H.W. Lenstra

Factoring Polynomials with Rational Coefficients.

In this paper we present a polynomial-time algorithm to solve the following problem: given a non-zero polynomial fe Q(X) in one variable with rational coefficients, find the decomposition of f into irreducible factors in Q(X). It is well known that this is equivalent to factoring primitive polynomials feZ(X) into irreducible factors in Z(X). Here we call f~ Z(X) primitive if the greatest common divisor of its coefficients (the content of f) is 1. Our algorithm performs well in practice, cf. (8). Its running time, measured in bit operations, is O(nl2+n9(log(fD3).

Factoring integers with elliptic curves

This paper is devoted to the description and analysis of a new algorithm to factor positive integers. It depends on the use of elliptic curves. The new method is obtained from Pollards (p - 1)-method (Proc. Cambridge Philos. Soc. 76 (1974), 521-528) by replacing the multiplicative group by the group of points on a random elliptic curve. It is conjectured that the algorithm determines a non-trivial divisor of a composite number n in expected time at most K( p)(log n)2, where p is the least prime dividing n and K is a function for which log K(x) = /(2 + o(1))log x log log x for x -x o. In the worst case, when n is the product of two primes of the same order of magnitude, this is

Algorithms in algebraic number theory

In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to be done in the urea. We hope to show that the study of algorithms not only increases our understanding of algebraic number fields but also stimulates our curiosity about them

Optimal normal bases

Let K ⊂ L be a finite Galois extension of fields, of degree n. Let G be the Galois group, and let (<α)<∈G be a normal basis for L over K. An argument due to Mullin, Onyszchuk, Vanstone and Wilson (Discrete Appl. Math. 22 (1988/89), 149–161) shows that the matrix that describes the map x → αx on this basis has at least 2n - 1 nonzero entries. If it contains exactly 2n - 1 nonzero entries, then the normal basis is said to be optimal. In the present paper we determine all optimal normal bases. In the case that K is finite our result confirms a conjecture that was made by Mullin et al. on the basis of a computer search.

Primality testing and Jacobi sums

We present a theoretically and algorithmically simplified version of a primality testing algorithm that was recently invented by Adleman and Rumely. The new algorithm performs well in practice. It is the first pnmality test in existence that can routinely handle numbers of hundreds of decimal digits.

A rigorous time bound for factoring integers

In this paper a probabilistic algorithm is exhibited that factors any positive integer n into prime factors in expected time at most Ln[2, 1 + o()] for n oo, where L,[a, b] = exp(b(logx)a(loglogx)l a). Many practical factoring algorithms, including the quadratic sieve and the elliptic curve method, are conjectured to have an expected running time that satisfies the same bound, but this is the first algorithm for which the bound can be rigorously proved. Nevertheless, this does not close the gap between rigorously established time bounds and merely conjectural ones for factoring algorithms. This is due to the advent of a new factoring algorithm, the number field sieve, which is conjectured to factor any positive integer n in time Ln[ I, 0(1)] . The algorithm analyzed in this paper is a variant of the class group relations method, which makes use of class groups of binary quadratic forms of negative discriminant. This algorithm was first suggested by Seysen, and later improved by A. K. Lenstra, who showed that the algorithm runs in expected time at most Ln [ 12 1 + O( 1)] if one assumes the generalized Riemann hypothesis. The main device for removing the use of the generalized Riemann hypothesis from the proof is the use of multipliers. In addition a character sum estimate for algebraic number fields is used, with an explicit dependence on possible exceptional zeros of the corresponding L-functions. Another factoring algorithm using class groups that has been proposed is the random class groups method. It is shown that there is a fairly large set of numbers that this algorithm cannot be expected to factor as efficiently as had previously been thought. DEPARTMENT OF MATHEMATICS, UNIVERSITY OF CALIFORNIA, BERKELEY, CALIFORNIA 94720 E-mail address: hwl@math.berkeley.edu DEPARTMENT OF MATHEMATICS, UNIVERSITY OF GEORGIA, ATHENS, GEORGIA 30602 E-mail address: carl@ada.math.uga.edu This content downloaded from 157.55.39.186 on Tue, 12 Apr 2016 08:54:17 UTC All use subject to http://about.jstor.org/terms

The factorization of the ninth Fermat number

In this paper we exhibit the full prime factorization of the ninth Fermat number F9 = 2(512) + 1. It is the product of three prime factors that have 7, 49, and 99 decimal digits. We found the two largest prime factors by means of the number field sieve, which is a factoring algorithm that depends on arithmetic in an algebraic number field. In the present case, the number field used was Q(fifth-root 2) . The calculations were done on approximately 700 workstations scattered around the world, and in one of the final stages a supercomputer was used. The entire factorization took four months.

On Artin's Conjecture and Euclid's Algorithm in Global Fields

This paper considers a generalization of Artins conjecture on primes with prescribed primitive roots. The main result provides & necessary and sufficient condition for the conjectural density of certain sets of primes to be non-zero. As an application a theorem about the existence of a euclidean algorithm in rings of arithtnetic type is proved. Key_word£: Artins conjecture, primitive roots, Euclids algorithm. 12A75, 10HI5, 12A45, 13F10. On Artins conjecture and Euclids algorithm in global fields. H.W. Lenstra, Jr. jEntroductiop. A famous conjecture of Artin (1927) [3, 9] asserts that for every nonzero rational number t the set of prime numbers q for which t is a primitive root possesses a density inside the set of all prime numbers. The original conjecture included a formula for this density, but calculations by D.H. Lehmer [14] indicated that this formula must be wrong. A corrected Version of the conjecture [31, intr„, sec, 23; 2, intr.3 was proved by Hooley [11, 12] under tue assumpticm of certain generalized Riemann hypotheses. In this paper we are concerned with a generalized form of Artins conjecture, which recently arose in connection with Euclids algorithm [23, 30, 19] and the construction of division chains [5, 20] in global fields. Our main contribution is a necessary and sufficient condition for the conjectural density of the set of primes in question to be non-zero. As an application of this result we prove a theorem about the existence of a euclidean algorithm in rings of arithmetic type. For an application to arithmetic codes we refer to [15]. We discuss the various vays in which Artins conjecture has been generalized. First, instead of the rational numbers one can consider an arbitrary global field K, äs in [3]. Prime numbers are then replaced by nonarchimedean prime divisors p_ of K, Secondly, a congruence condition can be imposed on these primes [30, 19], This is even of interest in the case K = (Q: for example, among all primes for which 27 is a primitive root there are no primes which are -l mod 4, while, conjecturally., there are infinitely many which are

Primality Testing with Gaussian Periods

It was recognized in the mid-eighties, that several then current primality tests could be formulated in the language of Galois theory for rings. This made it possible to combine those tests for practical purposes. It turns out that the new polynomial time primality test due to Agrawal, Kayal, and Saxena can also be formulated in the Galois theory language. Whether the new formulation will allow the test to be combined with the older tests remains to be seen. It does lead to a primality test with a significantly improved guaranteed run time exponent. In this test, one makes use of Gaussian periods instead of roots of unity. The lecture represents joint work with Carl Pomerance (Bell Labs).

A hyperelliptic smoothness test. I

This series of papers is concerned with a probabilistic algorithm for finding small prime factors of an integer. While the algorithm is not practical, it yields an improvement over previous complexity results. The algorithm uses the jacobian varieties of curves of genus 2 in the same way that the elliptic curve method uses elliptic curves. In this first paper in the series a new density theorem is presented for smooth numbers in short intervals. It is a key ingredient of the analysis of the algorithm.