Chapter V: The generalized P -scheme algorithm

5.3 Reduction to computing an idempotent decomposition of R F

See Appendix C for its proof.

which sends an elementh(X) + (g(X))toτ(h(X)) + Rad( ¯O_F). Note that both F^q[X]/(g(X))andO¯_F/Rad( ¯O_F)are semisimple rings.

We can efficiently computeτ¯by the following lemma.

Lemma 5.9. There exists a polynomial-time algorithm that givenf, f˜, F and the outputs ofComputeRings (see Lemma 5.7) on the input (F, p), computes theF^q- algebra Fq[X]/(g(X)) (encoded in the standard Fq-basis {1, X, . . . , X^deg(g)−1}) and the mapτ¯:Fq[X]/(g(X))→O¯_F/Rad( ¯O_F).

Proof. Computeg using Corollary 5.1 and form theFq-algebraFq[X]/(g(X)). To compute¯τ, we first computeα=X+( ˜f(X))∈F andY¯ :=Y+(˜h(Y))∈K0 ⊆F. Then computeα+pO_F,Y¯+pO_F ∈O¯_F by identifyingF with an ordinary number field (see Corollary 4.1) and running the algorithmComputeResiduein Lemma 3.9 on α,Y¯ ∈ F. Next, computeτ : Fq[X]/(f(X)) → O¯_F as the unique Fp-linear map sendingX+ (f(X))to α+pO_F andY + (h(Y)) ∈ Fp[Y]/(h(Y))∼= Fq to Y¯ +pO_F. Finally compute τ¯from τ by passing to the quotients modulo radicals using the given mapO¯_F →O¯_F/Rad( ¯O_F).

Extracting a factorization from an idempotent decomposition. We extract a factorization offfrom an idempotent decomposition ofRF. This is achieved by the algorithmExtractFactorsV2below (see Algorithm 10), extending the algorithm in Section 3.3.

The algorithm first computesg = Rad(f), the ringFq[X]/(g(X)), and the mapτ¯ at Line 1 using Lemma 5.9. It also maintains an idempotent decompositionIof the ringF^q[X]/(g(X))which initially only contains the unity.

The loop in Lines 3–8 enumerates idempotentsδ⁰ ∈I_F. For eachδ⁰, we compute an idealJ = ¯τ⁻¹((1−δ⁰) ¯O_F/Rad( ¯O_F))ofFq[X]/(g(X))and an elementδ₀ ∈Jsat- isfying(1−δ₀)J ={0}by solving systems of linear equations. AsFq[X]/(g(X))is semisimple, the elementδ₀is the unique idempotent ofFq[X]/(g(X))that generates J. And we use it to refineI.

The loop in Lines 9–12 extracts, for each idempotent δ ∈ I, a monic factorg_δ of f. Furthermore, we compute a square-free factorizationg_δ(X) =Qk_δ

i=1g_δ,i(X)for each factorg_δ. Finally, the algorithm returns the factorization

f(X) = Y

δ∈I kδ

Y

i=1

g_δ,i(X).

Algorithm 10ExtractFactorsV2

Input: f,f˜,F, the outputs ofComputeRings(see Lemma 5.7) on the input(F, p), and an idempotent decompositionI_F ofR_F

Output: factorization off

1: computeg = Rad(f),Fq[X]/(g(X))andτ¯:Fq[X]/(g(X))→O¯_F/Rad( ¯O_F)

2: I ← {1}, where1denotes the unity ofFq[X]/(g(X))

3: forδ⁰ ∈I_F do

4: J ←τ¯⁻¹((1−δ⁰) ¯O_F/Rad( ¯O_F))

5: computeδ₀ ∈J satisfying(1−δ₀)J ={0}

6: forδ ∈Isatisfyingδ₀δ 6∈ {0, δ}do

7: I ←I− {δ}

8: I ←I∪ {δ0δ,(1−δ0)δ}

9: forδ ∈Ido

10: compute nonzeroh_δ(X)∈Fq[X]of degree at mostdeg(g)lifting1−δ

11: g_δ(X)←gcd(f(X),(h_δ(X))ⁿ) . n= deg(f)

12: compute a square-free factorizationgδ(X) = Qkδ

i=1gδ,i(X)

13: returnthe factorizationf(X) = Q

δ∈I

Qkδ

i=1g_δ,i(X) The following theorem is the main result of this section.

Theorem 5.6. The algorithm ExtractFactorsV2 computes a factorization of f overFq in polynomial time, such that

1. the factorization is complete ifI_F is a complete idempotent decomposition, 2. the factorization is proper ifI_F is a proper idempotent decomposition, and 3. at least one factor in the factorization is irreducible overFq ifI_F contains a

primitive idempotent.

Analysis of the algorithm. To prove Theorem 5.6, we introduce the following notations: letS (resp. SF) denote the set of the maximal ideals ofF^q[X]/(g(X)) (resp. O¯_F/Rad( ¯O_F)). For a maximal ideal m of O¯_F/Rad( ¯O_F), the preimage

¯

τ⁻¹(m)is a prime (and hence maximal) ideal ofFq[X]/(g(X)). So we obtain a map π:S_F →S,

sendingmtoτ (m). It can be shown thatπis surjective.10 Suppose f(X) = Qk

i=1(f_i(X))^mi where f₁, . . . , f_k are distinct monic irreducible factors off overFq. Fori ∈ [k], let m_i be the (maximal) ideal ofFq[X]/(g(X)) generated byf_i(X) + (g(X)). Then we have

S ={m₁, . . . ,m_k} and g(X) =

k

Y

i=1

f_i(X).

The proof of Theorem 5.6 is based on the following lemma.

Lemma 5.10. LetIbe the idempotent decomposition ofFq[X]/(g(X))given at the end of the algorithmExtractFactorsV2. Define the partitionP ofS by

P :={Bδ :δ∈I}, where Bδ:={m∈S:δ ≡1 (mod m)}

and the partitionP⁰ofS_F by

P⁰ :={B⁰_δ:δ ∈I_F}, where B_δ⁰ :={m∈S_F :δ ≡1 (mod m)}.

Then P is the coarsest common refinement of the partitions {π(B), S −π(B)}, whereB ranges over the blocks inP⁰. Moreover, for eachδ ∈I, the polynomialg_δ in the algorithm is given by

gδ(X) = Y

i∈[k]:m_i∈B_δ

(fi(X))^mi.

Proof. For the last claim, it suffices to prove, for alli ∈ [k], thath_δ is divisible by f_i iffm_i ∈ B_δ. By the choice ofh_δ, it holds for alli ∈[k]thath_δ is divisible byf_i iff1−δ∈m_i. The claim then follows from the definition ofB_δ.

For the first claim, it suffices to show that for everyδ⁰ ∈I_F enumerated at Line 3 and δ₀computed at Line 5 in the same iteration, it holds thatB_δ0 ∈ {π(B_δ⁰0), S−π(B_δ⁰0)}. We claim thatBδ0 =S−π(B_δ⁰0). As the idealJ computed at Line 4 is generated byδ0, this claim is equivalent toJ = T

m∈π(B⁰

δ0)m. Note that for m∈ SF, it holds that1−δ⁰ ∈miffm∈B_δ⁰0 by the definition ofB_δ⁰0. So we have

(1−δ⁰) ¯O_F/Rad( ¯O_F) = \

m∈B⁰

δ0

m

10To prove this, it suffices to show that any prime ideal ofA0[X]/( ˜f(X)) = A0[α] ⊆ OF is contained in a prime ideal ofOF, which follows from [AM69, Theorem 5.10].

and hence

J = ¯τ⁻¹





\

m∈B⁰

δ0

m



= \

m∈B⁰

δ0

¯

τ⁻¹(m) = \

m∈B⁰

δ0

π(m) = \

m∈π(B⁰

δ0)

m

as desired.

We also need the following lemma.

Lemma 5.11. π:S_F →S is bijective iff is square-free, i.e.,m_i = 1fori∈[k].

Proof. SupposepO_F splits into the product of prime ideals by pO_F =

`

Y

i=1

P^e(P_i ⁱ⁾,

where P₁, . . . ,P<sub>`</sub> are distinct prime ideals lying over p. For j ∈ [`], let m⁰_j :=

Pj/pOF

Rad( ¯O_F). Then S_F = {m⁰₁, . . . ,m⁰_`}. Let n = deg(f). Assume f is square-free.

Then we have

k

X

i=1

deg(f_i) =

k

X

i=1

m_ideg(f_i) =n =

`

X

j=1

e(P_j)f(P_j). (5.1) Fix i ∈ [k]. We know π⁻¹(i) 6= ∅ since π is surjective. Consider j ∈ π⁻¹(i). As τ¯(m_i) ⊆ m⁰_j, the map τ¯ : Fq[X]/(g(X)) → O¯_F/Rad( ¯O_F) induces a field embedding

F^q[X]/(g(X))

m_i ,→ O¯F/Rad( ¯OF) m⁰_j .

The left hand side is isomorphic toFq[X]/(f_i(X))whereas the right hand side is isomorphic toO_F/P_j =κ_Pj. Thereforedeg(f_i)dividesf(P_j).

Note thate(P_j)≥1holds for allj ∈[`]. It follows from (5.1) that in facte(P<sub>j</sub>) = 1 holds for all j ∈ [`]. Moreover, for all i ∈ [k], the set π⁻¹(i) contains only one elementj_i ∈[`], anddeg(f_i) = f(P_ji). In particular, the mapπis bijective.

Now we are ready to prove Theorem 5.6.

Proof of Theorem 5.6. Polynomiality of the algorithm is straightforward. Suppose I_F is a complete idempotent decomposition of R_F. It is also a complete idem- potent decomposition ofO¯_F/Rad( ¯O_F)since the maximal ideals ofO¯_F/Rad( ¯O_F) correspond one-to-one to those of RF via m 7→ m∩RF. So the partition P⁰ in

Lemma 5.10 is∞_SF. By Lemma 5.10 and surjectivity ofπ, the partitionP equals

∞_S, and the algorithm outputs the complete factorizationf(X) =Q

i∈[k](f_i(X))^mi. Similarly, ifI_F contains a primitive idempotentδ. ThenP⁰ contains a singletonB_δ⁰. By Lemma 5.10, the partitionP contains a singletonπ(B_δ⁰), and algorithm outputs a factorization off(X)in which the irreducible factorsf_i(X)appearm_itimes, where iis the unique index in[k]satisfyingπ(B⁰_δ) = {m_i}.

Finally, supposeI_F is a proper idempotent decomposition ofR_F, and hence a proper idempotent decomposition ofO¯_F/Rad( ¯O_F). ThenP⁰ 6= 0_SF. Ifπis bijective, then by Lemma 5.10, we haveP 6= 0_S, and the algorithm outputs a proper factorization off. Now suppose π is not bijective. Then f is not square-free by Lemma 5.11.

As we compute a square-free factorization for eachg_δ, the algorithm still outputs a proper factorization off.

The reduction for non-monic polynomials. The same trick in Section 3.3 can be applied to make the above reduction work for a possibly non-monic polynomial f˜: letc ∈ A₀ be the leading coefficient of f(X)˜ ∈ A₀[X], and let ¯c := ˜ψ₀(c) ∈ F^×q. Compute the monic polynomials f˜⁰(X) := cⁿ⁻¹ · f˜(X/c) ∈ A₀[X] and f⁰(X) := ¯cⁿ⁻¹f(X/¯cⁿ⁻¹)∈ Fq[X]. Run the algorithmExtractFactorsV2onf⁰ and f˜⁰ instead of f and f˜, and obtain a factorization of f⁰. Finally, we recover a factorization off from that off⁰ by substitutingXwith¯cX in each factor.

Remark. The reduction in this section exploits the well known connection between factorization of polynomials over finite fields and the splitting of prime ideals in number field extensions, which dates back to the classical work of Kummer and Dedekind (see, e.g., [Neu99, Proposition I.8.3]). The Kummer-Dedekind theorem, however, requires the map F^q[X]/(f(X)) → O¯F to be an isomorphism. For this reason, known factoring algorithms that use an irreducible lifted polynomial f˜ often assume pisregular with respect tof˜. See, e.g., [Hua84; Hua91a; Hua91b;

Rón92].11 This assumption is not needed in our algorithm. The key observation is that we can always employ the surjective map πfrom the set of prime ideals of O¯_F/Rad( ¯O_F)to that ofFq[X]/(g(X)), whereg = Rad(f). In algebro-geometric terminology, the mapπis interpreted as the morphism of reduced affine schemes

π : Spec( ¯O_F)_red→Spec(A₀[α]/pA₀[α])_red

11We saypis regular with respect tof˜ifpA0[α] is coprime to theconductorof A0[α]. See [Hua84] for the exact formulation of this condition. We remark that the journal version [Hua91a]

(and [Hua91b; Rón92]) assumes the stronger condition thatpis coprime to the discriminant off˜.

induced from the morphismSpecO_F →SpecA₀[α]. The latter morphism is known as thenormalizationofSpecA₀[α](see [Har77, Exercise II.3.8]).