polynomial factorization olga sergeeva ferien-akademie 2004, september 19 – october 1

Polynomial Factorization

Olga SergeevaFerien-Akademie 2004, September 19 – October 1

Overview

Univariate Factorization• Overview of the algorithms and the required simplifications

• Factoring over finite fields

• Factorization based on Hensel lifting

• LLL algorithm

Multivariate Factorization• Problems overview

• The idea of the algorithm

• Analysis of correctness probability.

Univariate Factorization – algorithms

We consider factorization of polynomials over the rational integers, Z, and different approaches to this problem.

Univariate Factorization – algorithms

We consider factorization of polynomials over the rational integers, Z, and different approaches to this problem.

Algorithms, solving the problem for univariate polynomials:

• Kronecker, interpolation algorithm

Univariate Factorization – algorithms

We consider factorization of polynomials over the rational integers, Z, and different approaches to this problem.

Algorithms, solving the problem for univariate polynomials:

• Kronecker, interpolation algorithm

• Algorithm, which uses Hensel lifting techniques and factorization over finite fields

Univariate Factorization – algorithms

We consider factorization of polynomials over the rational integers, Z, and different approaches to this problem.

Algorithms, solving the problem for univariate polynomials:

• Kronecker, interpolation algorithm

• Algorithm, which uses Hensel lifting techniques and factorization over finite fields

• A. K. Lenstra, H. W. Lenstra and Lovasz – polynomial time algorithm using basic reduction techniques for lattices.

Univariate Factorization – simplifications

When factoring a univariate polynomial over Z, the following simplifications are effective:

• removing the integer content of F(Z)

Univariate Factorization – simplifications

When factoring a univariate polynomial over Z, the following simplifications are effective:

• removing the integer content of F(Z)

• computing square free decomposition (with use of GCD computations or modular interpolation techniques).

Univariate Factorization – simplifications

When factoring a univariate polynomial over Z, the following simplifications are effective:

• removing the integer content of F(Z)

• computing square free decomposition (with use of GCD computations or modular interpolation techniques).

• one could try to monicize F(Z), but this increases the size of the coefficients of F and in most cases in not worthwhile:

10

10010

10 ...)()()( d

dddd ffZfffZfZFf

Examples

Factorization of polynomials over Z will not be more fine-grained, but will only be coarser than factorization over a .

For example, has complex roots and thus it is irreducible over Z. But it is factorizable over any .

For instance,

14 x

)5)(mod2)(2(1 224 xxx

pF

pF

Univariate Factorization – over

Let be a polynomial with coefficients from

First, we get rid of squares:

f pF

pn

ipn

ni

pn

ni f

d

fffffd ii

so ,)',( 1

pF

Univariate Factorization – over

Let be a polynomial with coefficients from

First, we get rid of squares:

f pF

pn

ipn

ni

pn

ni f

d

fffffd ii

so ,)',( 1

. ofion factorisat ofout d'constructe' becan ofion factorisat and

,degdeg, ,degdeg0 case In the

with proceed we,degdeg If

squares of free is and

gd

fggfdfd

dfdd

f

d

fdf

p

pn

ni

i

pF

Factorization over - theoretical basis

.degdeg

),...,

mod

mod

mod

1

1

fhwithhspolynomialsuch

anda (aeen tuplesdence betw corresponone-to-one

is are, there . FuthermoF),af(ah(x)

f)h(ies h. h satisf...ffb) Let f

a).(f(x),h(x)f(x)

Thenf).h(: hxFa) Let h

alc polynomi be a monixFet fTheorem. L

n

piii

pk

Fa

pp

p

p

pF

Is there any use of this theorem?

Let us now understand that the equation

is in fact equal to a system of linear equations over

Due to the fact that we are over ,

(because almost all the binomials are divided by p).

)())(( xhxh p

pF

1110 ...)( ,

nn xtxttxhletIndeed

pF

)1(110 ...)())((

npn

ppp xtxttxhxh

And what?

)1(110 ...)())((

npn

ppp xtxttxhxh

)(mod1

0

fxqx in

iij

pj

Also,

and we get a system of linear equations

.1,...,1,1

0

nitqt iij

n

ij

And what?

)1(110 ...)())((

npn

ppp xtxttxhxh

)(mod1

0

fxqx in

iij

pj

Also,

and we get a system of linear equations

The dimension of its solution space is k, where k is the number of irreducible factors of f.

.1,...,1,1

0

nitqt iij

n

ij

The last slide about finite fields

We now know, how many factors there are.

Let to be a basis. If k=1 then the f is irreducible

In the case k>1, we search for , for all .

As a result, we get a number of divisors of f:

If s<k, we calculate and so on.

khhh ,...,,1 21 pFa

sgg ,...,1

))(),(( 3 axhxgGCD i

))(),(( 2 axhxfGCD

The last slide about finite fields

We now know, how many factors there are.

Let to be a basis. If k=1 then the f is irreducible

In the case k>1, we search for , for all .

As a result, we get a number of divisors of f:

If s<k, we calculate and so on.

At the end, we will get all the k factors: for two different factors

there exists an element from the basis such that

khhh ,...,,1 21 pFa

sgg ,...,1

))(),(( 3 axhxgGCD i

))(),(( 2 axhxfGCD

21, ff

)(mod)(),(mod)(: is there,for 221121 faxhfaxhhaa

ih

iiiiii aafaxhfaxh 212211 ,)(mod)( and )(mod)(

No, this is the last one

beginning.very

on theion factorizat nontrivial aget willy weprobabilithigh

with),1,( calculate and , fromchosen

randomly are ,..., where),(...)()(

can take we),()()( of instead now If

2)1(

111

1

pp

kkk

ii

HfGCDF

aaxhaxhaxH

xhaxhaxh

Univariate Factorization over ZZ

Square free decomposition computing:

Let be factorization of over Z.

Then . So over ZZ

We can divide by and thus get a polynomial free of squares.

From now and on, cont(f)=1 and GCD(f,f’)=1.

knk

n fff ...11

gfff knk

n ...' 11

111 ...)',( 1 kn

kn ffff

f )',( ff

f

Univariate Factorization algorithm (UFA)

The classical univariate factorization algorithm consists of three steps:

1. Choose a ‘good’ random rational prime p and factor into irreducible factors modulo p:

f

pzfzfzfzf kek

ee mod)()...()()( 2121

Univariate Factorization algorithm (UFA)

The classical univariate factorization algorithm consists of three steps:

1. Choose a ‘good’ random rational prime p and factor into irreducible factors modulo p:

2. Use Newton’s iteration to lift the to factors modulo

pzfzfzfzf kek

ee mod)()...()()( 2121

if

pl

l ek

ep z f z f z f

kmod ) ( ... ) ( ) (

11

f

Univariate Factorization algorithm (UFA)

The classical univariate factorization algorithm consists of three steps:

1. Choose a ‘good’ random rational prime p and factor into irreducible factors modulo p:

2. Use Newton’s iteration to lift the to factors modulo

3. Combine the , as needed, into true divisors of over Z.

pzfzfzfzf kek

ee mod)()...()()( 2121

if

pl

l ek

ep z f z f z f

kmod ) ( ... ) ( ) (

11

if f

f

UFA: step 1

Step 1, ‘choose a ‘good’ random rational prime p and factor into irreducible factors modulo p’:

f

UFA: step 1

Step 1, ‘choose a ‘good’ random rational prime p and factor into irreducible factors modulo p’:

The best primes in the first step are those for which the factorization of modulo p is as close as possible to the factorization of over Z. This is a reason to try several primes and pick the one that fives the coarsest factorization.

f

ff

UFA: step 1

Step 1, ‘choose a ‘good’ random rational prime p and factor into irreducible factors modulo p’:

The best primes in the first step are those for which the factorization of modulo p is as close as possible to the factorization of over Z. This is a reason to try several primes and pick the one that fives the coarsest factorization.

Over these prime modulo, we compare square free decompositions

After, apply one of the univariate finite field factorization algorithms.

f

ff

Hensel techniques reminder

We will use this factorization to get the factorization of f

modulo

)(mod...1 pfaff k

mp

Hensel techniques reminder

We will use this factorization to get the factorization of f

modulo

More precisely, if we have

we will call Hensel continuation of this factorization a factorization

)(mod...1 pfaff k

mp

)(mod 121

mpfff

)(mod1),( ;1)(

;degdegdeg

,,, ),(mod

211

21

2121

pffGCDflc

fff

xZfffpfff m

iim

ii ffpff degdeg and )(mod

Hensel techniques reminder

Lemma (Hensel)

If then for any factorization , satisfying the above conditions, there exists its Hensel continuation

, and the polynomials are

defined uniquely modulo

1m )(mod21mpfff

)(mod 121

mpfff2 1 and ff

1mp

UFA: step 2

Step 2, ‘Use Newton’s iteration to lift the to factors modulo ’.

We choose l considering the bounds on the coefficients of the factors.

if

pl

UFA: step 2

Step 2, ‘Use Newton’s iteration to lift the to factors modulo ’.

We choose l considering the bounds on the coefficients of the factors.

Theorem (Mignotte) Let

if

pl

....

where,1

11bThen .

,...)( and ...)(

220

i

1010

m

m

nn

mm

aaf

aj

nf

j

ngf

xbxbbxgxaxaaxf

UFA: step 2

We have an upper bound for the coefficients factors of f, say M. We then choose l such that

Let be a factor of f.

Mflcp l )(2

xZxaxg s ...)( 1

mmmk

idi

pgacoeffppffa

ga

pffagaNaaa

2

1)(

2

1- because ),(mod...

from tedreconstrucuniquely becan polynomial The

)(mod... ,

21

2

121

2

UFA: step 3

Step 3, ‘Combine the , as needed, into true divisors of over Z’if f

UFA: step 3

Step 3, ‘Combine the , as needed, into true divisors of over Z’

This is the most time consuming step. We need:

• once we have a potential factor of modulo , to convert it to a factor over Z

• do a test division to see if it is actually a factor

if f

f pl

UFA: step 3

Step 3, ‘Combine the , as needed, into true divisors of over Z’This is the most time consuming step. We need:• once we have a potential factor of modulo , to convert it to

a factor over Z• do a test division to see if it is actually a factor

Trick letting not to perform excessive trial divisions:

If the check failed for integers, there is no need to perform it for polynomials.

if f

f pl

)()()()( tgttfzgzf

Asymptotically Good Algorithms

Lenstra, Lenstra, Lovasz. Factoring polynomials with rational coefficients. 1982

Algorithm takes operations.))(ln( 3912 fnnO

Asymptotically Good Algorithms: definitions

A subset is called a lattice, if there exists a basis in such, that

nRL nRnbb ,...,1

n

iiii

b

ii ZrbrbZL

11

:

Asymptotically Good Algorithms: idea

The beginning is the same with the previous algorithm: the polynomial f is factored modulo prime number p. Then an irreducible factor h modulo the power of p is computed, using Hensel’s techniques.

Asymptotically Good Algorithms: idea

The beginning is the same with the previous algorithm: the polynomial f is factored modulo prime number p. Then an irreducible factor h modulo the power of p is computed, using Hensel’s techniques.

After this an irreducible factor of f in Z[x] such, that is searched for. In our terms, will imply that the coefficients of are the

points of some lattice and will imply that the coefficients of are

‘not too large’ (in other words, a short vector in the lattice corresponds to the searched irreducible factor).

0h )(mod0 phh

hh 0 0h

0hf 0h

Lattices and factorization

Summing up, we need an algorithm for constructing an irreducible factor of f given an irreducible factor h modulo p (with lc(h)=1).

It is convenient to generalize the problem:

Given an irreducible factor h modulo of square free polynomial f, with lc(h)=1, find irreducible such that modulo p.

0h

kp

0h hh 0

Lattices and factorization

Let n=deg f, l=deg h. Fix some and consider the set S of polynomials over Z[x] with degree not higher than m, dividable by h modulo

)(mod)(mod)(mod)(mod 00kk phphphph

lm

kp

Lattices and factorization

Let n=deg f, l=deg h. Fix some and consider the set S of polynomials over Z[x] with degree not higher than m, dividable by h modulo

If , belongs to S.

)(mod)(mod)(mod)(mod 00kk phphphph

lm

kp

0hmh 0deg

Lattices and factorization

Let n=deg f, l=deg h. Fix some and consider the set S of polynomials over Z[x] with degree not higher than m, dividable by h modulo

If , belongs to S.

We can think of polynomials of degree less than or equal to m as of points in

Then the polynomials from S form a lattice L with basis

)(mod)(mod)(mod)(mod 00kk phphphph

lm

kp

0hmh 0deg

)),...,(...)(( 001

mm

mm aaxaaxgR

lmjh(x)xlixp jik 0 , ;0 ,

Lattices and factorization: two theorems

Theorem 1. If a polynomial is such that Lb

)1),( ,particularIn ( 0 bfGCDhbpfb klmn

Lattices and factorization: two theorems

Theorem 1. If a polynomial is such that

Theorem 2. Let

Suppose that .

a) Then

b) Suppose that for some (1) Let t be the largest of such j. Then

Lb

)1),( ,particularIn ( 0 bfGCDhbpfb klmn

L. lattice theof basis reduced a be ,..., 11 mbb

nmn

mnkl fm

mp

2

2 22

.deg1

10

nmkl fpbmh

nmkljj fpbb

1

t.1,...,jfor holds )1( and ),...,(,1deg 100 tbbGCDhtmh

Auxiliary algorithm

With fixed m, the algorithm checks if

If it is, the algorithm calculates

Input: f of degree n; prime p; natural k; h such that lc(h)=1 and

, also h(mod p)is irreducible and f(mod p) is not divided by ;

natural such that

0h

)(mod)mod kk phpf( )(mod2 ph

hlm degnm

n

mnkl fm

mp

2

2 22

Auxiliary algorithm

With fixed m, the algorithm checks if

If it is, the algorithm calculates

Input: f of degree n; prime p; natural k; h such that lc(h)=1 and

, also h(mod p)is irreducible and f(mod p) is not divided by ;

natural such that

Work: For the lattice with basis

find reduced basis

If then and the algorithm stops

Otherwise, and mh 0deg

0h

)(mod)mod kk phpf( )(mod2 ph

hlm degnm

n

mnkl fm

mp

2

2 22

lmjh(x)xlixp jik 0 , ;0 ,

11,..., mbb

nmkl fpb1

1 mh 0deg

),...,( 10 tbbGCDh

The main algorithm

Calculation of .

l=deg h < deg f=n.

Work:

Calculate the least k for which is held with m=n-1.

For the factorization calculate its Hensel lifting

,

Let u be the greatest integer:

Run the auxiliary algorithm for

until we get

And if we don’t get it, deg > n-1 and is equal to f.

0h

nmn

mnkl fm

mp

2

2 22

)(mod phgf

)(mod kphgf )(mod phh unl 2)1(

1,2

1,...,

2

1,

2

11

nnnn

muu

0h

0h 0h

Multivariate factorization

The reductions and simplifications, which were used in the case of univariate polynomials, are not proper when dealing with multivariate ones.

Performing this type of square free decomposition before factoring F leads to exponential intermediate expression swell.

terms)zero-non 4( 11),...,( 1

11

vni

vi

niv XXXXF

)...1()...1(...)...1()...1( 21211

1111

nvv

nvv

nn XXXXXXXXP

)1)...(1)(1( 212 vXXXP2

21PPF

terms.zero-non 4only has

F ofion factorizat theand terms,zero-non 2 has 2

1

vv

n)(P n

Multivariate factorization: idea

The basic approach used to factor multivariate polynomials is much the same as the exponential time algorithm for u.p.

Rouphly speaking, we reduce the problem of factoring a polynomial of n variables to the case of polynomial of n-1 variables, pointing at one (or two) variables at the end.

Hilbert irreducibility theorem

Let be an irreducible polynomial over Q and let R(N) denote the number of n-tuples over Z with |xi|<N such that is reducible. Then

, where c depends only on the degree

of F.

),,...,( 1 YXXF n

),,...,( 1 YxxF n

NNcNR n log)( 2/1

Hilbert theorem: disadvantages

There is no upper bound on the number of random points needed.

The approach can not be applied when working over finite field.

Bertini’s theorem

Let be an irreducible polynomial of R[Z], where

and is an intergal domain. Let the degree of in be d,

Let the total degree of the in be . Let L be a subset of of cardinality .

Then is irreducible over

),,...,( 1 ZXXF v

],...,[ 1 vXXAR AZ

F

0

Z

F

vXX ,...,1 F DA B

),,...,(( 11 ZTbaTbaFP vv

B

dDLbZTA

d

i

241)|],[