perm filename V2L.IN[TEX,DEK] blob
sn#359278 filedate 1977-05-28 generic text, type C, neo UTF8
COMMENT ⊗ VALID 00021 PAGES
C REC PAGE DESCRIPTION
C00001 00001
C00003 00002 folio 518 galley 1
C00018 00003 folio 520 galley 2
C00032 00004 folio 522 galley 3
C00046 00005 folio 524 galley 4
C00055 00006 folio 526 galley 5
C00074 00007 folio 528 galley 6
C00088 00008 folio 530 galley 7
C00107 00009 folio 535 galley 8
C00134 00010 folio 539 galley 9 WARNING: much of this tape unreadable!
C00138 00011 folio 541 galley 10
C00155 00012 folio 543 galley 11
C00168 00013 folio 545 galley 12
C00188 00014 folio 550 galley 13
C00209 00015 folio 558 galley 14
C00231 00016 folio 568 galley 15
C00245 00017 folio 570 galley 16
C00263 00018 folio 574 galley 17 WARNING: Much of this tape unreadable!
C00275 00019 folio 579 galley 18
C00292 00020 folio 584 galley 19
C00308 00021 folio 587 galley 20
C00323 ENDMK
C⊗;
�folio 518 galley 1
0 {U0}{H10L12M29}58320#Computer Programming!(A.-W./Knuth)!ch.
2 4!f. 518!g. 1|'{A12}|∨E|∨X|∨E|∨R|∨C|∨I|∨S|∨E|∨S|'
6 {A12}{H9L11M29}|9|1|≡1|≡.|9|4[|*/|↔O|↔c|\]|9If
7 we are doing polynomial arithmetic modulo 10,
14 what is |ε7x|4α+↓|42 |πminus |εx|g2|4α+↓|43?
19 |πWhat is |ε6x|g2|4α+↓|4x|4α+↓|43 |πtimes |ε5x|g2|4α+↓|42?|'
24 {A3}|9|1|≡2|≡.|9|4[|*/|↔O|↔p|\]|9|πTrue or false:
27 (a) The product of monic polynomials is monic.
35 (b) The product of polynomials of respective
42 degrees |εm |πand |εn |πhas degree |εm|4α+↓|4n.
49 |π(c) The sum of two polynomials of degree |εn
58 |πis of degree |εn.|'{A3}|9|1|≡3|≡.|9|4[M|*/|↔P|↔c|\]|9|πIf
63 each of the coe∃cients |εu|βr,|4.|4.|4.|4,|4u|β0,|4v|βs,|4.|
67 4.|4.|4,|4v|β0 |πin (4) is an integer satisfying
74 the conditions |¬G|εu|βi|¬G|4|¬E|4m|β1,|4|¬Gv|βj|¬G|4|¬E|4m|
76 β2, |πwhat is the maximum absolute value of the
85 product coe∃cients |εw|βk?|'{A3}|9|1|≡4|≡.|9|4[|*/|↔P|↔O|\]|9
88 |πCan the multiplication of polynomials modulo
94 2 be facilitated by using the ordinary arithmetic
102 operations on a binary computer, if coe∃cients
109 are packed into computer words?|'{A3}|ε|9|1|≡5|≡.|9|4[M|*/|↔P
114 |↔O|\]|9|πShow how to multiply two polynomials
120 of degree |¬E|εn, |πmodulo 2, with an execution
128 time proportional to |εO(n|π|gl|gg|1|1|g3), when
133 |εn |πis large, by adapting the Karatsuba<Ofman
140 method described in Section 4.3.3.|'{A18}{H10L12M29}|∨4|∨.|∨
145 6|∨.|∨1|∨.|9|∨D|∨i|∨v|∨i|∨s|∨i|∨o|∨n|9|∨o|∨f|9|∨P|∨o|∨l|∨y|∨
145 n|∨o|∨m|∨i|∨a|∨l|∨s|'{A6}It is possible to divide
151 one polynomial by another in essentially the
158 same way that we divide one multiple-precision
165 integer by another, when arithmetic is being
172 done on polynomials over a ``_eld.'' A _eld |εS
181 |πis a commutative ring with identity, in which
189 exact division is possible as well as the operations
198 of addition, subtraction, and multiplication;
203 thus means as usual that whenever |εu |πand |εv
212 |πare elements of |εS |πand |εv|4|=|↔6α=↓|40,
218 |πthere is an element |εw |πin |εS |πsuch that
227 |εu|4α=↓|4vw. |πThe most important _elds of coe∃cients
234 which arise in applications are|'{A6}{I1.5H}|4|1|1|1a)|9the
240 rational numbers (represented as fractions, see
246 Section 4.5.1);|'|4|1|1b)|9the real or complex
252 numbers (represented within a computer by means
259 of ⊗oating-point approximations; see Section
264 4.2);|'|9c)|9the integers modulo |εp |πwhere
270 |εp |πis prime (a division algorithm suitable
277 for large values of |εp |πappears in exercise
285 4.5.2<15);|'|4|1|1d)|9``rational functions''
288 over a _eld (namely, quotients of two polynomials
296 whose coe∃cients are in that _eld, the denominator
304 being monic).|'{A6}{IC}Of special importance
309 is the _eld of integers modulo 2, when the two
319 values 0 and 1 are the only elements of the _eld.
330 Polynomials over this _eld (namely polynomials
336 modulo 2) have many analogies to integers expressed
344 in binary notation; and rational functions over
351 this _eld have striking analogies to rational
358 numbers whose numerator and denominator are represented
365 in binary notation.|'|π!|4|4|4|4Given two polynomials
371 |εu(x) |πand |εv(x) |πover a _eld, with |εv(x)|4|=|↔6α=↓|40,
378 |πwe can divide |εu(x) |πby |εv(x) |πto obtain
387 a quotient polynomial |εq(x) |πand a remainder
394 polynomial |εr(x) |πsatisfying the conditions|'
399 {A6}|εu(x)|4α=↓|4q(x)|4|¬O|4v(x)|4α+↓|4r(x),!!|πdeg|ε(r)|4|¬
399 W|4|πdeg|ε(v).|J!(1)|;[It is easy to see that
406 there is at most one pair of polynomials |ε{H12}({H10}q(x),
415 r(x){H12}) {H10}|πsatisfying these relations;
419 for if (1) holds for both |ε{H12}({H10}q|β1(x),
426 r|β1(x){H12}) {H10}|πand |ε{H12}({H10}q|β2(x),
429 r|β2(x){H12}) {H10}|πand the same polynomials
434 |εu(x), v(x), |πthen |εq|β1(x)v(x)|4α+↓|4r|β1(x)|4α=↓|4q|β2(
437 x)v(x)|4α+↓|4r|β2(x), |πso {H12}({H10}|εq|β1(x)|4α_↓|4q|β2(x
439 ){H12}){H10}v(x)|4α=↓|4r|β2(x)|4α_↓|4r|β1(x).
440 |πNow if |εq|β1(x)|4α_↓|4q|β2(x) |πis nonzero,
445 then deg{H12}({H10}(|εq|β1|4α_↓|4q|β2)|4|¬O|4v{H12})|4{H10}α
446 =↓|4|πdeg|ε(q|β1|4α_↓|4q|β2)|4α+↓|4|πdeg|ε(v)|4|¬R|4|πdeg|ε(
446 v)|4|¬Q|4|πdeg|ε(r|β2|4α_↓|4r|β1), |πa contradiction;
449 hence |εq|β1(x)|4α_↓|4q|β2(x)|4α=↓|40 |πand |εr|β1(x)|4α=↓|4
452 0.]|'|π!|4|4|4|4The following algorithm, which
457 is essentially the same as Algorithm 4.3.1D for
465 multiple-precision division but without any concerns
471 of carries, may be used to determine |εq(x) |πand
480 |εr(x):|'{A12}|π|≡A|≡l|≡g|≡o|≡r|≡i|≡t|≡h|≡m |≡D|≡.|9|4(|εDiv
482 ision of polynomials over a ⊂eld). |πGiven polynomials|'
490 {A6}|εu(x)|4α=↓|4u|βmx|gm|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4u|β1
490 x|4α+↓|4u|β0,!!v(x)|4α=↓|4v|βnx|gn|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1
490 α+↓|4v|β1x|4α+↓|4v|β0|;{A6}|πover a _eld |εS,
495 |πwhere |εv|βn|4|=|↔6α=↓|40 |πand |εm|4|¬R|4n|4|¬R|40,
499 |πthis algorithm _nds the polynomials|'{A6}|εq(x)|4α=↓|4q|βm
504 |βα_↓|βnx|gm|gα_↓|gn|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4q|β0,!!r(
504 x)|4α=↓|4r|βn|βα_↓|β1x|gn|gα_↓|g1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α
504 +↓|4r|β0|;{A6}|πover |εS |πwhich satisfy (1).|'
510 {A12}{H10L12M29}{I1.8H}|≡D|≡1|≡.|9[Iterate on
512 |εk.] |πDo step D2 for |εk|4α=↓|4m|4α_↓|4n, m|4α_↓|4n|4α_↓|4
518 1,|4.|4.|4.|4,|40; |πthen the algorithm terminates
523 with |ε(r|βn|βα_↓|β1,|4.|4.|4.|4,|4r|β0)|4|¬L|4(u|βn|βα_↓|β1
524 ,|4.|4.|4.|4,|4u|β0).|'|π{A3}|≡D|≡2|≡.|9[Division
526 loop.] Set |εq|βk|4|¬L|4u|βn|βα+↓|βk/v|βn, |πand
530 then set |εu|βj|4|¬L|4u|βj|4α_↓|4q|βkv|βj|βα_↓|βk
533 |πfor |εj|4α=↓|4n|4α+↓|4k|4α_↓|41, n|4α+↓|4k|4α_↓|42,|4.|4.|
535 4.|4,|4k. |π(The latter operation amounts to
541 replacing |εu(x) |πby |εu(x)|4α_↓|4q|βkx|gkv(x),
545 |πa polynomial of degree |→|¬W|εn|4α+↓|4k.)|'
550 {A12}{IC}|π!|4|4|4|4An example of Algorithm D
555 appears below in (5). The number of arithmetic
563 operations is essentially proportional to |εn(m|4α_↓|4n|4α+↓
568 |41). |πFor some reason this procedure has become
576 known as ``synthetic division'' of polynomials.
582 Note that ezplicit division of coe∃cients is
589 only done by |εv|βn; |πif |εv(x) |πis a monic
598 polynomial (with |εv|βn|4α=↓|41), |πthere is
603 no actual division at all. If multiplication
610 is easier to perform than division it will be
619 preferable to compute 1/|εv|βn |πat the beginning
626 of the algorithm and to multiply by this quantity
635 in step D2.|'!|4|4|4|4We shall occasionally write
642 |εu(x)|4|πmod|4|εv(x) |πfor the remainder |εr(x)
647 |πin (1).|'{A12}|≡U|≡n|≡i|≡q|≡u|≡e |≡f|≡a|≡c|≡t|≡o|≡r|≡i|≡z|
650 ≡a|≡t|≡i|≡o|≡n |≡d|≡o|≡m|≡a|≡i|≡n|≡s|≡.|9|4If
652 we restrict consideration to polynomials over
658 a _eld, we are not dealing directly with many
667 important cases, such as polynomials over the
674 integers, or polynomials in several variables.
680 Let us therefore now consider the more general
688 situation that the algebraic system |εS |πof
695 coe∃cients is a |εunique domain, |πnot necessarily
702 a _eld. This means that |εS |πis a commutative
711 ring with identity, and that|'{A12}{I1.1H}|4|1i)|9|εuv|4|=|↔
716 6α=↓|40, |πwhenever |εu |πand |εv |πare nonzero
723 elements of |εS;|'|πii)|9every nonzero element
729 |εu |πof |εS |πis either a ``unit'' or has a
739 ``unique'' representation of the form|'{A6}|ε!|4|1|1u|4α=↓|4
744 p|β1|4.|4.|4.|4p|βt,!!t|4|¬R|41,|J!(2)|;!|4|1|1|πwhere
746 |εp|β1,|4.|4.|4.|4,|4p|βt |πare ``primes.''|'
749 Here a ``unit'' |εu |πis an element such that
758 |εuv|4α=↓|41 |πfor some |εv |πin |εS; |πand a
766 ``prime'' |εp |πis a nonunit element such that
774 the equation |εp|4α=↓|4qr |πcan be true only
781 if either |εq |πor |εr |πis a unit. The representation
791 (2) is to be unique in the sense that if |εp|β1|4.|4.|4.|4p|
801 βt|4α=↓|4q|β1|4.|4.|4.|4q|βs, |πwhere all the
805 |εp'|πs and |εq'|πs are primes, then |εs|4α=↓|4t
812 |πand there is a permutation |ε|≤p|β1,|4.|4.|4.|4,|4|≤p|βt
818 |πsuch that |εp|β1|4α=↓|4a|β1q|β|≤p|m1,|4.|4.|4.|4,|4p|βt|4α
820 =↓|4a|βtq|β|≤p|mt |πfor some units |εa|β1,|4.|4.|4.|4,|4a|βt
824 . |πIn other words, factorization into primes
831 is unique, except for unit multiples and except
839 for the order of the factors.|'!|4|4|4|4Any _eld
847 is a unique factorization domain, in which each
855 nonzero element is a unit and there are no primes.
865 The integers form a unique factorization domain
872 in which the units are |→α+↓1 and |→α_↓1, and
881 the primes are |→|¬N2, |→|¬N3, |→|¬N5, |→|¬N7,
888 etc. The case that |εS |πis the set of all integers
899 is of principal importance, because it is often
907 preferable to work with integer coe∃cients instead
914 of arbitrary rational coe∃cients.|'|H*?{U0}{H10L12M29}58320#C
�folio 520 galley 2
918 omputer Programming!(A.-W./Knuth)!ch. 4!f. 520!g.
922 2|'!|4|4|4|4It is an important fact (see exercise
930 10) that |εthe polynomials over a unique factorization
938 domain form a unique factorization domain. |πA
945 polynomial which is ``prime'' in this domain
952 is usually called asn |εirreducible polynomial.
958 |πBy using the unique factorization theorem repeatedly,
965 we can prove that multivariate polynomials over
972 the integers, or over any _eld, in any number
981 of variables, can be uniquely factored into irreducible
989 polynomials. For example, the multivariate polynomial
995 |ε90x|g3|4α_↓|4120x|g2y|4α+↓|418x|g2yz|4α_↓|424xy|g2z
996 |πover the integers is the product of _ve irreducible
1005 polynomials |ε2|4|¬O|43|4|¬O|4x|4|¬O|4(3x|4α_↓|44y)|4|¬O|4(5
1006 x|4α+↓|4yz). |πThe same polynomial, as a polynomial
1013 over the rationals, is the product of three irreducible
1022 polynomials |ε(6x)|4|¬O|4(3x|4α_↓|44y)|4|¬O|4(5x|4α+↓|4yz);
1024 |πthis factorization can also be written |εx|4|¬O|4(90x|4α_↓
1030 |4120y)|4|¬O|4(x|4α+↓|4|f1|d35|)yz) |πand in
1033 in_nitely many other ways, although the factorization
1040 is essentially unique.|'!|4|4|4|4As usual, we
1046 say that |εu(x) |πis a multiple of |εv(x), |πand
1055 |εv(x) |πis a divisor of |εu(x), |πif |εu(x)|4α=↓|4v(x)q(x)
1063 |πfor some polynomial |εq(x). |πIf we have an
1071 algorithm to tell whether or not |εu |πis a multiple
1081 of |εv |πfor arbitrary elements |εu |πand |εv|4|=|↔6α=↓|40
1089 |πof a unique factorization domain |εS, |πand
1096 to determine |εw |πif |εu|4α=↓|4v|4|¬O|4w, |πthen
1102 Algorithm A gives us a method to tell whether
1111 or not |εu(x) |πfor arbitrary polynomials |εu(x)
1118 |πand |εv(x)|4|=|↔6α=↓|40 |πover |εS. |πFor if
1124 |εu(x) |πis a multiple of |εv(x), |πit is easy
1133 to see that |εu|βn|βα+↓|βk |πmust be a multiple
1141 of |εv|βn |πeach time we get to set D2, hence
1151 the quotient |εu(x)/v(x) |πwill be found. (Applying
1158 this observation repeatedly, we obtain an algorithm
1165 which decides if a given polynomial over |εS,
1173 |πin a!|4|4|4|4A set of elements of a unique
1181 factorization domain is said to be |εrelatively
1188 prπme |πif no prime of that unique factorization
1196 domain divides all of them. A polynomial over
1204 a unique factorization domain is called |εprimitive
1211 |πif its coe∃cients are relatively prime. (This
1218 concept should not be confused with the quite
1226 di=erent idea of ``primitive polynomials modulo
1232 |εp'' |πdiscussed in Section 3.2.2.) The following
1239 fact is of prime importance:|'{A12}|≡L|≡e|≡m|≡m|≡a
1245 |≡G (Gauss's Lemma).|9|4|εThe product of primitive
1251 polynomials over a unique factorization domain
1257 is primitive.|'{A12}Proof.|9|4|πLet |εu(x)|4α=↓|4u|βmx|gm|4α
1260 +↓|1|1|¬O|4|¬O|4|¬O|1|1u|β0 |πand |εv(x)|4α=↓|4v|βnx|gn|4α+↓
1262 |1|1|¬O|4|¬O|4|¬O|1|1α+↓|4v|β0 |πbe primitive
1265 polynomials. If |εp |πis any prime of the domain,
1274 we must show that |εp |πdoes not divide all the
1284 coe∃cients of |εu(x)v(x). |πBy assumption, there
1290 is an index |εj |πsuch that |εu|βj |πis not divisible
1300 by |εp, |πand an index |εk |πsuch that |εv|βk
1309 |πis not divisible by |εp. |πLet |εj |πand |εk
1318 |πbe as small as possible; then the coe∃cient
1326 of |εx|gj|gα+↓|gk |πin |εu(x)v(x) |πis |εu|βjv|βk|4α+↓|4u|βj
1331 |βα+↓|β1v|βk|βα_↓|β1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4u|βj|βα+↓
1331 |βkv|β0|4α+↓|4u|βj|βα_↓|β1v|βk|βα+↓|β1|4α+↓|1|1|¬O|4|¬O|4|¬O
1331 |1|1α+↓|4u|β0v|βk|βα+↓|βj, |πand this is not
1336 a multiple of |εp |π(since its _rst term isn't,
1345 but all of its other terms are).|'{A6}!|4|4|4|4If
1353 a nonzero polynomial |εu(x) |πover |εS |πis not
1361 primitive, we can write |εu(x)|4α=↓|4p|β1|4|¬O|4u|β1(x),
1366 |πwhere |εp|β1 |πis a prime of |εS |πdividing
1374 all the coe∃cients of |εu(x), |πand where |εu|β1(x)
1382 |πis another nonzero polynomial over |εS. |πAll
1389 of the coe∃cients of |εu|β1(x) |πhave one less
1397 prime factor than the corresponding coe∃cients
1403 of |εu(x). |πNow if |εu|β1(x) |πis not primitive,
1411 we can write |εu|β1(x)|4α=↓|4p|β2|4|¬O|4u|β2(x),
1415 |πetc., and this process must ultimately terminate
1422 in a representation |εu(x)|4α=↓|4c|4|¬O|4u|βk(x),
1426 |πwhere |εc |πis an element of |εS |πand |εu|βk(x)
1435 |πis primitive. In fact, we have the following
1443 lemma:|'{A12}|≡L|≡e|≡m|≡m|≡a |≡H|≡.|9|4|εAny
1446 nonzero polynomial u(x) over a unique factorization
1453 domain S can be factored in the form u(x)|4α=↓|4c|4|¬O|4v(x)
1461 , where c is in S and v(x) is primitive. Furthermore,
1472 this representation is unique, in the sense that
1480 if u|4α=↓|4c|β1|4|¬O|4v|β1(x)|4α=↓|4c|β2|4|¬O|4v|β2(x),
1482 then c|β1|4α=↓|4ac|β2 and v|β2(x)|4α=↓|4av|β1(x)
1486 where a is a unit of S.|'{A12}Proof.|9|4|πWe
1494 have shown that such a representation exists,
1501 and so only the uniqueness needs to be proved.
1510 Assume that |εc|β1|4|¬O|4v|β1(x)|4α=↓|4c|β2|4|¬O|4v|β2(x),
1513 |πwhere |εv|β1(x) |πand |εv|β2(x) |πare primitive
1519 and |εc|β1 |πis not a unit multiple of |εc|β2.
1528 |πBy unique factorization there is a prime |εp
1536 |πof |εS |πand an exponent |εk |πsuch that |εp|gk
1545 |πdivides one of |ε|¬Tc|β1,|4c|β2|¬Y |πbut not
1551 the other, say |εp|gk |πdivides |εc|β1 |πbut
1558 not |εc|β2. |πThen |εp|gk |πdivides all of the
1566 coe∃cients of |εc|β2|4|¬O|4v|β2(x), |πso |εp
1571 |πdivides all the coe∃cients of |εv|β2(x), |πcontradicting
1578 the assumption that |εv|β2(x) |πis primitive.
1584 Hence |εc|β1|4α=↓|4ac|β2, |πwhere |εa |πis a
1590 unit; and 0|4α=↓|4|εac|β2|4|¬O|4v|β1(x)|4α_↓|4c|β2|4|¬O|4v|β
1592 2(x)|4α=↓|4c|β2|4|¬O|4(av|β1(x)|4α_↓|4v|β2(x){H12})
1593 {H10}|πimplies that |εav|β1(x)|4α_↓|4v|β2(x)|4α=↓|40.|'
1596 {A12}|π!|4|4|4|4Therefore we may write any nonzero
1602 polynomial |εu(x) |πas|'{A6}|εu(x)|4α=↓|4|πcont(|εu)|4|¬O|4|
1605 πpp{H12}({H10}u(x){H12}){H10},|J!(3)|;{A7}{H10}where
1607 cont|ε(u), |πthe ``content'' of |εu, |πis an
1614 element of |εS, |πand pp{H12}(|ε{H10}u(x){H12}){H10},
1619 |πthe ``primitive part'' of |εu(x), |πis a primitive
1627 polynomial over |εS. |πWhen |εu(x)|4α=↓|40, |πit
1633 is convenient to de_ne cont|ε(u)|4α=↓|4|πpp{H12}({H10}u(x){H
1637 12})|4{H10}α=↓|40. Combining Lemmas G and H gives
1644 us the relations|'{A6}|h|πpp(|εu(x)|4.|4v(x))|4|∂α=↓|4b|4|πp
1647 p|ε(u(x))|4|πpp|ε(v(x)),|E|n|;| |πcont(|εu|4|¬O|4)|4|Lα=↓|4a
1648 |4|πcont|ε(u)|4|πcont|ε(v),>{A4}| |πpp{H12}({H10}|εu(x)|4|¬O
1649 |4v(x))|4|L{H10}α=↓|4b|4|πpp|ε{H12}({H10}u(x){H12})|4{H10}|π
1649 pp{H12}({H10}|εv(x){H12}){H10},|J!(4)>{A6}|πwhere
1651 |εa |πand |εb |πare units, depending on |εu |πand
1660 |εv, |πwith |εab|4α=↓|41. |πWhen we are working
1667 with polynomials over the integers, the only
1674 units are |→α+↓1 and |→α_↓1, and it is conventional
1683 to de_ne pp|ε{H12}({H10}u(x){H12}) {H10}|πso
1687 that its leading coe∃cient is positive; then
1694 (4) is true with |εa|4α=↓|4b|4α=↓|41. |πWhen
1700 working with polynomials over a _eld we may take
1709 cont|ε(u)|4α=↓|4|λ3(u), |πso that pp|ε{H12}({H10}u(x){H12})
1713 {H10}|πis monic; in this case again (4) holds
1721 with |εa|4α=↓|4b|4α=↓|41, |πfor all |εu(x) |πand
1727 |εv(x).|'|π!|4|4|4|4For example, if we are dealing
1734 with polynomials over the integers, let |εu(x)|4α=↓|4|→α_↓26
1740 x|g2|4α+↓|439, v(x)|4α=↓|421x|4α+↓|414. |πThen|'
1743 {A6}|h|πcont|ε(u|4.|4v)|4|∂α=↓|4|→α_↓91,!!|πpp(|εu(x)|4.|4v(
1743 x))|4|∂α=↓|46x|g2|4α+↓|44x|g2|4α_↓|49x|4α_↓|46.|E|n|;
1744 | |πcont|ε(u)|4|Lα=↓|4|→α_↓13,| |πpp|ε{H12}({H10}u(x){H12})1
1744 0}|4|Lα=↓|42x|g2|4α_↓|43,>{A4}| |πcont|ε(v)|4|Lα=↓|47,| |πpp
1745 |ε{H12}({H10}v(x){H12}){H10}|4|Lα=↓|43x|4α+↓|42,>
1746 {A4}| |πcont|ε(u|4|¬O|4v)|4|Lα=↓|4|→α_↓91,| |πpp{H12}({H10}u
1746 (x)|4|¬O|4v(x){H12}){H10}|4|Lα=↓|46x|g3|4α+↓|44x|g2|4α_↓|49x
1746 |4α_↓|46.>|H*?*?*?{U0}{H10L12M29}58320#Computer
�folio 522 galley 3
1748 Programming!(A.-W./Knuth)!ch. 4!f. 522!g. 3|'
1752 {A12}|π|≡G|≡r|≡e|≡a|≡t|≡e|≡s|≡t |≡c|≡o|≡m|≡m|≡o|≡n
1754 |≡d|≡i|≡v|≡i|≡s|≡o|≡r|≡s|≡.|9|4When there is
1757 unique factorization, it makes sense to speak
1764 of a ``greatest common divisor'' of two elements;
1772 this is a common divisor which is divisible by
1781 as many primes as possible. (Cf. Eq. 4.5.2<6.)
1789 Since a unique factorization domain may have
1796 many units, there is a certain amount of ambiguity
1805 in this de_nition of greatest common divisor;
1812 if |εw |πis a greatest common divisor of |εu
1821 |πand |εv, |πso is |εa|4|¬O|4w, |πwhen |εa |πis
1829 a unit. Conversely, the assumption of unique
1836 factorization implies that if |εw|β1 |πand |εw|β2
1843 |πare both greatest common advisors of |εu |πand
1851 |εv, |πthen |εw|β1|4α=↓|4a|4|¬O|4w|β2 |πfor some
1856 unit |εa. |πTherefore it does not make sense,
1864 in general, to speak of ``the'' greatest common
1872 divisor of |εu |πand |εv; |πthere is a set of
1882 greatest common divisors, each one being a unit
1890 multiple of the others.|'!|4|4|4|4Let us now
1897 consider the problem of _nding a greatest common
1905 divisor of two given polynomials over an algebraic
1913 system |εS. |πIf |εS |πis a _eld, the problem
1922 is relatively simple; our division algorithm,
1928 Algorithm D, can be extended to an algorithm
1936 which computes greatest common divisors, just
1942 as Euclid's algorithm (Algorithm 4.5.2A) yields
1948 the greatest common divisor of two given integers
1956 based on a division algorithm for integers: If
1964 |εv(x)|4α=↓|40, |πthen gcd|ε{H12}({H10}u(x),
1967 v(x){H12}){H10}|4α=↓|4u(x); |πotherwise gcd|ε({H10}u(x),|4v(
1969 x){H12}){H10}|4α=↓ |πgcd{H12}({H10}|εv(x),|4r(x){H12}){H10},
1970 |πwhere |εr(x) |πis given by (1). This procedure
1979 is called Euclid's algorithm for polynomials
1985 over a _eld; it was _rst used by Simon Stevin
1995 in 1585 [[*?*?*?*?12}){H10}, |πwhere |εr(x) |πis
2001 given by (1). This procedure is called Euclid's
2009 algorithm for polynomials over a _eld; it was
2017 _rst used by Simon Stevin in 1585 [|εLes |9|1uvres
2026 math|=1ematiques de Simon Stevin, |πed. by A.
2033 Girard, |≡1 (Leyden, 1634), 56].|'!|4|4|4|4For
2039 example, let us determine the gcd of |εx|g8|4α+↓|4x|g6|4α+↓|
2046 410x|g4|4α+↓|410x|g3|4α+↓|48x|g2|4α+↓|42x|4α+↓|48
2047 |πand |ε3x|g6|4α+↓|45x|g4|4α+↓|49x|g2|4α+↓|44x|4α+↓|48,
2049 |πmod 13, by using Euclid's algorithm for polynomials
2057 over the integers modulo 13. First, writing only
2065 the coe∃cients to show the steps of Algorithm
2073 D, we have|'{A6}|h|π8|98|98|98|98|98|98|9)|9|∂0|90|90|90|900
2076 |900|900|90|90|E|n|;|L|L!!!!!!!!9|90|97>{A4}|L3|90|95|90|99|
2078 94|98|9)|91|90|91|90|910|910|9|9|18|92|98>|L|L1|90|96|90|9|9
2079 |13|910|9|9|17>{A6}|L|L!|10|98|90|9|9|17|9|9|10|9|9|11|92|98
2080 >|L|L!!|1|18|90|9|9|19|9|9|10|911|92|94>|L|L!!!|1|1|10|911|9
2082 |9|10|9|9|13|90|94|J!(5)>{A12}and hence|'{A6}|εx|g8|4α+↓|4x|
2085 g6|4α+↓|410x|g4|4α+↓|410x|g3|4α+↓|48x|g2|4α+↓|42x|4α+↓|48|'
2086 {A3}α=↓|4(9x|g2|4α+↓|47)(3x|g6|4α+↓|45x|g4|4α+↓|49x|g2|4α+↓|
2086 44x|4α+↓|48)|4α+↓|411x|g4|4α+↓|43x|g2|4α+↓|44.|?
2087 {A6}|ε3x|g6|4α+↓|45x|g4|4|∂α+↓|49x|g2|4α+↓|44x|4α+↓|48|4|∂α=
2087 ↓|4(5x|g2|4α+↓|45)(11x|g4|4α+↓|43x|g2|4α+↓|44)|4α+↓|44x|4α+↓
2087 |41;|;{A4}| 11x|g4|4|Lα+↓|43x|g2|4α+↓|4|Lα=↓|4(6x|g3|4α+↓|45
2088 x|g2|4α+↓|46x|4α+↓|45)(4x|4α+↓|41)|4α+↓|412;>
2089 {A4}|L| 4x|4α+↓|41|4|Lα=↓|4(9x|4α+↓|412)|4|¬O|412|4α+↓|40.|J
2089 !(6)>{A6}|π(The equality sign here means congruence
2096 modulo 13, since all arithmetic on the coe∃cients
2104 has been done mod 13.) This computation shows
2112 that 12 is a greatest common divisor of the two
2122 original polynomials. Now any nonzero element
2128 of a _eld is a unit of the domain of polynomials
2139 over that _eld, so any nonzero multiple of a
2148 greatest common divisor is also a greatest common
2156 divisor (over a _eld). It is therefore conventional
2164 in this case to divide the result of the algorithm
2174 by its leading coe∃cient, producing a |εmonic
2181 |πpolynomial which is called |εthe |πgreatest
2187 common advisor of the two given polynomials.
2194 The gcd computed in (6) is accordingly taken
2202 to be 1, not 12. The last step in (6) could have
2214 been omitted, for if deg|ε(v)|4α=↓|40, |πthen
2220 gcd|ε{H12}({H10}u(x),|4v(x){H12}){H10}|4α=↓|41,
2221 |πno matter what polynomial is chosen for |εu(x).
2229 |πExercise 4 determines the average running time
2236 for Euclid's algorithm on random polynomials
2242 modulo |εp.|'{A12}|π!|4|4|4|4Let us now turn
2248 to the more general situation in which our polynomials
2257 are given over a unique factorization domain
2264 which is not a _eld. From Eqs. (4) we can deduce
2275 the important relations|'{A6}|h|πpp{H12}({H10}gcd(|εu(x),|4v
2278 (x)){H12}){H10}|4|∂α=↓|4b|4.|4|πgcd{H12}({H10}pp(|εu(x){H12}
2278 ){H10},|4|πpp{H12}({H10}|εv(x)){H12}){H10},|E|n|;
2279 | |πcont{H12}({H10}gcd(|εu,v){H12}){H10}|4|Lα=↓|4a|4|¬O|4|πg
2279 cd{H12}({H10}cont|ε(u),|4|πcont|ε(v){H12}){H10},>
2280 {A4}| |πpp{H12}({H10}gcd|ε(u(x),|4v(x)){H12}){H10}|4|Lα=↓|4b
2280 |4|¬O|4|πgcd{H12}({H10}pp|ε(u(x)),|4|πpp{H12}({H10}|εv(x)){H
2280 12}){H10},|J!(7)>{A6}|πwhere |εa |πand |εb |πare
2286 units. Here gcd{H12}({H10}|εu(x),|4v(x){H12}){H10}
2289 |πdenotes any particular polynomial in |εx |πwhich
2296 is a greatest common divisor of |εu(x) |πand
2304 |εv(x). |πEquations (7) reduce the problem of
2311 _nding greatest common divisors of arbitrary
2317 polynomials to the problem of _nding greatest
2324 common divisors of |εprimitive |πpolynomials.|'
2329 !|4|4|4|4Algorithm D for division of polynomials
2335 over a _eld can be generalized to a pseudo-division
2344 of polynomials over any algebraic system which
2351 is a commutative ring with identity. We can observe
2360 that Algorithm D requires explicit division only
2367 by |ε|λ3(v), |πthe leading coe∃cient of |εv(x),
2374 |πand that step D2 is carried out exactly |εm|4α_↓|4n|4α+↓|4
2382 1 |πtimes; thus if |εu(x) |πand |εv(x) |πstart
2390 with integer coe∃cients, and if we are working
2398 over the rational numbers, then the only denominators
2406 which appear in the coe∃cients of |εq(x) |πand
2414 |εr(x) |πare divisors of |ε|λ3(v)|urmα_↓nα+↓1|)|).
2419 |πThis suggests that we can always _nd polynomials
2427 |εq(x) |πand |εr(x) |πsuch that|'{A6}|ε|λ3(v)|urmα_↓nα+↓1|)|
2432 )u(x)|4α=↓|4q(x)v(x)|4α+↓|4r(x),!!|πdeg|ε(r)|4|¬W|4n,|J!(8)|
2432 ;{A6}|πwhere |εm|4α=↓|4|πdeg|ε(u), n|4α=↓|4|πdeg|ε(v),
2436 |πand |εm|4|¬R|4n, |πfor any polynomials |εu(x)
2442 |πand |εv(x)|4|=|↔6α=↓|40.|'{A12}|π|≡A|≡l|≡g|≡o|≡r|≡i|≡t|≡h|
2444 ≡m |≡R (|εPseudo-division of polynomials).|9|4|πGiven
2449 polynomials|'{A6}|εu(x)|4α=↓|4u|βmx|gm|4α+↓|1|1|¬O|4|¬O|4|¬O
2450 |1|1α+↓|4u|β1x|4α+↓|4u|β0,!!v(x)|4α=↓|4v|βnx|gn|4α+↓|1|1|¬O|
2450 4|¬O|4|¬O|1|1α+↓|4v|β1(x)|4α+↓|4v|β0,|;{A6}|πwhere
2452 |εv|βn|4|=|↔6α=↓|40 |πand |εm|4|¬R|4n|4|¬R|40,
2455 |πthis algorithm _nds polynomials |εq(x)|4α=↓|4q|βm|βα_↓|βnx
2459 |gm|gα_↓|gn|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4q|β0
2460 |πand |εr(x)|4α=↓|4r|βn|βα_↓|β1x|gn|gα_↓|g1|4α+↓|1|1|¬O|4|¬O
2461 |4|¬O|1|1α+↓|4r|β0 |πsatisfying (8).|'{A6}{I1.8H}|≡R|≡1|≡.|9
2464 [Iterate on |εk.] |πDo step R2 for |εk|4α=↓|4m|4α_↓|4n,
2472 m|4α_↓|4n|4α_↓|41,|4.|4.|4.|4,|40; |πthen the
2475 algorithm terminates with |εu|βn|βα_↓|β1|4α=↓|4r|βn|βα_↓|β1,
2478 |4.|4.|4.|4,|4u|β0|4α=↓|4r|β0.|'{A3}|≡R|≡2|≡.|9|π[Multiplica
2479 tion loop.] Set |εq|βk|4|¬L|4u|βn|βα+↓|βkv|urk|)n|),
2483 |πand then set |εu|βj|4|¬L|4v|βnu|βj|4α_↓|4u|βn|βα+↓|βkv|βj|
2486 βα_↓|βk |πfor |εj|4α=↓|4n|4α+↓|4k|4α_↓|41, n|4α+↓|4k|4α_↓|42
2489 ,|4.|4.|4.|4,|40. |π(When |εj|4|¬W|4k |πthis
2493 means that |εu|βj|4|¬L|4v|βnu|βj, |πsince we
2498 treat |εv|βα_↓|β1, v|βα_↓|β2,|4.|4.|4.|4, |πas
2502 zero; these multiplications could have been avoided
2509 if we had started by replacing |εu|βt |πby |εv|urmα_↓nα_↓t|)
2517 n|)u|βt |πfor |ε0|4|¬E|4t|4|¬W|4m|4α_↓|4n.)|'
�folio 524 galley 4
2520 |H*?*?{U0}{H10L12M29}58320#Computer Programming!(A.-W./Knuth)!
2521 ch. 4!f. 524!g. 4|'{A12}!|4|4|4|4An example calculation
2528 appears below in (10); it is easy to prove the
2538 validity of Algorithm R by induction on |εm|4α_↓|4n,
2546 |πsince each execution of step R2 essentially
2553 replaces |εu(x) |πby |ε|λ3(v)u(x)|4α_↓|4|λ3(u)x|gkv(x),
2557 |πwhere |εk|4α=↓|4|πdeg|ε(u)|4α_↓|4|πdeg|ε(v).
2559 |πNote that no division whatever is used in this
2568 algorithm; the coe∃cients of |εq(x) |πand |εr(x)
2575 |πare them selves certain polynomial functions
2581 of the coe∃cients of |εu(x) |πand |εv(x). |πIf
2589 |εv|βn|4α=↓|41, |πthe algorithm is identical
2594 to Algorithm D. If |εu(x) |πand |εv(x) |πare
2602 polynomials over a unique factorization domain,
2608 we can prove as before that the polynomials |εq(x)
2617 |πand |εr(x) |πare unique; therefore another
2623 way to do the pseudo-division over a unique factorizarion
2632 domain is to multiply |εu(x) |πby |εv|urmα_↓nα+↓1|)n|)
2639 |πand apply Algorithm D, knowing that all the
2647 quotients in step D2 will exist.|'!|4|4|4|4Algorithm
2654 R can be extended to a ``generalized Euclidean
2662 algorithm'' for primitive polynomials over a
2668 unique factorization domain, in the following
2674 way: Let |εu(x) |πand |εv(x) |πbe primitive polynomials
2682 with deg|ε(u)|4|¬R|4|πdeg|ε(v), |πand determine
2686 |εr(x) |πsatisfying (8) by means of Algorith
2693 R. Now gcd{H12}({H10}|εu(x),|4v(x){H12}){H10}|4α=↓|4|πgcd{H1
2695 2}({H10}|εv(x),|4r(x){H12}){H10}: |πFor any common
2699 divisor of |εu(x) |πand |εv(x) |πdivides |εv(x)
2706 |πand |εr(x); |πconversely, any common divisor
2712 of |εv(x) |πand |εr(x) |πdivides |ε|λ3v)*?*?*?!|4|4|4|4Algorith
2717 m R can be extended to a ``generalized Euclidean
2726 algorithm'' for primitive polynomials over a
2732 unique factorization domain, in the following
2738 way: Let |εu(x) |πand |εv(x) |πbe primitive polynomials
2746 with deg|ε(u)|4|¬R|4|πdeg|ε(v), |πand determine
2750 |εr(x) |πsatisfying (8) by means of Algorith
2757 R. Now gcd{H12}({H10}|εu(x),|4v(x){H12}){H10}|4α=↓|4|πgcd{H1
2759 2}({H10}|εv(x),|4r(x){H12}){H10}: |πFor any common
2763 divisor of |εu(x) |πand |εv(x) |πdivides |εv(x)
2770 |πand |εr(x); |πconversely, any common divisor
2776 of |εv(x) |πand |εr(x) |πdivides |ε|λ3(v)|urmα_↓nα+↓1|)|)u(x
2781 ), |πand it must be primitive {H12}({H10}since
2788 |εv(x) |πis primitive{H12}){H10} so it divides
2794 |εu(x). |πIf |εr(x)|4α=↓|40, |πwe therefore have
2800 gcd{H12}({H10}|εu(x),|4v(x){H12}){H10}|4α=↓|4v(x);
2801 |πif |εr(x)|4|=|↔6α=↓|40, |πwe have gcd{H12}({H10}|εv(x),|4r
2805 (x){H12}){H10}|4α=↓|4|πgcd{H12}({H10}|εv(x),
2806 |πpp|ε(r(x)){H12}){H10} |πsince |εv(x) |πis primitive,
2811 so the process can be iterated.|'{A12}|≡A|≡l|≡g|≡o|≡r|≡i|≡t|
2817 ≡h|≡m |≡E |ε(Generalized Euclidean algorithm).|9|4|πGiven
2822 nonzero polynomials |εu(x) |πand |εv(x) |πover
2828 a unique factorization domain |εS, |πthis algorithm
2835 calculates a greatest common divisor of |εu(x)
2842 |πand |εv(x). |πWe assume that auxiliary algorithms
2849 exist to calculate greatest common div{A12}|≡A|≡l|≡g|≡o|≡r|≡
2854 i|≡t|≡h|≡m |≡E |ε(Generalized Euclidean algorithm).|9|4|πGiv
2858 en nonzero polynomials |εu(x) |πand |εv(x) |πover
2865 a unique factorization domain |εS, |πthis algorithm
2872 calculates a greatest common divisor of |εu(x)
2879 |πand |εv(x). |πWe assume that auxiliary algorithms
2886 exist to calculate greatest common divisors of
2893 elements of |εS, |πand to divide |εa |πby |εb
2902 |πin |εS |πwhen |εb|4|=|↔6α=↓|40 |πand |εa |πis
2909 a multiple of |εb.|'{A12}{I1.7H}|π|≡E|≡1|≡.|9[Reduce
2914 to primitive.] Set |εd|4|¬L|4|πgcd{H12}({H10}cont|ε(u),
2918 |πcont|ε(v){H12}){H10}, |πusing the assumed algorithm
2923 for calculating greatest common divisors in |εS.
2930 |π(Note that cont|ε(u) |πis a greatest common
2937 divisor of the coe∃cients of |εu(x){H12}){H10}.
2943 |πReplace |εu(x) |πby the polynomial |εu(x)/|πcont|ε(u)|4α=↓
2948 |4|πpp{H12}({H10}u(x){H12}){H10}; similarly,
2950 replace |εv(x) |πby pp{H12}({H10}v(x){H12}){H10}.|'
2954 |≡E|≡2|≡.|9[Pseudo-division.] Calculate |εr(x)
2957 |πusing Algorithm R. {H12}({H10}It is unnecessary
2963 to calculate the quotient polynomial |εq(x).{H12}){H10}
2969 |πIf |εr(x)|4α=↓|40, |πgo to E4. If deg|ε(r)|4α=↓|40,
2976 |πreplace |εv(x) |πby the constant polynomial
2982 ``1'' and go to E4.|'{A3}|≡E|≡3|≡.|9[Make remainder
2989 primitive.] Replace |εu(x) |πby v(x) |πand replace
2996 |εv(x) |πby pp{H12}({H10}|εr(x){H12}){H10}. |πGo
3000 back to step E2. (This is the ``Euclidean step,''
3009 analogous to the other instances of Euclid's
3016 algorithm that we have seen.)|'{A3}|≡E|≡4|≡.|9[Attach
3022 the content.] The algorithm terminates, with
3028 |εd|4|¬O|4v(x) |πas the answer.|'{A12}{IC}{H10L12M29}!|4|4|4
3032 |4As an example of Algorithm E, let us calculate
3041 the greatest common divisor of|'{A6}|εu(x)|4|∂α=↓|4x|g8|4α+↓
3046 |4x|g6|4α_↓|43x|g4|4α_↓|43x|g3|4α+↓|48x|g2|4α+↓|42x|4α_↓|45,
�folio 526 galley 5
3046 |;{A4}| v(x)|4|Lα=↓|43x|g6|4α+↓|45x|g4|4α_↓|44x|g2644α*?*?{U0}
3047 {H10L12M29}58320#Computer Programming!ch 4!f.
3050 526!g. 5|'{A12}!|4|4|4|4|πTo improve that algorithm,
3056 we can reduce |εu(x) |πand |εv(x) |πto monic
3064 polynomials at each step, since this removes
3071 ``unit'' factors which make the coe∃cients more
3078 complicated than necessary; this is actually
3084 Algorithm E over the rationals:|'{A12}|∂!!!!!|4|1|1|1|∂!!!!!
3089 !!!!!!!|∂!!|∂!!!!!!!!!!|∂!!!!!|4|1|1|1|∂|E|;|>
3091 |ε|;|4u(x)|;|;|4|4v(x)|;|;>{A3}|>|;1,|40,|41,|40,|4|→α_↓3,|4
3099 |→α_↓3,|48,|42,|4|→α_↓5|?|;1,|40,|4|f5|d33|),|40,|4|→α_↓|f4|
3101 d33|),|4|→α_↓3,|47|?|;>|>|;1,|40,|4|f5|d33|),|40,|4|→α_↓|f4|
3106 d33|),|4|→α_↓3,|47|?|;1,|40,|4|→α_↓|f1|d35|),|40,|4|f3|d35|)
3108 |?|;>|>|;1,|40,|4|→α_↓|f1|d35|),|40,|4|f3|d35|)|?
3114 |?1,|4|f25|d313|),|4|→α_↓|f49|d313|)|?>|>|;1,|4|f25|d313|),|
3119 4|→α_↓|f49|d313|)|?|;1,|4|→α_↓|f6150|d24663|)|?
3122 |;>|>|;1,|4|→α_↓|f6150|d34663|)|?|;1|?(14)|?>
3131 {A12}|π!|4|4|4|4In both (13) and (14) the sequence
3138 of polynomials is essentially the same as (12),
3146 which was obtained by Algorithm E over the integers;
3155 the only di=erence is that the polynomials have
3163 been multiplied by certain rational numbers.
3169 Whether we have |ε5x|g4|4α_↓|4x|g2|4α+↓|43 |πor
3174 |→α_↓|f5|d33|)|εx|g4|4α+↓|4|f1|d39|)x|g2|4α_↓|4|f1|d39|)
3175 |πor |εx|g4|4α_↓|4|f1|d35|)x|g2|4α+↓|4|f3|d35|),
3177 |πthe computations are essentially the same.
3183 But wither algorithm using rational arithmetic
3189 will run noticeably slower than the all-integer
3196 algorithm E, since rational arithmetic requires
3202 many more evaluations of gcd's of integers within
3210 each step. Therefore it is de_nitely preferable
3217 to use the all-integer algorithm instead of rational
3225 arithmetic, when the gcd of polynomials with
3232 integer or rational coe∃cients is desired.|'!|4|4|4|4It
3239 is also instructive to compare the above calculations
3247 with (6) above, where we determined the gcd of
3256 the same polynomials |εu(x) |πand |εv(x) |πmodulo
3263 13 with considerably less labor. Since |ε|λ3(u)
3270 |πand |ε|λ3(v) |πare not multiples of 13, the
3278 fact that gcd{H12}({H10}|εu(x),|4v(x){H12}){H10}|4α=↓|41
3281 |πmodulo 13 is su∃cient to prove that |εu(x)
3289 |πand |εv(x) |πare relatively prime over the
3296 integers (and therefore over the rational numbers);
3303 we will return to this time-saving observation
3310 at the close of Section 4.6.2.|'{A12}|≡C|≡o|≡l|≡l|≡i|≡n|≡s|≡
3316 '|≡s |≡A|≡l|≡g|≡o|≡r|≡i|≡t|≡h|≡m|≡.|9|4An ingenious
3319 algorithm which is generally superior to Algorithm
3326 E, and which gives us further information about
3334 Algorithm E's behavior, has been discovered by
3341 George E. Collins [|εJACM |≡1|≡4 (1967), 128<142].
3348 |πHis algorithm avoids the calculation of primitive
3355 part in step E3, dividing instead by an element
3364 of |εS |πwhich is known to be a factor of |εr(x):|'
3375 {A12}|π|≡A|≡l|≡g|≡o|≡r|≡i|≡t|≡h|≡m |≡C (|εGreatest
3378 common divisor over a unique factorization domain).|9|4|πThi
3384 s algorithm has the same input and output assumptions
3393 as Algorithm E, and has the advantage that fewer
3402 calculations of greatest common divisors of coe∃cients
3409 are needed, although it may have to deal with
3418 larger numbers as a result.|'{A6}{I1.8H}|≡C|≡1|≡.|9[Reduce
3424 to primitive.] As in step E1 of Algorithm E,
3433 set |εd|4|¬L|4|πgcd{H12}({H10}cont|ε(u),|4|πcont|ε(v){H12}){
3434 H10}, |πand replace {H12}({H10}|εu(x),|4v(x){H12}){H10}
3438 |πby {H12}({H10}pp|ε(u(x)),|4|πpp|ε(v(x)){H12}){H10}.
3440 |πAlso set |εa|4|¬L|41.|'{A3}|π|≡C|≡2|≡.|9[Pseudo-division.]
3443 Set |εb|4|¬L|4|λ3(v)|ur|πdeg|ε(u)α_↓|πdeg|ε(v)α+↓1|)|).
3446 |πCalculate |εr(x) |πusing Algorithm R. If |εr(x)|4α=↓|40,
3453 |πgo to C4. If deg|ε(r)|4α=↓|40, |πreplace |εv(x)
3460 |πby the constant polynomial ``1'' and go to
3468 C4.|'{A3}|≡C|≡3|≡.|9[Adjust remainder.] Replace
3472 the polynomial |εu(x) |πby |εv(x), |πand replace
3479 |εv(x) |πby |εr(x)/a. |π(At this point all coe∃cients
3487 of |εr(x) |πare multiples of |εa.) |πAlso set
3495 |εa|4|¬L|4b; |πthen return to C2.|'{A3}|≡C|≡4|≡.|9[Attach
3501 the content.] The algorithm terminates, with
3507 |εd|4|¬O|4|πpp{H12}({H10}|εv(x){H12}){H10} |πas
3509 the answer.|'{IC}{A12}!|4|4|4|4If we apply this
3515 algorithm to the polynomials (9) considered earlier,
3522 the following sequence of results is obtained:|'
3529 {A12}|∂!!|∂!!!!!!!!!!!!|∂!!|∂!!!!!!!!!|9|∂!!|∂!!!|9|∂!!!|9|4
3529 |1|∂|E|;|>|ε|;|4|1u(x)|;|;|4|1v(x)|;|;|9a|;|;
3538 >{A2}|>|;1,|40,|41,|40,|4|→α_↓3,|4|→α_↓3,|48,|42,|4|→α_↓5|?
3542 |;3,|40,|45,|40,|4|→α_↓4,|4|→α_↓9,|421|?|;1|9|4|?
3546 |;>|>|;3,|40,|45,|40,|4|→α_↓4,|4|→α_↓9,|421|?
3551 |;|→α_↓15,|40,|43,|40,|4|→α_↓9|?|;27|9|4|?|;>
3557 |>|;|→α_↓15,|40,|43,|40,|4|→α_↓9|?|;585,|41125,|4|→α_↓2205|?
3562 |;(|→α_↓15)|g3|?|;>|>|;585,|41125,|4|→α_↓2205|?
3569 |;|→α_↓18885150,|424907500|?|;(585)|g3|?(15)|?
3574 >{A12}|πAt the conclusion of the algorithm, |εr(x)/a|4α=↓|45
3581 27933700.|'|π!|4|4|4|4The sequence of polynomials
3586 consists of integral multiples of the polynomials
3593 in the sequence produced by Algorithm E. The
3601 numbers in (15) actually constitute an unusually
3608 bad example of the e∃ciency of Algorithm C, for
3617 reasons explained later; but our example shows
3624 that, in spite of the fact that the polynomials
3633 are not reduced to primitive form, the coe∃cients
3641 are kept to a reasonable size because the reduction
3650 factor |εa |πis large.|'!|4|4|4|4In order to
3657 analyze Algorithm C and to prove that it is valid,
3667 let us call the sequence of polynomials it produces
3676 |εu|β1(x), u|β2(x), u|β3(x),|4.|4.|4.|4, |πwhere
3680 |εu|β1(x)|4α=↓|4|εu(x) |πand |εu|β2(x)|4α=↓|4v(x).
3683 |πLet |εt|β1|4α=↓|40 |πand let |εt|βj|βα+↓|β1|4α=↓|4n|βj|4α_
3687 ↓|4n|βj|βα+↓|β1|4α+↓|41, |πwhere |εn|βj|4α=↓|4|πdeg|ε(u|βj),
3689 j|4|¬R|41. |πThen if |ε|λ3|βj|4α=↓|4|λ3(u|βj),|6|πwe|6have|
3693 '{A6}|ε|λ3|urt|β2|)2|)u|β1(x)|4α=↓|4u|β2(x)q|β1(x)|4α+↓|4|λ3
3694 |urt|β1|)1|)u|β3(x),!!n|β3|4|¬W|4n|β2;|;{A4}|λ3|urt|β3|)3|)u
3695 |β2(x)|4α=↓|4u|β3(x)q|β2(x)|4α+↓|4|λ3|urt|β2|)2|)u|β4(x),!!n
3695 |β4|4|¬W|4n|β3;|J!(16)|;{A4}|λ3|urt|β4|)4|)u|β3(x)|4α=↓|4u|β
3696 4(x)q|β3(x)|4α+↓|4|λ3|urt|β3|)3|)u|β5(x),!!n|β5|4|¬W|4n|β4;|
3696 ;{A6}|πand so on. The process terminates when
3704 |εn|βk|βα+↓|β1|4α=↓|4|πdeg|ε(u|βk|βα+↓|β1)|4|¬E0.
3705 |πWe must show that |εu|β4(x),|4u|β5(x),|4.|4.|4.|4,
3710 |πhave coe∃cients in |εA, |πi.e., that the factor
3718 |ε|λ3|urt|βk|βα+↓|β1|)kα+↓1|) |πintroduced into
3721 the dividend in the |εk|πth step can be divided
3730 from the remainder in the |ε(k|4α+↓|41)|πst step.
3737 The proof is rather involved, and it can be most
3747 easily understood by considering an axemple.|'
3753 {A12}|∨T|∨a|∨b|∨l|∨e|9|∨1|;{A3}{H9L11M29}COEFFICIENTS|9IN|9C
3754 OLLINS'S|9ALGORITHM|;{A6}|∂!!!|∂!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3755 |∂!!!!|∂!!!|4|4|4|∂|E|;|>Row|;|;Multiply|;Replace|;
3761 >|>name|;Row|;by|;by|4row|;>|J#>|∂!!!|∂!!|∂!!|how that |εu|β4(x),|4u|β5(x),|4.|4.|4.|4,
3710 |πhave coe∃cients in |εA, |πi.e., that the factor
3718 |ε|λ3|urt|βk|βα+↓|β1|)kα+↓1|) |πintroduced into
3721 the dividend in the |εk|πth step can be divided
3730 from the remainder in the |ε(k|4α+↓|41)|πst step.
3737 The proof is rather involved, and it can be most
3747 easily understood by considering an axemple.|'
3753 {A12}|∨T|∨a|∨b|∨l|∨e|9|∨1|;{A3}{H9L11M29}COEFFICIENTS|9IN|9C
3754 OLLINS'S|9ALGORITHM|;{A6}|∂!!!|∂!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3755 |∂!!!!|∂!!!|4|4|4|∂|E|;|>Row|;|;Multiply|;Replace|;
3761 >|>name|;Row|;by|;by|4row|;>|J#>|∂!!!|∂!!|∂!!|∂!!|∂!!|∂!!|∂!
3769 !|∂!!|∂!!|∂!!|∂!!|∂!!|∂!!|∂!!|∂!!|∂!!!!|∂!!!|4|4|4|∂|E|;
3770 |>|εA|β5|;|9a|β8|'|9a|β7|'|9a|β6|'|9a|β5|'|9a|β4|'
3777 |9a|β3|'|9a|β2|'|9a|β1|'|9a|β0|'|90|'|90|'|90|'
3784 |90|'|90|'b|=|β6|g3|;C|β5|;>|>A|β4|;|90|'|9a|β8|'
3793 |9a|β7|'|9a|β6|'|9a|β5|'|9a|β4|'|9a|β3|'|9a|β2|'
3799 |9a|β1|'|9a|β0|'|90|'|90|'|90|'|90|'b|=|β6|g3|;
3806 C|β4|;>|>A|β3|;|90|'|90|'|9a|β8|'|9a|β7|'|9a|β6|'
3815 |9a|β5|'|9a|β4|'|9a|β3|'|9a|β2|'|9a|β1|'|9a|β0|'
3821 |90|'|90|"H80|'b|=|β6|g3|;C|β3|;>|>A|β2|;|90|'
3829 |90|'|90|'|9a|β8|'|9a|β7|'|9a|β6|'|9a|β5|'|9a|β4|'
3836 |9a|β3|'|9a|β2|'|9a|β1|'|9a|β0|'|90|'|90|'b|=|β6|g3|;
3843 C|β2|;>|>A|β1|;|90|'|90|'|90|'|90|'|9a|β8|'|9a|β7|'
3853 |9a|β6|'|9a|β5|'|9a|β4|'|9a|β3|'|9a|β2|'|9a|β1|'
3859 |9a|β0|'|90|'b|=|β6|g3|;C|β1|;>|>A|β0|;|90|'|90|'
3868 |90|'|90|'|90|'|9a|β8|'|9a|β7|'|9a|β6|'|9a|β5|'
3875 |9a|β4|'|9a|β3|'|9a|β2|'|9a|β1|'|9a|β0|'b|=|β6|g3|;
3881 C|β0|;>|>B|β7|;|9b|β6|'|9b|β5|'|9b|β4|'|9b|β3|'
3889 |9b|β2|'|9b|β1|'|9b|β0|'|90|'|90|'|90|'|90|'|90|'
3897 |90|'|90|'|;|;>|>B|β6|;|90|'|9b|β6|'|9b|β5|'|9b|β4|'
3908 |9b|β3|'|9b|β2|'|9b|β1|'|9b|β0|'|90|'|90|'|90|'
3915 |90|'|90|'|90|'|;|;>|>B|β5|;|90|'|90|'|9b|β6|'
3926 |9b|β5|'|9b|β4|'|9b|β3|'|9b|β2|'|9b|β1|'|9b|β0|'
3932 |90|'|90|'|90|'|90|'|90|'|;|;>|>B|β4|;|90|'|90|'
3944 |90|'|9b|β6|'|9b|β5|'|9b|β4|'|9b|β3|'|9b|β2|'
3950 |9b|β1|'|9b|β0|'|90|'|90|'|90|'|90|'|;|;>|>B|β3|;
3961 |90|'|90|'|90|'|90|'|9b|β6|'|9b|β5|'|9b|β4|'|9b|β3|'
3969 |9b|β2|'|9b|β1|'|9b|β0|'|90|'|90|'|90|'c|=|β4|g3/b|=|β6|g3|;
3976 D|β3|;>|>B|β2|;|90|'|90|'|90|'|90|'|90|'|9b|β6|'
3986 |9b|β5|'|9b|β4|'|9b|β3|'|9b|β2|'|9b|β1|'|9b|β0|'
3992 |90|'|90|'c|=|β4|g3/b|=|β6|g3|;D|β2|;>|>B|β1|;
3999 |90|'|90|'|90|'|90|'|90|'|90|'|9b|β6|'|9b|β5|'
4007 |9b|β4|'|9b|β3|'|9b|β2|'|9b|β1|'|9b|β0|'|90|'
4013 c|=|β4|g3/b|=|β6|g3|;D|β1|;>|>B|β0|;|90|'|90|'
4020 |90|'|90|'|90|'|90|'|90|'|9b|β6|'|9b|β5|'|9b|β4|'
4028 |9b|β3|'|9b|β2|'|9b|β1|'|9b|β0|'c|=|β4|g3/b|=|β6|g3|;
4033 D|β0|;>|>C|β5|;|90|'|90|'|90|'|90|'|9c|β4|'|9c|β3|'
4043 |9c|β2|'|9c|β1|'|9c|β0|'|90|'|90|'|90|'|90|'|90|'
4051 |;|;>|>C|β4|;|90|'|90|'|90|'|90|'|90|'|9c|β4|'
4062 |9c|β3|'|9c|β2|'|9c|β1|'|9c|β0|'|90|'|90|'|90|'
4069 |90|'|;|;>|>C|β3|;|90|'|90|'|90|'|90|'|90|'|9c|β4|'
4081 |9c|β3|'|9c|β2|'|9c|β1|'|9c|β0|'|90|'|90|'|90|'
4088 |;|;>|>C|β2|;|90|'|90|'|90|'|90|'|90|'|90|'|90|'
4100 |9c|β4|'|9c|β3|'|9c|β2|'|9c|β1|'|9c|β0|'|;|;>
4108 *?*?*?*?|>C|β1|;|90|'|90|'|90|'|90|'|90|'|90|'|90|'
4117 |90|'|9c|β4|'|9c|β3|'|9c|β2|'|9c|β1|'|9c|β0|'
4123 |90|'d|=|β2|g2/c|=|β4|g3|;E|β1|;>|>C|β0|;|90|'
4130 |90|'|90|'|90|'|90|'|90|'|90|'|90|'|90|'|9c|β4|'
4139 |9c|β3|'|9c|β2|'|9c|β1|'|9c|β0|'d|=|β2|g2/c|=|β4|g3|;
4144 E|β0|;>|>D|β3|;|90|'|90|'|90|'|90|'|90|'|90|'
4154 |90|'|90|'|9d|β2|'|9d|β1|'|9d|β0|'|90|'|90|'|90|'
4162 |;|;>|>D|β2|;|90|'|90|'|90|'|90|'|90|'|90|'|90|'
4174 |90|'|90|'|9d|β2|'|9d|β1|'|9d|β0|'|90|'|90|'|;
4182 |;>|>D|β1|;|90|'|90|'|90|'|90|'|90|'|90|'|90|'
4193 |90|'|90|'|90|'|9d|β2|'|9d|β1|'|9d|β0|'|90|'|;
4201 |;>|>D|β0|;|90|'|90|'|90|'|90|'|90|'|90|'|90|'
4212 |90|'|90|'|90|'|90|'|9d|β2|'|9d|β1|'|9d|β0|'e|=|β2|g2/d|=|β2
4219 |g2|;F|β0|;>|>E|β1|;|90|'|90|'|90|'|90|'|90|'
4229 |90|'|90|'|90|'|90|'|90|'|90|'|9e|β1|'|9e|β0|'
4237 |90|'|;|;>|>E|β0|;|90|'|90|'|90|'|90|'|90|'|90|'
4249 |90|'|90|'|90|'|90|'|90|'|90|'|9e|β1|'|9e|β0|'
4257 |;|;>|>F|β0|;|90|'|90|'|90|'|90|'|90|'|90|'|90|'
4269 |90|'|90|'|90|'|90|'|90|'|90|'|9f|β0|'|;|;>{A12}*?*?*?{U0}{H10L
�folio 528 galley 6
4279 12M29}58320#Computer Programming!(A.-W./Knuth)!ch.
4281 4!f. 528!g. 6|'{A12}|π!|4|4|4|4Suppose, as in
4287 our example (15), that |εn|β1|4α=↓|48, n|β2|4α=↓|46,
4293 n|β3|4α=↓|44, n|β4|4α=↓|42, n|β5|4α=↓|41, n|β6|4α=↓|40,
4297 |πso that |εt|β1|4α=↓|40, t|β2|4α=↓|4t|β3|4α=↓|4t|β4|4α=↓|43
4300 , t|β5|4α=↓|4t|β6|4α=↓|42. |πLet us write |εu|β1(x)|4α=↓|4a|
4305 β8x|g8|4α+↓|4a|β7x|g7|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4a|β0,
4306 u|β2(x)|4α=↓|4b|β6x|g6|4α+↓|4b|β5x|g5|4α+↓|1|1|¬O|4|¬O|4|¬O|
4306 1|1α+↓|4b|β0,|4.|4.|4.|4, u|β5(x)|4α=↓|4e|β1x|4α+↓|4e|β0,
4308 u|β6(x)|4α=↓|4f|β0, |πand consider the array
4313 shown in Table 1. For simplicity, let us assume
4322 that the coe∃cients of the polynomials are integers.
4330 We have |εb|=|β6|g3u|β1(x)|4α=↓|4u|β2(x)q|β1(x)|4α+↓|4u|β3(x
4332 ); |πso if we multiply row |εA|β5 |πby |εb|=|β6|g3
4341 |πand subtract appropriate multiples of rows
4347 |εB|β7, B|β6, |πand |εB|β5 [|πcorresponding to
4353 the coe∃cients of |εq|β1(x)] |πwe will get row
4361 |εC|β5. |πSimilarly, if we multiply row |εA|β4
4368 |πby |εb|=|β6|g3 |πand subtract multiples of
4374 rows |εB|β6, B|β5, |πand |εB|β4, |πwe get row
4382 |εC|β4. |πIn a similar way, we have |εc|=|β4|g3u|β2(x)|4α=↓|
4389 4u|β3(x)q|β2(x)|4α+↓|4b|=|β6|g3u|β4(x); |πso
4391 we can multiply row B|β3 |πby |εc|=|β4|g3, |πsubtract
4399 integer multiples of rows |εC|β5, C|β4, |πand
4406 |εC|β3, |πthen divide by |εb|=|β6|g3 |πto obtain
4413 row |εD|β3.|'|π!|4|4|4|4In order to prove that
4420 |εu|β4(x) |πhas integer coe∃cients, let us consider
4427 the matrix|'{A6}|h|ε|∂A|β2!!|∂!!|∂!!|∂!!|∂!!|∂!!|∂!!|∂!!|∂!!
4429 |∂!!|∂!!|∂!!|∂!!!|∂|E|n|;{A56}(17)|E|?{B56}|>
4432 A|β2|'a|β8|'a|β7|'a|β6|'a|β5|'a|β4|'a|β3|'a|β2|'
4440 a|β1|'a|β0|'0|'0|'|;>{A4}|>A|β1|'0|'a|β8|'a|β7|'
4451 a|β6|'a|β5|'a|β4|'a|β3|'a|β2|'a|β1|'a|β0|'0|'
4459 |;>{A4}|>A|β0|'0|'0|'a|β8|'a|β7|'a|β6|'a|β5|'
4469 a|β4|'a|β3|'a|β2|'a|β1|'a|β0|'|;>{A4}|>B|β4|'
4478 b|β6|'b|β5|'b|β4|'b|β3|'b|β2|'b|β1|'b|β0|'0|'
4486 0|'0|'0|'|9α=↓|4M.|'>{A4}|>B|β3|'0|'b|β6|'b|β5|'
4496 b|β4|'b|β3|'b|β2|'b|β1|'b|β0|'0|'0|'0|'|;>{A4}|>
4507 B|β2|'0|'0|'b|β6|'b|β5|'b|β4|'b|β3|'b|β2|'b|β1|'
4516 b|β0|'0|'0|'|;>{A4}|>B|β1|'0|'0|'0|'b|β6|'b|β5|'
4528 b|β4|'b|β3|'b|β2|'b|β1|'b|β0|'0|'|;>{A4}|>B|β0|'
4538 0|'0|'0|'0|'b|β6|'b|β5|'b|β4|'b|β3|'b|β2|'b|β1|'
4548 b|β0|'|?>{A6}|πThe indicated row operations and
4556 a permutation of rows will transform |εM |πinto|'
4564 {A6}{A56}(18)|E|?{B56}|>|εB|β4|'b|β6|'b|β5|'b|β4|'
4570 b|β3|'b|β2|'b|β1|'b|β0|'0|'0|'0|'0|'|;>{A4}|>
4581 B|β3|'0|'b|β6|'b|β5|'b|β4|'b|β3|'b|β2|'b|β1|'
4589 b|β0|'0|'0|'0|'|;>{A4}|>B|β2|'0|'0|'b|β6|'b|β5|'
4601 b|β4|'b|β3|'b|β2|'b|β1|'b|β0|'0|'0|'|;>{A4}|>
4611 B|β1|'0|'0|'0|'b|β6|'b|β5|'b|β4|'b|β3|'b|β2|'
4620 b|β1|'b|β0|'0|'|9α=↓|4M|¬S.|'>{A4}|>C|β2|'0|'
4628 0|'0|'0|'c|β4|'c|β3|'c|β2|'c|β1|'c|β0|'0|'0|'
4638 |;>{A4}|>C|β10|'0|'0|'0|'0|'c|β4|'c|β3|'c|β2|'
4649 c|β1|'c|β0|'0|'|;>{A4}|>C|β0|'0|'0|'0|'0|'0|'
4661 0|'c|β4|'c|β3|'c|β2|'c|β1|'c|β0|'|;>{A4}|>D|β0|'
4671 0|'0|'0|'0|'0|'0|'0|'0|'d|β2|'d|β1|'d|β0|'|;>
4684 {A6}|πBecause of the way |εM|¬S |πhas been derived
4692 from |εM, |πwe have|'{A6}|εb|=|β6|g3|4|¬O|4b|=|β6|g3|4|¬O|4b
4696 |=|β6|g3|4|¬O|4(c|=|β4|g3/b|=|β6|g3)|4|¬O|4|πdet|4|εM|β0|4α=
4696 ↓|4|¬N|4|πdet|4|εM|ur|↔0|)0|),|J!(19)|;{A6}|πif
4698 |εM|β0 |πand |εM|ur|↔0|)0|) |πrepresent any square
4704 matrices obtained by selecting eight corresponding
4710 columns from |εM |πand |εM|¬S. |πFor example,
4717 let us select the _rst seven columns and the
4726 column containing |εd|β1; |πthen|'{A6}|h|ε|∂b|β6|4.|4b|β6|4.
4730 |4b|β6|4.|4(c|β5/b|β4)|4.|4|πdet!|4|∂!!|∂!!|∂!!|∂!!|∂!!|∂!!|
4730 ∂!!|∂!!|∂|4α=↓|4α=↓|εb|β6|4.|4c|β4|4.|4d|β1.|E|n|;
4731 |>|;a|β8|'a|β7|'a|β6|'a|β5|'a|β4|'a|β3|'a|β2|'
4740 a|β1|'a|β0|'0|'|;>{A4}|>|;0|;a|β8|'a|β7|'a|β6|'
4751 a|β5|'a|β4|'a|β3|'a|β2|'a|β1|'a|β0|'|;>{A4}|>
4760 |;0|'0|'a|β8|'a|β7|'a|β6|'a|β5|'a|β4|'a|β1|'|;
4770 >{A4}|>b|=|β6|g3|4|¬O|4b|=|β6|g3|4|¬O|4b|=|β6|g3|4|¬O|4(c|=|
4772 β4|g3/b|=|β6|g3)|4|¬O|4|πdet|'|εb|β6|'b|β5|'b|β4|'
4776 b|β3|'b|β2|'b|β1|'b|β0|'0|'|4α=↓|4|¬Nb|=|β6|g4|4|¬O|4c|=|β4|
4781 g3|4|¬O|4d|β1.|'>{A4}|>|;0|'b|β6|'b|β5|'b|β4|'
4789 b|β3|'b|β2|'b|β1|'0|'|;>{A4}|>|;0|'0|'b|β6|'b|β5|'
4801 b|β4|'b|β3|'b|β2|'0|'|;>{A4}|>|;0|'0|'0|'b|β6|'
4813 b|β5|'b|β4|'b|β3|'b|β0|'|;>{A4}|>|;0|'0|'0|'0|'
4825 b|β6|'b|β5|'b|β4|'b|β1|'(20)|?>{A6}|πSince |εb|β6c|β4|4|=|↔6
4832 α=↓|40, |πthis proves that |εd|β1 |πis an integer;
4840 in fact, |εd|β1 |πis a multiple of |εb|=|β6|g2.
4848 |πSimilarly, ||εd|β2 |πand |εd|β0 |πare integer
4854 multiples of |εb|=|β6|g2. |πThis accounts for
4860 the fact that the numbers 585, 1125, |→α_↓2205
4868 in (15) are multiples of 9.|'!|4|4|4|4In general,
4876 we can show that |εu|βj|βα+↓|β1(x) |πhas integer
4883 coe∃cients in a similar manner. If we start with
4892 the matrix |εM, |πconsisting of rows |εA|βn|m2|βα_↓|βn|mj
4899 |πthrough |εA|β0 |πand |εB|βn|m1|βα_↓|βn|mj |πthrough
4904 |εB|β0, |πand if we perform the row operations
4912 indicated in Table 1, we will obtain a matrix
4921 |εM|¬S |πconsisting in some order of rows |εB|βn|m1|βα_↓|βn|
4928 mj |πthrough |εB|βn|m3|βα_↓|βn|mj|βα+↓|β1, C|ur|)n|β2α_↓n|βj
4931 |) |πthrough |εC|ur|)n|β4α_↓n|βjα+↓1|),|4.|4.|4.|4,|4F|ur|)n
4933 |βj|βα_↓|β2α_↓n|βj|) |πthrough |εF|β1, G|ur|)n|βj|βα_↓|β1α_↓
4936 n|βj |πthrough |εG|β0, |πand _nally |εH|β0 [|πa
4943 row containing the coe∃cients of |εu|βj|βα+↓|β1(x)].
4949 |πExtracting appropriate columns shows that|'
4954 {A6}|ε!(|λ3|urt|β2|)2|))|urn|β2α_↓n|βjα+↓1|)|)(l|urt|β3|)3|)
4954 /|λ3|urt|β2|)2|))|urn|β3α_↓n|βjα+↓1|)|)|4|¬O|4|¬O|4|¬O|4(|λ3
4954 |urt|βj|)j|)/|λ3|urt|βj|βα_↓|β1|)jα_↓1|))|urn|βjα_↓n|βjα+↓1|
4954 )|)|4|πdet|4|εM|β0|'{A4}α=↓|4|→|¬N|λ3|urn|β1α_↓n|β3|)2|)|λ3|
4955 urn|β2α_↓n|β4|)3|)|4|¬O|4|¬O|4|¬O|4|λ3|λ3|urn|βj|βα_↓|β2α_↓n
4955 |βj|)jα_↓1|)|λ3|urn|βj|βα_↓|β1α_↓n|βjα+↓1|)j|)h|βi,!(21)|?
4956 {A6}|πwhere |εh|βi |πis a given coe∃cient of
4963 |εu|βj|βα+↓|β1(x) |πand |εM|β0 |πis a submatrix
4969 of |εM. |πThus |εevery coe∀cient of u|βj|βα+↓|β1(x)
4976 is a multiple of|'{A6}|λ3|ur(t|β2α_↓1)(t|β3α_↓2)|)2|)|λ3|ur(
4980 t|β3α_↓1)(t|β4α_↓2)|)3|)|4|¬O|4|¬O|4|¬O|4|λ3|ur(t|βj|βα_↓|β1
4980 α_↓1)(t|βjα_↓2)|)jα_↓1|).|Ja(22)|;{A6}|π(This
4982 proof, although stated for the domain of integers,
4990 obviously applies to any unique factorization
4996 domain.)|'!|4|4|4|4The quantity (22) appears
5001 to be an extremely large number which makes the
5010 coe∃cients of |εu|βj|βα+↓|β1(x) |πmuch larger
5015 than they need to be. It would be possible to
5025 requte Algorithm C in an appropriate manner so
5033 that this factor would be eliminated. But actually
5041 |εthe quantity (22) is almost always equal to
5049 unity|*/*3 |\|πThis follows from the fact that
5056 |εt|β3,|4t|β4,|4.|4.|4.|4,|4t|βk |πwill all be
5060 equal to 2, for almost every given pair of polynomials
5070 |εu|β1(x), u|β2(x); |πthe particular polynomials
5075 in example (15) are very exceptional indeed,
5082 since both |εt|β3 |πand |εt|β4 |πare equal to
5090 3. In order to prove this fact, note for example
5100 that we could have chosen the _rst eight columns
5109 of |εM |πand |εM|¬S |πin (17) and (18), and then
5119 we would have found in place of Eq. (19) that
5129 |εu|β4(x) |πhas degree less than 3 if and only
5138 if |εd|β3|4α=↓|40, |πthat is, if and only if|'
5146 {A6}|h|π|∂det|4!|∂!!|∂!!|∂!!|∂!!|∂!!|∂!!|∂!!|∂!!|∂|4α=↓|40.|
5146 ∂|E|n|;{A56}(23)|E|?{B56}|>|;|εa|β8|'a|β7|'a|β6|'
5153 a|β5|'a|β4|'a|β3|'a|β2|'a|β1|'|;>{A4}|>|;0|'a|β8|'
5164 a|β7|'a|β6|'a|β5|'a|β5|'a|β4|'a|β3|'|;>{A4}|>
5173 |;0|'0|'a|β8|'a|β7|'a|β6|'a|β5|'a|β4|'a|β3|'|;
5183 >{A4}|>|πdet|'|εb|β6|'b|β5|'b|β4|'b|β3|'b|β2|'
5191 b|β1|'b|β0|'0|'|4α=↓|40.|'>{A4}|>|;0|'b|β6|'b|β5|'
5201 b|β4|'b|β3|'b|β2|'b|β1|'b|β0|'|;>{A4}|>|;0|'0|'
5212 b|β6|'b|β5|'b|β4|'b|β3|'b|β2|'b|β1|'|;>{A4}|>
5221 |;0|'0|'0|'b|β6|'b|β5|'b|β4|'b|β3|'b|β2|'|;>{A4}|>
5233 |;0|'0|'0|'0|'b|β6|'b|β5|'b|β4|'b|β3|'|;>{A6}|π|Hβ*?*?*?{U0}{H1
�folio 530 galley 7
5244 0L12M29}58320#Computer Programming!(A.-W./Knuth)!ch.
5246 4!f. 530!g. 7|'{A12}In general, deg|ε(u|βj|βα+↓|β1)|4|¬W|4|π
5251 deg|ε(u|βj)|4α_↓|41 |πif and only if a similar
5258 determinant in the coe∃cients of |εu|β1(x) |πand
5265 |εu|β2(x) |πis zero. Since such a determinant
5272 is a nonzero multivariate polynomial in the coe∃cients,
5280 it will be nonzero ``almost always,'' or ``with
5288 probability one.'' (See exercise 16 for a more
5296 precise formulation of this statement; see also
5303 exercise 4.)|'!|4|4|4|4Now is we assume that
5310 |εt|β3|4α=↓|4t|β4|4α=↓|1|1|¬O|4|¬O|4|¬O|1|1α=↓|4t|βk|4α=↓|42
5310 , |πsince this almost always happens, we _nd
5318 from the above argument that each coe∃cient of
5326 |εu|βj|βα+↓|β1(x) |πis given by the value of
5333 a certain determinant in the |εa'|πs and |εb'|πs,
5341 i.e., a determinant whose entries are the coe∃cients
5349 of the original polynomials. A well-known theorem
5356 of Hadamard (see exercise 15) states that|'{A6}|π|¬Gdet|ε(a|
5363 βi|βj)|¬G|4|¬E|4|≥u|uc|)1|¬Ei|¬En|)|4|↔a|↔k|uc|)1|¬Ej|¬En|)|
5363 4a|ur2|)ij|)|↔s|g1|g/|g2;|J!(24)|;{A6}|πtherefore
5365 an upper bound for the maximum coe∃cient appearing
5373 during Algorithm C when |εt|β3|4α=↓|4t|β4|4α=↓|1|1|¬O|4|¬O|4
5377 |¬O|1|1α=↓|4t|βk|4α=↓|42 |πis|'{A6}|εN|gm|gα+↓|gn(m|4α+↓|41)
5379 |gn|g/|g2(n|4α+↓|41)|gm|g/|g2,|J!(25)|;{A6}|πif
5381 all coe∃cients of the given polynomials |εu(x)
5388 |πand |εv(x) |πare bounded by |βN |πin absolute
5396 value. This same upper bound applies to the coe∃cients
5405 of all polynomials |εu(x), v(x) |πcomputed during
5412 the execution of Algorithm E, regardless of the
5420 value of |εt|β3,|4t|β4,|4.|4.|4.|4, |πsince the
5425 polynomials obtained in algorithm E are always
5432 divisors of the polynomials obtained in Algorithm
5439 C, with the factor (22) removed. Therefore a
5447 good strategy might be to start with Algorithm
5455 C but switch to Algorithm E if deg|ε(v)|4α_↓|42
5463 |πin step C2.|'!|4|4|4|4This upper bound on the
5471 coe∃cients is extremely gratifying, because it
5477 is much better than we would ordinarily have
5485 a righto expect. For example, suppose we performed
5493 Algorithm E and Algorithm C with |εno |πcorrection
5501 in step E3 or C3 [so that we just replace |εv(x)
5512 |πby |εr(x)]. |πThis is the simplest gcd algorithm,
5520 and it is one which traditionally appears in
5528 textbooks on algebra (for theoretical purposes,
5534 not intended for practical calculations). If
5540 we suppose that |εt|β2|4α=↓|4t|β3|4α=↓|1|1|¬O|4|¬O|4|¬O|1|1α
5543 =↓|42, |πwe _nd that the coe∃cients of |εu|β3(x)
5551 |πare bounded by |εN|g3, |πthe coe∃cients of
5558 |εu|β4(x) |πare bounded by |εN|g7, |πthose of
5565 |εu|β5(x) |πby |εN|g7,|4.|4.|4.|4, |πwhere the
5570 size of the coe∃cients is |εN|ga|rk, |πfor |εa|βk|4α=↓|42a|β
5577 k|βα_↓|β1|4α+↓|4a|βk|βα_↓|β2. |πThe upper bound
5581 in place of (25) for |εm|4α_↓|4n|4α+↓|41 |πwould
5588 be approximately|'|ε{A6}N|ur0.5(2.414)|gn,|J!(26)|;
5591 {A6}|πand experiments show that the simple algorithm
5598 does in fact have this behavior; the number of
5607 digits in the coe∃cients grows exponentially
5613 at each step*3 In Algorithm E the growth in number
5623 of digits is only slightly more than linear at
5632 most.|'!|4|4|4|4The considerations above can
5637 be used to derive the well-known fact that two
5646 polynomials are relatively prime if and only
5653 if their ``resultant'' is nonzero; the resultant
5660 is a determinant having the form of rows |εA|β5
5669 |πthrough |εA|β0 |πand |εB|β7 |πthrough |εB|β0
5675 |πin Table 1. (This is ``Sylvester's determinant'';
5682 see exercise 12. Further properties of resultants
5689 are discussed in B. L. van der Waerden, |εModern
5698 Algebra, |πtr. by Fred Blum (New York: Ungar,
5706 1949), Sections 27<28.) From the standpoint discussed
5713 above, we would say that the gcd is ``almost
5722 always'' of degree zero, since Sylvester's determinant
5729 is almost never zero. But many calculations of
5737 practical interest would never be undertaken
5743 if there weren't some reasonable chance that
5750 the gcd would be a polynomial of positive degree.|'
5759 !|4|4|4|4We can see exactly what happens during
5766 Algorithms E and C when the gcd is not 1 by considering
5778 |εu(x)|4α=↓|4w(x)u|β1(x), v(x)|4α=↓|4w(x)u|β2(x),
5780 |πwhere |εu|β1(x) |πand |εu|β2(x) |πare relatively
5786 prime and |εw(x) |πis primitive. Then if the
5794 polynomials |εu|β1(x),|4u|β2(x),|4u|β3(x),|4.|4.|4.
5796 |πare obtained when Algorithm E works on |εu(x)|4α=↓|4u|β1(x
5803 ) |πand |εv(x)|4α=↓|4u|β2(x), |πit is easy to
5810 show that the sequence obtained for |εu(x)|4α=↓|4w(x)u|β1(x)
5816 , v(x)|4α=↓|4w(x)u|β2(x) |πis simply |εw(x)u|β1(x),
5821 w(x)u|β2(x), w(x)u|β3(x), w(x)u|β4(x),|4.|4.|4.
5824 |π With Algorithm C the behavior is di=erent;
5832 if the polynomials |εu|β1(x), u|β2(x), u|β3(x),|4.|4.|4.
5838 |πare obtained when Algorithm C is applied to
5846 |εu(x)|4α=↓|4u|β1(x) |πand |εv(x)|4α=↓|4u|β2(x),
5849 |πand if we assume that deg|ε(u|βj|βα+↓|β1)|4α=↓|4|πdeg(|εu|
5854 βj)|4α_↓|41 |π(which is almost always true when
5861 |εj|4|¬Q|41), |πthen the sequence|'{A6}|εw(x)u|β1(x),|4w(x)u
5865 |β2(x),|4|λ9|g2w(x)u|β3(x),|4|λ9|g4w(x)u|β4(x),|4.|4.|4.|4,|
5865 4|λ9|g6w(x)u|β5(x),|4.|4.|4.|;{A3}(27)|?{A6}|πis
5868 obtained when Algorithm C is applied to |εu(x)|4α=↓|4w(x)u|β
5875 1(x) |πand |εv(x)|4α=↓|4w(x)u|β2(x), |πwhere
5879 |ε|λ9|4α=↓|4|λ9(w). |π(See exercise 13.) So Algorithm
5885 E may be superior to Algorithm C when the primitive
5895 part of the greatest common divisor has a large
5904 enough leading coe∃cient.|'!|4|4|4|4Important
5908 alternative ways to calculate polynomial gcd's
5914 over the integers are discussed at the end of
5923 Section 4.6.2. For a general determinant-evaluation
5929 algorithm, which essentially includes Algorithm
5934 C as a special case, see E. H. Bareiss, |εMath.
5944 Comp. |≡2|≡2 (1968), 565<578.|'|π!|4|4|4|4Polynomials
5949 remainder sequences such as those in Algorithm
5956 C and E are not useful merly for _nding greatest
5966 common divisors; another importnat application
5971 is to the enumeration of real roots, for a given
5981 polynomial in a given interval, according to
5988 the famous theorem of J. Sturm [|εM|=1em. pr|=1esentes
5996 par divers savants |≡6 |π(Paris, 1835), 271<318].
6003 Let |εu(x) |πbe a polynomial over the real numbers,
6012 having distinct roots. We shall see in the next
6021 section that this is the same as saying gcd|ε{H12}({H10}u(x)
6029 ,|4u|¬S(x){H12}){H10}|4α=↓|41, |πwhere |εu|¬S(x)
6032 |πis the derivative of |εu(x); |πaccordingly,
6038 there is a polynomial remainder sequence which
6045 proves that |εu(x) |πis relatively prime to |εu|¬S(x).
6053 |πWe set |εu|β0(x)|4α=↓|4u(x), u|β1(x)|4α=↓|4u|¬S(x),
6057 |πand (following Sturm) we negate the sign of
6065 all remainders:|'|h|εc|βku|βk|βα_↓|β1(x)|4|∂α=↓|4u|βk(x)q|βk
6067 (x)|4α_↓|4d|βku|βk|βα+↓|β1(x),|E|n|;{A19}(28)|E|?
6069 {B19}| c|β1u|β0(x)|4|Lα=↓|4u|β1(x)q|β1(x)|4α_↓|4d|β1u|β2(x),
6069 >{A4}| c|β2u|β1|4|Lα=↓|4u|β2(x)q|β2(x)|4α_↓|4d|β2u|β3(x),>
6071 {A10}| c|βku|βk|βα_↓|β1(x)|4|Lα=↓|4u|βk(x)q|βk(x)|4α_↓|4d|βk
6071 u|βk|βα+↓|β1(x),>{A6}|πfor some positive constants
6076 |εc|βj |πand |εd|βj, |πwhere deg(|εu|βk|βα+↓|β1)|4α=↓|40.
6081 |πWe say that the |εvariation V(u,|4a) |πof |εu(x)
6089 |πat |εa |πis the number of changes of sign in
6099 the sequence |εu|β0(a),|4u|β1(a),|4.|4.|4.|4,
6102 u|βk|βα+↓|β1(a), |πnot counting zeros. For example,
6108 if the sequence of signs is 0, α+↓, α_↓, α_↓,
6118 0, α+↓, α+↓, α_↓ we have |εV(u,|4a)|4α=↓|43.
6125 |πSturm's theorem asserts that |εthe number of
6132 roots of u(x) in the interval a|4|¬W|4x|4|¬E|4b
6139 is V(u,|4a)|4α_↓|4V(u,|4b); |πand the proof is
6145 surprisingly short (see exercise 22).|'{A24}|∨E|∨X|∨E|∨R|∨C|
6150 ∨I|∨S|∨E|∨S|'{A12}{H9L11M29}|9|1|≡1|≡.|9[|ε|*/|↔O|↔c|\]
6152 |πCompute the pseudo-quotient |εq(x) |πand pseudo-remainder
6158 |εr(x), |πnamely, the polynomials satisfying
6163 (8), when |εu(x)|4α=↓|4x|g6|4α+↓|4x|g5|4α_↓|4x|g4|4α+↓|42x|g
6165 3|4α+↓|43x|g2|4α_↓|4x|4α+↓|42 |πand |εv(x)|4α=↓|42x|g3|4α+↓|
6167 42x|g2|4α_↓|4x|4α+↓|43, |πover the integers.|'
6171 {A3}|9|1|≡2|≡.|9[|ε|*/|↔O|↔C|\] |πWhat is the
6175 greatest common divisor of |ε3x|g6|4α+↓|4x|g5|4α+↓|44x|g4|4α
6179 +↓|44x|g3|4α+↓|43x|g2|4α+↓|44x|4α+↓|42 |πand
6181 its ``reverse'' |ε2x|g6|4α+↓|44x|g5|4α+↓|43x|g4|4α+↓|44x|g3|
6183 4α+↓|44x|g2|4α+↓|4x|4α+↓|43, |πmodulo 7?|'{A3}|9|1|≡3|≡.|9[|
6186 εM|*/|↔P|↔C|\] |πShow that Euclid's algorithm
6191 for polynomials over a _eld |εS |πcan be extended
6200 to _nd polynomials |εU(x), V(x) |πover |εS |πsuch
6208 that|'{A6}|εu(x)V(x)|4α+↓|4U(x)v(x)|4α=↓|4|πgcd|ε{H11}({H9}u
6209 (x),|4v(x){H11}){H9}.|;{A6}|π(Cf. Algorithm 4.5.2X.)
6213 What are the degrees of the polynomials |εU(x)
6221 |πand |εV(x) |πwhich are computed by this extended
6229 algorithm? Prove that if |εS |πis the _eld of
6238 rational numbers, and if |εu(x)|4α=↓|4x|gm|4α_↓|41
6243 |πand |εv(x)|4α=↓|4x|gn|4α_↓|41, |πthen the extended
6248 algorithm yields polynomials |εU(x) |πand |εV(x)
6254 |πhaving |εinteger |πcoe∃cients. Find |εU(x)
6259 |πand |εV(x) |πwhen |εu(x)|4α=↓|4x|g2|g1|4α_↓|41,
6263 v(x)|4α=↓|4x|g1|g3|4α_↓|41.|'{A3}|9|1|≡4|≡.|9[M|*/|↔L|↔c|\]
6265 |πLet |εp |πbe prime, and suppose that Euclid's
6273 algorithm applied to the polynomials |εu(x) |πand
6280 |εv(x) |πmodulo |εp |πyields a sequence of polynomials
6288 having respective degrees |εm,|4n,|4n|β1,|4.|4.|4.|4,|4n|βt,
6291 |4|→α_↓|¬X, |πwhere |εm|4α=↓|4|πdeg|ε(u), n|4α=↓|4|πdeg|ε(v)
6294 , |πand |εn|βt|4|¬R|40. |πAssume that |εm|4|¬R|4n.
6300 |πIf |εu(x) |πand |εv(x) |πare monic polynomials,
6307 independently and uniformly distributed over
6312 all the |εp|gm|gα+↓|gn |πpairs of monic polynomials
6319 having respective degrees |εm |πand |εn, |πwhat
6326 is the average value of the three quantities
6334 |εt, n|β1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4n|βt,
6336 (n|4α_↓|4n|β1)n|β1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4(n|βt|βα_↓|
6336 β1|4α_↓|4n|βt)n|βt, |πas a function of |εm, n,
6343 |πand |εp? |π(These three quantities are the
6350 fundamental factors in the running time of Euclid's
6358 algorithm applied to polynomials modulo |εp,
6364 |πassuming that division is done by Algorithm
6371 D.) [|εHint|*/: |\|πShow that |εu(x) |πmod |εv(x)
6378 |πis uniformly distributed and independent of
6384 |εv(x).]|'{A3}|9|1|≡5|≡.|9[M|*/|↔P|↔P|\] |πWhat
6387 is the probability that |εu(x) |πand |εv(x) |πare
6395 relatively prime modulo |εp, |πif |εu(x) |πand
6402 |εv(x) |πare independently and uniformly distributed
6408 monic polynomials of degree |εn?|'{A3}|9|1|≡6|≡.|9[M|*/|↔P|↔L
6413 |\] |πWe have seen that Euclid's Algorithm 4.5.2A
6421 for integers can be directly adapted to an algorithm
6430 for the greatest common divisor of polynomials.
6437 Can the ``binary gcd algorithm,'' Algorithm 4.5.2B,
6444 be adapted in an analogous way to an algorithm
6453 which applies to polynomials?|'{A3}|9|1|≡7|≡.|9|ε[M|*/|↔O|↔c|
6457 \] |πWhat are the units in the domain of all
6467 polynomials over a unique factorization domain
6473 |εS?|'{A3}|9|{U0}{H10L12M29}58320#Computer Programming!(A.-W
�folio 535 galley 8
6475 ./Knuth)!ch. 4!f. 535!g. 8|'{A12}{H9L11M29}|9|1|≡9|≡.|9[|εM|
6479 */|↔P|↔C|\] |πLet |εu(x) |πand |εv(x) |πbe primitive
6486 polynomials over a unique factorization domain
6492 |εS. |πProve that |εu(x) |πand |εv(x) |πare relatively
6500 prime if and only if there are polynomials |εU(x)
6509 |πand |εV(x) |πsuch that |εu(x)V(x)|4α+↓|4U(x)v(x)
6514 |πis a polynomial of degree zero. [|εHint|*/:
6521 |\|πExtend Algorithm E, as Algorithm 4.5.2E is
6528 extended in exercise 3.]|'{A3}|≡1|≡0|≡.|9[|εM|*/|↔P|↔l|\]
6533 |πProve that the polynomials over a unique factorization
6541 domain form a unique factorization domain. [|εHint|*/:
6548 |\|πUse the result of exercise 9 to help show
6557 that there is at most one kind of factorization
6566 possible.]|'{A3}|≡1|≡1|≡.|9|ε[M|*/|↔P|↔P|\] |πWhat
6569 row names would have appeared in Table 1 if the
6579 sequence of degrees had been 9, 6, 5, 2, |→α_↓|¬X
6589 instead of 8, 6, 4, 2, 1, 0?|'{{A3}|≡1|≡1|≡.|9|ε[M|*/|↔P|↔P|\
6597 ] |πWhat row names would have appeared in Table
6606 1 if the sequence of degrees had been 9, 6, 5,
6617 2, |→α_↓|¬X instead of 8, 6, 4, 2, 1, 0?|'{A3}|≡1|≡2|≡.|9[|ε
6627 M|*/|↔P|↔M|\] |πLet |εu|β1(x), u|β2(x), u|β3(x),|4.|4.|4.
6632 |πbe a sequence of polynomials obtained by Algorithm
6640 C. ``Sylvester's matrix'' is the square matrix
6647 formed from rows |εA|βn|m2|βα_↓|β1 |πthrough
6652 |εA|β0, B|βn|m1|βα_↓|β1 |πthrough |εB|β0 |π(in
6657 a notation analogous to that of Table 1). Show
6666 that if |εu|β1(x) |πand |εu|β2(x) |πhave a common
6674 factor of positive degree, then the determinant
6681 of Sylvester's matrix is zero; conversely, given
6688 that deg|ε(u|βk)|4α=↓|40 |πfor some |εk, |πshow
6694 that the determinant of Sylvester's matrix is
6701 nonzero by deriving a formula for its absolute
6709 value in terms of |ε|λ9(u|βj) |πand deg(|εu|βj),
6716 1|4|¬E|4j|4|¬E|4k.|'{A3}|≡1|≡3|≡.|9[M|*/|↔P|↔c|\]
6718 |πShow that the leading coe∃cient |ε|λ9 |πof
6725 the primitive part of gcd{H11}({H9}|εu(x),|4v(x){{A3}|≡1|≡3|
6729 ≡.|9[M|*/|↔P|↔c|\] |πShow that the leading coe∃cient
6735 |ε|λ9 |πof the primitive part of gcd{H11}({H9}|εu(x),|4v(x){
6741 H11}){H9} |πenters into Algorithm C's polynomial
6747 sequence as in (27), when |εt|β2|4α=↓|4t|β3|4α=↓|1|1|¬O|4|¬O
6752 |4|¬O|1|1α=↓|4t|βk|4α=↓|42.|'{A3}|≡1|≡4|≡.|9[|εM|*/|↔P|↔m|\]
6754 |πLet |εr(x) |πbe the pseudo-remainder of |εu(x)
6761 |πpseudo-divided by |εv(x). |πIf deg|ε(u)|4|¬R|4|πdeg|ε(v)|4
6765 α+↓|42 |πand deg(|εv)|4|¬R|4|πdeg|ε(v)|4α+↓|42,
6768 |πshow that |εr(x) |πis a multiple of |ε|λ9(v).|'
6776 {A3}|≡1|≡5|≡.|9[M|*/|↔P|↔o|\] |πProve Hadamard's
6779 inequality (24). [|εHint|*/: |\|πConsider the
6784 matrix |εAA|gT.]|'{A3}|≡1|≡6|≡.|9[HM|*/|↔P|↔P|\]
6787 |πLet |εf|1(x|β1,|4.|4.|4.|4,|4x|βn) |πbe a multivariate
6792 polynomial with real coe∃cients not all zero,
6799 and let |εa|βN |πbe the number of solutions to
6808 the equation |εf|1(x|β1,|4.|4.|4.|4,|4x|βn)|4α=↓|40
6811 |πsuch that |¬G|εx|β1|¬G|4|¬E|4N,|4.|4.|4.|4,|4|¬Gx|βn|¬G|4|
6813 ¬E|4N, |πand each |εx|βj |πis an integer. Prove
6821 that|'{A6}lim|ur|)|εN|¬M|¬X|)|4a|βN/(2N|4α+↓|41)|gn|4α=↓|40.
6822 |;{A6}|≡1|≡7|≡.|9[M|*/|↔L|↔P|\] |ε(P. M. Cohn's
6827 algorithm for division of string polynomials.)
6833 |πLet |εA |πbe an ``alphabet,'' i.e., a set of
6842 symbols. A |εstring |≤a |πon |εA |πis a sequence
6851 of |εn|4|¬R|40 |πsymbols, |ε|≤a|4α=↓|4a|β1|4|¬O|4|¬O|4|¬O|4a
6854 |βn, |πwhere each |εa|βj |πis in |εA. |πThe length
6863 of |ε|≤a, |πdenoted by |ε|¬G|≤a|¬G, |πis the
6870 number |εn |πof symbols. A |εstring polynomial
6877 |πon |εA |πis a _nite sum |εU|4α=↓|4|¬K|βk|4r|βk|≤a|βk,
6884 |πwhere each |εr|βk |πis a nonzero rational number
6892 and each |ε|≤a|βk |πis a string on |εA. |πThe
6901 |εdegree |πof |εU, |πdeg(|εU), |πis de_ned to
6908 be |→α_↓|¬X if |εU|4α=↓|40 (|πi.e., if the sum
6916 is empty), and max |ε|¬G|≤a|βk|¬G |πif |εU|4|=|↔6α=↓|40.
6923 |πThe sum and product of string polynomials are
6931 de_ned in an obvious manner, e.g., |ε(|¬K|βj|4r|βj|≤a|βj)(|¬
6937 K|βk|4s|βk|≤b|βk)|4α=↓|4|¬K|βj|β,|βk|4r|βjs|βk|≤a|βj|≤b|βk,
6938 |πwhere the product of two strings is obtained
6946 by simply juxtaposing them. For example, if |εA|4α=↓|4|¬Ta,|
6953 4b|¬Y, U|4α=↓|4ab|4α+↓|4ba|4α_↓|42a|4α_↓|42b,
6955 V|4α=↓|4a|4α+↓|4b|4α_↓|41, |πthen deg|ε(U)|4α=↓|42,|4|πdeg(|
6957 εV)|4α=↓|41, V|g2|4α=↓|4aa|4α+↓|4ab|4α+↓|4ba|4α+↓|4bb|4α_↓|4
6958 2a|4α_↓|42b|4α+↓|41, |πand |εV|g2|4α_↓|4U|4α=↓|4aa|4α+↓|4bb|
6960 4α+↓|41. |πClearly, deg(|εUV)|4α=↓|4|πdeg|ε(U)|4α+↓|4|πdeg(|
6962 εV), |πdeg(|εU|4α+↓|4V)|4|¬E|4|πmax{H11}({H9}deg(|εU),|4|πde
6963 g|ε(V){H11}){H9}, |πwith equality in the latter
6969 formula if deg(|εU)|4|=|↔6α=↓|4|πdeg|ε(V). (|πString
6973 polynomials may be regarded as ordinary multivariate
6980 polynomials over the _eld of rational numbers,
6987 except that the variables are |εnot commutative
6994 |πunder multiplication. In the conventional language
7000 of pure mathematics, the set of string polynomials
7008 with the operations de_ned here is the free associative
7017 algebra generated by |εA |πover the rationals.)|'
7024 {A3}!|4|4|4|4a)|9|1Let |εQ|β1, Q|β2, U, V |πbe
7030 string polynomials with deg(|εU)|4|¬R|4|πdeg|ε(V)
7034 |πand deg(|εQ|β1U|4α_↓|4Q|β2V)|4|¬W|4|πdeg(|εQ|β1U).
7036 |πGive an algorithm to _nd a string polynomial
7044 |εQ |πsuch that deg(|εU|4α_↓|4QV)|4|¬W|4|πdeg(|εU).
7048 |π(Thus if we are given |εU |πand |εV |πsuch
7057 that |εQ|β1U|4α=↓|4Q|β2V|4α+↓|4R |πand deg(|εR)|4|¬W|4|πdeg(
7060 |εQ|β1U), |πfor some |εQ|β1 |πand |εQ|β2, |πthere
7067 is a solution to these conditions with |εQ|β1|4α=↓|41.)|'
7075 |π!|4|4|4|4b)|9Given that |εU |πand |εV |πare
7081 string polynomials with deg|ε(V)|4|¬Q|4|πdeg(|εQ|β1U|4α_↓|4Q
7084 |β2V) |πfor some |εQ|β1 |πand |εQ|β2, |πshow
7091 that the result of (a) can be improved to _nd
7101 a quotient |εQ |πsuch that |εU|4α=↓|4QV|4α+↓|4R,
7107 |πdeg(|εR)|4|¬W|4|πdeg(|εV). (|πThis is the analog
7112 of (1) for string polynomials; part (a) showed
7120 that we can make deg(|εR)|4|¬W|4|πdeg(|εU), |πunder
7126 weaker hypotheses.)|'!|4|4|4|4c)|9|1|1A ``homogeneous''
7130 polynomial is one in which all terms have the
7139 same degree (length). If |εU|β1, U|β2, V|β1,
7146 V|β2 |πare homogeneous string polynomials with
7152 |εU|β1V|β1|4α=↓|4U|β2V|β2 |πand deg(|εV|β1)|4|¬R|4|πdeg(|εV|
7154 β2), |πshow that there is a homogeneous string
7162 polynomial |εU |πsuch that |εU|β2|4α=↓|4U|β1U,
7167 V|β1|4α=↓|4UV|β2.|'|π!|4|4|4|4d)|9Given that
7170 |εU |πand |εV |πare homogeneous string polynomials
7177 with |εUV|4α=↓|4VU, |πprove that there is a homogeneous
7185 string polynomial |εW |πsuch that |εU|4α=↓|4rW|gm,
7191 V|4α=↓|4sW|gn |πfor some integers |εm, n |πand
7198 rational numbers |εr, s. |πGive an algorithm
7205 to compute such a |εW |πhaving the largest possible
7214 degree. (This algorithm is of interest, for example,
7222 when |εU|4α=↓|4|≤a |πand |εV|4α=↓|4|≤b |πare
7227 strings satisfying |ε|≤a|≤b|4α=↓|4|≤b|≤a; |πthen
7231 |εW |πis simply a string |ε|≤g. |πWhen |εU|4α=↓|4x|gm
7239 |πand |εV|4α=↓|4x|gn, |πthe solution of largest
7245 degree is |εW|4α=↓|4x|ur|πgcd(|εm,n)|)|), |πso
7249 this algorithm includes a gcd algorithm for integers
7257 as a special case.)|'{A3}|≡1|≡8|≡.|9[|εM|*/|↔P|↔M|\]
7262 (Euclidean algorithm for string polynomials.)
7267 |πGiven string polynomials |εV|β1, V|β2 |πnot
7273 both zero, which have a ``common left multiple,''
7281 i.e., for which there exist |εU|β1, U|β2, |πnot
7289 both zero, such that |εU|β1V|β1|4α=↓|4U|β2V|β2,
7294 |πthe purpose of this exercise is to _nd an algorithm
7304 to compute their ``greatest common right divisor''
7311 gcrd(|εV|β1,|4V|β2) |πas well as their ``least
7317 common left multiple'' lclm(|εV|β1,|4V|β2). |πThe
7322 latter quantities are de_ned as follows: gcrd(|εV|β1,|4V|β2)
7328 |πis a common right divisor of |εV|β1 |πand
7337 |εVVIβ2222*?*?*?{A3}|≡1|≡8|≡.|9[|εM|*/|↔P|↔M|\] (Euclidean
7339 algorithm for string polynomials.) |πGiven string
7345 polynomials |εV|β1, V|β2 |πnot both zero, which
7352 have a ``common left multiple,'' i.e., for which
7360 there exist |εU|β1, U|β2, |πnot both zero, such
7368 that |εU|β1V|β1|4α=↓|4U|β2V|β2, |πthe purpose
7372 of this exercise is to _nd an algorithm to compute
7382 their ``greatest common right divisor'' gcrd(|εV|β1,|4V|β2)
7388 |πas well as their ``least common left multiple''
7396 lclm(|εV|β1,|4V|β2). |πThe latter quantities
7400 are de_ned as follows: gcrd(|εV|β1,|4V|β2) |πis
7406 a common right divisor of |εV|β1 |πand |εV|β2
7414 |π(that is, |εV|β1|4α=↓|4W|β1|4|πgcrd(|εV|β1,|4V|β2)
7417 |πand |εV|β2|4α=↓|4W|β2|4gcrd(|εV|β1,|4V|β2)
7419 |πfor some |εW|β1, W|β2), |πand any common right
7427 divisor of |εV|β1 |πand |εV|β2 |πis a right divisor
7436 of gcrd(|εV|β1,|4V|β2); |πlclm(|εV|β1,|4V|β2)|4α=↓|4Z|β1V|β1
7438 |4α=↓|4Z|β2V|β2 |πfor some |εZ|β1, Z|β2), |πand
7444 any common left multiple of |εV|β1 |πand |εV|β2
7452 |πis a left multiple of lclm(|εV|β1,|4V|β2).|'
7458 |π!|4|4|4|4For example, let |εU|β1|4α=↓|4abbbab|4α+↓|4abbab|
7461 4α_↓|4bbab|4α+↓|4ab|4α_↓|41, V|β1|4α=↓|4babab|4α+↓|4abab|4α+
7462 ↓|4ab|4α_↓|4b; U|β2|4α=↓|4abb|4α+↓|4ab|4α_↓|4b,
7464 V|β2|4α=↓|4babbabab|4α+↓|4bababab|4α+↓|4babab|4α+↓|4abab|4α_
7464 ↓|4babb|4α_↓|41. |πThen we have |εU|β1V|β1|4α=↓|4U|β2V|β2|4α
7468 =↓|4abbbabbabab|4α+↓|4abbabbabab|4α+↓|4abbbababab|4α+↓|4abba
7468 babab|4α_↓|4bbabbabab|4α+↓|4abbbabab|4α_↓|4bbababab|4α+↓|42a
7468 bbabab|4α_↓|4abbbabb|4α+↓|4ababab|4α_↓|4abbabb|4α_↓|4bbabab|
7468 4α_↓|4babab|4α+↓|4bbabb|4α_↓|4abb|4α_↓|4ab|4α+↓|4b.
7469 |πFor these string polynomials it can be shown
7477 that gcrd(|εV|β1,|4V|β2)|4α=↓|4ab|4α+↓|41, |πand
7480 lclm(|εV|β1,|4V|β2)|4α=↓|4U|β1V|β1.|'|π!|4|4|4|4The
7482 division algorithm of exercise 17 may be restated
7490 thus: If |εV|β1 |πand |εV|β2 |πare string polynomials,
7498 with |εV|β2|4|=|↔6α=↓|40, |πand if |εU|β1|4|=|↔6α=↓|40
7503 |πand |εU|β2 |πsatisfy the equation |εU|β1V|β1|4α=↓|4U|β2V|β
7508 2, |πthen there exist string polynomials |εQ
7515 |πand |εR |πsuch that |εV|β1|4α=↓|4QV|β2|4α+↓|4R,
7520 |πdeg(|εR)|4|¬W|4|πdeg(|εV|β2). Note|*/: |\|πIt
7523 follows readily that |εQ |πand |εR |πare uniquely
7531 determined, they do not depend on |εU|β1 |πand
7539 |εU|β2; |πfurthermore the result is right-left
7545 symmetric in the sense that|'{A6}|εU|β2|4α=↓|4U|β1Q|4α+↓|4R|
7550 ¬S!!|πwhere!!deg(|εR|¬S)|4α=↓|4|πdeg|ε(U|β1)|4α_↓|4|πdeg|ε(V
7550 |β2)|4α+↓|4|πdeg(|εR)|4|¬W|4|πdeg|ε(U|β1)|;{A6}|π!|4|4|4|4Sh
7551 ow that this division algorithm can be extended
7559 to an algorithm which computes lclm(|εV|β1, V|β2)
7566 |πand gcrd(|εV|β1, V|β2), |πand, in fact, it
7573 _nds string polynomials |εZ|β1, Z|β2 |πsuch that
7580 |εZ|β1V|β1|4α+↓|4Z|β2V|β2|4α=↓|4|πgcrd(|εV|β1,|4V|β2).
7581 [Hint|*/: |\|πUse auxiliary variables |εu|β1,
7586 u|β2, v|β1, v|β2, w|β1, w|β2, w|ur|↔0|)1|), w|ur|↔0|)2|),
7593 z|β1, z|β2, z|ur|↔0|)1|), z|ur|↔0|)2|), |πwhose
7598 values are string polynomials; start by setting
7605 |εu|β1|4|¬L|4U|β1, u|β2|4|¬L|4U|β2, v|β1|4|¬L|4V|β1,
7608 v|β2|4|¬L|4V|β2, |πand throughout the algorithm
7613 maintain the conditions|'{A6}|ε|hU|β1w|β1|4α+↓|4U|β2w|β2|4|∂
7616 α=↓|4(|→α_↓1)|gnU|β1,!!|→α_↓w|β2v|β1|4α+↓|4w|β2v|β2|4|∂α=↓|4
7616 (|→α_↓1)|gnV|β2,|E|n|;| U|β1w|β1|4α+↓|4U|β2w|β2|4|Lα=↓|4u|β1
7617 ,| z|β1V|β1|4α+↓|4z|β2V|β2|4|Lα=↓|4v|β1,>{A4}| U|β1w|ur|↔0|)
7618 1|)|4α+↓|4U|β2w|ur|↔0|)2|)|4|Lα=↓|4u|β2,| z|ur|↔0|)1|)V|β1|4
7618 α+↓|4z|ur|↔0|)2|)V|β2|4|Lα=↓|4v|β2,>{A4}| u|β1z|β1|4α_↓|4u|β
7619 2z|ur|↔0|)1|)|4|Lα=↓|4(|→α_↓1)|gnU|β1,| w|β1v|β1|4α_↓|4w|ur|
7619 ↔0|)1|)v|β2|4|Lα=↓|4(|→α_↓1)|gnV|β1,>{A4}| |→α_↓u|β1z|β2|4α+
7620 ↓|4u|β2z|ur|↔0|)2|)|4|Lα=↓|4(|→α_↓1)|gnU|β2,| |∂α_↓w|β2v|β1|
7620 4α+↓|4w|ur|↔0|)2|)v|β2|4|Lα=↓|4(|→α_↓1)|gnV|β2>
7621 {A6}|πat the |εn|πth iteration.]|'{A3}|≡1|≡9|≡.|9|ε[M|*/|↔L|↔
7625 m|\] Common divisors of square matrices.) |πExercise
7632 18 shows that the concept of greatest common
7640 right divisor can be meaningful when multiplication
7647 is not commutative. Prove that any two |εn|4α⊗↓|4n
7655 |πmatrices |εA |πand |εB |πof integers have a
7663 greatest common right matrix divisor |εD. (Suggestion|*/:
7670 |\|πDesign an algorithm whose inputs are |εA
7677 |πand |εB, |πand whose outputs are integer matrices
7685 |εP, Q, X, Y, |πwhere |εA|4α=↓|4PD, B|4α=↓|4QD,
7692 D|4α=↓|4XA|4α+↓|4YB.) |πFind a greatest common
7697 right divisor of (|f1|d53|)|9|f2|d54|)) and (|f4|d52|)|9|f3|
7702 d51|)).|'{A6}|≡2|≡0|≡.|9|ε[M|*/|↔M|↔c|\] |πWhat
7705 can be said about calculation of the greatest
7713 common divisor of polynomials whose coe∃cients
7719 are ⊗oating-point numbers? (Investigate the accuracy
7725 of Euclid's algorithm.)|'{A3}|≡2|≡1|≡.|9[|εM|*/|↔P|↔C|\]
7729 |πAssuming that |εt|β3|4α=↓|4t|β4|4α=↓|1|1|¬O|4|¬O|4|¬O|1|1α
7731 =↓|4t|βk|4α=↓|42 {H11}({H9}see (25){H11}){H9},
7734 prove that the computation time required by Algorithm
7742 C to compute the gcd of two |εn|πth degree polynomials
7752 over the integers is |εO{H11}({H9}n|g4(|πlog|4|εNn)|g2{H11})
7756 {H9}, |πif the coe∃cients of the given polynomials
7764 are bounded by |εN |πin absolute value.|'{A3}{A3}|≡2|≡2|≡.|9
7771 [|εM|*/|↔P|↔L|\] |πProve Sturm's theorem [|εHint|*/:
7776 |\|πSome sign sequence are impossible.]|'{A3}|≡2|≡3|≡.|9[|εM
7781 |*/|↔P|↔P|\] |πProve that if |εu(x) |πin (28)
7788 has deg|ε(u) |πreal roots then deg(|εu|βj|βα+↓|β1)|4α=↓|4|πd
7793 eg|ε(u|βj)|4α_↓|41 |πfor |ε0|4|¬E|4j|4|¬E|4k.|'
7796 {A18}{H10L12M29}|π{J1}α/↓|∨4|∨.|∨6|∨.|∨2|∨.|9|∨F|∨a|∨c|∨t|∨o
7796 |∨r|∨i|∨z|∨a|∨t|∨i|∨o|∨n|9|∨o|∨f|9|∨P|∨o|∨l|∨y|∨n|∨o|∨m|∨i|∨
7796 a|∨l|∨s|'{A6}|≡F|≡a|≡c|≡t|≡o|≡r|≡i|≡n|≡g |≡m|≡o|≡d|≡u|≡l|≡o
7799 |≡p.|9Let us now consider the problem of |εfactoring
7807 |πpolynomials not merely _nding the greatest
7813 common divisor of two or more of them. As in
7823 the case of integer numbers (Sections 4.5.2,
7830 4.5.4), the problem of factoring seems to be
7838 more di∃cult than _nding the greatest common
7845 divisor; but factorization of polynomials modulo
7851 a prime integer |εp |πis not as hard to do as
7862 we might expect. It is much easier to _nd the
7872 factors of an arbitrary polynomial of degree
7879 |εn, |πmodulo 2, than to use any known method
7888 to _nd the factors of an arbitrary |εn-|πbit
7896 binary number. This surprising situation is a
7903 consequence of an important factorization algorithm
7909 discovered in 1967 by Elwyn R. Berlekamp [|εBell
7917 System Technical J. |≡4|≡6 (1967), 1853<1859].|'
7923 !|4|4|4|4Let |εp |πbe a prime number; all arithmetic
7931 on polynomials in the following discussion will
7938 be done modulo |εp. |πSuppose that someone has
7946 given us a polynomial |εu(x), |πwhose coe∃cients
7953 are chosen from the set |¬T0,|41,|4.|4.|4.|4,|4|εp|4α_↓|41|¬
7958 Y; |πwe may assume that |εu(x) |πis monic. Our
7967 goal is to express |εu(x) |πin the form|'{A6}|εu(x)|4α=↓|4p|
7975 β1(x)|ge|r1|4|¬O|4|¬O|4|¬O|4p|βr(x)|ge|rr,|J!(1)|;
7976 {A6}|πwhere |εp|β1(x),|4.|4.|4.|4,|4p|βr(x) |πare
7979 distinct, monic irreducible polynomials.|'!|4|4|4|4As
7984 a _rst step, we can use a standard technique
7993 to determine whether any of |εe|β1,|4.|4.|4.|4,|4e|βr
7999 |πare greater than unity. If|'{A6}|εu(x)|4α=↓|4u|βnx|gn|4α+↓
8004 |1|1|¬O|4|¬O|4|¬O|1|1α+↓|4u|β0|4α=↓|4v(x)|g2w(x),|J!(2)|;
8005 {A6}|πthen its ``derivative'' formed in the usual
8012 way (but modulo |εp) |πis|'{A6}|εu|¬S(x)|4α=↓|4nu|βnx|gn|gα_
8017 ↓|g1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4u|β1|4α=↓|42v(x)v|¬S(x)w(
8017 x)|4α+↓|4v(x)|g2w|¬S(x),|J!(3)|;{A6}|πand this
8020 is a multiple of the squared factor |εv(x). |πTherefore
8029 our _rst step in factoring |εu(x) |πis to form|'
8038 {A6}gcd{H12}({H10}u(x),|4u|¬S(x){H12}){H10}|4α=↓|4d(x).|J!(4
8038 )|;|Hβ*?*?{U0}{H10L12M29}58320#Computer Programming!(A.-W./Knu
�folio 539 galley 9 WARNING: much of this tape unreadable!
8040 th)!ch 4!f. 539!g. 9|'{A12}If |εd(x) |πis equal
8048 to 1, we know that |εu(x) |πis ``squarefree,''
8056 the product of distinct primes |εp|β1(x)|4.|4.|4.|4p|βr(x).
8062 |πIf |εd(x) |πis not equal to 1 and |εd(x)|4|=|↔6α=↓|4u(x),
8071 |πthen |εd(x) |πis a proper factor of |εu(x);
8079 |πso the process can be completed by factoring
8087 |εd(x) |πand |εu(x)/d(x) |πseparately. Finally,
8092 if |εd(x)|4α=↓|4u(x), |πwe must have |εu|¬S(x)|4α=↓|40;
8098 |πhence the coe∃cient |εu|βk |πof |εx|gk |πis
8105 nonzero only when |εk |πis a multiple of |εp.
8114 |πThis means that |εu(x) |πcan be written as
8122 a polynomial of the form |εv(x|gp), |πand in
8130 such a case we have|'{A6}|εu(x)|4α=↓|4v(x|gp)|4α=↓|4{H12}({H
8135 10}v(x){H12}){H10}|gp;|J!(5)|;{A6}|πthe factorization
8138 process can be completed by _nding the irreducible
8146 factors of |εv(x) |πand raising them to the |εp|πth
8155 power.|'!|4|4|4Identity (5) may appear somewhat
8161 strange to the reader, and it is an important
8170 fact which is basic to Berlekamp's algorithm
8177 and which is easily proved: If |εv|β1(x) |πand
8185 |εv|β2(x) |πare any polynomials modulo |εp, |πthen|'
8192 {A6}|h|ε(v|β1(x)|4α|πsince the binomial coe∃cients
8196 (|ε|fp|d51|)),|4.|4.|4.|4,|4(|fp|d5pα_↓1|)) |πare
8198 all multiples of |εp. |πFurthermore if |εa |πis
8206 any integer, |εa|gp|4|"o|4a |π(modulo |εp). |πTherefore
8212 when |εv(x)|4α=↓|4v|βmx|gm|4α+↓|4v|βm|βα_↓|β1x|gm|gα_↓|g1|4α
8213 +↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4v|β0, |πwe _nd that|'
8217 {A6}|h|εv(x)|gp|4|∂α=↓|4v|βmx|gm|gp|4α+↓|4v|βm|βα_↓|β1x|g(|g
8217 m|gα_↓|g1|g)|gp|4α+↓|1|1|4.|4.|4.|1|1α+↓|4v|β0|4α=↓|4v(x|gp)
8217 .|E|n|;| v(x)|gp|4|Lα=↓|4(v|βmx|gm)|gp|4α+↓|4(v|βm|βα_↓|β1x|
8218 gm|gα_↓|g1)|gp|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4(v|β0)|gp>
8219 {A4}|Lα=↓|4v|βmx|gm|gp|4α+↓|4v|βm|βα_↓|β1x|g(|gm|gα_↓|g1|g)|
8219 gp|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4v|β0|4α=↓|4v(x|gp{A6}|πThis
8219 proves (5).|'!|4|4|4|4The above remarks show
8226 that the problem of factoring a polynomial reduces
8234 to the problem of factoring a squarefree polynomial.
�folio 541 galley 10
8242 {U0}{H10L12M29}58320#Computer Programming!(A.-W./Knuth)!ch.
8244 4!f. 541!g. 10|'{A12}In the second place we have
8253 the basic polynomial identity|'{A6}|εx|gp|4α_↓|4x|4|"o|4(x|4
8257 α_↓|40)(x|4α_↓|41)|4|¬O|4|¬O|4|¬O|4{H12}({H10}x|4α_↓|4(p|4α_
8257 ↓|41){H12}){H10}!(|πmodulo|4|εp)|J!(9)|;{A6}|π(see
8259 exercise 6); hence|'{A6}|εv(x)|gp|4α_↓|4v(x)|4α=↓|4{H12}({H1
8262 0}v(x)|4α_↓|40{H12})({H10}v(x)|4α_↓|41{H12}){H10}|4|¬O|4|¬O|
8262 4|¬O|4{H12}({H10}v(x)|4α_↓|4(p|4α_↓|41){H12}){H10}|J!(10)|;
8263 {A6}|πis an identity for any polynomial |εv(x),
8270 |πwhen we are working modulo |εp. |πIf |εv(x)
8278 |πsatis_es (8), it follows that |εu(x) |πdivides
8285 the left-hand side of (10), so every irreducible
8293 factor of |εu(x) |πmust divide one of the |εp
8302 |πrelatively prime factors of the right-hand
8308 side of (10). In other words, |εall |πsolutions
8316 of (8) must have the form (7), for some |εs|β1,|4s|β2,|4.|4.
8325 |4.|4,|4s|βr; there are exactly p|gr solutions
8331 of (8).|'!|4|4|4|4The solutions |εv(x) |πto congruence
8338 (8) therefore provide a key to the factorization
8346 of |εu(x). |πIt may seem harder to _nd all solutions
8356 to (8) than to factor |εu(x) |πin the _rst place,
8366 but in fact this is not true, since the set of
8377 solutions to (8) is closed under addition. Let
8385 deg|ε(u)|4α=↓|4n; |πwe can construct the |εn|4α⊗↓|4n
8391 |πmatrix|'{A6}|h|ε|∂Q|4α=↓!|∂q|βn|βα_↓|β1|β,|β0!|∂q|βn|βα_↓|
8392 β1|β,|β1!|∂.|4.|4.!|∂q|βn|βα_↓|β1|β,|βn|βα_↓|β1!|∂|E|n|;
8393 |>|;q|β0|β,|β0!|;q|β0|β,|β1!|;|¬O|4|¬O|4|¬O!|;
8398 q|β0|β,|βn|βα_↓|β1!|;>{A3}|>Q|4α=↓|'|;|;|;>{A3}|>
8407 |;q|βn|βα_↓|β1|β,|β0|'q|βn|βα_↓|β1|β,|β1|'|¬O|4|¬O|4|¬O|'
8411 q|βn|βα_↓|β1|β,|βn|βα_↓|β1|'>{A6}|πwhere|'{A6}|εx|gp|gk|4|"o
8414 |4q|βk|β,|βn|βα_↓|β1x|gn|gα_↓|g1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+
8414 ↓|4q|βk|β,|β1x|4α+↓|4q|βk|β,|β0!{H12}({H10}|πmodulo|4|εu(x){
8414 H12}){H10}.|J!(12)|;{A6}{H10L12M29}|πThen |εv(x)|4α=↓|4v|βn|
8416 βα_↓|β1x|gn|gα_↓|g1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4v|β1x|4α+↓
8416 |4v|β0 |πis a solution to (8) if and only if|'
8426 {A6}|ε(v|β0,|4v|β1,|4.|4.|4.|4,|4v|βn|βα_↓|β1)Q|4α=↓|4(v|β0,
8426 |4v|β1,|4.|4.|4.|4,|4v|βn|βα_↓|β1).|J!(13)|;{A6}|πFor
8428 the latter equation holds if and only if|'{A6}|εv(x)|4α=↓|4|
8436 ↔k|uc|)j|)|4v|βjx|gj|4α=↓|4|↔k|uc|)j|)|4|↔k|uc|)k|)|4v|βkq|β
8436 k|β,|βjx|gj|4|"o|4|↔k|uc|)k|)|4v|βkx|gp|gk|4α=↓|4v(x|gp
8437 {H12}({H10}|πmodulo|4|εu(x){H12}){H10}.>{A6}|π!|4|4|4|4Berle
8438 kamp's factoring algorithm therefore proceeds
8443 as follows:|'{A3}{I1.8H}|≡B|≡1|≡.|9Ensure that
8447 |εu(x) |πis squarefree; i.e., if gcd{H12}|ε({H10}u(x),|4u|¬S
8452 (x){H12}){H10}|4|=|↔6α=↓|41, |πreduce the problem
8456 of factoring |εu(x), |πas stated earlier in this
8464 section.|'{A3}|≡B|≡2|≡.|9Form the matrix |εQ
8469 |πde_ned by (11) and (12). This can be done in
8479 one of two ways, depending on whether or not
8488 |εp |πis very large, as explained below.|'{A3}|≡B|≡3|≡.|9``T
8495 riangularize'' the matrix |εQ|4α_↓|4I, |πwhere
8500 |εI|4α=↓|4(|≤d|βi|βj) |πis the |εn|4α⊗↓|4n |πidentity
8505 matrix, _nding its rank |εn|4α_↓|4r |πand _nding
8512 linearly independent vectors |εv|g[|g1|g],|4.|4.|4.|4,|4v|g[
8515 |gr|g] |πsuch that |εv|g[|gj|g](Q|4α_↓|4I)|4α=↓|4(0,|40,|4.|
8518 4.|4.|4,|40) |πfor |ε1|4|¬E|4j|4|¬E|4r. |π(The
8522 _rst vector |εv|g[|g1|g] |πmay always be taken
8529 as (1,|40,|4.|4.|4.|4,|40), representing the
8533 trivial solution |εv|g[|g1|g](x)|4α=↓|41 |πto
8537 (8). The ``triangularization'' needed in this
8543 step can be done using appropriate colu¬mnnnn{A3}|≡B|≡3|≡.|9
8549 ``Triangularize'' the matrix |εQ|4α_↓|4I, |πwhere
8554 |εI|4α=↓|4(|≤d|βi|βj) |πis the |εn|4α⊗↓|4n |πidentity
8559 matrix, _nding its rank |εn|4α_↓|4r |πand _nding
8566 linearly independent vectors |εv|g[|g1|g],|4.|4.|4.|4,|4v|g[
8569 |gr|g] |πsuch that |εv|g[|gj|g](Q|4α_↓|4I)|4α=↓|4(0,|40,|4.|
8572 4.|4.|4,|40) |πfor |ε1|4|¬E|4j|4|¬E|4r. |π(The
8576 _rst vector |εv|g[|g1|g] |πmay always be taken
8583 as (1,|40,|4.|4.|4.|4,|40), representing the
8587 trivial solution |εv|g[|g1|g](x)|4α=↓|41 |πto
8591 (8). The ``triangularization'' needed in this
8597 step can be done using appropriate column operations,
8605 as explained in Algorithm N below.) |εAt this
8613 point, r is the number of irreducible factors
8621 of u(x), |πbecause the solutions to (8) are the
8630 |εp|gr |πpolynomials corresponding to the vectors
8636 |εt|β1v|g[|g1|g]|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4t|βrv|g[|gr|g
8636 ] |πfor all choices of integers 0|4|¬E|4|εt|β1,|4.|4.|4.|4,|
8642 4t|βr|4|¬W|4p. |πTherefore if |εr|4α=↓|41 |πwe
8647 know that |εu(x) |πis irreducible, and the procedure
8655 terminates.|'{A3}|≡B|≡4|≡.|9Calculate gcd|ε{H12}({H10}u(x),|
8657 4v|g[|g2|g](x)|4α_↓|4s{H12}) {H10}|πfor 0|4|¬E|4|εs|4|¬W|4p,
8659 |πwhere |εv|g[|g2|g](x) |πis the polynomial
8665 represented by vector |εv|g[|g2|g]. |πThe result
8671 will be a nontrivial factorization of |εu(x),
8678 |πbecause |εv|g[|g2|g](x)|4α_↓|4s |πis nonzero
8682 and has degree less than deg(|εu), |πand by exercise
8691 7 we have|'{A6}|εu(x)|4α=↓|4|≥u|uc|)0|¬Es|¬Wp|)|4|πgcd{H12}(
8694 {H10}|εv(x)|4α_↓|4s,|4u(x){H12}){H10}|J!(14)|;
8695 {A6}!!|πwhenever |εv(x) |πsatis_es (8).|'!!!|4|4|4|4If
8700 the use of |εv|g[|g2|g](x) |πdoes not succeed
8707 in splitting |εu(x) |πinto |εr |πfactors, further
8714 factors can be obtained by calculating gcd{H12}({H10}|εv|g[|
8720 gk|g](x)|4α_↓|4s,|4w(x){H12}){H10} |πfor |ε0|4|¬E|4s|4|¬W|4p
8722 |πand all factors |εw(x) |πfound so far, for
8731 |εk|4α=↓|43,|44,|4.|4.|4.|4,|4|πuntil |εr |πfactors
8734 are obtained. (If we choose |εs|βi|4|=|↔6α=↓|4s|βj
8740 |πin (7), we obtain a solution |εv(x) |πto (8)
8749 which distinguishes |εp|βi(x) |πfrom |εp|βj(x);
8754 |πsome |εv|g[|gk|g](x)|4α_↓|4s |πwill be divisible
8759 by |εp|βi(x) |πand not by |εp|βj(x), |πso this
8767 procedure will eventually _nd all of the factors.)|'
8775 {A12}{IC}!|4|4|4|4As an example of this procedure,
8781 let us now determine the factorization of|'{A6}|εu(x)|4α=↓|4
8788 x|g8|4α+↓|4x|g6|4α+↓|410x|g4|4α+↓|410x|g3|4α+↓|48x|g2|4α+↓|4
8788 2x|4α+↓|48|J!(15)|;{A6}|πmodulo 13. (This polynomial
8793 appears in several of the examples in Section
8801 4.6.1.) A quick calculation using Algorithm 4.6.1E
8808 shows that gcd{H12}({H10}|εu(x),|4u|¬S(x){H12}){H10}|4α=↓|41
8810 ; |πtherefore |εu(x) |πis squarefree, and we
8817 turn to step B2. Step B2 involves calculating
8825 the |εQ |πmatrix, which in this case is an 8|4α⊗↓|48
8835 array. The _rst row of |εQ |πis always (1,|40,|40,|4.|4.|4.|
8843 4,|40), representing the polynomial |εx|g0|4|πmod|4|εu(x)|4α
8847 =↓|41. |πThe second row represents |εx|g1|g3|4|πmod|4|εu(x),
8852 |πand, in general, |εx|gk|4|πmod|4|εu(x) |πmay
8858 readily be determined as follows (for relatively
8865 small values of |εk): |πIf|'|ε{A6}u(x)|4α=↓|4x|gn|4α+↓|4u|βn
8870 |βα_↓|β1x|gn|gα_↓|g1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4u|β1x|4α+
8870 ↓|4u|β0|;{A6}|πand if|'{A6}|εx|gk|4|"o|4a|βk|β,|βn|βα_↓|β1x|
8873 gn|gα_↓|g1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4a|βk|β,|β1x|4α+↓|4a
8873 |βk|β,|β0!{H12}({H10}|πmodulo|4|ε(u(x){H12}){H10},|;
8874 {A6}|πthen|'{A6}x|gk|gα+↓|g1|4|∂|"o|4a|βk|β,|βn|βα_↓|β1x|gn|
8875 4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4a|βk|β,|β1x|g2|4α+↓|4a|βk|β,|β
8875 0x|'{A4}|L|"o|4a|βk|β,|βn|βα_↓|β1(|→α_↓u|βn|βα_↓|β1x|gn|gα_↓
8876 |g1|4α_↓|1|1|¬O|4|¬O|4|¬O|1|1α_↓|4u|β1x|4α_↓|4u|β0)|4α+↓|4a|
8876 βh|β,|βn|βα_↓|β2x|gn|gα_↓|g1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4a
8876 |βk|β,|β0x>{A4}|Lα=↓|4a|βk|βα+↓|β1|β,|βn|βα_↓|β1x|gn|gα_↓|g1
8877 |4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4a|βk|βα+↓|β1|β,|β1x|4α+↓|4a|β
8877 k|βα+↓|β1|β,|β0,|;{A6}|πwhere|'{A6}a|βk|βα+↓|β1|β,|βj|4α=↓|4
8879 a|βk|β,|βj|βα_↓|β1|4α_↓|4a|βk|β,|βn|βα_↓|β1u|βj.|J!(16)|;
8880 {A6}|πIn this formula |εa|βk|β,|βα_↓|β1 |πis
8885 treated as zero, so that |εa|βk|βα+↓|β1|β,|β0|4α=↓|4|→α_↓a|β
8890 k|β,|βn|βα_↓|β1u|β0. |πThe simple ``shift register''
8895 recurrence (16) makes it easy to calculate |εx|g1,
8903 x|g2, x|g3,|4.|4.|4.|4|πmod|4|εu(x). |πInside
8906 a computer, this calculation would of course
8913 be done by keeping a one-dimensional array |ε(a|βn|βα_↓|β1,|
8920 4.|4.|4.|4,|4a|β1,|4a|β0) |πand repeatedly setting
8924 |εt|4|¬L|4a|βn|βα_↓|β1,|4a|βn|βα_↓|β1|4|¬L|4(a|βn|βα_↓|β2|4α
8924 _↓|4tu|βn|βα_↓|β1)|4|πmod|4|εp,|4.|4.|4.|4,|4a|β1|4|¬L|4(a|β
8924 0|4α_↓|4tu|β1)|4|πmod|4|εp,|4a|β0|4|¬L|4(|→α_↓tu|β0)|4|πmod|
8924 4|εp. |π(We have seen similar procedures in connection
8932 with random-number generation; cf. 3.2.2<10.)
8937 For our example polynomial |εu(x) |πin (15),
8944 we obtain the following sequence of coe∃cients
8951 of |εx|gk|4|πmod|4|εu(x), |πusing arithmetic
8955 modulo 13:|'{A6}{H7L8M26.6}|∂!!!!!|∂!!!!!|∂!!!!!|∂!!!!!|∂!!!
8957 !!|∂!!!!!|∂!!!!!|∂!!!!!|4|∂!!!!!|4|∂|E|;|ε|>k|;
8960 a|βk|β,|β7|;a|βk|β,|β6|;a|βk|β,|β5|;a|βk|β,|β4|;
8964 a|βk|β,|β3|;a|βk|β,|β2|;a|βk|β,|β1|;a|βk|β,|β0|;
8968 >{A3}|>|9|10|;|9|10|;|9|10|;|9|10|;|9|10|;|9|10|;
8976 |9|10|;|9|10|;|9|11|;>|>|9|11|;|9|10|;|9|10|;
8984 |9|10|;|9|10|;|9|10|;|9|10|;|9|11|;|9|10|;>|>
8992 |9|12|;|1|90|;|1|90|;|1|90|;|1|90|;|1|90|;|1|91|;
8999 |1|90|;|1|90|;>|>|1|93|;|1|90|;|1|90|;|1|90|;
9007 |1|90|;|1|91|;|1|90|;|1|90|;|1|90|;>|>|9|14|;
9015 |9|10|;|9|10|;|9|10|;|9|11|;|9|10|;|9|10|;|9|10|;
9022 |9|10|;>|>|9|15|;|9|10|;|9|10|;|9|11|;|9|10|;
9030 |9|10|;|9|10|;|9|10|;|9|10|;>|>|9|16|;|9|10|;
9038 |9|11|;|9|10|;|9|10|;|9|10|;|9|10|;|9|10|;|9|10|;
9045 >|>|9|17|;|9|11|;|9|10|;|9|10|;|9|10|;|9|10|;
9053 |9|10|;|9|10|;|9|10|;>|>|9|18|;|9|10|;12|;|9|10|;
9062 |9|13|;|9|13|;|9|15|;11|;|9|15|;>|>|9|19|;12|;
9071 |9|10|;|9|13|;|9|13|;|9|15|;11|;|9|15|;|9|10|;
9078 >|>10|;|9|10|;|9|14|;|9|13|;|9|12|;|9|18|;|9|10|;
9087 |9|12|;|9|18|;>|>11|;|9|14|;|9|13|;|9|12|;|9|18|;
9096 |9|10|;|9|12|;|9|18|;|9|10|;>|>12|;|9|13|;11|;
9105 |9|18|;12|;|9|11|;|9|12|;|9|15|;|9|17|;>|>13|;
9114 11|;|9|15|;12|;10|;11|;|9|17|;|9|11|;|9|12|;>
9123 {A6}{H10L12M29}|πTherefore the second row of
9128 |εQ |πis (2, 1, 7, 11, 10, 12, 5, 11). |πSimilarly
9139 we may determine |εx|g2|g6|4|πmod|4|εu(x),|4.|4.|4.|4,|4x|g9
9142 |g1|4|πmod|4|εu(x), |πand we _nd that|'|H*?*?*?*?{U0}{H10L12M29}
�folio 543 galley 11
9147 58320#Computer Programming!(A.-W./Knuth)!ch.
9149 4!f. 543!g. 11|'{A12}|h|ε|∂Q|4α_↓|4I|4α=↓|4!|∂0!00!00!00!00!
9152 00!00!00!|∂|E|n|;|>|;1|9|1!0!|9|10!|9|10!|9|10!|9|10!|9|10!|
9155 9|10!|;>{A4}|>|;2!|9|11!|9|17!11!10!12!|9|15!11!|;
9160 >{A4}|>|;3!|9|16!|9|14!|9|13!|9|10!|9|14!|9|17!|9|12!|;
9164 >|>{A7}Q|4α=↓!|4|?{B7}4!|9|13!|9|16!|9|15!|9|11!|9|16!|9|12!
9167 |9|13!|;>{A4}|>|;2!11!|9|18!|9|18!|9|13!|9|11!|9|13!11!|;
9172 >{A4}|>|;6!11!|9|18!|9|16!|9|12!|9|17!10!|9|19!|;
9176 >{A4}|>|;5!11!|9|17!10!|9|10!11!|9|17!12!|;>{A4}|>
9182 |;3!|9|13!12!|9|15!|9|10!11!|9|19!12!|;>(17)|?
9186 |>|;0!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10!|;>
9190 {A4}|>|;2!|9|10!|9|17!|9|111!10!12!|9|15!11!|;
9193 >{A4}|>|;3!|9|16!|9|13!|9|13!|9|10!|9|14!|9|17!|9|12|;
9197 >{A4}|>{A7}Q|4α_↓|4I|4α=↓|'{B7}4!|9|13!|9|16!|9|14!|9|11!|9|
9200 16!|9|12!|9|13!|;>{A4}|>|;2!11!|9|18!|9|18!|9|12!|9|11!|9|13
9204 !11!|;>{A4}|>|;6!11!|9|18!|9|16!|9|12!|9|16!10!|9|19!|;
9209 >{A4}|>|;5!11!|9|17!10!|9|10!11!|9|16!12!|;>{A4}|>
9215 |;3!|9|13!12!|9|15!|9|10!11!|9|19!11!|;>{A12}|π!|4|4|4|4The
9219 next step of Berlekamp's procedure requires _nding
9226 the ``null space'' of |εQ|4α_↓|4I. |πIn general,
9233 suppose that |εA |πis an |εn|4α⊗↓|4n |πmatrix
9240 over a _eld, whose rank |εn|4α_↓|4r |πis to be
9249 determined; suppose further that we wish to determine
9257 linearly independent vectors |εv|g[|g1|g], v|g[|g2|g],|4.|4.
9261 |4.|4,|4v|g[|gr|g] |πsuch that |εv|g[|g1|g]A|4α=↓|4v|g[|g2|g
9264 ]A|4α=↓|4|¬O|4|¬O|4|¬O|4α=↓v|g[|gr|g]A|4α=↓|4(0,|4.|4.|4.|4,
9264 |40). |πAn algorithm for this calculation can
9271 be based on the observation that any column of
9280 |εA |πmay be multiplied by a nonzero quantity,
9288 and any multiple of one of its columns may be
9298 added to a di=erent column, without changing
9305 the rank or the vectors |εv|g[|g1|g],|4.|4.|4.|4,|4v|g[|gr|g
9310 ]. |π(These transformations amount to replacing
9316 |εA |πby |εAB, |πwhere |εB |πis a nonsigular
9324 matrix.) The following well-known ``triangularization''
9329 procedure may therefore beused.|'{A12}|≡A|≡l|≡g|≡o|≡r|≡i|≡t|
9333 ≡h|≡m |≡N (|εNull space algorithm). |πLet |εA|4α=↓|4(a|βi|βj
9339 ) |πbe an |εn|4α⊗↓|4n |πmatrix, whose elements
9346 |εa|βi|βj |πbelong to a _eld and have subscripts
9354 in the range |ε0|4|¬E|4i,|4j|4|¬W|4n. |πThis
9359 algorithm outputs |εr |πvectors |εv|g[|g1|g],|4.|4.|4.|4,|4v
9363 |g[|gr|g], |πwhich are linearly independent over
9369 the _eld and satisfy |εv|g[|gj|g]A|4α=↓|4(0,|4.|4.|4.|4,|40)
9373 , |πwhere |εn|4α_↓|4r |πis the rank of |εA.|'
9381 {A12}{I1.8H}|π|≡N|≡1|≡.|9[Initialize.] Set |εc|β0|4|¬L|4c|β1
9383 |4|¬L|1|1|¬O|4|¬O|4|¬O|1|1|¬L|4c|βn|βα_↓|β1|4|¬L|4|→α_↓1,
9384 r|4|¬L|40. |π(During the calculation we will
9390 have |εc|βj|4|¬R|40 |πonly if |εa|βc|mj|βj|4α=↓|4|→α_↓1
9395 |πand all other entries of row |εc|βj |πare zero.)|'
9404 {A3}|≡N|≡2|≡.|9[Loop on |εk.] |πDo step N3 for
9411 |εk|4α=↓|40,|41,|4.|4.|4.|4,|4n|4α_↓|41, |πand
9413 then terminate the algorithm.|'{A3}|≡N|≡3|≡.|9[Scan
9418 row for dependence.] If there is some |εj |πin
9427 the range |ε0|4|¬E|4j|4|¬W|4n |πsuch that |εa|βk|βj|4|=|↔6α=
9432 ↓|40 |πand |εc|βj|4|¬W|40, |πthen do the following:
9439 Multiply column |εj |πof |εA |πby |→α_↓1/|εa|βk|βj
9446 |π(so that |εa|βk|βj |πbecomes equal to |→α_↓1);
9453 then add |εa|βk|βi |πtimes column |εj |πto column
9461 |εi |πfor all |εi|4|=|↔6α=↓|4j; |π_nally set
9467 |εc|βj|4|¬L|4k. (|πSince it is not di∃cult to
9474 show that |εa|βs|βj|4α=↓|40 |πfor all |εs|4|¬W|4k,
9480 |πthese operations have no e=ect on rows 0,|41,|4.|4.|4,|4k|
9487 4α_↓|41 of |εA.)|'!!|1!|4|4|4|4|πOn the other
9493 hand, if there is no |εj |πin the range |ε0|4|¬E|4j|4|¬W|4n
9503 |πsuch that |εa|βk|βj|4|=|↔6α=↓|40 |πand |εc|βj|4|¬W|40,
9508 |πthen set |εr|4|¬L|4r|4α+↓|41 |πand output the
9514 vector|'{A6}|εv|g[|gr|g]|4α=↓|4(v|β0,|4v|β1,|4.|4.|4.|4,|4v|
9515 βn|βα_↓|β1)|;{A6}|πde_nded by the rule|'{A6}|h|ε|∂v|βj|4α=↓!
9520 |∂a|βk|βs,!!|∂|πif!!|∂|εc|βs|4α=↓|4j|4α⊗↓|40;|E|n|;
9521 |L|La|βk|βs,|L|πif|L|εc|βs|4α=↓|4j|4|¬R|40;>{A4}|Lv|βj|4α=↓|
9522 L1,|L|πif|L|εj|4α=↓|4k;|J!(18)>{A4}|L|L0,|L|πotherwise.>
9524 {A6}{IC}!|4|4|4|4An example will reveal the mechanism
9530 of this algorithm; let |εA |πbe the matrix |εQ|4α_↓|4I
9539 |πof (17) over the _eld of integers modulo 13.
9548 When |εk|4α=↓|40, |πwe output the vector |εv|g[|g1|g]|4α=↓|4
9554 (1,|40,|40,|40,|40,|40,|40,|40). |πWhen |εk|4α=↓|41,
9557 |πwe may take |εj |πin step N3 to be either 0,
9568 2, 3, 4, 5, 6, or 7; the choice here is completely
9580 arbitrary, although it a=ects the particular
9586 vectors which are chosen to be output by the
9595 algorithm. For hand calculation, it is most convenient
9603 to pick |εj|4α=↓|45, |πsince |εa|β1|β5|4α=↓|412|4α=↓|4|→α_↓1
9607 |πalready; the column operations of step N3
9615 then change |εA |πto the matrix|'{A6}|9|10!|9|10!|9|10!|9|10
9621 !|9|10!|9|10!|9|10!|9|10|;{A4}|9|10!|9|10!|9|10!|9|10!|9|10!
9622 12!|9|10!|9|10|;{A4}11!|9|16!|9|15!|9|18!|9|11!|9|14!|9|11!|
9623 9|17|;{A4}|9|13!|9|13!|9|19!|9|15!|9|19!|9|16!|9|16!|9|14|;
9625 {A4}|9|14!11!|9|12!|9|16!12!|9|11!|9|18!|9|19|;
9626 {A4}|9|15!11!11!|9|17!10!|9|16!|9|11!10|;{A4}|9|11!11!|9|16!
9627 |9|11!|9|16!11!|9|19!|9|13|;{A4}12!|9|13!11!|9|19!|9|16!11!1
9628 2!|9|12|;{A6}{A6}(The circled element in column
9634 ``5,'' row ``1,`` may be used to indicate that
9643 |εc|β5|4α=↓|41. |πRemember that Algorithm N numbers
9649 the rows and columns of the matrix starting with
9658 0, not 1.) When |εk|4α=↓|42, |πwe may choose
9666 |εj|4α=↓|44 |πand proceed in a similar way, obtaining
9674 the following matrices, which all have the same
9682 null space as |εQ|4α_↓|4I:|'{A12}{M30}|h|π|∂!88!88!88!88!88!
9686 88!88!88!|∂!99!99!99!99!99!99!99!99!|∂|E|n|'|>
9688 |εk|4α=↓|42|;k|4α=↓|43|;>{A3}|>|9|10!|9|10!|9|10!|9|10!|9|10
9692 !|9|10!|9|10!|9|10|;|9|10!|9|10!|9|10!|9|10!|9|10!|9|10!|9|1
9693 0!|9|10|;>{A2}|>|9|10!|9|10!|9|10!|9|10!|9|10!12!|9|10!|9|10
9696 |;|9|10!|9|10!|9|10!|9|10!|9|10!12!|9|10!|9|10|;
9698 >{A2}|>|9|10!|9|10!|9|10!|9|10!12!|9|10!|9|10!|9|10|;
9701 |9|10!|9|10!|9|10!|9|10!12!|9|10!|9|10!|9|10|;
9702 >{A2}|>|9|18!|9|11!|9|13!11!|9|14!|9|19!10!|9|16|;
9705 |9|10!12!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10|;
9706 >{A2}|>|9|12!|9|14!|9|17!|9|11!|9|11!|9|15!|9|19!|9|13|;
9709 |9|19!|9|19!|9|18!|9|19!11!|9|18!|9|18!|9|15|;
9710 >{A4}|>12!|9|13!|9|10!|9|15!|9|13!|9|15!|9|14!|9|15|;
9713 |9|11!10!|9|14!11!|9|14!|9|14!|9|10!|9|10|;>{A2}|>
9716 |9|10!|9|11!|9|12!|9|15!|9|17!|9|10!|9|13!|9|10|;
9717 |9|15!12!12!|9|17!|9|13!|9|14!|9|16!|9|17|;>{A2}|>
9720 11!|9|16!|9|17!|9|10!|9|17!|9|10!|9|16!12|;|9|12!|9|17!|9|12
9721 !12!|9|19!11!11!|9|12|;>{A12}|>k|4α=↓|44|;k|4α=↓|45|;
9726 >{A3}|>|9|10!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10|;
9729 |9|10!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10|;
9730 >{A2}|>|9|10!|9|10!|9|10!|9|10!|9|10!12!|9|10!|9|10|;
9733 |9|10!|9|10!|9|10!|9|10!|9|10!12!|9|10!|9|10|;
9734 >{A2}|>|9|10!|9|10!|9|10!|9|10!12!|9|10!|9|10!|9|10|;
9737 |9|10!|9|10!|9|10!|9|10!12!|9|10!|9|10!|9|10|;
9738 >{A2}|>|9|10!12!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10|;
9741 |9|10!12!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10|;
9742 >{A2}|>|9|10!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10!12|;
9745 |9|10!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10!12|;
9746 >{A2}|>|9|11!10!|9|14!11!|9|14!|9|14!|9|10!|9|10|;
9749 12!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10|;
9750 >{A2}|>|9|18!|9|12!|9|16!10!11!11!|9|10!|9|19|;
9753 |9|15!|9|10!|9|10!|9|10!|9|15!|9|15!|9|10!|9|19|;
9754 >{A2}|>|9|11!|9|16!|9|14!11!|9|12!|9|10!|9|10!10|;
9757 12!|9|19!|9|10!|9|10!11!|9|19!|9|10!10|;>{A12}{M29}|Hβ*?{U0}{
�folio 545 galley 12
9759 H10L12M29}58320#Computer Programming!(A.-W./Knuth)!ch.
9761 4!f. 545!g. 12|'{A12}|πNow every column which
9768 has no circled entry is completely zero; so when
9777 |εk|4α=↓|46 |πand |εk|4α=↓|47 |πthe algorithm
9782 outputs two more vectors, namely|'{A6}|εv|g[|g2|g]|4α=↓|4(0,
9787 |45,|45,|40,|49,|45,|41,|40),!!v|g[|g3|g]|4α=↓|4(0,|49,|411,
9787 |49,|410,|412,|40,|41).|;{A6}|πFrom the form
9791 of matrix |εA |πafter |εk|4α=↓|45, |πit is evident
9799 that these vectors satisfy the equation |εvA|4α=↓|4(0,|4.|4.
9805 |4.|4,|40). |πSince the computation has produced
9811 three linearly independent vectors, |εu(x) |πmust
9817 have exactly three irreducible factors.|'!|4|4|4|4We
9823 now go to step B4 of the factoring procedure.
9832 Calculation of gcd{H12}({H10}|εu(x), v|g[|g2|g](x)|4α_↓|4{H1
9835 2}){H10} |πfor |εs|4α=↓|40, 1,|4.|4.|4.|4,|412,
9839 |πwhere |εv|g[|g2](x)|4α=↓|4x|g6|4α+↓|45x|g5|4α+↓|49x|g4|4α+
9840 ↓|45x|g2|4α+↓|45x, |πgives the answer |εx|g5|4α+↓|45x|g4|4α+
9844 ↓|49x|g3|4α+↓|45x|4α+↓|45 |πwhen |εs|4α=↓|40,
9847 x|g3|4α+↓|48x|g2|4α+↓|44x|4α+↓|412 |πwhen |εs|4α=↓|42,
9850 |πand unity for other values of |εs. |πTherefore
9858 |εv|g[|g2|g](x) |πgives us only two of the three
9866 factors. Turning to gcd{H12}({H10}|εv|g[|g3|g](x)|4α_↓|4s,
9870 x|g5|4α+↓|45x|g4|4α+↓|49x|g3|4α+↓|45x|4α+↓|45{H12}){H10},
9871 |πwhere |εv|β3(x)|4α=↓|4x|g7|4α+↓|412x|g5|4α+↓|410x|g4|4α+↓|
9872 49x|g3|4α+↓|411x|g2|4α+↓|49x, |πwe obtain the
9876 value |εx|g4|4α+↓|42x|g3|4α+↓|43x|g2|4α+↓|44x|4α+↓|46
9878 |πwhen |εs|4α=↓|46, x|4α+↓|43 |πwhen |εs|4α=↓|48,
9883 |πand unity otherwise. Thus the complete factorization
9890 is|'{A6}|εu(x)|4α=↓|4(x|g4|4α+↓|42x|g3|4α+↓|43x|g2|4α+↓|44x|
9891 4α+↓|46)(x|g3|4α+↓|48x|g2|4α+↓|44x|4α+↓|412)(x|4α+↓|43).|J!(
9891 19)|;{A6}|π!|4|4|4|4Let us now estimate the running
9898 time of Berlekamp's method when an |εn|πth degree
9906 polynomial is factored modulo |εp. |πFirst assume
9913 that |εp |πis relatively small, so that the four
9922 arithmetic operations can be done modulo |εp
9929 |πin essentially a _xed length of time. (Division
9937 modulo |εp |πcan be converted to multiplication,
9944 by storing a table of reciprocals; modulo 13,
9952 for example, we have |f1|d32|)|4α=↓|47, |f1|d33|)|4α=↓|49,
9958 etc.) The computation in step B1 takes |εO(n|g2)
9966 |πunits of time; step B2 takes |εO(pn|g2). |πFor
9974 step B3 we use Algorithm N, which requires |εO(n|g3)
9983 |πunits of time at most. Finally, in step B4
9992 we can observe that the calculation of gcd{H12}({H10}|ε|1f|1
9999 (x),|4g(x){H12}){H10} |πby Euclid's algorithm
10003 takes |εO{H12}({H10}|πdeg(|1|εf|1)|4|πdeg|ε(g){H12}){H10}
10005 |πunits of time; hence the calculation of gcd{H12}({H10}|εv|
10012 g[|gj|g](x)|4α_↓|4s,|4w(x){H12}){H10} |πfor _zed
10015 |εj |πand |εs |πand for all factors |εw(x) |πof
10024 |εu(x) |πfound so far takes |εO(n|g2) |πunits.
10031 Step B4 therefore requires |εO(prn|g2) |πunits
10037 of time at most. |εBerlekamp's procedure factors
10044 an arbitrary polynomial of degree n, |πmodulo
10051 |εp, in O(n|g3|4α+↓|4prn|g2) steps, |πwhen |εp
10057 |πis a small prime; and exercise 5 shows that
10066 the average number of factors, |εr, |πis approximately
10074 ln |εn. |πThus the algorithm is much faster than
10083 any known methods of factoring |εn-|πdigit numbers
10090 in the |εp-|πary number system.|'!|4|4|4|4When
10096 |εp |πis large, a di=erent implementation of
10103 Berlekamp's procedure would be used for the calculations.
10111 Division modulo |εp |πwould not be done with
10119 an auxiliary table of reciprocals; instead the
10126 method of exercise 4.5.2<15, which takes |εO{H12}({H10}(|πlo
10132 g|4|εp)|g2{H12}){H10} |πsteps, would probably
10136 be used. Then step B1 would take |εO{H12}({H10}n|g2(|πlog|4|
10143 εp)|g2{H12}){H10} |πunits of time; similarly,
10148 step B3 takes |εO{H12}({H10}n|g3(|πlog|4|εp)|g2{H12}){H10}.
10152 |πIn step B2, we can form |εx|gp |πmod |εu(x)
10161 |πin a more e∃cient way than (16) when |εp |πis
10171 large: Section 4|46|43 shows that this value
10178 can essentially be obtained by using |εO(|πlog|4|εp)
10185 |πoperations of ``squaring mod |εu(x),'' |πi.e.,
10191 going from |εx|gk |πmod |εu(x) |πto |εx|g2|gk
10198 |πmod |εu(x). |πThe squaring operation is relatively
10205 easy to perform if we _rst make an auxiliary
10214 table of |εx|gm |πmod |εu(x) |πfor |εm|4α=↓|4n,
10221 n|4α+↓|41,|4.|4.|4.|4,|42n|4α_↓2; |πif|'{A6}|εx|gkK44|*?{A6}|
10223 εx|gk|4|πmod|4u(x)|4α=↓|4c|βn|βα_↓|β1x|gn|gα_↓|g1|4α+↓|1|1|¬
10223 O|4|¬O|4|¬O|1α+↓|4c|β1x|4α+↓|4c|β0,|;{A6}|πthen|'
10225 {A6}|εx|g2|gk|4|πmod|4|εu(x)|4α=↓|4c|ur2|)nα_↓1|)x|g2|gn|gα_
10225 ↓|g2|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4(c|β1c|β0|4α+↓|4c|β1c|β0)
10225 x|4α+↓|4c|=|β0|g2,|;*?{A6}|πwhere |εx|g2|gn|gα_↓|g2,|4.|4.|4.
10227 |4,|4x|gn |πcan be replaced by polynomials in
10234 the auxiliary table. The net time to compute
10242 |εx|gp |πmod |εu(x) |πcomes to |εO{H12}({H10}n|g2(|πlog|4p)|
10247 g3{H12}){H10} units, and we obtain the second
10254 row of |εQ. |πTo get further rows of |εQ, |πwe
10264 form |εx|g2|gp |πmod|4|εu(x), x|g3|gp|4|πmod|4|εu(x),|4.|4.|
10267 4. |πsimply by multiplying repeatedly by |εx|gp
10274 |πmod |εu(x), |πin a fashion analogous to squaring
10282 mod |εu(x); |πstep B2 is completed in |εO{H12}({H10}n|g2(|πl
10289 og|4|εp)|g3|4α+↓|4n|g3(|πlog|4|εp)|g2{H12}){H10}
10290 |πunits of time. The same upper bound applies
10298 to steps |πB1, B2, and B3 taken as a whole; these
10309 three steps tell us the number of factors of
10318 |εu(x).|'|π!|4|4|4|4But when |εp |πis large and
10325 we get to step B4, we are asked to calculate
10335 a greatest common divisor for |εp |πdi=erent
10342 values of |εs, |πand this is out of the question
10352 if |εp |πis very large. This hurdle was surmounted
10361 by Hans Zassenhaus [|εJ. Number Theory |≡1 (1969),
10369 291<311], |πwho showed how to determine all the
10377 ``useful'' values of |εs. |πFor _xed |εj, |πlet
10385 |εw(x)|4α=↓|4|≥7|4(x|4α_↓|4s) |πwhere the product
10389 is over all |ε0|4|¬E|4s|4|¬W|4p |πsuch that gcd{H12}({H10}|ε
10395 u(x), v|g[|gj|g](x)|4α_↓|4s{H12}){H10}|4|=|↔6α=↓|41.
10397 |πBy (14), |εw(x) |πis the polynomial of least
10405 degree such that |εu(x) |πdivides |εw(v|g[|gj|g](x)).
10411 |πAlgorithm N can therefore be adapted to _nd
10419 the coe∃cients of |εw: |πLet |εA |πbe the (|εr|4α+↓|41)|4α⊗↓
10427 |4n |πmatrix whose |βk|πth row contains the coe∃cients
10435 of |ε*?*?*?v|g[|gj|g](x)|gk |πmod |εu(x), |πfor
10440 |ε0|4|¬E|4k|4|¬E|4r. |πApply the method of Algorithm
10446 N until the _rst dependence is found in step
10455 N3; then the algorithm terminates with |εw(x)|4α=↓|4v|β0|4α+
10461 ↓|4v|β1x|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4v|βkx|gk,
10462 |πwhere |εv|βj |πis de_ned in (18). (An example
10470 is worked out below.) At this point 2|4|¬E|4|εk|4|¬E|4r;
10478 |πin rare circumstances we may have |εk|4α=↓|4n.|'
10485 |π!|4|4|4|4It remains to _nd the factors of |εw(x)
10493 |πmodulo a large prime |εp, |πwhen |εw |πis known
10502 to split into linear factors. Suppose |εw(x)|4α=↓|4(x|4α_↓s|
10508 β1)|4|¬O|4|¬O|4|¬O|4(x|4α_↓|4s|βk); |πthen it
10511 divides |εx(x|4α_↓|41)|4|¬O|4|¬O|4|¬O|4(x|4α_↓|4p|4α+↓|41)|4
10512 α=↓|4x|gp|4α_↓|4x|4α=↓|4x(x|g(|gp|gα_↓|g1|g)|g/|g2|4α_↓|41)(
10512 x|g(|gp|gα_↓|g1|g)|g/|g2|4α+↓|41), |πhence the
10515 identity|'{A6}|εw(x)|4α=↓|4|πgcd{H12}({H10}|εw(x),
10517 x|4α_↓|4t)|4|¬O|4|πgcd{H12}({H10}|εw(x),|4(x|4α_↓|4t)|g(|gp|
10517 gα_↓|g1|g)|g/|g2|4α_↓|41)|4|¬O|4|πgcd{H12}(|ε{H10}w(x),|4(x|
10517 4α_↓|4t)|g(|gp|gα_↓|g1|g)|g/|g2|4α+↓|41)|J!(20)|;
10518 {A6}|πholds for all integers |εt. |πZassenhaus's
10524 procedure for factoring |εw |πis to try |εt|4α=↓|40,|41,|42,
10531 |4.|4.|4. |πin (20) until |εw |πhas been completely
10539 split. At _rst glance this may appear to be an
10549 ine∃cient trial-and-error method, but actually
10554 it _nds the factors very rapidly, since the probability
10563 of a nontrivial gcd in (20) is approximately
10571 1|4α_↓|42|ε|gα_↓|gk |πwhen |εt |πis chosen at
10577 random. The reason is that |εx|4α_↓|4s|βi |πdivides
10584 |ε(x|4α_↓|4t)|g(|gp|gα_↓|g1|g)|g/|g2|4α_↓|4|πif
10585 and only if |ε(s|βi|4α_↓|4t)|g(|gp|gα_↓|g1|g)|g/|g2
10589 |πmod |εp|4α=↓|41, |πand this occurs for about
10596 half of all values |εt.|'!|4|4|4|4For example,
10603 let's reconsider the polynomial |εv|g[|g3|g](x)|4α=↓|4x|g7|4
10607 α+↓|412x|g5|4α+↓|410x|g4|4α+↓|49x|g3|4α+↓|411x|g2|4α+↓|49x
10608 |πmentioned earlier, and let's pretend that 13
10615 is a large prime. Then|'{A12}{M30}|h|π|∂!99!99!99!99!99!99!9
10620 9!99!|∂!88!88!88!88!88!88!88!88!|∂|E|n|;|>Matrix|4|εA|;
10623 |πis|4transformed into|;>{A3}|>|9|11!|9|10!|9|10!|9|10!|9|10
10627 !|9|10!|9|10!|9|10|;12!|9|10!|9|10!|9|10!|9|10!|9|10!|9|10!|
10628 9|10|;>{A2}|>|9|10!|9|19!11!|9|19!10!12!|9|10!|9|11|;
10632 |9|10!|9|10!|9|10!|9|10!|9|10!12!|9|10!|9|10|;
10633 >{A2}|>|9|14!|9|14!|9|16!|9|19!|9|11!|9|17!12!|9|11|;
10636 |9|10!|9|10!|9|10!|9|10!|9|10!|9|10!12!|9|10|;
10637 >{A2}|>|9|14!|9|16!|9|13!|9|16!11!|9|18!|9|10!|9|15|;
10640 |9|19!|9|10!|9|10!|9|10!|9|10!|9|18!|9|10!|9|10|;
10641 >{A12}{M29}so we have |εw(x)|4α=↓|49|4α+↓|48x|4α+↓|4x|g3.
10646 |πSetting |εt|4α=↓|40 |πin (20) produces the
10652 factor |εx|4α+↓|41|4α=↓|4x|4α_↓|412, |πand we
10656 replace |εw(x) |πby |εw(x)/(x|4α_↓|412)|4α=↓|4x|g2|4α+↓|412x
10659 |4α+↓|49. |πWhen |εt|4α=↓|41 |πwe get no further
10666 information, but |εt|4α=↓|42 |πyields the other
10672 factors |εx|4α_↓|46 |πand |εx|4α_↓|48. |πThe
10677 useful values of |εs |πwith respect to |εv|g[|g3|g](x)
10685 |πare 6, 8, and 12.|'!|4|4|4|4The average time
10693 to _nd the factors of |εw(x) |πusing (20) will
10702 be |εO{H12}({H10}k|g3(|πlog|4|εp)|g2|4α+↓|4k|g2(|πlog|4|εp)|
10703 g3{H12}){H10}, |πaccording to exercise 14. Since
10709 it takes us |εO{H12}({H10}rn|g2(|πlog|4|εp)|g2{H12}){H10}
10713 |πsteps to determine |εw(x) |πfrom |εv|g[|gj|g](x),
10719 |πwe may conclude that step B4 can be accomplished
10728 in an average time of |εO{H12}({H10}r|g2n|g2(|πlog|4|εp)|g2|
10733 4α+↓|4r|g3(|πlog|4|εp)|g3{H12}){H10} |πunits,
10735 for large primes |εp. |πIn other words, step
10743 B4 is not the bottleneck after all, when we use
10753 Zassenhaus's suggestions, since |εr |πis usually
10759 small compared to |εn.|'|π!|4|4|4|4For further
10765 discussion, see E. R. Berlekamp, |εMath. Comp.
10772 |≡2|≡4 (1970), 713<735.|'{A12}|π|≡D|≡i|≡s|≡t|≡i|≡n|≡c|≡t
10776 |≡d|≡e|≡g|≡r|≡e|≡e |≡f|≡a|≡c|≡t|≡o|≡r|≡i|≡z|≡a|≡t|≡i|≡o|≡n|≡
10777 .|9|4A somewhat simpler method which often obtains
10784 factors modulo |εp |πcan be based on the fact
10793 that an irreducible polynomial |εq(x) |πof degree
10800 |εd |πis a divisor of |εx|gp|id|4α_↓|4x, |πand
10807 it is not a divisor of |εx|gp|ic|4α_↓|4x |πfor
10815 |εc|4|¬W|4d; |πsee exercise 16. We proceed as
10822 follows:{A12}{A12}{I1.7H}|≡S|≡1|≡.|9Rule out
10824 squared factors and _nd the matrix |εQ, |πas
10832 in Berlekamp's method. Also set |εv(x)|4|¬L|4u(x),
10838 w(x)|4|¬L|4``x'', |πand |εd|4|¬L|40. |π(Here
10842 |εv(x) |πand |εw(x) |πare variables which have
10849 polynomials as values.)|'{A3}|≡S|≡2|≡.|9Increase
10853 |εd |πby 1 and replace |εw(x) |πby |εw(x)|gp
10861 |πmod|4|εu(x). |π(In other words, the coe∃cients
10867 |ε(w|β0,|4.|4.|4.|4,|4w|βn|βα_↓|β1) |πare replaced
10870 by |ε(w|β0,|4.|4.|4.|4,|4w|βn|βα_↓|β1)Q. |πAt
10873 this point |εw(x)|4α=↓|4x|gp|id|4|πmod|4|εu(x).{H12}){H10}|'
10876 {A3}|≡S|≡4|≡.|9|πFind |εg(x)|4α=↓|4|πgcd{H12}({H10}|εw(x)|4α
10877 _↓|4x,|4v(x){H12}){H10}. |π(This is the product
10882 of all the irreducible factors of |εu(x) |πwhose
10890 degree is |εd.) |πReplace |εv(x) |πby |εv(x)/g(x).|'
10897 {A3}|≡S|≡4|≡.|9|πIf |εd|4|¬W|4|f1|d32|)|4|πdeg(|εv),
10899 |πreturn to S2. Otherwise |εv(x) |πis irreducible,
10906 and the procedure terminates.|'|H*?*?*?{U0}{H10L12M29}58320#Com
�folio 550 galley 13
10910 puter Programming!(A.-W./Knuth)!ch. 4!f. 550!g.
10914 13|'{A12}!|4|4|4|4This procedure determines the
10919 product of all irreducible factors of each degree
10927 |εd, |πand therefore it tells us how many factors
10936 there are of each degree. Since the three factors
10945 of our example polynomial (19) have di=erent
10952 degrees, they would all be discovered. The total
10960 running time, analyzed as above, is |εO{H12}({H10}n|g3(|πlog
10966 |4|εp)|g2|4α+↓|4n|g2(|πlog|4|εp)|g3{H12}){H10}.|'
10967 |π!|4|4|4|4The distinct degree factorization
10971 technique was known to several people in 1960
10979 [cf. S. W. Columb, L. R. Welch, A. Hales, ``On
10989 the factorization of trinomials over GF(2),''
10995 Jet Propulsion Laboratory memo 20<189 (July 14,
11002 1959)], but there seem to be no references to
11011 it in the ``open literature.'' Previous work
11018 by S. Schwarz, |εQuart. J. Math., |πOxford (2)
11026 |≡7 (1956), 110<124, had shown how to determine
11034 the number of irreducible factors of each degree,
11042 but not their product, using the matrix |εQ.|'
11050 {A12}|π|≡F|≡a|≡c|≡t|≡o|≡r|≡i|≡n|≡g |≡o|≡v|≡e|≡r
11052 |≡t|≡h|≡e |≡i|≡n|≡t|≡e|≡g|≡e|≡r|≡s|≡.|9|4It is
11055 somewhat more di∃cult to _nd the complete factorization
11063 of polynomials with integer coe∃cients when we
11070 are |εnot |πworking modulo |εp, |πbut some reasonably
11078 e∃cient methods are available for this purpose.|'
11085 !|4|4|4|4Isaac Newton gave a method for _nding
11092 linear and quadratic factors of polynomials with
11099 integer coe∃cients in his |εArithmetica Universalis
11105 (1707). |πThis method was extended by an astronomer
11113 named Friedrich von Schubert in 1993, who showed
11121 how to _nd all factors of degree |εn |πin a _nite
11132 number of steps; see M. Cantor, |εGeschichte
11139 der Mathematik |≡4 |π(Leipzig: Teubner, 1908),
11145 136<137. L. Kronecker rediscovered von Schubert's
11151 method independently about 90 years later; but
11158 unfortunately the method is very ine∃cient when
11165 |εn |πis _ve or more. Much better results can
11174 be obtained with the help of the ``mod|4|εp''
11182 |πfactorization methods presented above.|'!|4|4|4|4Suppose
11187 that we want to _nd the irreducible factors of
11196 a given polynomial|'{A6}|εu(x)|4α=↓|4u|βnx|gn|4α+↓|4u|βn|βα_
11199 ↓|β1x|gn|gα_↓|g1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4u|β0,!!u|βn|4
11199 |=|↔6α=↓|40,|;{A6}|πover the integers. As a _rst
11206 step, we can divide by the greatest common divisor
11215 of the coe∃cients, and this leaves us with a
11224 |εprimitive |πpolynomial. We may also assume
11230 that |εu(x) |πis squarefree, by dividing out
11237 gcd{H12}({H10}|εu(x),|4u|¬S(x){H12}){H10} |πas
11239 above.|'!|4|4|4|4Now if |εu(x)|4α=↓|4v(x)w(x),
11243 |πwhere all of these polynomials have integer
11250 coe∃cients, we obviously have |εu(x)|4|"o|4v(x)w(x)
11255 |π(modulo |εp) |πfor all primes |εp, |πso there
11263 is a nontrivial factorization modulo |εp |πunless
11270 |εp |πdivides |ε|λ9(u). |πBerlekamp's e∃cient
11275 algorithm for factoring |εu(x) |πmodulo |εp |πcan
11282 therefore be used in an attempt to reconstruct
11290 possible factorizations of |εu(x) |πover the
11296 integers.|'!|4|4|4|4For example, let|'{A6}|εu(x)|4α=↓|4x|g8|
11300 4α+↓|4x|g6|4α_↓|43x|g4|4α_↓|43x|g3|4α+↓|48x|g2|4α+↓|42x|4α_↓
11300 |45.|J!(21)|;{A6}|πWe have seen above in (19)
11307 that|;{A6}!|εu(x)|4|"o|4(x|g4|4α+↓|42x|g3|4α+↓|43x|g2|4α+↓|4
11308 4x|4α+↓|46)(x|g3|4α+↓|48x|g2|4α+↓|44x|4α+↓|412)(x|4α+↓|43)|'
11309 {A3}|π(modulo|413);!(22)|?and the complete factorization
11314 of |εu(x) |πmodulo 2 shows one factor of degree
11323 6 and another of degree 2 (see exercise 10).
11332 From (22) we can see that |εu(x) |πhas no factor
11342 of degree 6, so it must be irreducible over the
11352 integers.|'!|4|4|4|4This particular example was
11357 perhaps too simple; experience shows that most
11364 irreducible polynomials can be recognized as
11370 such by examining their factors modulo a few
11378 primes, but it is not always so easy to establish
11388 irreducibility*3 For example, there are polynomials
11394 which are irreducible over the integers, but
11401 which can be properly factored modulo |εp |πfor
11409 all primes |εp, |πwith consistent degrees of
11416 the factors (see exercise 12).|'!|4|4|4|4Almost
11422 all polynomials are irreducible over the integers,
11429 as shown in exercise 27. But we usually aren't
11438 trying to factor a random polynomial; there is
11446 probably some reason to expect a nontrivial factor
11454 or else the calculation would not have been attempted
11463 in the _rst place. We need a method that identi_es
11473 factors when they are there.|'!|4|4|4|4In general
11480 if we try to _nd the factors of |εu(x) |πby considering
11491 its behavior modulo di=erent primes, it will
11498 be di∃cult to combine the results; for example,
11506 if |εu(x) |πactually is the product of four quadratic
11515 polynomials, it will be hard to match up their
11524 images with respect to di=erent prime moduli.
11531 There it is desirable to stick to a single prime
11541 and to see how nuch mileage we can get out of
11552 it.|'!One idea is to work modulo a very |εlarge
11562 |πprime |εp, |πbig enough so that the coe∃cients
11570 in any time factorization |εu(x)|4α=↓|4v(x)w(x)
11575 |πover the integers must actually lie between
11582 |ε|→α_↓p/2 |πand |εp/2. |πThen all possible integer
11589 factors can be ``read o='' from the mod |εp |πfactors
11599 we know how to compute.|'!|4|4|4|4Exercise 20
11606 shows how to obtain fairly good bounds on the
11615 coe∃cients of polynomial factors. For example,
11621 if (21) were reducible it would have a factor
11630 |εv(x) |πof degree |→|¬E4, and the coe∃cients
11637 of |εv |πwould be at most 67 in magnitude by
11647 the results of that exercise. So all potential
11655 factors of |εu(x) |πwill be fairly evident if
11663 we work modulo any prime |εp|4|¬Q|4134. |πIndeed,
11670 the complete factorization modulo 137 is|'{A6}|ε(x|g3|4α+↓|4
11676 32x|g2|4α+↓|421x|4α+↓|456)(x|g5|4α_↓|432x|g4|4α+↓|445x|g3|4α
11676 _↓|42x|g2|4α_↓|451x|4α_↓|427),|;{A6}|πand we
11679 see immediately that |εx|g3|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|456
11682 |πis not a factor since 56 doesn't divide 5.
11692 (Incidentally, it is not trivial to obtain good
11700 bounds on the coe∃cients of polynomials factors,
11707 since a lot of cancellation can occur when polynomials
11716 are multiplied. For example, the innocuous-looking
11722 polynomial |εx|gn|4α_↓|41 |πhas irreducible factors
11727 whose coe∃cients exceed exp(|εn|ur(1α_↓|≤o)/|πlglg|4|εn|)|))
11730 |πfor in_nitely many |εn. |π[R. C. Vaughan,
11738 |εMichigan Math. J. |≡2|≡1 (1974), 289<295].)|'
11744 !|4|4|4|4Instead of using a large prime |εp,
11751 |πwhich might have to be truly enormous if |εu(x)
11760 |πhas large degree or large coe∃cients, we can
11768 also make use of small |εp, |πprovided that |εu(x)
11777 |πis squarefree mod |εp. |πFor in this case,
11785 an important construction introduced by K. Hensel
11792 [|εTheorie der Algebraischen Zahlen (|πLeipzig:
11797 Teubner, 1908), Chapter 4] can be used to extend
11806 a factorization modulo |εp |πin a unique way
11814 to a factorization modulo |εp|ge |πfor arbitrarily
11821 high |εe. |πHensel's method is described in exercise
11829 22; if we apply it to (22) with |εp|4α=↓|413
11838 |πand |εe|4α=↓|42, |πwe obtain the unique factorization
11845 |εu(x)|4|"o|4(x|4α_↓|436)(x|g3|4α_↓|418x|g2|4α+↓|482x|4α_↓|4
11845 66)(x|g4|4α+↓|454x|g3|4α_↓|410x|g2|4α+↓|469x|4α+↓|484)
11846 (modulo 169)|4α=↓|4v|β1(x)v|β3(x)v|β4(x), |πsay.
11849 Clearly |εv|β1(x) |πand |εv|β3(x) |πare not factors
11856 of |εu(x) |πover the integers; and neither is
11864 their product |εv|β1(x)v|β3(x) |πwhen the coe∃cients
11870 have been reduced modulo 169 to the range (α_↓|f169|d32|),
11879 |f169|d32|)). Thus we have exhausted a__ possibilities,
11886 proving once again that |εu(x) |πis irreducible
11893 over the integers#this time using only its factorization
11901 modulo 13.|'!|4|4|4|4The example we have been
11908 considering is atypical in one important respect:
11915 We have been factoring the |εmonic |πpolynomial
11922 |εu(x) |πin (21), so we could assume that all
11931 its factors were monic. What should we do if
11940 |εu|βn|4|¬Q|41|g2. |πIn such a case, the leading
11947 coe∃cients of all but one of the polynomial factors
11956 can be varied almost arbitrarily modulo |εp|ge;
11963 |πwe certainly don't want to try all possibilities.
11971 Perhaps the reader has alrady noticed this problem.
11979 Fortunately there is a simple way out: the factorization
11988 |εu(x)|4α=↓|4v(x)w(x) |πimplies a factorization
11992 |εu|βnu(x)|4α=↓|4v|β1(x)w|β1(x) |πwhere |ε|λ9(v|β1)|4α=↓|4|λ
11994 9(w|β1)|4α=↓|4u|βn|4α=↓|4|λ9(u). |π(``Do you
11997 mind if I multiply your polynomial by its leading
12006 coe∃cient before factoring it?'') We can proceed
12013 esentially as above, but using |εp|ge|4|¬R|42B
12019 |πwhere |εB |πnow bounds the maximum coe∃cient
12026 for factors of |εu|βn(x) |πinstead of |εu(x).|'
12033 {A6}{I1.7H}|π|≡F|≡1|≡.|9Find the unique squarefree
12037 factorization |εu(x)|4|"o|4|λ9(u)v|β1(x)|4|¬o|4|¬O|4|¬O|4v|β
12038 r(x) |π)modulo |εp|ge), |πwhere the |εv|βj(x)
12044 |πare monic. (This will be possible for all but
12053 a few primes |εp, |πsee exercise 23.) Set |εd|4|¬L|41.|'
12062 {A3}|π|≡F|≡2|≡.|9For every combination of factors
12067 |εv(x)|4α=↓|4v|βi|m1(x)|4|¬O|4|¬O|4|¬O|4v|βi|mk(x)
12068 |πwith deg|ε(v)|4α=↓|4d, |πand with |εi|β1|4α=↓|41
12073 |πif |εd|4α=↓|4|f1|d32|)|4|πdeg(|εu), |πform
12076 the unique polynomial |εv(x)|4|"o|4|λ9(u)v(x)
12080 |π(modulo |εp|ge) |πwhose coe∃cients all lie
12086 in the interval |ε[α_↓|f1|d32|)p|ge,|4|f1|d32|)p|ge).
12090 |πIf |εv(x) |πdivides |ε|λ9(u)u(x), |πoutput
12095 the factor pp{H12}({H10}|εv(x){H12}){H10}, |πdivide
12099 |εu(x) |πby this factor, and remove the corresponding
12107 |εv|βi(x) |πfrom the list of factors modulo |εp|ge;
12115 |πterminate the algorithm if deg(|εu)|4|¬W|42d.|'
12120 {A3}|≡F|≡3|≡.|9Increase |εd |πby 1, and return
12126 to F2 if |εd|4|¬E|4|f1|d32|)|4|πdeg|4|ε(u).|'
12130 {IC}|π{A12}At the conclusion of this process,
12136 |εu(x) |πwill be the _nal irreducible factor
12143 of the originally given polynomial. Note that
12150 if |ε|¬Gu|β0|¬G|4|¬W|4|¬Gu|βn|¬G, |πit is preferable
12155 to work with the reverse polynomial |εu|β0x|gn|4α+↓|1|1|¬O|4
12161 |¬O|4|¬O|1|1α+↓|4u|βn, |πwhose factors are the
12166 reverses of the factors of |εu(x).|'|π!|4|4|4|4The
12173 above algorithm contains an obvious bottleneck:
12179 We may have to test as many as 2|ε|gr|gα_↓|g1
12188 |πpotential factors |εv(x). |πThe average value
12194 of 2|ε|gr |πin a random situation is about |εn,
12203 |πor perhaps |εn|g1|g.|g5 |π(see exercise 5),
12209 but in nonrandom situations we will want to speed
12218 up this part of the routine as much as we can.
12229 One way to rule out spurious factors quickly
12237 is to compute the trailing coe∃cient |ε(0) |π_rst,
12245 continuing onlu if this divides |ε|λ9(u)u(0).|'
12251 |π!|4|4|4|4Another important way to speed up
12257 the procedure is to reduce |εr |πso that it tends
12267 to re⊗ect the true number of factors. The distinct
12276 degree factorization algorithm above can be applied
12283 for various small primes |εp|βj, |πthus obtaining
12290 for each prime a set |εD|βj |πof possible degrees
12299 of factors modulo |εp|βj; |πsee exercise 00.
12306 We can represent |εD|βj |πas a string of |εn
12315 |πbinary bits. Now we compute the intersection
12322 |↔Q|εD|βj, |πnamely the logical ``and'' of these
12329 bit strings, and we perform step F2 only for
12338 |εd|4|¬A|4|↔QD|βj. |πFurthermore |εp |πis selected
12343 as that |εp|βj |πhaving the smallest value of
12351 |εr. |πThis technique is due to David R. Musser,
12360 whose experience suggests trying about _ve primes
12367 |εp|βj; |πof course we would stop immediately
12374 if the current |ε|↔QD|βj |πshows that |εu(x)
12381 |πis irreducible. Musser has given a complete
12388 discussion of the above factorization procedure
12394 in |εJACM |≡2|≡2 (1975), 291<308.|'|H*?*?*?{U0}{H10L12M29}58320
�folio 558 galley 14
12399 #Computer Programming!(A.-W./Knuth)!ch. 4!f.
12402 558!g. 14|'|π|≡G|≡r|≡e|≡a|≡t|≡e|≡s|≡t |≡c|≡o|≡m|≡m|≡o|≡n
12406 |≡d|≡i|≡v|≡i|≡d|≡o|≡r|≡s|≡.|9|4Similar techniques
12408 can be used to calculate greatest common divisors
12416 of polynomials: If gcd{H12}({H10}|εu(x),|4v(x){H12}){H10}|4α
12419 =↓|4d(x) |πover the integers, and if gcd{H12}({H10}|εu(x),|4
12425 v(x){H12}){H10}|4α=↓|4q(x) |πmodulo |εp, |πwhere
12429 |εq(x) |πis monic, then |εd(x) |πis a common
12437 divisor of |εu(x) |πand |εv(x) |πmodulo |εp;
12444 |πhence|'{A6}|εd(x)!!|πdivides!!|εq(x)!!(|πmodulo|4|εp).|J!(
12445 23)|;{A6}|πIf |εp |πdoes not divide the leading
12453 coe∃cients of both |εu |πand |εv, |πit does not
12462 divide the leading coe∃cient of |εd; |πin such
12470 a case deg(|εd)|4|¬E|4|πdeg(|εq). |πWhen |εq(x)|4α=↓|41
12475 |πfor such a prime |εp, |πwe must therefore have
12484 deg|ε(d)|4α=↓|40, |πand |εd(x)|4α=↓|4|πgcd{H12}({H10}|πcont|
12486 ε(u),|4|πcont|ε(v){H12}){H10}. |πThis justi_es
12489 the remark made in Section 4.6.1 that the simple
12498 computation (4.6.1<6) of gcd{H12}({H10}|εu(x),|4v(x){H12}){H
12501 10} |πmodulo 13 is enough to prove that |εu(x)
12510 |πand |εv(x) |πare relatively prime over the
12517 integers; the comparatively laborious calculations
12522 of Algorithm 4.6.1E or Algorithm 4.6.1C are unnecessary.
12530 Since two random primitive polynomials are almost
12537 always relatively prime over the integers, and
12544 since they are relatively prime modulo |εp |πwith
12552 probability 1|4α_↓|41/|εp, |πit is usually a
12558 good idea to do the computations modulo |εp.|'
12566 |π!|4|4|4|4As remarked above, we need good methods
12573 also for the nonrandom polynomials which arise
12580 in practice.!|4|4|4|4Instead of calculating gcd{H12}({H10}|ε
12584 u(x),|4v(x){H12}){H10} |πdirectly, it will be
12589 convenient to search instead for the polynomial|'
12596 {A6}|ε|=|¬Nd(x)|4α=↓|4c|4|¬O|4|πgcd{H12}({H10}|εu(x),|4v(x){
12596 H12}){H10},|J!(24)|;{A6}|πwhere the constant
12600 |εc |πis chosen so that|'{A6}|ε|λ9(|=|¬Nd)|4α=↓|4|πgcd{H12}(
12605 {H10}|λ9(u),|4|λ9(v){H12}){H10}.|J!(25)|;{A6}This
12607 condition will always hold for suitable |εc,
12614 |πsince the leading coe∃cient of any common divisor
12622 of |εu(x) |πand |εv(x) |πmust be a divisor of
12631 gcd|ε{H12}({H10}|λ9(u),|4|λ9(v){H12}){H10}. |πOnce
12633 |ε|=|¬Nd(x) |πhas been found satisfying these
12639 conditions, we can readily compute pp{H12}({H10}|ε|¬Nd(x){H1
12644 2}){H10}, |πwhich is the true greatest common
12651 divisor of |εu(x) |πand |εv(x). |πcondition (25)
12658 is convenient since it avoids the uncertainty
12665 of unit multiples of the gcd; it is essentially
12674 the idea we used to control leading coe∃cients
12682 in our factorization routine.|'!|4|4|4|4If |εp
12688 |πis a su∃ciently large prime, based on the bounds
12697 for coe∃cients in exercise 20 applied either
12704 to |ε|λ9(|=∩d)u(x) |πor |ε|λ9(|=∩d)v(x), |πlet
12709 us compute the unique polynomial |ε|=3q(x)|4|"o|4|λ9(|=∩d)q(
12714 x) (|πmodulo |εp) |πhaving all coe∃cients in
12721 |ε[α_↓|f1|d32|)p,|4|f1|d32|)p). |πWhen pp{H12}({H10}|ε|=3q(x
12723 ){H12}){H10} |πdivides both |εu(x) |πand |εv(x),
12729 |πit must equal gcd{H12}({H10}|εu(x), v(x){H12}){H10}
12734 |πbecause of (23). On the other hand if it does
12744 not divide both |εu(x) |πand |εv(x) |πwe must
12752 have deg(|εq)|4|¬Q|4|πdeg|ε(d). |πA study of
12757 Algorithm 4.6.1E reveals that this will be the
12765 case only if |εp |πdivides the leading coe∃cient
12773 of one of the nonzero remainders computed by
12781 that algorithm with exact integer arithmetic;
12787 otherwise Euclid's algorithm modulo |εp |πdeals
12793 with precisely the same sequence of polynomials
12800 as Algorithm 4.6.1E except for nonzero constant
12807 multiples (modulo |εp). |πSo only a small number
12815 of ``unlucky'' primes can cause us to miss the
12824 gcd, and we will soon _nd it if we keep trying.|'
12835 !|4|4|4|4If the bound on coe∃cients is so large
12843 that single-precision primes |εp |πare insu∃cient,
12849 we can compute |ε|=∩d(x) |πmodulo several primes
12856 |εp |πuntil it has been determined via the Chinese
12865 remainder algorithm in Section 4.3.2. This approach,
12872 which is due to W. S. Brown and G. E. Collins,
12883 has been described in detail by Brown in |εJACM
12892 |≡1|≡8 (1971), 478<504. |πAlternatively, as suggested
12898 by J. Moses and D. Y. Y. Yun [|εProc. ACM Conf.
12909 |≡2|≡8 (1973), 159<166], |πwe can use Hensel's
12916 Lemma to determine |ε|=∩d(x) |πmodulo |εp|ge
12922 |πfor su∃ciently large |εe. |πHensel's construction
12928 is valid directly only when|'{A6}gcd|ε{H12}({H10}d(x),|4u(x)
12933 /d(x){H12}){H10}|4α=↓|41!!|πor!!gcd{H12}({H10}|εd(x),|4v(x)/
12933 d(x){H12}){H10}|4α=↓|41,|J!(26)|;{A6}|πsince
12935 the idea is to apply the techniques of exercise
12944 22 to one of the factorizations |ε|λ9(|=∩d)u(x)|4|"o|4|=3q(x
12950 )u|β1(x) |πor |ε|λ9(|=∩d)v(x)|4|"o|4|=3q(x)v|β1(x)
12953 (|πmodulo |εp). |πIn the comparatively rare cases
12960 when (26) fails, we can still _nd the gcd by
12970 casting out squared factors in an appropriate
12977 manner, as shown in exercise 29. The complete
12985 procedure has been discussed by Miola and Yun
12993 in |εSIGSAM Bulletin |≡8|≡, 3(|πAugust 1974),
12999 46<54; it appears to be computationally superior
13006 to the Chinese remainder approach.|'!|4|4|4|4The
13012 gcd algorithms sketched here are signi_cantly
13018 faster than those of Section 4.6.1 except when
13026 the polynomial remainder sequence is very short.
13033 Perhaps the best combined approach would be to
13041 start with the computation of gcd{H12}({H10}u(x),|4v(x){H12}
13046 ){H10} mpdulo a fairly small prime |εp, |πnot
13054 a divisor of both |ε|λ9(u) |πand |ε|λ9(v). |πIf
13062 the result |εq(x) |πis 1, we're done; if it has
13072 high degree, we can use Algorithm 4.6.1C; otherwise
13080 we use one of the above methods, _rst computing
13089 a bound for the coe∃cients of |ε|=∩d(x) |πbased
13097 on the coe∃cients of |εu(x), v(x), |πand the
13105 (small) degree of |εq(x). |πAs in the factorization
13113 problem, we should apply this procedure to the
13121 reverses of |εu(x), v(x) |πand reverse the result,
13129 if the trailing coe∃cients are simpler than the
13137 leading ones.|'{A12}|≡M|≡u|≡l|≡t|≡i|≡v|≡a|≡r|≡i|≡a|≡t|≡e
13140 |≡p|≡o|≡l|≡y|≡n|≡o|≡m|≡i|≡a|≡l|≡s|≡.|9|4Similar
13141 techniques lead to useful a_gorithms for factorization
13148 or gcd calculations on multivariate polynomials
13154 with integer coe∃cients. Such a polynomial |εu(x|β1,|4.|4.|4
13160 .|4,|4x|βt) |πcan be dealt with modulo the irreducible
13168 polynomials |εx|β2|4α_↓|4a|β2,|4.|4.|4.|4,|4x|βt|4α_↓|4a|βt,
13169 |πyielding the univariate polynomial |εu(x|β1,|4a|β2,|4.|4.
13174 |4.|4,|4a|βt|4α_↓|4a|βt, |πyielding the univariate
13178 polynomial |εu(x|β1,|4a|β2,|4.|4.|4.|4,|4a|βt);
13180 |πthese irreducible polynomials play the role
13186 of |εp |πin the above discussion. (Note that
13194 |εv(x) |πmod |ε(x|4α_↓|4a) |πis |εv(a).{H12})
13199 {H10}|πWhen the integers |εa|β2,|4.|4.|4.|4,|4a|βt
13203 |πhave been chosen so that |εu(x|β1,|4a|β2,|4.|4.|4.|4,|4a|β
13208 t) |πhas the same degree in |εx|β1 |πas |εu(x|β1,|4x|β2,|4.|
13216 4.|4.|4,|4x|βt), |π an appropriate generalization
13221 of Hensel's Lemma will ``lift'' squarefree factorizations
13228 of this univariate polynomial to factorizations
13234 modulo |ε(x|β2|4α_↓|4a|β2)|gn|r,|4.|4.|4.|4,|4(x|βt|4α_↓|4a|
13235 βt)|gn|rt, |πwhere |εn|βj |πis the degree of
13242 |εx|βj |πin |εu; |πat the same time we work also
13252 modulo an apprppriate integer prime |εp. |πAs
13259 many as possible of the |εa|βj |πshould be zero,
13268 so that sparseness of the intermediate results
13275 is retained. For details, see P. S. Wang and
13284 L. P. Rothschild, |εMath. comp. |≡2|≡9 (1975),
13291 935<950, |πin addition to the papers by Musser
13299 and by Moses and Yun cited earlier.|'{A24}|∨E|∨X|∨E|∨R|∨C|∨I
13306 |∨S|∨E|∨S|'{A12}{H9L11M29}|9|1|≡1|≡.|9|1|1|1|1[|εM|*/|↔P|↔M|\
13307 ] |πLet |εp |πbe prime. What is the probability
13316 that a random polynomial of degree |εn |πhas
13324 a linear factor (a factor of degree 1), when
13333 |εn|4|¬R|4p? |π(Assume that each of the |εp|gn
13340 |πmonic polynomials modulo |εp |πis equally probable.)|'
13347 {A3}|9|1|≡2|≡.|9|4[|εM|*/|↔P|↔C|\] |π(a) Show
13350 that any monic polynomial |εu(x), |πover a unique
13358 factorization domain, may be expressed uniquely
13364 in the form|'{A6}|εu(x)|4α=↓|4v(x)|g2w(x),|;{A6}|πwhere
13369 |εw(x) |πis squarefree (has no factor of positive
13377 degree of the form |εd(x)|g2{H12}){H10} |πand
13383 both |εv(x) |πabd |εw(x) |πare monic.|'{H9L11}!!|1|1b)
13390 (E. R. Berlekamp.) How many monic polynomials
13397 of degree |εn |πare squarefree modulo |εp, |πwhen
13405 |εp |πis prime?|'{A3}|9|1|≡3|≡. [|εM|*/|↔P|↔C|\]
13410 |πLet |εu|β1(x),|4.|4.|4.|4,|4u|βr(x) |πbe polynomials
13414 over a _eld |εS, |πwith |εu|βj(x) |πrelatively
13421 prime to |εu|βk(x) |πfor all |εj|4|=|↔6α=↓|4k.
13427 |πFor any given polynomials |εw|β1(x),|4.|4.|4.|4,|4w|βr(x)
13432 |πover |εS, |πprove that there is a unique polynomial
13441 |εv(x) |πover |εS |πsuch that|'{A6}deg|ε(v)|4|¬W|4|πdeg|ε(u|
13446 β1)|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4|πdeg(|εu|βr)|;
13447 {A6}|πand|'|εv(x)|4|"o|4w|βj(x)!!{H12}({H10}|πmodulo|4|εu|βj
13448 (x){H12})|;{H10}{A6}|πfor |ε1|4|↔E|4j|4|↔E|4r.
13451 |π(Compare with Theorem 4.3.2C.)|'{A3}|9|1|≡4|≡.|9|4[|εHM|*/|
13455 ↔P|↔l|\] |πLet |εa|βn|βp |πbe the number of monic
13463 irreducible polynomials of degree |εn, |πmodulo
13469 a prime |εp. |πFind a formula for the generating
13478 function |εG|βp(z)|4α=↓|4|¬K|βn|4a|βn|βpz|gn.
13480 [Hint|*/:|\ |πProve the following identity connecting
13486 power series: |εf|1(z)|4α=↓|4|¬K|βj|β|¬R|β1|4|≤m(n)|1f|1(z|g
13488 n)/n|gt.] |πWhat is lim|ε|βp|β|¬N|β|¬Xa|βn|βp/p|gn?|'
13492 {A3}|9|1|≡5|≡.|9|4[HM|*/|↔L|↔c|\] |πLet |εA|βn|βp
13495 |πbe the average number of factors of a randomly
13504 selected polynomial of degree |εn, |πmodulo a
13511 prime |εp. |πShow that|'{A6}lim|ε|βp|β|¬N|β|¬X|4A|βn|βp|4α=↓
13515 |4H|βn.|;{A6}|πWhat is the limiting average value
13522 of 2|ε|gr, |πwhen there are |εr |πfactors?|'{A3}|9|1|≡6|≡.|9
13529 |4[|εM|*/|↔P|↔O|\] |π(J. L. Lagrange, 1771.) Prove
13535 the congruence (9). [|εHint|*/: |\|πFactor |εx|gp|4α_↓|4x
13541 |πin the _eld of |εp |πelements.]|'{A3}|9|1|≡7|≡.|9|4[|εM|*/|
13547 ↔P|↔P|\] |πProve Eq. (14).|'{A3}|9|1|≡8|≡.|9|4[|εHM|*/|↔P|↔c|
13551 \] |πHow can we be sure that the vectors output
13561 by Algorithm N are linearly independent?|'{A3}|9|1|≡9|≡.|9|4
13567 [|ε|*/|↔P|↔c|\] |πExplain how to construct a table
13574 of reciprocals mod 101 in a simple way, given
13583 that 2 is a primitive root of 101.|'{A3}|≡1|≡0|≡.|9|4[|ε|*/|↔
13591 P|↔O|\] |πFind the complete factorization of
13597 the polynomial |εu(x) |πin (21), modulo 2, using
13605 Berlekamp's procedure.|'{A3}|≡1|≡1|≡.|9|4[|ε|*/|↔P|↔P|\]
13608 |πFind the complete factorization of the polynomial
13615 |εu(x) |πin (21), modulo 5.|'{A3}|≡1|≡2|≡.|9|4[|εM|*/|↔P|↔P|\
13620 ] |πUse Berlekamp's algorithm to determine the
13627 number of factors of |εu(x)|4α=↓|4x|g4|4α+↓|41
13632 |πmodulo |εp, |πfor all primes |εp. [Hint|*/:
13639 |\|πConsider the cases |εp|4α=↓|42, p|4α=↓|48k|4α+↓|41,
13644 p|4α=↓|48k|4α+↓|43, p|4α=↓|48k|4α+↓|45, p|4α=↓|48k|4α+↓|47
13647 |πseparately; what is the matrix |εQ? |πYou need
13655 not discover the factors; just determine how
13662 many there are.]|'{A3}|≡1|≡3|≡.|9|4[|εM|*/|↔P|↔C|\]
13666 |πGive an explicit formula for the factors of
13674 |εx|g4|4α+↓|41, |πmodulo |εp, |πfor all primes
13680 |εp, |πin terms of the quantities {U19}|→α_↓1|),
13687 {U19}2, {U19}|→α_↓2|) (if such quantities exist
13693 modulo |εp).|'{A2}|≡1|≡4|≡.|9|4[M|*/|↔L|↔c|\]
13696 |πAssuming that each linear factor |εx|4α_↓|4s|βi
13702 |πof |εw(x) |πhas probability |f1|d32|) of dividing
13709 |ε(x|4α_↓|4t)|g(|gp|gα_↓|g1|g)|g/|g2|4α_↓|41,
13710 |πfor each |εt, |πindependent of the other |εs|βj
13718 |πand the behavior for other values of |εt, |πestimate
13727 the running time needed to factor |εw(x) |πcompletely
13735 using (20).|'{A3}|≡1|≡5|≡.|9|4[|εM|*/|↔P|↔p|\]
13738 |πDesign an algorithm to calculate the ``square
13745 root'' of a given integer |εu |πmodulo a given
13754 prime |εp, |πi.e., to _nd an integer |εU |πsuch
13763 that |εU|g2|4|"o|4u |π(modulo |εp) |πwhenever
13768 such a |εU |πexists. Your algorithm should be
13776 e∃cient even for very large primes |εp. |π(A
13784 solution to this problem leads to a procedure
13792 for solving any quadratic equation modulo |εp,
13799 |πusing the quadratic formula in the usual way.)|'
13807 {A3}|≡1|≡6|≡.|9|4[|εM|*/|↔L|↔c|\] |πGiven that
13810 |εf|1(x) |πis an irreducible polynomial modulo
13816 a prime |εp, |πof degree |εn, |πprove that the
13825 |εp|gn |πpolynomials of degree less than |εn
13832 |πform a _eld under arithmetic modulo |εf|1(x)
13839 |πand |εp. (Note|*/: |\|πThe existence of irreducible
13846 polynomials of each degree is proved in exercise
13854 4; therefore _elds with |εp|gn |πelements for
13861 all primes |εp |πand all |εn|4|¬R|41.)|'|Hβ{U0}{H10L12M29}58
�folio 568 galley 15
13867 320#Computer Programming!(A.-W./Knuth)!ch. 4!f.
13870 568!g. 14|'{A12}{H9L11M29}|π!!|1|1b)|9Show that
13874 any _eld with |εp|gn |πelements has ``primitive
13881 root`` element |ε|≤j |πsuch that the elements
13888 of the _eld are |¬T0,|41,|4|ε|≤j,|4|≤j|g2,|4.|4.|4.|4,|4|≤j|
13892 gp|ip|gα_↓|g2|¬Y.|'!!|1|1|1|1c)|9|πIf |εf|1(x)
13895 |πis an irreducible polynomial modulo |εp, |πof
13902 degree |εn, |πprove that |εx|gp|im|4α_↓|4x |πis
13908 divisible by |εf|1(x) |πif and only if |εm |πis
13917 a multiple of |εn.|'{A3}|≡1|≡7|≡.|9|4[M|*/|↔P|↔L|\]
13922 |πLet |εF |πbe a _eld with 13|g2 elements. How
13931 many elements of |εF |πhave order |εf, |πfor
13939 each integer |εf |πwith |ε1|4|¬E|4f|4|¬W|413|g2?
13944 |π(The ``order'' of an element |εa |πis the least
13953 positive integer |εm |πsuch that |εa|gm|4α=↓|41.)|'
13959 {A3}|≡1|≡8|≡.|9|4[M|*/|↔P|↔C|\] |πLet |εu(x)|4α=↓|4u|βnx|gn|4
13961 α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4u|β0, u|βn|4|=|↔6α=↓|40,
13963 |πbe a primitive polynomial with integer coe∃cients,
13970 and let |εv(x) |πbe the monic polynomial de_ned
13978 by|'{A6}|εv(x)|4α=↓|4u|urnα_↓1|)n|)|4|¬O|4u(x/u|βn)|4α=↓|4x|
13979 gn|4α+↓|4u|βn|βα_↓|β1x|gn|gα_↓|g1|4α+↓|4u|βn|βα_↓|β2u|βnx|gn
13979 |gα_↓|g2|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1u|β0u|urnα_↓1|)n|).|;
13980 {A6}|π(a) Given that |εv(x) |πhas the complete
13987 factorization |εp|β1(x)|4|¬O|4|¬O|4|¬O|4p|βr(x)
13989 |πover the integers, where each |εp|βj(x) |πis
13996 monic, what is the complete factorization of
14003 |εu(x) |πover the integers? (b) If |εw(x)|4α=↓|4x|gm|4α+↓|4w
14009 |βm|βα_↓|β1x|gm|gα_↓|g1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4w|β0
14010 |πis a factor of |εv(x), |πprove that |εw|βk
14018 |πis a multiple of |εu|urmα_↓1α_↓k|)n|) |πfor
14024 |ε0|4|¬E|4k|4|¬W|4m.|'{A3}|≡1|≡9|≡.|9|4[M|*/|↔P|↔c|\]
14026 (Eisenstein's criterion.) |πPerhaps the best-known
14031 class of irreducible polynomials over the integers
14038 was introduced by G. Eisenstein in |εJ. f|=4ur
14046 die reine und angew. Math. |≡3|≡9 (1850), 166<167:
14054 |πLet |εp |πbe prime and let |εu(x)|4α=↓|4u|βnx|gn|4α+↓|1|1|
14060 ¬O|4|¬O|4|¬O|1|1α+↓|4u|β0 |πhave the following
14064 properties: (i) |εu|βn |πis not divisible by
14071 |εp; |π(ii) |εu|βn|βα_↓|β1,|4.|4.|4.|4,|4u|β0
14074 |πare divisible by |εp; |π(iii) |εu|β0 |πis not
14082 divisible by |εp|g2. |πShow that |εu(x) |πis
14089 irreducible over the integers.|'{A3}|≡2|≡0|≡.|9|4|ε[M|*/|↔P|↔
14093 l|\] |πIf |εu(x)|4α=↓|4u|βnx|gn|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓
14095 |4u|β0 |πis any polynomial over the complex numbers,
14103 let |ε|¬Gu|¬G|4α=↓|4(|¬Gu|βn|¬G|g2|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1
14104 α+↓|4|¬Gu|β0|¬G|g2)|g1|g/|g2. |π(a) Let |εg(x)|4α=↓|4(x|4α_↓
14107 |4|≤a)u(x) |πand |εh(x)|4α=↓|4(|=3|≤ax|4α_↓|41)u(x),
14110 |πwhere |ε|≤a |πis any complex number. Prove
14117 that |ε|¬Gg|¬G|4α=↓|4|¬Gh|¬G. |π(b) Let the complete
14123 factorization of |εu(x) |πover the complex numbers
14130 be |εu(x)|4α=↓|4u|βn(x|4α_↓|4|≤a|β1)|4|¬O|4|¬O|4|¬O|4(x|4α_↓
14131 |4|≤a|βn), |πand write |εM(u)|4α=↓|4|≥7|β1|β|¬E|βj|β|¬E|βn|4
14134 |πmax(1,|4|ε|≤a|βj|¬G). |πProve that |εM(u)|4|¬E|4|¬Gu|¬G/|¬
14137 Gu|βn|¬G. |π(c) Show that |ε|¬Gu|βj|¬G|4|¬E|4|¬Gu|βn|¬G{H12}
14141 ({H9}(|fnα_↓1|d5j|))M(u)|4α+↓|4(|fnα_↓1|d5jα_↓1|)){H12})
14142 {H9}|πfor |ε0|4|¬E|4j|4|¬E|4n. |π(d) Combine
14146 these results to prove that if |εu(x)|4α=↓|4v(x)w(x)
14153 |πand |εv(x)|4α=↓|4v|βmx|gm|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4v|
14154 β0, |πwhere |εu, v, w |πall have integer coe∃cients,
14163 the coe∃cients of |εv |πare bounded by|'{A6}|ε|¬Gv|βj|¬G|4|¬
14170 E|4(|fmα_↓1|d5j|)|¬Gu|¬G|4α+↓|4(|fmα_↓1|d5jα_↓1|))|¬Gu|βn|¬G
14170 .|;{A6}|≡2|≡1|≡.|9|4[HM|*/|↔L|↔c|\] |πThe purpose
14174 of this exercise is to obtain useful bounds on
14183 the coe∃cients of |εmultivariate |πpolynomials
14188 factors over the integers. Given a polynomial
14195 |εu(x|β1,|4.|4.|4.|4,|4x|βt) |πover the complex
14199 numbers, let |ε|¬Gu|¬G |πbe |ε(|¬K|4|¬Gu|ur|)j,|4.|4.|4.|4,|
14203 4j|βt|)|¬G|g2)|g1|g/|g2 |πsummed over all the
14208 coe∃cients. Let |εe(x)|4α=↓|4e|ur2|≤pix|)|).
14211 |π(a) Prove that|'{A6}|ε|¬Gu|¬G|4α=↓|4|↔j|ur1|)0|)|4|¬O|4|¬O
14214 |4|¬O|4|↔j|ur1|)0|)|¬Gu{H12}({H9}e(|≤'),|4.|4.|4.|4,|4e(|≤'|
14214 βt){H12}){H9}|¬G|g2|4d|≤u|βt|4|¬O|4|¬O|4|¬O|4d|≤u|β1.|;
14215 {A6}|π(b) Let |εu(x)|4α=↓|4v(x)w(x), |πwhere
14219 deg|ε(v)|4α=↓|4m |πand deg|ε(w)|4α=↓|4k. |πUse
14223 the results of exercise 20 to show that |ε|¬Gv|¬G|¬Gw|¬G|4|¬
14231 E|4f|1(m,|4k))|g1|g/|g3|¬Gu|¬G, |πwhere |εf|1(m,|4k)|4α=↓|4(
14233 |f2m|d5m|))(|f2k|d5k|)). |π(c) Let |εu(x|β1|β,|4.|4.|4.|4,|4
14236 x|βt)|4α=↓|4v(x|β1,|4.|4.|4.|4,|4x|βt)w(x|β1,|4.|4.|4.|4,|4x
14236 |βt), |πwhere |εv |πand |εw |πhave the respective
14244 degrees |εm|βj |πand |εk|βj |πin |εx|βj. |πProve
14251 that|'{A6}|ε|¬Gv|¬G|¬Gw|¬G|4|¬E|4{H12}({H9}|1f|1(m|β1,|4k|β1
14252 )|4|¬O|4|¬O|4|¬O|4f|1(m|βt,|4k|βt){H12}){H9}|g1|g/|g2|¬Gu|¬G
14252 .|;{A6}|≡2|≡2|≡.|9|4[|εM|*/|↔P|↔M|\] (Hensel's
14255 Lemma.) |πLet |εu(x), v|βe(x), w|βe(x), a(x),
14261 b(x) |πbe polynomials with integer coe∃cients,
14267 satisfying the relations|'{H9L11M29}{A6}|εu(x)|4|"o|4v|βe(x)
14270 w|βe(x)!(|πmodulo|4|εp|ge),!!a(x)v|βe(x)|4α+↓|4b(x)w|βe(x)|4
14270 |"o|41!(|πmodulo|4|εp),|;{A6}|πwhere |εp |πis
14274 prime, |εe|4|¬R|41, v|βe(x) |πis monic, deg(|εa)|4|¬W|4|πdeg
14279 (|εw|βe), |πdeg|ε(b)|4|¬W|4|πdeg(|εv|βe), |πand
14282 deg|ε(u)|4α=↓|4|πdeg|ε(v|βe)|4α+↓|4|πdeg(|εw|βe).
14283 |πShow how to compute polynomials |εv|βe|βα+↓|β1(x)|4|"o|4v|
14288 βe(x) |πand |εw|βe|βα+↓|β1(x)|4|"o|4w|βe(x) |π(modulo
14292 |εp|ge), |πsatisfying the same conditions with
14298 |εe |πincreased by 1. Furthermore, prove that
14305 |εv|βe|βα+↓|β1(x) |πand |εw|βe|βα+↓|β1(x) |πare
14309 unique, modulo |εp|ge|gα+↓|g1.|'|π!!|1|1Use your
14314 method for |εp|4α=↓|42 |πto prove that (21) is
14322 irreducible over the integers, starting with
14328 its factorization mod 2 found in exercise 10.
14336 [Note that Euclid's extended algorithm, exercise
14342 4.6.1<3, will get the process started for |εe|4α=↓|41.]|'
14350 {A3}|≡2|≡3|≡.|9|4[HM|*/|↔P|↔L|\] |πLet |εu(x)
14353 |πbe a primitive polynomial with integer coe∃cients,
14360 which is ``squarefree.'' {H11}({H9}Cf. exercise
14365 2; the latter condition is equivalent to saying
14373 that gcd{H11}({H9}|εu(x),u|¬S(x){H11}){H9}|4α=↓|41.{H11}){H9
14374 } |πProve the there are only _nitely many primes
14383 |εp |πsuch that |εu(x) |πis not squarefree modulo
14391 |εp.|'{A3}|≡2|≡4|≡.|9|4[M|*/|↔P|↔c|\] |πThe text
14395 speaks only of factorization over the integers,
14402 not over the _eld of rational numbers. Explain
14410 how to _nd the complete factorization of a polynomial
14419 with rational coe∃cients, over the _eld of rational
14427 numbers.|'{A3}|≡2|≡5|≡.|9|4|ε[M|*/|↔P|↔C|\] |πWhat
14430 is the complete factorization of |εx|g5|4α+↓|4x|g4|4α+↓|4x|g
14435 2|4α+↓|4x|4α+↓|42 |πover the _eld of rational
14441 numbers?|'{A3}|≡2|≡6|≡.|9|4[|ε|*/|↔P|↔c|\] |πLet
14444 |εd|β1,|4.|4.|4.|4,|4d|βr |πbe the degrees of
14449 the irreducible factors of |εu(x) |πmodulo |εp,
14456 |πwith proper multiplicity, so that |εd|β1|4α+↓|1|1|¬O|4|¬O|
14461 4|¬O|1|1α+↓|4d|βr|4α=↓|4n|4α=↓|4|πdeg|ε(u). |πExplain
14463 how to compute the set |¬Tdeg|ε(v)|4{H12}|¬G|4{H9}u(x)|4|"o|
14468 4v(x)w(x) |πmodulo |εp |πfor some |εv(x), w(x)|¬Y
14475 |πby performing |εO(r) |πoperations on binary
14481 bit strings of length |εn.|'{A3}|≡2|≡7|≡.|9|4[HM|*/|↔L|↔c|\]
14487 |πProve that a random primitive polynomial over
14494 the integers is ``almost always'' irreducible,
14500 in soje appropriate sense.|'{A3}|≡2|≡8|≡.|9|4[|εM|*/|↔O|↔l|\]
14504 |πTrue or false: If the complete factorization
14512 of |εu(x) |πmodulo |εp |πis |εp|β1(x)|ge|r1|4|¬O|4|¬O|4|¬O|4
14517 p|βr(x)|ge|rr |πand if |εu(x)|4|=|↔6α=↓|40, |πthen
14522 |εu(x)/|πgcd{H11}({H9}|εu(x), u|¬S(x){H11}){H9}|4α=↓|4p|β1(x
14523 )|4|¬O|4|¬O|4|¬O|4p|βr(x).|'{A3}|π|≡2|≡9|≡.|9|4[|εM|*/|↔P|↔O|
14524 \] |π(J. Moses and D. Y. Y. Yun.) Given an algorithm
14535 for evaluating |εd(x)|4α=↓|4|πgcd{H11}({H9}|εu(x),
14538 v(x){H11}){H9} |πsubject to condition (26), show
14544 how to compute the gcd in general (for polynomials
14553 over the integers).|'{A3}|≡3|≡0|≡.|9|4|ε[M|*/|↔P|↔C|\]
14557 |πWhat is the probability that the distinct degree
14565 factorization will completely factor a random
14571 polynomial of degree |εn, |πmodulo |εp, |πfor
14578 _xed |εn |πas |εp|4|¬M|4|¬X?|'{A3}|≡3|≡1|≡.|9|4[M|*/|↔M|↔p|\]
14582 |π(V. Pratt.) If possible, _nd a way to construct
14592 proofs of irre{U0}{H10L12M29}58320#Computer Programming!(A.-
�folio 570 galley 16
14595 W./Knuth)!ch. 4!f. 570!g. 16B|'{A18}|∨4|∨.|∨6|∨.|∨3|9|∨E|∨v|
14599 ∨a|∨l|∨u|∨a|∨t|∨i|∨o|∨n|9|∨o|∨f|9|∨P|∨o|∨w|∨e|∨r|∨s|'
14600 {A6}In this section we shall study the interesting
14608 problem of computing |εx|gn |πe∃ciently, given
14614 |εx |πand |εn, |πwhere |εn |πis a positive integer.
14623 Suppose, for example, that we are asked to compute
14632 |εx|g1|g6; |πwe could simply start with |εx |πand
14640 multiply by |εx |π_fteen times. But is is possible
14649 to obtain the same answer with only four multiplications,
14658 if we repeatedly take the square of each partial
14667 result, successively forming |εx|g2, x|g4, x|g8,
14673 x|g1|g6.|'|π!|4|4|4|4The same idea applies, in
14679 general, to any value of |εn, |πin the following
14688 way: Write |εn |πin the binary number system
14696 (suppressing zeros at the left). Then replace
14703 each ``1'' by the pair of letters SX, replace
14712 each ``0'' by S, and cross o= the ``SX'' which
14722 now appears at the left. The result is a rule
14732 for computing |εx|gn, |πif ``S'' is interpreted
14739 as the operation of |εsquaring, |πand if ``X''
14747 is interpreted as the operation of |εmultiplying
14754 by x. |πFor example, if |εn|4α=↓|423, |πits binary
14762 representation is 10111; so we form the sequence
14770 SX S SX SX SX and remove the leading SX to obtain
14782 the rule SSXSXSX. This rule states that we should
14791 ``square, square, multiply by |εx, |πsquare,,
14797 multiply by |εx, |πsquare, and multiply by |εx'';
14805 |πin other words, we should successively compute
14812 |εx|g2, x|g4, x|g5, x|g1|g0, x|g1|g1, x|g2|g2,
14818 x|g2|g3.|'|π!|4|4|4|4This ``binary method'' is
14823 easily justi_ed by a consideration of the sequence
14831 of exponents in the calculation: If we reinterpret
14839 ``S'' as the operation of multiplying by 2 and
14848 ``X'' as the operation of adding 1, and if we
14858 start with 1 instead of |εx, |πthe rule will
14867 lead to a computation of |εn |πbecause of the
14876 properties of the binary number system. The method
14884 is quite ancient; it appeared before 200|4{H7}B{H10}.{H7}C{H
14890 10}. in Pingala's Hindu classic Chandah-s|=7utra
14896 [see B. Datta and A. N. Singh, |εHistory of Hindu
14906 Mathematics |π|≡1 (Bombay, 1935), 76]; however,
14912 there seem to be no other references to this
14921 method outside of India during the next 2000
14929 years*3|'!|4|4|4|4The S-and-X binary method for
14935 obtaining |εx|gn |πrequires no temporary storage
14941 except for |εx |πand the current partial result,
14949 so it is well suited for incorporation in the
14958 hardware of a binary computer. The mthod can
14966 also be readily programmed for wither binary
14973 or decimal computers; but it requires that the
14981 binary representation of |εn |πbe scanned from
14988 left to right, while it is usually more convenient
14997 to do this from right to left. For example, with
15007 a binary computer we can shift the binbary value
15016 of |εn |πto the right one bit at a time until
15027 zero is reached; with a decimal computer we can
15036 divide by 2 (or, equivalently, multiply by 5
15044 or |f1|d32|)) to deduce the binary representation
15051 from right to left. Therefore the following algorithm
15059 , based on a right-to-left scan of the number,
15068 is often more convenient:→|'{A12}|≡A|≡l|≡g|≡o|≡r|≡i|≡t|≡h|≡m
15072 |≡A (|εRight-to-left binary method for exponentiation).|9|4
15078 |πThis algorithm evaluates |εx|gn, |πwhere |εn
15084 |πis a positive integer. (Here |εx |πbelongs
15091 to any algebraic system in which an associative
15099 multiplication, with identity element 1, has
15105 been de_ned.)|'{A6}{H9}|≡F|≡i|≡g|≡. |≡1|≡2|≡.|9|4Evaluation
15109 of |εx|gn, |πbased on a right-to-left scan of
15117 the binary notation for |εn.|;{A4}{H10}{I1.8H}|π|≡A|≡1|≡.|9[
15122 Initialize.] Set |εN|4|¬L|4n, Y|4|¬L|41, Z|4|¬L|4x.|'
15127 {A3}|π|≡A|≡2|≡.|9[Halve |εN.] |π(At this point,
15132 we have the relation |εx|gn|4α=↓|4Y|4|¬O|4Z|gn.)
15137 |πSet |εN|4|¬L|4|"lN/2|≡L, |πand at the same
15143 time determine whether |εN |πwas even or odd.
15151 If |εN |πwas even, skip to step A5.|'{A3}|≡A|≡3|≡.|9[Multipl
15159 y |εY |πby |εZ.] |πSet |εY|4|¬L|4Z |πtimes |εY.|'
15167 |π{A3}|≡A|≡4|≡.|9[|εN|4α=↓|40?] |πIf |εn|4α=↓|40,
15170 |πthe algorithm terminates, with |εY |πas the
15177 answer.|'{A3}|≡A|≡5|≡.|9[Square |εZ.] |πSet |εZ|4|¬L|4Z
15182 |πtimes |εZ, |πand return to step A2.|'{A12}{IC}!!|4|4|4As
15190 an example of Algorithm A, consider the steps
15198 in the evaluation of |εx|g2|g3:|'{A6}|∂!!!!!!!!!|∂!!!|∂!!!|∂
15203 !!!|∂|E|;|>|;N|;Y|;Z|;>{A3}|>|πAfter|4step|4A1|'
15212 23|;|9|4|1|11|'|9|4|1|1|εx|'>|>|πAfter|4step|4A4|'
15218 11|;|9|4|1|1|εx|'|9|4|1|1x|'>|>|πAfter|4step|4A4|'
15224 |9|15|;|9|4|1|1|εx|g3|'|9|1|1|4x|g2|'>|>|πAfter|4step|4A4|'
15230 |9|12|;|ε|9|4|1|1x|g7|'|9|4|1|1x|g4|'>|>|πAfter|4step|4A4|'
15236 |9|10|;|ε|9|4|1|1x|g2|g3|'|9|4|1|1x|g1|g6|'>{A6}|πA
15241 |¬m|¬i|¬x program corresponding to Algorithm
15246 A appears in exercise 2.|'{A6}!|4|4|4|4The great
15253 calculator al-Kash7i stated Algorithm A about
15259 1414|4{H7}A{H10}.{H7}D{H10}. [|εIstoriko-Mat.
15261 Issledovaniya |≡7 (1954), 256<257]. |πIt is closely
15268 related to a procedure for multiplication which
15275 was used by Egyptial mathematicians as early
15282 as 1800|4{H7}B{H10}.{H7}C{H10}. If we change
15287 step A3 to |ε``Y|4|¬L|4Y|4α+↓|4Z'' |πand step
15293 A5 to ``|εZ|4|¬L|4Z|4α+↓|4Z'', |πand if we set
15300 |εY |πto zero instead of unity in step A1, the
15310 algorithm terminates with |εY|4α=↓|4nx. |πThis
15315 is a practical method for multiplication by hand,
15323 since it involves only the simple operations
15330 of doubling, halving, and adding. It is often
15338 called the ``Russian peasant method'' of multiplication,
15345 since Western visitors to Russia in the nineteenth
15353 century found the method in wide use there.|'
15361 !|4|4|4|4The number of multiplications required
15366 by Algorithm A is |"llg|4|εn|"L|4α+↓|4|≤n(n),
15371 |πwhere |ε|≤n(n) |πis the number of ones in the
15380 binary representation of |εn. |πThis is one more
15388 multiplication than the left-to-right binary
15393 method mentioned at the beginning of this section
15401 would require, due to the fact that the _rst
15410 execution of step A3 is simply a multiplication
15418 by unity.|'!|4|4|4|4Because of the bookkeeping
15424 time required by this algorithm, the binary method
15432 is usually not of importance for small values
15440 of |εn, |πsay |εn|4|¬E|410, |πun_ess the time
15447 for a multiplication is comparatively large.
15453 If the value of |εn |πis known in advance, the
15463 left-to-right binary method is preferable. In
15469 some situations, such as the calculation of |εx|gn
15477 |πmod |εu(x) |πdiscussed in Section 4.6.2, it
15484 is much easier to multiply by |εx |πthan to perform
15494 a general multiplication or to square a value,
15502 so binary methods for exponentiation are primarily
15509 suited for quite large |εn |πin such cases. If
15518 we wish to calculate the exact multiple-precision
15525 value of |εx|gn, |πwhen |εx |πis an integer |→|¬Q1,
15534 binary methods are no help unless |εn |πis so
15543 huge that the high-speed multiplication routines
15549 of Section 4.3.3 are involved; and such applications
15557 are rare. Similarly, binary methods are usually
15564 inappropriate for raising a polynomial to a power;
15572 see R. J. Fateman, |εSIAM J. Compting |≡3 (1974),
15581 196<213, |πfor a discussion of the extensive
15588 literature on polynomial exponentiation. The
15593 point of these remarks is that binary methods
15601 are nice, but not a panacea. They are most applicable
15611 when the time to multiply |εx|gj|4|¬O|4x|gk |πis
15618 essentially independent of |εj |πand |εk |π(e.g.,
15625 for ⊗oeating-point multiplication, multiplication
15629 mod |εm); |πthen the running time is reduced
15637 from order |εn |πto order |πlog |εn.|'|π{A12}|≡F|≡e|≡w|≡e|≡r
15644 |≡m|≡u|≡l|≡t|≡i|≡p|≡l|≡i|≡c|≡a|≡t|≡i|≡o|≡n|≡s|≡.|9|4Several
15645 authors have published statements (without proof)
15652 that the binary method actually gives the |εminimum
15660 |πpossible number of multiplications. But this
15666 is not rue. The smallest counterexample is |εn|4α=↓|415,
15674 |πwhen the binary method needs 6 multiplications,
15681 yet we can calculate |εy|4α=↓|4x|g3 |πin two
15688 multiplications and |εx|g1|g5|4α=↓|4y|g5 |πin
15692 three more, achieving the desired result with
15699 only 5 multiplications. Let us now discuss some
15707 other procedures for evaluating |εx|gn, |πwhich
15713 are appropriate in situations (e.g., within an
15720 optimizing compiler) when |εn |πis known in advance.|'
15728 !|4|4|4|4The |εfactor method |πis based on a
15735 factorization of |εn. |πIf |εn|4α=↓|4pq, |πwhere
15741 |εp |πis the smallest prime factor of |εn |πand
15750 |εq|4|¬Q|41, |πwe may calculate |εx|gn |πby _rst
15757 calculating |εx|gp |πand then raising this quantity
15764 to the |εq|πth power. If |εn |πis prime, we may
15774 calculate |εx|gn|gα_↓|g1 |πand multiply by |εx.
15780 |πAnd, of course, if |εn|4α=↓|41, |πwe have |εx|gn
15788 |πwith no calculation at all. Repeated application
15795 of these rules gives a procedure for evaluating
15803 |εx|gn, |πfor any given |εn. |πFor example, if
15811 we want to calculate |εx|g5|g5, |πwe _rst evaluate
15819 |εy|4α=↓|4x|g5|4α=↓|4x|g4x|4α=↓|4(x|g2)|g2x;
15820 |πthen we form |εy|g1|g1|4α=↓|4y|g1|g0y|4α=↓|4(y|g2)|g5y.
15824 |πThe whole process takes eight multiplications,
15830 while the binary method would have required nine.
15838 The factor method is better than the binary method
15847 on the average, but there are cases (|εn|4α=↓|433
15855 |πis the smallest example) where the binary method
15863 excels.|'!|4|4|4|4The binary method can be generalized
15870 to an |εm-ary method |πas follows: Let |εn|4α=↓|4d|β0m|gt|4α
15877 +↓|4d|β1m|gt|gα_↓|g1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4d|βt,
15878 |πwhere |ε0|4|¬E|4d|βj|4|¬W|4m |πfor |ε0|4|¬E|4j|4|¬E|4t.
15882 |πThe computation begins by forming |εx, x|g2,
15889 x|g3,|4.|4.|4.|4,|4x|gm|gα_↓|g1. |π(Actually,
15891 only those powers |εx|gd|rj, |πfor |εd|βj |πin
15898 the representation of |εn, |πare needed, and
15905 this observation often saves some of the work.)
15913 Then raise |εx|gd|r0 |πto the |εm|πth power and
15921 multiply by |εx|gd|r1; |πwe have computed |εy|β1|4α=↓|4x|gd|
15927 r0|gm|gα+↓|gd|r1. |πNext, raise |εy|β1 |πto the
15933 |εm|πth power and multiply by |εx|gd|r2, |πobtaining
15940 |εy|β2|4α=↓|4x|urd|β0m|g2α+↓d|β1mα+↓d|β2|)|).
15941 |πThe process continues in this way until |εy|βt|4α=↓|4x|gn
15949 |πhas been computed. Whenever |εd|βj|4α=↓|40,
�folio 574 galley 17 WARNING: Much of this tape unreadable!
15954 |πit is, of course, unnecessary to multiply by
15962 |εx|gd|rj. |πNote that this method reduces to
15969 the left-to-right binary method discussed earlier,
15975 when |εm|4α=↓|42; |πbut no right-to-left |εm-|πary
15981 method will give as few multiplications when
15988 |εm|4|¬Q|42. |πIf |εm |πis a small prime, the
15996 |εm-|πary method will be particularly e∃cient
16002 for calculating powers of one polynomial 58320#Computer
16009 Programming!(A.-W./Knuth)!ch. 4!f. 574!g. 17B|'
16013 {A12}!|4|4|4|4A systematic method which gives
16018 the minimum number of multiplications for all
16025 of the relatively small values of |εn |π(in particular,
16034 for most |εn |πwhich occur in practical applications)
16042 is indicated in Fig. 13. To calculate |εx|gn,
16050 |π_nd |εn |πin this tree, and the path from the
16060 root to |εn |πindicates the sequence of expondnts
16068 whic occur in an e∃cient evaluation of |εx|gn.
16076 |πThe rule for generating this ``power tree''
16083 appears in exercise 5. Computer tests have shown
16091 that the power tree gives optimal results for
16099 all of the |εn |πlisted in the _gure. But for
16109 large enough values of |εn |πthe power tree method
16118 is not always an optimal procedure; the smallest
16126 examples are |εn|4α=↓|477, 154, 233. |πThe _rst
16133 case for which the power tree is superior to
16142 both the binary method and the factor method
16150 is |εn|4α=↓|423.|'{A6}*?*?*?|≡A|≡d|≡d|≡i|≡t|≡i|≡o|≡n
16153 |≡c|≡h|≡a|≡i|≡n|≡s|≡.|9|4The most economical
16156 way to compute |εx|gn |πby multiplication is
16163 a mathematical problem with an interesting history.
16170 We shall now examine it in detail, not only because
16180 it is interestin its own right, but because it
16189 is an excellent example of the theoretical questions
16197 which arise in a study of ``optimal methods of
16206 computation.''|'!|4|4|4|4Although we are concerned
16211 with multiplication of powers of |εx, |πthe problem
16219 can easily {A6}|εl(mn)|4|¬E|4l(m)|4α+↓|4l(n),|J!(3)|;
16222 {A6}|πsince we can take the chains 1, |εa|β1,|4.|4.|4.|4,|4a
16229 |βr|4α=↓|4m |πand |ε1, b|β1,|4.|4.|4.|4,b|βs|4α=↓|4n
16233 |πand form the chain 1, |εa|β1,|4.|4.|4.|4,|4a|βr,
16239 a|βrb|β1,|4.|4.|4.|4,|4a|βrb|βs|4α=↓|4mn.|'|π!|4|4|4|4We
16241 can also recast the |εm-|πary method into addition-chain
16249 terminology. consider the case |εm|4α=↓|42|gk,
16254 |πand write |εn|4α=↓|4d|β0m|gt|4α+↓|4d|β1m|gt|gα_↓|g1|4α+↓|1
16256 |1|¬O|4|¬O|4|¬O|1|1α+↓|4d|gt |πin the m-ary number
16261 system; the corresponding addition chain takes
16267 the form|'{A6}!1,|42,|43,|4.|4.|4.|4,|4|εm|4α_↓|42,|4m|4α_↓|
16269 41,|'{A3}!!!2d|β0,|44d|β0,|4.|4.|4.|4,|4md|β0,|4md|β0|4α+↓|4
16270 d|β1,|'{A3}!!!!2(md|β0|4α+↓|4d|β1),|44(md|β0|4α+↓|4d|β1),|4.
16271 |4.|4.|4,|4m(md|β0|4α+↓|4d|β1),|4m|g2d|β0|4α+↓|4md|β1|4α+↓|4
16271 d|β2,|?{A3}!!!!!!!.|4.|4.|4,!!!!m|gtd|β0|4α+↓|4m|gt|gα_↓|g1d
16272 |β1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|4d|βt.!!!!(4)|?
16273 {A6}|πThe length of this chain is |εm|4α_↓|42|4α+↓|4(k|4α+↓|
16279 41)t; |πthis number can often be reduced by deleting
16288 certain elements of the _rst row which do not
16297 occur among the co∃cients |εd|βj, |πplus elements
16304 among |ε2d|β0, 4d|β0,|4.|4.|4. |πwhich already
16309 appear in the _rst row; and whenever a |εd|βj
16318 |πis zero, the step at the right end of the corresponding
16329 line may be dropped.|'|π!|4|4|4|4The simplest
16335 case of the |εm-|πary method is the binary method
16344 |ε(m|4α=↓|42), |πwhen the general scheme (4)
16350 simpli_es to the ``S'' and ``X'' rule mentioned
16358 at the beginning of this section: The binary
16366 addition chain for 2|εn |πis the binary chain
16374 for |εn |πfollowed by |ε2n; |πfor |ε2n|4α+↓|41
16381 |πit is the binary chain for |ε2n |πfollowed
16389 by |ε2n|4α+↓|41. |πFrom the binary method we
16396 conclude that|'{A6}|εl(2|ge|r0|4α+↓|42|ge|r1|4α+↓|1|1|¬O|4|¬
16398 O|4|¬O|1|1α+↓|42|ge|rt)|4|¬E|4e|β0|4α+↓|4t,!!|πif!!|εe|β0|4|
16398 ¬Q|4e|β1|4|¬Q|1|1|¬O|4|¬O|4|¬O|1|1|¬Q|4e|βt|4|¬R|40.|J!(5)|;
16399 {A6}|π!!|4|4|4|4Let us now de_ne auxiliary functions
16405 for convenience in our subsequent discussion:|'
16411 {A6}|h|ε|≤n(n)|4|∂α=↓|4|πnumber|4of|41's|4in|4the|4binary|4r
16411 epresentation|4of|4|εn.|E|n|;| |≤l(n)|4|Lα=↓|4|"l|πlg|4|εn|"
16412 L;|J!(6)>{A4}| |≤n(n)|4|Lα=↓|4|πnumber|4of|41's|4in|4the|4bi
16413 nary|4representation|4of|4|εn.|J!(7)>{A6}|πThus
16415 |ε|≤l(17)|4α=↓|44, |≤n(17)|4α=↓|42; |πthese functions
16419 may be de_ned by the recurrence relations|'|h|ε|≤n(1)|4|∂α=↓
16426 |41,!!|≤l(2n)|4|∂α=↓|4|≤n(n),!!|≤n(2n|4α+↓|41)|4α=↓|4|≤n(n)|
16426 4α+↓|41.|E|n|;{A6}| |≤l(1)|4|Lα=↓|40,| |≤l(2n)|4|Lα=↓|4|≤l(2
16427 n|4α+↓|41)|4α=↓|4|≤l(n)|4α+↓|41;|J!(8)>{A4}| |≤n(1)|4|Lα=↓|4
16428 1,| |≤n(2n)|4|Lα=↓|4|≤n(n),!!|≤n(2n|4α+↓|41)|4α=↓|4|≤n(n)|4α
16428 +↓|41.|J!(9)>{A6}In terms of these functions,
16434 the binary addition chain for |εn |πrequires
16441 |ε|≤l(n)|4α+↓|4|≤n(n)|4α_↓|41 |πsteps, and (5)
16445 becomes|'{A6}|εl(n)|4|¬E|4|≤l(n)|4α+↓|4|≤n(n)|4α_↓|41.|J!(10
16446 )|;{A12}|π|≡S|≡p|≡e|≡c|≡i|≡a|≡l |≡c|≡l|≡a|≡s|≡s|≡e|≡s
16449 |≡o|≡f |≡c|≡h|≡a|≡i|≡n|≡s|≡.|9|4We may assume
16453 without any loss of generality that an addition
16461 chain is ``ascending,''|'{A6}1|4α=↓|4a|β0|4|¬W|4a|β1|4|¬W|4a
16464 |β2|4|¬W|1|1|¬O|4|¬O|4|¬O|1|1|¬W|4a|βr|4α=↓|4n;|J!(11)|;
16465 {A6}for if any two |εa'|πs are equal, one of
16474 them may be fropped; and we can also rearrange
16483 the sequence (1) into ascending order and remove
16491 terms |→|¬Q|εn |πwithout destroying the addition
16497 chain property (2). |εFrom now on we shall consider
16506 only acending chains, |πwithout explicitly mentioning
16512 this assumption.|'!|4|4|4|4It is convenient at
16518 this point to de_ne a few special terms relating
16527 to addition chains. By de_nition we have, for
16535 |ε1|4|¬E|4i|4|¬E|4r,|'{A6}a|βi|4α=↓|4a|βj|4α+↓|4a|βk|J!(12)|
16536 ;{A6}|πfor some |εj |πand |εk, 0|4|¬E|4k|4|¬E|4j|4|¬W|4i.
16543 |πLet us say that step |εi |πof (11) |πis a |εdoubling,
16554 |πif |εj|4α=↓|4k|4α=↓|4i|4α_↓|41; |πthen |εa|βi
16558 |πhas the maximum possible value |ε2a|βi|βα_↓|β1
16564 |πwhich can follow the ascending chain |ε1, a|β1,|4.|4.|4.|4
16571 ,|4a|βi|βα_↓|β1. |πIf |εj |π(but not necessarily
16577 |εk) |πequals |εi|4α_↓|41, |πlet us say that
16584 step |εi |πis a |εstar step. |πThe importance
16592 of star steps is explained below. Finally let
16600 us say that step |εi |πis a |εsmall step |πif
16610 |ε|≤l(a|βi)|4α=↓|4|≤l(a|βi|βα_↓|β1). |πSince
16612 |εa|βi|βα_↓|β1|4|¬W|4a|βi|4|¬E|42a|βi|βα_↓|β1,
16613 |≤l(a|βi) |πis always equal to either |ε|≤l(a|βi|βα_↓|β1)
16620 |πor |ε|≤l(a|βi|βα_↓|β1)|4α+↓|41; |πit follows
16624 that, in any chain (11), |εthe length r is equal
16634 to |≤l(n) plus the number of small steps.|'|Hβ*?*?*?{U0}{H10L12
�folio 579 galley 18
16642 M29}58320#Computer Programming!(A.-W./Knuth)!ch.
16644 4!f. 579!g. 18B|'{A12}|π!|4|4|4|4Several elementary
16649 relations hold between these types of steps:
16656 Step 1 is always a doubling. A doubling obviously
16665 is a star step, but never a small step. A doubling
16676 must be followed by a star step. Furthermore
16684 if step |εi |πis |εnot |πa small step, then step
16694 |εi|4α+↓|41 |πis either a small step or a star
16703 step, or both; putting this another way, if step
16712 |εi|4α+↓|41 |πis neither small nor star, step
16719 |εi |πmust be small.|'!|4|4|4|4A |εstar chain
16726 |πis an addition chain which involves only star
16734 steps. This means that each term |εa|βi |πis
16742 the sum of |εa|βi|βα_↓|β1 |πand a previous |εa|βk;
16750 |πthe simple ``computer'' discussed above after
16756 Eq. (2) makes use only of the two operations
16765 |¬s|¬t|¬a and |¬a|¬d|¬d (no |¬l|¬d|¬a) in a star
16773 chain, since each new term of the sequence utilizes
16782 the preceding result in the accumulator. Most
16789 of the addition chains we have discussed so far
16798 are star chains. The minimum length of a star
16807 chain for |εn |πis denoted by |εl|≤⊂(n); |πclearly|'
16815 {A6}|εl(n)|4|¬E|4l|≤⊂(n).|J!(13)|;{A6}|π!|4|4|4|4We
16817 are now ready to derive some nontrivial facts
16825 about addition chains. First we can show that
16833 there must be fairly many doublings if |εr |πis
16842 not far from |ε|≤l(n):|'{A12}|π|≡T|≡h|≡e|≡o|≡r|≡e|≡m
16847 |≡A|≡.|9|4|εIf the addition chain (11) includes
16853 d doublings and f|4α=↓|4r|4α_↓|4d nondoublings,
16858 then|'{A6}n|4|¬E|42|gd|gα_↓|g1F|βf|βα+↓|β3.|J!(14)|;
16860 {A6}Proof.|9|4|πBy induction on |εr|4α=↓|4d|4α+↓|4f,
16864 |πwe see that (14) is certainly true when |εr|4α=↓|41.
16873 |πWhen |εr|4|¬Q|41, |πthere are three cases:
16879 If step |εr |πis a doubling, then |f1|d32|)|εn|4α=↓|4a|βr|βα
16886 _↓|β1|4|¬E|42|gd|gα_↓|g2F|βf|βα+↓|β3; |πhence
16888 (14) follows. If steps |εr |πand |εr|4α_↓|41
16895 |πare both nondoublings, then |εa|βr|βα_↓|β1|4|¬E|42|gd|gα_↓
16899 |g1F|βf|βα+↓|β2 |πand |εa|βr|βα_↓|β2|4|¬E|42|gd|gα_↓|g1F|βf|
16901 βα+↓|β1; |πhence |εn|4α=↓|4a|βr|4|¬E|4a|βr|βα_↓|β1|4α+↓|4a|β
16903 r|βα_↓|β2|4|¬E|42|gd|gα_↓|g1(F|βf|βα+↓|β2|4α+↓|4F|βf|βα+↓|β1
16903 )|4α=↓|42|gd|gα_↓|g1F|βf|βα+↓|β3 |πby the de_nition
16907 of the Fibonacci sequence. Finally, if step |εr
16915 |πis a nondoubling but step |εr|4α_↓|41 |πis
16922 a doubling, then |εa|βr|βα_↓|β2|4|¬E|42|gd|gα_↓|g2F|βf|βα+↓|
16925 β2 |πand |εn|4α=↓|4a|βr|4|¬E|4a|βr|βα_↓|β1|4α+↓|4a|βr|βα_↓|β
16927 2|4α=↓|43a|βr|βα_↓|β2. |πNow |ε2F|βf|βα+↓|β3|4α_↓|43F|βf|βα+
16929 ↓|β2|4α=↓|4F|βf|βα+↓|β1|4α_↓|4F|βf|4|¬R|40; |πhence
16931 |εn|4|¬E|42|gd|gα_↓|g1F|βf|βα+↓|β3 |πin all cases.|'
16935 {A12}!|4|4|4|4The method of proof we have used
16942 shows that inequality (14) is ``best possible''
16949 under the stated assumptions; for the addition
16956 chain|'{A6}|ε1,|42,|4.|4.|4.|4,|42|gd|gα_↓|g1,|42|gd|gα_↓|g1
16957 F|β3,|42|gd|gα_↓|g1F|β4,|4.|4.|4.|4,|42|gd|gα_↓|g1F|βf|βα+↓|
16957 β3|J!(15)|;{A6}|πhas |εd |πdoublings and |εf
16963 |πnondoublings.|'{A12}|≡C|≡o|≡r|≡o|≡l|≡l|≡a|≡r|≡y|≡.|9|4|εIf
16964 the addition chain (11) includes f nondoublings
16972 and s small steps, then|'{A6}s|4|¬E|4f|4|¬E|43.271s.|J!(16)|
16977 ;{A6}Proof.|9|4|πObviously |εs|4|¬E|4f. |πWe
16981 have |ε2|g|≤l|g(|gn|g)|4|¬E|4n|4|¬E|42|gd|gα_↓|g1F|βf|βα+↓|β
16982 3|4|¬E|42|gd|≤f|gf|4α=↓|42|ur|≤l(n)α+↓s|)|)(|≤f/2)|gt,
16983 |πsince |εd|4α+↓|4f|4α=↓|4|≤l(n)|4α+↓|4s, |πand
16986 since |εF|βf|βα+↓|β3|4|¬E|42|≤f|gf |πwhen |εf|4|¬R|40.
16990 |πHence |ε0|4|¬E|4s|4|πln|42|4α+↓|4f|4|πln(|ε|≤f/2),
16992 |πand (16) follows from the fact that|'{A6}ln|42/ln(2/|ε|≤f)
16999 |4|¬V|43.2706.|;{A12}|π|≡V|≡a|≡l|≡u|≡e|≡s |≡o|≡f
17002 |ε|≡l|≡(|≡n|≡) |π|≡f|≡o|≡r |≡s|≡p|≡e|≡c|≡i|≡a|≡l
17005 |ε|≡n|≡.|9|4|πIt is easy to show by induction
17012 that |εa|βi|4|¬E|42|gi, |πand therefore lg|4|εn|4|¬E|4r
17017 |πin any addition chain (11). Hence|'{A6}|εl(n)|4|¬R|4|"p|πl
17023 g|4|εn|"P.|J!(17)|;{A6}|πThis lower bound, together
17028 with the upper bound (10) given by the binary
17037 method, gives us the values|'{A6}|h|εl(2|gA|4α+↓|42|gB)|4|∂α
17042 =↓|4A|4α⊗↓|41,!!|πif!!|εA|4α⊗↓|4B.|E|n|;| l(2|gA)|4|Lα=↓|4A;
17043 |J!(18)>{A4}| l(2|gA|4α+↓|42|gB)|4|Lα=↓|4A|4α+↓|41,!!|πif!!|
17044 εA|4|¬Q|4B.|J!(19)>{A6}|πThus when |ε|≤n(n)|4|¬E|42,
17048 |πthe binary method is opetimal. With some further
17056 calculation we can extend these formulas to the
17064 case |ε|≤n(n)|4α=↓|43:|'{A12}|π|≡T|≡h|≡e|≡o|≡r|≡e|≡m
17067 |≡B|≡.|'{A6}|εl(2|gA|4α+↓|42|gB|4α+↓|42|gC)|4α=↓|4A|4α+↓|42,
17068 !!|πif!!|εA|4|¬Q|4B|4|¬Q|4C.|J!(20)|;{A6}Proof.|9|4|πWe
17070 can, in fact, prove a stronger result which which
17079 will be of use to us later in this section: |εAll
17090 addition chains with exactly one small step have
17098 one of the following six types |π(where all steps
17107 indicated by ``|¬O|4|¬O|4|¬O'' represent doublings):|'
17112 {A6}{I3.4H}!|4|4|4|4|π|≡T|≡y|≡p|≡e|4|1|1|≡1|≡.|9|41,|4|¬O|4|
17112 ¬O|4|¬O|4,|42|g|εA,|42|gA|4α+↓|42|gB,|4|¬O|4|¬O|4|¬O|4,|42|g
17112 A|gα+↓|gC|4α+↓|42|gB|gα+↓|gC; A|4|¬Q|4B|4|¬R|40,
17114 C|4|¬R|40.|'!|4|4|4|4|π|≡T|≡y|≡p|≡e|4|1|1|≡2|≡.|9|41,|4|¬O|4
17115 |¬O|4|¬O|4,|42|ε|gA, 2|gA|4α+↓|42|gB, 2|gA|gα+↓|g1|4α+↓|42|g
17117 B,|4|¬O|4|¬O|4|¬O|4,|42|gA|gα+↓|gC|gα+↓|g1|4α+↓|42|gB|gα+↓|g
17117 C; A|4|¬Q|4B|4|¬R|40, C|4|¬R|40.|'{A2}|π|≡T|≡y|≡p|≡e|4|1|1|≡
17120 3|≡.|9|41,|4|¬O|4|¬O|4|¬O|4,|42|ε|gA, 2|gA|4α+↓|42|gA|gα_↓|g
17121 1, 2|gA|gα+↓|g1|4α+↓|42|gA|gα_↓|g1, 2|gA|gα+↓|g2,|4|¬O↓|¬O|4
17123 |¬O|4,|42|gA|gα+↓|gC; A|4|¬Q|40, C|4|¬R|42.|'
17126 {A2}|π|≡T|≡y|≡p|≡e|4|1|1|≡3|≡.|9|41,|4|¬O|4|¬O|4|¬O|4,|4|ε2|
17126 gA, 2|gA|4α+↓|42|gA|gα_↓|g1, 2|gA|gα+↓|g1|4α+↓|42|gA,
17129 2|gA|gα+↓|g2,|4|¬O|4|¬O|4|¬O|4,|42|gA|gα+↓|gC;
17130 A|4|¬Q|40, C|4|¬R|42.|'{A2}|π|≡T|≡y|≡p|≡e|4|1|1|≡5|≡.|9|41,|
17132 4|¬O|4|¬O|4|¬O|4,|42|ε|gA, 2|gA|4α+↓|42|gA|gα_↓|g1,|4|¬O|4|¬
17133 O|4|¬O|4,|42|gA|gα+↓|gC|4α+↓|42|gA|gα+↓|gC|gα_↓|g1,
17134 2|gA|gα+↓|gC|gα+↓|g1|4α+↓|42|gA|gα+↓|gC|gα_↓|g2,|4|¬O|4|¬O|4
17134 |¬O|4,|42|gA|gα+↓|gC|gα+↓|gD|gα+↓|g1|4α+↓|42|gA|gα+↓|gC|gα+↓
17134 |gD|gα_↓|g2; A|4|¬Q|40, C|4|¬Q|40, D|4|¬R|40.|'
17138 {A2}|π|≡T|≡y|≡p|≡e|4|1|1|≡6|≡.|9|41,|4|¬O|4|¬O|4|¬O|4,|42|ε|
17138 gA, 2|gA|4α+↓|42|gB, 2|gA|gα+↓|g1,|4|¬O|4|¬O|4|¬O|4,|42|gA|g
17140 α+↓|gC; A|4|¬Q|4B|4|¬R|40, C|4|¬R|41.|'{A12}{IC}|π!|4|4|4|4A
17143 straightforward hand calculation shows that
17149 these six types exhaust all possibilities. (Note
17156 that, by the corollary to Theorem A, there are
17165 at most three nondoublings when there is one
17173 small step; this maximum of three is attained
17181 only in sequences of type 3. All of the above
17191 are star chains, except type 6 when |εB|4|¬W|4A|4α_↓|41.)|'
17199 |π!|4|4|4|4The theorem now follows from the observation
17206 that |εl(2|gA|4α+↓|42|gB|4α+↓|42|gC)|4|¬E|4A|4α+↓|42;
17208 |πand it must be greater than |εA|4α+↓|41 |πsince
17216 none of the six possible types have |ε|≤n(n)|4|¬Q|42.|'
17224 !|4|4|4|4(E. de Jonqui|=2eres had stated without
17230 proof in 1894 that |εl(n)|4|¬R|4|≤l(n)|4α+↓|42
17235 |πwhen |ε|≤n(n)|4|¬Q|42; |πthe _rst published
17240 demonstration of Theorem B was by A. A. Gioia,
17249 M. V. Subbarao, and M. Sugunumma in |εDuke Math.
17258 J. |≡2|≡9 (1962), 481<487.)|'|π!|4|4|4|4The calculation
17264 of |εl(2|gA|4α+↓|42|gB|4α+↓|42|gC|4α+↓|42|gD),
17266 |πwhen |εA|4|¬Q|4B|4|¬Q|4C|4|¬Q|4D, |πis more
17270 involved; by the binary method it is at most
17279 |εA|4α+↓|43, |πand by the proof of Theorem B
17287 it is at least |εA|4α+↓|42. |πThe value |εA|4α+↓|42
17295 |πis possible, since we know that the binary
17303 method is not optimal when |εn|4α=↓|415 |πor
17310 |εn|4α=↓|423. |πThe complere behavior when |ε|≤n(n)|4α=↓|44
17316 |πcan be determined, as we shall now see.|'{A12}|≡T|≡h|≡e|≡o
17324 |≡r|≡e|≡m |≡C|≡.|9|4|εIf |≤n(n)|4|¬R|44 then
17328 l(n)|4|¬R|4|≤l(n)|4α+↓|43, except in the following
17333 circumstances when A|4|¬Q|4B|4|¬Q|4C|4|¬Q|4D
17336 and l(2|gA|4α+↓|42|gB|4α+↓|42|gC|4α+↓|42|gD)
17338 equals A|4α+↓|42:|'{A6}!|4|4|4|4Case |*/|↔O.|9|4|\A|4α_↓|4B|4
17341 α=↓|4C|4α_↓|4D. (|πExample: |εn|4α=↓|415.)|'!|4|4|4|4Case
17345 |*/|↔P.|9|4|\A|4α_↓|4B|4α=↓|4C|4α_↓|4D|4α+↓|41.
17346 |π(Example: |εn|4α=↓|423.)|'!|4|4|4|4Case |*/|↔L.|9|4|\A|4α_↓
17349 |4B|4α=↓|43, C|4α_↓|4D|4α=↓|41. |π(Example: |εn|4α=↓|439.)|'
17353 !|4|4|4|4Case |*/|↔M.|9|4|\A|4α_↓|4B|4α=↓|45,
17355 B|4α_↓|4C|4α=↓|4C|4α_↓|4D|4α=↓|41. |π(Example:
17357 |εn|4α=↓|4135.)|'{A6}Proof.|9|4|πWhen |εl(n)|4α=↓|4|≤l(n)|4α
17359 +↓|42, |πthere is an addition chain for |εn |πhaving
17368 just two small steps; such an addition chain
17376 starts out as one of the six types in the proof
17387 of Theorem B, followed by a small step, followed
17396 by a sequence of nonsmall steps. Let us say that
17406 |εn |πis ``special'' if |εn|4α=↓|42|gA|4α+↓|42|gB|4α+↓|42|gC
17410 |4α+↓|42|gD |πfor one of the four cases listed
17418 in the theorem. We can obtain addition chains
17426 of the required form for each special |εn, |πas
17435 shown in exercise 13; therefore it remains for
17443 us to prove that no chain with exactly two small
17453 steps contains any elements with |ε|≤n(a|βi)|4|¬R|44
17459 |πexcept when |εa|βi |πis special.|'!|4|4|4|4Let
17465 a ``counterexample chain'' be an addition chain
17472 with two small steps such that |ε|≤n(a|βr)|4|¬R|44,
17479 |πbut |εa|βr |πis not special. If counterexample
17486 chains exist, let |ε1|4α=↓|4a|β0|4|¬W|4a|β1|4|¬W|1|1|¬O|4|¬O
17489 |4|¬O|1|1|¬W|4a|βr|4α=↓|4n |πbe a counterexample
17493 chain of shortest possible length. Then step
17500 |εr |πis not a small step, since none of the
17510 six types in the proof of Theorem B can be followed
17521 by a small step with |ε|≤n(n)|4|¬R|44 |πexcept
17528 when |εn |πis special. Furthermore, step |εr
17535 |πis not a doubling, otherwise |βa|β0,|4.|4.|4.|4,|4|εa|βr|β
17540 α_↓|β1 |πwould be a shorter counterexample chain;
17547 and step |εr |πis a star step, otherwise |εa|β0,|4.|4.|4.|4,
17555 |4a|βr|βα_↓|β2, a|βr |πwould be a shorter counterexample
17562 chain. Thus|'|ε{A6}a|βr|4α=↓|4a|βr|βα_↓|β1|4α+↓|4a|βr|βα_↓|β
17564 k,!!|πand!!|ε|≤l(a|βr)|4α=↓|4|≤l(a|βr|βα_↓|β1)|4α+↓|41.|J!(2
17564 1)|;|Hβ*?*?*?{U0}{H10L12M29}58320#Computer Programming!(A.-W./K
�folio 584 galley 19
17566 nuth)!ch. 4!f. 584!g. 19B|'{A12}|π!|4|4|4|4Let
17571 |εc |πbe the number of carries which occur when
17580 |εa|βr|βα_↓|β1 |πis added to |εa|βr|βα_↓|βk |πin
17586 the binary number system by algorithm 4.3.1A.
17593 Then we have the fundamental relation|'{A6}|ε|≤n(a|βr)|4α=↓|
17599 4|≤n(a|βr|βα_↓|β1)|4α+↓|4|≤n(a|βr|βα_↓|βk)|4α_↓|4c.|J!(22)|;
17600 {A6}|πWe can now prove that |εstep r|4α_↓|41
17607 is not a small step (|πsee exercise 14).|'!|4|4|4|4Let
17616 |εm|4α=↓|4|≤l(a|βr|βα_↓|β1). |πSince neither
17619 |εr |πnor |εr|4α_↓|41 |πis a small step, |εc|4|¬R|42;
17627 |πand |εc|4α=↓|42 |πcan hold only when |εa|βr|βα_↓|β1|4|¬R|4
17633 2|gm|4α+↓|42|gm|gα_↓|g1.|'|π!|4|4|4|4Now let
17636 us suppose that |εr|4α_↓|41 |πis not a star step;
17645 then |εr|4α_↓|42 |πis a small step, and |εa|β0,|4.|4.|4.|4,|
17652 4a|βr|βα_↓|β3, a|βr|βα_↓|β1 |πis a chain with
17658 only one small step;→ hence |ε|≤n(a|βr|βα_↓|β1)|4|¬E|42
17664 |πand |ε|≤n(a|βr|βα_↓|β2)|4|¬E|44. |πThe relation
17668 (22) can now hold only if |ε|≤n(a|βr)|4α=↓|44,
17675 |≤n(a|βr|βα_↓|β1)|4α=↓|42, k|4α=↓|42, c|4α=↓|42,
17678 |≤n(a|βr|βα_↓|β2)|4α=↓|44. |πFrom |εc|4α=↓|42
17681 |πwe conclude that |εa|βr|βα_↓|β1|4α=↓|42|gm|4α+↓|42|gm|gα_↓
17684 |g1; |πhence |εa|β0, a|β1,|4.|4.|4.|4,|4a|βr|βα_↓|β3|4α=↓|42
17687 |gm|gα_↓|g1|4α+↓|42|gm|gα_↓|g2 |πis an addition
17691 chain with only one small step, and it must be
17701 of Type 1 so |εa|βr |πbelongs to Case 3. Thus
17711 |εr|4α_↓|41 |πis a star step.|'|π!|4|4|4|4Now
17717 assume that |εa|βr|βα_↓|β1|4α=↓|42|gta|βr|βα_↓|βk
17720 |πfor some |εt. |πIf |ε|≤n(a|βr|βα_↓|β1)|4|¬E|43,
17725 |πthen by (22), |εc|4α=↓|42, k|4α=↓|42, |πand
17731 we see that |εa|βr |πmust belong to Case 3. If
17741 |ε|≤n(a|βr|βα_↓|β1)|4α=↓|44 |πthen |εa|βr|βα_↓|β1
17744 |πis special, and it is easy to see by considering
17754 each case that |εa|βr |πalso belongs to one of
17763 the four cases. (Case 4 arises, for example,
17771 when |εa|βr|βα_↓|β1|4α=↓|490, a|βr|βα_↓|βk|4α=↓|445;
17774 |πor |εa|βr|βα_↓|β1|4α=↓|4120, a|βr|βα_↓|βk|4α=↓|415.)
17777 |πTherefore we may conclude that |εa|βr|βα_↓|β1|4|=|↔6α=↓|42
17782 |gta|βr|βα_↓|βk |πfor any |εt.|'|π!|4|4|4|4Let
17787 us now suppose that |ε|≤l(a|βr|βα_↓|βk)|4α=↓|4m|4α_↓1;
17792 |πthe case |ε|≤l(a|βr|βα_↓|βk)|4|¬W|4m|4α_↓|41
17795 |πmay be ruled out by similar arguments, as shown
17804 in exercise 14. If |εk|4α=↓|44, |πboth |εr|4α_↓|42
17811 |πand |εr|4α_↓|43 |πare small steps; hence |εa|βr|βα_↓|β4|4α
17817 =↓|42|gm|gα_↓|g1, |πand (22) is impossible. Therefore
17823 |εk|4α=↓|43; |πstep |εr|4α_↓|42 |πis small, |ε|≤n(a|βr|βα_↓|
17828 β3)|4α=↓|42, c|4α=↓|42, a|βr|βα_↓|β1|4|¬R|42|gm|4α+↓|42|gm|g
17830 α_↓|g1, |πand |ε|≤n(a|βr|βα_↓|β1)|4α=↓|44. |πThere
17834 must be at least two carries when |εa|βr|βα_↓|β2
17842 |πis added to |εa|βr|βα_↓|β1|4α_↓|4a|βr|βα_↓|β2;
17846 |πhence |ε|≤n(a|βr|βα_↓|β2)|4α=↓|44, |πand |εa|βr|βα_↓|β2
17850 (|πbeing special and |ε|¬R|f1|d32|)a|βr|βα_↓|β1)
17854 |πhas the form |ε2|gm|gα_↓|g1|4α+↓|42|gm|gα_↓|g2|4α+↓|42|gd|
17857 gα+↓|g1|4α+↓|42|gd|gα+↓|g1|4α+↓|42|gd |πfor some
17860 |εd. |πNow |εa|βr|βα_↓|β1 |πis either |ε2|gm|4α+↓|42|gm|gα+↓
17865 |g1|4α+↓|42|gd|gα+↓|g1|4α+↓|42|gd |πor |ε2|gm|4α+↓|42|gm|gα_
17867 ↓|g1|4α+↓|42|gd|gα+↓|g2|4α+↓|42|gd|gα+↓|g1, |πand
17869 in both cases |εa|βr|βα_↓|β3 |πmust be |ε2|gm|gα_↓|g1|4α+↓|4
17875 2|gm|gα_↓|g2, |πso |εa|βr |πbelongs to Case 3.|'
17882 !|4|4|4|4E. G. Thurber [|εPaci⊂c J. Math. |≡4|≡9
17889 (1973), 229<242] |πhas extended Theorem C to
17896 show that |εl(n)|4|¬R|4|≤l(n)|4α+↓|44 |πwhen
17900 |ε|≤n(n)|4|¬Q|48, |πand it seems reasonable to
17906 conjecture that |εl(n)|4|¬R|4|≤l(n)|4α+↓|4|πlg|4|ε|≤n(n)
17909 |πin general, since A. Sch|=4onhage has come
17916 very close to proving this (see exercise 29).|'
17924 |T{A12}|≡A|≡a|≡y|≡m|≡p|≡t|≡o|≡t|≡i|≡c |≡v|≡a|≡l|≡u|≡e|≡s|≡.|
17925 9|4Theorem C indicates that it is probably quite
17933 di∃cult to get exact values of |εl(n) |πfor large
17942 |εn, |πwhen |ε|≤n(n)|4|¬Q|44; |πhowever, we can
17948 determine the approximate behavior in the limit
17955 as |εn|4|¬L|4|¬X.|'|π|≡T|≡h|≡e|≡o|≡r|≡e|≡m |≡D
17959 (A. Brauer, |εBull. Amer. Math. Soc. |≡4|≡5 (1939),
17967 736<739).|'{A6}|π|uwlim|uc|)|εn|¬M|¬X|)|4l|≤⊂(n)/|≤l(n)|4α=↓
17968 |4|π|uwlim|uc|)|εn|¬M|¬X|)|4l(n)/|≤l(n)|4α=↓|41.|J!(23)|;
17969 {A6}Proof.|9|4|πThe addition chain (4) for the
17975 |ε2|gk-ary |πmethod is a star chain if we delete
17984 the second occurrence of any element which appears
17992 twice in the chain; for if |εa|βi |πis the _rst
18002 element among |ε2d|β0, 4d|β0,|4.|4.|4. |πof the
18008 second line which is not present in the _rst
18017 line, we have |εa|βi|4|¬E|42(m|4α_↓|41); |πhence
18022 |εa|βi|4α=↓|4(m|4α_↓|41)|4α+↓|4a|βj |πfor some
18025 |εa|βj |πin the _rst line. By totaling up the
18034 length of the chain, we therefore have|'{A6}|ε|≤l(n)|4|¬E|4l
18041 (n)|4|¬E|4l|≤⊂(n)|4|¬W|4|↔a1|4α+↓|4|(1|d2k|)|↔s|4|πlg|4|εn|4
18041 α+↓|42|gk|J!(24)|;{A6}|πfor all |εk|4|¬R|41.
18045 |πThe theorem follows if we choose, say, |εk|4α=↓|4|"l|f1|d3
18052 2|)|4|πlg|4|ε|≤l(n)|"L.|;|πThe second term |ε|≤l(n)/|≤l|≤l(n
18056 ) |πis essentially the best that can be obtained
18065 from (24). A much deeper analysis of lower bounds
18074 can be carried out, to show this term |ε|≤l(n)/|≤l|≤l(n)
18083 |πis, in fact, essential in (25). In order to
18092 see why this is so, let us consider the following
18102 fact:|'{A12}|≡T|≡h|≡e|≡o|≡r|≡e|≡m |≡E (Paul Erd|=4os,
18107 |εActa Arithmetica |≡6 (1960), 77<81). Let |≤e
18114 be a positive real number. The number of addition
18123 chains (11) such that|'{A6}|≤l(n)|4α=↓|4m,!!r|4|¬E|4m|4α+↓|4
18127 (1|4α_↓|4|≤e)m/|≤l(m)|J!(26)|;{A6}is less than
18131 |≤a|gm, for some |≤a|4|¬W|42, for all suitably
18138 large m. (|πIn other words, the number of addition
18147 chains which are so short that (26) is satis_ed
18156 is substatially less than the number of values
18164 of |εn |πsuch that |ε|≤l(n)|4α=↓|4m, |πwhen |εm
18171 |πis large.)|'{A12}|εProof.|9|4|πWe want to estimate
18177 the number of possible addition chains, and for
18185 this purpose our _rst goal is to get an improvement
18195 of Theorem A which enables us to deal more satisfactorily
18205 with nondoublings:|'{A12}|≡L|≡e|≡m|≡m|≡a |≡A|≡.|9|4|εLet
18209 |≤d|4|¬W|4{U20}2|)|4α_↓|41 be a ⊂xed positive
18214 real number. Call step i of an addition chain
18223 a ``ministep'' if a|βi|4|¬W|4a|βj(1|4α+↓|4|≤d)|gi|gα_↓|gj
18227 for some j, 0|4|¬E|4j|4|¬W|4i. If the addition
18234 chain contains s small steps and t ministeps,
18242 then|'{A6}t|4|¬E|4s/(1|4α_↓|4|≤u),!!|πwhere!!|ε(1|4α+↓|4|≤d)
18243 |g2|4α=↓|42|g|≤u.|J!(27)|;{A6}Proof.|9|4|πFor
18245 each ministep |εi|βk, 1|4|¬E|4k|4|¬E|4t, |πwe
18250 have |εa|βi|mk|4|¬W|4a|βj|mk(1|4α+↓|4|≤d)|gi|rk|gα_↓|gj|rk
18252 |πfor some |εj|βk|4|¬W|4i|βk. |πLet |εI|β1,|4.|4.|4.|4,|4I|β
18256 t |πbe the intervals (|εj|β1,|4i|β1],|4.|4.|4.|4,|4(j|βt,|4i
18260 |βt], |πwhere the notation |ε(j,|4i] |πstands
18266 for the set of all integers |εk |πsuch that |εj|4|¬W|4k|4|¬E
18275 |4i. |πIt is possible (see exercise 17) to _nd
18284 nonoverlapping intervals |εJ|β1,|4.|4.|4.|4,|4J|βh|4α=↓|4(j|
18286 ur|↔0|)1|),|4i|ur|↔0|)1|)],|4.|4.|4.|4,|4(j|ur|↔0|)h|),|4i|u
18286 r|↔0|)h|)] |πsuch that|'{A6}!|εI|β1|4|↔q|4|¬O|4|¬O|4|¬O|4|↔q
18289 |4I|βt|4α=↓|4J|β1|4|↔q|4|¬O|4|¬O|4|¬O|4|↔q|4J|βh,|'
18290 {A2}a|βi|=|mk|l|¬S|4|¬W|4a|βj|=|mk|l|¬S(1|4α+↓|4|≤d)|ur2(i|=
18290 |βk|g|¬Sα_↓j|=|βk|g|¬S)|)|),!!|πfor!!|ε1|4|¬E|4k|4|¬E|4h.!(2
18290 8)|?{A6}|πNow for all steps |εi |πoutside of
18298 the intervals |εJ|β1,|4.|4.|4.|4,|4J|βh |πwe
18302 have |εa|βi|4|¬E|42a|βi|βα_↓|β1; |πhence if|'
18306 {A6}|εq|4α=↓|4(i|ur|↔0|)1|)|4α_↓|4j|ur|↔0|)1|))|4α+↓|4|1|1|¬
18306 O|4|¬O|4|¬O|1|1α+↓|4(i|ur|↔0|)h|)|4α_↓|4j|ur|↔0|)h|))|;
18307 {A6}|πwe have|'{A6}|ε2|g|≤l|g(|gn|g)|4|¬E|4n|4|¬E|42|gr|gα_↓
18309 |gq(1|4α+↓|4|≤d)|g2|gq|4α=↓|42|ur|≤l(n)α+↓sα_↓(1α_↓|≤u)q|)|)
18309 |4|¬E|42|ur|≤l(n)α+↓sα_↓(1α_↓|≤u)t|)|).|;{A12}|π!|4|4|4|4Ret
18310 urning to the proof of Theorem E, let us choose
18320 |ε|≤d|4α=↓|42|g|≤e|g/|g4|4α_↓|41, |πand let us
18324 divide the |εr |πsteps of each addition into
18332 three classes:|'{A6}|εt|4|πministeps,!!|εu|4|πdoublings,!!an
18334 d |εv |πother steps,!!|εt|4α+↓|4u|4α+↓|4v|4α=↓|4r.|J!(29)|;
18338 {A6}|πCounting another way, we have |εs |πsmall
18345 steps, where |εs|4α+↓|4m|4α=↓|4r. |πBy the hypotheses,
18351 Theorem A, and Lemma P, we obtain the relations|'
18360 {A6}|εt|4|¬E|4s/(1|4α_↓|4|≤e/2),!!t|4α+↓|4v|4|¬E|43.271s,!!s
18360 |4|¬E|4(1|4α_↓|4|≤e)m/|≤l(m).|J!(30)|;{A6}|π!|4|4|4|4Given
18362 |εs, t, u, v |πsatisfying these conditions, there
18370 are at most|'{A6}|ε|↔a|(r|d5t|4α+↓|4v|)|↔s|↔a|(t|4α+↓|4v|d5v
18373 |)|↔s|J!(31)|;{A6}|πw¬*?*?*?*?long to which class.
18378 Given such a distribution of the steps, let us
18387 consider how the non-ministeps can be selected:
18394 If step |εi |πis one of the ``other'' steps in
18404 (29), |εa|βi|4|¬R|4(1|4α+↓|4|≤d)a|βi|βα_↓|β1,
18406 |πso |εa|βi|4α=↓|4a|βj|4α+↓|4a|βk, |πwhere |ε|≤da|βi|βα_↓|β1
18409 |4|¬E|4a|βk|4|¬E|4a|βj|4|¬E|4a|βi|βα_↓|β1. |πAlso
18411 |εa|βj|4|¬E|4a|βi/(1|4α+↓|4|≤d)|gi|gα_↓|gj|4|¬E|42a|βi|βα_↓|
18411 β1/(1|4α+↓|4|≤d)|gi|gα_↓|gj, |πso |ε|≤d|4|¬E|42/(1|4α+↓|4|≤d
18413 )|gi|gα_↓|gj. |πThis gives at most |ε|≤b |πchoices
18420 for |εj, |πwhere |ε|≤b |πis a constant that depends
18429 only on |ε|≤d. |πThere are also at most |ε|≤b
18438 |πchoices for |εk, |πso the number of ways to
18447 asign |εj |πand |εk |πfor each of the non-ministeps
18456 is at most|'{A6}|ε|≤b|g2|gv.|J!(32)|;|H{U0}{H10L12M29}58320#
�folio 587 galley 20
18460 Computer Programming!(A.-W./Knuth)!ch. 4!f. 587!g.
18464 20B|'{A12}|π!|4|4|4|4Finally, once the ``|εj''
18469 |πand ``|εk'' |πhave been selected for each of
18477 the non-ministeps, there are less than|'{A6}|ε|↔a|(r|g2|d5t|
18483 )|↔s|J!(33)|;{A6}|πways to choose the |εj |πand
18490 the |εk |πfor the ministeps: We select |εt |πdistinct
18499 pairs |ε(j|β1,|4k|β1),|4.|4.|4.|4,|4(j|βt,|4k|βt)
18501 |πof indices in the range |ε0|4|¬E|4k|βh|4|¬E|4j|βh|4|¬W|4r,
18506 |πin less than (33) ways. Then for each ministep
18516 |εi, |πin turn, we use a pair of indices |ε(j|βh,|4k|βh)
18526 |πsuch that|'{A6}|ε!|4|4|4|4a)|9|1j|βh|4|¬W|4i;|'
18529 !|4|4|4|4b)|9a|βj|mh|4α+↓|4a|βk|mh |πis as small
18533 as possible among the pairs not already used
18541 for>!!!|4|1smaller|4|1|1ministeps|4|1|εi;|'!|4|4|4|4c)|9|1|1
18543 |εa|βi|4α=↓|4a|βj|mh|4α+↓|4a|βk|mh |πsatis_es
18545 the de_nition of ministep.|'{A6}If no such pair
18553 |ε(j|βh,|4k|βh) |πexists, we get no addition
18559 chain; on the other hand, any addition chain
18567 with ministeps in the designated places must
18574 be selected in one of these ways, so (33) is
18584 an upper bound on the possibilities.|'!|4|4|4|4Thus
18591 the total number of possible addition chains
18598 satisfying (26) is bounded by (31) times (32)
18606 times (33), summed over all relevant |εs, t,
18614 u, |πand |εv. |πThe proof of Theorem E can now
18624 be completed by means of a rather standard estimation
18633 of these functions (exercise 18).|'{A12}|≡C|≡o|≡r|≡o|≡l|≡l|≡
18638 a|≡r|≡y|≡.|9|4|εl(n) is asymptotically |≤l(n)|4α+↓|4|≤l(n)/|
18641 ≤l|≤l(n), for almost all n. More precisely, there
18649 is a function f|1(n) such that f|1(n)|4|¬M|40
18656 as n|4|¬M|4|¬X, and|'{A6}|πPr|4{H12}({H10}|¬G|εl(n)|4α_↓|4|≤
18659 l(n)|4α_↓|4|≤l(n)/|≤l|≤l(n)|¬G|4|¬R|4f|1(n)|≤l(n)/|≤l|≤l(n){
18659 H12}){H10}|4α=↓|40.|J!(34)|;{A6}|π(See Section
18662 3.5 for this de_nition of the probability ``Pr''.)|'
18670 {A12}|εProof.|9|4|πThe upper bound (25) shows
18675 that (34) holds without the absolute value signs.
18683 The lower bound comes from Theorem E, if we let
18693 |εf|1(n) |πdecrease to zero slowly enough so
18700 that, when |εf|1(n)|4|¬E|4|≤o, |πthe value |εN
18706 |πis so large that at most |ε|≤oN |πvalues |εn|4|¬E|4N
18715 |πhave |εl(n)|4|¬E|4|≤l(n)|4α+↓|4(1|4α_↓|4|≤o)|≤l(n)/|≤l|≤l(
18716 n).|'{A12}|π|≡S|≡t|≡a|≡r |≡c|≡h|≡a|≡i|≡n|≡s|≡.|9|4Optimistic
18718 peiple _nd it reasonable to suppose that |εl(n)|4α=↓|4l|≤⊂(
18726 n); |πgiven an addition chain of minimal length
18734 |εl(n), |πit appears hard to believe that we
18742 cannot _nd one of the same length which satis_es
18751 the (apparently mild) star condition. But in
18758 1958 Walter Hansen proved the remarkable theorem
18765 that, for certain large values of |εn,|4l(n)
18772 |πis de_nitely less than |εl|≤⊂(n), |πand he
18779 also proved several related theorems which we
18786 will now investigate.|'!|4|4|4|4Hansen's theorems
18791 begin with an investigation of the detailed structure
18799 of a star chain. This structure iis*?*?!|4|4|4|4Hansen's
18806 theorems begin with an investigation of the detailed
18814 structure of a star chain. This structure is
18822 given in terms of other sequences and sets constructed
18831 from the given chain. Let |εn|4α=↓|42|ge|r0|4α+↓|42|ge|r1|4α
18836 +↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|42|ge|rt,|4e|β0|4|¬Q|4e|β1|4|¬Q|1
18836 |1|¬O|4|¬O|4|¬O|1|1|¬Q|4e|βt|4|¬R|40, |πand let
18839 1|4α=↓|4|εa|β0|4|¬W|4a|β1|4|¬W|1|1|¬O|4|¬O|4|¬O|1|1|¬W|4a|βr
18839 |4α=↓|4n |πbe a star chain for |εn. If there
18848 are |εd |πdoublings in this chain, we de_ne the
18857 auxiliary sequence|'{A6}|ε0|4α=↓|4d|β0|4|¬E|4d|β1|4|¬E|4d|β2
18859 |4|¬E|1|1|¬O|4|¬O|4|¬O|1|1|¬E|4d|βr|4α=↓|4d|J!(35)|;
18860 {A6}|πwhere |εd|βi |πis the number of doublings
18867 among steps |ε1,|42,|4.|4.|4.|4,|4i. |πWe also
18872 de_ne a sequence of ``multisets'' |εS|β0, S|β1,|4.|4.|4.|4,|
18878 4S|βr, |πwhich keep track of the powers of 2
18887 present in the chain. (A |εmultiset |πis a mathematical
18896 entity which is like a set but it is allowed
18906 to contain repeated elements; an object may be
18914 an element of a multiset several times, and its
18923 multiplicity of occurrences is relevant. See
18929 exercise 19 for familiar examples of multisets.)
18936 |εS|βi |πis de_ned by the rules|'{A6}!|4|4|4|4a)|9|1|εS|β0|4
18942 α=↓|40;|'!|4|4|4|4|πb)|9If |εa|βi|βα+↓|β1|4α=↓|42a|βi,
18945 |πthen |εS|βi|βα+↓|β1|4α=↓|4|¬Tx|4|¬G|4x|4α_↓|41|4|¬A|4S|βi|
18946 ¬Y;|'!|4|4|4|4|πc)|9|1|1If |εa|βi|βα+↓|β1|4α=↓|4a|βi|4α+↓|4a
18948 |βk, k|4|¬W|4i, |πthen |εS|βi|βα+↓|β1|4α=↓|4S|βi|4|↔q|4S|βk.
18951 |'{A6}|π(The symbol |↔q means that the multisets
18959 are combined, adding the multiplicities.) From
18965 this de_nition it follows that|'{A6}|εa|βi|4α=↓|4|↔k|uc|)x|¬
18970 AS|βi|)|42|gx,|J!(36)|;{A6}|πwhere the terms
18974 in this sum are not necessarily distinct, and
18982 in particular|'{A6}|εn|4α=↓|42|ge|r0|4α+↓|42|ge|r1|4α+↓|1|1|
18984 ¬O|4|¬O|4|¬O|1|1α+↓|42|ge|rt|4α=↓|4|↔k|uc|)x|¬AS|βr|)|42|gx.
18984 |J!(37)|;{A6}|πThe number of elements in the
18991 latter sum is at most 2|ε|gf, |πwhere |εf|4α=↓|4r|4α_↓|4d
18999 |πis the number of nondoublings.|'!|4|4|4|4Since
19005 |εn |πhas two di∪erent binary representations
19011 in (37), we can partition the multiset |εS|βr
19019 |πinto multisets |εM|β0, M|β1,|4.|4.|4.|4,|4M|βt
19023 |πsuch that|'{A6}|ε2|ge|rj|4α=↓|4|↔kk*?*?*?*?{A6}|ε2|ge|rj|4α=↓|
19025 4|↔k|uc|)x|¬AM|βj|)|42|gx,!!0|4|¬E|4j|4|¬E|4t.|J!(38)|;
19026 {A6}|πThis can be done by arranging the elements
19034 of |εS|βr |πinto nondecreasing order |εx|β1|4|¬E|4x|β2|4|¬E|
19039 1|1|¬O|4|¬O|4|¬O|4, |πtaking |εM|βt|4α=↓|4|¬Tx|β1,|4x|β2,|4.
19041 |4.|4.|4,|4x|βk|¬Y |πwhere |ε2|gx|r1|4α+↓|1|1|¬O|4|¬O|4|¬O|1
19043 |1α+↓|42|gx|rk|4α=↓|42|ge|rt. |πThis must be
19047 possible since |εe|βt |πis the smallest of the
19055 |εe'|πs. Similarly, |εM|βt|βα_↓|β1|4α=↓|4|¬Tx|βk|βα+↓|β1,
19058 x|βk|βα+↓|β2,|4.|4.|4.|4,|4x|βk|β|¬S|¬Y, |πand
19060 so on; the process iseasily visualized in binary
19068 notation.|'!|4|4|4|4Let |εM|βj |πcontain |εm|βj
19073 |πelements (counting multiplicities); then |εm|βj|4|¬E|42|gf
19077 |4α_↓|4t, |πsince |εS|βr |πhas at most |ε2|gf
19084 |πelements and it has been partitioned into |ε(t|4α+↓|41)
19092 |πnonempty multisets. By Eq. (38), we can sees
19100 *?*?{A6}|→α_↓m|βv|4|¬W|4(e|βj|4α_↓|4e|βv)|4α_↓|4(d|βu|4α_↓|4d|
19100 βi)|4|¬W|4m|βj.|J!(42)|;{A12}|π!|4|4|4|4Although
19102 Lemma K may not look extrjxxe*?*?*?*?{A6}|→α_↓m|βv|4|¬W|4(e|βj|4
19107 α_↓|4e|βv)|4α_↓|4(d|βu|4α_↓|4d|βi)|4|¬W|4m|βj.|J!(42)|;
19108 {A12}|π!|4|4|4|4Although Lemma K may not look
19114 extremely powerful, it says (when |εM|βi|βj |πcontains
19121 an element in common with |εM|βu|βv |πand when
19129 |εm|βj, m|βv |πare reasonably small) that the
19136 number of doublings between steps |εi |πand able
19144 to prove a result analogous to Theorem B above,
19153 that |εl|≤⊂(n)|4α=↓|4e|β0|4α+↓|4t, |πprovided
19156 that the |εe|βj |πare far enough aprat. The next
19165 theorem shows how this can be done.|'{A12}|≡T|≡h|≡e|≡o|≡r|≡e
19172 |≡m |≡H (W. Hansen, |εJ. reine und angew. Math.
19181 |≡2|≡0|≡2 (1959), 129<136.)|9|4Let n|4α=↓|42|ge|r0|4α+↓|42|g
19184 e|r1|4α+↓|1|1|¬O|4|¬O|4|¬O|1|1α+↓|42|ge|rt, e|β0|4|¬Q|4e|β1|
19185 4|¬Q|1|1|¬O|4|¬O|4|¬O|1|1|¬Q|4e|βt|4|¬R|40. If|'
19187 *?{A6}e|β0|4|¬Q|42e|β1|4α+↓|43.271(t|4α_↓|41)!|πand!|εe|βi|βα
19187 _↓|β1|4|¬R|4e|βi|4α+↓|42m!|πfor!|ε1|4|¬E|4i|4|¬E|4t,|J!(43)|
19187 ;{A6}where |εm|4α=↓|42|ur|"l3.271(tα_↓1)|"L|)|)|4α_↓|4t,
19190 then l|≤⊂(n)|4α=↓|4e|β0|4α+↓|4t.|'|Hβ*?*?*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!
19192