IRREDUCIBILITY AND GREATEST COMMON DIVISOR ALGORITHMS FOR SPARSE POLYNOMIALS
Michael Filaseta Mathematics Department University of South Carolina
Columbia, SC 29208 USA
Andrew Granville
D´epartement de Math´ematiques Universit´e de Montr´eal
Montr´eal QC H3C 3J7 Canada
Andrzej Schinzel Institute of Mathematics Polish Academy of Sciences
ul. ´Sniadeckich 8, 00-950 Warsaw, Poland
1 Introduction
Letf(x) = Pr
j=0ajxdj ∈ Z[x]with eachaj nonzero and withdr > dr−1 > · · ·> d1 > d0 = 0.
For simplicity, we refer to the degreedr off(x)asn. Observe thatr+ 1is the number of terms off(x). For convenience, we suppose bothn > 2andr >0. The heightH, as usual, denotes the maximum of the absolute values of theaj.
The lattice base reduction algorithm of A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovasz [7] gives a factoring algorithm forf(x)that runs in time that depends polynomially onlogH andn. This clearly serves also as an irreducibility test for f(x). One problem we address in this paper is the somewhat different issue of describing an irreducibility algorithm for sparse polynomials, that is whereris small compared ton. We view the input as being the list ofr+ 1coefficientsajtogether with the list ofr+ 1exponentsdj. With this in mind, the input is of sizeO¡
r(logH+ logn)¢ . We give an algorithm for this problem that runs in time that is polynomial inlogn (but note that the dependence onrandlogH in our arguments is not polynomial).
Forf(x) ∈ Q[x], we definef˜=xnf(1/x). We say thatf(x)is reciprocal if f(x) = ±f˜(x).
Otherwise, we say thatf(x)is nonreciprocal. We note that f(x) is reciprocal if and only if the
2000 Mathematics Subject Classification: 11Y16, 12Y05, 68W30, 11C08, 11R09
The first author was supported by the National Science Foundation and the National Security Agency and the second author by the Natural Sciences and Engineering Research Council of Canada.
condition f(α) = 0 for α ∈ C implies that α 6= 0 and f(1/α) = 0. Our methods require the additional assumption thatf(x)is nonreciprocal. We establish the following.
Theorem A. There is a constant c1 = c1(r, H) such that an algorithm exists for determining whether a given nonreciprocal polynomial f(x) ∈ Z[x]as above is irreducible and that runs in timeO¡
c1logn(log logn)2log log logn¢ .
The result relies heavily on some recent work by E. Bombieri and U. Zannier described by the latter in an appendix of [11]. Alternatively, we can make use of [1], work by these same authors and D. Masser, which describes a new simplified approach to the previous work. The other main ingredients are the third author’s application of the work of Bombieri and Zannier, given originally in [10], and an improvement on the the first and third authors’ joint work in [4].
The constant c1 can be made explicit. We note though that c1 depends on some effectively computable constants that are not explicitly given in the appendix of [11] or in [1]. We therefore do not address this issue further here.
The algorithm will give, with the same running time, some information on the factorization of f(x)in the case thatf(x)is reducible. Specifically, we have the following:
(i) Iff(x)has a cyclotomic factor, then the algorithm will detect this and output anm ∈ Z+ such that the cyclotomic polynomialΦm(x)dividesf(x).
(ii) Iff(x)does not have a cyclotomic factor but has a non-constant reciprocal factor, then the algorithm will produce such a factor. In fact, the algorithm will produce a reciprocal factor off(x)of maximal degree.
(iii) Otherwise, iff(x)is reducible, then the algorithm outputs a complete factorization off(x) as a product of irreducible polynomials overQ.
The algorithm for Theorem A will follow along the lines given above. First, we will check iff(x) has a cyclotomic factor. If it does, the algorithm will produce m as in (i) and stop. If it does not, then the algorithm will check iff(x)has a non-cyclotomic non-constant reciprocal factor. If it does, then the algorithm will produce such a factor as in (ii) and stop. If it does not, then the algorithm will output a complete factorization off(x)as indicated in (iii).
Our approach to (i) will allow us to obtain additional information about the complete set of cyclotomic factors off(x). In particular, we are able to describe, in the same running time given for the algorithm in Theorem A, the factor off(x)which has largest degree and only cyclotomic divisors. Details are given in the next section.
Our approach can be modified to show that iff(x)∈Z[x]is nonreciprocal and reducible, then f(x)has a non-trivial factor inZ[x]containingO(c2)terms wherec2 =c2(r, H). We note that the results of [9] imply that iff(x)also does not have a reciprocal factor, then every factor off(x)in Z[x]containsO(c2)terms.
In the case thatf(x)∈Z[x]is reciprocal, one can modify our approach to obtain some informa- tion on the factorization off(x). Define the nonreciprocal part off(x)to be the polynomialf(x) removed of its irreducible reciprocal factors inZ[x]with positive leading coefficients. Then in the case that f(x) is reciprocal, one can still determine in time O(c1(logn(log logn)2log log logn) whether the nonreciprocal part of f(x) is irreducible. Furthermore, in this same time, one can
determine whetherf(x)has a cyclotomic factor and, if so, an integermfor whichΦm(x)divides f(x).
In addition, we address the problem of computing the greatest common divisor of two sparse polynomials. For nonzero f(x) and g(x) in Z[x], we use the notation gcdZ(f(x), g(x)) to de- note the polynomial inZ[x]of largest degree and largest positive leading coefficient that divides f(x) and g(x) in Z[x]. Later in the paper, we will also make use of an analogous definition for gcdZ(f, g)wheref andg are inZ[x1, . . . , xr]. In this case, we interpret the leading coefficient as the coefficient of the expressionxe11xe22. . . xerr withe1 maximal, thene2 maximal givene1, and so on. Our main result for the greatest common divisor of two sparse polynomials is the following.
Theorem B. There is an algorithm which takes as input two polynomials f(x)andg(x)inZ[x], each of degree≤ nand height≤ Hand having ≤r+ 1nonzero terms, with at least one off(x) and g(x)free of cyclotomic factors, and outputs the value of gcdZ(f(x), g(x)) and runs in time O¡
c3logn¢
for some constantc3 =c3(r, H).
Our approach will imply that iff(x), g(x)∈Z[x]are as above withf(x)org(x)not divisible by a cyclotomic polynomial, then gcdZ(f(x), g(x))has O(c4)terms where c4 = c4(r, H). The same conclusion does not hold if one omits the assumption that eitherf(x)org(x)is not divisible by a cyclotomic polynomial. The following example, demonstrating this, was originally noted in the related work of the third author [12]. Letaandbbe relatively prime positive integers. Then
gcd¡
xab−1,(xa−1)(xb−1)¢
= (xa−1)(xb−1)
x−1 .
In connection with Theorem B, we note that D. A. Plaisted [8] has shown that computing gcdZ(f(x), g(x))for general sparse polynomialsf(x) andg(x)in Z[x]is at least as hard as any problem in NP. On the other hand, his proof relies heavily on considering polynomialsf(x)and g(x)that have cyclotomic factors. By contrast, our proof of Theorem B will rest heavily on the fact that one off(x)org(x)does not have any cyclotomic factors.
Our proof of Theorem A will rely on Theorem B. In fact, Theorem B is where we make use of the work of Bombieri and Zannier already cited. It is possible to prove Theorem A in a slightly more direct way, for example by making use of Theorem 80 in [11] instead of Theorem B and Theorem 1 below. This does not avoid the use of the work of Bombieri and Zannier since Theo- rem 80 of [11] is based on this work. We have chosen the presentation here, however, because it clarifies that parts of the algorithm in Theorem A can rest on ideas that have been around for over forty years. In addition, we want the added information given by (i), (ii) and (iii) above as well as Theorem B itself.
To aid in our discussions, we have used letters for labelling theorems that establish the exis- tence of an algorithm and will refer to the algorithms using the corresponding format. As examples, Algorithm A will refer to the algorithm given by Theorem A, and Algorithm B will refer to the algorithm given by Theorem B. Also, we make use of the notationOr,H¡
w(n)¢
to denote a func- tion with absolute value bounded by w(n) times a function ofr and H. Thus, the running time for Algorithm A and Algorithm B can be expressed asOr,H¡
logn(log logn)2log log logn¢ and Or,H(logn), respectively.
2 The Proof of Theorem A
We begin with the following result which improves on the main result in [4].
Theorem C. There is an algorithm that has the following property: givenf(x) = Pr
j=0ajxdj ∈ Z[x] of degree n > 1 and with r + 1 > 1 terms, the algorithm determines whether f(x) has a cyclotomic factor in running time Or,H¡
logn(log logn)2log log logn¢
, where H denotes the height of f(x). Furthermore, with the same running time, if f(x) is divisible by a cyclotomic polynomial, then the algorithm outputs a positive integermfor whichΦm(x)dividesf(x).
Proof. We begin as in the proof of Theorem 2 of [4] and initially give an argument for the existence of an algorithm as in the theorem with running time Or,H¡
(logn)2¢
. We then explain how the algorithm can be sped up to produce the running time given in the statement of the theorem.
We describe and make use of Theorem 5 from [2]. For k a positive integer, define γ(k) = 2 +P
p|k(p−2). Following [2], we call a vanishing sum S minimal if no proper subsum ofS vanishes. We will be interested in sumsS =Pt
j=1ajωj wheretis a positive integer, eachaj is a nonzero rational number and eachωj is a root of unity. We refer to the reduced exponent of such anSas the least positive integerkfor which(ωi/ω1)k = 1for alli∈ {1,2, . . . , t}. Theorem 5 of [2] asserts then that ifS =Pt
j=1ajωj is a minimal vanishing sum, thent ≥ γ(k)wherek is the reduced exponent ofS. Also, note that Theorem 5 of [2] implies that the reduced exponentkof a minimal vanishing sum is necessarily squarefree.
To explain our algorithm, suppose first that f(x)has a cyclotomic factorΦm(x), and that we can write f(x) = Ps
i=1fi(x) where each fi(x) is a nonzero polynomial divisible byΦm(x), no twofi(x)have terms involvingx to the same power, ands is maximal. Observe that each fi(x) necessarily has at least two terms. Setting ζm = e2πi/m, we see that each fi(ζm) is a minimal vanishing sum. For each i ∈ {1,2, . . . , s}, we write fi(x) = xbigi(xei)where gi(x) ∈ Z[x], bi andei are nonnegative integers chosen so thatgi(0) 6= 0and the greatest common divisor of the exponents appearing ingi(x)is1. Thengi(ζmei)is a minimal vanishing sum with reduced exponent mi = m/gcd(m, ei). Necessarily, we havegi(ζmi) = 0andmi is squarefree. Also, if ti denotes the number of nonzero terms ofgi(x), we have
ti ≥γ¡ mi¢
= 2 +X
p|mi
(p−2),
which implies each prime divisor ofmiis≤ti. Define
Mi ={`∈Z+ : Φ`(x)|gi(x), `is squarefree, andγ(`)≤ti}. In particular,mi ∈Mi. In other words,
(1) m
gcd(m, ei) ∈Mi for alli∈ {1,2, . . . , s}. We have not explained how we can writef(x) =Ps
i=1fi(x)as above. In particular, even if we knowmexists withΦm(x)dividingf(x), we do not know whatmis. We circumvent this issue by considering every possible partition of the set{0,1, . . . , r}as a disjoint union of setsJ1, J2, . . . , Js with each setJicontaining at least two elements. For each partition, we consider the polynomials
fi(x) =X
j∈Ji
ajxdj =xbigi(xei), 1≤i≤s,
where as before bi and ei are nonnegative integers chosen so that gi(0) 6= 0 and the greatest common divisor of the exponents appearing ingi(x)is1. DefiningtiandMias above, depending on the partition of {0,1, . . . , r}, we see then that if f(x) is divisible by someΦm(x), then there is a partition for which (1) holds. On the other hand, if (1) holds for some positive integer m and some partition of{0,1, . . . , r}as above, then we havefi(ζm) = 0for eachi ∈ {1,2, . . . , s}, which implies f(ζm) = 0 and hence Φm(x) | f(x). Thus, (1) holding for some m and some partition of {0,1, . . . , r}as above is a necessary and sufficient condition forf(x)to be divisible by a cyclotomic polynomial.
With the above in mind, we describe the algorithm for determining whetherf(x)has a cyclo- tomic factor, give further justification that the algorithm works and give a proof that its running time is as claimed. The algorithm is as follows. We go through every partition of the set{0,1, . . . , r} into disjoint non-empty setsJ1, J2, . . . , Js with each setJi containing at least two elements. Ob- serve that there areOr(1) such partitions. For each such partition and eachi ∈ {1,2, . . . , s}, we setu = u(i)to be the element ofJi for whichdu is minimal. In terms of our definition of fi(x) andgi(x), this meansbi =du andei is the greatest common divisor of the degrees of the terms of the polynomialfi(x)/xdu. We computeei by taking the greatest common divisor of the numbers dv −du wherev ∈ Ji. In terms of the complexity of the algorithm, givenJi, determining du can be done in Or(logn) bit operations and computing ei takes at most Or¡
(logn)2¢
bit operations (cf. the discussion of Euclid’s algorithm in [3, p. 79]). We can in fact obtain a running time of Or¡
logn(log logn)2log log logn¢
using a recursive gcd computation for large integers [3, p. 428]
leading to the running time stated in Theorem C, but for the moment we use the Or¡
(logn)2¢ estimate. The number of these computations that are needed as we vary over the partitions of {0,1, . . . , r}and vary over the sets Ji making up the partitions isOr(1). The computations have therefore thus far taken at mostOr¡
(logn)2¢
bit operations.
Next, for each partition J1, J2, . . . , Js of {0,1, . . . , r} as above, we compute the sets Mi as follows. Observe thatti is the number of elements ofJi and is necessarily≤ r+ 1. Thus, we can construct a list of the`that are squarefree positive integers and such thatγ(`)≤ti in timeOr(1).
For each such`, we want to check ifΦ`(x)dividesgi(x). An algorithm that works well here and in more generality as well is given as Algorithm A in [4]. For our purposes, we can simply take each termavx(dv−du)/ei ingi(x), where v ∈ Ji, and replace it with avxd0v whered0v ∈ {0,1, . . . , `−1} and
d0v ≡ dv−du
ei (mod `).
If we call the resulting polynomial hi(x), then gi(x)is divisible byΦ`(x)if and only if hi(x)is divisible byΦ`(x). Observe that the degree ofhi(x)is≤ ` ≤ (r+ 1)r. Also, the height ofhi(x) is ≤ (r + 1)H. Hence, one can check directly if hi(x) is divisible by Φ`(x) in time Or,H(1).
The construction of each hi(x) takes time no more than Or,H¡
(logn)(log logn)2¢
, for ε > 0 arbitrary, where the main contribution of the time required comes from the division ofdv−du by ei above. Hence, the total time spent on constructing the variousMias we vary over the partitions J1, J2, . . . , Jsof{0,1, . . . , r}andi∈ {1,2, . . . , s}isOr,H¡
(logn)(log logn)2¢ .
For the algorithm, we consider each partition J1, J2, . . . , Js of{0,1, . . . , r}as above one at a time. We construct the numbers ei and the sets Mi as indicated. Next, we want to determine for a fixed partition whether (1) holds for some positive integerm. In other words, we want to know
whether there is anmandmi ∈Mi for which
(2) m=migcd(m, ei) fori∈ {1,2, . . . , s}.
For a positive integerk, we use the notationνp(k)to denote the positive integerusuch thatpukk.
Then (2) holds if and only if each of the following is true:
• Ifp|m1. . . ms, thenνp(m)≤νp(miei)for alliwith equality wheneverpdividesmi.
• Ifp-m1. . . ms, thenνp(m)≤νp(e0), wheree0 = gcd(e1, . . . , es).
Defining
D= Y
ptke0 p-m1···ms
pt=e0±µ Y
ptke0 p|m1···ms
pt
¶
and m0 = gcd(m1e1, . . . , mses)/D,
then we see that a solution to (2) exists if and only if there existmiinMi such that for every prime pdividing somemi, the exact power ofpdividingm0is the same as the exact power ofpdividing miei. Furthermore, the set ofmsatisfying (2) in this case is precisely the set ofm =m0d, where d|D. Observe thatm0 is the uniquemsatisfying (2) (if suchmexist) with the property that every prime divisor ofmis a divisor ofm1m2· · ·ms. Furthermore, every prime divisor ofm1m2· · ·ms is a divisor of m0. We are interested in knowing whether there existm andmi satisfying (2), so we simply restrict our attention to determining whether there existmi inMi such that
(3) m0 =migcd(m0, ei) fori∈ {1,2, . . . , s}.
Recall that the numbersei and all elements ofMi have been computed (for eachi = 1,2, . . . , s).
Also, as the partitions vary, the number of differentei and mi in Mi that arise is Or(1). We go through all these possibilities and computeP, the set of primes dividingm1m2· · ·ms. There are Or(1)such primes and it takesOr(1)time to compute them. We computee0,Dandm0as defined above and check whether (3) holds. Note that the second formula for D involves removing the prime divisors frome0 that are inP, which is a fixed set of primes of size Or(1). Thus, bothe0 andDcan be computed in timeOr¡
(logn)2¢
. We also computem0 and check (3) with the same bound on the running time. If anm0 is obtained for which (3) holds, then we output thatf(x)has a cyclotomic factor, indicate that the choice ofm = m0 is such thatΦm(x)divides f(x)and end the algorithm. If nom0 is obtained for which (3) holds, then we output thatf(x)does not have a cyclotomic factor. As there areOr(1) differentm0 each of sizeOr(n), the running time estimate is not affected by going through the variousm0 and outputting the result. Hence, the proof of the theorem, but with running time onlyOr,H¡
(logn)2¢
, has been explained.
We improve the running time as follows. For the algorithm above, we made use of a few differ- ent greatest common divisor computations. These were done to constructei fori ∈ {1,2, . . . , s}, to calculatee0 = gcd(e1, . . . , es)andm0 = gcd(m1e1, . . . , mses)/D, and to determine the value of the right-hand side of (3). As noted earlier, we can apply known algorithms for gcd computa- tions [3, p. 428] that would allow us to reduce the running time to that required by the theorem.
However, it is also worth noting that these gcd computations can be circumvented and the required running time obtained in a different manner. We explain this approach now.
Let J1, J2, . . . , Js be a partition of {0,1, . . . , r} as in the argument above. Write ei = e0ie00i where every prime divisor ofe0i is≤ r+ 1and every prime divisor of e00i is> r+ 1. Recall that u=u(i)∈Jiis chosen so thatdu is minimal. One can computee0i without computingei from the formula
e0i = Y
p≤ti
pminv∈Ji{νp(dv−du)}.
In other words, for eachp ≤ ti, we can calculate the minimum ofνp(dv −du)asv runs through the elements of Ji and then form the product above to get e0i. As we shall see momentarily, the numberse0i can be calculated in timeOr(logn(log logn)2log log logn).
We note now that
gi¡ xe00i¢
=X
v∈Ji
avx(dv−du)/e0i, so we can computegi¡
xe00i¢
without computinggi(x),ei ore00i. Define Mi0 ={` ∈Z+ : Φ`(x)|gi¡
xe00i¢
, `is squarefree, andγ(`)≤ti}.
The setMi0can be computed in the same manner that we computedMi but withgi(x)replaced by gi¡
xe00i¢
. Thus, computingMi0, given the polynomialsgi¡ xe00i¢
, takes timeOr,H¡
(logn)(log logn)2¢ . Recall that the prime divisors of e00i are all> r + 1 ≥ ti. We deduce that the numbers` in the definition of Mi and Mi0 are relatively prime to e00i. It follows that Mi = Mi0. Thus, the above analysis allows us to computeMi without explicitly computing the numbersei and with running timeOr,H¡
logn(log logn)2log log logn¢ .
Next, we address how to determine whether (3) holds. Recall thatP is the set of prime divisors ofm1m2· · ·ms, and note that these primes are≤ r+ 1. The prime divisors ofm0 are precisely the primes inP. We deduce that (3) holds if and only if
(4) νp(m0) =νp(mi) + min{νp(m0), νp(ei)}
for eachi ∈ {1,2, . . . , s} and for eachp ∈ P. For each primep ∈ P, we compute the values of νp(ei), fori∈ {1,2, . . . , s}, by using thatνp(ei) =νp(e0i). Next, we compute
νp(m0) = min
1≤i≤s{νp(mi) +νp(ei)}.
Then we check if (4) holds. Observe that eachνp(mi)is either0or1, soνp(mi)can be computed by a simple division. We want also a method to compute νp(ei) = νp(e0i), for i ∈ {1,2, . . . , s}. We further need to explain the computation of νp(dv −du)to obtain e0i above. For U a positive integer andpa prime≤ r+ 1, the value ofνp(U)can be computed as follows. We compute the values ofp2j successively forj ≥ 0by squaring until we arrive at a positive integer t for which p2t > U. Observe thatt = O(log logU). We setk0 = 0. Forj ∈ {1,2, . . . , t}, we successively check if p2t−j|U and, if so, setkj = kj−1 + 2t−j and replace U with U/p2t−j. Ifp2t−j - U, then we set kj = kj−1. Then kt = νp(U). Using this procedure, we can compute νp(U) in time Or(logU(log logU)2log log logU). The theorem follows.
Although it does not affect our main results, it is of some value to note that the running time of the algorithm can be shown to be Or¡
logn(log logn)2log log logn + logH¢
. Indeed, the
