Prime Numbers

246 Chapter 5 EXPONENTIAL FACTORING ALGORITHMS
ax 2 1 + b1x1y1 + c1y 2 1 is coprime to a2. TobringB1 and b2 into agreement,
find integers r, s such that rA1 + sa2 =1,andletk = r(b2 − B1)/2. (Note
that b2 and B1 have the same parity as D.) Set B = B1+2kA1,sothatB ≡ b2
(mod 2a2). Then (see Exercise 5.18) (A1,B1,C ′ 1) is equivalent to (A1,B,C1)
for some integer C1,and(a2,b2,c2) is equivalent to (a2,B,C2) for some integer
C2. LetA2 = a2, and we are done. ✷
Given two primitive quadratic forms (a1,b1,c1), (a2,b2,c2) of discriminant
D, let(A1,B,C1), (A2,B,C2) be the respectively equivalent forms given in
Lemma 5.6.6. We define a certain operation like so:
〈a1,b1,c1〉∗〈a2,b2,c2〉 = 〈a3,b3,c3〉,
where a3 = A1A2, b3 = B, c3 = C1/A2. (Note that A1C1 = A2C2 and
gcd(A1,A2) = 1 imply that C1/A2 is an integer.) Then Lemma 5.6.5 asserts
that “∗” is a well-defined binary operation on C(D). This is the composition
operation that we alluded to above. It is clearly commutative, and the
proof that it is associative is completely straightforward. If D is even, then
〈1, 0,D/4〉 acts as an identity for ∗, while if D is odd, then 〈1, 1, (1−D)/4〉 acts
as an identity. We denote this identity by 1D. Finally, if 〈a, b, c〉 is in C(D),
then 〈a, b, c〉 ∗〈c, b, a〉 =1D (see Exercise 5.20). We thus have that C(D) is
an abelian group under ∗. This is called the class group of primitive binary
quadratic forms of discriminant D.
It is possible to trace through the above argument and come up with an
algorithm for the composition of forms. Here is a relatively compact procedure:
it may be found in [Shanks 1971] and in [Schoof 1982].
Algorithm 5.6.7 (Composition of forms). We are given two primitive
quadratic forms (a1,b1,c1), (a2,b2,c2) of the same negative discriminant. This
algorithm computes integers a3,b3,c3 such that 〈a1,b1,c1〉 ∗〈a2,b2,c2〉 =
〈a3,b3,c3〉.
1. [Extended Euclid operation]
g =gcd(a1,a2, (b1 + b2)/2);
Find u, v, w such that ua1 + va2 + w(b1 + b2)/2 =g;
2. [Final assignment]
Return the values:
a3 = a1a2
g2 , b3 = b2 +2 a2
g
b1 − b2
2
v − c2w , c3 = b23 − g
.
4a3
(To find the numbers g, u, v, w in Step [Extended Euclid operation] first use
Algorithm 2.1.4 to find integers U, V with h =gcd(a1,a2) =Ua1 + Va2,
and then to find integers U ′ ,V ′ with g = gcd(h, (b1 + b2)/2)) = U ′ h +
V ′ (b1 + b2)/2. Then u = U ′ U, v = U ′ V, w = V ′ .) We remark that even
if (a1,b1,c1), (a2,b2,c2) are reduced, the form (a3,b3,c3) thatisgenerated
by the algorithm need not be reduced. One can follow Algorithm 5.6.7 with
Algorithm 5.6.2 to get the reduced form in the class 〈a3,b3,c3〉.