Master 2 – Year 2012/2013
Mathematics
N1MA9W11 : Algorithmic Number Theory Responsible : Jean-Paul Cerri
Final Exam – 2012 December 20th – 3h
You may compose in either English or French. When it is asked to describe an algorithm, it has to be clearly and carefully done: input, output, initialization, loops, conditions, tests, etc.
Exercise 1 [Solving polynomial equations mod pl]
The goal of this exercise is to study a generalization of the p-adic inversion using Newton iteration.
1. Show that ifP ∈Z[X], then there exists aQ∈Z[X, Y] such that P(X+Y) = P(Y) +XP0(Y) +X2Q(X, Y),
where P0 is the formal derivative ofP.
2. Now, let p and l be two positive integers and let ϕ be a polynomial of Z[X]. We are looking for some g ∈Z such that
(1) ϕ(g)≡0 mod pl.
Suppose that we know :
• g0 ∈ Z such that ϕ(g0) ≡ 0 mod p and such that ϕ0(g0) is invertible mod p;
• s0 ∈Zan inverse of ϕ0(g0) mod p, i.e. satifying s0ϕ0(g0)≡1 mod p.
1
We impose to our solution g the supplementary condition
(2) g ≡g0 mod p.
Let us construct from g0 and s0 two sequences (gi)i≥0 et (si)i≥0 defined by the induction formulas
gi+1 = gi−ϕ(gi)si mod p2i+1 si+1 = 2si−ϕ0(gi+1)si2 mod p2i+1. Show that for every i≥0 we have
(i) gi ≡g0 mod p; (ii) ϕ(gi)≡0 mod p2i ; (iii) siϕ0(gi)≡1 mod p2i.
3. Design an algorithm that allows to obtain g satisfying both (1) and (2).
Evaluate the number of steps of this algorithm.
4. Apply it to obtain a non trivial solution of g4 ≡1 mod 625.
5. Prove that there is in fact unicity of the solution modpl. More precisely, if g0 satisfies ϕ(g0) ≡ 0 mod p and if ϕ0(g0) is invertible mod p, there is a unique g ∈Z mod pl satisfying (1) and (2).
6. Compute the arithmetic complexity of the algorithm in terms ofl and n, the degree of ϕ.
7. Compute its word complexity1 in terms of p, l and n. We may suppose that 0 ≤ g0 < p and that all coefficients of ϕ are in absolute value smaller than pl.
Exercise 2 [Babai’s nearest plane algorithm]
The goal of this exercise is to study an algorithm that gives an approximate solution to the closest vector problem (CVP). Let a1, a2, . . . , an be n ≥ 1 linearly independent vectors ofQnan let us denote by Λ the lattice generated by these vectors. Let us also denote by k x k the standard Euclidean norm of a vector x∈Rn and byx·y the scalar product of x, y ∈Rn. Letb ∈Qn. We want to find some vector w ∈ Λ which approximates minv∈Λ k b−v k.
If r∈R we denote by bre “the nearest integer” to r, i.e. the only integer m such that −1/2< r−m ≤1/2. The algorithm is as follows.
1Recall that ifM(n) is the word cost of the computation of the product of integers with less thanndigits, thenM(m+n)≥M(m) +M(n) and that the computation of a product in Z/mZwherem has less thanndigits can be done usingO(M(n)) word operations.
2
Algorithm 1. Babai’s algorithm Require: a1, a2, . . . , an, b ∈Qn Ensure: Some vectorw∈Qn
1: LLL-reduce the basis (a1, a2, . . . , an).
The reduced basis is (b1, b2, . . . , bn) and its Gram-Schmidt orthogonaliza- tion (b∗1, b∗2, . . . , b∗n).
2: x←b
3: for i=n, n−1, . . . ,1 do
4: x←x−
x·b∗i b∗i ·b∗i
bi
5: return w=b−x
1. Show thatw∈Λ and that b−w=
n
X
i=1
λib∗i, with |λi| ≤ 1
2 for every i.
2. Let v 6=w be another vector of Λ and write b−v =Pn
i=1µib∗i. Let k be the largest index such that λk 6=µk. Show that |µk| ≥1/2 and that
kv−b k2≥
n
X
i=k+1
λ2i kb∗i k2 +1
4 kb∗k k2 .
3. Recall that since (bi) is LLL-reduced, for every i, j such that i ≤ j, we have kb∗i k2≤2j−i kb∗j k2. Show that
kw−b k2≤
n
X
i=k+1
λ2i kb∗i k2 +2k−1
4 kb∗kk2 .
4. Deduce from2. and 3. that kw−bk2≤(2n−1)kv −bk2, so that kw−b k≤2n/2min
v∈Λ kv−bk. 5. Is w obtained in polynomial time?
Exercise 3 [Primality proving using Lucas sequences]
1. Let A be a (commutative) ring with unity 1A and let a ∈ A. Let us consider the sequence (Vn)n∈Z defined by :
V0 = 2·1A V1 = a
Vn+1 = aVn−Vn−1 for every n > 1 V−n = Vn for every n > 0.
3
What is the arithmetic complexity of the na¨ıve computation of Vn using the above induction formula?
2. Show thatVnVm =Vn+m+Vn−m for every n, m∈Z.
3. Let us put f(n) = (Vn−1, Vn) ∈ A2. Show that f(2n) and f(2n+ 1) can be written as D(f(n)) and E(f(n)) where D and E are simple maps from A2 to A2 that have to be specified.
4. Deduce from this, an algorithm that allows to compute Vn (n ≥ 0) with an arithmetic complexity O(logn).
5. Consider the ring B = A[X]
(X2−aX + 1) and denote by α the class of X in B. We can seeA as a subring of B and write
B =A[α] ={u+vα; u, v ∈A}.
Prove that α∈B× the group of invertibles of B and that Vn=αn+α−n for every n∈Z.
6. Letpbe an odd prime number and takeA=Fp. Letb ∈Zand ∆ =b2−4.
Suppose that gcd(∆, p) = 1. Denote by a the class of b in Fp. Finally let B and α as above, so that we have in particular a = α+α−1. Show that (2α−a)2 = ∆ mod p and that if t∈B, thent2 = 0 =⇒t= 0.
7. Suppose again that gcd(∆, p) = 1. Prove that
i) either ∆(p−1)/2 ≡1 mod pand αp−1 = 1B, or ∆(p−1)/2 ≡ −1 modp and αp+1 = 1B ;
ii) ifm ∈Z, thenαm = 1B ⇐⇒αm+α−m = 2·1B.
8. Let N > 1 be an odd integer. Suppose that we know the decomposition of N+ 1 into primes. Let b∈Z be such that gcd(N, b2−4) = 1 and (Sn)n≥0
be defined by S0 = 2, S1 = b, Sn+1 = bSn−Sn−1 for every n > 1. Prove that, if SN+1 ≡ 2 modN and gcd(SN+1
q −2, N) = 1 for every prime divisor q of N + 1, then N is prime2.
9. Show that, b being given and the decomposition of N + 1 into primes being known, checking this criterion has word complexity ˜O (logN)3
.
2Hint : consider a prime divisorpofN and use question7to establish thatp=N
4