Irregular Primes and Cyclotomic Invariants to 12 Million

Similar documents
KUMMER S LEMMA KEITH CONRAD

Old and new algorithms for computing Bernoulli numbers

Class groups and Galois representations

CYCLOTOMIC INVARIANTS FOR PRIMES BETWEEN AND

On The Weights of Binary Irreducible Cyclic Codes

SOME AMAZING PROPERTIES OF THE FUNCTION f(x) = x 2 * David M. Goldschmidt University of California, Berkeley U.S.A.

Primes of the Form n! ± 1 and p ± 1

ON THE SEMIPRIMITIVITY OF CYCLIC CODES

Polynomial arithmetic and applications in number theory

Galois groups with restricted ramification

Power integral bases in prime-power cyclotomic fields. January 21, 2005

Irregular Prime Divisors of the Bernoulli Numbers

p-class Groups of Cyclic Number Fields of Odd Prime Degree

SIMPLE RADICAL EXTENSIONS

FERMAT S LAST THEOREM FOR REGULAR PRIMES KEITH CONRAD

Lucas Lehmer primality test - Wikipedia, the free encyclopedia

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

A new family of character combinations of Hurwitz zeta functions that vanish to second order

A Search for Large Twin Prime Pairs. By R. E. Crandall and M. A. Penk. Abstract. Two methods are discussed for finding large integers m such that m I

SOLVING SOLVABLE QUINTICS. D. S. Dummit

Quasi-reducible Polynomials

Three Ways to Test Irreducibility

DONG QUAN NGOC NGUYEN

Mathematics for Cryptography

Lemma 1.1. The field K embeds as a subfield of Q(ζ D ).

KUMMER S CRITERION ON CLASS NUMBERS OF CYCLOTOMIC FIELDS

COMPUTER ARITHMETIC. 13/05/2010 cryptography - math background pp. 1 / 162

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

SECOND-ORDER RECURRENCES. Lawrence Somer Department of Mathematics, Catholic University of America, Washington, D.C

Three Ways to Test Irreducibility

ERIC LARSON AND LARRY ROLEN

ON THE EQUATION X n 1 = BZ n. 1. Introduction

CYCLOTOMIC FIELDS CARL ERICKSON

ON THE DISTRIBUTION OF CLASS GROUPS OF NUMBER FIELDS

Math Topics in Algebra Course Notes: A Proof of Fermat s Last Theorem. Spring 2013

ALGEBRA PH.D. QUALIFYING EXAM September 27, 2008

Section X.55. Cyclotomic Extensions

Pacific Journal of Mathematics

Bulletin of the Transilvania University of Braşov Vol 7(56), No Series III: Mathematics, Informatics, Physics, 59-64

CHAPTER 0 PRELIMINARY MATERIAL. Paul Vojta. University of California, Berkeley. 18 February 1998

A combinatorial problem related to Mahler s measure

MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES

TAMAGAWA NUMBERS OF ELLIPTIC CURVES WITH C 13 TORSION OVER QUADRATIC FIELDS

arxiv: v1 [math.nt] 9 Jan 2019

Math 229: Introduction to Analytic Number Theory Elementary approaches I: Variations on a theme of Euclid

Math 429/581 (Advanced) Group Theory. Summary of Definitions, Examples, and Theorems by Stefan Gille

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

ECEN 5022 Cryptography

1 Rings 1 RINGS 1. Theorem 1.1 (Substitution Principle). Let ϕ : R R be a ring homomorphism

Maximal Class Numbers of CM Number Fields

RUDIMENTARY GALOIS THEORY

Elliptic Curves Spring 2013 Lecture #12 03/19/2013

Workshop on Serre s Modularity Conjecture: the level one case

The primitive root theorem

Section VI.33. Finite Fields

1, for s = σ + it where σ, t R and σ > 1

STRINGS OF CONSECUTIVE PRIMES IN FUNCTION FIELDS NOAM TANNER

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

Abstracts of papers. Amod Agashe

A Generalization of Wilson s Theorem

Faster integer multiplication using short lattice vectors

Polygonal Numbers, Primes and Ternary Quadratic Forms

AVERAGE RECIPROCALS OF THE ORDER OF a MODULO n

ON TAMELY RAMIFIED IWASAWA MODULES FOR THE CYCLOTOMIC p -EXTENSION OF ABELIAN FIELDS

NOTES ON FINITE FIELDS

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

198 VOLUME 46/47, NUMBER 3

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Mahler s Polynomials and the Roots of Unity

SOME CONGRUENCES ASSOCIATED WITH THE EQUATION X α = X β IN CERTAIN FINITE SEMIGROUPS

C.T.Chong National University of Singapore

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Algebraic Number Theory Notes: Local Fields

On the Linear Complexity of Legendre-Sidelnikov Sequences

Part II. Number Theory. Year

A BRIEF INTRODUCTION TO LOCAL FIELDS

Some Results on the Arithmetic Correlation of Sequences

Multiplicative Order of Gauss Periods

= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

Fermat numbers and integers of the form a k + a l + p α

Balanced subgroups of the multiplicative group

7.2 Applications of Euler s and Fermat s Theorem.

A CONGRUENTIAL IDENTITY AND THE 2-ADIC ORDER OF LACUNARY SUMS OF BINOMIAL COEFFICIENTS

On a Theorem of Dedekind

GALOIS THEORY. Contents

A Few Primality Testing Algorithms

Introduction to finite fields

Galois groups of polynomials and the construction of finite fields

arxiv:math/ v1 [math.nt] 17 Apr 2006

CYCLICITY OF (Z/(p))

THESIS. Presented in Partial Fulfillment of the Requirements for the Degree Master of Science in the Graduate School of The Ohio State University

Outline. MSRI-UP 2009 Coding Theory Seminar, Week 2. The definition. Link to polynomials

Integer multiplication with generalized Fermat primes

Basic elements of number theory

Basic elements of number theory

1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation

1 The Galois Group of a Quadratic

TWO NEW FACTORS OF FERMAT NUMBERS

Frequency Domain Finite Field Arithmetic for Elliptic Curve Cryptography

Standard forms for writing numbers

Transcription:

J. Symbolic Computation (2001) 31, 89 96 doi:10.1006/jsco.1999.1011 Available online at http://www.idealibrary.com on Irregular Primes and Cyclotomic Invariants to 12 Million JOE BUHLER, RICHARD CRANDALL, REIJO ERNVALL, TAUNO METSÄNKYLÄ AND M. AMIN SHOKROLLAHI Department of Mathematics, Reed College, Portland, Oregon, U.S.A. Center for Advanced Computation, Reed College, Portland, Oregon, U.S.A. Forssa Institute of Technology, Forssa, Finland Department of Mathematics, University of Turku, Turku, Finland Bell-Labs, Murray Hill, NJ, U.S.A. Computations of irregular primes and associated cyclotomic invariants were extended to all primes up to 12 million using multisectioning/convolution methods and a novel approach which originated in the study of Stickelberger codes (Shokrollahi, 1996). The latter idea reduces the problem to that of finding zeros of a polynomial over F p of degree < (p 1)/2 among the quadratic nonresidues mod p. Use of fast polynomial gcdalgorithms gives an O(p log 2 p log log p)-algorithm for this task. A more efficient algorithm, with comparable asymptotic running time, can be obtained by using Schönhage Strassen integer multiplication techniques and fast multiple polynomial evaluation algorithms; this approach is particularly efficient when run on primes p for which p 1 has small prime factors. We also give some improvements on previous implementations for verifying the Kummer Vandiver conjecture and for computing the cyclotomic invariants of a prime. c 2001 Academic Press 1. Introduction In what follows p always denotes an odd prime. The Bernoulli numbers B t are rational numbers defined by the formal identity x e x 1 = x t B t t!. The odd-index Bernoulli numbers B 2n+1 are zero except for B 1. A pair (p, 2t), 0 < t < (p 1)/2 is called irregular, if and only if p divides B 2t. The number of irregular pairs for p is called the index of irregularity of p, and is denoted by i(p); p is called regular if i(p) = 0, and is called irregular otherwise. The irregular pairs were computed for primes less than 125 000 by Wagstaff (1978) and then to 150 000 by Tanner and Wagstaff (1987). These algorithms were quadratic in the sense that the running time for a fixed prime p is proportional to p 2. Buhler et al. (1992) were the first to invent an O(p 1+ε )-algorithm for this task and used their method to extend the computations of irregular pairs to 1 million. Their approach which we shall call the power series method is based on the inversion of the power series (e x 1)/x = k=1 xk 1 /k! modulo x p 1 over F p. This method, combined with 0747 7171/01/010089 + 08 $35.00/0 c 2001 Academic Press t=0

90 J. Buhler et al. further memory-saving strategies, was taken up again by Buhler et al. (1993) to extend previous computations to 4 million. Associated to each irregular prime p there are the so-called cyclotomic invariants which describe the class groups of the cyclotomic fields with p-power conductor. These invariants are known up to 4 million as well, thanks to Wagstaff (1978), Ernvall and Metsänkylä (1991), Ernvall and Metsänkylä (1992), Buhler et al. (1993). In addition, the computations of irregular pairs are the starting point for a verification of the Kummer Vandiver conjecture. We report on an extension of all of the above computations to primes between 4 and 12 million. 2. Algorithms We used two entirely different algorithms: the first was based on the power series method, combined with enhanced multisectioning and convolution algorithms, see Buhler et al. (1993) and Crandall (1996). The second method, which we call the root finding method, is a novel approach which originated in the study of Stickelberger codes initiated in Shokrollahi (1996). It is asymptotically comparable to Buhler et al. s approach, but allows for great memory and running time savings if p 1 has only small prime divisors, as explained below. Fix a prime p and let w be a fixed primitive root modulo p. For a Z let R(a) be the least nonnegative residue congruent to a modulo p, and for an integer c with 1 c p 1 let p 2 cr(w j ) h c (x) := x j F p [x]. p j=0 This polynomial arises as a generator polynomial for the Stickelberger code. The root finding method is based on the following property of these polynomials. Theorem 2.1. If p is an odd prime, c is an integer such that 1 c p 1, and k is an integer such that 1 < k < p 1 then h c (w k ) (c c k ) B p k mod p. p k Proof. Our proof is taken from Shokrollahi (1995). The elements of the galois group G of the pth cyclotomic field over Q are the σ c : ζ ζ c, 1 c p 1, where ζ = e 2πi/p. The group ring F p [G] is isomorphic to F p [x]/(x p 1 1) via the morphism ϕ of F p -algebras sending σ w to x mod (x p 1 1). Let θ := 1 p d dσ 1 d Q[G] be the Stickelberger element. Then p 1 ( cd (c σ c )θ = p R(cd) ) σ 1 d p d=1 p 1 cd = σ 1 d p d=1 p 2 cr(w j ) = σ j p w. j=0

Irregular Primes to Twelve Million 91 We thus deduce that (c σ c )θ mod p is a well-defined element of F p [G] and ϕ((c σ c )θ mod p) = h c mod (x p 1 1). Let ω be the Teichmüller character of G, i.e. ω(σ c ) c mod p, and consider the central primitive idempotents ε ω k := 1 p 1 p 1 c=1 ωk (σ c )σc 1 of Z p [G] corresponding to ω k for 0 k p 2. Note that We deduce that ε ω kσ c = ω k (σ c )ε ω k. (2.1) ε ω k(c σ c )θ = (c ω k (σ c ))B 1,ω kε ω k, where B 1,ω k := 1 p 1 p c=1 cω k (σ c ) is the first generalized Bernoulli number corresponding to ω k. We remark that B 1,ω k Z p for k 1, and B 1,ω k = 0 if k is nonzero and even (cf. Washington, 1982, p. 31). We further deduce from (2.1) that for all γ Z p [G] and all k 1 we have: ϕ(ε ω kγ mod p) ϕ(γ mod p)(w k )ϕ(ε ω k mod p) mod pz p [x](x p 1 1), where ϕ(γ mod p)(w k ) Z p is the value of ϕ(γ mod p) (regarded as a polynomial over Z p ) at w k. (We have to exclude k = 1 since B 1,ω 1 Z p.) Altogether this gives h c (w k ) (c c k )B 1,ω k for 0 k p 2, k 1. Now we use the congruence B 1,ω n B n+1 n + 1 mod p holding for all odd n satisfying n 1 mod p 1, (see Washington, 1982, Corollary 5.15). This gives the assertion of the theorem for odd k with 1 < k p 2. For even k in this range the congruence is trivially valid since both sides vanish mod p. We thus need to find the roots of f among the quadratic nonresidues of F p. Use of fast gcd-algorithms gives an O(p log 2 p log log p) algorithm for this task (see, e.g. Bürgisser et al., 1996, Chapter 3). The first step towards a faster algorithm is the following: the polynomial (x N + 1), N = (p 1)/2, whose roots are the quadratic nonresidues in F p, has a factorization d 1 x N + 1 = (x q w (2j+1)q ), j=0 where q is any divisor of N and d = N/q. Letting q be the largest prime divisor of N, we can efficiently compute the polynomials f j (x) := f(x) mod (x q w (2j+1)q ) by using the same idea as in the multiple evaluation algorithm of Borodin and Moenck (1974) (see also Bürgisser et al., 1996). This strategy reduces the problem to that of finding the roots of a polynomial of degree < q among the (p 1)/qth roots of unity in F p. Employing Bluestein s trick (Bluestein, 1970, or Schönhage, 1982, equation 3.2), this problem is reduced to computing a (nega)cyclic convolution of two vectors of length q. Following a suggestion of Schönhage (1995) we transformed the latter problem to an instance of integer multiplication using his method described in Schönhage (1982). Further savings can be achieved by noting that whenever we compute the zeros of the polynomial f in a certain coset of a fixed subgroup of F p, we are actually computing the polynomial product of two polynomials h and v one of which, say v, is fixed for all the

92 J. Buhler et al. different cosets. So we are actually dealing with the problem of multiplying one integer with several other integers. This can be solved efficiently in the following way: we use the Schönhage Strassen algorithm for multiplying integers. In a first step we generate v and its Fourier transform and store it. Then, for each h encountered, we compute its transform, multiply it with the transform of v, and transform the product back. This reduces the number of Fourier transforms per polynomial multiplication from three to two. Another improvement can be gained using an idea of Reischert (1995): If p is not a Fermat prime, then the largest prime factor of p 1 is odd, hence we have to perform a negacyclic convolution of h and v. Translated into integer multiplication, this means that we are performing multiplication modulo 2 m + 1 for some m. If m is such that 32m = 2 k l < (2k 1)2 2k, then one can perform the Schönhage Strassen multiplication algorithm to compute this integer product (see Schönhage et al., 1994, p. 32). About 60% of the 256 631 primes between 4 and 8 million were processed by the root finding method on a cluster of 56 SPARC-stations of the Department of Computer Science, University of Bonn, and of the Gesellschaft für Mathematik und Datenverarbeitung, Bonn. The program was written in TP-code (Schönhage et al., 1994). TP is an invention of Schönhage and simulates a multitape Turing machine. It is a software implementation of a Turing Processor, which can be programmed via TPAL, the Turing Processor Assembly Language. Currently, there exists a substantial collection of algorithms written in TPAL, including the classical routines for computing with integers and many of the asymptotically fast algorithms for this domain. These clean and efficient implementations made TP the natural choice to implement the root finding method in. The different primes were distributed among the machines available using a resource management program written by Vetter (1995). The remaining 40% of the primes less than 8 million were handled by the power series method run on a cluster of 100 workstations at NeXT Software, Inc. The convolution algorithms involved are described in detail (including C source code) in Crandall (1996). Using similar algorithms, almost all of the 248 283 primes between 8 and 12 million were handled by a cluster of Alpha processors at the Center for Communications Research in Princeton, New Jersey. We used the three implementations to extensively cross-check the results of the different algorithms. Besides these checks, we incorporated internal check-sum identities: the power series method used the identity p 3 n=0 2n (n + 1)B n 4 mod p derived in Buhler et al. (1992). The root finding method was checked with the identity t f(t) = (p 1)f(0)/2 holding for all polynomials f over F p of degree less than (p 1)/2, where t runs over the quadratic nonresidues of F p. These tests seem to be very stringent, and give us considerable confidence in the accuracy of our lists of irregular pairs. 3. Results Incorporating the earlier data on primes less than 4 million, we find that the number N k of (odd) primes less than 12 million with index of irregularity i(p) equal to k is given in the following table.

Irregular Primes to Twelve Million 93 k 0 1 2 3 4 5 6 7 N k 477616 239483 59710 9824 1282 127 13 4 p k 0.606066 0.303890 0.075768 0.012466 0.001627 0.000161 0.000016 0.000005 1/k!2 k e 0.606531 0.303265 0.075816 0.012636 0.001580 0.000158 0.000013 0.000001 Here p k is the proportion of primes that have index k, i.e. N k divided by the number of odd primes less than 12 million. The bottom line gives the natural heuristic for that fraction, noticed by Lehmer, Siegel, and others. Namely, if the numerators of the Bernoulli numbers are uniformly distributed mod p then for each prime p there are roughly p/2 events where the probability of success is 1/p so that one expects the distribution to be Poisson with mean 1/2. Several people have asked whether or not the proportions have any trend. To briefly answer that question we give the counts for each interval of length 1 million, including the corresponding proportion given in brackets for indices less than 5. The nth line gives the counts and proportions for primes p between (n 1) 10 6 and n 10 6. k : 0 1 2 3 4 5 6 7 0 1 47627 [0.60674] 23816 [0.30340] 5954 [0.07585] 956 [0.01218] 132 11 1 0 1 2 42488 [0.60322] 21494 [0.30516] 5442 [0.07726] 891 [0.01265] 106 11 3 0 2 3 41099 [0.60544] 20705 [0.30501] 5089 [0.07497] 851 [0.01254] 122 14 3 0 3 4 40334 [0.60808] 20022 [0.30185] 5038 [0.07595] 835 [0.01259] 81 19 0 1 4 5 39409 [0.60289] 19995 [0.30589] 5006 [0.07658] 825 [0.01262] 124 6 2 0 5 6 38972 [0.60576] 19634 [0.30518] 4816 [0.07486] 819 [0.01273] 81 11 1 2 6 7 38714 [0.60681] 19319 [0.30281] 4856 [0.07611] 798 [0.01251] 97 14 1 0 7 8 38405 [0.60836] 19019 [0.30127] 4801 [0.07605] 790 [0.01251] 106 7 1 0 8 9 38238 [0.60974] 18853 [0.30063] 4740 [0.07558] 779 [0.01242] 94 8 0 0 9 10 37423 [0.60272] 19080 [0.30730] 4706 [0.07579] 741 [0.01193] 125 13 1 1 10 11 37519 [0.60575] 18934 [0.30569] 4607 [0.07438] 771 [0.01245] 102 5 0 0 11 12 37388 [0.60751] 18612 [0.30242] 4655 [0.07564] 768 [0.01248] 112 8 0 0 No statistically significant trend seems apparent; chi-square tests suggest that the observed deviation from the Poisson hypothesis is well within expected random variation. The table itself can be obtained (at least, in 1999) by anonymous ftp from ftp.reed.edu in the directory reed/users/jpb. The four primes of index 7 are 3 238 481, known from earlier computations, and three new ones: 5 216 111, 5 620 861, and 9 208 289. As described in Buhler et al. (1993) and references therein, the calculation of irregular pairs is the first (and most time-consuming) step in calculating the so-called cyclotomic invariants and in verifying the Kummer Vandiver conjecture. This conjecture asserts that the class number h + p of the totally real subfield Q(cos(2π/p)) of the field of pth roots of unity is prime to p. There are reasons to believe that the conjecture is true and reasons to believe that it is false; it follows from our computations that any counterexample has to have p larger than 12 million. Similarly, there were no surprising results in the calculation of the cyclotomic invariants. In particular, the class groups behave as expected (see Buhler et al., 1993) and the lambda-invariant is equal to the index of irregularity for all primes up to 12 million. On heuristic grounds there is a small probability that the lambda-invariant could be larger than the index of irregularity (see Washington, 1982, or Washington s appendix in Lang, 1990, for a thorough discussion), but so far this has not happened.

94 J. Buhler et al. In both of the Kummer Vandiver and cyclotomic invariant calculations it is interesting to assess the probability of an exceptional event (i.e. a counterexample to the Kummer Vandiver conjecture or a lambda-invariant exceeding the index of irregularity). In both cases some tempting heuristics (along the lines of assuming that various integers that arise are uniformly distributed mod p) lead to a prediction that the number of exceptional events up to x is asymptotic to p<x 1/p. This sum diverges very slowly, so perhaps it is not surprising that no such events have been observed. However, it is clear that this heuristic does not capture the whole story; for instance, the class number h + p is likely to be small for small p and therefore p can not divide h + p for small p. Of course, one possible explanation for the lack of exceptional events is that none exist; i.e. these heuristics might well be wrong. For a more thorough discussion of some of these questions see Washington (1982), Lang (1990), or Banaszak et al. (1996). 4. Vandiver and Cyclotomic Tests For primes under 125 000, Wagstaff noted that the calculation of the irregular indices dwarfed the time required to compute the cyclotomic invariants and the time required to check Kummer Vandiver. However, naive implementations have complexity O(p log 2+ɛ p), and this back-of-the-envelope asymptotic complexity has turned out to be accurate: as the primes increased the proportion of time required by these secondary tests became more and more noticeable. Two simple devices reduced the complexity to O(p log 1+ɛ p), and greatly expedited this part of the calculations. First, recall from Ernvall and Metsänkylä (1992) that the computation of the cyclotomic invariants involves the computation of the sums S 1 := (p 1)/2 x=1 x t 1 q x mod p, S 3 := (p 1)/2 x=1 x t 1 mod p 2 where (p, t) is an irregular pair and q x = (x p 1 1)/p mod p is the Fermat quotient at x. Rather than computing these sums in a straightforward way, Ernvall and Metsänkylä (1992) found it convenient to pass from x to 2x or p 2x according to whether 2x was less than (p 1)/2 or not. We keep track of the orbits of multiplication by 2 by keeping an array of (p 1)/2 bits and mark each value of x as it is visited. This process is expedited by the observation that q 2x = q x + q 2 if 2x < p/2 and q p 2x = q 2 + q x + (2x) 1 if p/2 < 2x. Now we consider the test of the Kummer Vandiver conjecture. Briefly (see Washington, 1982, for details), the class number h + p is the index of the cyclotomic units inside the real units of the pth cyclotomic field. To check that this index is prime to p it is useful to exploit the action of the galois group and check eigenspaces for characters of the galois group, which can be done by checking that an explicit cyclotomic unit lying in that eigenspace is not a pth power. It turns out that this is equivalent to verifying that for each irregular pair (p, t) the unit p 1 ( ζ wc/2 ζ wc/2 c=1 ζ c/2 ζ c/2 ) c p 1 t is not a pth power (where, as above, w is a primitive root mod p, and ζ = e 2πi/p ). It

Irregular Primes to Twelve Million 95 suffices to verify that this is not a pth power for some prime ideal of degree one. By some further algebra, this reduces to the following test: let q be a prime congruent to 1 modulo p, z be a pth root of unity mod q, and V p,t = (p 1)/2 c=1 (z c z c ) cp 1 t mod q. Then to check that the above unit is not a pth power it suffices (Washington, 1982) to check that V (q 1)/p p,t is not congruent to 1 modulo q. In all cases, we found that it sufficed to take q to be the smallest prime congruent to 1 mod p, and z = 2 (q 1)/p. Historically, this test was devised by Vandiver, building on Kummer s results on cyclotomic fields, in connection with Fermat s last theorem: Vandiver proved that Fermat s last theorem is true for p if there is a prime q less than p 2 p such that the above criterion is true for all irregular pairs (p, t) for the given prime p. One observation that simplifies the calculation of V p,t slightly is that we only need to calculate c p 1 t modulo p (rather than q 1) since we later raise V p,t to the power (q 1)/p. However, a dramatic speed-up (for which we thank Peter Montgomery) is obtained by caching the exponentiations for evaluation all at once at the end. Each exponent e = c p 1 t mod p in the product for V p,t is written in the form e = e 0 + 4096e 1 with 0 e i < 4096. We keep arrays low and high that serve as storage bins for the postponed exponentiations. Rather than explicitly performing the exponentiation u e = u e0 u 4096e1 mod q, where u = (z c z c ) mod q, we merely multiply low[e 0 ] and high[e 1 ] by u. At the end we need to compute V p,t = 4095 i=1 low[i] i high[i] 4096i. This can be done by a simple loop; e.g. the product of the low[i] i can be calculated by 1. product = 1; terms = 1 2. for i = 4095, 4094,, 2, 1 terms = terms * low[i] product = product * terms The product of the high exponent terms can be calculated similarly. The savings over a direct evaluation of the product for V p,t is considerable. Acknowledgements Many thanks go to D. Reischert, A. Schönhage, and E. Vetter for their help in implementing and enhancing the root finding method. Peter Montgomery provided some important insights at several points during the project. The authors are also grateful to T. Donahue and J. Doenias of NeXT Software, Inc., and to David Goldschmidt and Jeff Prisner of the the Center for Communications Research; in addition we thank the Department of Computer Science of the University of Bonn, the Gesellschaft für Mathematik und Datenverarbeitung in Bonn, the Center for Scientific Computing of Finland,

96 J. Buhler et al. the Center for Communications Research in Princeton, and the International Computer Science Institute in Berkeley for providing time on their computers. References Banaszak, G., Gajda, W. (1996). On the arithmetic of cyclotomic fields and the K-theory of Q. Preprint. Bluestein, L. I. (1970). A linear filtering approach to the computation of the discrete Fourier transform. IEEE Trans. Electroacoustics, 18, 451 455. Borodin, A., Moenck, R. (1974). Fast modular transforms. J. Comp. Syst. Sci., 8, 366 386. Buhler, J. P., Crandall, R. E., Sompolski, R. W. (1992). Irregular primes to one million. Math. Comp., 59, 717 722. Buhler, J. P., Crandall, R. E., Ernvall, R., Metsänkylä, T. (1993). Irregular primes and cyclotomic invariants to four million. Math. Comp., 61, 151 153. Bürgisser, P., Clausen, M., Shokrollahi, M. A. (1996). Algebraic Complexity Theory, volume 315 of Grundlehren der mathematischen Wissenschaften, Heidelberg, Springer-Verlag. Crandall, R. E. (1996). Topics in Advanced Scientific Computation, TELOS, New York, Springer-Verlag. Ernvall, R., Metsänkylä, T. (1991). Cyclotomic invariants for primes between 125 000 and 150 000. Math. Comp., 56, 851 858. Ernvall, R., Metsänkylä, T. (1992). Cyclotomic invariants for primes to one million. Math. Comp., 59, 249 250. Lang, S. (1990). Cyclotomic Fields I and II. New York, Springer-Verlag. Reischert, D. (1995). Private communication. Schönhage, A. (1982). Asymptotically fast algorithms for the numerical multiplication and division of polynomials with complex coefficients. In Calmet, J. ed., Computer Algebra EUROCAM 82 (Marseilles 1982), LNCS 144, pp. 3 15. Schönhage, A., Grotefeld, A. F. W., Vetter, E. (1994). Fast Algorithms. A Multitape Turing Machine Implementation. Mannheim, B.I. Wissenschaftsverlag. Schönhage, A. (1995). Private communication. Shokrollahi, M. A. (1995). Computation of irregular primes up to eight million (preliminary report). Technical Report TR-96-002, International Computer Science Institute, Berkeley. Shokrollahi, M. A. (1996). Stickelberger codes. Des. Codes Cryptogr., 9, 1 11. Tanner, J. W., Wagstaff, S. S. (1987). New congruences for the Bernoulli numbers. Math. Comp., 48, 341 350. Vetter, E. (1995). Private communication. Wagstaff, S. S. (1978). The irregular primes to 125 000. Math. Comp., 32, 583 591. Washington, L. C. (1982). Introduction to Cyclotomic Fields. New York, Springer-Verlag. Originally Received 3 September 1996 Accepted 6 April 1999

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback