A HYPERELLIPTIC SMOOTHNESS TEST, II

Transcription

1 A HYPERELLIPTIC SMOOTHNESS TEST, II H. W. LENSTRA Jr, J. PILA and CARL POMERANCE [Received 28 June 999] Contents. Introduction Articulation of the roofs Curves of genus 2 and their Jacobians Estimates for zeta functions Zeta functions for nite rings The order of a Picard grou Fourth degree Weil olynomials Abelian surfaces with a given Weil olynomial Non-uniqueness of factorization in short intervals Constructing Weil olynomials Characteristic References Introduction This is our second aer devoted to the descrition and analysis of the hyerellitic curve method. The hyerellitic curve method is a robabilistic algorithm for factoring integers. It is well suited to nding small rime factors of an integer and, in articular, to recognizing smooth integers, that is, integers built from small rime numbers. The hyerellitic curve method is closely related to the ellitic curve method [8]. We refer the reader to the introduction to our rst aer [9] for a discussion of the rovenance of the hyerellitic curve method, its relation to the ellitic curve method, and comarison of run times with other algorithms. The hyerellitic curve method uses the Jacobian varieties of curves of genus 2 over nite elds in the same way that the ellitic curve method uses ellitic curves over nite elds. Let k be a nite eld of odd characteristic, and let q be its cardinality. Let f 2 k X Š be a sextic or quintic olynomial with non-vanishing discriminant. Let C f be the smooth rojective curve over k whose function eld is the eld of fractions of k X; Y Š= Y 2 f, so that the genus of C f equals 2. Denote by J f the Jacobian variety of C f, and by J f k the set of k-rational oints of J f, which is a nite Abelian grou. Since C f has genus 2, the Riemann Hyothesis for Abelian varieties over nite elds, roved by Weil [22], imlies that #J f k 2 q 4 ; q 4 Š; where # denotes cardinality. So #J f k resides in an interval of length,8q 3 = 2 centered at,q 2 as q!. (We use the notation A q, B q as q! to mean that A q =B q! as q!.) The number of sextic and quintic olynomials The authors acknowledge the suort of the National Science Foundation under grant numbers DMS , DMS and DMS Mathematics Subject Classi cation: Y05, G0, M20, N25. Proc. London Math. Soc. (3) 84 (2002) 05±46. q London Mathematical Society 2002.

2 06 h. w. lenstra jr, j. ila and carl omerance over k with non-vanishing discriminants is,q 7 as q!. Therefore, the assignment f 7! #J f k has bres whose average size is, 8 q = 2 as q!. If we restrict to quintic olynomials then the bres have average size, 8 q 9 = 2 as q!. The main results of the resent aer concern the size of the bres over the integers z in a subinterval of q 4 ; q 4 Š. This subinterval is of the form q 2 cq 3 = 2 ; q 2 cq 3 = 2 Š, where c is ositive and exlicit. Excluding a small set of values for z, we show that the size of each bre is not much smaller than the average value that we just comuted. Thus, the assignment f 7! #J f k distributes the olynomials f fairly evenly over a substantial subinterval of q 4 ; q 4 Š. Our rst result restricts to rime elds and to quintic olynomials. Prime elds are the only ones that arise in the analysis of the hyerellitic curve method. Curves C f with quintic olynomials f are attractive to use, since their Jacobians are articularly easy to construct and to oerate in. Theorem.. Let be a rime number with > 800, and let F denote the rime eld of cardinality. Then for all but at most integers z in the interval = 2 ; = 2 Š there are at least 9 = 2 24,000 log 2 log log 2 quintic olynomials f 2 F X Š with non-vanishing discriminants such that #J f F ˆz. If we do not insist that the curves have quintic models, we can rove a result valid for all nite elds of odd characteristic, with a smaller excetional set. This result is not needed for our analysis of the hyerellitic curve method. Theorem.2. Suose that k is a nite eld, and suose that the cardinality q of k is odd and at least 4,400. Then for all but at most 28 q integers z in the interval q 2 9 q 3 = 2 ; q 2 9 q 3 = 2 Š there are at least q = 2 48,000 log q 2 log log q 2 sextic olynomials f 2 k X Š with non-vanishing discriminants such that #J f k ˆz. No great signi cance should be attached to the constants 24,000 and 48,000 occurring in the theorems beyond the fact that they are exlicit. They are de nitely oen to imrovement. We brie y exlain the role that Theorem. lays in the analysis of the hyerellitic curve method. The success of the hyerellitic curve method deends on #J f F being suf ciently smooth ± that is, built u entirely of suf ciently small rime factors ± with reasonable robability when f is selected at random. The recise sense of `suf ciently smooth' and `reasonable robability' in our situation is discussed in [9]. To rove that #J f F is suf ciently smooth with reasonable robability, one

3 a hyerellitic smoothness test, ii 07 rst shows that an interval of the form x cx 3 = 4 ; x cx 3 = 4 Š contains reasonably many numbers that are suf ciently smooth. Such a result is contained in our rst aer, [9], in which we roved various theorems about the density of smooth numbers in short intervals. Taking x ˆ 2 and c ˆ 2 one nds that the interval = 2 ; = 2 Š contains a fair number of suf ciently smooth integers z. Next one alies Theorem. to these values of z to see that there is a reasonably large number of quintics f for which #J f F is suf ciently smooth. This is the required result. For more details, and for an alication of our result to rimality testing, we refer to the forthcoming third aer in this series. Our main theorems rovide only a lower bound for the number of f such that J f k has order z. For ellitic curves an uer bound of the same form ± u to owers of logarithms ± is given in [8, Proosition.9]. One may believe that in the case of hyerellitic curves there is also an uer bound of the same form, but the arguments that we give do not suf ce to rove this. Adleman and Huang [, Chater 4, Proosition ] rove a result similar to Theorem.2. However, their argument is restricted to rime numbers z, which does not suf ce for our uroses. Their result also admits a much larger set of excetions. The structure of the roof of Theorems. and.2, and of the aer, is as follows. In 2 the roofs are reduced to the roof of four auxiliary roositions. The rst of these (Proosition 2.) estimates the number of f for which C f is isomorhic to a given curve C of genus 2. The roof is elementary, and it is given in 3. The second (Proosition 2.2) concerns the reconstruction of C from its Jacobian, viewed as a rincially olarized Abelian variety. The only new feature of this result is a suf cient condition, in terms of the Jacobian, for C to ossess a quintic model; the details are given in 3. Our third auxiliary result (Proosition 2.3) estimates the number of two-dimensional rincially olarized Abelian varieties with a given `Weil olynomial'. The roof occuies ve sections. In 4 we use the arguments of Stark [9] to obtain an effective lower bound for certain quotients of class numbers (Proosition 4.2). In 5 we rove the integrality of a suitable quotient of zeta functions of nite rings. Combining these results, we obtain in 6 an effective lower bound for aroriately de ned class numbers of certain orders in number elds. Section 7 contains generalities concerning fourth degree Weil olynomials. Once all these ingredients are available, we give the roof of Proosition 2.3 in 8. It is based on a result of Deligne [4] that establishes an equivalence of categories between the category of ordinary Abelian varieties over nite elds, and a certain category of free Z-modules with additional structure. We also emloy results of Howe [6] on the translation of the notion of olarization of ordinary Abelian varieties under Deligne's equivalence. Abelian varieties that are ordinary are the only ones that we use; thus, Theorems. and.2 remain valid if the additional condition that J f be ordinary is imosed on f. The nal result of 2 (Proosition 2.4) asserts that for most z in our target interval an aroriate Weil olynomial can be constructed. The roof, which is given in 0, is comletely elementary but somewhat involved; it makes use of a result on non-uniqueness of factorization in short intervals that is resented in 9. It may be of interest to ursue the latter subject for its own sake. Fields of characteristic 2 are excluded in Theorems. and.2, not only because we use models of the form y 2 ˆ f x for hyerellitic curves, but also because certain arts of our roof admit a larger set of excetions when the

4 08 h. w. lenstra jr, j. ila and carl omerance characteristic equals 2. In we state searately some results valid in characteristic 2. Throughout this aer, a `curve' will mean a smooth absolutely irreducible rojective variety of dimension. All mas between varieties will be rational over the base eld, unless the contrary is exlicitly stated. All rings are suosed to be commutative with unit element, and the unit element is suosed to be resected by ring homomorhisms and to be contained in subrings. The grou of units of a ring R is denoted by R.ByZ we denote the ring of integers, and by Q, R and C the elds of rational, real and comlex numbers, resectively. Acknowledgement. The authors thank J. Cremona, E. W. Howe, N. M. Katz, S. Louboutin and P. Sarnak for their assistance. 2. Articulation of the roofs Let k be a nite eld and q its cardinality. Theorems. and.2 are statements about the bres of the ma from the set of sextic or quintic olynomials over k with non-vanishing discriminants to Z, sending f to #J f k. In the resent section we write this ma as the comosition of four mas. We formulate auxiliary results, to be roved in later sections, about the bres of each of these mas. At the end of the section we deduce Theorems. and.2 from these results. From olynomials to curves. The rst ma goes from the set of sextic or quintic olynomials over k with non-vanishing discriminants to the set of isomorhism classes of curves of genus 2 over k. It is de ned only if q is odd, and it sends f to the curve C f whose function eld is the eld of fractions of k X; Y Š= Y 2 f ; it does have genus 2, by [20, Proosition VI.2.3(b)]. If C is a curve of genus 2 over k, then we call a sextic or quintic olynomial f a reresentative of C if C > C f. Proosition 2.. Let k be a nite eld of odd cardinality q, and let C be a curve of genus 2 over k. Then the number of reresentatives of C equals q 2 q 2 q : #Aut C Also, there exists an integer r C satisfying 0 < r C < 6; r C #C k mod 2, such that C has exactly r C q q 2 q #Aut C and quintic and sextic reresentatives, resectively. q r C q q 2 q #Aut C The roof of this roosition is routine. It is given in 3. From curves to rincially olarized Abelian varieties. Arincially olarized Abelian variety over k is a air A; y consisting of an Abelian variety A over k and a rincial olarization y: A! ÆA of A over k; here ÆA denotes the dual

5 a hyerellitic smoothness test, ii 09 Abelian variety. An isomorhism w: A; y! B; h of rincially olarized Abelian varieties is an isomorhism w: A! B of Abelian varieties satisfying y ˆ Æwhw. For all these terms, see []. The second ma goes from the set of isomorhism classes of curves of genus 2 over k to the set of isomorhism classes of rincially olarized two-dimensional Abelian varieties over k. It takes C to the air J C ; y C, where J C is the Jacobian variety of C (see [2]) and y C is the canonical rincial olarization of J C induced by the theta divisor (see [2, 6.]). An Abelian variety over k is called absolutely simle if it has, after base extension to an algebraic closure of k, exactly two Abelian subvarieties, namely f0g and the Abelian variety itself. For the de nition of the trace of the Frobenius endomorhism of an Abelian variety A over k we refer to [, 2 and 9]. Proosition 2.2. Let k be any nite eld, and q its cardinality. Let A; y be a rincially olarized absolutely simle Abelian variety of dimension 2 over k. Then A; y is isomorhic to the canonically olarized Jacobian variety of some curve C of genus 2 de ned over k, and for any such C we have Aut C > Aut A; y. If, in addition, both q and the trace of the Frobenius endomorhism of A are odd, then any curve C of genus 2 with J C ; y C > A; y ossesses a quintic reresentative. The roof of this roosition is given in 3. The rst art of Proosition 2.2 is well known. From Abelian varieties to Weil olynomials. By a Weil q-olynomial we mean a olynomial h 2 Z X Š of even degree, with leading coef cient, all of whose comlex zeros have absolute value q, and which satis es h 0 > 0 (and therefore h 0 ˆq deg h = 2 ). If A is an Abelian variety over k, then we denote by h A the characteristic olynomial of the Frobenius endomorhism of A (see [, 2and 9]); this is a Weil q-olynomial of degree 2 dim A, by[, Theorem 9.] (the roerty h A 0 > 0 follows from h A ˆ#A k > 0 and the absence of zeros of h A in the interval 0; Š; see[, Theorem 9.(b) and (c)]). The third ma goes from the set of rincially olarized two-dimensional Abelian varieties over k to the set of Weil q-olynomials of degree 4. It sends A; y to h A. As we shall see in Proosition 7., the Weil q-olynomials of degree 4 are exactly the olynomials h of the form h ˆ X 2 q 2 ax X 2 q bx 2 ; where a and b are integers satisfying 2jaj q 4q < b < 4 a 2 < 4q: Moreover, a and b are uniquely determined by h. We say that such a olynomial h is ordinary if b is not divisible by the characteristic of k, that h has odd trace if a is odd, that h is regular if neither of the numbers a 2 4b and b 4q 2 4qa 2 is an integer square (see Remark 7.6 for an interretation of these conditions), and we de ne c h ˆ a 2 4b = 2 b 4q 2 4qa 2 = 2 :

6 0 h. w. lenstra jr, j. ila and carl omerance By the weighted number of rincially olarized Abelian varieties A; y in a class S we mean P =#Aut A; y, the sum ranging over the isomorhism classes of airs A; y in S. Note that Aut A; y is nite, by [, Proosition 7.5(a)]. Proosition 2.3. Let k be a nite eld, and suose that the cardinality q of k is at least 800. Let h be an ordinary regular Weil q-olynomial of degree 4. Then the weighted number of rincially olarized two-dimensional Abelian varieties A; y over k with h A ˆ h is at least c h 95,000 log q 2 log log q 2 : Each such A is absolutely simle, and if h has odd trace, then the trace of the Frobenius endomorhism of any such A is odd. The roof of Proosition 2.3 is given in 8. From Weil olynomials to integers. The fourth ma goes from the set of Weil q-olynomials of degree 4 to Z, and it sends h to h. IfA is an Abelian variety over k, then we have h A ˆ#A k (see [, Theorem 9.(b)]). Hence the comosition of the four mas does ma a sextic or quintic olynomial f 2 k X Š with non-vanishing discriminant to #J f k. Proosition 2.4. (a) Let q > 4,400 be an odd rime ower. Then for all but at most 28 q integers z in the interval q 2 9 q 3 = 2 ; q 2 9 q 3 = 2 Š there is an ordinary regular Weil q-olynomial h of degree 4 such that h ˆz and c h > 2q 3 = 2. (b) Let > 800 be a rime number. Then for all but at most integers z in the interval = 2 ; = 2 Š there is an ordinary regular Weil -olynomial h of degree 4 with odd trace such that h ˆz and c h > 4 3 = 2. This result is roved in 0. Proof of Theorem.2. Suose that q is odd and that q > 4,400. Let z 2 q 2 9 q 3 = 2 ; q 2 9 q 3 = 2 Š be an integer that does not belong to the set of cardinality at most 28 q that is exceted in Proosition 2.4(a). It suf ces to rove that the conclusion of Theorem.2 holds for z. By the choice of z and Proosition 2.4(a), we can choose an ordinary regular Weil q-olynomial h of degree 4 with c h > 2q 3 = 2 and h ˆz. Alying Proosition 2.3 we nd that the weighted number of rincially olarized, absolutely simle two-dimensional Abelian varieties A; y with h A ˆ h is at least 2 q 3 = 2 95,000 log q 2 log log q 2 :

7 a hyerellitic smoothness test, ii By Proosition 2.2, the same lower estimate holds for the weighted number of curves C of genus 2, de ned over k, with h JC ˆ h; here the isomorhism class of C is counted with weight =#Aut C. Each such curve C has, by Proosition 2., at least q 5 q q 2 q =#Aut C sextic reresentatives f. Thus the number of sextic f 2 k X Š with h Jf ˆ h is at least 2 q 3 = 2 q 5 q q 2 q 95,000 log q 2 log log q 2 : The conclusion of Theorem.2 now follows from the inequality 2 q 5 q q 2 q > q 4 for q > 4,400; 95,000 48,000 and the observation that each of the sextic olynomials f with h Jf #J f k ˆh ˆz. This roves Theorem.2. ˆ h satis es Proof of Theorem.. The roof of Theorem. follows the same lines as the roof of Theorem.2. One uses Proosition 2.4(b) instead of Proosition 2.4(a), and emloys only Weil olynomials that have odd trace. Likewise, when alying Proositions 2.3, 2.2 and 2., one considers only Abelian varieties for which the trace of the Frobenius endomorhism is odd, and curves that ossess a quintic reresentative; the last assertions of these three roositions are now invoked. This roves Theorem.. 3. Curves of genus 2 and their Jacobians Proof of Proosition 2.. Let k be a nite eld of odd cardinality q, and let C be a curve of genus 2 over k. By [20, Lemma VI.2.2(b) and Proosition VI.2.4(a)], the function eld k C of C has a unique sub eld K with k C : K Šˆ2 for which there exists x 2 K with K ˆ k x ; and by [20, Proosition VI.2.3(a)], there is a sextic or quintic olynomial f 2 k xš with nonvanishing discriminant such that k C ˆk x; y with y 2 ˆ f. For such f we have C > C f. This shows that C has at least one reresentative. We shall denote the unique non-trivial automorhism of k C that is the identity on K by t, and refer to it as the hyerellitic involution. We next investigate isomorhisms between two curves C f and C g of genus 2. Write k C f ˆk x; y with y 2 ˆ f x and k C g ˆk x 0 ; y 0 with y 0 2 ˆ g x 0, and suose that we have an isomorhism C f! C g, inducing a k-isomorhism j: k C g!k C f. The uniqueness of the sub eld k x imlies that j induces an isomorhism k x 0!k x, soj x 0 a b ˆ ax b = cx d for some c d in the grou GL 2; k of invertible 2 2 matrices over k. Also, y=j y 0 is xed under the hyerellitic involution, so we have j y 0 ˆh x y for some h x 2k x. We have g ax b = cx d ˆ h x 2 f x ; and since g is square-free we nd that h x ˆe= cx d 3 for some e 2 k, and that f x ˆe 2 cx d 6 g ax b = cx d :

8 2 h. w. lenstra jr, j. ila and carl omerance Conversely, if the latter equality holds for a air a b e; 2 k GL 2; k ; c d then x 0 7! ax b = cx d ; y 0 7! ey= cx d 3 gives an isomorhism C f! C g. The grou G ˆ k GL 2; k acts (on the right) on the set of square-free sextic or quintic olynomials in k X Š by a b g X ± e; ˆ e 2 cx d 6 g ax b = cx d : c d By the above, we have C f > C g if and only if f and g belong to the same orbit under G. Hence, if we x f, then the number of g for which C f > C g equals # G divided by the order of the stabilizer of f in G. We have #G ˆ q q 2 q 2 q. A air a b e; c d belongs to the stabilizer of f if and only if it gives an automorhism of C f. The airs that give the trivial automorhism are those that belong to the subgrou a 3 a 0 ; 0 a : a 2 k of order q ofg. Hence the order of the stabilizer equals q Aut C f. This roves that the number of reresentatives of C f equals q 2 q 2 q =#Aut C f. Since each C is of the form C f, this imlies the rst assertion of Proosition 2.. To rove the second assertion, we let r C be the number of elements of C k that are xed under t. These elements are recisely the k-rational oints of C that ramify under the ma C! P corresonding to the eld extension k C É k x, and by [20, Proosition VI.2.3(c)] they corresond to the set of zeros of f in k, including one zero `at in nity' if deg f ˆ 5. From deg f < 6 it follows that 0 < r C < 6. Also, since the oints of C k that are not xed under t come in airs fp; tpg, we have r C #C k mod 2. It remains to rove the statement about the number of quintic models. Let us rst consider isomorhism classes of airs C; P, where C is a curve of genus 2 over k and P is a oint on C k that is xed under t; here we call C; P and C 0 ; P 0 isomorhic if there is an isomorhism C! C 0 maing P to P 0. When f 2 k X Š is a square-free quintic olynomial, then the rational function x on C f has exactly one ole on C f, which we call P f. We have P f 2 C f k, and P f is xed under t, so the air C f ; P f is one of the airs under consideration. Conversely, for every air C; P there are exactly q q 2 q =#Aut C; P square-free quintic olynomials f in k X Š for which C; P is isomorhic to C f ; P f. To rove this, one mimics the art of the roof already given, with a few minor changes. The rst change is that one needs to choose the element x 2 K such that it has a ole at P; this is ossible, since the image of P in P belongs to P k. Secondly, one should consider only isomorhisms C f! C g that ma P f to P g, which is equivalent to the restriction c ˆ 0 on the matrices that one works with. Since the grou of those matrices has order q q 2 q, one arrives at the formula q q 2 q =#Aut C; P that we have just stated. To count the number of quintic reresentatives one considers the ma that sends the isomorhism class of a air C; P to the isomorhism class of C. Let C be a curve of genus 2 over k. IfP, P 0 2 C k are xed under t, then the airs C; P a b c d

9 a hyerellitic smoothness test, ii 3 and C; P 0 are isomorhic if and only if P and P 0 belong to the same orbit under Aut C. Thus the number of quintic reresentatives for C equals X P q q 2 q ; #Aut C; P the summation ranging over a set of orbit reresentatives for the action of Aut C on fp 2 C k : tp ˆ Pg. We may also extend the sum to include all P 2 C k with tp ˆ P rovided that each term is given a weight equal to the inverse of the orbit size of P under Aut C. This orbit size equals #Aut C =#Aut C; P, which yields the formula stated in Proosition 2.. Subtracting the number of quintic reresentatives from the total number of reresentatives one obtains the nal formula in Proosition 2.. This roves Proosition 2., with the added information that r C is the number of F q -rational oints of C that are xed under the hyerellitic involution. Remark. It follows from Proosition 2. that C has at least one quintic model if and only if r C > 0, and that C has at least one sextic model unless and only unless r C ˆq. Also, the equality r C ˆq can occur only if q equals 3 or 5. It is not hard to show that in those two cases one has r C ˆq if and only if C > C f with f ˆ X 5 X. Proof of Proosition 2.2. Let A be an absolutely simle Abelian variety of dimension 2 over F q, with dual ÆA, and let y: A! ÆA be a rincial olarization. Let D be a ositive divisor on A that is de ned over k and belongs to the divisor class determining y; such a divisor exists since k is nite (see [, Remark 3.2]). By [, Theorem 3.3(b)], the self-intersection number of D equals D; D ˆ2 deg y ˆ 2. A theorem of Weil [23, Satz 2] (or see [4]) imlies that this divisor is either a curve C of genus 2 or, over an algebraic closure k of k, equal to the sum of two ositive divisors. In the rst case, A; y is isomorhic to the rincially olarized Jacobian of C; in the second case, A is, over k, isomorhic to the roduct of two ellitic curves (see [23, 4]). The latter alternative is excluded by our assumtion that A be absolutely simle. Hence we have A; y > J C ; y C. Torelli's theorem (see [2, Corollary 2.2]) imlies that C is uniquely determined, u to isomorhism, by the roerty that A; y > J C ; y C. Also, the roof of Torelli's theorem, as given in [2], shows that for every b 2 Aut J C ; y C there is a unique a 2 Aut C that mas to b under the natural ma Aut C! Aut J C ; y C (cf. [2, Proosition 6.]). Therefore we have Aut C > Aut A; y. Next suose that q and the trace t of the Frobenius endomorhism of A are odd. By [2, Theorem.], we have #C k ˆ t q, which is odd. Hence the number r C from Proosition 2. is also odd. Therefore we have r C >, and by Proosition 2. the curve ossesses a quintic model. This roves Proosition Estimates for zeta functions Let K be an algebraic number eld of nite degree n over the eld Q of rational numbers. We write z K for the zeta function of K, which is de ned on

10 4 h. w. lenstra jr, j. ila and carl omerance fs 2 C: Res > g by z K s ˆY N P s ; P here P ranges over the set of maximal ideals of the ring of integers of K, and N P is the cardinality of the residue class eld of P. Denote by D the absolute value of the discriminant of K over Q, byr the number of real laces of K, and by r 2 the number of comlex laces of K. Fors 2 C, Res >, we de ne G s=2 r G s r y K s ˆs s D s = s = 2 2 s zk s ; where G denotes Euler's gamma function. Note that for s 2 R with s >, both z K s and y K s are real and ositive. Lemma 4.. (a) The function y K can be analytically extended to an entire function satisfying the functional equation y K s ˆy K s. (b) All zeros r of y K satisfy 0 < Re r <, and one has yk 0 s y K s ˆ X 2 s r s r r for each s 2 C with y K s 6ˆ0; the sum ranges over all zeros r of y K, counted with multilicities, and it is absolutely convergent. (c) For s 2 R with s > one has 0 < y K 0 s y K s < s s log D r G 0 s=2 G 0 s log r 2 2 G s=2 2 log 2 : G s (d) If K 6ˆ Q, then there is at most one zero b of y K that satis es Re b > 4log D and jim bj < 4 log D, and if there is one then it is real and simle. (e) For K 6ˆ Q and s 2 R with < s < 2 n = log D, one has y K s < 2 r r 2 r 2 e log D n D : 2 n (f ) One has y K ˆh reg=w, where h and reg denote the class number and regulator of K, resectively, and w is the number of roots of unity in K. Proof. For (a), see [7, Chater XIII]. For (b), see [7, Chater XV, Theorem 3 and Chater XVII, ], as well as [9, Lemma ]. For (f ), one uses [7, Chater VIII, Theorem 5] and the fact that G 2 ˆ (see [24, 2.4]). (c) From the de nition of z K one sees that zk 0 s =z K s < 0 for real s >. Combining this with the de nition of y K we nd the uer bound in (c). The lower bound follows from the exression given in (b) (see [9, Lemma 3]). (d) This is roved in [9, Lemma 3], as a consequence of (b) and (c). (e) We follow [0, roof of Theorem ]. For a real number s > we de ne g s ˆs r r 2 2 G s =2 r 2: y Q s n s G s=2

11 a hyerellitic smoothness test, ii 5 The logarithm of each of the three factors on the right is convex on ; ; for the rst factor this is obvious, and for the last two factors it is the content of [0, Lemma 9]. It follows that log g is convex on ;. Put j ˆ 2 n = log D. We claim that g j < g ˆ2 r r 2 r 2 : The equality is readily veri ed. We rove the inequality. From Minkowski's inequality D > 4 r 2 n n =n! (see [7, Chater V, 4]) one nds in a routine manner that log D > 3 n. Therefore we have j < 4, and by convexity it follows that g j < max g ; g 4. Now one deduces the claim from yq 4 r r 2 2 yq 4 G 5=2 r 2 g 4 ˆ4 4 4 G 2 2 r r 2 2 r 2 ˆ 4 < r r 2 r ; 2 excet if r r 2 ˆ. In the excetional case K is imaginary quadratic, and one has D > 3, j < 3, and g j < max g ; g 3 ; the inequality z Q 3 2 < z Q 2 (obtained from the Euler roduct) imlies then that g 3 ˆ3z < 2 ˆ g. This roves the claim. Let s be real, s >. From the dulication formula [24, 2.5] G s=2 G s =2 ˆ s = 2 s = 2 2 G s 2 s for the gamma function, and from the elementary inequality z K s < z Q s n, one sees that G s=2 n G s =2 = y K s ˆs s D s = 2 s = 2 r 2 zk s 2 s = 2 G s=2 = 2 s = 2 < Ds = 2 s n s s G s=2 n 2 G s =2 r 2 z 2 Q s s r r 2 s = 2 s G s=2 ˆ Ds = 2 g s : n s Substituting s ˆ j, which minimizes D s = 2 = s n, we nd that y K j < D n = log D D = 2 e log D n g j < D = 2 2 r r 2 r 2 ; n 2 n = log D 2 n which roves (e) for s ˆ j. To rove (e) for < s < j it now suf ces to observe that yk 0 is ositive on ;, by (c). This comletes the roof of Lemma 4.. Combining (e) and (f ) we nd an uer bound for h reg=w that is due to Louboutin [0, equation (2)]. It imroves an uer bound obtained by Siegel [8, Satz ]. We now come to the main result of this section, which in substance is due to Stark [9]. We let h, reg, w be as in Lemma 4.(f ), and by h, reg and w we denote the corresonding quantities for the eld K aearing in Proosition 4.2.

12 6 h. w. lenstra jr, j. ila and carl omerance Likewise, we denote by D the absolute value of the discriminant of K over Q. Proosition 4.2. Let K be a totally imaginary quadratic extension of a totally real algebraic number eld K, and suose that K does not contain a sub eld that is imaginary quadratic over Q. Let M be a Galois closure of K over Q. Write d ˆ K : QŠ and m ˆ M : QŠ max ; 4=d. Then we have h reg=w 2 d d > h reg =w 4 e 2 = 40 m e log D log D D : D The roosition imlies that h reg=w d d > h reg =w 2:243 4:270 d m D = D log D d log D ; where m may be relaced by 5, 9 or d!, according as d ˆ 2, d ˆ 3or d > 4, resectively. Proof. For s 2 C with Re s >, we de ne L s ˆz K s =z K s ; G s =2 d L s ˆ D=D s = 2 L s : s = 2 The function L may be analytically extended to an entire function (see [7, Chater VIII and Chater XIV]). The dulication formula quoted in the roof of Lemma 4.(e) imlies that y K s ˆy K s L s : It follows that L satis es the functional equation L s ˆL s. By Lemma 4.(f ) one has L ˆ h reg=w : h reg =w We shall estimate this quantity from below. From Lemma 4.(b) one obtains L 0 s L s ˆ X 2 r s r s r for each s 2 C with L s 6ˆ0, the sum ranging over all zeros r of L, counted with multilicities; all these zeros are also zeros of y K. Let B be the set of zeros b of L that satisfy Re b > 4log D and jim bj < 4 log D. By Lemma 4.(d), the set B is either emty or consists of a single simle real zero. We shall need: 4:3 b < for every b 2 B; 4m log D with m as de ned in Proosition 4.2. We ostone the roof of this assertion until the end of this section. It deends crucially on the assumtion that K does not contain an imaginary quadratic sub eld.

13 a hyerellitic smoothness test, ii 7 Let j 0 ˆ 4log D.Ifris a zero of L that does not belong to B, then as in the roof of [9, Lemma 2] one has s r s r < 2 j 0 r j 0 r for every real number s with < s < j 0. Therefore we have j 0 r j 0 r L 0 s L s < X r X b 2 B s b 2 j 0 b for the same values of s, where the rst sum ranges over the zeros r of L. We may include the zeros of y K in that sum, since they give ositive contributions. Then the rst sum changes to 2yK j 0 0 =y K j 0. Integrating from to j 0 and exonentiating one nds that L j 0 L < ex 2 j 0 y K j 0 0 E ; y K j 0 where we ut E ˆ Y b 2 B b j 0 b ex 2 j 0 : j 0 b Using the fact that L j 0 ˆy K j 0 =y K j 0 we now obtain L > ex 2 j 0 y K 0 j 0 y y K j 0 K j 0 y K j 0 E: We estimate the four factors searately. For the rst factor we aly Lemma 4.(c) to s ˆ j 0. Since j 0 ˆ 4log D is smaller than the unique ositive zero : of G 0 =G (see [24, 2.33]), we have G 0 j 0 =G j 0 < 0, and we nd that This leads to ex yk j 0 0 y K j 0 < j 0 2 log D d log 2 : 2 j 0 y K 0 j 0 > ex 2j y K j 0 0 D j 0 2 2d j 0 ˆ e = 4 2 2d j 0 ; ex 2j 0 which is our estimate for the rst factor. For the second factor, the de nition of y K and the obvious inequalities z K j 0 > and j 0 > imly that y K j 0 > j 0 D j 0 = G j 2 0 d D 2 j ˆ 0 2 d e = 8 G j 4 log D 0 d 2 j : 0 Let g 8 0: denote Euler's constant (see [24, 2.]). From the inequality G 0 s G s > G 0 ˆ g > log 2; G

14 8 h. w. lenstra jr, j. ila and carl omerance valid for s > (see [24, 2.6]), one deduces that G j 0 ˆG j 0 =G > ex g j 0 > 2 j 0 ; which, since > e, gives G j 0 d e d j 2 j > 0 4 > 0 d j > ex 2j : 2d j 0 In the last inequality we use the fact that d > 2, which follows from the assumtion that K does not contain an imaginary quadratic sub eld. We obtain D y K j 0 > 2 d 4e 5 = 8 log D ex 2j 0 2 : 2d j 0 This is our estimate for the second factor. For the third factor we aly Lemma 4.(e) to the eld K and s ˆ j 0 ˆ 4log D. The condition K 6ˆ Q is satis ed, and from d > 2 and D < D one sees that the condition j 0 < 2 d = log D is satis ed as well. We nd that 2 d d y K j 0 > 2 d : e log D D The fourth factor, E, is equal to if B is emty. Suose next that B ˆfbg. Alying (4.3) we see that E is at least the minimum of x ex 2 j 0 = j 0 x = j 0 x for 4log D < x < 4mlog D or, equivalently, the minimum of f y ˆy ex 2= y = y for =m < y < (with y ˆ 4log D x ). One readily veri es that f is increasing on 0; Š, so the required minimum is f =m, which by m > 4isat least e 8 = 5 = m. This is less than, so it is in both cases a lower bound for E. Assembling the four estimates we nd that D 2 d d L > 2 d 4e 7 = 8 log D 2 d e 8 = 5 e log D D m : Rearranging the right-hand side, and alying Lemma 4.(f ), we obtain the inequality stated in Proosition 4.2. It remains to rove (4.3). A discriminant formula. The roof of (4.3) makes use of a formula for discriminants that is dif cult to locate in the literature. Since it is also useful in other contexts, we state and rove it in the general case of Dedekind domains. Let A be a Dedekind domain, E its eld of fractions, F a nite searable eld extension of E, and B the integral closure of A in F. We denote by D B = A the discriminant of B over A, which is a non-zero ideal of A. Let M be a nite Galois extension of E, with grou G, and suose that M is large enough to contain an E-isomorhic coy of F. We write S for the set of E-embeddings F! M. This is a set of cardinality F : EŠ, and it is naturally acted uon by G. Denote by C the integral closure of A in M. We assume that for each

15 a hyerellitic smoothness test, ii 9 maximal ideal P of C the eld C =P is searable over A= P Ç A. This assumtion is satis ed in the case of rings of integers in number elds, since in that case all residue class elds are nite. Theorem 4.4. Let the notation and hyotheses be as above, and let I j denote the C-ideal generated by fjc c: c 2 Cg, for j 2 G. Then we have D M : E Š ˆ Y N B = A C = A I j # fs 2 S: js 6ˆ sg ; j 2 G; j 6ˆ where N C = A denotes the ideal norm from C to A. It is only through the exonents #fs 2 S: js 6ˆ sg that the formula given in Theorem 4.4 deends on F. This is what accounts for its usefulness. The fact that the formula for D B = A is indeendent of the choice of M can be roved directly by means of a theorem of Herbrand (see [6, Chater IV, Proosition 3]). One can give a similar formula that is valid when M is an in nite Galois extension of E; it involves a distribution on the Galois grou. Proof. The different D C = A of C over A is given by D C = A ˆ Y I j ; j 2 G; j 6ˆ if C is a comlete discrete valuation ring, this is a reformulation of [6, Chater IV, Proosition 4], and the general case then follows from [6, Chater III, Proosition 0]. Let s 2 S, and let G s ˆfj2G: js ˆ sg. Then G s is the Galois grou of M over sf, and alying the formula above to the extension sf Ì M we nd that D C = sb ˆ Y I j : j 2 G s ; j 6ˆ The formula D C = A ˆ D C = sb D sb= A (see [6, Chater III, Proosition 8]) now yields C D sb= A ˆ Y I j : j 2 G; j s 6ˆ s Alying N C = A ˆ N sb= A ± N C = sb and noticing that N sb= A N C = sb C D sb= A ˆ N sb= A D sb= A M : sfš M : sfš ˆ D sb= A ˆ D M : E Š = # S B = A one obtains D M : E Š = # S B = A ˆ Y j 2 G; js 6ˆ s N C = A I j : Taking the roduct over s 2 S we nd the formula stated in the theorem. This roves Theorem 4.4. An alternative roof of Theorem 4.4 can be derived from the theory of conductors (see [6, Chater VI, 3]). Corollary 4.5. With the same notation and hyotheses as in Theorem 4.4, assume in addition that M is a Galois closure of F over E. Then D 2 C = A divides D M : E Š B = A.

16 20 h. w. lenstra jr, j. ila and carl omerance Proof. Since M is a Galois closure of F over E, the only element of G that acts as the identity on S is the identity element of G. Hence every j 2 G with j 6ˆ moves at least two elements of S: #fs 2 S: js 6ˆ sg > 2; or, equivalently, M : EŠ #fs 2 S: js 6ˆ sg > 2 #G: We now exress each of D B = A and D C = A by means of the formula given in Theorem 4.4. The set that lays the role of S in the formula for D C = A is G itself, on which G acts by left multilication. For each j 2 G with j 6ˆ, one has #fs 2 G: js 6ˆ sg ˆ#G; so the inequality just roved imlies that D M : E Š is B = A divisible by D 2 C = A. This roves Corollary 4.5. One can deduce from the roof of Corollary 4.5 that equality holds if and only if the inertia grou of any maximal ideal of C that is rami ed over A is generated by an element of G that acts as a transosition on S. We now rove (4.3). With a coef cient 6d! instead of 4m, this result is due to Stark [9, Lemma 9]. We indicate which change to make in his argument. By Corollary 4.5, the discriminant of the Galois closure M of K over Q divides D M : QŠ = 2. The different of N ˆ M K over M divides the different of K over K (see [9, Lemma 6]), so writing D for the norm from K to Q of the latter different, we nd that the discriminant of N over Q divides D M : QŠ D M : K Š. (This relaces Stark's bound D d!.) If the eld N has a conjugate N 0 6ˆ N, then the eld L ˆ N N 0 equals K N 0, so the different of L over N 0 divides the different of K over K, and one nds that the discriminant of L over Q divides 2 M : QŠ D D 4 M : K Š. (This relaces Stark's bound D 4 d!.) From D ˆ D 2 D and the de nition of m (given in Proosition 4.2) one nds that the discriminant of N and the discriminant of L (if it exists) both divide D m. With this bound, Stark's argument leads to (4.3). This comletes the roof of Proosition Zeta functions for nite rings For a ositive integer n, the size of the unit grou Z=nZ is not much smaller than the size of the full ring Z=nZ. More recisely, we have # Z=nZ > n e g o = log log n for n! (see [5, Theorem 328] and Remark 5.0 below). In the roof of Proosition 2.3 we shall need similar information for other nite rings. The natural tool for obtaining shar results is the theory of zeta functions for nite rings, to which the resent section is devoted. Ultimately, these results are resonsible for the factor log log q 2 aearing in the estimate of Proosition 2.3. The reader who is satis ed with the higher ower log log q 6 can ski most of this section (cf. Remark 6.5). We recall that rings in this aer are assumed to be commutative with unit element, and that the latter is suosed to be resected by ring homomorhisms and to belong to subrings. Let A be a nite ring. Following [7], we de ne the zeta function z A of A by z A s ˆY # A=M s ; M

17 a hyerellitic smoothness test, ii 2 where M ranges over the set of maximal ideals of A and s is a comlex variable. Using the fact that A is isomorhic to the roduct of its localizations A M (see [2, Theorem 8.7]), we nd the secial value 5: z A ˆ #A #A ; which exlains the relevance of zeta functions for our urose. The nilradical nil A of A is equal to the intersection of all maximal ideals (see [2, Corollary 8.2]); so the reduced ring A red ˆ A=nil A is given by A red ˆ Q M A=M. Clearly, we have 5:2 z A ˆ z Ared : One easily roves the functional equation z A s ˆ t #A red s z A s ; where t denotes the number of maximal ideals of A, which leads to another secial value: 5:3 z A ˆ t #A red : For a rime number l, let A l be the localization of A at l. Writing A as the roduct of the rings A l, with l ranging over the set of all rime numbers, one readily nds the Euler roduct 5:4 z A s ˆY P l l l s ; where P l is a olynomial with integer coef cients and constant term. One also nds that all zeros of P l are roots of unity (the Riemann hyothesis), and that the degree d l of P l is determined by #A red ˆ Y l d l : For all but nitely many l one has d l ˆ 0 and P l ˆ. Substituting s ˆ we nd that #A #A ˆ Y P l l > Y d l; 5:5 l l l which one can also easily rove without using zeta functions. As we just saw, =z A s has an Euler roduct in which the lth factor is a olynomial in l s. It is not hard to show that the same is true for z B s =z A s, where B is any subring of A. We shall rove the following more general result. Theorem 5.6. Let A be a nite ring, let B and C be subrings of A, and ut D ˆ B Ç C. Then we can write z B s z C s z A s z D s ˆ Y Q l l s ; l l rime where Q l is a olynomial with integer coef cients, all of whose zeros are roots of unity, with constant term, and with degree deg Q l determined by # A red = B red C red ˆ Y l deg Q l : l

18 22 h. w. lenstra jr, j. ila and carl omerance Note that B red and C red may be viewed as subrings of A red ;byb red C red we mean the additive subgrou they generate. Taking C ˆ B one recovers the earlier statement about z B s =z A s. It is not generally true that, for subrings B, C, E of A, the alternating roduct z B s z C s z E s z B Ç C Ç E s z A s z B Ç C s z B Ç E s z C Ç E s has the same general shae; a counterexamle is rovided by A ˆ F l F l F l, where l is any rime number, with B, C and E equal to the three subrings of A of order l 2. Proof of Theorem 5.6. Writing A as the roduct of the rings A l we immediately reduce to the case in which A ˆ A l for a single rime number l. Let this now be assumed. Next we shall relace A by A red, and B and C by their images B red and C red in A red. This relacement is justi ed by (5.2) and the equality 5:7 D red ˆ B red Ç C red (inside A red ), which we roceed to rove. The inclusion Ì is obvious. To rove É, suose that b 2 B and c 2 C have the same image x in A red. One readily shows that b l c l mod b c nil A, and, inductively, that b l n c l n mod b c nil A n for all ositive integers n. Now choose n so large that nil A n ˆ 0. Then it follows that b l n ˆ c l n, which is an element of B Ç C ˆ D. Choosing, in addition, n to be divisible by the degree of each eld A=M over F l, one sees that this element of D mas to x in A red. Hence we have x 2 D red. This roves (5.7). We may, and do, now assume that A ˆ A l ˆ A red, so that A is a roduct of nite elds of the same characteristic l, and likewise for the three subrings. From (5.4) it is clear that z B s z C s = z A s z D s is of the form Q l l s for some rational function Q l. We shall rove that Q l is actually a olynomial. Evidently, we can write Q l ˆ f =g, where f and g are olynomials with integer coef cients without common factor and with constant coef cients equal to. Since f and g are corime over the eld of rational numbers, we can nd olynomials u and v with integer coef cients such that uf vg ˆ N for some ositive integer N. Alying (5.3) to A, B, C and D, and using the fact that D ˆ B Ç C, we obtain Q l l ˆzB z C z A z D ˆ 6 #A #D #B #C ˆ 6# A = B C : This shows that the rational function Q l assumes an integer value at l. Let r be any rime number for which l r > #A, and let h 2 F l X Š be an irreducible olynomial of degree r. For any F l -algebra R, write temorarily R 0 ˆ R X Š=hR XŠ. The choice of r imlies that h is still irreducible over any residue class eld A=M of A, so each of the rings A=M 0 is again a eld, and A 0 is the roduct of these elds. A straightforward comutation now shows that z A 0 s ˆz A rs. Since we also have l r > #B, the corresonding statement for B is true as well, and likewise for C and D. Also, we may view B 0 and C 0 as subrings of A 0, with intersection D 0. Hence, alying what we roved above, we nd that Q l l r is an integer. We have shown that the rational function Q l ˆ f =g assumes integer values at

19 a hyerellitic smoothness test, ii 23 in nitely many oints l r. For each of them, g l r divides f l r, and therefore it divides u l r f l r v l r g l r ˆN as well. Thus, the olynomial g is bounded on an in nite set of integers. This imlies that g is constant, and in fact we have g ˆ since its constant term is. It follows that Q l ˆ f is a olynomial. The remaining assertions of the theorem are now immediate. In articular, the statement about deg Q l is obtained from the equality # A red = B red C red ˆ #A red #D red ; #B red #C red which follows from (5.7). This comletes the roof of Theorem 5.6. Remark. A more concetual roof of the fact that Q l is a olynomial may be sketched as follows. Let l be xed, and let K be an algebraic closure of F l. Write S A for the nite set of ring homomorhisms A! K. The Frobenius automorhism of K induces a ermutation of S A and therefore an automorhism f of the comlex vector sace C S A. One shows that the characteristic olynomial of f is equal to P l. Next, using the fact roven above that D red ˆ B red Ç C red, one shows that there is an exact sequence 0! C S D! C S B C S C! C S A of comlex vector saces, the mas resecting the action of f. Now, to rove that Q l is a olynomial, one observes that it is in fact the characteristic olynomial of the induced action of f on the cokernel of the rightmost ma. Corollary 5.8. Let A, B, C and D be as in Theorem 5.6, and let d be a nonnegative integer such that the nite abelian grou A=B can be generated by d elements. Then we have #A =#C #B =#D > #A=#C #B=#D Y d ; l where l ranges over rimes. l j # A = C Proof. Let Q l be as in Theorem 5.6. For any comlex root of unity h and any rime number l we have j h=lj > =l. Therefore we have Y Q l l > Y deg Q l: l l l If l does not divide the order of A=C, then it does not divide the order of its homomorhic image A red = B red C red either; so then we have deg Q l ˆ 0. The grou A red = B red C red is a homomorhic image of A=B, so it can be generated by d elements. It is also of square-free exonent, because A red is a roduct of elds. Therefore # A red = B red C red divides Q l d, the roduct ranging over the rimes dividing its order. This imlies that deg Q l < d for all l, and one obtains Corollary 5.8 from the inequality above and (5.). By means of the same argument one roves the uer bound #A =#C #B =#D < #A=#C #B=#D Y d : l l j # A = C

20 24 h. w. lenstra jr, j. ila and carl omerance The following lemma rovides an exlicit bound for the roduct aearing in Corollary 5.8. Lemma 5.9. Let P be a nite set of rime numbers. Then we have Y Y > 5 log log max l; 6000 : l l 2 P l 2 P Proof. If the cardinality of P is a given number k, then the roduct Y log log max l; 6000 Y l l 2 P is minimal when P consists of the rst k rimes. Hence, for the roof of Lemma 5.9 we may assume that P is the set of rime numbers less than or equal to x for some x >. According to [3, 3.6 and 3.30] we have log Y l > x for x > 4; log x l < x Y < e g log x for x > ; l log x l < x where l ranges over rimes and g 8 0: denotes Euler's constant. These inequalities and a small comutation imly that for x > 79 we have log log Y l Y > l 2 : l < x l < x Exlicit comutation for small x shows that this inequality holds in fact for x > 37, and that the conclusion of the lemma is valid for all x. This comletes the roof of Lemma 5.9. Remark 5.0. It is clear from the roof that the conclusion of the lemma holds with e g o as #P! in lace of 5. We have e g 8 : The order of a Picard grou Let K be an algebraic number eld, and let O be its ring of algebraic integers. Let R be an order in K, that is, a subring R of O for which the index O : R of additive grous is nite. By D R we denote the discriminant of R over Z, by Pic R the grou of classes of invertible ideals of R, and by h R the order of Pic R. The regulator of R is denoted by reg R, the torsion subgrou of R by m R, and the order of m R by w R. We write Z b for the ro nite comletion of Z, and ba for A Z Z b when A is a ring. One readily roves that the index bo : br of multilicative grous is nite; in fact, it is equal to O=F : R=F for any non-zero O-ideal F that is contained in R (for examle, F ˆ O : R O). By a formula of Dedekind, the number h R reg R= w R bo : br is the same for all orders R in K, so in fact h R reg R h O reg O 6: ˆ ; w R bo : br w O see [5, Theorem 3.7 and Corollary 4.6]. l 2 P

21 a hyerellitic smoothness test, ii 25 Next assume that K is a totally imaginary quadratic extension of a totally real eld K. We denote the non-trivial K -automorhism of K by an overhead bar. The degree of K over Q is denoted by d, and the ring of integers of K by O. We assume that R ˆ R, and we ut R ˆ R Ç O. Let K q 0 be the multilicative grou of totally ositive elements of K. We de ne the grou Pic R to consist of equivalence classes of airs I; b, where I Ì K is an invertible R-ideal and b 2 K q 0 is such that I I ˆ br; here we de ne two such airs I; b and J; g to be equivalent if there exists a 2 K with ai ˆ J and aab ˆ g. The grou multilication in Pic R is de ned by I; b I 0 ; b 0 ˆ II 0 ; bb 0. Theorem 6.2. With the notation and hyotheses as above, assume moreover that K does not contain an imaginary quadratic sub eld. Let d be the roduct of the rime numbers dividing O : R. Then Pic R is a nite grou of order at least d d w R jd R j= D R m 0 log D O d log jd O j 20 log log maxfd; 6000g d where m 0 equals 25, 45 or 5d! 5, according as d ˆ 2, dˆ 3, ord> 4. The roof of Theorem 6.2 is receded by two auxiliary results. We kee the notation and hyotheses as above; the secial condition on K in Theorem 6.2 is not needed in Lemmas 6.3 and 6.4. We denote by Pic R the grou of strict equivalence classes of invertible R -ideals, where I and J are called strictly equivalent if there exists a 2 K q 0 such that I ˆ aj. We write N for the norm ma K! K de ned by N x ˆxx, and for several mas that it induces. One of these mas is the ma Pic R! Pic R ; to see that it is de ned it suf ces to observe that the grous Pic R and Pic R may be identi ed with bk = br K and bk = br K q 0 resectively, the notation b being as above. Lemma 6.3. The grou Pic R is nite of order #C w R h O rego w O 2 d h O reg O w O bo : br bo : br ; where C denotes the cokernel of the ma N: Pic R! Pic R. Proof. Write R q 0 ˆ R Ç K q 0. The ma Pic R! Pic R sending the class of I; b to the class of I gives rise to an exact sequence! R q 0 =NR! Pic R! Pic R! N Pic R! C! : It follows that Pic R is nite of order #C h R # R q 0 =NR =#Pic R. The exact sequence! R q 0! R! K =K q 0! Pic R! Pic R! ; in which the middle grou has order 2 d, imlies that #Pic R ˆ 2 d h R =# R =R q 0 ;

22 26 h. w. lenstra jr, j. ila and carl omerance so we nd that h R #Pic R ˆ #C h R # R =NR 2 d : From # R =R 2 ˆ2 d it follows that the last factor on the right equals the inverse of the order of the grou NR =R 2. Since m R is the kernel of N: R! R, there is an exact sequence! m R R! R! N NR =R 2! : Hence we have 2 d =# R =NR ˆ# NR =R 2 ˆ R : m R R, and this is equal to the regulator of the subgrou m R R of R divided by reg R. The former regulator equals 2 d reg R, the factor 2 d coming from K being totally comlex and K being totally real. Thus we obtain #Pic R ˆ #C 2 d h R reg R : h R reg R Now aly Dedekind's formula (6.), both to R and to R, and use the fact that w R ˆ2, to conclude the roof of Lemma 6.3. Lemma 6.4. Let d be as in the statement of Theorem 6.2. Then we have bo : br bo : br > D R =D O = D R =D O : 5 log log maxfd; 6000g d Proof. Let F ˆ O : R O, which is an O-ideal contained in R. Likewise, F ˆ F Ç O is an O -ideal contained in R Ç O ˆ R. Let A be the nite ring O=F, and denote its subrings O =F and R=F by B and C, resectively. Then the ring D ˆ B Ç C is given by D ˆ R =F. The exression on the left in Lemma 6.4 is now equal to #A #D = #B #C, so we can aly Corollary 5.8; note that A=B can be generated by d elements, since it is a homomorhic image of the grou O=O. We nd that bo : br bo : br > #A=#C #B=#D Y d ; l l j # A = C with l ranging over rime numbers. By Lemma 5.9, the roduct aearing on the right is bounded below by 5 log log maxfd; 6000g d. We have q #A=#C ˆ O : R ˆ D R =D O ; and likewise #B=#D ˆ D R =D O. This roves Lemma 6.4. Remark 6.5. The weaker lower bound with denominator 5 log log maxfd; 6000g 3 d is much easier to obtain. It suf ces to aly (5.5) to A and D and to use the trivial uer bounds #B < #B and #C < #C. Proof of Theorem 6.2. We aly the formula of Lemma 6.3. The factor #C is obviously at least. For the last two factors we use the lower bounds rovided by