aa r X i v : . [ m a t h . R A ] J a n The complexity of root-finding inorders.
P. Spelier
Abstract
Given an order, a fundamental problem is deciding whether a uni-variate polynomial has a zero. It is a special case of deciding whetherHom(
A, B ) is non-empty for two orders A and B . For fixed separable or-ders, deciding whether a polynomial has a zero is in P . If we instead fix aseparable polynomial, the problem is NP-complete with probability 1. Weprovide several theorems about NP-completeness, culminating into a com-plete classification of the problem for quadratic and cubic polynomials. Amain ingredient is a new type of algebraic NP-complete group-theoreticproblems, as seen in [Spe21]. An order is a commutative ring A whose underlying additive group is isomorphicto Z n for some integer n ∈ Z ≥ ; this n is called the rank of that order, denotedby rk A . After choosing an isomorphism to Z n , an order is determined by howthe standard basis vectors multiply; we specify an order by listing structureconstants ( a ijk ) ≤ i,j,k ≤ n ∈ Z n which describe the multiplication by e i · e j = P nk =1 a ijk e k for the Z -basis e , . . . , e n . Given a polynomial f ∈ Z [ x ], we denotethe zero set of f in A by Z A ( f ). This paper treats problems about decidingwhether these zero sets are empty or not; specifically, we define the followingproblems. Definition 1.1.
Let f ∈ Z [ X ] be a polynomial. Then the problem Π f is definedas: given as input an order A , determine whether Z A ( f ), is non-empty. Definition 1.2.
Let A be an order. Then the problem Π A is defined as: givenas input a polynomial f ∈ Z [ X ], determine whether Z A ( f ) is non-empty.We use the terminology of polynomial, non-deterministic polynomial, andNP-complete problems to classify these problems; we refer to these classes as P , NP and NPC , respectively. A short treatment of the subject can be found inAppendix A of [Spe21].We say a polynomial in Z [ X ] is separable if it is separable over Q , or equiva-lently if it has no double roots in Q . If f is non-separable resp. A is non-reduced,then we have little to no information about the problems Π f resp. Π A .1or f separable resp. A reduced, we have more control: the two followingtheorems show that Π f and Π A are then decidable. In fact, the theorem aboutΠ A tells us exactly what happens for reduced A . Theorem 1.3.
Let A be a reduced order. Then there is a polynomial timealgorithm for Π A . Theorem 1.4.
Let f be a separable polynomial. Then Π f lies in NP . This is proven in the beginning of Section 3. The behaviour of Π f variesconsiderably; for example Π X +1 is in P , while Π X + X +1 is NP-complete (seeTheorem 1.7). In general, we have the following conjecture. Conjecture 1.5.
Let f ∈ Z [ X ] be separable. Then Π f lies in P or in NPC . Ideally, we would like a constructive proof of this statement: an algorithmthat tells us for every separable polynomial f , whether Π f admits a polynomialtime algorithm or is NP-complete. In Section 3 some polynomial time problemsare treated, and there are several NP-completeness theorems which work in spe-cific cases. These NP-completeness theorems all have in common that they usea prime dividing the discriminant ∆( f ). We will use the following terminology. Definition 1.6.
Let R be any commutative ring, let f ∈ R [ X ] be a polynomial,let a ∈ R and let k ∈ Z ≥ . We say that a is a k -fold zero (double, triple, . . . )of f in R if in R [ X ] we have ( X − a ) k | f . We say that a is a zero of f ofmultiplicity k in R if a is a k -fold zero but not a ( k + 1)-fold zero.For the quadratic and cubic case we have proven the conjecture, culminatingin the following two theorems (see Lemma 3.5 for the non-monic case). Theorem 1.7.
For f ∈ Z [ X ] quadratic monic, we have Π f ∈ P if ∆( f ) = − or ∆( f ) is a square, and Π f ∈ NPC otherwise.
This statement is proven in Section 3.1.
Theorem 1.8.
For f ∈ Z [ X ] cubic monic, we have Π f ∈ P if f is reducible,and Π f ∈ NPC otherwise.
In Section 3, enough general theorems and ad hoc lemmas are proven toclassify all but a small set of cubic polynomials: specifically, Proposition 3.34tells us that for cubic monic irreducible f with discriminant not of the form ± k we have Π f ∈ NPC . In Section 4 we treat the problem of finding all cubic monicpolynomials with discriminant of the form ± k ; in Theorem 4.1 we eventuallyfind a minimal set S of polynomials such that for every cubic irreducible poly-nomial f that does not satisfy the conditions of Proposition 3.34 there exists g ∈ S with Π f = Π g . Here equality of problems means that their respective setsof instances coincide, as well as their sets of yes-instances.2inally, we treat the remaining polynomials from S in Section 5 using adhoc arguments, thereby completing the proof of Theorem 1.8.An important tool in the NP-completeness proofs is a new family of alge-braic problems, classified in [Spe21]. These problems and some theorems will bementioned in Section 2.We also take a short look at the case where f is non-separable: in Section 6,we prove the following theorem. Theorem 1.9.
If Hilberts Tenth Problem over Q ( i ) is undecidable, then theproblem Π ( X +1) is undecidable. This paper is based on the author’s thesis [Spe18].
We recall the following definitions, remarks and theorems from [Spe21].
Definition 2.1.
Let R be a commutative ring that is finitely generated as a Z -module, let G be a finite R -module and S a subset of G . Then define theproblem P RG,S as follows. With input t ∈ Z ≥ , x ∗ ∈ G t , the t -th Cartesian powerof G , and H a submodule of G t given by a list of generators, decide whether( x ∗ + H ) ∩ S t is non-empty. Write P G,S for P Z G,S . Definition 2.2.
Let R be a commutative ring that is finitely generated as a Z -module, let G be a finite R -module and S a subset of G . Then define theproblem Π RG,S as the subproblem of P RG,S where x ∗ = 0. I.e., with input t ∈ Z ≥ and H a submodule of G t given by a list of generators, decide whether H ∩ S t is non-empty. Write Π G,S for Π Z G,S . Remark . If R is not finitely generated as a Z -module, we can replace it byits image in End( G ). Remark . Note that
R, G, S are not part of the input of the problem. Inparticular, computations inside G can be done in O (1).Note these problems are certainly in NP , as one can easily give an R -linearcombination of the generators of the submodule (and add x ∗ if necessary), andcheck that it lies in S t . For R = Z , an R -module is just an abelian group; thereare two theorems that completely classify the problems P G,S and Π
G,S , in thesense that for each problem we either have a polynomial time algorithm or aproof of NP-completeness.
Definition 2.5.
With G an abelian group and S ⊂ G , we call S a coset if thereis some x ∈ G such that S − x is a subgroup of G .3 heorem 2.6. If S is empty or a coset, then we have P G,S ∈ P . In all othercases, P G,S is NP-complete.
Theorem 2.7. If S is empty or θ ( S ) := T a ∈ Z | aS ⊂ S aS is a coset, then we have Π G,S ∈ P . In all other cases, Π G,S is NP-complete.Remark . Note that if 0 ∈ S , then θ ( S ) = { } ; additionally, if G is agroup with order a prime power and S does not contain 0, then θ ( S ) = S ,by Lemma 2.15 of [Spe21]. Π f In this section we prove some general results on when Π f is NP-complete. Firstwe will give an algorithm that shows that for reduced orders A we have Π A ∈ P ,which after a slight modification also proves that Π f ∈ NP for separable f ∈ Z [ X ] (i.e., those with no double roots in Q ). The real work is in the proofs ofNP-completeness; we will give a short explanation about the problem in general,including an explanation of when Π f , Π g are equal, some polynomial algorithmsand a lemma that allows us to restrict to monic polynomials. Algorithm 3.1.
We take as input A an order, f ∈ Z [ X ] a non-constant poly-nomial such that either f is separable or A is reduced. The algorithm returnswhether f has a zero in A .1. If f is separable, replace A by A sep , the subring consisting of elements of A that are the zero of some separable polynomial in Z [ X ] , using Algorithm4.2 of [LS17].2. Apply Algorithm 7.2 of [LS18] to E := A ⊗ Z Q to find irreducible polynomi-als g , . . . , g s ∈ Q [ X ] with E ∼ = Q si =1 K i where K i = Q [ X ] / ( g i ) , togetherwith an isomorphism ϕ : Q si =1 K i → E .3. Use the LLL algorithm [Len84] to find Z K i ( f ) for every K i .4. For every ( α i ) si =1 ∈ Q si =1 Z K i ( f ) , use the isomorphism Q si =1 K i → E tocompute ϕ (( α i ) si =1 ) with respect to the Z -basis e , . . . , e rk A of A , and testwhether all coefficients are integral. If all coefficients are integral, then f has a zero in A ; the answer is yes.5. If no zeroes of f in A were found in the previous step, the answer is no. Proposition 3.2.
The time complexity is O p rk A deg f log X ≤ i,j,k ≤ n | a ijk | (deg f ) | Spec( A ⊗ Z Q ) | where p ( m ) = O ( m ℓ ) for some fixed integer ℓ . roof. The adding of 1 inside the logarithm is done to correctly handle thecase rk A = 1. The standard operations as multiplication, addition, all takepolynomial time in (1 + rk A )(1 + deg f ) log (cid:16) P ≤ i,j,k ≤ n | a ijk | (cid:17) . Note thatthe s we have found in the second step equals | Spec( A ⊗ Z Q ) | , and that inevery field of characteristic zero f has at most deg f zeroes, so we check atmost (deg f ) | Spec( A ⊗ Z Q ) | candidates. Then for each candidate it takes O ((rk A ) )computations to apply ϕ , and time O (rk A ) to compute whether that zero of f in E indeed lies in A . Remark . A special case is where A is a domain, where Algorithm 3.1 alwaysruns in polynomial time. Proof of Theorem 1.3.
Using Algorithm 3.1 together with Proposition 3.2 fornon-constant polynomials, and the obvious algorithm for constant polynomials,this theorem is now trivial; in fact, Algorithm 3.1 works in polynomial time evenif we only fix | Spec( A ⊗ Z Q ) | . Proof of Theorem 1.4.
We use the definition of NP as given in Definition A.5 of[Spe21]. To prove that for f separable, Π f lies in NP , it sufficed to give for eachyes-instance A a certificate c ( A ) ∈ A such that there is an algorithm that given A, c ∈ A outputs “yes” if c = c ( A ) and “no” if A is a no-instance, in polynomialtime in the size of the input. Note that by encoding A in Z > , this is indeedequivalent to the aforementioned definition. Our algorithm is very short.1. Calculate whether f ( c ) = 0.If we take c ( A ) ∈ Z A ( f ), then Algorithm 3.1 also shows that the size of c ( A )is polynomial in the size of the input, hence our algorithm works in polynomialtime. Hence the problem Π f lies in NP . Remark . This does not necessarily work for non-separable polynomials, asthen we cannot guarantee that if Z A ( f ) is non-empty, it contains a small ele-ment. Lemma 3.5.
Let f ∈ Z [ X ] be non-zero, and let f mon be its largest degree monicdivisor in Z [ X ] . Then Π f = Π f mon .Proof. It suffices to show for any order A that Z A ( f ) = ∅ holds if and onlyif Z A ( f mon ) = ∅ holds. Obviously, if f mon has a zero in A , then so does f .If f has a zero α in A , then, as A is an order, α is the zero of some monicpolynomial g . If we then use again that A is torsion free, we see that α is a zeroof the monic polynomial gcd( g, f ). Any monic polynomial that divides f alsodivides f mon , so f mon has a zero in A . This in fact proves the stronger statement Z A ( f ) = Z A ( f mon ). Definition 3.6.
Let f, g ∈ Z [ X ] be two polynomials. Then we say that f and g are equivalent , notation f ∼ g , if and only if there exist ring homomorphisms ϕ : Z [ X ] / ( f ) → Z [ X ] / ( g ) , ψ : Z [ X ] / ( g ) → Z [ X ] / ( f ).5 xample 3.7. For any f ∈ Z [ X ], we have f ∼ f ( ± X + k ) with k ∈ Z . Example 3.8.
For n ∈ Z ≥ , write n = 2 r s with s odd. Then X n + 1 ∼ X r + 1.Per the functioral bijection between Z A ( f ) and Hom( Z [ X ] / ( f ) , A ), the fol-lowing lemma follows trivially. Lemma 3.9.
Let f, g ∈ Z [ X ] be two monic polynomials. Then Π f = Π g holdsif and only if f and g are equivalent. Now we will treat the few polynomial cases known so far. We start with arather trivial lemma. Recall that a problem is called trivial if all instances areyes-instances or all instances are no-instances; note that trivial problems alwayslie in P . Lemma 3.10.
Let f ∈ Z [ X ] be a polynomial with Z Z ( f ) = ∅ . Then Π f istrivial.Proof. By the condition Z Z ( f ) = ∅ , there is a homomorphism Z [ X ] / ( f ) → Z ,hence Hom( Z [ X ] / ( f ) , A ) is non-empty for any order A .There is one family of polynomials for which a non-trivial polynomial timealgorithm is known, as proven in the following theorem. Theorem 3.11.
Let n ∈ Z ≥ . Then for f = X n + 1 we have Π f ∈ P .Proof. A zero of f is necessarily a root of unity. By Theorem 1.2 of [LS17], wecan find a set of generators S for µ ( A ), the group of roots of unity. Then askingwhether f has a root in A is asking whether in µ ( A ) the element − n -thpower, i.e., if − { s n | s ∈ S } . Theorem 1.3 ofthe mentioned article allows us to compute this in polynomial time, hence thisgives a polynomial time algorithm for Π f . Remark . Note that we have found a polynomial time algorithm for Π Φ n with Φ n the n -th cyclotomic polynomial, where n is a power of two. Strangelyenough, Theorem 3.15 will tell us that for X + X + 1, the third cyclotomicpolynomial, the problem is NP-complete as ( X + 1) + ( X + 1) + 1 ≡ X mod 3.Now we will prove two general theorems that can be used to classify problemsΠ f as NP-complete. First we will state a general lemma that we will use multipletimes to prove NP-completeness; although it cannot be applied in every proofin Section 3.1 and Section 3.2, the general idea will be used in all proofs. Lemma 3.13.
Let f ∈ Z [ X ] be a polynomial, A an order, ψ : A → B asurjective ring homomorphism with B finite, R a subring of B , and G an R -module inside B . Assume that G ∩ R = 0 and the multiplication on B restrictedto G × G is the zero map. Let a ∈ R such that ψ ( Z A ( f )) = a + S with S ⊂ G .Then Π RG,S ≤ Π f . roof. Let ( t, H ) be an instance of Π
RG,S . Note that R has a unique R -linearring homomorphism into B t , the diagonal map. We write this as an inclusion;in that way, we have R [ H ] ⊂ B t . By the condition that multiplication on G isthe zero map and G ∩ R = 0 we have that R [ H ], the subring of B t generatedby R and H , is (under the condition t >
0) as an R -module isomorphic to R ⊕ H . Now we see that R [ H ] ∩ ( a + S t ) is in bijection with H ∩ S t , by themap x x − a . Let A H ⊂ A t be the inverse image of R [ H ] with respect tothe map A t → B t ; as R [ H ] is a ring, so is A H . We see that we end up with asurjective map Z A H ( f ) → H ∩ S t . A surjective map has the property that thedomain is empty if and only if the codomain is empty, hence H ∩ S t = ∅ if andonly if Z A H ( f ) = ∅ . So we produce A H as an instance of Π f , completing thereduction. Remark . Note that if R = Z · ⊂ B , then an R -module is just an abeliangroup G that satisfies | R | G = 0, with no further structure. Hence then Π RG,S equals Π
G,S . Theorem 3.15.
Let f be a monic irreducible polynomial over Z of degree n > ,and p ∤ n a prime such that f ≡ X n mod p . Then Π f is NP-complete.Proof. We will use Lemma 3.13.Let α , . . . , α n be the zeroes of f in Q , and let A be the order Z [ α , . . . , α n ].Let I be the A -ideal generated by α , . . . , α n .Now let B := A/ ( pA + I ), which is non-zero as f ≡ X n mod p , let R = F p ⊂ B , let α i be the image of α i in B , let G = h α , . . . , α n i , and S = { α , . . . , α n } .We will prove that Π F p G,S = Π
G,S is NP-complete.As G is a group with order a power of p , by Theorem 2.7 and Remark 2.8 itsuffices to check that 0 S and that S is not a coset.By the condition on f mod p , we see that J := I + pA is nilpotent in A/pA .As A = Z [ I ] we have A/pA = F p [ J ]. Since n >
1, we have rk A ≥ | A/pA | ≥ p , which implies that J = { } . As J is nilpotent, that implies that J ( J . So at least one of α , . . . , α n is non-zero, and by the transitivity of theGalois action, all of them are non-zero.We have to prove that S is not a coset. Since a coset has p -power cardinality,it suffices to prove that | S | > | S | | n . Assume | S | = 1. Then in B , we have α = · · · = α n ; as α + · · · + α n ∈ p Z we have nα = 0. We know n is a unit in F p , hence α = 0, contradiction. The fact | S | | n follows immediately from theaction of the Galois group. As said, we find that S is not a coset.Now note that G · G = 0 and G ∩ F p = 0, so with a = 0 all of the conditionsof Lemma 3.13 are satisfied. Together with the NP-completeness of Π G,S , thisimplies that Π f is NP-complete. Proposition 3.16.
Let f be a monic irreducible polynomial over Z of degree n > and p | ∆( f ) an odd prime. Let A be an order with α , α two distinctzeroes of f in A . Further, let a ∈ F p , let F q = F p ( a ) and let ψ : Z [ α i , α j ] → F q [ X ] / ( X ) = F q [ ε ] be a ring homomorphism such that ψ ( α ) = a + ε and ( α ) = a − ε . Finally assume, that we have that Z A ( f ) = { α , α } or we haveboth that Z Z [ α ] ( f ) = { α } and that all zeroes in Z A ( f ) \ { α , α } get sent under ( F q [ ε ] → F q ) ◦ ψ to something different from a . Then Π f is NP-complete.Proof. We first consider the case that Z A ( f ) = { α , α } ; we will directly useLemma 3.13. Let B = F q [ ε ], let R = F q . Now let G = ε F q , S = {± ε } . As G · G = 0 and G ∩ R = 0, all of the conditions of Lemma 3.13 hold, henceΠ RG,S ≤ Π f . By Lemma 2.10 of [Spe21] we see that Π RG,S is NP-complete as p >
2, hence so is Π f .We now consider the second case; we have to slightly change the proof aswe cannot use Lemma 3.13 directly. We still reduce from the problem Π F q F q , {± } ,which is NP-complete by Lemma 2.10 of [Spe21]. Let ( t, H ) be an instance ofΠ F q F q , {± } . Let B = F q [ ε ], let R = F q , and let R H = R [ ε F q × εH ] ⊂ B t +1 . Let ϕ : Z [ α ] × A t → B t +1 be ψ on every coordinate, and let A H = ϕ − ( R H ). Wewant to find which elements in R H are the image under ϕ of a zero of f . Suchan element is of the form x + ε · ( y, h ) with x ∈ R ⊂ B t , y ∈ F q and h ∈ H . Since Z Z [ α ] ( f ) = { α } , on the first coordinate we must get a + ε , meaning x = a and y = 1. On the last t coordinates, we then have a + εh . By assumption any zero α ∈ Z A ( f ) \ { α , α } is sent under ψ to b + cε with b = a . Hence the fact that a + ε ( y, h ) is the image under ϕ of some zero of f in A H , is equivalent to itlying in the image under ϕ of some element in { α } × { α , α } t . So we see that Z A H ( f ) is non-empty if and only if H ∩ S t is non-empty.For the proof of the second general theorem we first state a definition, fol-lowing Section 1.6 of [Gio13]. Definition 3.17.
Let R be a commutative ring, and fix f ∈ R [ X ] monic ofdegree n . Then we define A = R, f = f and recursively for 0 ≤ i < n we define A i +1 = A i [ X i +1 ] / ( f i ( X i +1 )) , α i +1 = X i +1 ∈ A i +1 and f i +1 ( X ) = f i ( X ) X − α i +1 aselement of A i +1 [ X ].We will only use this definition in the case R = Z . Note that if the Galoisgroup of f over Q is S n , then A i is isomorphic to Z [ β , . . . , β i ] where β , . . . , β n are the zeroes of f in Q . For any other Galois group, this is never the case for i = n , as the rank of A n is n ! while the rank of Z [ β , . . . , β n ] is | Gal( f ) | < n !.Furthermore, note that in A i [ X ] we have Q ij =1 ( X − α i ) | f , and by Theorem1.6.7 of [Gio13], the ring A i is universal with this property, i.e., in the case R = Z we have that A i represents the functor from commutative rings to sets S
7→ { ( s , . . . , s i ) ∈ S i | Q ij =1 ( X − s j ) divides f in S [ X ] } . Theorem 3.18.
Let f be a monic irreducible polynomial over Z of degree n ≥ with either the Galois group acting triply transitively on Z Q ( f ) or n = 2 . Let p bean odd prime factor of ∆( f ) . If n = 3 , assume that f has a zero of multiplicity modulo p . Then Π f is NP-complete. roof. This proof works by showing that the conditions of Proposition 3.16 hold,where we choose a ∈ F p to be a zero of f of multiplicity at least 2 (or exactly 2if n = 3). Write F q for F p ( a ).First, we construct the map ψ as needed. Our A will be A . Let α , α bethe roots x , x of f in A . As Gal( f ) acts triply transitively on Z Q ( f ) or n = 2,we have that A is isomorphic to Z [ α, β ] where α, β are any two zeroes of f in Q . We use the universal property of A to construct ψ : A → F q [ ε ] with ψ ( α ) = a + ε, ψ ( α ) = a − ε ; the universal property implies that this mapexists, since ( X − ( a + ε ))( X − ( a − ε )) = ( X − a ) , which divides f modulo p exactly because a is a double zero of f .Now, let n = 3. Then the conditions tell us that A only contains α , α andno other roots of f , which means the conditions for Proposition 3.16 hold. If n = 3, then as f is irreducible over Z [ α ] we have that Z Z [ α ] ( f ) = { α } , andas a is a root of multiplicity 2, we can also apply Proposition 3.16.As a consequence, we have the following theorem on the average behaviourof Π f . Theorem 3.19.
Fix n ≥ an integer differing from , and let f be a randommonic degree n polynomial in Z [ X ] . Then with probability , we have that Π f isNP-complete.Proof. Note that with probability 1, the polynomial f will be irreducible withGalois group S n . By Minkowski’s theorem, the discriminant will never be a unit.It immediately follows that for n = 3 the only polynomials with Galois group S n for which we have not proven NP-completeness yet, are those with discriminant ± k . Since the discriminant is not of the form ± k with probability 1, we seethat if the degree n ≥ f is almost surely NP-complete. Remark . For n = 3, this result will also hold by Theorem 1.8. In this section we will prove Theorem 1.7 by fully treating the quadratic case. Let f ∈ Z [ X ] be a quadratic monic polynomial. If f is reducible, then by Lemma3.10 the problem Π f is in P . If f is irreducible and there is an odd primedividing ∆( f ), then we can use Theorem 3.15 or Theorem 3.18 to find that Π f is NP-complete. The only case that remains is f irreducible, ∆( f ) = ± k with k ∈ Z ≥ . Since an irreducible polynomial of degree ≥ k ≥
1. Hence f has a doubleroot modulo 2, so the coefficient of X is even. By translating, we may assume f = X − a , with discriminant 4 a .Hence the only polynomials that remain are of the form X − a with | a | apower of 2 and a not a square. For X + 1, we have given a polynomial timealgorithm in Theorem 3.11. In all other cases, we have 2 | a and we can use thefollowing theorem. 9 heorem 3.21. Let f = X − a with | a and a not a square. Then Π f isNP-complete.Proof. We will reduce from Π Z / Z , {± } , which is NP-complete by Theorem 2.7.Let A = Z [ √ a ] and B = Z / Z [ √ a ] , R = Z / Z ⊂ B ; let S ⊂ B be {±√ a } and G = ( Z / Z ) · √ a ⊂ B . Now let ( t, H ) be an instance of Π Z / Z , {± } , let C be the B -algebra { ( x , . . . , x t ) ∈ B t | x ≡ · · · ≡ x t mod 2 B } . As √ a ≡ −√ a mod 2 B ,we have S t ⊂ C . Letting H ′ = H √ a ∩ C , we see that ( t, H ) is a yes-instance ifand only if H ′ ∩ S t is non-empty. Note that H ′ = h ( √ a +2 B t ) ∩ H ′ i∪ (2 B t ∩ H ′ ); if H ′ ⊂ B t , this is trivially a no-instance. Otherwise, we see H ′ = h (1+2 B t ) ∩ H ′ i hence H ′ · H ′ · H ′ is generated by elements of the form Q i =1 ( √ a + √ ax i ) with x , x , x ∈ B t and √ a + √ ax , √ a + √ ax , √ a + √ ax ∈ H ′ . Because 4 a = 0in B , this product equals a √ a (1 + x + x + x ). Now using that ax = − ax ,we see this equals a ( √ a + √ ax + √ a + √ ax − ( √ a + √ ax )) ∈ H ′ . This impliesthat H ′ · H ′ · H ′ is a subset of H ′ , which means that Z / Z [ H ′ ] is as an additivegroup Z / Z + H ′ + H ′ · H ′ , with Z / Z [ H ′ ] ∩ S t = H ′ ∩ S t . Then we define A H to be the inverse image of Z / Z [ H ′ ] under the natural map A t → B t , andwe see that A H contains a zero of f exactly if H ′ ∩ S t = ∅ , completing thereduction.This concludes the proof of Theorem 1.7. In this part we will prove NP-completeness for many monic cubic polynomials.Note that a reducible monic cubic polynomial f has a zero in Z , and henceΠ f is trivial according to Lemma 3.10. Therefore we will consider only irre-ducible monic polynomials. To concisely state our many lemmas, we first statea definition, using the terminology of Definition 3.17. Definition 3.22.
Let f ∈ Z [ X ] be monic irreducible cubic. We define the Z -rank of f , written rk Z ( f ), to be the rank of the smallest A i which contains threezeroes of f .Note that we have rk Z ( f ) = 6 if f is irreducible over A , and rk Z ( f ) = 3otherwise.If the Z -rank of some cubic monic irreducible polynomial f is 6 and Gal( f ) =A , then one can check that A ⊗ Z Q contains 9 zeroes of f ; the followingimportant lemma controls the number of zeroes in A . Lemma 3.23.
Let f be monic irreducible cubic, with Z -rank . Then f hasexactly three zeroes in A .Proof. If Gal( f ) is S , then the statement is trivial, as then A is isomorphic to Z [ Z Q ( f )]. From now on, assume Gal( f ) = A , with Gal( Q ( α ) / Q ) = h σ i . Note f has at least three zeroes α , α , α in A , obtained by the construction of A .Let α, β = σ ( γ ) , γ = σ ( β ) be the zeroes of f in Q , where we pick our algebraic10losure of Q such that α = α . Note that A ⊗ Z Q is naturally isomorphic asan A -algebra to Q ( α ) × Q ( α ), with α ⊗ β, γ ). Under thisisomorphism, A = Z [ α ] is sent to Z [ α ] ⊂ Q ( α ) × Q ( α ) by the diagonal. All inall we have the injections in the following diagram A = Z [ α, α ] Q ( α ) × Q ( α ) A = Z [ α ] Q ( α )Now we define an equivalence relation on the nine zeroes of f in Q ( α ) × Q ( α ) by x ∼ y if the fields they generate inside Q ( α ) × Q ( α ) are the same. The nine zeroesfall into three equivalence classes: the corresponding fields are K i = { ( x, y ) ∈ Q ( α ) × Q ( α ) | y = σ i ( x ) } for i = 0 , ,
2, each isomorphic to Q ( α ). Specifically, wesee that α α , and hence α α, α by the symmetry. We claim that of eachequivalence class, only one zero lies in Z [ α, α ]. By the symmetry, we only need toprove it for the equivalence class containing α , consisting of ( α, α ) , ( β, β ) , ( γ, γ ).Note that Z [ α, α ] has basis 1 , α as Z [ α ]-module and Q ( α ) × Q ( α ) has basis 1 , α as Q ( α )-module. So Z [ α, α ] ∩ Q ( α ) = Z [ α ], and hence β, γ are not in Z [ α, α ]as they are by hypothesis not in Z [ α ]. This proves that each equivalence classcontains only one zero in Z [ α, α ], so Z [ α, α ] = A has exactly three zeroes of f . Lemma 3.24.
Let f ∈ Z [ X ] be monic irreducible cubic of Z -rank . If there isa prime p with p = 2 such that f has a zero of multiplicity modulo p , then Π f is NP-complete.Proof. If Gal( f ) = S , then this is a special case of Theorem 3.18. For Gal( f ) =A , we can prove the NP-completeness directly from Proposition 3.16 andLemma 3.23; we will check the conditions of Proposition 3.16. Write f ≡ ( X − a ) ( X − b ) mod p with a b mod p . As in the proof of Theorem 3.18 wetake A = A and use that f has exactly three zeroes α , α , α in A . Then weconstruct by the universal property of A a ring homomorphism ψ : A → F [ ε ]with ψ ( α ) = a + ε and ψ ( α ) = a − ε . By α + α + α = 2 a + b we have ψ ( α ) = b . Also, note that Z Z [ α ] ( f ) = { α } since f has Z -rank 6. Lemma 3.25.
Let f ∈ Z [ X ] be monic irreducible cubic. If there is a prime p with p = 3 and f ≡ ( X − a ) mod p for some a ∈ F p , then Π f is NP-complete.Proof. Special case of Theorem 3.15.
Lemma 3.26.
Let f ∈ Z [ X ] be monic irreducible cubic of Z -rank . Then thereis no prime p such that f has a zero of multiplicity modulo p .Proof. Let α be one of the zeroes of f in Q . Note that since Z [ α ] already containsthe other two zeroes of f , the Galois group of f acts on Z [ α ]. Let p be a rational11rime. We will show that Gal( f ) acts transitively on the primes above p ; if it didnot, there would be p | p, q | p with p , q in different Gal( f )-orbits. Then usingthe Chinese remainder theorem, there is an element x such that x ∈ p , but notin any σ ( q ) for σ ∈ Gal( f ). Then N K/ Q ( x ) = Q σ ∈ Gal( f ) σ ( x ) is contained in p but not in q ; but N K/ Q ( x ) ∈ Z and both p , q have intersection ( p ) with Z , sothat is impossible.Hence, all primes over p must be isomorphic. In particular f mod p factorsas a product of polynomials, all of the same degree. We conclude the proof byobserving that 2 does not divide 3. Remark . This lemma becomes false if one replaces the rank condition bythe condition Gal( f ) = A . For example take X +6 X − X − ; modulo 5 this factors as X ( X + 3) . Proposition 3.28.
Let f ∈ Z [ X ] be monic irreducible cubic. If ∆( f ) = ± k ℓ with k, ℓ ∈ Z ≥ , then Π f is NP-complete. Further, if f ≡ ( X − a ) mod 2 or f ≡ ( X − a )( X − b ) mod 3 with b a mod 3 , then Π f is NP-complete as well.Proof. If ∆( f ) contains a prime factor p >
3, then f has a zero of multiplicity3 or 2 modulo p . In the first case, Π f is NP-complete by Lemma 3.25. In thesecond case, by contraposition of Lemma 3.26 we have rk Z ( f ) = 6 and hence byLemma 3.24 the problem Π f is NP-complete.Furthermore, if f ≡ ( X − a ) mod 2 or f ≡ ( X − a )( X − b ) mod 3 with b = a then we can again use respectively Lemma 3.25 or Lemma 3.26 followedby Lemma 3.24. Lemma 3.29.
Let f ∈ Z [ X ] be monic irreducible cubic such that f has a zeroof multiplicity modulo and one of multiplicity modulo . Then Π f is NP-complete.Proof. Note that by Lemma 3.26 the Z -rank of f is 6. Let A be the A corre-sponding to f , and let α , α , α be the three zeroes of f in A given by Lemma3.23. As in the proof of Theorem 3.18 using that f has a zero a of order 2 mod-ulo 2, we find that for any t ∈ Z ≥ there is a homomorphism ϕ : A × A t → F obtained from applying on each coordinate the morphism ψ : A → F whereone sends both α and α to a . Then one can check that under ψ the zero α is sent to a + 1. We let A ′ ⊂ A × A t be the inverse image of F ⊂ F t +12 ; thezeroes of f in A ′ are exactly { α } × { α , α } t . Let a ′ be a zero of f of multi-plicity 3 modulo 3 and let ψ ′ be the ring homomorphism A → F [ ε ] given by ψ ′ ( α ) = a + ε, ψ ′ ( α ) = a − ε . We reduce from Π F , {± } ; letting ( t, H ) be aninstance of Π F , {± } and R H = F [ ε F × εH ] we see that the inverse image of R H with respect to A ′ → F [ ε ] t contains a zero of f if and only if H ∩ {± } t is non-empty, completing the reduction. As Π F , {± } is NP-complete, this completesthe proof. Lemma 3.30.
There are no irreducible cubic polynomials with discriminant ± k with k ∈ Z ≥ . roof. Let f be such a polynomial — we will derive a contradiction. Let Z [ α ] = Z [ X ] / ( f ) with α = X , let K = Q ( α ) and let ∆ be the discriminant of K (andnote that ∆ is also a power of 2, up to sign). We now have the following inclusionof fields: K ( √ ∆) K Q ( √ ∆) Q Using that the Minkowski bound is at least 1 (see for example Corollary 5.10 of[Ste17]), we find ∆ is in absolute value at least 13. However, the discriminantof Q ( √ ∆) is one of 1 , − , ± f ) = A ). From this we willderive a contradiction, using the discriminant of K ( √ ∆) in between. We do thisby looking at the splitting behavior of (2).Since 2 | ∆, the prime (2) ramifies over K/ Q . We see that in O K either(2) = p or (2) = p q with p = q . In the first case, since then p ramifies tamely,we have 2 k ∆, so ∆ = ±
4, contradiction with the upper bound | ∆ | ≥
13 wefound earlier. The other case is a bit more complex. Note that in this case f has Galois group S as K/ Q is clearly not Galois; in a Galois extension, allramification indices of a prime over 2 are equal. That K/ Q is not Galois impliesthat the discriminant of Q ( √ ∆) is not 1, so it is divisible by 2. Hence (2)factors as r in Q ( √ ∆). Since K ( √ ∆) / Q is a Galois extension, we see that in K ( √ ∆) we have (2) = ( tuv ) with tuv = r and tu = p and v = q . We see that K ( √ ∆) / Q ( √ ∆) is unramified, and hence ∆ K ( √ ∆) = ∆ Q ( √ ∆) . Note we also have∆ K ( √ ∆) ≥ ∆ . Now we make another small case distinction: if ∆ Q ( √ ∆) = − | ∆ | ≤
8, contradiction. If ∆ Q ( √ ∆) = ±
8, we find | ∆ | ≤
22, but ∆ is apower of two with an odd number of factors 2 and it is in absolute value at least13, and we again arrive at contradiction.We conclude that there is no cubic number field with discriminant ± k , soalso no irreducible cubic polynomial with such a discriminant.We again summarise the results in a proposition. Proposition 3.31.
Let f ∈ Z [ X ] be monic irreducible cubic. If ∆( f ) has aprime factor other than or f does not have a triple zero modulo , then Π f isNP-complete.Proof. If ∆( f ) has a prime factor bigger than 3, the problem is already NP-complete by Proposition 3.28; from now on, assume that it does not have sucha prime factor. If ∆( f ) is divisible by 2, then by contraposition of Lemma 3.30it is also divisible by 3, and unless f has a zero of multiplicity 2 modulo 2 anda zero of multiplicity 3 modulo 3, the problem is NP-complete by Proposition3.28; if we are in that case, we can use Lemma 3.29 to prove NP-completeness.This proves the first part of the statement.13f | ∆( f ) | is a power of 3, then it is divisible by 3 by the Minkowski bound | ∆( f ) | ≥
13. If it does not have a triple zero modulo 3, it must have a zero ofmultiplicity 2, which means that the problem is NP-complete by Proposition3.28.We finish this section with two lemmas that tell us what happens if thepolynomial has a triple zero modulo a power of 3, for the Z -rank 6 and 3 casesseparately. Lemma 3.32.
Let f ∈ Z [ X ] be monic irreducible cubic with Z -rank with atriple root modulo . Then Π f is NP-complete.Proof. Assume by translation that f ≡ X mod 9. Let B = ( Z / Z )[ ω, ε ], where1 + ω + ω = 0 and ε = 0. Let R = Z / Z and let a = 0. Letting α , α , α bethe three zeroes of f in A (guaranteed by Lemma 3.23), we use the universalproperty of A to give a map A → R sending α to ε and α to ωε and α to ω ε . Taking R = Z / Z ⊂ R and G = Z / Z [ ω ] ε , we can now reduce fromthe problem Π Z / Z [ ω ] ε, { ε,ωε,ω ε } by Lemma 3.13; this problem is NP-comple byTheorem 2.7. Lemma 3.33.
Let f ∈ Z [ X ] be monic irreducible cubic with Z -rank . Then f does not have a triple root modulo .Proof. We will argue by contradiction. Let f be as in the conditions, and assumeby translating that f has 0 as a triple root modulo 27. Let α, β, γ be the zeroesof f in Q . We define R := Z [ α ] / (27) ∼ = ( Z / Z )[ η ] where η = 0. As f splitsas ( X − α )( X − β )( X − γ ) in Z [ α ], we find that X totally splits over R withone of the factors being X − η . It can be seen that if X factors over R as( X − η )( X − a )( X − b ) then ( X − a )( X − b ) = X + ηX + η . Since X + ηX + η splits over R , the discriminant − η is a square of R . Let x ∈ R be such that − η = x (in fact, we can take x = a − b ). Let m = (3 , η ) be the maximal idealin R . We see − η ∈ m \ m , hence x ∈ m \ m . But if 3 u + vη is an elementof m \ m , then u or v is a unit, and in both cases the square is in m \ m as9 , η, η form a basis of the F vector space m / m . This means that − η isnot a square, contradiction, so no such f exists.These lemmas all together give us the following proposition. Proposition 3.34.
Let f be monic irreducible cubic. Then Π f is NP-completeif at least one of the following conditions holds: • ∆( f ) has a prime factor other than ; • f does not have a triple zero modulo ; • rk Z ( f ) = 6 and f has a triple zero modulo ; • f has a triple zero modulo . roof. This proposition consists of four statements; the first two are given byProposition 3.31, the third by Lemma 3.32, and the fourth by the contrapositionof Lemma 3.33 followed by Lemma 3.32. ± ℓ In the previous section we have proven that for any cubic monic irreduciblepolynomial f ∈ Z [ X ] whose discriminant has a prime factor that is not 3, theproblem Π f is NP-complete. This motivates the following theorem; the exactconditions of the theorem complement Proposition 3.34, in the sense that if f cubic monic irreducible does not satisfy these conditions, then it holds thatΠ f ∈ NPC by Proposition 3.34. We refer to Definitions 3.22 and 3.6 for thedefinitions of Z -rank and equivalence of polynomials respectively. Theorem 4.1.
Let f ∈ Z [ X ] be monic irreducible cubic, with discriminant ofthe form ± k with k ∈ Z ≥ . Assume that f has a zero of multiplicity modulo ,and not a triple zero modulo . Also, assume that if the Z -rank is , then f doesnot have a triple zero modulo . Then f is equivalent to one of the polynomialsin Table 4.2. For the proof of Theorem 4.1, we first state a definition and a trivial lemmaabout integral points on a family of elliptic curves. Throughout the rest of thesection, we take S = { } , and denote the S -integers Z [ S − ] as Z S . Definition 4.2.
Let a ∈ Z \ { } . Then C a is the elliptic curve given by theequation y = x + a . Lemma 4.3.
Let a, k ∈ Z . Then there is a bijection C a ( Q ) → C ak ( Q ) givenby ( x, y ) ( k x, k y ) ; if k is a power of , this induces a bijection C a ( Z S ) → C ak ( Z S ) Proof.
Both statements follow immediately from the calculation( k y ) − ( k x ) − k a = k ( y − x − a ) . Proof of Theorem 4.1.
Let f be a cubic irreducible polynomial with discrimi-nant ± ℓ with ℓ ≥
1, satisfying the conditions of the theorem. Since f has atriple zero modulo 3, the coefficient corresponding to X is divisible by 3. Hencewe can put f into the form X + pX + q with p, q ∈ Z by translation.Now ∆( f ) has the simple formula − p − q . Setting − p − q = ± ℓ ,we find a family of elliptic-curve-like diophantine equations. Multiplying such anequation by 2 , and substituting x = − p, y = 2 q , we find the equation C ∓ ℓ ′ : y = x ∓ ℓ ′ ℓ ′ = ℓ + 3. To find all possible polynomials up to equivalence, it suf-fices to find all integral points ( x, y ) on one of these curves. Lemma 4.3 willus do even more: we can parametrise all points on S ℓ ≥ ,s = ± C s ℓ ( Z S ) by S >ℓ ≥ ,s = ± C s ℓ ( Z S ) × Z ≥ . Now theorem 4.3 of [Sil09] tells us there areonly finitely many S -integral points on the curves C ± ℓ with 0 ≤ ℓ <
6. Theauthor used Sage [Sag18] to explicitly find these points. The list of parametrisedcorresponding polynomials up to the transformation f ( X )
7→ − f ( − X ) can beseen in Table 4.1. The reducible polynomials are those with Galois group of car-dinality 1 or 2. Next to the irreducible polynomials are the values of t ∈ Z ≥ suchthat the polynomial has integral coefficients. Now we observe that all polynomi-als have a triple root modulo 27 for t ≥
2, and that X + 9 and X − X + 153both have a triple zero modulo 9 and Z -rank 6. This almost give the final Table4.2; it only remains to observe that X − X + 1 ∼ X − X + 37, as for f ∈ { X − X + 1 , X − X + 37 } we have that Z [ X ] / ( f ) is the ring of integersof Q ( ζ + ζ − ) where ζ is a primitive ninth root of unity; ζ + ζ − is a zero of X − X + 1, and 3( ζ + ζ − ) + ζ + ζ − − X − X + 37.Furthermore, note that the three polynomials in Table 4.2 are pairwise non-equivalent, as all of the discriminants are different.Polynomial Cardinality ofGalois group All t ∈ Z ≥ for whichthe polynomial is integral X − · t X + · t ≥ X − · t X + · t X − · t X + · t ≥ X − t X + · t ≥ X − · t X + · t X + · t ≥ X − · t X + · t X + · t ≥ X + · t X + · t ≥ X + · t ≥ X − · t X + · t X − · t X + · t ≥ Z [ X ], up to thesubstition f ( X )
7→ − f ( − X ), that have a triple zero modulo 3 and discriminantof the form ± k , together with the Galois group.16olynomial Discriminant Factorisation of discriminant X − − − X − X + 1 81 3 X − X + 9 729 3 Table 4.2: A minimal set S of polynomials such that every monic cubic irre-ducible polynomial that satisfies the conditions of Theorem 4.1 is equivalent toa polynomial in S . In this section we prove NP-completeness for the problems Π f with f in Table4.2, at the end concluding the proof of Theorem 1.8. Lemma 5.1.
Let f = X − . Then Π f is NP-complete.Proof. Let α, β, γ be the three zeroes of f in Q . Let B be the finite ring Z / Z [ π ] := Z / Z [ X ] / ( X + 3). Note B has a Z / Z -grading B = B ⊕ B ⊕ B with B i = π i Z / Z ⊕ π i +3 Z / Z . We denote ζ := − + π ; observe that ζ + ζ +1 = 0. In this ring, X − X + π )( X + ζπ )( x + ζ π ).As Gal( f ) = S , the order A := Z [ α, β, γ ] is naturally isomorphic to to A .Then by the universal property of A , we have a morphism ψ : A → B given by ψ ( α ) = − π , ψ ( β ) = − ζπ , ψ ( γ ) = − ζ π . Letting S = { ψ ( α ) , ψ ( β ) , ψ ( γ ) } , wenote S ⊂ B . We define G = B . Note that S is not a coset in G and does notcontain zero. By Theorem 2.7 and Lemma 2.8, this means Π G,S is NP-complete.We will give a reduction Π
G,S ≤ Π f . Let ( t, H ) be an instance of Π G,S .Let C be the subring of B t given by C = { ( x , . . . , x t ) ∈ B t | x ≡ · · · ≡ x n mod ζ − } . Note S t ⊂ C , as ψ ( α ) ≡ ψ ( β ) ≡ ψ ( γ ) mod ζ −
1. Let H ′ be H intersected with C . We may assume H ′ is not contained in ( ζ − B t ; if it is,clearly H ′ ∩ S t = ∅ . Note that in B / ( ζ − B we have π ( ζ −
1) = 3 π +5 π = 0and π ( ζ −
1) = − π + 3 π = 0. We deduce that B / ( ζ − B = { , π , π } .Writing H ′ = h H ′ ∩ ( π + ( ζ − π B t ) i ∪ ( H ′ ∩ ( ζ − π B t ), we see H ′ = h H ′ ∩ ( π + ( ζ − π B t ) i . That means that H ′ · H ′ · H ′ · H ′ is generated byelements of the form Q i =1 ( π + ( ζ − π x i ) with x i ∈ B , π + ( ζ − π x i ∈ H ′ for i = 1 , . . . ,
4. Using that π = − B equals 9, we seethat the product equals − π (cid:16) P i =1 x i ( ζ − (cid:17) , which equals − P i =1 ( π +( ζ − π x i ) ∈ H ′ . Hence H ′ · H ′ · H ′ · H ′ ⊂ H ′ , meaning that Z / Z [ H ′ ] is equalto Z / Z + H ′ + H ′ · H ′ + H ′ · H ′ · H ′ . Using the grading of B , the intersection Z / Z [ H ′ ] ∩ S t hence equals H ′ itself. Now we can define A H to be the inverseimage under A t → B t of Z / Z [ H ′ ], and we see Z f ( A H ) is non-empty exactly if H ∩ S t is non-empty. This completes the reduction.17 emma 5.2. Let f = ( X − − X −
1) + 1 = X − X + 3 . Then Π f isNP-complete.Proof. Let R be the ring F [ ε ] = F [ X ] / ( X ), and let G be a free R -moduleof rank 1, with generator m . Let S = { , m, − m − εm } ⊂ G . Note that P RG,S is NP-complete, as by Lemma 2.6 of [Spe21] with ϕ : x m − x we have P RG, { ,m } ≤ P RG,S , and by Lemma 2.10 we know P RG, { ,m } is NP-complete. Nowwe define a new problem P : the input is t ∈ Z > , a sub- R -module H of G t and x ∗ ∈ G t with ( m, . . . , m ) − εx ∗ ∈ H ; the output is whether ( x ∗ + H ) ∩ S t isnon-empty. Obviously, P ≤ P RG,S . We will also prove P RG,S ≤ P . Let ( t, H, x ∗ )be an instance of P RG,S . For ease of notation, from now on we write x for avector consisting of all x ’es. Let t ′ = t + 1 , H ′ = H × { } + R · ( m − ε ( x ∗ , x ′∗ = ( x ∗ , t ′ , H ′ , x ′∗ ) is an instance of P . If ( t, H, x ∗ ) is a yes-instance of P RG,S with h ∈ H such that h + x ∗ ∈ S t , then ( h, ∈ H ′ and ( h, x ∗ , ∈ S t ′ ,so ( t ′ , H ′ , x ′∗ ) is a yes-instance of P . Conversely, if ( t ′ , H ′ , x ′∗ ) is a yes-instanceof P , then there is an h ′ ∈ H ′ with h ′ + ( x ∗ , ∈ S t ′ . By looking at thelast coordinate, we see that h ′ can be written as ( h,
0) + v ( m − ε ( x ∗ , h ∈ H, v ∈ R . Note that σ : G → G, x (1 + ε )( x − m ) gives a bijectionon S which cycles S . If we also denote σ for the map G t ′ → G t ′ that applies σ coordinatewise, we see that σ ( x ′∗ + H ′ ) = x ′∗ + (1 + ε ) H ′ − (1 + ε )( m − εx ′∗ ) whichimplies that σ ( x ′∗ + H ′ ) lies in x ′∗ + H ′ . Then clearly σ also acts on ( x ′∗ + H ′ ) ∩ S t ′ .Therefore without loss of generality ( h, v ( m − ε ( x ∗ , x ∗ ,
0) is zero on thelast coordinate, meaning v = 0. Then ( h,
0) + ( x ∗ , ∈ S t ′ hence h + x ∗ ∈ S t , sowe find ( t, H, x ∗ ) is a yes-instance of P RG,S . We have now proven that P ≈ P RG,S ,so we have P ∈ NPC .We will now reduce from P to Π f . Let α be a zero of f in Q , and note thatwith A := Z [ α ] we have Z A ( f ) = { α, α − α, α − α + 3 } . Let p be the primeideal in A over 3 generated by α ; then (3) factorises as p . Define B = A/ p .Note that as − α ( α −
3) we have − α in B . Finally, note that Z A ( f )can be written as α + { , α − α, − α + 3 } where { , α − α, − α + 3 } is asubset of p , and modulo p it is equal to { , α , − α − α } . This means theimage of Z A ( f ) in B is α + { , α , − α − α } .We take m , the generator of G , to be α ∈ B , with ε ∈ R acting on G asmultiplication by α . Let ( t, H, x ∗ ) be an instance of P . Now define R H ⊂ B t as Z / Z + Z / Z ( α + x ∗ ) + H . Note that this is in fact a ring; the only non-trivialrequirement is that ( α + x ∗ ) ∈ R H , but ( α + x ∗ ) = α + 2 αx ∗ = m − εx ∗ ,which is an element of H by definition of the problem P . Also, note that 3 ∈ R H is − α , and α = ε ( m − εx ∗ ) ∈ H . This tells us that R H ∩ G t = H . Now wesee that ( α + S t ) ∩ R H = ( α + x ∗ ) + ( − x ∗ + S t ) ∩ R H is in bijection with to( − x ∗ + S t ) ∩ R H = ( − x ∗ + S t ) ∩ H . Let A H be the inverse image under A t → B t of R H . As α + S is the image of Z A ( f ) in B , we see Z f ( A H ) is non-empty exactlyif ( x ∗ + H ) ∩ S t is non-empty. This completes the reduction. Lemma 5.3.
Let f = X − X + 9 . Then Π f is NP-complete.Proof. Let α be a zero of f in Q , and note that with A = Z [ α ] we have Z A ( f ) =18 α, α + α − , − α − α + 6 } . Let B = A/ (9 , α ) , R = Z / Z ⊂ B . We see B is a ring of cardinality 3 , generated as an additive group by 1 , α, α of order9 , , G = h α + 3 i ⊂ B . This is agroup of cardinality 3. Let S = {± ( α + 3) } ⊂ G . Note that S is not a coset anddoes not contain 0, so Π G,S is NP-complete. We will reduce from this problemto Π f . Let ( t, H ) be an instance of Π G,S . Write T for the image of Z A ( f ) in B .Let t ′ = 2 t + 1. Let H ′ = { ( x, − x, | x ∈ H } ⊂ B t ′ . Let x ∗ = ( α − ( α +3) , . . . , α − ( α + 3) , α ), and let R H = R [ H ′ , x ∗ ]. Note that as an additive group,this is generated by Z / Z , H ′ , x ∗ , x ∗ , H ′ x ∗ . We see x ∗ and x ∗ have order 9 and3 respectively.Claim: R H ∩ T t ′ is non-empty if and only if H ∩ S t is non-empty. We provethis by examining an element x ∈ R H ∩ T t ′ . Let σ : B → B, x x + x + 3 and τ : B → B, x
7→ − x − ( x + 3) be two maps, and note that by virtue of theGalois group still acting on T , we have that σ, τ induce transitive permutationson T , and σ | T = τ | − T . Denoting by σ and τ the two maps B t ′ → B t ′ thatcoordinatewise perform σ respectively τ it is clear that σ ( R H ) , τ ( R H ) are subsetsof R H , as R H is a ring. This tells us that σ ( x ) , τ ( x ) also lie in R H ∩ T t ′ . Letting π : B t ′ → B denote the projection onto the last coordinate, we see that thismeans that R H ∩ T t ′ is non-empty if and only if R H ∩ T t ′ ∩ π − ( α ) is non-empty.As π ( H ′ ) = 0, we have that π ( R H ) = π ( Z / Z + Z / Z x ∗ + Z / Z x ∗ ). As π (1) = 1 , π ( x ∗ ) = α, π ( x ∗ ) = α we see that R H ∩ π − ( α ) = x ∗ + H ′ + H ′ x ∗ .Finally, we will prove that ( x ∗ + H ′ + H ′ x ∗ ) ∩ T t ′ is non-empty if and onlyif H ∩ S t is non-empty. Note that x ∗ + H ′ + H ′ x ∗ contains an element of T t ′ if and only if there are h , h ∈ H ′ with x ∗ + h + h x ∗ ∈ T t ′ . Writing h =( x, − x,
0) and h = ( y, − y,
0) with x, y ∈ H , this is equivalent to ( x, − x ) +( y, − y )( α − ( α + 3)) ∈ {± ( α + 3) , − α } t . As ( α + 3) G = 0, we can write( x, − x ) + ( y, − y )( α − ( α + 3) = ( x, − x ) + α ( y, − y ) with αG = h α i . Then wesee that ( y, − y ) is an element of { , − ( α + 3) } t , implying y = 0. So we find R H ∩ T t ′ = ∅ ⇔ ∃ x ∈ H : ( x, − x ) ∈ {± ( α + 3) } t . This is clearly equivalentto H ∩ S t = 0, proving the claim.That means that we have constructed a subring R H ⊂ B t ′ such that R H ∩ T t = ∅ ⇔ H ∩ S t = ∅ holds. Letting A H be the inverse image of R H under thenatural map A t ′ → B t ′ , we have completed the reduction. Proof of Theorem 1.8.
Let f ∈ Z [ X ] be cubic, monic. By Lemma 3.10 we haveΠ f ∈ P if f is reducible. Assume that f is irreducible. If it satisfies the conditionsof Proposition 3.34, then Π f is NP-complete by that proposition. Otherwise, itsatisfies the conditions of Theorem 4.1, and hence is equivalent to one of thethree polynomials in Table 4.2. For those three polynomials NP-completenesshas been proven in this section. This completes the proof. In this section we prove the undecidability of Π ( X +1) , contingent on the unde-cidability of Hilberts Tenth Problem over Q ( i ). We first give a short definition19 efinition 6.1. We define HTP(
R, S ) with R a ring and S ⊂ R to be: given an n ∈ Z ≥ and a set of polynomials P in R [ X , . . . , X n ], determine whether thepolynomials in P have a common zero in S n . We write HTP( R ) for HTP( R, R ).We start by rewriting HTP( Q ( i )) with the following definition and theorem. Definition 6.2.
We define v : Q ( i ) → Z ∪ {∞} as the extension of the 2-adicvaluation on Q with v (2) = 1. Write A for the ring of (1 + i )-adic Gaussianintegers. Theorem 6.3.
The problem
HTP( Q ( i )) is equivalent with HTP( Q ( i ) , A ∗ ) .Proof. We prove the reduction HTP( Q ( i ) , A ∗ ) ≤ HTP( Q ( i )) by separably prov-ing HTP( Q ( i ) , A ∗ ) ≤ HTP( Q ( i ) , A )) and HTP( Q ( i ) , A ) ≤ HTP( Q ( i )). For thefirst one, we can model a unit of A by adding for every variable X j occuringthe polynomial X j Y j = 1. For the second reduction, we use Lemma’s 6, 9 and10 of [Rob59]. Let p = (1 + i ), and let q , q be two different primes in theinverse ideal class of p with p , q , q all distinct (this is possible by Lemma6 of the article), and let a , a be such that ( a j ) = pq j for j = 1 ,
2. Let b , b be as given by the proof of Lemma 9. Then by Lemma 10, the equa-tion 1 − a j b j c j = x − a j y − b j z has a solution in x, y, z if and only if c j is a p -adic and a q j -adic integer. Since q , q are disctinct, the equations c = c + c , − a b c = x − a y − b z , − a b c = x − a y − b z model that c is a(1 + i )-adic integer. This completes the inequality HTP( Q ( i ) , A ∗ ) ≤ HTP( Q ( i )).For the inequality HTP( Q ( i )) ≤ HTP( Q ( i ) , A ∗ ), note that the expression x + yz +7 takes on every value in Q ( i ) for x, y, z ∈ A ∗ ; this is clear from A ∗ + A ∗ = A and the fact that − z + 7 can havearbitrarily small valuations. That means that we can replace each variable X i by x i + y i z i +7 , clearing out denominators, to find an equivalent system of equationsfor the problem HTP( Q ( i ) , A ∗ ).We first slightly alter the definition of HTP to a slightly less usual but moreuseful form. Definition 6.4.
We define HTP ′ ( R, S ) with R a ring and S ⊂ R to be: givenan n ∈ Z ≥ and a set of polynomials P in R [ X , . . . , X n ] of degree at most 2,determine whether the polynomials in P have a common zero in S n . We writeHTP ′ ( R ) for HTP ′ ( R, R ). Theorem 6.5.
Take any ring R and S ⊂ R . The problems HTP(
R, S ) and HTP ′ ( R, S ) are equivalent.Proof. The reduction HTP ′ ( R, S ) ≤ HTP(
R, S ) is trivial from the definition.We will now show HTP(
R, S ) ≤ HTP ′ ( R, S ). Let ( n, P ) be an input forHTP(
R, S ). We briefly sketch the reduction, producing ( m, Q ) such that thepolynomials in Q have a common zero exactly if P has a zero.20. Let m := n, Q := P .2. While Q contains a polynomial q containing a monomial c Q ki =1 X n i , c = 0where n i ∈ { , . . . , m } for i = 1 , . . . , k of degree k strictly bigger than 2,make m := m +1 , Q := Q ∪{ X m − X n X n } and in q replace the monomial c Q ki =1 X n i with cX m Q ki =3 X n i , lowering the degree of that monomial.Note that the zero set of Q is conserved in each step, and that step 2 alwaysterminates. This proves the theorem. Proof of Theorem 1.9.
By Theorems 6.3 and 6.5, we reduce from the problemHTP ′ ( Q ( i ) , A ∗ ). Let n ∈ Z ≥ and P = { p , . . . , p m } a subset of Q ( i )[ X , . . . , X n ]consisting of polynomials of degree at most 2 be given. By removing denomina-tors, assume P ⊂ Z [ i , X , . . . , X n ]. We will construct input order B for Π ( X +1) that is a yes-instance if and only if the polynomials in P have a common zeroin ( A ∗ ) n .Embed Z [ i , X , . . . , X n ] in Z [ i , X , . . . , X n ]. We now multiply every mono-mial in one of the polynomials of S by a power of X such that the polyno-mial is homogeneous of degree 2; call the resulting homogeneous polynomials q , . . . , q m . For 1 ≤ k ≤ m let C k be twice the matrix corresponding to thequadratic form q k . Note C k ∈ Mat( n + 1 , Z [ i ]). Letting X = ( X , . . . , X n ), wethen have X ⊤ C k X = 2 q k ( X , . . . , X n ) and q k (1 , X , . . . , X n ) = p k ( X , . . . , X n ).Let 1 , v , v , . . . , v n , w , . . . , w m be formal variables and define Z [ i ]-modules V = L nk =0 v k Z [ i ] and W = L mk =1 w k Z [ i ]. We then choose B ′ additively equalto 1 · Z [ i ] ⊕ V ⊕ W . We define a multiplication on B ′ by making it an Z [ i ]module in the obvious way, defining multiplication by 1 to be the identity,multiplication on V × W, W × W to be the zero map, and letting ϕ k : V × V → w k Z [ i ] be the bilinear symmetric map defined by C k . We see that B ′ is automatically commutative, and the multiplication is associative. Finally,identify B ′ as the Z -module to Z ⊕ Z i ⊕ Z ⊕ n +1) ⊕ Z ⊕ m and let B be thesubmodule Z ⊕ (cid:0) Z i ⊕ F Z ⊕ F n +1) ⊕ F Z ⊕ F m (cid:1) . Note B is actually a subringand hence an order.It remains to prove that Z B (( X +1) ) is non-empty if and only if Z ( A ∗ ) n ( P )is non-empty. Note that the subring Z [ i ] is the separable subring of B ′ , and( V + W ) ∩ B ′ is the nilpotent part. Let x = a + P nk =0 b k v k + P mk =1 c k w k with a, b k , c k ∈ Z [ i ] be an element of B . Then if ( x + 1) = 0, without loss ofgenerality we have a = i . We see x + 1 then becomes P nk =0 i b k v k + w for some w ∈ W . Letting b = ( b , . . . , b n ), we see that ( x +1) = − P mk =1 b ⊤ C k bw k , andhence B contains a zero of ( X + 1) if and only if there is a b ∈ Z [ i ] n +1 with q k ( b , . . . , b n ) = 0 for every 1 ≤ k ≤ m , with b being 1 + i modulo (2) on everyco¨ordinate. As every b i is specifically non-zero, that is equivalent to having an x ∈ Q ( i ) n with p j ( x , . . . , x n ) = 0 for every 1 ≤ j ≤ m , with v ( x j ) = 0 for1 ≤ j ≤ n . To recap: Z B (( X + 1) ) is non-empty if and only if the polynomialsin P have a common zero in ( A ∗ ) n . This completes the proof of Theorem 1.9.21 eferences [Gio13] A. Gioia. On the Galois closure of commutative algebras . PhD thesis,Leiden University, 2013.[Len84] A. K. Lenstra. Factoring multivariate integral polynomials.
Theoret.Comput. Sci. , 34(1-2):207–213, 1984.[LS17] H. W. Lenstra, Jr. and A. Silverberg. Roots of unity in orders.
Found.Comput. Math. , 17(3):851–877, 2017.[LS18] H. W. Lenstra, Jr. and A. Silverberg. Algorithms for commutativealgebras over the rational numbers.
Found. Comput. Math. , 18(1):159–180, 2018.[Rob59] Julia Robinson. The undecidability of algebraic rings and fields.
Proc.Am. Math. Soc. , 10(6):950–957, 1959.[Sag18] Sage Developers.
SageMath, the Sage Mathematics Software System(Version 8.2) , 2018. .[Sil09] J. H. Silverman.
The arithmetic of elliptic curves , volume 106 of