Chapter V: The generalized P -scheme algorithm
5.1 Preliminaries
For a number field K, denote by O¯K the quotient ring OK/pOK. For K0 = Q[Y]/(˜h(Y)), we have
Lemma 5.2. The idealpOK0 is a prime ideal ofOK0. AndO¯K0 ∼=Fq.
Proof. Let Y¯ := Y + (˜h(Y)) ∈ OK0. Consider the ring homomorphism i : Fp[Y]/(h(Y))→O¯K0 sendingY+ (h(Y))toY¯+pOK0. Clearlyiis a nonzero map sincei(1) = 1. AsFp[Y]/(h(Y))is a field, the mapiis injective. AsFp[Y]/(h(Y)) and O¯K0 both have dimension deg(h) over Fp, the map i is an isomorphism. So O¯K0 ∼=Fp[Y]/(h(Y))∼=FqandpOK0 is prime.
In the following, we give some notations and facts from algebraic number theory.
The proofs can be found in standard references like [Neu99].
Splitting of prime ideals. LetKbe a finite extension ofK0. The idealpOKsplits in the unique way into a product of prime ideals ofOK, up to the ordering:
pOK =
k
Y
i=1
Pe(Pi i)=
k
\
i=1
Pe(Pi i),
whereP1, . . . ,Pkare distinct ande(Pi) ∈N+. We sayP1, . . . ,Pkare the prime ideals ofOK lying overp. Fori∈[k], defineκPi :=OK/Piwhich is a finite field, called theresidue fieldofPi. The inclusionOK0 ,→ OK induces an embedding of O¯K0 ∼=FqinκPi, makingκPi an extension field ofO¯K0. Letf(Pi) := [κPi : ¯OK0]. We calle(Pi)andf(Pi)theramification indexand theinertia degreeofPi (over pOK0) respectively. It holds that
k
X
i=1
e(Pi)f(Pi) = [K :K0].
Vector spacesPi/Pi+1. We also use the following facts implicitly:
For a number fieldK,i∈Nand a nonzero prime idealPofOK, the abelian group Pi/Pi+1is an one-dimensional vector space over the fieldκP=OK/P, where the scalar multiplication is defined by
(u+P)·(v +Pi+1) = uv+Pi+1 foru∈ OK, v ∈Pi. Fori, j ∈Nandu∈Pi−Pi+1, the map
x+Pj+1 7→ux+Pi+j+1
is an isomorphism fromPj/Pj+1 toPi+j/Pi+j+1, both regarded as vector spaces overκP. In particular, fori, j ∈Nandu∈Pi−Pi+1, we haveuj ∈Pij −Pij+1. Now supposeK, K0 are finite extensions ofK0 andK ⊆K0. AndP,Qare prime ideals of OK and OK0 respectively, both lying over p, such that Q∩ OK = P. Then e(P) divides e(Q) and f(P) divides f(Q). And for i ∈ N, the inclusion OK ,→ OK0 induces an inclusionPi/Pi+1 ,→Qi0/Qi0+1wherei0 =i·e(Q)/e(P). The decomposition group and the inertia group. LetL/K0be a Galois extension of number fields with the Galois groupG= Gal(L/K0). LetPbe a prime ideal of OLlying overp. The group
DP :={g ∈G:gP=P} ⊆G is called thedecomposition groupofPoverK0. And the group
IP :={g ∈G:gx≡x (mod P)for allx∈ OL}
is a normal subgroup ofDP, called theinertia groupofPoverK0. Each automor- phismg ∈ DP ofLrestricts to an automorphism ofOLfixingOK0 and satisfying
gP=P, and hence induces an automorphism¯gof the residue fieldκPfixingO¯K0, defined by
¯
g(x+P) =gx+P.
The mapπ:g 7→g¯is a surjective group homomorphism fromDPtoGal(κP/O¯K0) whose kernel is preciselyIP, i.e, we have a short exact sequence
1→ IP→ DP −→π Gal(κP/O¯K0)→1.
The Galois group Gal(κP/O¯K0) is cyclic and is generated by theFrobenius auto- morphismx7→xq ofκPoverO¯K0 ∼=Fq.
The wild inertia group. LetL,GandPbe as above. The group WP :={g ∈G:gx≡x (mod P2)for allx∈ OL}.
is a normal subgroup ofIP, called thewild inertia groupofPoverK0.
ChooseπL∈P−P2. We have a group homomorphismIP →κ×Psendingg ∈ IP to the unique elementcg ∈ κ×P satisfyinggπL+P2 = cg(πL+P2). This map is independent of the choice of πL, and its kernel is precisely WP. It is also known thatWPis ap-group. See [Neu99, Section II.10].
In our factoring algorithm, the group G is a subgroup of Sym(n) where n is the degree of the input polynomial f(X) ∈ Fq[X]. We can always assume p > n, since the case p ≤ n is solved in polynomial time by Berlekamp’s algorithm in [Ber70]. Under this assumption, thep-subgroupWPofGis trivial, and hence the mapIP →κ×Pabove is injective. In particular, the inertia groupIPis cyclic.
Prime ideals vs. double cosets. We have the following generalization of Theo- rem 3.4, which gives a one-to-one correspondence between prime ideals lying over pand double cosets. See [Neu99] for its proof.
Theorem 5.3. Let L/K0 be a Galois extension of number fields and let G = Gal(L/K0). Fix a prime idealQ0ofOLlying overp. For any subgroupH ⊆Gand its fixed fieldK =LH, the mapHgDQ0 7→gQ0∩OKis a one-to-one correspondence between the double cosets inH\G/DQ0 and the prime ideals ofOK lying overp.6 Moreover, forg ∈Gand the prime idealP=gQ0∩ OKcorresponding toHgDQ0, define
n(P) := |{Hh∈H\G:HhDQ0 =HgDQ0}|.
Then
e(P) =|{Hh∈H\G:HhIQ0 =HgIQ0}| and f(P) = n(P) e(P).
Motivated by Theorem 5.3, we define the ramification index and the inertia degree of a double coset:
6Note that this map is well defined: for another representativehgh0 ∈ Gof HgDQ0, where h∈H andh0∈ DQ0, we havehgh0Q0∩ OK =hgQ0∩ OK =h(gQ0∩ OK) =gQ0∩ OKsince
h0
Q0=Q0andOKis fixed byH.
Definition 5.2. Let G be a finite group, H,D subgroups of G, and I a normal subgroup of D. Define the ramification index of a double coset HgD ∈ H\G/D with respect to(D,I)to be
e(HgD) :=|{Hh∈H\G:HhI =HgI}|,
which is well defined.7 And define theinertia degreeofHgDwith respect to(D,I) to be
f(HgD) := |{Hh∈H\G:HhD=HgD}|
e(HgD) .
SupposeL/K0is a Galois extension of number fields with the Galois groupG. Fix a prime ideal Q0 of OL lying over p. Let H be a subgroup of G and K = LH. Then by Theorem 5.3, the ramification index (resp. inertia degree) of a double coset HgDQ0 ∈H\G/DQ0 with respect to(DQ0,IQ0)is precisely the ramification index (resp. inertia degree) of the corresponding prime idealgQ0∩ OKofOK.
We also introduce the following notations concerning partitions of a double coset space.
Definition 5.3. Let G, H,D,I be as in Definition 5.2. We say a partition P of H\G/D has locally constant ramification indices (resp. inertia degrees) with respect to (D,I) if for every B ∈ P, all the double cosets in B have the same ramification index (resp. inertia degree) with respect to(D,I). For such a partition P and anyB ∈P, denote bye(B)(resp. f(B)) the ramification index (resp. inertia degree) of any double coset inB.
Radicals of rings and polynomials. LetAbe a (commutative) ring. An element x ∈ A isnilpotent if xk = 0for some k ∈ N+. The radical(or nilradical) of A, denoted byRad(A), is the ideal consisting of the nilpotent elements ofA. It equals the intersection of all the prime ideals ofA(see [AM69]).
Letg(X)∈Fq[X]be a non-constant polynomial with the following factorization
g(X) = c·
k
Y
i=1
(gi(X))mi
7To see thate(HgD)is well defined, consider two representativesg andg0 of HgD. Then g0=sgtfor somes∈Handt∈ D. Note thatHhtI=HhItfor allh∈G. It follows that the map Hh7→Hhtis a bijection from{Hh∈H\G:HhI=HgI}to{Hh∈H\G:HhI=Hg0I}.
overFq, wherec∈Fqis the leading coefficient ofgandg1, . . . , gkare distinct monic irreducible polynomials over Fq. Define theradical Rad(g)of g to be the monic polynomialQk
i=1gi(X)∈Fq[X]. ForA=Fq[X]/(g(X)), the ideal ofAgenerated byRad(g) + (g(X))∈Ais preciselyRad(A).
The ring RK. Suppose K is a finite extension of K0 and pOK splits into the product of prime ideals
pOK =
k
Y
i=1
Pe(Pi i),
whereP1, . . . ,Pk are distinct. The radical ofO¯K is given by Rad( ¯OK) =
k
\
i=1
Pi/pOK =
k
\
i=1
Pi
!
/pOK.
By the Chinese remainder theorem, we have the isomorphism O¯K/Rad( ¯OK)→
k
Y
i=1
OK/Pi =
k
Y
i=1
κPi,
sending x+ Rad( ¯OK) ∈ O¯K/Rad( ¯OK) to (˜xmodP1, . . . ,x˜modPk), where
˜
x∈ OKis an arbitrary element liftingx∈O¯K. In particular, the ringO¯K/Rad( ¯OK) is semisimple.
DefineRK to be the subring ofO¯K/Rad( ¯OK)consisting of elements fixed by the Frobenius automorphismx7→xpoverFp, i.e.,
RK :=
x∈O¯K/Rad( ¯OK) :xp =x . The isomorphismO¯K/Rad( ¯OK)→Qk
i=1κPiabove identifiesRKwith the subring Qk
i=1Fp ofQk
i=1κPi. SoRK is a finite product of copies ofFp and in particular is semisimple.
Observe that the map m 7→ (m/Rad( ¯OK))∩RK is a one-to-one correspondence between the maximal ideals of O¯K and those of RK. Combining this fact with Theorem 5.3, we obtain
Lemma 5.3. LetL,G,Q0 be as in Theorem 5.3. For any subgroupH⊆Gand its fixed fieldK =LH, the map
HgDQ0 7→ (gQ0∩ OK)/pOK Rad( ¯OK) ∩RK
is a one-to-one correspondence between the double cosets in H\G/DQ0 and the maximal ideals ofRK.
Idempotent decompositions vs. partitions of a double coset space. In the following, we establish a one-to-one correspondence between the idempotent de- compositions ofRK and the partitions of a certain double coset space.
For a number field extension L/K, the inclusionOK ,→ OL induces an inclusion O¯K ,→O¯L. So we may regardO¯Kas a subring ofO¯L. Note thatRad( ¯OL)∩O¯K = Rad( ¯OK). Passing to the quotient rings yields an inclusion O¯K/Rad( ¯OK) ,→ O¯L/Rad( ¯OL). Restricting to the subringRK, we obtain an inclusion
iK,L :RK ,→RL.
Also note that ifL/K0 is a Galois extension with the Galois groupG, the action of GonOLinduces an action onRLthat permutes the maximal ideals ofRL.
Fix the following notations: letLbe a Galois extension ofK0with the Galois group G= Gal(L/K0). For a (nonzero) prime idealQofOLlying overp, define
Q¯ := Q/pOL
Rad( ¯OL) ∩RL,
which is a maximal ideal of RL, and let δQ¯ be the primitive idempotent of O¯L
satisfyingδQ¯ ≡ 1 (mod ¯Q)andδQ¯ ≡ 0 (mod ¯Q0)for all maximal ideal Q¯0 6= ¯Q ofO¯L. Finally, fix a prime idealQ0ofOLlying overp.
Definition 5.4. SupposeHis a subgroup ofGandK =LH. Then
• for an idempotent decompositionI ofRK, defineP(I)to be the partition of H\G/DQ0 whereHgDQ0, Hg0DQ0 are in the same block iffg−1(iK,L(δ)) ≡
g0−1
(iK,L(δ)) (mod ¯Q0)holds for allδ ∈I, and
• for a partitionP ofH\G/DQ0, defineI(P)to be the idempotent decomposi- tion ofRK consisting of the idempotents
δB :=i−1K,L
X
gDQ
0∈G/DQ
0:HgDQ
0∈B gδQ¯0
,
whereBranges over the blocks inP.
We have the following two lemmas that generalize Lemma 3.5 and Lemma 3.6 respectively. In particular, Lemma 5.5 establishes a one-to-one correspondence between the idempotent decompositions ofRK and the partitions ofH\G/DQ0.
Lemma 5.4. The partitionsP(I)and the idempotent decompositionsI(P)are well defined. And for any idempotent decomposition I of O¯K, the idempotents δ ∈ I correspond one-to-one to the blocks ofP(I)via the map
δ 7→Bδ :={HgDQ0 ∈H\G/DQ0 :g−1(iK,L(δ))≡1 (mod ¯Q0)}
with the inverse mapB 7→δB.
Lemma 5.5. The map I 7→ P(I) is a one-to-one correspondence between the idempotent decompositions ofRK and the partitions ofH\G/DQ0, with the inverse mapP 7→I(P).
Their proofs are similar to those of Lemma 3.5 and Lemma 3.6, and can be found in Appendix C.
P-collections and P-schemes of double cosets. Let G be a finite group and D ⊆ G a subgroup. We generalize projections and conjugations introduced in Chapter 2 so that they are defined between double coset spaces:
• (projection) for H ⊆ H0 ⊆ G, define the projection πH,HD 0 : H\G/D → H0\G/Dto be the map sendingHgD ∈ H\G/DtoH0gD ∈H0\G/D, and
• (conjugation) forH ⊆Gandg ∈G, define theconjugationcDH,g :H\G/D → gHg−1\G/D to be the map sending HhD ∈ H\G/D to (gHg−1)ghD ∈ gHg−1\G/D.
Next we defineP-collections andP-schemes of double cosets.
Definition 5.5. Let P be a subgroup system over a finite group G. Then a P- collection of double cosetswith respect to a subgroupDofGis a familyC ={CH : H ∈ P} indexed byP where eachCH is a partition ofH\G/D. Moreover,C is a P-scheme of double cosetswith respect toDif it has the following properties:
• (compatibility) forH, H0 ∈ P withH ⊆H0 andx, x0 ∈H\G/Din the same block ofCH, the imagesπH,HD 0(x)andπH,HD 0(x0)are in the same block ofCH0.
• (invariance) forH ∈ P andg ∈G, the mapcDH,g :H\G/D →gHg−1\G/D maps any block ofCH to a block ofCgHg−1.
• (regularity) forH, H ∈ P withH ⊆H,B ∈CH,B ∈CH0, the number of x∈BsatisfyingπH,HD 0(x) = yis a constant whenyranges over the elements ofB0.
We also define the following optional properties for aP-scheme of double cosetsC with respect toD:
• (homogeneity and discreteness)CishomogeneousonH ∈ PifCH = 0H\G/D, and otherwiseinhomogeneous onH. It isdiscreteonH ifCH = ∞H\G/D, and otherwisenon-discreteonH.
• (antisymmetry)C is antisymmetricif forH ∈ P, g ∈ NG(H),B ∈ CH and HgD ∈B, eithercDH,g(HgD) =HgDorcDH,g(HgD)6∈B.
• (strong antisymmetry) C is strongly antisymmetric if for any sequence of subgroupsH0, . . . , Hk ∈ P,B0 ∈CH0, . . . , Bk ∈CHk, and mapsσ1, . . . , σk satisfying
– σiis a bijective map fromBi−1 toBi, – σiis of the formcDHi−1,g|Bi−1,πHDi−1,H
i|Bi−1, or(πHD
i,Hi−1|Bi)−1, – H0 =Hk andB0 =Bk,
the compositionσk◦ · · · ◦σ1is the identity map onB0 =Bk.
The notions ofP-collections andP-schemes introduced in Chapter 2 correspond to the special case thatDis trivial.
Extension of scalars ofO¯K/Rad( ¯OK). In Section 5.7–5.8, we need a family of ringsAK,i that are obtained fromO¯K/Rad( ¯OK)via “extension of scalars”, whose definitions are given below.
Let K be a finite extension of K0. The inclusion A0 ⊆ OK0 ,→ OK induces an embedding of Fq ∼= A0/pA0 in O¯K/Rad( ¯OK), endowing O¯K/Rad( ¯OK) the structure of anFq-algebra. Fori∈N+, we define the tensor product
AK,i := ( ¯OK/Rad( ¯OK))⊗Fq Fqi,
which is an Fqi-algebra and is spanned by tensors a ⊗ b over Fq where a ∈ O¯K/Rad( ¯OK) and b ∈ Fqi (see [AM69] for the definition of tensor products of
rings). Intuitively, the ring AK,iis obtained from O¯K/Rad( ¯OK)by extending the scalars fromFqtoFqi. AndO¯K/Rad( ¯OK)is naturally identified with a subring of AK,iviaa 7→a⊗1. AsO¯K/Rad( ¯OK)is semisimple, so isAK,i.8 The Frobenius automorphismx7→xqofO¯K/Rad( ¯OK)overFqinduces an automorphism ofAK,i overFqi sendinga⊗btoaq⊗b. We denote this automorphism byσK,i.
The following lemma is also needed, whose proof is deferred to Appendix C.
Lemma 5.6. For any maximal idealmofO¯K/Rad( ¯OK), the grouphσK,iigenerated byσK,iacts transitively on the set of the maximal ideal ofAK,icontainingm.
SupposeK, K0are extensions ofK0 andK ⊆K0. Then the inclusionOK ,→ OK0 induces an embeddingι : ¯OK/Rad( ¯OK),→O¯K0/Rad( ¯OK0), which in turn induces a ring homomorphism ι0 : AK,i ,→ AK0,i sending a⊗b to ι(a)⊗b. The map ι0 is injective since Fqi is a flat Fq-module (see, e.g., [AM69, Proposition 2.19 and Exercise 2.4]). This allows us to regard AK,i as a subring of AK0,i. Note that ι0◦σK,i =σK0,i◦ι0.
Finally, suppose L/K0 is a finite Galois extension with the Galois group G. The action of G on L induces an action on O¯L/Rad( ¯OL), which in turn induces an action onAL,i viag(a⊗b) :=ga⊗b. This action commutes withσL,i.9