arxiv: v3 [math.nt] 25 May 2016

Transcription

1 ON REDUED ARAKELOV DIVISORS OF REAL QUADRATI FIELDS HA THANH NGUYEN TRAN arxiv:4.5043v3 [math.nt] 5 May 06 Abstract. We generalize the concept of reduced Arakelov divisors and define - reduced divisors for a given number. These -reduced divisors have remarkable properties which are similar to the properties of reduced ones. In this paper, we describe an algorithm to test whether an Arakelov divisor of a real quadratic field F is -reduced in time polynomial in log F with F the discriminant of F. Moreover, we give an example of a cubic field for which our algorithm does not work.. Introduction The idea of infrastructure of real quadratic fields of Shanks in [] was modified and extended by Lenstra [5], Schoof [9] and Buchmann and Williams [] to certain number fields. Finally, it was generalized to arbitrary number fields by Buchmann []. In 008, Schoof [0] gave the first description of infrastructure in terms of reduced Arakelov divisors and the Arakelov class group Pic 0 F of a general number field F. Reduced Arakelov divisors can be used for computing Pic 0 F. They form a finite and regularly distributed set in this topological group [0, Propostion 7., Theorem 7.4 and 7.7]. omputing Pic 0 F is of interest because knowing this group is equivalent to knowing the class group and the unit group of F (see [6] and [0]). Schoof proposed two algorithms which run in polynomial time in log F with F the discriminant of F [0, Algorithm 0.3]: the testing algorithm to check whether a given Arakelov divisor D is reduced, and the reduction algorithm to compute a reduced Arakelov divisor that is close to a given divisor D in Pic 0 F. However, the reduction algorithm requires finding a shortest vector of the lattice associated to the Arakelov divisor, while finding a reasonably short vector using the LLL algorithm is much faster and easier than finding a shortest vector. This leads to modifications and generalizations of the definition of reduced Arakelov divisors. One of the generalizations, which we call -reduced Arakelov divisors, comes from the reduction algorithm of Schoof [0, Algorithm 0.3]. With this definition, -reduced Arakelov divisors are reduced in the usual sense when =, and Arakelov divisors that are reduced in the usual sense are -reduced with = n (see [0]). -reduced divisors still form a finite and regularly distributed set in Pic 0 F, just like the reduced divisors. This modification, however, has a drawback, since for general number fields it is not known how to test whether a given divisor is -reduced. urrently, we have a testing Key words and phrases. Arakelov, divisor, reduced.

2 HA THANH NGUYEN TRAN algorithm to do this only for real quadratic fields, in time polynomial in log ( F ). It is the main result of this paper, presented in Section 4. In Section, we discuss -reduced Arakelov divisors in an arbitrary number field. Section 3 is devoted to the properties of -reduced fractional ideals of real quadratic fields. An example of real cubic fields in which the testing algorithm is no longer efficient is given in Section 5.. -reduced Arakelov divisors In this section, we introduce -reduced Arakelov divisors of number fields. Let F be a number field of degree n and r, r the numbers of real and complex infinite primes (or infinite places) of F, respectively. Let F R := F Q R R. σ real σ complex Here σ s are the infinite primes of F. Then F R is an étale R-algebra with the canonical Euclidean structure given by the scalar product u, v := Tr(uv) for u = (u σ ) σ, v = (v σ ) σ F R. In particular, in terms of coordinates, we have u = Tr(uu) = u σ + u σ, for any u = (u σ ) σ F R. σ real σ complex The norm of an element u = (u σ ) σ of F R is defined by N(u) := u σ u σ. σ real σ complex Definition.. An Arakelov divisor is a formal finite sum D = p n p p + σ where p runs over the nonzero prime ideals in O F and σ runs over the infinite primes of F, with n p Z but x σ R. To each divisor D we associate the Hermitian line bundle (I, u) where I = p p np is a fractional ideal in F and u = (e xσ ) σ is a vector in σ R >0 F R. There is a natural way to associate an ideal lattice to D. Indeed, I is embedded into F R by the infinite primes σ. Each element g of I is mapped to the vector (σ(g)) σ in F R. Since the vector ug := (u σ σ(g)) σ F R, we can define In terms of coordinates, we have g D = σ real g D := ug. u σ σ(g) + x σ σ σ complex u σ σ(g). With this metric, I becomes an ideal lattice in F R. We call I the ideal lattice associated to D. The vector u has the role of a metric for I. Hence we make the following definition.

3 ON REDUED ARAKELOV DIVISORS OF REAL QUADRATI FIELDS 3 Definition.. Let I be a fractional ideal in F and let u be in FR. The length of an element g of I with respect to the metric u is defined by g u := ug. Definition.3. Let I be a fractional ideal. Then is called primitive in I if belongs to I and it is not divisible by any integer. Definition.4. Let. A fractional ideal I is called -reduced if: is primitive in I. There exists a metric u σ R >0 such that u g u for all g I\{0}. Remark.5. The second condition of Definition.4 is equivalent to saying that there exists a metric u such that with respect to this metric, the vector scaled by the scalar is a shortest vector in the lattice I. Definition.6. Let I be a fractional ideal in F. The Arakelov divisor d(i) is defined to be associated with the Hermitian line bundle (I, u) where u = (u σ ) σ with u σ = N(I) /n for all σ. Definition.7. An Arakelov divisor D is called -reduced if it has the form D = d(i) for some -reduced fractional ideal I. Now we prove the following lemma. Lemma.8. Let I be a fractional ideal. If I is -reduced then the inverse I of I is an integral ideal and its norm is at most n F where F = (/π) r F. Proof. Since I, we have I O F. Then L = N(I) /n I is a lattice of covolume F [0, Section 4]. onsider the symmetric, convex and bounded subset of F R, S = {(x σ ) σ : x σ < /n F for all σ}. For real σ, the segment x σ < /n F in R has length /n F. For complex σ, the disc x σ < /n F in has area π( /n F ). Thus, vol(s) = ( /n F )r (π( /n F ) ) r = r (π) r F = n covol(l). By Minkowski s theorem, there is a nonzero element f I such that N(I) /n σ(f) /n F for all σ. Since I is -reduced, there exists a metric u such that u f u. This implies that u u max σ σ(f) u /n F N(I)/n. Hence N(I ) n F. Remark.9. In this paper, given a fractional ideal I, we assume that it is represented by a matrix with rational entries as in [7, Section 4] and [6, Section ]. Without loss of generality, we can also assume that the length of the input is polynomial in log F. By Lemma.8, to test whether I is -reduced, first we can check that N(I) n F. We have the following.

4 4 HA THANH NGUYEN TRAN Lemma.0. Testing N(I) n F can be done in time polynomial in log F. Proof. Let M be the matrix representation of I. Since we know that N(I) = F / covol(i), it is sufficient to check that det(m) = covol(i) > (π/) r n. Recall that the determinant of the matrix M can be computed in time polynomial [8, Section ]. This reason and Remark.9 imply that testing N(I) n F can be done in time polynomial in log F. Regarding the primitiveness of in I, we have the result below. Lemma.. Let and let I be a fractional ideal containing with N(I) n F. Then testing whether or not is primitive can be done in time polynomial in log F. Proof. Let {c,..., c n } be an LLL-reduced Z-basis of O F and {b,..., b n } be an LLLreduced Z-basis of I. Since I, we obtain I O F and so b i O F for all i. Then for each i =,..., n, there exist the integers k ij with j =,..., n for which b i = i k ijc j. Thus, there is an integer d such that /d I if and only if I do F. This is equivalent to d k ij for all i, j. In other words, d gcd(k ij, i, j n). In conclusion, is primitive in I if and only if gcd(k ij, i, j n) =. Since N(I) n F, an LLL-reduced Z-basis of I, the coefficients k ij and gcd(k ij, i, j n) can be computed in polynomial time in log F. In other words, testing the primitiveness of can be done in time polynomial in log F. By Lemma., we know how to test the first condition of Definition.4. From now on, we only consider the second condition of this definition. Remark.. Note that if u σ R >0 satisfies the second condition of Definition.4, then u = ( u σ /N(u) /n) σ σ R >0 still satisfies that condition and N(u ) =. Therefore, we can always assume that N(u) = from now on. Proposition.3. Let I be a fractional ideal and u be a vector satisfying the second condition of Definition.4 with N(u) =. Then u n(/π) r /n covol(i) /n. Proof. Let L = ui := {uf = (u σ σ(f)) σ : f I} F R. Then L is a lattice with metric inherited from F R (see [0]). Since N(u) =, the lattice L has covolume equal to covol(i). onsider the symmetric, convex and bounded subset S of F R S = {(x σ ) : x σ < (/π) r /n covol(i) /n for all σ}. We have vol(s) = r (π) r (/π) r covol(i) = n covol(l). By Minkowski s theorem, there is a nonzero element f I such that u σ σ(f) (/π) r /n covol(i) /n for all σ.

5 ON REDUED ARAKELOV DIVISORS OF REAL QUADRATI FIELDS 5 So uf n(/π) r/n covol(i) /n. Because u satisfies the second condition of Definition.4, we have u uf. The proposition is then proved. 3. -reduced Arakelov divisors of real quadratic fields In this part, fix and a real quadratic field F with the discriminant F, we will describe what -reduced ideals look like, and we will investigate their properties. Here and in the rest of the paper, we often identify an element g of fractional ideals with its image (σ(g)) σ F R. Thus, elements of fractional ideals of real quadratic fields have the form g = (g, g ) F R = R. Remark 3.. Let F be an imaginary quadratic field and let I be a fractional ideal of F. Then an element g I can be identified with its image g F R =. The second condition of Definition.4 is equivalent to: there exists u R >0 such that u ug for all g I\{0}. Since u is a positive real number, this is equivalent to that / g for all g I\{0}. In other words, the shortest vectors of I have length at least /. In addition, the first vector in an LLL reduced basis of I is also its shortest vector; finding this vector can also be done in polynomial time. This together with Lemma. shows that whether a given ideal of an imaginary quadratic field is -reduced can be tested easily and in polynomial time. Therefore, in this section, we only consider -reduced ideals of real quadratic fields. 3.. A geometrical view of reduced ideals in real quadratic cases. We have F R = R. Let I be a fractional ideal of F and S be the square centered at the origin of F R which has a vertex (/, /). We have the following result. Proposition 3.. The second condition in Definition.4 can be restated as follows. There exists an ellipse E 4, centered at the origin and passing through the vertices of S, whose interior does not contain any nonzero points of the lattice I. Proof. It is easy to see by writing down the condition u uf in terms of the coordinates of u and f. Proposition 3.3. If I has some nonzero element in the square S then the ellipse E 4 described in Proposition 3. does not exist. On the other hand, E 4 exists when the shortest vectors of I have length at least /. Proof. For the first case, we assume that there is a nonzero element g of I in the square S. Since S is inside E 4, so is g (see Figure ). In the second case, we can take for E 4 the circle E centered at the origin and of radius /. Because the shortest vectors of I are outside E, all the nonzero elements of I are outside E 4 (see Figure ). Remark 3.4. Proposition 3.3 does not show whether the ellipse E 4 exists or not in case the shortest vectors of I are inside the circle E, and I has no nonzero element in the square S (see Figure 3). We will discuss this case in the next sections.

6 6 HA THANH NGUYEN TRAN E b E b b b S S Figure. The shortest vectors of I are inside the square S. Figure. The shortest vectors of I are outside the circle E. E b b S Figure 3. The shortest vectors of I are inside E and I has no nonzero element in S. 3.. Some properties of -reduced ideals in real quadratic fields. In this section, as mentioned in Remark 3.4, we always assume that I satisfies the conditions ( ) as follows. ) is primitive in I. ) I has no nonzero element in the square ( ) S = {(x, x ) R : x / and x / and x + x < / }. 3) A shortest vector f of I has length / < f < /.

7 ON REDUED ARAKELOV DIVISORS OF REAL QUADRATI FIELDS 7 Moreover, by Remark., we can assume that the vector u in Definition.4 has the form u = (α, α) (R >0 ) F R for some α R >0. Let {b = (b,, b, ), b = (b,, b, )} be an LLL-basis of I. Then b = f <. We denote by {b, b } the Gram-Schmidt orthogonalization of the basis {b, b }. Let G = {g I : (g ) (g ) < 0 and g < 4 π covol(i)}. We also set G = {g G : g < 0} and G = {g G : g < 0}. So, we obtain G = G G. For each g G, we define Then denote (3.) B min = (3.) B max = B(g) := { ( ) g /4. g if G = max {B(g) : g G } if G. { if G = min {B(g) : g G } if G. Let G = {g G : B(g) = B max or B(g) = B min }. Then because of assumption ( ), the vector b is in G. Thus, G is nonempty. The most important result in this paper is the following proposition. Proposition 3.5. The ideal I is -reduced if and only if B min B max. We prove this proposition after proving some results below. property of the ellipses E 4 described in Section 3.. First, we establish a Proposition 3.6. Assume that E 4 : X + X a = with a a > 0 and a > 0 is an ellipse satisfying the conclusion of Proposition 3.. In other words, E 4 has its center at the origin, passes through the vertices of S and the interior contains no nonzero points of the lattice I. Then: i) The coefficients a and a are bounded by 4 covol(i). π ii) E 4 is inside the circle E 5 of radius 4 covol(i) centered at the origin. π Proof. Since E 4 passes through the vertex (/, /) of S, its coefficients satisfy a > / and a > /. We also know that vol(e 4 ) = πa a. Hence a = vol(e 4) πa < π vol(e 4).

8 8 HA THANH NGUYEN TRAN E 5 E 4 E b S b Figure 4. ircle E 5 and ellipse E 4. In addition, the ellipse E 4 is a symmetric, convex and bounded set whose interior contains no nonzero points of the lattice I, hence it must have volume less than covol(i) by Minkowski s theorem. As a consequence, a < 4 π covol(i). By symmetry, we also have this bound for a. Thus, the first statement of the proposition is obtained. The second one follows from the first. We have another equivalent condition to Definition.4 as follows. Proposition 3.7. The second condition of Definition.4 is equivalent to the following: there exists a metric u (R >0 ) such that for all g G, we have u g u. Proof. Let g = (g, g ) be a nonzero element of I. If g (4/π) covol(i) then g is outside the circle E 5. By Proposition 3.6, g is also outside any ellipse E 4 (see Figure 4). Using this and the equivalent condition of Proposition 3., we obtain: a vector u satisfies Definition.4 if and only if u ug for all g I\{0} with g < (4/π) covol(i). On the other hand, if g / and g /, then g satisfies u ug for any u (R >0 ). Therefore, it is sufficient to consider the elements g such that g < / or g < / to show the existence of u. Moreover, I contains no nonzero elements of S, so g / {(x, x ) R : x / and x / and x + x < / }. ombining these conditions, we obtain the conclusion. The ideal I with properties ( ) mentioned at the beginning of this section has bounded covolume. Explicitly, we obtain the following. Proposition 3.8. The covolume of I is bounded by /.

9 ON REDUED ARAKELOV DIVISORS OF REAL QUADRATI FIELDS 9 Proof. Since is in I, there exist integers m and m such that = m b + m b. If m = 0 then = m b so /m = b I. Because is primitive in I, we must have m = ±. Thus b = = / for any. This contradicts the fact that the length of the shortest vectors of I is strictly less than /. Hence m 0. We have b m. This leads to the following. covol(i) = b b < =. By this proposition and Proposition 3.6, we obtain the corollary below. orollary 3.9. The coefficients a and a and the radius of the circle E 5 in Proposition 3.6 are bounded by 8/π. In addition, the set G is contained in the finite set {g I : (g / )(g / ) < 0 and g < 8/π}. For a real quadratic field, the Proposition.3 can be restated as below. Proposition 3.0. Assume that u = (α, α) (R >0 ) satisfies the second condition of Definition.4. Then u and therefore < α <. Proof. By Proposition.3, u covol(i) /. By Proposition 3.8, we have covol(i) <, so u. Since α < u and α < u, the conclusion follows. Proof of Proposition 3.5. Let u = (α, α) (R >0 ). Then from u g u, we get α 4 ( g ) ( g ). Thus α B(g) if g G and α B(g) if g G. As is primitive in I, by Proposition 3.7, the ideal I is -reduced if and only if it satisfies the following equivalent conditions: there exists u (R >0 ) such that u g u for all g G, { α B(g) for all g G There exist α R >0 such that α B(g) for all g G { α B min There exists α R >0 such that α B max B max B min. The second equivalence comes from Proposition 3.0 and the definition of B min and B max. Proposition 3.5 and 3.7 motivate a further investigation of properties of the sets G and G. We first establish a special property of the elements in G. Proposition 3.. If g = s b + s b G then s.

10 0 HA THANH NGUYEN TRAN Proof. Let g = s b + s b in G. As in the proof of Proposition 3.8, we get b < / and b. By the properties of LLL-reduced bases, b b. Therefore, 4 covol(i) π = 4 b b π < 4 b. π Now let g be a vector of length equal to the distance from g to the -dimensional vector space R.b. In other words, g = d(g, R.b ) = s b. If s, then then we would have the following contradiction. Thus s. g d(g, R.b ) = g b > 4 b π > 4 π covol(i). In the next proposition, we prove that the cardinality of G is bounded by a number that depends only on but not on I or the number field F. Lemma 3.. The number of vectors in G (up to sign) is less than Proof. Let g G. Then g = s b + s b for some integers s, s. We have b / and g < 8/π (by orollary 3.9). This implies that s ( ) 3 g b < π [7, Section ]. By Proposition 3., we obtain s. onsequently, the number of elements in G (up to sign) is at most 3 ( + ), π which is less than The proposition below gives a property of elements in G. Proposition 3.3. Let g = s b + b G. Then: s or s {t, t } for some integers t t in the interval (, + ). Proof. It is easy to show that b G = G G since b (4/π) covol(i). Here, we only prove the proposition for b G, so 0 < b < / and / < b < /. For b G, it is sufficient to switch b and b. In the first case, by definition of B min, we obtain B(b ) B min. The element g is in G, and it belongs to G or G. If g is in G then 0 < g < / and g > /. Since g G and B(b ) B min, we also have B(b ) B(g). If g > / then B(b ) > B(g), contradicting the previous inequality. So, g /. With this in mind and the properties of LLL-reduced bases [7, Section ], we obtain s ( 3 ) g b < ( 3 ) ( ) = 3 so s.

11 ON REDUED ARAKELOV DIVISORS OF REAL QUADRATI FIELDS b g Figure 5. b is in the doubly-shaded area and g is in the shaded area. If g is in G then g > / and g < /. Since g = s b + b and g < /, the value of s is between / b b and / b b. The fact that 0 < b < / implies that the distance between these numbers / b / b b = b is in the interval (, ). So, there exist two integers t t between these numbers. Moreover, since / < b < / and since b < b (see the proof of Proposition 3.), one can easily see that ±/ b b b < +. Thus, the bounds for s are implied, completing the proof. 4. Test algorithm for real quadratic fields In this section, given, we explain an algorithm to test whether a given fractional ideal I is -reduced for a real quadratic field F in time polynomial in log F with F the discriminant of F. By Proposition 3.5, if we know B min and B max, then we can show the existence of a metric u = (α, α) in Definition.4. In this algorithm, we first find all the possible elements of G = {g G : B(g) = B max or B(g) = B min } and then compute B min and B max. Let {b, b } be an LLL-basis of I and g = s b + s b G. Then Proposition

12 HA THANH NGUYEN TRAN 3. says that s = 0 or s = ±. By symmetry, it is sufficient to consider only the case s {0, }. If s = 0 then g = b. If s = then g = s b +b. By Proposition 3.3, there are five possible values for s in the interval [, ] and two possible values t, t (with t t ) of s either between / b b and / b b or between / b b and / b b. This proposition also shows that the coefficients s have absolute values less than +. Furthermore, by Proposition 3.0, we have < α < and so < B(g) 4 < 6 6 for all g G. In other words: If g < / then ( ) g + 6 g < 6 + and g + 6 g > 6 +. If g > / then g + 6 g > 6 + and g + 6 g > 6 +. The statements in ( ) can be applied to eliminate some elements g which are not in G without having to compute B(g). Let and let I be a fractional ideal of F. Assume that an LLL-reduced basis {b, b } of I is also given and change the sign if necessary to have the first component of b = (b, b ) F R positive. In Remark.9, we assume that the coordinates of b and b have at most O((log F ) a ) digits for some integer a > 0. We have the following algorithm to test whether I is -reduced in time polynomial in log F. Algorithm 4... heck if I and N(I) < F or not.. Test whether or not I is primitive. 3. heck whether there is no nonzero element of I in S = {(x, x ) R : x / and x / and x + x < / }. 4. If b / then I is -reduced. If not, then find all possible elements of G. If 0 < b < / and / < b < / then compute the integers t t which are between / b b and / b b. If / < b < / and 0 < b < / then compute the integers t t which are between / b b and / b b. Let G 3 = {b, t b + b, t b + b, s b + b with s }. 5. Remove from G 3 all elements which do not satisfy ( ). 6. ompute B(g) for all g G 3, and then B max and B min. If B min B max then I is -reduced. If not, then I is not -reduced.

13 ON REDUED ARAKELOV DIVISORS OF REAL QUADRATI FIELDS 3 Step 3 of Algorithm 4. is done in a similar way to testing the minimality of was done (cf.[0, Algorithm 0.3]) but here is replaced by. In fact, we have the lemma below. Lemma 4.. Step 3 of Algorithm 4. can be done by checking at most six short vectors of the lattice I. Proof. If b is in S then I is not -reduced. Otherwise, b >. Assume that g = s b + s b is in S. Then g has length g <. Since {b, b } is an LLL-reduced basis of I, the coefficients s and s are bounded as s ( ) 3 g b < ( ) ( ) 3 = 3 and s g b < ( ) = [7, Section ]. Therefore, the elements of I which are in S have the form g = s b +s b with s and s. By symmetry, it is sufficient to test at most six short elements of I. Proposition 4.3. Algorithm 4. runs in time polynomial in log F. Proof. The first step can be done in polynomial time in log F by Lemma.0. An LLL-reduced basis of I can be computed in time polynomial in log F and Step can be done in time polynomial in log F (see Lemma. in Section ). In Step 3, by Lemma 4., it is sufficient to check few short vectors of I which have length bounded by. Step 4 can be done by finding integer numbers t, t which are in the interval [, + ]. In Step 6, the bounds B(g) are between and. Overall, this algorithm runs in time polynomial in log F. 5. A counterexample By Lemma.0,. and 4., the first three steps of Algorithm 4. can be done in time polynomial in log F. Essentially, the last three steps require finding all elements of I in a certain subset G (see Proposition 3.7 and Lemma 5.). Therefore, the complexity of this algorithm is proportional to the cardinality of G. For real quadratic fields, the task can be reduced to finding all elements of the subset G of G by Proposition 3.5. Since Proposition 3. and 3.3 say that G have few elements and it is easy to compute them, Algorithm 4. works well, i.e., it runs in time polynomial in log F. However, for a number field of degree at least 3, the set G may have many elements, and we currently do not know how to reduce G to a smaller subset. Therefore, an algorithm similar to Algorithm 4. would be inefficient. In other words, in bad cases, the complexity of Step 4 6 of Algorithm 4. may reach F a for some a > 0. In this

14 4 HA THANH NGUYEN TRAN section, we provide an example of a real cubic field F with large discriminant F for which G has at least F /4 elements. Since F is a real cubic field, we have F R = R 3. Let I be a fractional ideal of F. Then we identify each element g I with its image (σ(g)) σ = (g, g, g 3 ) F R = R 3. We set and let δ(i, ) = 6 π covol(i) S = { (x, x, x 3 ) R 3 : x i /, i 3 and x + x + x < 3/ }, G = {g = (g, g, g 3 ) I : g < δ(i, ) and there exists i such that g i < /}. Let E be the sphere centered at the origin of radius 3. As condition ( ) for the quadratic case (see Remark 3.4), we assume that is primitive in I and I contains no nonzero element of S but the shortest vectors of I are inside E. Proposition 3. and 3.6 for the quadratic case can be naturally generalized to a real cubic field. Similar to Proposition 3.7, we have the following result. Lemma 5.. The second condition of Definition.4 is equivalent to: there exists a metric u (R >0 ) 3 such that u g u for all g G. Let {b, b, b 3 } be an LLL-basis of I. We give an example with =. 5.. An example. Let P (X) = X X X be an irreducible polynomial with a root β and F = Q(β). Then F is a real cubic field with discriminant F = > Denote by O F the ring of integers of F. Let I = O F + O F β. Then the fractional ideal I has the properties that: is primitive in I. I has no nonzero element in the cube S. b is inside E so are the shortest vectors of I. The covolume of I is greater than.6 F /4. The cardinality of G is at least > F / How to find the above example. We construct a real cubic field F with a fractional ideal I satisfying the conditions of Section 5.. Let. Assume that F = Q(β) for some β of length β < 3/ and outside the cube S. Let O F be the ring of integers of F. Suppose that I = O F + O F β. Then the shortest vectors of I have length at most β < 3/. Denote by P (X) = ax 3 + bx + cx + d Z[X] with gcd(a, b, c, d) = and a > 0 an irreducible polynomial that has a root β. Let R = Z Z(aβ) Z(aβ + bβ).

15 ON REDUED ARAKELOV DIVISORS OF REAL QUADRATI FIELDS 5 Then R is a multiplier ring. Hence it is an order of F [4, Section.6]. Denote by β = β, β and β 3 the roots of P (X). We can easily choose P (X) such that O F = R. This can be done by using the lemma below. Lemma 5.. If the discriminant of P (X) is squarefree then O F = R. Proof. The discriminant of P (X) is disc(p ) = a 4 i<j (β i β j ) [3, Proposition 3.3.5]. By computing the discriminant of R, we can easily see that it is equal to disc(p ). The result follows since [O F : R] disc(p ). Lemma 5.3. If O F = R then N(I ) = a. Proof. Since O F = R = Z Z(aβ) Z(aβ +bβ) and I = O F +O F β, it is easy to see that I = Z Zβ Z(aβ ). It leads to N(I ) = [I : O F ] = a and the lemma is proved. The next lemma says that a can be chosen such that is primitive in I. Lemma 5.4. If a is a prime number then is primitive in I. Proof. If there is an integer d such that /d I, then d 3 = N(d) N(I ) = a, impossible since a is a prime. Thus, is primitive in I. Let {b = (b, b, b 3 ), b = (b, b, b 3 ), b 3 = (b 3, b 3, b 33 )} R 3 F R and {b, b, b 3} the Gram-Schmidt orthogonalization of this basis. We have the following result, crucial to obtaining the example of Section 5.. Proposition 5.5. Let. Assume that: is primitive in I. I has no nonzero elements in the cube S. b < 3/. covol(i) 0. Then the cardinality of G is at least 3 covol(i). Proof. As I has no nonzero element in S, there is some coordinate b j with j 3 of b such that b j /. Let g = s b + s b = (g, g, g 3 ). We show that if s 3 covol(i) and if s is between two numbers b j (/ s b j ) and b j ( / s b j ), then g is in G. We know that b < 3/, hence b j < 3/. This means that for each s, the distance between b j (/ s b j ) and b j ( / s b j ) is greater than / 3 >. Therefore there is at least one integer s between them. The bound for s implies that g j <. To prove that g G, it is sufficient to prove that g < δ(i, ). We first show that b 3. Since is in I, there exist integers m, m and m 3 such that = m b + m b + m 3 b 3. If m 3 = m = 0 then = m b. It follows that /m = b I. Since is primitive, we must have m = ±. So, b = = 3 3 for any. This contradicts b < 3/. As a result, m 3 0 or m 0. If

16 6 HA THANH NGUYEN TRAN m 3 0, then b 3 m 3 3. By the properties of LLL-reduced bases [7, Section ], we have b b 3 6. Then 3 covol(i) = b b b 3 < 6 3 = 3 6, contrary to the assumption that covol(i) 0. Hence, m 3 = 0 and m 0. onsequently, b m 3. Next, we prove that b 5. Indeed, denoting µ = b, b / b, b, by the properties of LLL-reduced bases we have µ and b = b + µb [7, Section ]. It follows that b = b + µ b < Now, since b j and b j b 5, the two numbers b j (/ s b j ) and b j ( / s b j ) are in the interval [ ] 5 5 ( + s ), ( + s ) and so is s. Therefore g = (s + µs )b + s b = (s + µs ) b + s b (( ) ) 5 < + s + 3 s + 3s ( ) 5 s + 3s < [δ(i, )] since s 3 covol(i) and covol(i) 0. We have shown that g = s b + s b G for all (s, s ) Z \{(0, 0)} with s 3 covol(i) and s between b j (/ s b j ) and b j ( / s b j ). Furthermore, if g G, then g G. Thus, G has at least [ 3 covol(i) = 3 covol(i)] elements. orollary 5.6. With the assumptions in Proposition 5.5, the set G contains more than γ F /4 elements for some constant γ depending on the roots β, β, β 3 of P. Proof. By choosing P such that O F = R, we have F = disc(r) = disc(p ) = a 4 i<j(β i β j ). Hence ( ) a = /4 γ F /4 with γ = (β i β j ). i<j

17 ON REDUED ARAKELOV DIVISORS OF REAL QUADRATI FIELDS 7 onsequently, F covol(i) = N(I ) = F / = γ F /4 a and the result follows from Proposition 5.5. Remark 5.7. Almost all the lattices I constructed this way have no nonzero element in the cube S as we may expect. Indeed, any element g = s b + s b + s 3 b 3 I S has length at most 3/. So, we can bound for the coefficients s s, s 3 as follows [7, Section ]. ( ) ( ) 3 g 3 g s b, s b, s 3 g b 3. Therefore,the the cardinality of I S is bounded by ( ) 3 3 covol(i) (a constant ) [7, Section ]. Since the covolume of I is very large, this number is very small. So, usually we can get I without any nonzero elements in S. From the idea above, some examples like the one in 5. can be produced as follows. First choose the discriminant F of F such that F > 0 4 (to make sure that covol(i) 0). hoose a prime number a F /4 (such that is primitive in I). hose a real vector (β, β, β 3 ) outside S and such that < β + β + β 3 < 3. Find the polynomial P (X) = ax 3 + bx + cx + d Z[X] of the form a(x β )(X β )(X β 3 ) (this can be done by using the function round in pari-gp). Then check whether P (X) is irreducible. heck if disc(p ) is squarefree. If not then change β i until it is. Now O F = R. Let I = O F + O F β. ompute an LLL-reduced basis {b, b, b 3 } of I and check if b < 3/. Test whether I does not have any nonzero element in S. Acknowledgements. I would like to thank René Schoof for proposing a new definition of -reduced divisors as well as very valuable comments and Hendrik W. Lenstra for helping me to find the counterexample in Section 5. I am also immensely grateful to Wen- hing Li and National enter for Theoretical Sciences (NTS) for hospitality during a part of the time when this paper is written. I also would like to thank Duong Hoang Dung and hloe Martindale for useful comments. Moreover, I wish to thank the reviewers for their comments that helped improve the manuscript. This research was supported by the Università di Roma Tor Vergata and partially supported by the Academy of Finland (grants #7603, #8938, and #836). The

18 8 HA THANH NGUYEN TRAN support from the European Science Foundation under the OST Action I04 is also gratefully acknowledged. References [] Johannes Buchmann. A subexponential algorithm for the determination of class groups and regulators of algebraic number fields. In Séminaire de Théorie des Nombres, Paris , volume 9 of Progr. Math., pages 7 4. Birkhäuser Boston, Boston, MA, 990. [] Johannes Buchmann and H.. Williams. On the infrastructure of the principal ideal class of an algebraic number field of unit rank one. Math. omp., 50(8): , 988. [3] Henri ohen. A course in computational algebraic number theory, volume 38 of Graduate Texts in Mathematics. Springer-Verlag, Berlin, 993. [4] A. K. Lenstra, H. W. Lenstra, Jr., M. S. Manasse, and J. M. Pollard. The number field sieve. In The development of the number field sieve, volume 554 of Lecture Notes in Math., pages 4. Springer, Berlin, 993. [5] H. W. Lenstra, Jr. On the calculation of regulators and class numbers of quadratic fields. In Number theory days, 980 (Exeter, 980), volume 56 of London Math. Soc. Lecture Note Ser., pages ambridge Univ. Press, ambridge, 98. [6] H. W. Lenstra, Jr. Algorithms in algebraic number theory. Bull. Amer. Math. Soc. (N.S.), 6(): 44, 99. [7] Hendrik W. Lenstra, Jr. Lattices. In Algorithmic number theory: lattices, number fields, curves and cryptography, volume 44 of Math. Sci. Res. Inst. Publ., pages 7 8. ambridge Univ. Press, ambridge, 008. [8] Daniele Micciancio. Basic algorithms. pdf. Lecture note of the course Lattices Algorithms and Applications (Winter 00). [9] R. J. Schoof. Quadratic fields and factorization. In omputational methods in number theory, Part II, volume 55 of Math. entre Tracts, pages Math. entrum, Amsterdam, 98. [0] René Schoof. omputing Arakelov class groups. In Algorithmic number theory: lattices, number fields, curves and cryptography, volume 44 of Math. Sci. Res. Inst. Publ., pages ambridge Univ. Press, ambridge, 008. [] Daniel Shanks. The infrastructure of a real quadratic field and its applications. In Proceedings of the Number Theory onference (Univ. olorado, Boulder, olo., 97), pages 7 4. Univ. olorado, Boulder, olo., 97. Department of Mathematics and Systems Analysis, Aalto University School of Science, Otakaari, 050 Espoo, Finland. address: hatran04@gmail.com