Under the Assumption of the Generalized Riemann ... - CiteSeerX

Under the Assumption of the Generalized Riemann Hypothesis Verifying the Class Number Belongs to NP \ co{NP Christoph Thiel? Fachbereich Informatik Universitat des Saarlandes Postfach 151150 D-66041 Saarbrucken Germany

Abstract. We show that under the assumption of a certain Generalized Riemann Hypothesis the problem of verifying the value of the class number of an arbitrary algebraic number eld F of arbitrary degree belongs to the complexity class NP \ co ?NP . In order to prove this result we introduce a compact representation of algebraic integers which allows us to represent a system of fundamental units by (2 + log2 (
))O(1) bits, where
is the discriminant of F .

1 Introduction Let F be an algebraic number eld, i.e. a nite eld extension of the eld Q of the rational numbers. In [21] and [11] it was shown that the problem of verifying the value of the class number h of F belongs to the complexity class NP if F is of degree 2 and if a certain Generalized Riemann Hyptothesis (GRH) holds. That is, assuming the GRH, there exists a nondeterministic polynomial time algorithm that accepts the set p of all pairs (
; h), where
2 ZZ is squarefree and h is the class number of Q(
). We will generalize this result by showing that under the assumption of the GRH the problem of verifying the value of the class number hF of an arbitrary algebraic number eld F of arbitrary degree belongs to NP . To be more precise, our main results are: Theorem1. The set PRI of all pairs (F ; A), where F is an algebraic number eld and A is a principal ideal of the ring of integers of F , belongs to NP . Moreover, if we assume the GRH, then the set H of all pairs (F ; hF ); where F is an arbitrary algebraic number eld and hF is the class number of F , belongs to NP : >From our theorem and from the results of [13] we immediately obtain Corollary2. Assume the GRH. Then H and PRI belong to the complexity class

NP \ co ?NP . ?

This research was supported by the Deutsche Forschungsgemeinschaft.

The main tool used in our work is the theory of minima in ideals which will be reviewed in Sect. 3. In order to prove our results we will generalize the results of [15] and introduce in Sect. 4 a short representation of algebraic integers which allows us to represent a system of fundamental units by (2 + log2(
))O(1) bits where the O-constant is independent of F . Given such a representation of a system of fundamental units we can determine in polynomial time an approximation to the regulator RF . This kind of representation solves an open problem suggested by H. W. Lenstra in [19, Problem 5.2]. After studying the binary length of short representations in Sect. 5, we will use short representations to show in Sect. 6 that there exists a short proof for the principality of a given ideal. As an application of this result we will show in Sect. 7 under the assumption of GRH: if an integer H is divisible by the class number hF , then there exists a short proof for this fact. In Sect. 8 we will use short representations of elements of a system of fundamental units to compute a rational R which is an approximation of mRF for some m 2 ZZ. In Sect. 9 we will show how to verify that a number  satis es (6=5)hF RF    (15=8)hF RF . We can check that H=hF = m = 1 since HR   if and only if H=hF = m = 1.

2 Preliminaries For notions in complexity theory such as polynomial time or the complexity class

NP we refer to [24]. The de nitions and results in algebraic number theory used

in our paper can be found for example in [22] or [18]. We use the notions of encoding data in a similar way as in [19]. For example, mathematical objects are encoded by nite sequences of rational integers (for example, a polynomial is encoded by its coecients), which are represented in binary. The binary length of a rational integer z 6= 0 is size(z) = blog2 j z jc +2, where the extra bit encodes the sign of z. We also set size(0) = 2. The binary lenght size(O) of an object O is de ned to be the length of its encoding sequence. When we say that an object is input for an algorithm then this means that the appropriate encoding is its input. An algebraic number eld F of degree n > 1 is represented by a generating polynomial which is a monic and irreducible polynomial f 2 ZZ [X] of degree n such that F  = Q[X]=fQ[X], i.e. F = Q() with  = X + fQ[X]. The numbers 1; ; 2 ; : : :; n?1 form a Q-basis of F and each  2 F can be uniquely represented P in the form  = 1d ni=1 aii?1 ; where d 2 ZZ>0 , ai 2 ZZ for 1  i  n and gcd(a1; : : :; an; d) = 1. By  we denote the complex conjugate of . Let s; t; m 2 ZZ0 and let (1) ; : : :; (s) be the real zeros and (s+1) ; : : :; (m) ; (m+1)  = (s+1) ; : : :; (m+t) = (m) the non real zeros of f, then for 1  j  n the mapping n X  7!  (j ) = d1 ai (j )i?1 i=1

Of course, m = s + t and n = s + 2t. For  2 F we de ne is a Q-isomorphism. j ji = j  (i) je ; where ei = 1, if i 2 f1; : : :; sg and ei = 2, if i 2 fs + 1; : : :; mg: i

P

Q

The trace of  is Tr() = ni=1  (i) ; the norm of  is N() = ni=1  (i) ; and the height of  is H() = max fj ji j 1  i  mg : The integral closure of ZZ in a number eld F is called the maximal order of F . It is encoded by a multiplication table MT(O) = (wi;j;k) 2 ZZnnn with the property that there exists a ZZ-basis !1; : : :; !n of O such that !i!j =

n X

k=1

wi;j;k!k

for 1  i; j  n (cf. [19]). We note, that MT(O) also encodes F , because every ZZ-basis of O is a Q-basis of F as a vector space. The discriminant
of O is the determinant of the matrix (Tr(!i !j )) = det(!i(j ) )2 2 Qnn : More generally, when A is a ZZ-modul in F with ZZ -basis a1; : : :; an then we call
A = det(a(ij ))2 the discriminant of A. The problem of verifying the maximal order of a given number eld belongs to NP (cf. [19]). Moreover, since by [19] and [14] we know that there is a multiplication table of O with size bounded by (2 + log2 (
))O(1)  (2 + log2 (
f ))O(1) we may assume that on input F every nondeterministic polynomial time algorithm also knows O. P We represent  = ni=1 xi !i 2 O by the vector (x1; : : :; xn) 2 ZZn , called the standard representation of . Given elements in standard representation we can compute in polynomial time their sums, products and their quotients. Since there is a polynomial time algorithm that given an element of O computes its trace (cf. [9]), there is also a polynomial time algorithm, that given O computes the discriminant
of O. A (fractional) ideal of O is a subset A of F such that dA is a non zero ideal of the ring O for some d 2 ZZ>0 . The denominator d(A) of A is the minimal such d. If for two ideals A and B of O there is a non zero  2 F such that A = B, then we write A  B. An ideal A of O is called principal if A  O. In that case any  2 F with A = O is called a generator of A. An ideal A of O is uniquely encoded (with respect to !1; : : :; !n) by the pair (d(A); HNF(A)); where HNF(A) = (hi;j ) 2 ZZnn is a matrix in Hermite normal P form (cf. [27, pp. 45-51]) such that the elements j = ni=1 hi;j !i ; 1  j  n, form a ZZ-basis of d(A)A. We note that there are polynomial time algorithms that given O,  2 O and fractional ideals A; B of O determine AB, A?1 and O (cf. [8]). We call N(A) = [O : d(A)A]=d(A)n the norm of the ideal A. Clearly, all entries of HNF(A) are bounded by N(A)d(A)n . We know Lemma 3. For all ideals A of O and all  2 A,  6= 0, we have jN()j  N(A). For all 2 O, 6= 0, we have j N( ) j = N( O). The set IF of (fractional) ideals of O is a multiplicative abelian group in which the set PF of all principal ideals of O is a subgroup. We call the factor group ClF = IF =PF the class group and hF = jIF =PF j the class number of F . The unit group O of O is the set of all elements of O whose multiplicative inverse also belongs to O. By Dirichlet's Unit Theorem, there is a root of unity

 2 O and a system of r = m ? 1 fundamental units 1; : : :; r 2 O such that every unit of O is uniquely represented by a product of  and of powers of the i , 1  i  r. The image of O under the logarithm map Log : F n f0g ! IRr ;  7! Log  = (ln j j1; : : :; ln j jr )T ; P where ln(
) denotes the natural logarithm, is the lattice LF = ri=1 (Log i )ZZ. The absolut value of the determinant of the matrix (Log 1 ; : : :; Logr ) is called the regulator RF of F . By j
j1 we denote the maximum modulus of all entries of a given vector. We also use the euclidean norm j
j2 . The distinction between the euclidean norm and the archimedian valuations arises from the context.

3 Minima The main tool used in our work is the theory of minima in ideals which was described in [3]. An element  of an ideal A is called a minimum in A if there exists no  2 A,  6= 0, such that jji < jji for 1  i  m: If 1 is a minimum in A, then A is called reduced . Proposition4. Let A be an ideal. The reduced ideals equivalent to A are exactly the ideals (1=)A where  is a minimum in A. By [1, Proposition 2.2] and [2, Lemma 3.4] we know Theorem 5. For all minima  in an ideal A we have p j N() j  (2=)tN(A)
: Moreover, for all z 2 IRr and for ideals A there is at least p one minimum  in A with Log  2 z + W , where W = fx 2 IRr j j x j1  (log
)=2g. p Lemma 6. If A is a reduced ideal of O, then 1=
 N(A)  1. Proof. Since 1 is a minimumin A we know by Lemma 3 that 1 = j N(1) p j  N(A). ut On the other hand we get by Theorem 5 that 1 = j N(1) j  N(A)
. Lemma 7. Let A be a reduced ideal of O and let p HNF(A) = (ai;j ) be the Hermite normal form of A. Then 0  j ai;j j  d(A) 
for 1  i; j  n. Proof. Since A is reduced, we know that O  A. Hence [A : O]A  O and therefore d(A)  [A : O]. By Lemma 6 and [22] we obtain p p p [A : O] =
A =
= 1=N(A) 
; where
A is the discriminant of A. To show the left inequality we note that d(A)!i 2 d(A)A, hence, by induction we see that ai;i divides d(A) for 1  i  n. The assertion follows since HNF(A) is in Hermite normal form and therefore j ai;j j  j ai;i j for 1  i; j  n. ut p Corollary 8. Let A be a reduced ideal of O. Then size(A)  (n2 + 1) log2(
):

4 Compact Representations In this section we prove the existence of a short representation for any number in O. In the next sections, this representation will be used to show our main results. Let A be a reduced ideal of O, let u 2 IRr , and let  be a minimum in A with Log  2 u + W where p  W = x 2 IRr j j x j1  (log
)=2 : We let DOUBLE(A; ; u) be the set of all minima in B = ((1=))2A with Log 2 2u ? 2Log+ W . By Theorem 5 the set DOUBLE(A; ; u) is not empty. Clearly, for each 2 DOUBLE(A; ; u) there exists a unique element a( ) 2 O such that 1= = a( )=d( ) where d( ) = d((1= )B). p Lemma 9. For every 2 DOUBLE(A; ; u) we have 0  d( ) 
and H(a( )) 
3(m+2)=4 . Proof. Let B = ((1=))2A. Since (1= )B is reduced, the rst assertion follows p

from Lemma 7. Since Log 2 2u ? 2Log + W we have j log j ji j  (3=2) log
for 1  i Qr.m Hence,
?3=4  j ji 
3=4 for 1  i  r: By Lemma 3 we have j N( ) j = i=1 j ji  N(B); thus from Lemma 6 and Theorem 5 we obtain j jm  N(B)=
3(m?1)=4  1=
3(m+1)=4; implying that H(1= ) 
3(m+1)=4. The second assertion follows. ut

Lemma 10. Let A be a reduced ideal, and let  be a minimum in A. If we set uj = (Log )=2k?j for 1  j  k where k = maxf1; dlog (jLog ?j1 )e +2g; then Qj ? thereQare ; : : :; k with = 1 and 2 DOUBLE(A; j i i ; uj ) such that Q ? ? +1

0 2k

 = kj=0 j

j

and

2

0

j 2 i=0 i

j

i

1 =0

is a minimum in A.

2

j

i

Proof. The number 1 is a minimumin A with Log 1 2 Log u1 + W . By Theorem 5

we have for every 1 2 DOUBLE(A; 0; u1) that 1 = 1 ( 0 )2 is a minimum in A with Log 1 2 2u1 + W =1 u2 ?+ W . By induction on j weQobtain that for Q ? ?1 2 ? )2 is a i2 ; uj ) the number j = j ( ij=0 every j 2 DOUBLE(A; ij=0 i minimum in A with Log j 2 uj +1 + W , 1  j  k. If we x Qk = =(k?1 )2 ?1 2 ? ; u ) then LogQ k 2 2uk ? 2Log k?1 + W . Thus k 2 DOUBLE(A; ki=0 k i and  = kj=0 j2 ? . ut j

j

i

i

k

k

i

j

Theorem11. For  2 O there exist k  log (log (
)+(n?1) log H())+2 and

; j 2 O and dj 2 ZZ, 1  j  k, with H( )  jN()j =n
, H(j ) 
43 m and 0 < dj 
= such that 2

2

2

1 2

=

Moreover, for 1  j  k

k Y



j dj

2k?j

:

j =1 Qj ?1 the ideal i=1 (i =di)2j?i O is reduced.

2

(

+2)

Proof. By Minkowsky's Convex body theorem (cf. [23, pp.33-34]) and Lemma 3

there is a minimum in the principal ideal O with H( )  j N() j2=n
: If we set  = = then by Proposition 4 we have that  is a minimum in O. Since O is an ideal with minimumQ1 we can? apply Lemma 10. Using the notations of that Lemma we obtain  = kj=0 j2 . We may assume that k  log2 jLog j1 +2  log2 (log2 H())+2: But  = =, thus we have n?1 n?1 H()  H( )(H()) j N() j 
(H()) : Hence, we have shown that k  log2(log2 (
) + (n ? 1) log H()) + 2. If we set j = a( j ) and3 dj = d( j ) then j 2 O and dj 2 ZZ and by Lemma 9 it follows that H(j ) 
4 (m+2) and 0 < dj 
1=2. The last assertion is a direct consequence of Lemma 10. ut k

j

A representation of  2 O as described in Theorem 11 is called a compact rep-

resentation of .

Proposition12. There isQka polynomial? time algorithm that given O and the compact representation j (j =dj ) of  2 O computes the ideal O. Proof. We describe the algorithm. It starts by computing A = ( =d )O. Then it determines recursively Aj = (j =dj )(Aj ? ) for 1  j  k. Since each Aj ? is reduced, from Lemma 7 follows that all these steps can be done in polynomial time. Finally, the algorithm calculates O = Ak . It is clear that the algorithm has polynomially bounded running time. ut Corollary 13. There is a polynomial time algorithm that given the compact representation of  2 O decides whether  is a unit of O or not. =1

2k

j

1

2

0

0

0

1

Remark. Using methods similar to those in [10], [1], [2] and [3] it can be shown that there is a deterministic algorithm that given an ideal O and an appropriate approximation of Log  computes a compact representation of  in running time (n log
djLogj1 e)O(n) . It can also be shown that if the dimension n of the considered eld F is xed we can add, multiply and compare algebraic numbers given in compact representation in polynomial time. More details will be given in a subsequent paper.

5 Sizes of Algebraic Integers Let O be given by the table MT(O) =P(w i;j;k) 2 ZZnnn such that there is a n ZZ -basis !1; : : :; !n of O with !i!j = k=1 wi;j;k !kPfor 1  i; j  n. Then the binary length of the standard representation of  = ni=1 xi!i 2 O with respect to that ZZ-basis is n X sizes () = size(xi ) : i=1

Q The binary length of the compact representation ki=1 (i=di)2 ? of  with respect to that ZZ-basis is k

sizes ( ) +

k ? X i=1

i




sizes (i) + size(di ) ;

since the i are given in standard representation. We de ne sizec () to be the maximum of that quantity taken over all compact representations with respect to O. Proposition14. For  = Pni=1 xi!i 2 O n f0g we have

j (x1; : : :; xn)T j1  n 24n2 2size(O) H() : Proof. Let `; h 2 f1; : : :; ng be such that j!` jh = maxfj!j ji j 1  i; j  ng. Then j!`jh 2 

n X

k=1

j wh;h;k jj!k jh  n j!` jh 2size(O)

and j!j ji  n 2size(O) for 1  i; j  n: For  2 F we write  = ( (1); : : : (s) ; Re( (s+1) ); : : :; Re( (m) ); Im( (s+1) ); : : :; Im( (m) ))T : If is the matrix (!1; : : :; !n) 2 IRnn, then we obtain by Cramer's rule and Hadamard's inequality that k ?1k1  24n2 2size(O) ; where k
k1 denotes the maximum absolute value of all entries in a matrix. Thus, we have j (x1; : : :; xn)T j1 = j ?1 j1  nk ?1 k1 H()  n 24n2 2size(O) H() :

ut

Corollary15. For  2O n f0g we have ?
sizes ()  n log (n) + 4n + size(O) + log (H()) ; ?
?
sizec ()  5n n + n log (
j N() j) + size(O) 3 + log (log (
H())) : Lemma 16. There exists a polynomial p 2 ZZ[x; y; z] such that for every algebraic number eld F and every multiplication table of its maximal order O there exists a system of fundamental units  ; : : :; r of O with ?
sizec (i ) < p n; log (
); size(O) : Proof. By [28], there is a system of fundamental unitsp ; : : :; r of O such that for 1  i; j  r we have j ln ji jj j < 2(5 log (
))n?
. Since N(i ) = 1, the assertion is an immediate consequence of Corollary 15. ut Lemma 17. For every principal (integral) ideal A in O there exists a pgenerator  2 O of A such that j log H() j  log (j N(A) j) + 2n (5 log (
))n?
: 2

2

2

2

2

2

2

2

1

2

2

2

2

1

1

2

2

1

Proof. Let be a generator of A. Let 1; : : :; r be a system of fundamental P

units of O. We set T =Pfr ri=1 xi Log i j xi 2 IR; 0  xi < 1 for 1  i  rg : Then there is a vector ` = i=1 yi Log i 2 LF ; where yi 2 ZZ for 1  i  r, such that `0 = LogQ r ? ` 2 T. Thus we have j`0 j2  r maxfjLogij2 j 1  i  rg: If we set  = = i=1 yi ; then  is a generator of A pwith Log  = `0 . Since by [28] we may assume that j ln ji jj j < 2(5 log2 (
))n?1
for 1  i; j  r , we have i

p j ln jji j  2r(5 log2 (
))n?1
:

From Lemma 3 we obtain ln





jjm = ln j N(A) j ?

r X i=1







p

ln jji  log2 j N(A) j + 2r2(5 log2(
))n?1
:

ut

Corollary 18. There exists a xed polynomial q 2 ZZ[x; y; z] such that for every algebraic number eld F and every multiplication table of its maximal order O and every principal ideal A of O there is a generator  of A with sizec()  q(n; log (
); size(O); log (N(A))) : 2

2

6 Principal Ideal Testing In this section we consider the following problem: Given an algebraic number eld

F and an ideal A of the maximal order O is there a short proof of the principality of A? We rst look at the set PRI of all pairs (F ; A), where F is an algebraic number eld, and A is a principal ideal in the maximal order O. Remember that

as mentioned in Sect. 2 we may assume that every nondeterministic polynomial time algorithm knows O on input F . Theorem 19. The set PRI belongs to NP . Proof. Let (F ; A) 2 PRI, where F is a number eld of degree n. By Lemma 18

there exists a generator  of the ideal A such that sizec () is bounded by a polynomial in log2(
) and the input size, i.e. the sizes of F , O and A. By Proposition 12 there is a polynomial time algorithm, which given the compact Q representation kj=1 (j =dj )2 ? of  (cf. Sect. 4) computes O. Thus a nondeterministic polynomial time algorithm, that accepts PRI, only has to guess the compact representation of , to compute O and to compare this ideal with A. ut k

j

To prove our second main result we need Proposition20. Given O, 1; : : :; i 2 O and ideals B1 ; : : :; Bi of O, i 2 ZZ>0 , there is a polynomial time algorithm that decides whether Bj = (1= j )(Bj ?1 )2 for 1  j  i.

Lemma 21. Let O be the maximal order of F , let A be an ideal of O and let x = 2i, i 2 ZZ> . Then there exist ; ; : : :; i 2 O with 0

0

1

sizes ( j ) = (2 + log2(
))O(1) + log2 (
)size(O) and ideals B1 ; : : :; Bi of O with

p

size(Bj )  (n2 + 1) log2(
) for 1  j  i such that Bj = (1= j )(Bj ?1 )2 and Ax  Bi . Proof. Let B0 = (1= 0 )A and Bj = (1= j )(Bj ?1 )2, j  1, where 0 is a mini-

mum of A and j is a minimum of (Bj ?1)2 with

p





Log 0 ; Log j 2 x 2 IRr j j x j1  (log
)=2 : Thus, B = Bi is reduced and Ax  B. As in the proof of Lemma 9 we can show that H( j ) 
3(m+1)=4 . Thus, by Corollary 15 we obtain sizes ( j ) = (2 + log2 (
))O(1) + log2 (
)size(O) : Since each Bj is reduced, from Corollary 8 it follows that

p

size(Bj )  (n2 + 1) log2(
) :

ut

Theorem22. The set of all tuples (F ; A ; : : :; A`; x ; : : :; x`) where F is an algebraic number eld and A ; : : :;Q A` are ideals of the maximal order O and x ; : : :; x` 2 ZZ, ` 2 ZZ > , such that `i Axi  O, belongs to NP . 0

0

0

0

0

=0

i

Proof. W.l.o.g. we may assume that xi  0 for 1  i  `. Otherwise, we replace Ai by Ai?1, which can be computed in polynomial time. Let yi = dlog2 (xi)e + 1 P and xi;j 2 f0; 1g; 1  j  yi ; such that xi = yj =0 xi;j 2j . Then i

` Y i=0

Axi = i

yi ` Y Y i=0 j =0

(Axi )2j : i;j

Thus, from Proposition 20 and Lemma 21 it follows that there is a nondeterministic polynomial time algorithm that guesses an ideal B withQsize bounded by a polynomial in the size of the input tuple and tests whether `i=0 Axi  B. Hence, the assertion follows from Theorem 19. ut i

7 Multiples of the Class Number Theorem 23. Assume the GRH. Then the set of all pairs (F ; H), where F is an algebraic number eld and H is a multiple of hF , belongs to NP . Proof. Let F be a number eld of degree n and let F = fP ; : : :; PjF j g be the set of all prime ideals of the maximalorder O with norm not exceeding 12(log
) +1. By means of the methods presented in [9] and [29] the set F can be computed in time polynomially bounded by size(F ), size(O) and log (
). 1

We also set

2

2

(



A =  2 F n f0g O = QjF j

jF j Y i=1

)

Pie ; ei 2 ZZ ; i

we de ne '0 () = (e1 ; : : :; ejF j ) 2 ZZjF j : and for  2 A with O = If we assume the GRH then by [4] the image L0 = '0 (A) is a jF j-dimensional lattice of determinant hF . Thus a number H is a multiple of hF if and only if there is E = (ei;j ) 2 ZZjF jjF j with det(E) = H satisfying ei i=1 Pi

jF j Y

j =1

Pje  O

(1)

i;j

for each 1  i  jF j. This is true, because the vectors ei = (ei;1 ; : : :; ei;jF j) form a sublattice  of L0 with jL0=j = j det(E)j=hF . W.l.o.g. we may assume that kE k1  det(E). Then size(E) is polynomially bounded by H and a nondeterministic polynomial time algorithm which accepts the above set only has to guess E and to verify condition (1) for 1  i  jF j. By Theorem 22 this can be done in polynomial time. Since the algorithm knows O (see Sect. 2) this proves the theorem. ut

8 Approximations Since we can not compute with real values we sometimes have to work with approximations. For this purpose we give in this section some notations and results concerning the computation of approximations to algebraic numbers given in standard or compact representation. Let q 2 ZZ>0, and let z be a complex number. A number z fqg 2 2?(q+1) ZZ[i] is called an approximation of precision q to z if jz ? z fqgj < 2?q . An approximation of precision q to a vector v 2 Cr or a matrix A 2 Crr is a vector v fqg or a matrix Afqg whose entries are approximations of precision q to the corresponding entries of the original vector or matrix. We use the following technical result that can be deduced from the estimates in [5]: Proposition24. Let A 2 C`` ; ` 2 ZZ>0, and let Afpg be an approximation of precision p 2 ZZ>0 to A. Then we have p j det(A) ? det(Afpg) j  2?p ` 2`?1` +12 kAk`1?1 : `

Proposition25. Let x 2 IR>0 , and let xfqg 2 IR>0 be an approximation of precision q to x, where xfqg > x, q 2 ZZ>0. Let p 2 ZZ>0 and let  2 IR>0 with  > ln(2). If q > ? ln(x) + p then we have j ln(xfqg) ? ln(x) j < 2?p . Lemma 26. There is a polynomial time algorithm that given a number eld F , Q the maximal order O of F , the compact representation kj (j =dj ) ? of an element  2 O and an integer 2p, where p 2 ZZ> , computes an approximation 2k

=1

j

0

of precision p to Log.

Proof. If we set q0 = p + 2k + 2, then k

X ?
(Log )fq0 g + 2k?j (Log j )fq0 g ? (Log dj )fq0 g

j =1

is an approximation of precision p to Log . Thus, the algorithm rst computes upper bounds j of H(j ) and an upper bound  of H( ). Then it determines for 1  i  n approximations of precision 2(dlog2 (j )e + ln(2)q0 ) to j(i) respectively of precision 2(dlog2 ()e + ln(2)q0 ) to (i) . These steps can be performed in polynomial time (cf. [7] or [17]). Therefore, from Proposition 25 and [26] the assertion follows. ut

Theorem27. There is a polynomial time algorithm that given O, the compact representations of r independent units  ; : : :; r of O and a number 2q , q 2 ZZ> 1

0

computes an approximation of precision q to a multiple of RF . Pr

i=1 Log i ZZ is a sublattice of the lattice LF . Therefore the determinant of the matrix REG = (Log 1 ; : : :; Log r ) is a multiple of RF . We describe an algorithm that approximates that determinant. First, the algorithm determines an approximation of precision 1 to the matrix REG and computes the bound  = dkREGf1gk1e + 1  kREGk1 : Then it computes an approximation REGfpg of precision p = (n(log2() + n + 2) + q + 1 to REG. Since n > r we obtain from Proposition 24 that j det(REG) ? det(REGfpg) j < 2?q . Finally, the algorithm computes the determinant of REGfqg. According to Lemma 26, the algorithm only needs polynomial time. ut

Proof. The lattice

9 An Approximation of hF RF Theorem28. Assume the GRH. Then there is a polynomial time algorithm that given an algebraic number eld F and the number w of roots of unity in F computes a number  2 IR> such that (6=5)hF RF    (15=8)hF RF . 0

Proof. By [12] the product hF RF Qcan be expressed by meansp of the analytic

class number formula hF RF = CF p2P E(p), where CF = 2w(2
) , P is the set of rational primes and E(p) is the Euler factor belonging to p. Since s and t can be determined in polynomial time from the generating polynomial f of F , we s

t

Q

only have to describe a method for computing an approximation of p2P E(p). For Q this purpose let L be the normal closure of F . We choose Q 2 ZZ>0 and split p2P E(p) = F(Q)T(Q), where F(Q) = and

Y

p2P;pQ

T(Q) =

Y

E(p)

p2P;p>Q

E(p)

p rami ed in L Y

p2P;p>Q

E(p):

p unrami ed in L

Then we have hF RF = CF F(Q)T(Q). From [12] (cf. inequality (3.4) and Thep orem 3.1) we obtain that j log(T(Q)) j  (c3 log(
))= Q, where c3 = nO(1) . Therefore, if we set Q = (c3 log(
)= log(5=4))2 and  = (3=2)CF F(Q); then (6=5)hF RF    (15=8)hF RF . By the methods of [12] the value E(p) can be computed in time polynomially bounded by size(F ), size(O) and p for every p  Q. Hence, there is a polynomial time algorithm that computes . ut

10 Proof of the Main Results Theorem 29. Assume the GRH. Then the set H of all pairs (F ; hF ) belongs to NP . Proof. We describe a nondeterministic algorithm that accepts the set H. We

know that there is a nondeterministic polynomial time algorithm which guesses on input of F the representation of the maximal order O of F and veri es it. There also exists a nondeterministic polynomial time algorithm that guesses the compact representations of r elements 1; : : :; r such that sizec (i ) satis es the bounds of Lemma 16 for 1  i  r. By Corollary 13, the algorithm can test in polynomial time, if the i are units of O. Finally, we note that there is a nondeterministic algorithm which guesses a number w  n(n + 1)=2 and w elements of F and tests if they are roots of unity. Since the height of that elements is 1 this can be done in polynomial time, too. The algorithm that accepts the set H starts the above algorithms. After that initialization, it computes by the method described in the proof of Theorem 27 an approximation R of precision 10 to the absolut value of the determinant of the matrix REG = (Log 1 ; : : :; Log r ). From [30] we know that RF > 0:05 . Thus, the units i are independent if and only if R2?10. If the units are not independent our algorithm begins an endless loop. Otherwise, R is an approximation of precision 10 to a multiple of RF . Using the algorithm of Theorem 28 it computes an approximation  of hF RF such that (6=5)hF RF <  < (15=8)hF RF . Then the algorithm veri es according to Theorem 23 that H is a multiple of the class number hF . Obviously, H = hF if and only if HR  . ut

References 1. J. Buchmann, On the Computation of Units and Class Numbers by a Generalization of Lagrange's Algorithm, Journal of Number Theory, Vol. 26, No. 1 (1987) 8-30 2. J. Buchmann, On the Period Length of the Generalized Lagrange Algorithm, Journal of Number Theory, Vol. 26, No. 1 (1987) 31-37 3. J. Buchmann, Zur Komplexitat der Berechnung von Einheiten und Klassenzahlen algebraischer Zahlkorper, Habiliationsschrift, Dusseldorf (1987) 4. J. Buchmann, A subexponentional algorithm for the determination of class group and regulator of algebraic number elds, Seminaire de Theorie des Nombres, Paris 1988-1989, Birkhauser Verlag (1990) 5. J. Buchmann, Reducing lattice bases by means of approximations, in preparation. 6. J. Buchmann, Number Theoretic Algorithms, Algebraic Number Theory, Lecture Notes, Saarbrucken, WS 88/89. 7. J. Buchmann, Algorithms in algebraic number theory, Manuscript (1992) 8. J. Buchmann, H. W. Lenstra, Jr., Approximating rings of integers in number elds, in preparation. 9. J. Buchmann, H. W. Lenstra, Jr., Computing maximal orders and decomposing primes in number elds, in preparation. 10. J. Buchmann, H. C. Williams, On Principal Ideal testing in Algebraic Number Fields, Journal of Symbolic Computation, Vol. 4, No. 1 (1987) 11-19 11. J. Buchmann, H. C. Williams, On the existence of a short proof for the value of the class number and regulator of a real quadratic eld, NATO Advanced Science Institutes Series C, Vol. 256, Kluwer, Dordrecht (1989) 327-345 12. J. Buchmann, H. C. Williams, On the Computation of the Class Number of an Algebraic Number Field, Math. Comp., v. 53 (1989) 679-688 13. J. Buchmann, H. C. Williams, Some Remarks Concerning the Complexity of Computing Class Groups of Quadratic Fields, Journal of Complexity 7, (1991) 311-315 14. J. Buchmann, Oliver van Sprang, On short representations of orders and number elds, Manuscript (1992) 15. J. Buchmann, H. C. Williams, C. Thiel, Short representation of quadratic integers, to appear in Proceedings of CANT 1992. 16. H. Cohen, A Course in Computational algebraic number theory, Springer Verlag (1993) 17. G. Ge, Algorithms Related to Multiplicative Representations of Algebraic Numbers, PhD. Thesis, University of California at Berkeley (1993) 18. S. Lang, Algebraic number theory, Springer-Verlag,New York (1986) 19. H. W. Lenstra, Jr., Algorithms in algebraic number theory, Bulletin (New Series) of The American Mathematical Society 26 no. 4 (1992) 211-244 20. A. K. Lenstra, H. W. Lenstra Jr., L. Lovasz, Factoring polynomials with rational coecients, Math. Ann. 261 (1982) 515-534 21. K. S. McCurley, Cryptographic key distribution and computation in class groups, NATO Advanced Science Institutes Series C, Vol. 256, Kluwer, Dordrecht (1989) 459-479 22. W. Narkiewiecz, Elementary and Analytic Theory of Algebraic Numbers, Polish Scienti c Publishers, Warszawa (1974) 70 23. J. Neukirch, Algebraische Zahlentheorie, Springer Verlag, Berlin (1992) 24. H. R. Lewis, C. H. Papadimitriou, Elements of the theory of computation, Prentice-Hall (1981)

25. A. Schonhage, Factorization of Univariate Integer Polynomials by Diophantine Approximation and an Improved Basis Reduction Algorithm, ICALP (1984) 26. A. Schonhage, Numerik analytischer Funktionen und Komplexitat, Jber. d. Dt. Math. Verein 92 (1990) 27. A. Schrijver, Theory of linear and integer programming, Wiley&Sons Ltd., Chichester (1987) 45-51 28. C. L. Siegel, Gesammelte Abhandlungen IV, Berlin, New York, Heidelberg (1979) 66-81 29. D. Weber, Ein Algorithmus zur Zerlegung von Primzahlen in Primideale, Universitat des Saarlandes, Masterthesis (1993) 30. R. Zimmert, Ideale kleiner Norm in Idealklassen und eine Regulatorabschatzung, Invent. math. 62 (1981) 367-380

This article was processed using the LaTEX macro package with LLNCS style