## Algorithms in algebraic number theory (1992)

Venue: | Bull. Amer. Math. Soc |

Citations: | 40 - 3 self |

### BibTeX

@ARTICLE{Lenstra92algorithmsin,

author = {H. W. Lenstra},

title = {Algorithms in algebraic number theory},

journal = {Bull. Amer. Math. Soc},

year = {1992},

volume = {26},

pages = {211--244}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to be done in the area. We hope to show that the study of algorithms not only increases our understanding of algebraic number fields but also stimulates our curiosity about them. The discussion is concentrated of three topics: the determination of Galois groups, the determination of the ring of integers of an algebraic number field, and the computation of the group of units and the class group of that ring of integers. 1.

### Citations

2197 |
The art of computer programming
- Knuth
- 1973
(Show Context)
Citation Context ...s well as the Euclidean algorithm for the computation of greatest common divisors, have running time O(l 2 ). With the help of more sophisticated methods this can be improved to l 1+o(1) for l →∞(see =-=[33]-=-). An operation that is not known to bes6 H.W.LENSTRA,JR. doable by means of a good algorithm is decomposing a positive integer into prime numbers (see [33, 50, 41]), but there is a good probabilistic... |

913 |
A course in computational algebraic number theory
- Cohen
- 1993
(Show Context)
Citation Context ...yet-existing mathematics as well. For an account of algorithms in algebraic number theory that emphasizes the practical aspects rather than complexity issues we refer to the forthcoming book by Cohen =-=[23]-=-. In §2 we cover the basic terminology and the basic auxiliary results to be used in later sections. In particular, we discuss several fundamental questions that, unlike integer factorization, admit a... |

697 | Factoring polynomials with rational coefficients
- Lenstra, Lenstra, et al.
- 1982
(Show Context)
Citation Context ...n to a certain accuracy, then a reduced basis can be found by means of a reduction algorithm. The complexity of such an algorithm depends on the precise notion of “reduced basis” that one employs. In =-=[42]-=- one finds a good reduction algorithm that will suffice for our purposes. See [30] for further developments. 2.7. Rings. We use the convention that rings have unit elements, that a subring has the sam... |

261 |
Algebraic Number Theory
- Lang
- 1984
(Show Context)
Citation Context ...lds. By a number field or an algebraic number field we mean in this paper a field extension K of finite degree of the field Q of rational numbers. For the basic theory of algebraic number fields, see =-=[37, 75, 20]-=-. An algebraic number field K is encoded as its underlying Q-vector space together with the multiplication map K ⊗Q K → K, as in 2.7; in other words, giving K amounts to giving a positive integer n an... |

107 |
On distinguishing prime numbers from composite numbers
- Adleman, Pomerance, et al.
- 1983
(Show Context)
Citation Context ... by the seemingly elementary problem of decomposing integers into prime factors. Among the ingredients that make modern primality tests work one may mention reciprocity laws in cyclotomic fields (see =-=[3, 25, 24]-=-), arithmetic in cyclic fields (see [46, 10]), the construction of Hilbert class fields of imaginary quadratic fields [5], and class number estimates of fourth degree CM-fields [1]. The best rigorousl... |

100 | Algorithmic algebraic number theory - Pohst, Zassenhaus - 1989 |

94 | Finite permutation groups and finite simple groups
- Cameron
- 1981
(Show Context)
Citation Context ...iven K and f decides whether the Galois group of f is Sn and whether or not it is An. For this, one may by the above assume that n ≥ 8. From the classification of finite simple groups it follows (see =-=[18]-=-) that the only sixfold transitive permutation groups of degree n are An and Sn. Hence, if we build up the splitting field of f over K as in the proof of Theorem 3.2, then G is An or Sn if and only if... |

87 | Discrete logarithms in finite fields and their cryptographic significance
- Odlyzko
(Show Context)
Citation Context ...ities. We refer to [47] for a further discussion. Algorithmic problems relating to the multiplicative group of finite fields, such as the discrete logarithm problem, are generally very difficult, see =-=[53, 57, 41, 27, 60, 51]-=-. 2.9. Number fields. By a number field or an algebraic number field we mean in this paper a field extension K of finite degree of the field Q of rational numbers. For the basic theory of algebraic nu... |

67 | New algorithms for finding irreducible polynomials over finite fields
- Shoup
- 1990
(Show Context)
Citation Context ...emann hypothesis then there is a good algorithm for doing this [2]. There is also a good probabilistic algorithm for this problem, and a deterministic algorithm that runs in √ p times polynomial time =-=[66]-=-. An important problem, which will come up several times in this paper, is the problem of factoring a given polynomial f in one variable over a given finite field Fpn. No good algorithm is known for t... |

66 |
Explicit bounds for primality testing and related problems
- Bach
- 1990
(Show Context)
Citation Context ... argue on the basis of heuristic assumptions that are formulated for the occasion. It is considered a relief when one runs into a standard conjecture such as the generalized Riemann hypothesis (as in =-=[6, 15]-=-) or Leopoldt’s conjecture on the nonvanishing of the p-adic regulator [60]. In this paper we will consider algorithms in algebraic number theory for their own sake rather than with a view to any of t... |

62 |
A rigorous subexponential algorithm for computation of class groups
- Hafner, McCurley
- 1989
(Show Context)
Citation Context ...ention be given to general orders, both algorithmically and theoreticallysALGORITHMS IN ALGEBRAIC NUMBER THEORY 17 (cf. [59]). This is precisely what has happened in the case of quadratic fields (cf. =-=[45, 49, 28]-=-). The order A equals O if and only if all of its nonzero prime ideals p are nonsingular; here we call p nonsingular if the local ring Ap is a discrete valuation ring, which is equivalent to dim A/p p... |

60 |
Factoring Integers With The Number Field Sieve
- Buhler, Lenstra, et al.
- 1993
(Show Context)
Citation Context ...for integer factorization is achieved by an algorithm that depends on quadratic fields (see [49]), and the currently most promising practical approach to the same problem, the number field sieve (see =-=[17, 43, 44]-=-), employs “random” number fields of which the discriminants are so huge that many traditional computational methods become totally inapplicable. The analysis of many algorithms related to algebraic n... |

48 |
The infrastructure of a real quadratic field and its applications
- Shanks
- 1972
(Show Context)
Citation Context ... in these two sections could have been formulated in terms of the divisor class group Picc O that appears in Arakelov theory (see [70, §I]) and that already appeared in the context of algorithms (see =-=[65, 45]-=-). Knowing the group Picc O is equivalent to knowing both O ∗ and Cl O, which may explain why algorithms for computing O ∗ and algorithms for computing Cl O are often inextricably linked. It also expl... |

43 |
A rigorous time bound for factoring integers
- Pomerance
- 1992
(Show Context)
Citation Context ...ields [5], and class number estimates of fourth degree CM-fields [1]. The best rigorously proved time bound for integer factorization is achieved by an algorithm that depends on quadratic fields (see =-=[49]-=-), and the currently most promising practical approach to the same problem, the number field sieve (see [17, 43, 44]), employs “random” number fields of which the discriminants are so huge that many t... |

40 |
Algebraic number theory
- Weiss
- 1963
(Show Context)
Citation Context ...lds. By a number field or an algebraic number field we mean in this paper a field extension K of finite degree of the field Q of rational numbers. For the basic theory of algebraic number fields, see =-=[37, 75, 20]-=-. An algebraic number field K is encoded as its underlying Q-vector space together with the multiplication map K ⊗Q K → K, as in 2.7; in other words, giving K amounts to giving a positive integer n an... |

38 |
On the calculation of regulators and class numbers of quadratic fields
- Lenstra
- 1982
(Show Context)
Citation Context ... in these two sections could have been formulated in terms of the divisor class group Picc O that appears in Arakelov theory (see [70, §I]) and that already appeared in the context of algorithms (see =-=[65, 45]-=-). Knowing the group Picc O is equivalent to knowing both O ∗ and Cl O, which may explain why algorithms for computing O ∗ and algorithms for computing Cl O are often inextricably linked. It also expl... |

35 |
Solvability by radicals is in polynomial time
- Landau, Miller
- 1985
(Show Context)
Citation Context ...r fields. Section 3 is devoted to the problem of determining Galois groups. We review the little that has been done on the complexity of this problem, including the pretty result of Landau and Miller =-=[36]-=- that solvability by radicals can be decided4 H. W. LENSTRA, JR. efficiently. We also point out several directions for further research. In §4 we discuss the problem of determining the ring of intege... |

33 |
Primality testing and Jacobi sums
- Cohen, Lenstra
- 1984
(Show Context)
Citation Context ... by the seemingly elementary problem of decomposing integers into prime factors. Among the ingredients that make modern primality tests work one may mention reciprocity laws in cyclotomic fields (see =-=[3, 25, 24]-=-), arithmetic in cyclic fields (see [46, 10]), the construction of Hilbert class fields of imaginary quadratic fields [5], and class number estimates of fourth degree CM-fields [1]. The best rigorousl... |

30 |
Finding irreducible polynomials over finite fields
- Adleman, Lenstra
- 1986
(Show Context)
Citation Context ...cting an irreducible polynomial f ∈ Fp[X] of degree n;heren is supposed to be given in unary (cf. 2.4). If one accepts the generalized Riemann hypothesis then there is a good algorithm for doing this =-=[2]-=-. There is also a good probabilistic algorithm for this problem, and a deterministic algorithm that runs in √ p times polynomial time [66]. An important problem, which will come up several times in th... |

29 |
The determination of Galois groups
- Stauduhar
- 1973
(Show Context)
Citation Context ...ois groups is not considered to be well solved, even though the algorithms that are actually used nowadays always require n to be bounded—in fact, each value of n typically has its own algorithm (cf. =-=[69, 26]-=-), which does not follow the crude approach outlined above. Corollary 3.3. There is a good algorithm that given K and f decides whether G is abelian, and determines G if G is abelian and f is irreduci... |

26 |
Local Fields
- Cassels
- 1986
(Show Context)
Citation Context ...-archimedean, i.e., not isomorphic to R or C. The complexity theory of local fields has not been developed as systematically as one might expect on the basis of their importance in number theory (see =-=[19]-=-). The first thing to do is to develop algorithms for factoring polynomials in one variable to a given precision; see [21, 14] and §4 below. Here the incomplete solution of the corresponding problem o... |

26 |
Implementation of a new primality test
- Cohen, Lenstra
- 1987
(Show Context)
Citation Context ... by the seemingly elementary problem of decomposing integers into prime factors. Among the ingredients that make modern primality tests work one may mention reciprocity laws in cyclotomic fields (see =-=[3, 25, 24]-=-), arithmetic in cyclic fields (see [46, 10]), the construction of Hilbert class fields of imaginary quadratic fields [5], and class number estimates of fourth degree CM-fields [1]. The best rigorousl... |

19 |
rigorous factorization and discrete logarithm algorithms
- Pomerance, Fast
- 1987
(Show Context)
Citation Context ...ities. We refer to [47] for a further discussion. Algorithmic problems relating to the multiplicative group of finite fields, such as the discrete logarithm problem, are generally very difficult, see =-=[53, 57, 41, 27, 60, 51]-=-. 2.9. Number fields. By a number field or an algebraic number field we mean in this paper a field extension K of finite degree of the field Q of rational numbers. For the basic theory of algebraic nu... |

17 | Luks: Computing in quotient groups
- Kantor, M
- 1990
(Show Context)
Citation Context ... one can find a composition series for G and name the isomorphism types of its composition factors; in particular, one can decide whether G is solvable. For more examples, proofs, and references, see =-=[32]-=-. It may be that some of the ideas that underlie this theory, which depends on the classification of finite simple groups, will play a role in a possible solution of Problem 3.1. The following result,... |

16 |
Discrete logarithms and local units
- Schirokauer
- 1993
(Show Context)
Citation Context ...ion. It is considered a relief when one runs into a standard conjecture such as the generalized Riemann hypothesis (as in [6, 15]) or Leopoldt’s conjecture on the nonvanishing of the p-adic regulator =-=[60]-=-. In this paper we will consider algorithms in algebraic number theory for their own sake rather than with a view to any of the above applications. The discussion will be concentrated on three basic a... |

14 |
Ebene algebraische Kurven
- Brieskorn, Knorrer
- 1981
(Show Context)
Citation Context ...anged in such a way that the same applies to all rings B that are encountered? It may be of interest to see whether the methods that have been proposed for the resolution of plane curve singularities =-=[11, 71]-=- shed any light on this problem. One may also wish to investigate the algorithm of Theorem 4.6 from the same perspective. An affirmative answer to Problem 4.10 may improve the performance of the algor... |

13 |
Quadratic fields and factorization, Computational methods in number theory
- Schoof
- 1982
(Show Context)
Citation Context ...groups (see 2.5) one obtains O ∗ and Cl O as the kernel and cokernel of this map. We now turn to complexity results for Problem 5.1. Most results that have been obtained concern quadratic fields (see =-=[45, 61, 28]-=-). For general number fields, virtually all that is known can be found in [12] (note that, in that paper, R 1/2 D ε in Theorem 2 is a printing error for RD ε , and D 1/2+ε in Theorem 4 is a printing e... |

13 | on Vanishing Theorems - Lectures - 1992 |

12 |
Efficient Factoring [of] Polynomials over Local Fields and its Applications
- Chistov
- 1991
(Show Context)
Citation Context ...ly as one might expect on the basis of their importance in number theory (see [19]). The first thing to do is to develop algorithms for factoring polynomials in one variable to a given precision; see =-=[21, 14]-=- and §4 below. Here the incomplete solution of the corresponding problem over finite fields (see 2.8) causes a difficulty; we are forced to admit probabilistic algorithms, or to allow the running time... |

10 |
On the computation of the class number of an algebraic number field
- Buchmann, Williams
- 1989
(Show Context)
Citation Context ...able to estimate hR up to a factor 2, i.e., that we can compute anumberawith a/2 <hR<a; if one assumes the generalized Riemann hypothesis this can probably be done by means of a good algorithm, as in =-=[16]-=-. Then we see from (5.7) that h ′ R ′ also satisfies a/2 <h ′ R ′ <aif and only if H = KS, and if and only if one has both ker φ = O ∗ and cokerφ =ClO. The above indicates that on the assumption of th... |

9 |
Discrete Logarithms Using the Number Field Sieve
- Gordon
(Show Context)
Citation Context ...ities. We refer to [47] for a further discussion. Algorithmic problems relating to the multiplicative group of finite fields, such as the discrete logarithm problem, are generally very difficult, see =-=[53, 57, 41, 27, 60, 51]-=-. 2.9. Number fields. By a number field or an algebraic number field we mean in this paper a field extension K of finite degree of the field Q of rational numbers. For the basic theory of algebraic nu... |

9 |
Rigorous, subexponential algorithms for discrete logarithms over finite fields
- Lovorn
- 1992
(Show Context)
Citation Context |

9 | Enumerating finite groups - McIver, Neumann - 1987 |

8 | Constructing nonresidues in finite fields and the extended Riemann hypothesis
- Buchmann, Shoup
- 1996
(Show Context)
Citation Context ...by means of a probabilistic algorithm. In [12] one finds a weaker version of this result, in which n is kept fixed. The more precise result should follow by combining [12] with results that appear in =-=[15]-=-. The algorithm underlying Theorem 5.5, for which we refer to [12] and the references given there, is not the same as the method for effectively determining O∗ and Cl O that we just indicated. However... |

7 |
A polynomial bound for the orders of primitive solvable groups
- Pálfy
- 1982
(Show Context)
Citation Context ...ransitive permutation group of degree n = 2 k and order 2 n−1 . Instead, one uses that the order of a primitive solvable permutation group of degree n does have an upper bound of the form n O(1) (see =-=[54]-=-). By Galois theory, the Galois group G of f is primitive if and only if there are no nontrivial intermediate fields between K and K(α), where f(α) = 0. To reduce the general case to this situation, i... |

7 |
The computational complexity of the resolution of plane curve singularities
- Teitelbaum
- 1990
(Show Context)
Citation Context ...s feasible to resolve the singularities of a given irreducible algebraic curve over a given finite field. The corresponding problem over fields of characteristic zero has been considered as well (see =-=[71]-=-), and one may wonder whether the geometric techniques that have been proposed can also be used in the context of Problem 4.2. In any case, we can formulate Problem 4.2 geometrically by asking for the... |

6 |
Complexity of algorithms in algebraic number theory
- Buchmann
- 1990
(Show Context)
Citation Context ...ow turn to complexity results for Problem 5.1. Most results that have been obtained concern quadratic fields (see [45, 61, 28]). For general number fields, virtually all that is known can be found in =-=[12]-=- (note that, in that paper, R1/2Dε in Theorem 2 is a printing error for RDε ,andD1/2+ε in Theorem 4 is a printing error for R1/2Dε ). The following theorem appears to be true. Theorem 5.5. Given K and... |

6 |
Abschätzung von Einheiten
- Siegel
- 1969
(Show Context)
Citation Context ...orem 6.1, we deduce upper bounds for the class number h = #Cl O and for the product hR of the class number and the regulator R = reg O ∗ . The upper bound for hR resembles the upper bound that Siegel =-=[68]-=- proved using properties of the zeta function of K. For similar upper bounds, see [58].ALGORITHMS IN ALGEBRAIC NUMBER THEORY 29 Theorem 6.5. Let K be an algebraic number field of degree n and discrim... |

6 |
Ein Algorithmus zur Berechnung einer Minimalbasis über gegebener Ordnung
- Zassenhaus
- 1965
(Show Context)
Citation Context ... A (p) . For a single p, we have the following result. Theorem 4.5. There is a good algorithm that given K, A, C, p as above, determines A (p) . This is proved by analyzing an algorithm of Zassenhaus =-=[77, 78]-=-. We briefly sketch the main idea. Let us first consider the case C = Z. Denote by p the prime number for which p = pZ, and write A (p) = A (p) .18 H. W. LENSTRA, JR. One needs a criterion for A to b... |

5 |
Computational problems, methods and results in algebraic number theory
- Zimmer
- 1972
(Show Context)
Citation Context ... A (p) . For a single p, we have the following result. Theorem 4.5. There is a good algorithm that given K, A, C, p as above, determines A (p) . This is proved by analyzing an algorithm of Zassenhaus =-=[77, 78]-=-. We briefly sketch the main idea. Let us first consider the case C = Z. Denote by p the prime number for which p = pZ, and write A (p) = A (p) .18 H. W. LENSTRA, JR. One needs a criterion for A to b... |

4 |
Algorithmic geometry of numbers, Annual Review of Computer Sciences
- Kannan
- 1987
(Show Context)
Citation Context ... algorithm. The complexity of such an algorithm depends on the precise notion of “reduced basis” that one employs. In [42] one finds a good reduction algorithm that will suffice for our purposes. See =-=[30]-=- for further developments. 2.7. Rings. We use the convention that rings have unit elements, that a subring has the same unit element, and that ring homomorphisms preserve the unit element. The charact... |

3 |
Generalization of a theorem of
- Sands
- 1991
(Show Context)
Citation Context ...turns out to be wise to avoid working with O, then it is desirable that more attention be given to general orders, both algorithmically and theoreticallyALGORITHMS IN ALGEBRAIC NUMBER THEORY 17 (cf. =-=[59]-=-). This is precisely what has happened in the case of quadratic fields (cf. [45, 49, 28]). The order A equals O if and only if all of its nonzero prime ideals p are nonsingular; here we call p nonsing... |

2 |
Safarevič, Teorija čisel, Izdat
- Borevič, R
- 1964
(Show Context)
Citation Context ...The first thing to be discussed about Problem 5.1 is whether it can be done at all, efficiently or not. This is a question that is strangely overlooked in most textbooks, two notable exceptions being =-=[9]-=- and [19]. For the class group, one often finds the theorem that every ideal class contains an integral ideal of norm at most the Minkowski constant (n!/nn )(4/π) s |∆| 1/2 ,wheresdenotes the number o... |

2 |
Computation of Galois Groups from Polynomials over the Rationals
- Ford, McKay
- 1988
(Show Context)
Citation Context ...ois groups is not considered to be well solved, even though the algorithms that are actually used nowadays always require n to be bounded—in fact, each value of n typically has its own algorithm (cf. =-=[69, 26]-=-), which does not follow the crude approach outlined above. Corollary 3.3. There is a good algorithm that given K and f decides whether G is abelian, and determines G if G is abelian and f is irreduci... |

2 |
Polynomial time algorithms for Galois groups, Eurosam 84
- Landau
- 1984
(Show Context)
Citation Context ...s irreducible. One does obtain the prime divisors of #G if G is solvable. Theorem 3.2 suggests that the largest groups are the hardest to determine. However, the following result, which is taken from =-=[34]-=-, shows that the very largest ones can actually be dealt with in polynomial time. As above, let Sn denote the full symmetric group of degree n, and let An be the alternating group of degree n. Theorem... |

2 | Three Principal Tasks of Computational Algebraic Number Theory - Pohst - 1989 |

2 |
Relations d’inégalité effective en Théorie algébrique des nombres, Sem Théorie des Nombres Bordeaux, exp
- Quême
- 1988
(Show Context)
Citation Context ... of the class number and the regulator R = reg O ∗ . The upper bound for hR resembles the upper bound that Siegel [68] proved using properties of the zeta function of K. For similar upper bounds, see =-=[58]-=-.ALGORITHMS IN ALGEBRAIC NUMBER THEORY 29 Theorem 6.5. Let K be an algebraic number field of degree n and discriminant ∆ over Q, and let s denote the number of complex places of K. Let d = (2/π) s |∆... |

2 | Présentation de la théorie d’Arakelov. Current trends in arithmetical algebraic geometry - Szpiro - 1985 |

2 |
Emde Boas, Machine models, computational complexity and number theory, Computational Methods in Number Theory
- van
- 1982
(Show Context)
Citation Context ...rithms with certain properties do not exist, and theoretical computer science is notoriously lacking in such negative results. The reader who wishes to provide his own definitions may wish to consult =-=[74]-=- for an account of the pitfalls to be avoided. He should bear in mind that all theorems in the present paper should become formal consequences of his definitions, which makes his task particularly aca... |

2 | Class numbers and units, Computational Methods in Number Theory - Zantema - 1982 |