Factoring univariate polynomials over the rationals

Size: px

Start display at page:

Download "Factoring univariate polynomials over the rationals"

Lee Price
5 years ago
Views:

1 Factoring univariate polynomials over the rationals Tommy Hofmann TU Kaiserslautern November 21, 2017 Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

2 Factoring univariate polynomials over the rationals The problem Given f = a d X d + a d 1 X d a 0 Q[X ], find irreducible polynomials f 1,..., f r Q[X ] such that Example f = f 1 f 2 f r. Given f = X 5 + X 4 + X 2 + X + 2, we would like to find X 5 + X 4 + X 2 + X + 2 = (X 2 + X + 1)(X 3 X + 2). Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

3 An easy reduction Starting with arbitrary f = a d X d + a d 1 X d a 0 Q[X ], we can make the following assumptions: 1 f is square-free (easy square-free factorization). 2 f is integral, that is, f Z[X ] (multiply with a common denominator). 3 f is primitive, that is, gcd(a d, a d 1,..., a 0 ) = 1 (divide by the gcd). 4 f is monic (replace f by (a d ) d 1 f (X /a d )). Thus f is a monic, square-free, primitive polynomial in Z[X ]. A lemma of Gauß Since f is monic and primitive, the unique monic irreducible factors f i Q[X ] of f are also integral, that is, f = f 1 f 2 f r with f i Z[X ] monic and irreducible in Q[X ]. Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

4 Factorization of primitive, monic, polynomials in Z[X ] Good news There exists an algorithm for computing factorizations. Better news There exists a deterministic algorithm with running time polynomial in the size of the input. Most important news There exist fast implementations for computing factorizations. Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

5 Act 1: Where the problem is first solved Enter: Friedrich Theodor von Schubert, De inventione divisorum, 1793 Leopold Kronecker, Grundzüge einer arithmetischen Theorie der algebraischen Grössen, 1882 Schubert ( ) Kronecker ( ) Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

6 Factoring à la Schubert or Kronecker Underlying ideas If g Z[X ] divides f, then g(n) divides f (n) for all n Z. A polynomial g Z[X ] of degree k is uniquely determined by its values at k + 1 points. Theorem Pick distinct elements a 0,..., a k Z and compute the finite set S = {(d 0,..., d k ) Z k+1 such that d 0 f (a 0 ), d 1 f (a 1 ),..., d k f (a k )}. Then {divisors of degree k of f } {g Z[X ] g(a i ) = d i, 0 i k}. Corollary (d 0,...,d k ) S There exists an algorithm for factoring polynomials. Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

7 Factoring à la Schubert or Kronecker Example Consider f = X 5 + X 4 + X 2 + X + 2, k = 3 and pick a 0 = 1, a 1 = 0 and a 2 = 1. Then f (a 0 ) = 2 = f (a 1 ) and f (a 2 ) = 6. Thus S = { 2, 1, 1, 2} { 2, 1, 1, 2} { 6, 3, 2, 1, 1, 2, 3, 6} has cardinality #S = 128. If we pick (d 0, d 1, d 2 ) = (1, 1, 3), then p = X 2 + X + 1 is a divisor of f and Problems X 5 + X 4 + X 2 + X + 2 = (X 2 + X + 1)(X 3 X + 2). Factoring integers is kind of hard and we have 2 k many things to check. (An arithmetic and a combinatorial problem.) Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

8 Act 2: Where integer factorization has to go Enter: Hans Zassenhaus, On Hensel Factorization, I, 1969 Elwyn Berlekamp, Factoring Polynomials Over Large Finite Fields, 1970 Berlekamp (1940 ) Zassenhaus ( ) Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

9 Factoring à la Berlekamp or Zassenhaus Underlying ideas There exists an a priori bound for the size of the coefficients of possible factors. Factorization modulo primes or prime powers is unique (for properly chosen primes) and can be computed efficiently. First ingredient: A bound for the output There exists a bound C R >0, such that for any divisor g Z[X ] of f we have g max C. Moreover C can be chosen such that log(c) O(poly(d, log( f max ))) and C can be computed in polynomial time from the coefficients of f. (Collins, Knuth, Mignotte, Zassenhaus, Granville,... ) Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

10 Factoring à la Berlekamp or Zassenhaus Second ingredient (Berlekamp) Fix a prime p such that p > 2C. Compute the factorization f = r i=1 g i with g i F p [X ] monic and irreducible (in polynomial time). Second ingredient (Zassenhaus) Fix a prime p and an exponent e > 0 such that f F p [X ] is squarefree and p e > 2C. Compute the factorization of f modulo p and lift it to a factorization f = r i=1 g i over Z/p e Z[X ] with g i Z[X ] monic and irreducible modulo p. In both cases we obtain an integer M > 2C and the unique factorization in Z/MZ[X ]. f = r i=1 g i Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

11 Factoring à la Berlekamp or Zassenhaus Let M be as before. Third ingredient If g Z[X ] is an irreducible factor of f, then there exists a unique set {i 1,..., i s } {1,..., r} such that g = g i1 g is. Moreover, g is the unique lift of g i1 g ir ( M/2, M/2). with coefficients in Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

12 Factoring à la Berlekamp or Zassenhaus Berlekamp Zassenhaus algorithm 1 Find M > 2C such that f has a unique factorization f = g 1... g r in Z/MZ[X ] with g i Z[X ] irreducible modulo M. 2 For every subset S {1,..., r} compute the unique g Z[X ] with coefficients in ( M/2, M/2) such that g = i S g i. If g divides f, restart with input f /g and g and merge the results. 3 If we do not find a suitable g, f is irreducible. Theorem The running time of the Berlekamp Zassenhaus algorithm is in O(2 r 1 poly(d, f max )). Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

13 Factoring à la Berlekamp or Zassenhaus Example (Berlekamp big prime flavor) Consider f = X 4 + X 3 + 4X 2 + X + 3 Q[X ]. Then p = 577 is a big enough prime and f (X + 24) (X + 185) (X + 393) (X + 553) modpz[x ]. }{{}}{{}}{{}}{{} g 1 g 2 g 3 g 4 Thus there are 2 3 = 8 combinations to check. For S {1, 2, 3, 4} with #S = 1 we don t find a factor. If we choose S = {1, 4} we find g = X with g (X + 24)(X + 553) mod pz[x ]. By testing divisibility we see that g f and f = (X 2 + 1)(X 2 + X + 3). Next step would show that f /g and g are irreducible. Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

14 Factoring à la Berlekamp or Zassenhaus Remarks The factor 2 r 1 makes the running time of the algorithm exponential. The algorithm is very slow if the polynomial has lots of factors modulo p. Works quite well in practice on random input. (A random polynomial of degree d over F p has log(d) many irreducible factors). But worst case is much worse then the random case. Swinnerton-Dyer polynomials For n Z 1 denote by p n the n-th prime number. The polynomial S n = (x ± 2 ± 3 ± ± p n ) Z[X ] is irreducible of degree 2 n and factors into linear and quadratic factors modulo every prime. Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

15 Act 3: Where lattices appear Enter: Arjen Lenstra, Hendrik Lenstra, László Lovász, Factoring Polynomials with Rationals Coefficients, 1982 A. Lenstra (1956 ) H. Lenstra (1949 ) Lovász (1948 ) Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

16 Factoring à la Lenstra Lenstra Lovász Underlying ideas Lemma A factor of a polynomial must come from a short vector in a lattice. The approximated shortest vector problem is solvable in polynomial time. Assume that f, g Z[X ] have degree n and k and that u Z[X ] is non-constant, monic and divides both f and g modulo m for some m Z 1 with res(f, g) f k g n m. Then gcd(f, g) Z[X ] is non-constant. (If two polynomials in Z[X ] have a non-constant common divisor modulo m for some m larger then the resultant, then they must have a non-constant common factor in Z[X ]). Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

17 Factoring à la Lenstra Lenstra Lovász Lattices A subgroup L R n is called a lattice, if there exists f 1,..., f k R n with { r } L = r i f i r 1,..., r n Z. i=1 An element f L \ {0} with f min g L\{0} g is called a shortest vector. If we weaken it to f 2 (n 1)/2 min g L\{0} g, f is called an approximate shortest vector. Theorem (Lenstra Lenstra Lovász) There exists a polynomial time algorithm (LLL algorithm) for computing reduced bases (LLL bases). The first element of a reduced basis is an approximate shortest vector. Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

18 Factoring à la Lenstra Lenstra Lovász Let u be a divisor of f modulo m of degree d < n. We want to translate the existence of g into a lattice problem. Assume we are looking for g of degree < j. We identify {h Z[X ] deg(h) < j} Z j, i a i X i (a j 1,..., a 0 ). Consider the lattice L u Z j spanned by {ux i 0 i < j d} {mx i 0 i < d}. Then for g Z[X ] we have g L if and only if deg(g) < j and u divides g modulo m. Thus if g comes from a short element in L u, then this will give us a factor of f. Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

19 Factoring à la Lenstra Lenstra Lovász 1 Fix a prime p such that f F p [X ] is squarefree and compute a factorization r f = g i in Z/p l Z[X ] i=1 with g i Z[X ] monic and irreducible modulo p and l large enough. 2 For every g i construct the lattice L gi (with j = n) and compute a LLL-basis (b 1,..., b n+1 ) of L gi. If b 1 some explicit bound, gcd(b 1, f ) is nontrivial and we continue recursively. Otherwise f is irreducible. Theorem (Lenstra Lenstra Lovász) The running time of the algorithm is in O(n 12 + n 9 (log f ) 3 ). Thus polynomials in Q[X ] can be factored in (deterministic) polynomial time. Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

20 Factoring à la Lenstra Lenstra Lovász Problems In the worst case, one has to do Hensel lifting to huge precision, which is followed by LLL on matrices with large coefficients. Berlekamp Zassenhaus algorithm is much faster in practice (on average). Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

21 Act 4: Where approximations appear Enter: Arnold Schönhage, Factorization of Univariate Integer Polynomials by Diophantine Approximation and an Improved Basis Reduction Algorithm, 1982 Schönhage (1934 ) Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

22 Factoring à la Schönhage Underlying idea Every irreducible factor of f is the minimal polynomial of a root of f. Approximation of algebraic numbers can be done using reduced bases. Let us fix a zero α R of f and denote by g the corresponding factor of f. First ingredient: Approximation of zeros We can find an approximation ᾱ Q with α ᾱ < 2 k in polynomial time. Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

23 Factoring à la Schönhage Second ingredient: Lattices Fix a precision c = 2 k and consider the lattice Λ m spanned by the columns of ᾱ 0 ᾱ 1 ᾱ m c Mat (m+1) (m+1)(q). 0 0 c Consider the map Φ: Z[X ] m Λ m, a i X i a i v i, where v i are the columns of the matrix. If Φ(g) is small, then g(α) = 0. If g(α) 0, then Φ(g) is big. Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

24 Factoring à la Schönhage 1 Compute an approximation ᾱ of a root of f. 2 For i = 1,..., deg(f ) construct the lattice Λ m. Compute the first basis element b 1 of a reduced basis of Λ m. Let g be the corresponding polynomial and h the primitive part of g. If h is small enough, continue with f /h etc. Theorem (Schönhage) The running time of the algorithm is in O(n 8 + n 5 (log f ) 3 ). Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

25 Act 5: Where we go back to the roots Enter: Mark van Hoeij, Factoring Polynomials and the Knapsack Problem, 2001 van Hoeij (1969 ) Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

26 Factoring à la van Hoeij Recall At the end of the Berlekamp Zassenhaus algorithm we have the recombination problem. Which of the 2 r combinations give us the true factors of f? Lenstra Lenstra Lovász avoided this by directly reconstructing the true factors using lattice reduction. Underlying idea Solve the recombination problem using lattice reduction (Knapsack problem). Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

27 Factoring à la van Hoeij We let f = g 1 g s Z[X ] and f = f 1 f r Z p [X ], where Z p are the p-adic integers. For v = (v 1,..., v r ) {0, 1} r we write g v = r i=1 f v i i. Problem For which v {0, 1} r do we have g v Z[X ]? Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

28 Factoring à la van Hoeij We let f = g 1 g s Z[X ] and f = f 1 f r Z p [X ]. For v = (v 1,..., v r ) {0, 1} r we write g v = r f v i i=1 i. First ingredient: Linearization We define Φ: Q p (X ) /Q p Q p (X ), g f g g. (Multiply f with the logarithmic derivative). For v 1, v 2 Z r we have Φ(g v1 ) + Φ(g v2 ) = Φ(g v1 +v 2 ). For all v Z r we have Φ(g v ) Z p [X ]. Let w 1,..., w s Z r with g wi = g i (this is what we are looking for) and define W = w 1,..., w s Z r. Then for v Z r we have v W if and only if Φ(g v ) Z[X ]. New problem Find W (and then the canonical basis w 1,..., w s ). Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

29 Factoring à la van Hoeij How to find W? Start with L = Z r and as long as W L, find L with W L L. Lattice reduction For v Z r we have v W if and only if Φ(g v ) Z p [X ] \ Z[X ]. We write Φ( f j ) n 1 i=0 b i,jx i mod p k and define Λ as the lattice spanned by the columns of ( ) b 0,1 b 0,r Ir 0 A = Ã p k I n where Ã = b n 1,1 b n 1,r Now use LLL on this lattice to find elements in L \ W or show that W = L. Theorem (van Hoeij) This algorithm works. Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

30 Factoring à la van Hoeij Why is it better then the original algorithm of Lenstra Lenstra Lovász? Instead of computing the coefficients of the irreducible factors, lattice reduction is used only to compute the 0-1 vectors. If a try with a too small precision fails in the original algorithm, we do not gain any information. In the van Hoeij algorithm, it is very often the case that we still gain information (we can compute a smaller lattice L ). Remark Berlekamp Zassenhaus: In theory slow, in practice fast. Lenstra Lenstra Lovász: In theory fast, in practice slow. (original) van Hoeij: In theory slow (no complexity bound), in practice fast. Hart Novocin van Hoeij: In theory fast, in practice fast. Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

31 Thanks! Tommy Hofmann Factoring polynomials over the rationals November 21, / 31

Factoring Polynomials with Rational Coecients. Kenneth Giuliani

Factoring Polynomials with Rational Coecients Kenneth Giuliani 17 April 1998 1 Introduction Factorization is a problem well-studied in mathematics. Of particular focus is factorization within unique factorization