smeets. On

families of hash functions via geometric codes and concatenation. In Proceedings of the

13th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO

93, page 331342, Berlin, Heidelberg, 1993. Springer-Verlag.

[BP19] Greg Bodwin and Shyamal Patel. A trivial yet optimal solution to vertex fault tolerant

spanners. In Proceedings of the 2019 ACM Symposium on Principles of Distributed

Computing, PODC 19, page 541543, New York, NY, USA, 2019. Association for Com-

puting Machinery.

[BS07] Surender Baswana and Sandeep Sen. A simple and linear time randomized algorithm for

computing sparse spanners in weighted graphs. Random Struct. Algorithms, 30(4):532–

563, 2007.

[Che15] Shiri Chechik. Approximate distance oracles with improved bounds. In Proceedings of

the Forty-Seventh Annual ACM Symposium on Theory of Computing, STOC 15, page

110, New York, NY, USA, 2015. Association for Computing Machinery.

[CLPR10] Shiri Chechik, Michael Langberg, David Peleg, and Liam Roditty. Fault tolerant span-

ners for general graphs. SIAM J. Comput., 39(7):3403–3423, 2010.

[CWN16] Shiri Chechik and Christian Wulﬀ-Nilsen. Near-optimal light spanners. In Proceedings

of the Twenty-Seventh Annual ACM-SIAM Symposium on Discrete Algorithms, SODA

16, page 883892, USA, 2016. Society for Industrial and Applied Mathematics.

[CZ04] Artur Czumaj and Hairong Zhao. Fault-tolerant geometric spanners. Discrete & Com-

putational Geometry, 32(2):207–230, 2004.

[dB93] Bert den Boer. A simple and key-economical unconditional authentication scheme. J.

Comput. Secur., 2:65–72, 1993.

[DGP07] Bilel Derbel, Cyril Gavoille, and David Peleg. Deterministic distributed construction

of linear stretch spanners in polylogarithmic time. In Andrzej Pelc, editor, Distributed

Computing, pages 179–192, Berlin, Heidelberg, 2007. Springer Berlin Heidelberg.

[DK11] Michael Dinitz and Robert Krauthgamer. Fault-tolerant spanners: better and sim-

pler. In Proceedings of the 30th Annual ACM Symposium on Principles of Distributed

Computing, PODC 2011, San Jose, CA, USA, June 6-8, 2011, pages 169–178, 2011.

[DP09] Devdatt Dubhashi and Alessandro Panconesi. Concentration of Measure for the Anal-

ysis of Randomized Algorithms. Cambridge University Press, USA, 1st edition, 2009.

[DR20] Michael Dinitz and Caleb Robelle. Eﬃcient and simple algorithms for fault-tolerant

spanners. In Proceedings of the 2020 ACM Symposium on Principles of Distributed

Computing, PODC 20, 2020.

[EEST08] Michael Elkin, Yuval Emek, Daniel A Spielman, and Shang-Hua Teng. Lower-stretch

spanning trees. SIAM Journal on Computing, 38(2):608–628, 2008.

20

[Erd64] Paul Erd˝os. Extremal problems in graph theory. In IN THEORY OF GRAPHS AND

ITS APPLICATIONS, PROC. SYMPOS. SMOLENICE. Citeseer, 1964.

[FG05] Mohammad Farshi and Joachim Gudmundsson. Experimental study of geometric t-

spanners. In European Symposium on Algorithms, pages 556–567. Springer, 2005.

[FS20] Arnold Filtser and Shay Solomon. The greedy spanner is existentially optimal. SIAM

J. Comput., 49(2):429–447, 2020.

[Ita86] G.F. Italiano. Amortized eﬃciency of a path retrieval data structure. Theoretical

Computer Science, 48:273 – 281, 1986.

[KP12] Michael Kapralov and Rina Panigrahy. Spectral sparsiﬁcation via random spanners. In

Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, pages

393–398. ACM, 2012.

[KR09] Bhavana Kanukurthi and Leonid Reyzin. Key agreement from close secrets over un-

secured channels. In Antoine Joux, editor, Advances in Cryptology - EUROCRYPT

2009, pages 206–223, Berlin, Heidelberg, 2009. Springer Berlin Heidelberg.

[LNS98a] Christos Levcopoulos, Giri Narasimhan, and Michiel Smid. Eﬃcient algorithms for

constructing fault-tolerant geometric spanners. In Proceedings of the thirtieth annual

ACM symposium on Theory of computing, pages 186–195. ACM, 1998.

[LNS98b] Christos Levcopoulos, Giri Narasimhan, and Michiel Smid. Eﬃcient algorithms for

constructing fault-tolerant geometric spanners. In Proceedings of the Thirtieth Annual

ACM Symposium on Theory of Computing, pages 186–195. ACM, 1998.

[LS19] Hung Le and Shay Solomon. Truly optimal euclidean spanners. In 2019 IEEE 60th

Annual Symposium on Foundations of Computer Science (FOCS), pages 1078–1100.

IEEE, 2019.

[Luk99] Tamas Lukovszki. New results on fault tolerant geometric spanners. Algorithms and

Data Structures, pages 774–774, 1999.

[NS07] Giri Narasimhan and Michiel Smid. Geometric Spanner Networks. Cambridge Univer-

sity Press, 2007.

[Par19] Merav Parter. Small Cuts and Connectivity Certiﬁcates: A Fault Tolerant Approach.

In Jukka Suomela, editor, 33rd International Symposium on Distributed Computing

(DISC 2019), volume 146 of Leibniz International Proceedings in Informatics (LIPIcs),

pages 30:1–30:16, Dagstuhl, Germany, 2019. Schloss Dagstuhl–Leibniz-Zentrum fuer

Informatik.

[Pel00] David Peleg. Distributed computing: a locality-sensitive approach. SIAM, 2000.

[PS89] David Peleg and Alejandro A. Sch¨aﬀer. Graph spanners. Journal of Graph Theory,

13(1):99–116, 1989.

[PU89a] David Peleg and Jeﬀrey D. Ullman. An optimal synchronizer for the hypercube. SIAM

J. Comput., 18(4):740–747, 1989.

[PU89b] David Peleg and Eli Upfal. A trade-oﬀ between space and eﬃciency for routing tables.

J. ACM, 36(3):510–530, 1989.

21

[PY18] Merav Parter and Eylon Yogev. Congested clique algorithms for graph spanners. In

Ulrich Schmid and Josef Widder, editors, 32nd International Symposium on Distributed

Computing, DISC 2018, New Orleans, LA, USA, October 15-19, 2018, volume 121 of

LIPIcs, pages 40:1–40:18. Schloss Dagstuhl - Leibniz-Zentrum f¨ur Informatik, 2018.

[Tay94] Richard Taylor. An integrity check value algorithm for stream ciphers. In Douglas R.

Stinson, editor, Advances in Cryptology — CRYPTO’ 93, pages 40–48, Berlin, Heidel-

berg, 1994. Springer Berlin Heidelberg.

[TZ05] Mikkel Thorup and Uri Zwick. Approximate distance oracles. Journal of the ACM

(JACM), 52(1):1–24, 2005.

22