• 沒有找到結果。

Other Restrictions on the Degree of Irreducible Factors

= 1

2m1m2πi

Z 1+inπ 1−inπ

e−E(µ2h) 1 h+ 1

nψ h n

 + O

 1 hm2



e(1−µ1−µ2)hdh.

We again break this integral into three parts, where the second and third part satisfy O

log n m1m2

 .

For the first part we replace the contour by (1 − i∞, 1 + i∞). Then, by Lemma 2.20 and change of variable v = µ2h, the main term becomes

1 2m1m2πi

Z 1+inπ 1−inπ

e−E(µ2h)1

he(1−µ1−µ2)hdh

= 1

2m1m2πi

Z 1+i∞

1−i∞

e−E(v) 1

v/µ2e(1−µ1−µ2)v/µ2 1 µ2dv

= 1

2m1m2πi

Z 1+i∞

1−i∞

e−E(v) v ev

1−µ1−µ2 µ2



dv = 1

m1m2 ρ 1 − µ1− µ2 µ2

 .

Overall, we obtain for the probability that D[1]n = m1 and D[2]n = m2: P r D[1]n = m1, Dn[2] = m2 = 1

m1m2 ρ 1 µ2 −µ1

µ2 − 1



+ O log n m1m22



= 1

m1m2 ρ n

m2 − m1 m2 − 1



+ O log n m1m22

 .

3.4 Other Restrictions on the Degree of Irreducible Fac-tors

Example 3.16. Here, we will discuss the probability that a random polynomial has irreducible factors of distinct degrees.

Let D(z) denote the corresponding generating function. Then, D(z) =Y

k≥1

1 + Ikzk .

So, the probability of a random polynomial having irreducible factors of distinct de-grees equals

Dn

qn = [zn]D(z/q).

In order to find the asymptotics, we first rewrite D(z/q) as follows D(z/q) =Y

=X

k≥1

zkm

km + Sm(z) = Lim(zm) + Sm(z), where Sm(z) is analytic on |z| < q1/2, too.

Next, we plug this into the expression of D(z/q) and factor D(z/q) = U (z)V (z), where

U (z) = 1

1 − z · exp

M

X

m=2

(−1)m+1

m Lim(zm)

!

and

V (z) = eA(z)· exp

M

X

m=2

(−1)m+1

m Sm(z) + X

m≥M +1

(−1)m+1 m Λm(z)

! .

Choose M = 2. Then, V (z) is C1-smooth. Moreover, U (z) is of global order −1.

Next, we need to write U (z) = eU (z) + R(z), where eU (z) is a log-power function and R(z) is smooth. Therefore, observe that U (z) has singularities at z = 1 and z = −1. In order to find the singularity expansions, first note that by Lemma 2.23, the singularity expansion of Li2(z) at z = 1 is

Li2(z) = τ (log τ − 1) + X

j≥0,j6=1

(−1)j

j! ζ(2 − j)τj

= ζ(2) + τ log τ − τ +X

j≥2

(−1)j

j! ζ(2 − j)τj, where τ := − log z = (1 − z) + O ((1 − z)2). Consequently,

Li2(z) = ζ(2) + (1 − z) log(1 − z) + O(1 − z).

Hence, the singularity expansion of U (z) at z = 1 is U (z) = 1

1 − z · exp



−ζ(2)

2 − 1 − z2

2 log(1 − z2) + O(1 − z2)



= e−ζ(2)/2

1 − z · exp (−(1 − z) log(1 − z) + O(1 − z))

= e−ζ(2)/2

1 − z · (1 − (1 − z) log(1 − z) + O(1 − z))

= e−ζ(2)/2

1 − z − e−ζ(2)/2log(1 − z) + O(1) ← where O(1) is C0-smooth.

Moreover, the singularity expansion at z = −1 is U (z) = 1

1 − z · exp



−ζ(2)

2 − 1 − z2

2 log(1 − z2) + O(1 − z2)



= e−ζ(2)/2

1 − z · exp (−(1 + z) log(1 + z) + O(1 + z))

= e−ζ(2)/2

1 − z · (1 − (1 + z) log(1 + z) + O(1 + z)) = O(1) ← C0-smooth.

Combining this yields U (z) = eU (z) + R(z), where R(z) is C0-smooth and

U (z) =e e−ζ(2)/2

1 − z − e−ζ(2)/2log(1 − z).

Consequently, by applying Theorem 2.14, we obtain [zn]D z

q



∼ e−ζ(2)/2V (1)[zn]

 1

1 − z − log(1 − z)



∼ e−ζ(2)/2V (1).

In order to make the constant explicit, note that e−ζ(2)/2V (1) = lim

z→1(1 − z)D(z/q) = lim

z→1

D(z/q) P (z/q)

= lim

z→1

Y

k≥1

1 + Ikzkq−k

1 − zkq−kIk

! .

Next observe, Y

k≥1

1 + Ikzkq−k

1 − zkq−kIk

=Y

k≥1

 1 + 1

k + O(qk/2)

  1 − 1

k + O(k−2)



=Y

k≥1

1 + O(k−2) .

Since this infinite product converges, we can plug in z = 1. Then, we obtain [zn]D z

q



∼Y

k≥1

1 + Ikq−k

1 − q−kIk

.

Finally note that

q→∞lim Y

k≥1

(1 + Ikq−k)(1 − q−k)Ik = lim

q→∞

Y

k≥1

 1 + 1

k + O(q−k/2)



e1k+O(q−k/2)

= lim

q→∞

Y

k≥1

 1 + 1

k



e1k = e−γ,

where γ is Euler’s constant and the last step follows from the product representation of the Gamma function.

Example 3.17. Here, we consider the probability of a random polynomials having irreducible factors of even degrees distinct.

Let D[e](z) denote the generating function. Then,

D[e](z) = Y

k≥1

1 + I2kz2k

 1

1 − z2k−1

I2k−1

.

Consequently, the probability of a random polynomials having irreducible factors with even degrees distinct equals

D[e]n

qn = [zn]D[e](z/q).

Now, observe D[e](z/q) = Y

k≥1

1 + I2k(z/q)2k

 1

1 − (z/q)2k−1

I2k−1

= exp X

k≥1

log 1 + I2k(z/q)2k − I2k−1log 1 − (z/q)2k−1

!

= exp X

k≥1

X

m≥1

(−1)m−1(I2k)m(z/q)2km

m +X

k≥1

I2k−1X

m≥1

(z/q)(2k−1)m m

!

= exp X

m≥1

(−1)m+1 m

X

k≥1

 I2k

z2k q2k

m + 1

m X

k≥1

I2k−1(z/q)(2k−1)m

!!

.

For convenience, set Λ[e]m(z) :=P

Now, after plugging every thing into D(z/q), we can factor D(z/q) = U (z)V (z) with

and

V (z) = eA(z)· exp

M

X

m=2

(−1)m+1Sm[e](z) + Θm(z) m

+ X

m≥M +1

(−1)m+1Λ[e]m(z) + Θm(z) m

! .

As before, choose M = 2. Then, V (z) is C1-smooth. Moreover, U (z) is of global order −1 with singularity at z = ±1 and z = ±i.

In order to find the singularity expansions, we again use the singularity expan-sion of Li2(z) at z = 1

Li2(z) = ζ(2) + (1 − z) log(1 − z) + O(1 − z).

Then, as before, U (z) = eU (z) + R(z) with R(z) C0-smooth and

U (z) =e e−ζ(2)/8 1 − z −1

4e−ζ(2)/8log(1 − z).

Consequently, by applying Theorem 2.14, we obtain [zn]D[e] z

q



∼ e−ζ(2)/8V (1)[zn]

 1

1 − z − log(1 − z) 4



∼ e−ζ(2)/8V (1).

In order to make the constant explicit, note that e−ζ(2)/8V (1) = lim

z→1(1 − z)D[e](z/q) = lim

z→1

D[e](z/q) P (z/q)

= lim

z→1

Y

k≥1

1 + I2kz2kq−2k

1 − z2kq−2kI2k

! . Next observe that

Y

k≥1

1 + I2kz2kq−2k

1 − z2kq−2kI2k

=Y

k≥1

 1 + 1

2k + O(q−k)

  1 − 1

2k + O(k−2)



=Y

k≥1

1 + O(k−2) ,

which is convergent. Hence, the above limit can be evaluated by plugging in z = 1.

This finally gives

[zn]D[e] z q



∼Y

k≥1

1 + I2kq−2k

1 − q−2kI2k

.

Finally, for Chapter 4, we need another example which is a slight variant of Example 3.16.

Example 3.18. The probability that a random polynomials has irreducible factors (counted without multiplicities) of distinct degrees.

Let D?(z) denote the corresponding generating function. Then, D?(z) =Y

k≥1

1 + Ikzk+ Ikz2k+ · · · =Y

k≥1



1 + Ikzk 1 − zk

 .

Using a similar analysis as before yields [zn]D?(z/q) ∼Y

k≥1



1 + Ik qk− 1



1 − q−kIk

.

Note that again

q→∞lim Y

k≥1



1 + Ik qk− 1



1 − q−kIk

= lim

q→∞

Y

k≥1

 1 + 1

k + O

qk2

ek1+O(q− k2) = e−γ.

Chapter 4

Application to Polynomial Factorization

In this chapter, we give some applications of the results of the previous chapter to factorization of polynomials. We first explain a three step procedure which is used by many factorization algorithms.

The first step is the observation that it suffices to factorize square free polyno-mials.

Step 1: Note that if there are repeated factors in the prime factorization of f (x), then the repeated factors will also appear in the derivative of f (x). Hence, we can obtain the repeated factors by computing the greatest common divisor of f (x) and f0(x). Next, by dividing f (x) by gcd(f (x), f0(x)), we can get rid of the re-peated factors and turn the polynomial f (x) into a squarefree polynomial. (Note that since the derivative of a irreducible factor whose multiplicity is a multiple of p is 0 in the finite field Fq with q = pn, so this procedure does not work if f (x) contains irreducible factors whose multiplicity is a multiple of p. A slight modification of the procedure, however, works. For the sake of simplicity, we

will not discuss this here.) We will call the output of this step ef (z).

The second step will factor ef (z) into a product of b[k](x), where b[k](x) contains all irreducible factors of degree k. For this we will use a well-known fact from the theory of finite fields, namely, xqk − x is the product of all irreducible polynomials of degree

≤ k in Fq. Consequently, computing the greatest common divisor of ef (z) and xqk− x will separate the factors into two parts: one containing all irreducible factors of degree

≤ k and the other containing the remaining factors. Using this observation, the second step works as follows.

Step 2: We start from k = 1 and compute the greatest common divisor of ef (z) and xqk − x. This gives b[1](x). Then we replace ef (z) by ef (z)/b[1](x) and continue like this with k = 2, 3, · · · to find the other factors.

After Step 2, the problem is reduced to the factorization of b[k](x). However, there is no efficient deterministic algorithm for this factorization. Consequently, we use a random procedure. Therefore note that since b[k](x) is a product of irreducible factors of degree k, i.e., b[k](x) = r1(x) · r2(x) · · · · rj(x) with ri(x) irreducible and deg(ri(x)) = k, so Fq[x]/ b[k](x) is isomorphic to the product of Fq[x]/ (ri(x)). Next recall that in Fq[x]/ (ri(x)) \ {0}, half of the elements are squares and the other half are not.

Thus, if we pick a polynomial h(x) at random, then if it is a square in Fq[x]/ (ri(x)), we have h(x)qk −12 ≡ 1 mod ri(x), i.e., ri(x)

h(x)qk −12 − 1. This will happen with probability 1/2. Consequently, computing the gcd of h(x)qk −12 − 1 and b[k](x) will give the irreducible factors for which h(x) is a square. The number of these factors will be binomially distributed with mean j/2. Using this idea, the step 3 works as follows.

Step 3: For every b[k](x), if the degree of b[k](x) is greater than k, we choose a random polynomial h(x) with degree equal deg(b[k](x)) − 1. Then, let v(x) be the

great-est common divisor of b[k](x) and h(x)qk −12 − 1. After v(x) is found, we repeat this process with v(x) and b[k](x)/v(x) until all irreducible factors are found.

ABCDE

AD BCE

1 AD C BE

A D B E

Figure: A possible outcome of Step 3 if b[k] = ABCDE with A, B, C, D, E irreducible factors of degree k.

Now, we are going to consider an example. For example, consider the following poly-nomial over F5:

f (x) = x9+ 2x8+ 4x7+ 2x6+ 2x5+ 3x4+ x3+ x2+ 3x + 1.

Step 1: The derivative of f (x), is

f0(x) = 4x8 + x7+ 3x6+ 2x5+ 2x3+ 3x2+ 2x + 3.

Consequently, gcd(f, f0) = x + 4, which means that the factor x + 4 is repeated.

So we divide f (x) by x + 4 and obtain

f (x) = (x + 4) · ef (x) = (x + 4) · (x8+ 3x7+ 2x6+ 4x5+ x4+ 4x3+ x + 4), where ef (x) is a squarefree polynomial.

Step 2: Let k = 1. Then, we have

b[1](x) = gcd( ef (x), x5− x) = x2+ 2x + 2.

Next, divide ef (x) by x2+ 2x + 2 which gives x6+ x5+ 3x4+ x3+ 3x2+ x + 2.

Set k = 2. Then,

b[2](x) = gcd f (x)e

b[1](x), x25− x

!

= x6+ x5+ 3x4+ x3+ 3x2+ x + 2.

Thus, we have factorized ef (x) as follows

f (x) = be [1](x) · b[2](x) = (x2+ 2x + 2) · (x6+ x5+ 3x4 + x3+ 3x2+ x + 2).

Step 3: Here, we have to factorize b[1](x) and b[2](x):

1. For b[1](x):

Since the degree of b[1](x) equals 2, we choose a random polynomial h(x) of degree 1, e.g., h(x) = x + 1. Then, h(x)qk −12 − 1 is

(x + 1)51−12 − 1 = (x + 1)2− 1 = (x2+ 2x + 1) − 1 = x2+ 2x.

However,

v(x) = gcd(b[1](x), x2+ 2x) = 1.

So, we have to repeat this step with another random polynomial. Therefore, pick h(x) = x + 2. Then,

(x + 2)51−12 − 1 = (x + 2)2− 1 = (x2+ 4x + 4) − 1 = x2+ 4x + 3.

Next,

v(x) = gcd(b[1](x), x2+ 4x + 3) = x + 3.

The other factor is

b[1](x)/(x + 3) = x + 4.

So, we finished the factorization of b[1](x), having b[1](x) = x2+ 2x + 2

1 x2+ 2x + 2

x + 3 x + 4

2. For b[2](x):

Since its degree of b[2](x) equals 6, so we choose a random polynomial h(x) of degree 5. A similar procedure as before then yields:

x6+ x5+ 3x4+ x3+ 3x2+ x + 2

x2+ x + 2 x4+ x2+ 1

x2 + 4x + 1 x2+ x + 1

Overall, we have factorized the polynomial and obtain:

f (x) = (x + 3)(x + 4)2(x2+ x + 1)(x2+ x + 2)(x2+ 4x + 1).

Next, we are going to explain the usefulness of the results of the previous chapter when analyzing the algorithm.

First, Step 1’s purpose was to turn the random polynomial into a squarefree polynomial. Since by Example 3.7 the probability that a random polynomial is square-free equals 1 − 1/q, this step is very fast since there is only a probability of 1/q that the division is needed. Moreover, if the polynomial is not squarefree, again by Example

3.7 the expected value of the degree of the remaining part is still small, so that the division is not costly on average, even in this case.

Second, recall that the purpose of Step 2 was to separate the irreducible factors according to their degrees. The most simple way to do this is by repeating this step from k = 1 to n (we call this strategy 1). However, note that if k > n/2, then the remaining polynomial is either irreducible or constant. Thus, a better strategy would be to consider k from 1 to n/2 (strategy 2). Finally, an even better strategy is based on the following observation: if the degree of the remaining polynomial is < 2k in the k-th step, then the remaining polynomial is again either already irreducible or a constant. This leads to a third strategy (strategy 3) for which we repeat until

k > maxbD[1]n /2c, D[2]n ,

where D[1]n and Dn[2] are as in Chapter 3. The complexity of the Step 2 for these three strategies was analyzed in 4.1. In particular, for strategy 3, the results from Section 3.3 were used. We only state the result without giving a more detailed explanation.

We need the following assumptions: let τ1n2 be the cost of multiplying two polyno-mials of degree < n and reducing the result module a polynomial of degree equal to n. Moreover, let τ2n2 be the cost of computing the greatest common divisor of two polynomials of degree at most n. Then, in [10, p. 21] the following result was proved.

Theorem 4.1. The expected complexity of Step 2 under the three strategies mentioned above when applied to a random polynomial of degreen is as follows





0.47n3 for strategy 1;

0.31n3 for strategy 2;

0.27n3 for strategy 3.

Here,λ(q) := blog2qc + ν(q) − 1 and ν(q) is the number of ones in the binary repre-sentation ofq.

Finally, we consider Step 3 in which the polynomials b[k](x) with all irreducible factors of equal degree k are factorized. First note that nothing has to be done in this step if all the b[k](x) are irreducible. According to Example 3.18, the probability for this e−γ when n is very large. Second, as for the complexity of this step, in [10, p. 39]

a result was proved which used a connection to random tries. For completeness, we recall the result here.

Theorem 4.2. The expected complexity of Step 3 is O(n2log q). More precisely, the complexity is asymptotic to

 3 4τ1 q2

q2− 1log2q



(1 + ξn)n2, where−13 + o(1) ≤ ξn13 + o(1).

Bibliography

[1] ABRAMOWITZ, M., STEGUN, I. (1970). Handbook of Mathematical Functions.

Dover, New York.

[2] BACH E., SHOUPV. (1990). Factoring Polynomials Using Fewer Random Bits, Journal of Symbolic Computation, 9, 229–239.

[3] BERLEKAMP E. (1967). Factoring Polynomials over Finite Fields, Bell Systems Technol. J., 46 1853–1859.

[4] BERLEKAMP, E. (1968). Algebraic Coding Theory. McGraw Hill, New York NY.

[5] BOCHNER S., CHANDRASEKHARAN K. (1949). Fourier Transforms. Princeton University Press.

[6] BUCHMANN, J. (1990). Complexity of Algorithms in Algebraic Number Theory.

In Number Theory. Proc. First Conf. Canadian Number Theory Assoc. Walter de Gruyter, 37–53.

[7] CHOR, B., RIVEST, R. L. (1985). A Knapsack type Public Key Cryptosystem based on Arithmetic in Finite Fields, IEEE Trans. Inf. Theory, 34, 901–909.

[8] COLLINS, G. E. (1979). Factoring Univariate Integral Polynomials in Polyno-mial Average Time. In Proceedings of EUROSAM’79 Marseille, France, LNCS 72, 317–329.

[9] FLAJOLET, P., FUSYE., GOURDONX., PANARIOD., POUYANNEN. (2006). A Hybrid of Darbouxs Method and Singularity Analysis in Combinatorial Asymp-totics, The Electronic Journal of Combinatorics, 13, 35 pages.

[10] FLAJOLET, P., GOURDON X., PANARIO D. (2001). The Complete Analysis of a Polynomial Factorization Algorithm over Finite Fields, Journal of Algorithms, 409, 37–81.

[11] FLAJOLET, P., ODLYZKO, A. (1990). Singularity Analysis of Generating Func-tions, SIAM Journal on Discrete Mathematics, 3, 216–240.

[12] FLAJOLET, P., SEDGEWICK, R. (2009). Analytic Combinatorics. Cambridge University Press.

[13] KNUTH, D. E. (1998). The Art of Computer Programming, Volume 2, Seminu-merical Algorithms, 3rdedn. Reading, MA, Addison-Wesley.

[14] LENSTRA A. K., LENSTRA, JR., H. W., LOVASZ, L. (1982). Factoring Polyno-mials with Rational Coefficients, Math. Ann., 261, 515–534.

[15] LENSTRA, JR., H. W. (1991). On the Chor-Rivest Knapsack Cryptosystem, J.

Cryptol., 3, 149–155.

[16] LEWINL. (1991). Structural Properties of Polylogarithms. American Mathemat-ical Society.

[17] ODLYZKO, A. (1985). Discrete Logarithms and Their Cryptographic Signifi-cance. In Advances in Cryptology: Proceedings of EUROCRYPT 1984, Paris, France,LNCS 209, 224–314.

[18] R ´ONYAI L.(1988). Factoring Polynomials over Finite Fields, Journal of Algo-rithms, 9, 391–400.

[19] ZASSENHAUS, H. (1969). On Hensel Factorization, I, J. Number Theory, 1, 291–

311.

立即下載 "以解析組合的方法討論有..."

Outline

相關文件