Nov 27, 2008 - Fermat's (Little) Theorem np â¡ n (mod p). Proof by induction: 0p â¡ 0 (mod p), and. (n + 1)p. â¡ np + pnpâ1 + p(p â 1). 2 npâ2 + ··· + 1p.
Polynomial Factorisation James Davenport delivered by Russell Bradford
November 27, 2008
The Challenge
The Challenge
Given a polynomial f = Z[x] of degree d, write it as f = f1 (x) . . . fk (x), fi ∈ Z[x] irreducible.
The Challenge
Given a polynomial f = Z[x] of degree d, write it as f = f1 (x) . . . fk (x), fi ∈ Z[x] irreducible. I
The last clause is the sting, otherwise we could just say f is f !
The Challenge
Given a polynomial f = Z[x] of degree d, write it as f = f1 (x) . . . fk (x), fi ∈ Z[x] irreducible. I
The last clause is the sting, otherwise we could just say f is f !
I
(Furthermore, for random f we’d be right ‘with probability 1’.)
The Challenge
Given a polynomial f = Z[x] of degree d, write it as f = f1 (x) . . . fk (x), fi ∈ Z[x] irreducible. I
The last clause is the sting, otherwise we could just say f is f !
I
(Furthermore, for random f we’d be right ‘with probability 1’.)
I
Could generalise to several variables (not hard in theory ).
The Challenge
Given a polynomial f = Z[x] of degree d, write it as f = f1 (x) . . . fk (x), fi ∈ Z[x] irreducible. I
The last clause is the sting, otherwise we could just say f is f !
I
(Furthermore, for random f we’d be right ‘with probability 1’.)
I
Could generalise to several variables (not hard in theory ).
I
Could generalise to other domains, e.g. complex numbers.
What do we know?
I
Square-free decomposition (gcd(f , f 0 ) = so we will assume f is square-free.
Q
repeated factors),
What do we know?
I
Square-free decomposition (gcd(f , f 0 ) = so we will assume f is square-free.
I
The Landau–Mignotte bound on the coefficients of factors of degree d.
Q
repeated factors),
What do we know?
I
Square-free decomposition (gcd(f , f 0 ) = so we will assume f is square-free.
I
The Landau–Mignotte bound on the coefficients of factors of degree d.
I
Hence there are only finitely many possible factors (but 2 O(2d N d ) if the coefficients of f are less than N).
Q
repeated factors),
What do we know?
I
Square-free decomposition (gcd(f , f 0 ) = so we will assume f is square-free.
I
The Landau–Mignotte bound on the coefficients of factors of degree d.
I
Hence there are only finitely many possible factors (but 2 O(2d N d ) if the coefficients of f are less than N).
I
Divisibility hacks can reduce this, but not sufficiently.
Q
repeated factors),
What about working mod p 6= 2?
What about working mod p 6= 2?
I
Assume (always) p does not divide the leading coefficient of f .
What about working mod p 6= 2?
I
Assume (always) p does not divide the leading coefficient of f .
I
If f = gh then fp = gp hp (mod p).
What about working mod p 6= 2?
I
Assume (always) p does not divide the leading coefficient of f .
I
If f = gh then fp = gp hp (mod p).
I
In particular, if fp is irreducible mod p, then f is irreducible over Z.
What about working mod p 6= 2?
I
Assume (always) p does not divide the leading coefficient of f .
I
If f = gh then fp = gp hp (mod p).
I
In particular, if fp is irreducible mod p, then f is irreducible over Z.
I
If p is small, there are many fewer combinations but still exponential in d.
Fermat’s (Little) Theorem np ≡ n
(mod p).
Fermat’s (Little) Theorem np ≡ n
(mod p).
Proof by induction: 0p ≡ 0 (mod p), and p(p − 1) p−2 n + · · · + 1p 2 ≡ np + 1p ≡ n + 1.
(n + 1)p ≡ np + pnp−1 +
Therefore x − n divides x p − n for all n, and so (counting degrees) p
x −x =
p−1 Y
(x − n).
n=0
Idea (Cantor–Zassenhaus) — 1
Idea (Cantor–Zassenhaus) — 1
I
gcd(f , x p − x) = f (1) =
Q
all linear factors of f .
Idea (Cantor–Zassenhaus) — 1
I
gcd(f , x p − x) = f (1) =
I
The case of x itself is obvious, and otherwise
Q
all linear factors of f .
Idea (Cantor–Zassenhaus) — 1
I
gcd(f , x p − x) = f (1) =
I
The case of x itself is obvious, and otherwise Q (1) fa := gcd(f (1) , x (p−1)/2 − 1) = half the linear factors of f at random
I
Q
all linear factors of f .
Idea (Cantor–Zassenhaus) — 1
I
gcd(f , x p − x) = f (1) =
I
The case of x itself is obvious, and otherwise Q (1) fa := gcd(f (1) , x (p−1)/2 − 1) = half the linear factors of f at random Q (1) fb := gcd(f (1) , (x − 1)(p−1)/2 − 1) = half the linear factors of f also at random
I
I
Q
all linear factors of f .
Idea (Cantor–Zassenhaus) — 1
I
gcd(f , x p − x) = f (1) =
I
The case of x itself is obvious, and otherwise Q (1) fa := gcd(f (1) , x (p−1)/2 − 1) = half the linear factors of f at random Q (1) fb := gcd(f (1) , (x − 1)(p−1)/2 − 1) = half the linear factors of f also at random Q (1) (1) gcd(fa , fb ) = a quarter of the linear factors of f , and so on until we have found each linear factor of p.
I
I
I
Q
all linear factors of f .
Idea (Cantor–Zassenhaus) — 2
Idea (Cantor–Zassenhaus) — 2 I
Similarly (but harder to prove)
Note that we want small p for this exercise, since we compute up d/2 to x p (mod f , p).
Idea (Cantor–Zassenhaus) — 2 I I
Similarly (but harder to prove) Q 2 gcd(f /f (1) , x p − x) = f (2) = all irreducible quadratic factors of f .
Note that we want small p for this exercise, since we compute up d/2 to x p (mod f , p).
Idea (Cantor–Zassenhaus) — 2 I I
I
Similarly (but harder to prove) Q 2 gcd(f /f (1) , x p − x) = f (2) = all irreducible quadratic factors of f . Q 2 (2) fa := gcd(f (2) , x (p −1)/2 − 1) = half the quadratic factors of f at random
Note that we want small p for this exercise, since we compute up d/2 to x p (mod f , p).
Idea (Cantor–Zassenhaus) — 2 I I
I
I
Similarly (but harder to prove) Q 2 gcd(f /f (1) , x p − x) = f (2) = all irreducible quadratic factors of f . Q 2 (2) fa := gcd(f (2) , x (p −1)/2 − 1) = half the quadratic factors of f at random Q 2 (2) fb := gcd(f (2) , (x − 1)(p −1)/2 − 1) = half the quadratic factors of f , again at random
Note that we want small p for this exercise, since we compute up d/2 to x p (mod f , p).
Idea (Cantor–Zassenhaus) — 2 I I
I
I
I
Similarly (but harder to prove) Q 2 gcd(f /f (1) , x p − x) = f (2) = all irreducible quadratic factors of f . Q 2 (2) fa := gcd(f (2) , x (p −1)/2 − 1) = half the quadratic factors of f at random Q 2 (2) fb := gcd(f (2) , (x − 1)(p −1)/2 − 1) = half the quadratic factors of f , again at random Q (2) (2) gcd(fa , fb ) = a quarter of the quadratic factors of f , and so on until we have found each quadratic factor of p.
Note that we want small p for this exercise, since we compute up d/2 to x p (mod f , p).
Idea (Cantor–Zassenhaus) — 2 I I
I
I
I
I
Similarly (but harder to prove) Q 2 gcd(f /f (1) , x p − x) = f (2) = all irreducible quadratic factors of f . Q 2 (2) fa := gcd(f (2) , x (p −1)/2 − 1) = half the quadratic factors of f at random Q 2 (2) fb := gcd(f (2) , (x − 1)(p −1)/2 − 1) = half the quadratic factors of f , again at random Q (2) (2) gcd(fa , fb ) = a quarter of the quadratic factors of f , and so on until we have found each quadratic factor of p. And so on for cubic etc. factors.
Note that we want small p for this exercise, since we compute up d/2 to x p (mod f , p).
What’s the modular–integer relationship?
What’s the modular–integer relationship? We could say that a reduction from f to fp = f (mod p) is good if fp factors the same way as f .
What’s the modular–integer relationship? We could say that a reduction from f to fp = f (mod p) is good if fp factors the same way as f . Unfortunately, for some f , all p are bad! Example: x 4 + 1.
What’s the modular–integer relationship? We could say that a reduction from f to fp = f (mod p) is good if fp factors the same way as f . Unfortunately, for some f , all p are bad! Example: x 4 + 1. p = 2 x 4 + 1 = (x + 1)4 .
What’s the modular–integer relationship? We could say that a reduction from f to fp = f (mod p) is good if fp factors the same way as f . Unfortunately, for some f , all p are bad! Example: x 4 + 1. p = 2 x 4 + 1 = (x + 1)4 . p = 4k + 1 In this case, −1 = q 2 . This gives us the factorisation x 4 + 1 = (x 2 − q)(x 2 + q).
What’s the modular–integer relationship? We could say that a reduction from f to fp = f (mod p) is good if fp factors the same way as f . Unfortunately, for some f , all p are bad! Example: x 4 + 1. p = 2 x 4 + 1 = (x + 1)4 . p = 4k + 1 In this case, −1 = q 2 . This gives us the factorisation x 4 + 1 = (x 2 − q)(x 2 + q). p = 8k ± 1 In this case, 2 = q 2 . This gives us the factorisation x 4 + 1 = (x 2 − (2/q)x + 1)(x 2 + (2/q)x + 1).
What’s the modular–integer relationship? We could say that a reduction from f to fp = f (mod p) is good if fp factors the same way as f . Unfortunately, for some f , all p are bad! Example: x 4 + 1. p = 2 x 4 + 1 = (x + 1)4 . p = 4k + 1 In this case, −1 = q 2 . This gives us the factorisation x 4 + 1 = (x 2 − q)(x 2 + q). p = 8k ± 1 In this case, 2 = q 2 . This gives us the factorisation x 4 + 1 = (x 2 − (2/q)x + 1)(x 2 + (2/q)x + 1). p = 8k + 3 In this case, −2 = q 2 , and x 4 + 1 = (x 2 − (2/q)x − 1)(x 2 + (2/q)x − 1).
What’s the modular–integer relationship? We could say that a reduction from f to fp = f (mod p) is good if fp factors the same way as f . Unfortunately, for some f , all p are bad! Example: x 4 + 1. p = 2 x 4 + 1 = (x + 1)4 . p = 4k + 1 In this case, −1 = q 2 . This gives us the factorisation x 4 + 1 = (x 2 − q)(x 2 + q). p = 8k ± 1 In this case, 2 = q 2 . This gives us the factorisation x 4 + 1 = (x 2 − (2/q)x + 1)(x 2 + (2/q)x + 1). p = 8k + 3 In this case, −2 = q 2 , and x 4 + 1 = (x 2 − (2/q)x − 1)(x 2 + (2/q)x − 1).
What’s the modular–integer relationship? We could say that a reduction from f to fp = f (mod p) is good if fp factors the same way as f . Unfortunately, for some f , all p are bad! Example: x 4 + 1. p = 2 x 4 + 1 = (x + 1)4 . p = 4k + 1 In this case, −1 = q 2 . This gives us the factorisation x 4 + 1 = (x 2 − q)(x 2 + q). p = 8k ± 1 In this case, 2 = q 2 . This gives us the factorisation x 4 + 1 = (x 2 − (2/q)x + 1)(x 2 + (2/q)x + 1). p = 8k + 3 In this case, −2 = q 2 , and x 4 + 1 = (x 2 − (2/q)x − 1)(x 2 + (2/q)x − 1). The example can be generalised to irreducible polynomials of degree 2k which factor into quadratics/linears only modulo every prime.
Unlucky primes can tell us things
Unlucky primes can tell us things
Suppose f has degree 4. There are many ways in which it could factor, e.g. two quadratics, a quadratic and two linears, . . . , or be irreducible.
Unlucky primes can tell us things
Suppose f has degree 4. There are many ways in which it could factor, e.g. two quadratics, a quadratic and two linears, . . . , or be irreducible. If, modulo p, it factors as two quadratics, then the only options over the integers are ‘two quadratics’ or ‘irreducible’.
Unlucky primes can tell us things
Suppose f has degree 4. There are many ways in which it could factor, e.g. two quadratics, a quadratic and two linears, . . . , or be irreducible. If, modulo p, it factors as two quadratics, then the only options over the integers are ‘two quadratics’ or ‘irreducible’. If, modulo q, it factors as ‘cubic and linear’, then the only options over the integers are ‘cubic and linear’ or ‘irreducible’.
Unlucky primes can tell us things
Suppose f has degree 4. There are many ways in which it could factor, e.g. two quadratics, a quadratic and two linears, . . . , or be irreducible. If, modulo p, it factors as two quadratics, then the only options over the integers are ‘two quadratics’ or ‘irreducible’. If, modulo q, it factors as ‘cubic and linear’, then the only options over the integers are ‘cubic and linear’ or ‘irreducible’. So if both happen, the only option is ‘irreducible’, which we can deduce even though both p and q are ‘bad’.
Unlucky primes can tell us things
Suppose f has degree 4. There are many ways in which it could factor, e.g. two quadratics, a quadratic and two linears, . . . , or be irreducible. If, modulo p, it factors as two quadratics, then the only options over the integers are ‘two quadratics’ or ‘irreducible’. If, modulo q, it factors as ‘cubic and linear’, then the only options over the integers are ‘cubic and linear’ or ‘irreducible’. So if both happen, the only option is ‘irreducible’, which we can deduce even though both p and q are ‘bad’. Experimentally, if we can deduce irreducibility at all, we can do it with five primes.
Unlucky primes can tell us things
Suppose f has degree 4. There are many ways in which it could factor, e.g. two quadratics, a quadratic and two linears, . . . , or be irreducible. If, modulo p, it factors as two quadratics, then the only options over the integers are ‘two quadratics’ or ‘irreducible’. If, modulo q, it factors as ‘cubic and linear’, then the only options over the integers are ‘cubic and linear’ or ‘irreducible’. So if both happen, the only option is ‘irreducible’, which we can deduce even though both p and q are ‘bad’. Experimentally, if we can deduce irreducibility at all, we can do it with five primes. (Theoretical arguments suggest 5 + O(log log d), but who cares?)
But even if we had lucky primes . . .
But even if we had lucky primes . . . We remember the Chinese Remainder Theorem (CRT).
But even if we had lucky primes . . . We remember the Chinese Remainder Theorem (CRT). Suppose p and q are both lucky, and f factors as g1 g2 g3 mod p and h1 h2 h3 mod q. Assume all of same degree.
But even if we had lucky primes . . . We remember the Chinese Remainder Theorem (CRT). Suppose p and q are both lucky, and f factors as g1 g2 g3 mod p and h1 h2 h3 mod q. Assume all of same degree. Then f factors as CRT(g1 , h1 ) CRT(g2 , h2 ) CRT(g3 , h3 ) modulo pq.
But even if we had lucky primes . . . We remember the Chinese Remainder Theorem (CRT). Suppose p and q are both lucky, and f factors as g1 g2 g3 mod p and h1 h2 h3 mod q. Assume all of same degree. Then f factors as CRT(g1 , h1 ) CRT(g2 , h2 ) CRT(g3 , h3 ) modulo pq. But it also factors as CRT(g1 , h2 ) CRT(g2 , h3 ) CRT(g3 , h1 ) modulo pq.
But even if we had lucky primes . . . We remember the Chinese Remainder Theorem (CRT). Suppose p and q are both lucky, and f factors as g1 g2 g3 mod p and h1 h2 h3 mod q. Assume all of same degree. Then f factors as CRT(g1 , h1 ) CRT(g2 , h2 ) CRT(g3 , h3 ) modulo pq. But it also factors as CRT(g1 , h2 ) CRT(g2 , h3 ) CRT(g3 , h1 ) modulo pq. And as CRT(g1 , h1 ) CRT(g2 , h3 ) CRT(g3 , h2 ) modulo pq, and so on.
But even if we had lucky primes . . . We remember the Chinese Remainder Theorem (CRT). Suppose p and q are both lucky, and f factors as g1 g2 g3 mod p and h1 h2 h3 mod q. Assume all of same degree. Then f factors as CRT(g1 , h1 ) CRT(g2 , h2 ) CRT(g3 , h3 ) modulo pq. But it also factors as CRT(g1 , h2 ) CRT(g2 , h3 ) CRT(g3 , h1 ) modulo pq. And as CRT(g1 , h1 ) CRT(g2 , h3 ) CRT(g3 , h2 ) modulo pq, and so on. In fact, the polynomials modulo pq do not have unique factorisation.
But even if we had lucky primes . . . We remember the Chinese Remainder Theorem (CRT). Suppose p and q are both lucky, and f factors as g1 g2 g3 mod p and h1 h2 h3 mod q. Assume all of same degree. Then f factors as CRT(g1 , h1 ) CRT(g2 , h2 ) CRT(g3 , h3 ) modulo pq. But it also factors as CRT(g1 , h2 ) CRT(g2 , h3 ) CRT(g3 , h1 ) modulo pq. And as CRT(g1 , h1 ) CRT(g2 , h3 ) CRT(g3 , h2 ) modulo pq, and so on. In fact, the polynomials modulo pq do not have unique factorisation. In general, there may be exponentially many combinations, one of which may be right.
A new idea — Hensel’s Lemma (linear)
A new idea — Hensel’s Lemma (linear)
Given a factorisation of (square-free) f modulo p, compute factorisations modulo p 2 , . . . p k > 2*Landau–Mignotte.
A new idea — Hensel’s Lemma (linear)
Given a factorisation of (square-free) f modulo p, compute factorisations modulo p 2 , . . . p k > 2*Landau–Mignotte. Details in ‘old’ book p. 167 et seq..
A new idea — Hensel’s Lemma (linear)
Given a factorisation of (square-free) f modulo p, compute factorisations modulo p 2 , . . . p k > 2*Landau–Mignotte. Details in ‘old’ book p. 167 et seq.. Once we have this, then (if p is good) we have the factorisation.
A new idea — Hensel’s Lemma (linear)
Given a factorisation of (square-free) f modulo p, compute factorisations modulo p 2 , . . . p k > 2*Landau–Mignotte. Details in ‘old’ book p. 167 et seq.. Once we have this, then (if p is good) we have the factorisation. If not, we have to try combining factors: if f ≡ f1 f2 . . . fk (mod p k ) but fi does not divide f over Z, try if f1 f2 divides f , or f1 f3 or . . . .
A new idea — Hensel’s Lemma (linear)
Given a factorisation of (square-free) f modulo p, compute factorisations modulo p 2 , . . . p k > 2*Landau–Mignotte. Details in ‘old’ book p. 167 et seq.. Once we have this, then (if p is good) we have the factorisation. If not, we have to try combining factors: if f ≡ f1 f2 . . . fk (mod p k ) but fi does not divide f over Z, try if f1 f2 divides f , or f1 f3 or . . . . Potentially exponentially many combinations!
A new idea — Hensel’s Lemma (linear)
Given a factorisation of (square-free) f modulo p, compute factorisations modulo p 2 , . . . p k > 2*Landau–Mignotte. Details in ‘old’ book p. 167 et seq.. Once we have this, then (if p is good) we have the factorisation. If not, we have to try combining factors: if f ≡ f1 f2 . . . fk (mod p k ) but fi does not divide f over Z, try if f1 f2 divides f , or f1 f3 or . . . . Potentially exponentially many combinations! Quick hacks (Abbott, Bradford, Davenport) can drastically reduce the cost of each trial.
A new idea — Hensel’s Lemma (linear)
Given a factorisation of (square-free) f modulo p, compute factorisations modulo p 2 , . . . p k > 2*Landau–Mignotte. Details in ‘old’ book p. 167 et seq.. Once we have this, then (if p is good) we have the factorisation. If not, we have to try combining factors: if f ≡ f1 f2 . . . fk (mod p k ) but fi does not divide f over Z, try if f1 f2 divides f , or f1 f3 or . . . . Potentially exponentially many combinations! Quick hacks (Abbott, Bradford, Davenport) can drastically reduce the cost of each trial. Better hacks (Abbott, Shoup, Zimmermann) can rule out bunches of possibilities.
theory versus practice
theory versus practice In theory, this process is still exponential in d, whatever hacks we use.
theory versus practice In theory, this process is still exponential in d, whatever hacks we use. Which is tedious, because getting to the factorisation modulo p k is O(d 3 k 2 ) (Landau–Mignotte tells us that k = O(d)).
theory versus practice In theory, this process is still exponential in d, whatever hacks we use. Which is tedious, because getting to the factorisation modulo p k is O(d 3 k 2 ) (Landau–Mignotte tells us that k = O(d)). An alternative (Lenstra–Lenstra–Lov´asz), takes a single factor fi mod p k , and produce that g of degree d 0 which: I
is divisible by fi mod p k ;
theory versus practice In theory, this process is still exponential in d, whatever hacks we use. Which is tedious, because getting to the factorisation modulo p k is O(d 3 k 2 ) (Landau–Mignotte tells us that k = O(d)). An alternative (Lenstra–Lenstra–Lov´asz), takes a single factor fi mod p k , and produce that g of degree d 0 which: I
is divisible by fi mod p k ;
I
divides f over Z
theory versus practice In theory, this process is still exponential in d, whatever hacks we use. Which is tedious, because getting to the factorisation modulo p k is O(d 3 k 2 ) (Landau–Mignotte tells us that k = O(d)). An alternative (Lenstra–Lenstra–Lov´asz), takes a single factor fi mod p k , and produce that g of degree d 0 which: I
is divisible by fi mod p k ;
I
divides f over Z
theory versus practice In theory, this process is still exponential in d, whatever hacks we use. Which is tedious, because getting to the factorisation modulo p k is O(d 3 k 2 ) (Landau–Mignotte tells us that k = O(d)). An alternative (Lenstra–Lenstra–Lov´asz), takes a single factor fi mod p k , and produce that g of degree d 0 which: I
is divisible by fi mod p k ;
I
divides f over Z
If we do increasing order of d 0 , we are guaranteed that g is irreducible.
theory versus practice In theory, this process is still exponential in d, whatever hacks we use. Which is tedious, because getting to the factorisation modulo p k is O(d 3 k 2 ) (Landau–Mignotte tells us that k = O(d)). An alternative (Lenstra–Lenstra–Lov´asz), takes a single factor fi mod p k , and produce that g of degree d 0 which: I
is divisible by fi mod p k ;
I
divides f over Z
If we do increasing order of d 0 , we are guaranteed that g is irreducible. Polynomial time, but O(d 6 k 4 ) (i.e. O(d 10 )).
theory versus practice In theory, this process is still exponential in d, whatever hacks we use. Which is tedious, because getting to the factorisation modulo p k is O(d 3 k 2 ) (Landau–Mignotte tells us that k = O(d)). An alternative (Lenstra–Lenstra–Lov´asz), takes a single factor fi mod p k , and produce that g of degree d 0 which: I
is divisible by fi mod p k ;
I
divides f over Z
If we do increasing order of d 0 , we are guaranteed that g is irreducible. Polynomial time, but O(d 6 k 4 ) (i.e. O(d 10 )). In practice no-one uses it.
