Prime Numbers

6.2 Number field sieve 281
But sieve what? To begin to answer this question, let us begin with a
simpler question. Let us ignore the problem of having the product of the
a − bα being a square in Z[α] and instead focus just on the second property
that S is supposed to have, namely, the product of the a − bm is a square
in Z. Here, m is a fixed integer that we compute at the start. Say we let a, b
run over pairs of integers with 0 < |a|,b ≤ M, whereMis some large bound
(large enough so that there will be enough pairs a, b for us to be successful).
Then we have just the degree-1 homogeneous polynomial G(a, b) =a − bm,
which we sieve for smooth values, say B-smooth. We toss out any pair (a, b)
found with gcd(a, b) > 1. Once we have found more than π(B) + 1 such pairs,
linear algebra modulo 2 can be used on the exponent vectors corresponding
to the smooth values of G(a, b) to find a subset of them whose product is a
square.
This is all fine, but we are ignoring the hardest part of the problem: to
simultaneously have our set of pairs (a, b) have the additional property that
the product of a − bα is a square in Z[α].
Let the roots of f(x) in the complex numbers be α1,...,αd, where
α = α1. The norm of an element β = s0 + s1α + ··· + sd−1αd−1 in
the algebraic number field Q[α] (where the coefficients s0,s1,...,sd−1 are
arbitrary rational numbers) is simply the product of the complex numbers
s0 + s1αj + ···+ sd−1α d−1
j for j =1, 2,...,d. This complex number, denoted
by N(β), is actually a rational number, since it is a symmetric expression
in the roots α1,...,αd, and the elementary symmetric polynomials in these
roots are ±cj for j =0, 1,...,d− 1, which are integers. In particular, if the
rationals sj are all actually integers, then N(β) is an integer, too. (We shall
later refer to what is called the trace of β. This is the sum of the conjugates
s0 + s1αj + ···+ sd−1α d−1
j for j =1, 2,...,d.)
The norm function N is also fairly easily seen to be multiplicative, that
is, N(ββ ′ )=N(β)N(β ′ ). An important corollary goes: If β = γ 2 for some
γ ∈ Z[α], then N(β) is an integer square, namely the square of the integer
N(γ).
Thus, a necessary condition for the product of a − bα for (a, b) inS to be
a square in Z[α] is for the corresponding product of the integers N(a − bα)
to be a square in Z. Let us leave aside momentarily the question of whether
this condition is also sufficient and let us see how we might arrange for the
product of N(a − bα) tobeasquare.
We first note that
N(a − bα) =(a − bα1) ···(a − bαd)
= b d (a/b − α1) ···(a/b − αd)
= b d f(a/b),
since f(x) =(x − α1) ···(x − αd). Let F (x, y) be the homogeneous form of f,
namely,
F (x, y) =x d + cd−1x d−1 y + ···+ c0y d = y d f(x/y).