FACTORING POLYNOMIALS OVER FINITE FIELDS USING BALANCE TEST CHANDAN SAHA Department of Computer Scence and Engneerng Indan Insttute of Technology Kanpur E-mal address: csaha@cse.tk.ac.n Abstract. We study the problem of factorng unvarate polynomals over fnte felds. Under the assumpton of the Extended Remann Hypothess (ERH), Gao [Gao01] desgned a polynomal tme algorthm that fals to factor only f the nput polynomal satsfes a strong symmetry property, namely square balance. In ths paper, we propose an extenson of Gao s algorthm that fals only under an even stronger symmetry property. We also show that our property can be used to mprove the tme complexty of best determnstc algorthms on most nput polynomals. The property also yelds a new randomzed polynomal tme algorthm. 1. Introducton We consder the problem of desgnng an effcent determnstc algorthm for factorng a unvarate polynomal, wth coeffcents taken from a fnte feld. The problem reduces n polynomal tme to the problem of factorng a monc, square-free and completely splttng polynomal f(x) wth coeffcents n a prme feld F p (see [Ber70], [LN94]). Although there are effcent polynomal tme randomzed algorthms for factorng f(x) ([Ber70], [CZ81], [vzgs9], [KS95]), as yet there s no determnstc polynomal tme algorthm even under the assumpton of the Extended Remann Hypothess (ERH). In ths paper we wll assume that ERH s true and ξ 1, ξ,..., ξ n are the n dstnct roots of the nput polynomal f, f(x) = (x ξ ) where ξ F p =1 In 001, Gao [Gao01] gave a determnstc factorng algorthm that fals to fnd nontrval factors of f n polynomal tme, f f belongs to a restrcted class of polynomals, namely square balanced polynomals. Motvated by the work of Gao [Gao01], we have defned a proper subclass of square balanced polynomals, namely cross balanced polynomals, such that polynomals that are not cross balanced, can be factored determnstcally n polynomal tme, under the assumpton of the ERH. Our contrbuton can be summarzed as follows. Let f be a monc, square-free and completely splttng polynomal n F p [x] wth n roots ξ 1,..., ξ n. Our factorng algorthm uses an arbtrary (but determnstcally chosen) collecton of k = (n log p) O(1) (n = deg(f)) Key words and phrases: Algebrac Algorthms, polynomal factorzaton, fnte felds. Submtted to STACS (Symposum on Theoretcal Aspects of Computer Scence) 1
CHANDAN SAHA small degree auxlary polynomals p 1 (.),..., p k (.), and from each p l ( ) (1 l k) and f t mplctly constructs a smple n-vertex dgraph G l such that, (for l > 1) G l s a subgraph (not necessarly a proper subgraph) of G l 1. A proper factor of f s effcently retreved f any one of the graphs s ether not regular, or s regular wth n degree and out degree of every vertex less than a chosen constant c. Ths condton of regularty of all the k graphs mposes a tght symmetry condton on the roots of f, and we pont out that ths may be exploted to mprove the worst case tme complexty of the best known determnstc algorthms. Further, we show that f the polynomals p l ( ) (1 l k) are randomly chosen then the symmetry breaks wth hgh probablty and our algorthm works n randomzed polynomal tme. We call the checkng of ths symmetry condton a balance test. We now present a lttle more detals. Defne the sets for 1 n as, = {1 n :, σ((ξ ξ ) ) = (ξ ξ )} where σ s the square root algorthm descrbed n [Gao01] (see secton.4). The polynomal f s called a square balanced polynomal (as n [Gao01]) f # 1 =... = # n. For l > 1, defne polynomal f l as, f l = (x p l (ξ )) =1 where p l (.) s an arbtrary but determnstcally chosen polynomal wth degree bounded by (n log p) O(1). Further, p l1 (.) p l (.) for l 1 l, and f 1 s taken to be f.e. p 1 (y) = y. Assume that, for a gven k = (n log p) O(1), for every l, 1 l k, polynomal f l = f d l l, where f l s a square-free and square balanced polynomal and d l > 0. Later, we show that, f f l s not of the above form then a proper factor of f can be retreved effcently. For each polynomal f l, 1 l k, defne the sets for 1 n as, = {1 n : p l (ξ ) p l (ξ ), σ((p l (ξ ) p l (ξ )) ) = (p l (ξ ) p l (ξ ))} Further, defne the sets D teratvely over l as, D (1) = (1) For l > 1, D = D (l 1) If D = φ for all, 1 n, then redefne D as D = D (l 1). For 1 l k, let G l be a drected graph wth n vertces v 1,..., v n, such that there s an edge from v to v f and only f D. Note that, G l s a subgraph of G l 1 for 1 < l k. Denote the n degree and out degree of a vertex v by ndeg(v ) and outdeg(v ), respectvely. We say that the graph G l s regular (or t-regular) f ndeg(v 1 ) = outdeg(v 1 ) =... = ndeg(v n ) = outdeg(v n ) = t. Call t as the regularty of G l. The followng theorem s proved n ths paper. Theorem 1.1. Polynomal f can be factored nto nontrval factors n tme l (n log p) O(1) f G l s not regular for some l, 1 l k. Further, f G 1,..., G k are all regular and for at least log n of the graphs we have G l G l 1 (1 < l k), then f can be factored n k (n log p) O(1) tme. Note that, G 1 s regular f and only f f s square balanced, as (1) =, for 1 n and G 1 s n fact a regular tournament.
FACTORING POLYNOMIALS OVER FINITE FIELDS USING BALANCE TEST 3 Suppose f(y) splts as f(y) = (y X) f (y) n the quotent rng R = Fp[x] (f) where X = x mod f. Our algorthm teratvely tests graphs G 1, G,... so on, to check f any one of them s not regular. If at the l th teraton graph G l turns out to be not regular, then a proper factor of f s obtaned n polynomal tme. However, f G l s regular, then the algorthm returns a nontrval monc factor g l (y) of f (y) wth degree equal to the regularty of G l. Moreover, g l (y) s also a factor of (although may be equal to) g l 1 (y), the factor obtaned at the (l 1) th teraton, and t can be ensured that f g l (y) s a proper factor of g l 1 (y) (whch happens ff G l G l 1 ) then deg(g l (y)) 1 deg(g l 1(y)). Thus, f the graphs repeatedly turn out to be regular (whch n tself s a strngent condton) and for at least log n tmes t happen that G l G l 1, for 1 < l k, then we obtan a nontrval lnear factor g(y) of f (y). The element g(0) defnes a nontrval endomorphsm n the rng R, and by usng a result from [Evd94] (Lemma 9 n [Evd94]) we can fnd a proper factor of f n polynomal tme. Further, f for only ɛ log n tmes we get G l G l 1 (1 < l k) for some ɛ, 0 < ɛ 1, then we obtan a nontrval factor g(y) of f (y) wth degree at most n1 ɛ. Now f we apply Evdokmov s algorthm ([Evd94]) on g(y) (nstead of f (y)), we can get a proper factor of f n tme (n (1 ɛ) log n+ɛ+c 1 log p) c (c 1 and c are constants). For most 1 polynomals ɛ > 0 (.e. at least about log n ) and ths gves an mprovement over the tme complexty of (n 1 log n+c 1 log p) c n [Evd94] (c 1, c are the same constants). Assumng n << p, all the best known determnstc algorthms (e.g. [Evd94], [CH00]) use computatons n rngs wth large dmensons over F p to get smaller degree factors of f (y). Unlke these approaches, the balance test s an attempt to explot an asymmetry among the roots of the nput polynomal to obtan smaller degree factors of f (y) wthout carryng out computatons n rngs wth large dmensons over F p. Ths attrbute of our approach yelds a better tme complexty for most polynomals n a way as dscussed n the prevous paragraph. It s suffcent to choose the auxlary polynomals p l (y), 1 < l k, n such a way that the graphs, f regular, are not all the same for too long, f ther regulartes are large. An effcent and determnstc constructon of such auxlary polynomals wll mmedately mply that factorzaton of unvarate polynomals over fnte felds can be done n determnstc polynomal tme under ERH. In ths paper we assume that the auxlary polynomals are arbtrary but determnstcally chosen polynomals wth degree bounded by (n log p) O(1). For example, one possblty s to choose p l (y) = y l for 1 l k. (In fact, Gao [Gao01] used ths choce of auxlary polynomals to defne a restrcted class of square balanced polynomals called super square balanced polynomals.) We show that, f random choces of auxlary polynomals are allowed then our algorthm works n randomzed polynomal tme. For the graphs to be all regular and equal, the roots of f must satsfy a tght symmetry condton (gven by equal szes of all the sets D, for 1 n and 1 l k) and t s only then that our algorthm fals to factor f. Defnton 1.1. A polynomal f s called k-cross balanced, for k > 0, f for every l, 1 l k, polynomal f l = f d l l, where f l s a square-free, square balanced polynomal wth d l > 0, and graph G l s regular. It follows from the defnton that, 1-cross balanced polynomals form the class of square balanced polynomals. Let k = (n log p) O(1) be some fxed polynomal n n and log p. A polynomal f s called cross balanced f t s k-cross balanced and regularty of graph G k s
4 CHANDAN SAHA greater than a fxed constant c. From Theorem 1.1 and [Evd94] t follows that, polynomals that are not cross balanced can be factored determnstcally n polynomal tme.. Prelmnares Assume that f s a monc, square-free and completely splttng polynomal over F p and R = Fp[x] (f) s the quotent rng consstng of all polynomals modulo f..1. Prmtve Idempotents Elements χ 1,..., χ n of the rng R are called the prmtve dempotents of R f, n =1 χ = 1 and for 1, n, χ χ = χ f = and 0 otherwse. By Chnese Remanderng theorem, R = F p... F p (n tmes), such that every element n R can be unquely represented by an n-tuple of elements n F p. Addton and multplcaton between two elements n R can vewed as componentwse addton and multplcaton of the n-tuples. Any element α = (a 1,..., a n ) R can be equated as, α = n =1 a χ where a F p. Let g(y) be a polynomal n R[y] gven by, m g(y) = γ y where γ R and γ = =0 g χ where g F p for 0 m and 1 n. Then g(y) can be alternatvely represented as, g(y) = g (y)χ where g (y) = m g y F p [y] for 1 n. The usefulness of ths representaton s that, operatons on polynomals n R[y] (multplcaton, gcd etc.) can be vewed as componentwse operatons on polynomals n F p [y]. =0.. Characterstc Polynomal Consder an element α = n =1 a χ R where a F p, 1 n. The element α defnes a lnear transformaton on the vector space R (over F p ), mappng an element β R to αβ R. The characterstc polynomal of α (vewed as a lnear transformaton) s ndependent of the choce of bass and s equal to c α (y) = (y a ), =1 In order to construct c α one can use 1, X, X,..., X n 1 as the bass n R and form the matrx (m ) where α X 1 = n =1 m X 1, m F p, 1, n. Then c α can be constructed by evaluatng det(y I (m )) at n dstnct values of y and solvng for the n coeffcents of c α usng lnear algebra. The process takes only polynomal tme. The noton of characterstc polynomal extends even to hgher dmensonal algebras over F p.
FACTORING POLYNOMIALS OVER FINITE FIELDS USING BALANCE TEST 5.3. GCD of Polynomals Let g(y) = n =1 g (y)χ and h(y) = n =1 h (y)χ be two polynomals n R[y], where g, h F p [y] for 1 n. Then, gcd of g and f s defned as, gcd(g, f) = gcd(g, h )χ =1 We note that, the concept of gcd of polynomals does not make sense n general over any arbtrary algebra. However, the fact that R s a completely splttng semsmple algebra over F p allows us to work component-wse over F p and ths makes the noton of gcd meanngful n the context. The followng lemma was shown by Gao [Gao01]. Lemma.1. [Gao01] Gven two polynomals g, h R[y], gcd(g, h) can be computed n tme polynomal n the degrees of the polynomals, n and log p..4. Gao s Algorthm Let R = Fp[x] (f) = F p [X] where X = x mod f and suppose that f(y) splts n R as, f(y) = (y X)f (y). Defne quotent rng S as, S = R[y] (f ) = R[Y ] where Y = y mod f. S s an elementary algebra over F p wth dmenson n = n(n 1). Gao [Gao01] descrbed an algorthm σ for takng square root of an element n S. If p 1 = e w where e 1 and w s odd, and η s a prmtve e -th root of unty, then σ has the followng propertes: (1) Let µ 1,..., µ n be prmtve dempotents n S and α = n =1 a µ S where a F p. Then, σ(α) = n =1 σ(a )µ. () Let a = η u θ where θ F p wth θ w = 1 and 0 u < e. Then σ(a ) = a ff u < e 1. When p = 3 mod 4, η = 1 and property mples that σ(a ) = a for a F p ff a s a quadratc resdue n F p. Algorthm 1. [Gao01] Input: A polynomal f F p [x]. Output: A proper factor of f or output that f s square balanced. 1. Form X, Y, R, S as before.. Compute C = 1 (X + Y + σ((x Y ) )) S. 3. Compute the characterstc polynomal c(y) of C over R. 4. Decompose c(y) as c(y) = h(y)(y X) t, where t s the largest possble. 5. If h(x) s a zero dvsor n R then fnd a proper factor of f, otherwse output that f s square balanced. It was shown n [Gao01] that Algorthm 1 fals to fnd a proper factor of f f and only f f s square balanced. Moreover, t follows from the analyss n [Gao01] (see Theorem 3.1 n [Gao01]) that, when f s square balanced the polynomal h(y) takes the form, h(y) = (y ξ ) χ =1 where = { :, σ((ξ ξ ) ) = (ξ ξ )} and # = n 1 for all, 1 n.
6 CHANDAN SAHA 3. Our Algorthm and Analyss In ths secton, we descrbe our algorthm for factorng polynomal f. We show that the algorthm fals to factor f n k (n log p) O(1) tme f and only f f s k-cross balanced and regularty of G k s greater than c. The algorthm nvolves k polynomals, f = f 1,..., f k, where polynomal f l, 1 < l k, s defned as, f l = (x p l (ξ )) =1 where p l (.) s an arbtrary but determnstcally fxed polynomal wth degree bounded by (n log p) O(1) and p l1 (.) p l (.) for l 1 l. The polynomal f l can be constructed n polynomal tme by consderng the element p l (X) n R = Fp[x] (f) = F p [X], where X = x mod f, and then computng ts characterstc polynomal over F p. Lemma 3.1. If f l s not of the form f l = f l d l, where f l s a square-free, square balanced polynomal and d l > 0, then a proper factor of f can be retreved n polynomal tme. Proof: By defnton, f l = n =1 (x p l(ξ )). Defne the sets E, for 1 n, as E = {1 n : p l (ξ ) = p l (ξ )}. Consder the followng gcd n the rng R[y], g(y) = gcd (p l (y) p l (X), f(y)) = (y ξ ) χ =1 E The leadng coeffcent of g(y) s a zero-dvsor n R, unless #E 1 =... = #E n = d l (say). Therefore, we can assume that, f l = m l ( x pl (ξ )) dl s where pl (ξ s1 ),..., p l (ξ ) are all dstnct and m sml l = n d l = f d l m l ( l where fl = x pl (ξ s ) ) s square-free. If polynomal f l (obtaned by square-freeng f l ) s not square balanced then a proper factor g l of f l s returned by Algorthm 1. But then, gcd ( g l (p l (x)), f(x)) = (x ξ ) s a proper factor of f. : g l (p l (ξ ))=0 Algorthm 1 works wth f l = m l ( x pl (ξ s ) ) as the nput polynomal where p l (ξ s ) s are dstnct and m l = n d l, and returns a polynomal h l (y) such that, m l h l (y) = (y p l (ξ sr )) χ (3.1) r where χ s are the prmtve dempotents of the rng R l = Fp[x] ( f, l ) = {1 r m l : r, σ((p l (ξ s ) p l (ξ sr )) ) = (p l (ξ s ) p l (ξ sr ))}
FACTORING POLYNOMIALS OVER FINITE FIELDS USING BALANCE TEST 7 and # = m l 1 for 1 m l. Assume that p > n and n s odd, as even degree polynomals can be factored n polynomal tme. In the followng algorthm, parameter k s taken to be a fxed polynomal n n and log p and c s a fxed constant. Algorthm. Cross Balance Input: A polynomal f F p [x] of odd degree n. Output: A proper factor of f or Falure. Choose k 1 dstnct polynomals p (y),..., p k (y) wth degree greater than unty and bounded by a polynomal n n and log p. (We can use any arbtrary, effcent mechansm to determnstcally choose the polynomals.) Take p 1 (y) = y. for l = 1 to k do [Steps (1) - (): Constructng polynomal f l and checkng f f can be factored usng Lemma 3.1.] (1) (Construct polynomal f l ) Compute the characterstc polynomal, c α (x), of element α = p l (X) R, over F p. Then f l = c α (x). () (Check f f can be factored) Check f f l s of the form f l = f l d l, where f l s a square-free, square balanced polynomal and d l > 0. If not, then fnd a proper factor of f as n Lemma 3.1. [Steps (3) - (6): Constructng graph G l mplctly.] (3) (Obtan the requred polynomal from Algorthm 1) Else, f l s square balanced and Algorthm 1 returns a polynomal h l (y) = y t + α 1 y t 1 +... + α t (as n equaton 3.1), where t = m l 1 and α u R l for 1 u t. (4) (Change to a common rng so that gcd s feasble) Each α u R l s a polynomal α u (x) F p [x] of degree less than m l. Compute α u as, α u = α u (p l (x)) mod f, for 1 u t, and construct the polynomal h l (y) = yt +α 1 yt 1 +...+α t R[y]. (5) (Construct graph G l mplctly) If l = 1 then assgn g l (y) = h l (y) R[y] and contnue the loop wth the next value of l. Else, construct the polynomal h l (p l(y)) by replacng y by p l (y) n h l (y) and compute g l (y) as, g l (y) = gcd(g l 1 (y), h l (p l(y))) R[y]. (6) (Check f G l s a null graph) Let g l (y) = β t y t +... + β 0, where t s the degree of g l (y) and β u R for 0 u t. If t = 0 then make g l (y) = g l 1 (y) and contnue the loop wth the next value of l. [Steps (7) - (8): Checkng for equal out degrees of the vertces of graph G l.] (7) (Check f out degrees are equal) Else, t > 0. If β t s a zero dvsor n R, construct a proper factor of f from β t and stop. (8) (Factor f out degrees are small) Else, f t c then use Evdokmov s algorthm [Evd94] on g l (y) to fnd a proper factor of f n (n log p) O(1) tme. [Steps (9) - (11): Checkng for equal n degrees of the vertces of graph G l.]
8 CHANDAN SAHA (9) (Obtan the values of a nce polynomal at multple ponts) If t > c, evaluate g l (y) R[y] at n t dstnct ponts y 1,..., y nt taken from F p. Fnd the characterstc polynomals of elements g l (y 1 ),..., g l (y nt ) R over F p as c 1 (x),..., c nt (x) F p [x], respectvely. Collect the terms c (0) for 1 nt. (10) (Construct the nce polynomal from the values) Construct the polynomal r(x) = x nt +r 1 x nt 1 +...+r nt F p [x] such that r(y ) = c (0) for 1 nt. Solve for r F p, 1 nt, usng lnear algebra. (11) (Check ( f n degrees ) are equal) For 0 < t, f f (x) dvdes r(x) then compute gcd r(x) f (x), f(x) F p [x]. If a proper factor of f s found, stop. Else, contnue wth the next value of l. endfor If a proper factor of f s not found n the above for loop, return Falure. Theorem 3.. Algorthm fals to fnd a proper factor f n k (n log p) O(1) tme f and only f f s k-cross balanced and regularty of graph G k s greater than c. Proof: We show that, Algorthm fals to fnd a proper factor of f at the l th teraton of the loop ff f s l-cross balanced and regularty of G l s greater than c. Recall the defntons of the sets and D, 1 n, from secton 1. The set s defned as, = {1 n : p l (ξ ) p l (ξ ), σ((p l (ξ ) p l (ξ )) ) = (p l (ξ ) p l (ξ ))} And set D s defned teratvely over l as, D (1) = (1) For l > 1, D = D (l 1) If D = φ for all, 1 n, then D s redefned as D = D (l 1). Graph G l, wth n vertces v 1,..., v n, has an edge from v to v ff D. Algorthm fals at the frst teraton (l = 1) f and only f f s square balanced. In ths case, D (1) = (1) =, the polynomal g 1 (y) s, g 1 (y) = h(y) = (y ξ ) χ =1 D (1) and G 1 s regular wth n degree and out degree of a vertex v equal to #D (1) = # = n 1. Thus, polynomal f s 1-cross balanced and deg(g 1 (y)) = n 1. If Algorthm fals at the l th teraton, then we can assume that the polynomals f = f 1,..., f l are square free and square balanced (by Lemma 3.1). Suppose that, Algorthm fals at the l th teraton. Then, f l = m l ( x pl (ξ s ) ) s square free and square balanced, and Algorthm 1 returns the polynomal h l (y) R l [y] such that, m l h l (y) = (y p l (ξ sr )) χ (3.) r
FACTORING POLYNOMIALS OVER FINITE FIELDS USING BALANCE TEST 9 where χ s are the prmtve dempotents of the rng R l = Fp[x] ( f l ) and, = {1 r m l : r, σ((p l (ξ s ) p l (ξ sr )) ) = (p l (ξ s ) p l (ξ sr ))} Let, h l (y) = y t + α 1 y t 1 +... + α t, where t = m l 1 and α u R l for 1 u t. Each α u R l s a polynomal α u (x) F p [x] wth degree less than m l and f α u = m l a uχ for a u F p, then by Chnese Remanderng theorem (and assumng the correspondence between χ and the factor (x p l (ξ s )) of f l ) we get, α u (x) = q(x)(x p l (ξ s )) + a u for some polynomal q(x) F p [x] α u (p l (x)) = q(p l (x))(p l (x) p l (ξ s )) + a u α u (p l (x)) = a u mod (x ξ) for every ξ {ξ 1,..., ξ n } such that p l (ξ) = p l (ξ s ) Suppose that, for a gven (1 n), () (1 () m l ) s a unque ndex such that, p l (ξ ) = p l (ξ s() ). Then, the polynomal α u(x) = α u (p l (x)) mod f has the followng drect sum (or canoncal) representaton n the rng R, α u(x) = a u() χ =1 Ths mples that the polynomal h l (y) = yt + α 1 yt 1 +... + α t R[y] has the canoncal representaton, h l (y) = (y p l (ξ sr )) χ (3.3) =1 r () Inductvely, assume that g l 1 (y) has the form, g l 1 (y) = Then, Therefore, =1 D (l 1) g l (y) = gcd ( g l 1 (y), h l (p l(y)) ) = gcd (y ξ ), = =1 =1 D (l 1) D (l 1) g l (y) = (y ξ ) χ r () (y ξ ) χ =1 D (p l (y) p l (ξ sr )) χ (as r (y ξ ) χ = β t y t +... + β 0 (say) () s r )
10 CHANDAN SAHA where t = max ( #D ) and β u R for 1 u t n 1. The element β t s not a 1 =... = #D n = t. If t c then a factor of f can zero dvsor n R f and only f #D be retreved from g l (y) n polynomal tme usng already known methods ([Evd94]). The condton #D = t for all, 1 t, makes the out degree of every vertex n G l equal to t. However, ths may not necessarly mply that the n degree of every vertex n G l s also t. Checkng for dentcal n degrees of the vertces of G l s handled n steps (9) (11) of the algorthm. Consder evaluatng the polynomal g l (y) at a pont y s F p. g l (y s ) = =1 D The characterstc polynomal of g l (y s ) over F p s, c s (x) = x c s (0) = =1 (y s ξ ) χ R D (y s ξ ) (y s ξ ) k (snce n s odd) where k s the n degree of vertex v n G l. Let r(x) = x nt + r 1 x nt 1 +... + r nt F p [x] be a polynomal of degree nt, such that, r(y s ) = c s (0) = (y s ξ ) k for nt dstnct ponts {y s } 1 s nt taken from F p. Snce we have assumed that p > n > n(n 1) nt, we can solve for the coeffcents r 1,..., r nt usng any nt dstnct ponts from F p. Then, r(x) = (x ξ ) k If k t ( for some, ) then there s an = mn{k 1,..., k n } < t such that f (x) dvdes r(x) and gcd r(x) f (x), f(x) yelds a nontrval factor of f(x). Ths shows that the graph G l s regular f the algorthm fals at the l th step. Snce deg(g l (y)) equals the regularty of G l, hence f the latter quantty s less than c then we can apply Evdokmov s algorthm [Evd94] on g l (y) and get a non trval factor of f n polynomal tme. Let H l (1 l k) be a dgraph wth n vertces v 1,..., v n such that there s an edge from v to v ff. Then, graph G l = G l 1 H l or G l = G l 1 (f G l 1 H l = Φ, where Φ s the null graph wth n vertces but no edge). Here denotes the edge ntersecton of graphs defned on the same set of vertces. Algorthm fals to fnd a proper factor of f n polynomal tme f and only f there exsts an l k such that G l s t-regular (t > c) and G l H = G l or Φ for all, l < k. It s therefore mportant to choose the polynomals p ( ) n such a way that very quckly we get a graph H wth G l H G l or Φ. We say
FACTORING POLYNOMIALS OVER FINITE FIELDS USING BALANCE TEST 11 that a polynomal p l ( ) s good f ether H l s not regular or G l G l 1 (1 < l k). We show that, only a few good polynomals are requred. Lemma 3.3. Algorthm (wth a slght modfcaton) requres at most log n good auxlary polynomals to fnd a proper factor of f. Proof: Consder the followng modfcaton of Algorthm. At step 5 of Algorthm, for l > 1, take g l (y) to be ether gcd(g l 1 (y), h l (p l(y))) or g l 1 (y)/gcd(g l 1 (y), h l (p l(y))), whchever has the smaller nonzero degree. Accordngly, we modfy the defnton of graph G l. Defne the set (1 n) as, = {1 n :, σ((p l (ξ ) p l (ξ )) ) = (p l (ξ ) p l (ξ ))} = {1 n : } and modfy the defnton of the sets D (1 n) as, D (1) = (1) For l > 1, D = D (l 1) f g l (y) = gcd(g l 1 (y), h l (p l(y))) = D (l 1) else f g l (y) = g l 1 (y)/gcd(g l 1 (y), h l (p l(y))) As before, an edge (v, v ) s present n G l ff D. Ths modfcaton ensures that, f g l (y) g l 1 (y) has an nvertble leadng coeffcent (.e f g l (y) s monc) then the degree of g l (y) s at most half the degree of g l 1 (y). Hence, for every good choce of polynomal p l ( ) f G l 1 and G l are t l 1 -regular and t l -regular, respectvely, then t l t l 1. Therefore, at most log n good choces of polynomals p l ( ) are requred by the algorthm. Theorem 1.1 follows as a corollary to Theorem 3. and Lemma 3.3. As already ponted out n secton 1, f only ɛ log n good auxlary polynomals are avalable for some ɛ, 0 < ɛ 1, then we obtan a nontrval factor g(y) of f (y) wth degree at most n1 ɛ. If we apply Evdokmov s algorthm on g(y) nstead of f (y), then the maxmum dmenson of the rngs consdered s bounded by n (1 ɛ) log n+ɛ+o(1) nstead of n log n +O(1) (as s the case n [Evd94]). In the followng dscusson we analyze the performance of Algorthm based on unform random choces of the auxlary polynomals p l (.) (1 < l k). Lemma 3.4. If p = 3 mod 4 and p n 6 n then about (1+o(1))n ( π n) n splttng, square-free polynomals of degree n are square balanced. fracton of all completely Proof: Wth every completely splttng, square-free polynomal f = n =1 (x a ), we can assocate a tournament H on n vertces {v 1,..., v n } wth the natural correspondence between vertex v and root a for all, 1 n, such that (v, v ) s an edge n H ff (a a ) s a quadratc non-resdue. Such a tournament s also known as Paley tournament. Snce p = 3 mod 4, f s a square balanced polynomal ff H s a labeled regular tournament on n vertces. We bound the fracton of polynomals that can be assocated to a partcular labeled tournament. Let T be a fxed labeled tournament. Suppose that, for some > 1, the elements n S 1 = {a 1,..., a 1 } are already chosen n a way that s compatble to the subgraph of T nduced by the vertces v 1,..., v 1. Let n be the number of possble values of a such
1 CHANDAN SAHA that the edge constrants from v to vertces v 1,..., v 1 are mantaned. Then n can be equated as, 1 1 n = (1 + χ(x a )) x F p \S 1 where χ s the quadratc character and the symbol + s + f (v, v ) s an edge n T and f (v, v ) s an edge n T. By expandng the nner product we get, 1 1 n = sgn(e 1,..., e 1 ) χ (x a ) e = x F p \S 1 0 e 1,...,e 1 1 0 e 1,...,e 1 1 sgn(e 1,..., e 1 ) x F p \S 1 χ 1 (x a ) e The term correspondng to e 1 =... = e 1 = 0 s (p ). For any other fxed e 1,..., e 1, the nner sum s of the form, sgn(e 1,..., e 1 ) χ(q(x )) x F p \S 1 where q(x ) = 1 (x a ) e s not a perfect square as a 1,..., a 1 are dstnct, and 1 deg(q(x )) ( 1). By applyng Wel s theorem we get, sgn(e 1,..., e 1 ) χ(q(x )) χ(q(x )) x F p \S 1 x F p \S 1 Therefore, And hence, χ(q(x )) x F p + ( ) p + 1 n (p ) + ( 1 1)(( ) p + ) n p 1 + ( ) p + ( ) n p By a smlar argument we get, 1 1 1 1 1 + 1 (( ) p + ) p (1 + 1n ) f p n 6 n P r a1,...,a n {T s nduced by {a 1,..., a n }} e 1 n sgn(e 1,..., e 1 ) x F p \S 1 χ(q(x )) (n ) = 1 + o(1) (n ) x F p \S 1 χ(q(x )) (( ) p + )
FACTORING POLYNOMIALS OVER FINITE FIELDS USING BALANCE TEST 13 whch mples that, n p 1 (1 1 1n ) P r a1,...,a n {T s nduced by {a 1,..., a n }} e 1 n (n ) = 1 + o(1) (n ) f p n 6 n P r a1,...,a n {T s nduced by {a 1,..., a n }} = 1 + o(1) (n ) The polynomal f s square balanced ff the assocated tournament H s regular. number of regular tournaments on n vertces s gven by [Spe74] as, Therefore, P r a1,...,a n {polynomal f = (1 + R n = (n o(1))n ) ( π n) n (1 + o(1))n (x a ) s square balanced} ( π n) n =1 The Corollary 3.5. If p = 3 mod 4, p > n 6 n and p l (y) s a unformly randomly chosen polynomal of degree (n 1) then the probablty that f l s ether not square-free or s a square-free and square balanced polynomal s upper bounded by (1+o(1))n ( π n) n. It follows that, for p = 3 mod 4 and p > n 6 n, f the auxlary polynomals p l ( ) s are unformly randomly chosen then Algorthm works n randomzed polynomal tme. However, the arguments used n the proof of Lemma 3.4 do not mmedately apply to the case p = 1 mod 4. Therefore, we resort to a more straghtforward analyss, although n the process we get a slghtly weaker probablty bound. Lemma 3.6. If G l (1 l < k) s regular and p l+1 (y) F p [y] s a unformly randomly chosen polynomal of degree (n 1) then G l+1 G l wth probablty at least 1 1 0.9n. Proof: Suppose that, G l s t-regular where t 5. Otherwse, f t = deg(g l (y)) < 5 then we can effcently solve for a root of g l (y) (or f(y), snce g l (y) dvdes f(y)) n R usng radcals. In the process ether a nontrval endomorphsm of R or a zero dvsor n R s obtaned. In ether case we can effcently retreve a proper factor of f. Assume that G l has c connected components. Surely, c n t+1 as G l s t-regular. Consder any connected component G k l (1 k c) wth n k vertces and Tl k be a depthfrst tree wth any partcular vertex n G k l as the root. Snce G l s a regular dgraph, any connected component s also strongly connected and hence Tl k s a spannng tree of G k l contanng n k vertces wth n k 1 edges. Let the vertces of Tl k be v 1,..., v nk and the roots of f assocated wth these vertces be ξ 1,..., ξ nk, respectvely. For every edge e = (v, v ) n Tl k, 1 k c, consder the equaton, p l+1 (ξ ) p l+1 (ξ ) = n 1 m=1 c m (ξ m ξ m ) = a (3.4)
14 CHANDAN SAHA for a gven a F p wth c = (c 1,..., c n 1 ) as the varables. Let p 1 = e w, where w s odd. [Gao01] showed that, gven a prmtve e -th root of unty η, f a = η u θ where θ w = 1 then σ(a ) = a ff u < e 1. We say that two elements a, b F p have the same character f, σ(a ) = a f and only f σ(b ) = b. For convenence, assume that 0 has the same character as any other non-zero element a ff σ(a ) = a. An edge e n G l s also present n G l H l+1 f and only f a = η u θ wth u > e 1. Therefore, all the trees Tl k, 1 k c, are ether totally present or totally absent n G l H l+1 ff all a s (correspondng to all the edges of the trees T k s) have the same character. Wrtng down the equaton (as n (3.4)) for every edge n every tree Tl k, 1 k c, gves a set of (n c) lnear equatons n n 1 varables, namely c = {c 1,..., c n 1 }. Let M n c,n 1 be the coeffcent matrx of the set of lnear equatons. It s not dffcult to verfy that rank(m n c,n 1 ) = n c. Otherwse, the determnant of the matrx (ξ ),, 1 n, 0 n 1 s 0, whch s not possble snce ξ ξ for. Ths means, for every choce of values of the a s we have at most p c 1 choces of polynomals p l+1 (.) satsfyng the lnear equatons. A polynomal p l+1 (.) s a bad choce only f all a s have the same character. Ths can happen for at most, ( ) p 1 n c ( ) p + 1 n c ( p ) n c + 3 (assumng n 1 p ) dfferent choces of the a s. Therefore, the probablty that a random choce of p l+1 (.) s bad s at most, P r c { p l+1 (.) s bad} < pc 1 3 ( p) n c 1 p n 1 < n c Snce G l s t-regular c n t+1. Therefore, 1 P r c { p l+1 (.) s bad} < t n ( < 1 t+1) 0.9n assumng t 5 Thus, f polynomals p l (y), 1 < l log n, are randomly chosen, then the probablty that f s not factored by Algorthm wthn log n teratons s less than log n 0.9n. 4. Concluson In ths paper, we have extended the square balance test by Gao [Gao01] and showed a drecton towards mprovng the tme complexty of the best prevously known determnstc factorng algorthms. Usng certan auxlary polynomals, our algorthm attempts to explot an nherent asymmetry among the roots of the nput polynomal f n order to effcently fnd a proper factor. The advantage of usng auxlary polynomals s that, unlke [Evd94], t avods the need to carry out computatons n rngs wth large dmensons, thereby savng overall computaton tme to a sgnfcant extent. Motvated by the strngent symmetry requrement from the roots of f, we pose the followng queston: Is t possble to construct good auxlary polynomals n determnstc polynomal tme? An affrmatve answer to the queston wll mmedately mply that factorng polynomals over fnte felds can be done n determnstc polynomal tme under ERH.
FACTORING POLYNOMIALS OVER FINITE FIELDS USING BALANCE TEST 15 Acknowledgements The author would lke to thank Manndra Agrawal and Pyush Kurur for many nsghtful dscussons that helped n mprovng the result. The suggestons from anonymous referees have sgnfcantly mproved the presentaton of ths paper. The author s thankful to them. References [Ber70] E. R. Berlekamp. Factorng polynomals over large fnte felds. Mathematcs of Computaton, 4(111):713 735, 1970. [CH00] Q Cheng and Mng-Deh A. Huang. Factorng polynomnals over fnte felds and stable colorngs of tournaments. ANTS, pages 33 46, 000. [CZ81] Davd G. Cantor and Hans Zassenhaus. A new algorthm for factorng polynomals over fnte felds. Mathematcs of Computaton, 36(154):587 59, 1981. [Evd94] Serge Evdokmov. Factorzaton of polynomnals over fnte felds n subexponental tme under GRH. ANTS, pages 09 19, 1994. [Gao01] Shuhong Gao. On the determnstc complexty of factorng polynomals. Journal of Symbolc Computaton, 31(1 ):19 36, 001. [KS95] Erch Kaltofen and Vctor Shoup. Subquadratc-tme factorng of polynomals over fnte felds. STOC, pages 398 406, 1995. [LN94] R. Ldl and H. Nederreter. Introducton to fnte felds and ther applcatons, revsed edton. Cambrdge Unversty Press, 1994. [Spe74] Joel H. Spencer. Random regular tournaments. Perodca Mathematca Hungarca, 5():105 10, 1974. [vzgs9] Joachm von zur Gathen and Vctor Shoup. Computng frobenus maps and factorng polynomals. Computatonal Complexty, :187 4, 199.