In science and engineering, a successful attack on a problem will usually lead to some equations that have to be solved. There are many types of such equations: differential equations, linear or polynomial equations or inequalities, recurrences, equations in groups, tensor equations, etc. In principle, there are two ways of solving such equations: approximately or exactly. Numerical analysis is a well-developed field that provides highly successful mathematical methods and computer software to compute approximate solutions.

Computer algebra is a more recent area of computer science, where mathematical tools and computer software are developed for the exact solution of equations.

Why use approximate solutions at all if we can have exact solutions? The answer is that in many cases an exact solution is not possible. This may have various reasons: for certain (simple) ordinary differential equations, one can prove that no closed form solution (of a specified type) is possible. More important are questions of efficiency: any system of linear equations, say with rational coefficients, can be solved exactly, but for the huge linear systems that arise in meteorology, nuclear physics, geology or other areas of science, only approximate solutions can be computed efficiently. The exact methods, run on a supercomputer, would not yield answers within a few days or weeks (which is not really acceptable for weather prediction).

In this chapter, we present two modular algorithms for factoring in Q[x] and F[x, y] for a field F. The first one uses factorization modulo a “big” prime and is conceptually easier, and the second one uses factorization modulo a “small” prime and then “lifts” it to a factorization modulo a power of that prime. The latter is computationally faster and comprises our most powerful employment of the prime power modular approach introduced in Chapter 5.

Factoring in ℤ[x] and Q[x]: the basic idea

Our first goal is to understand the difference between “factoring in ℤ[x]” and “factoring a polynomial with integer coefficients in Q[x]”. The basic fact is that the latter corresponds to factoring primitive polynomials in ℤ[x], while the former requires in addition the factoring of an integer, namely the polynomial's content. We rely on the following notions which were introduced in Section 6.2.

Let R be a Unique Factorization Domain (our two main applications are, as usual, R = ℤ and R = F[y] for a field F). The content cont (f) of a polynomial f ∈ R[x] is the greatest common divisor of its coefficients (with the convention that the gcd is positive if R = ℤ and monic if R = F[y]).

Carl Friedrich Gauß (1777–1855), the Prince of Mathematicians, was the latest, after Archimedes and Newton, in this trio of great men whose ideas shaped mathematics for centuries after their work (and two of whom figure prominently in this book).

Born on April 30, 1777, and registered as Johann Friderich Carl Gauß, he grew up in a poor bricklayer's family in Braunschweig. His father, an honest but tough and simple-minded person, did not succeed in keeping his son as uneducated as himself, mainly because of the efforts of Gauß' mother Dorothea and his uncle Friederich.

Gauß loved to tell the story of how—at ten years of age—one of the first flashes of his genius surprised his unsuspecting teacher Büttner. The class had been given the task to sum the numbers 1,…,100. (What a useless task!) Gauß figured out the corresponding summation formula (see Section 23.1), wrote down the correct answer almost immediately, and waited while the other boys took the full hour to get their answers—all wrong. (Such stupidities have not vanished from German schools: the first author had a high-school geography teacher who would set similarly useless tasks in order to have some time for serious study— of the current Playboy issue.)

An important general concept in computer algebra is the idea of using various types of representation for the objects at hand. As an example, we can represent a polynomial either by a list of its coefficients or by its values at sufficiently many points. In fact, this is just computer algebra lingo for the ubiquitous quest for efficient data structures for computational problems.

One successful instantiation of the general concept are modular algorithms, where instead of solving an integer problem (more generally, an algebraic computation problem over a Euclidean domain R) directly one solves it modulo one or several integers m. The general principle is illustrated in Figure 5.1. There are three variants: big prime (Figure 5.1 with m = p for a prime p), small primes (Figure 5.2 with m = p1…pr for pairwise distinct primes p1,…,pr), and prime power modular algorithms (Figure 5.3 with m = pl for a prime p). The first one is conceptually the simplest, and the basic issues are most visible in that variant. However, the other two variants are computationally superior.

In each case, two technical problems have to be addressed:

1. ￮ a bound on the solution in R,

2. ￮ how to find the required moduli.

We start by discussing the computer representation and fundamental arithmetic algorithms for integers and polynomials. We will keep this discussion fairly informal and avoid all the intricacies of actual computer arithmetic—that is a topic on its own. The reader must be warned that modern-day processors do not represent numbers and operate on them as we describe now, but to describe the tricks they use would detract us from our current goal: a simple description of how one could, in principle, perform basic arithmetic.

Although our straightforward approach can be improved in practice for arithmetic on small objects, say double-precision integers, it is quite appropriate for large objects, at least as a start. Much of this book deals with polynomials, and we will use some of the notions of this chapter throughout. A major goal is to find algorithmic improvements for large objects.

The algorithms in this chapter will be familiar to the reader, but she can refresh her memory of the analysis of algorithms with our simple examples.

This appendix presents some of the basic notions used throughout the text, for the reader's reference. By necessity, this is kept rather short and without proofs; we indicate, however, reference texts where these can be found. The reader is required to either have previous acquaintance with the material or be willing to read up on it. Our presentation is too concise for self-study; its purpose is to fix the language and point the reader to those areas, if any, where she needs brushing up.

The first five sections deal with algebra: groups, rings, polynomials and fields, finite fields, and linear algebra. Then we discuss finite probability spaces. After this mathematical background come some fundamentals from computer science: O-notation and a modicum of complexity theory.

Groups

The material of the first three sections can be found in any basic algebra text, such as Hungerford (1990) or the latest edition of van der Waerden's (1930b, 1931) classic on Modern Algebra.

DEFINITION 25.1. A group is a nonempty set G with a binary operation ·: G × G → G satisfying

• ◦ Associativity: ∀ a, b, c ∈ G (a · b)· c = a · (b · c),

• ◦ Identity: ∃1 ∈G ∀a ∈G a ·1 = 1 ·a = a,

• ◦ Inverse: ∀a ∈G ∃a−1 ∈G a·a−1 = a−1 ·a = 1.

We mentioned on pages 218–219 Newton's method for approximating roots of polynomials. It has become a staple of numerical computation, and seen many generalizations and improvements over the years. But what does this decidedly continuous, approximative method, computing values that are closer and closer to some real root, have to do with the discrete, exact calculations prevalent in computer algebra? There is a somewhat counter-intuitive notion of closeness for integers (and polynomials), corresponding to divisibility by higher and higher powers of a fixed prime. Newton iteration works just beautifully in this purely algebraic setting.

We start by using it to find a custom-Taylored division algorithm that is about as fast as multiplication, and then describe its use for finding roots of polynomials. Finally, we describe a common framework—valuations—into which both the analytical method over the real numbers and our symbolic version fit. In Chapter 15, we will apply Newton's method to the factorization of polynomials; it is then called Hensel lifting.