Prime Numbers

284 Chapter 6 SUBEXPONENTIAL FACTORING ALGORITHMS
That is, it is a ring; see [Marcus 1977]. In the case of f(x) =x 2 +1, the
algebraic integers in Q[i] constitute exactly the ring Z[i]. The ring Z[α] will
always be a subset of I, but in general, it will be a proper subset. For example,
consider the case where f(x) =x 2 − 5. The ring of all algebraic integers in
Q √ 5 is Z (1 + √ 5)/2 , which properly contains Z √ 5 .
We now summarize the situation regarding the exponent vectors for the
numbers a−bα. We say that a−bα is B-smooth if its norm N(a−bα) =F (a, b)
is B-smooth. For a, b coprime and a − bα being B-smooth, we associate to it
an exponent vector v(a − bα) that has entries vp,r(a − bα) for each pair (p, r),
where p is a prime number not exceeding B with r ∈ R(p). (Later we shall
use the notation v(a − bα) for a longer vector that contains within it what is
being considered here.) If a ≡ br (mod p), then we define vp,r(a − bα) =0.
Otherwise a ≡ br (mod p) andvp,r(a − bα) is defined to be the exponent on p
in the prime factorization of F (a, b). We have the following important result.
Lemma 6.2.1. If S is a set of coprime integer pairs a, b such that each
a − bα is B-smooth, and if
(a,b)∈S (a − bα) is the square of an element in I,
the ring of algebraic integers in Q[α], then
v(a − bα) ≡ 0 (mod2). (6.7)
(a,b)∈S
Proof. We begin with a brief discussion of what the numbers vp,r(a − bα)
represent. It is well known in algebraic number theory that the ring I is a
Dedekind domain; see [Marcus 1977]. In particular, nonzero ideals of I may
be uniquely factored into prime ideals. We also use the concept of norm of an
ideal: If J is a nonzero ideal of I, thenN(J) is the number of elements in the
(finite) quotient ring I/J. (The norm of the zero ideal is defined to be zero.)
The norm function is multiplicative on ideals, that is, N(J1J2) =N(J1)N(J2)
for any ideals J1,J2 in I. The connection with the norm of an element of I
and the norm of the principal ideal it generates is beautiful: If β ∈I,then
N((β)) = |N(β)|.
If p is a prime number and r ∈ R(p), let P1,...,Pk be the prime ideals of
I that divide the ideal (p, α − r). (This ideal is not the unit ideal, since
N(α − r) = f(r), an integer divisible by p.) There are positive integers
e1,...,ek such that N(Pj) =p ej for j =1,...,k. The usual situation is that
k =1,e1 = 1, and that (p, α − r) =P1. In fact, this scenario occurs whenever
p does not divide the index of Z[α] inI; see [Marcus 1977]. However, we will
deal with the general case.
Note that if r ′ ∈ R(p) andr ′ = r, then the prime ideals that divide
(p, α − r) are different from the prime ideals that divide (p, α − r ′ ); that is,
the ideals (p, α − r ′ )and(p, α − r) are coprime. This observation follows,
since the integer r − r ′ is coprime to the prime p. In addition, if a, b are
integers, then a − bα ∈ (p, α − r) if and only if a ≡ br (mod p). To see this,
write a − bα = a − br − b(α − r), so that a − bα ∈ (p, α − r) ifandonly
if a − br ∈ (p, α − r), if and only if a ≡ br (mod p). We need one further
property: If a, b are coprime integers, a ≡ br (mod p), and if P is a prime