Computing all m i ’s and H i ’s

3.6 The σ decomposition

3.6.1 Computing all m i ’s and H i ’s

In order to motivate the general algorithm, we first briefly explain how to compute the integer m and string H at a rational point (x, y) ∈ _K2 _of _V₍_{F, G}_{), assuming such a}

point exists. In this case, the process is straightforward: simply evaluate all required derivatives at (x, y), and stop as soon as we find a nonzero value. This is detailed in Algorithm m H rational, where we use a function zero index((x, y),[r1, . . . , rN]) that

returns the smallest index isuch that ri(x, y) vanishes (with indices starting at one).

Algorithm 4: m H rational(F, G, x, y) Input: (F, G) in _K[X, Y], a point (x, y) in V =V(F, G) Output: (m,H) 1 d= max(deg(F),deg(G)) 2 R = [∂F_∂Y,∂G_∂Y, . . . ,∂ d_F ∂Yd, ∂d_G ∂Yd] 3 n =zero index((x, y), R) 4 if n is odd then 5 return ((n+ 1)/2,”F”) 6 else 7 return (n/2,”G”) 8 end

Given the Shape Lemma representation (P, S) of V, we follow the same approach. The only significant difference is that zero-tests are replaced by the splitting mechanism of Algorithmzero index.

To describe the output, note that we can partition V into subsets Vm1,H1, . . . , Vms,Hs,

for pairwise distinct (mi,Hi), where Vmi,Hi is the subset of V consisting of all (x, y) such

that σ(x, y) = (mi,Hi, . . .). The output of the following algorithm compute m H is the

sequence [ (Pi, Si, mi,Hi) ]1≤i≤s such that (Pi, Si) is the Shape Lemma representation of

Vmi,Hi (this output, just like the partition Vm1,H1, . . . , Vms,Hs, is uniquely defined up to

order).

In particular, notice that for all i, ∂mi−1Hi

∂Ymi−1(X, Si) = 0 moduloPi and ∂

m_H i

∂Ymi(X, Si) is a

Algorithm 5: compute m H(F, G, P, S)

Input: (F, G) in _K[X, Y], the Shape Lemma representation (P, S) of V =V(F, G)

Output: a sequence [ (Pi, Si, mi,Hi) ]1≤i≤s 1 d= max(deg(F),deg(G)) 2 R₀ = [∂F_∂Y,∂G_∂Y, . . . ,∂ d_F ∂Yd, ∂d_G ∂Yd] 3 R = [r modhP, Y −Si | r ∈R₀]

4 K =zero index(P, R) K is a sequence of the form [ (P_i, n_i) ] 5 W = [ ] 6 for (Pi, ni) in K do 7 Si =SmodPi 8 if n_i is odd then 9 append (P_i, S_i,(n_i+ 1)/2,”F”) to W 10 else 11 append (P_i, S_i, n_i/2,”G”) to W 12 end 13 end 14 return S

Lemma 17. Algorithmcompute m H is correct. When_K=_Fp, one can implement it so

that to take d3+ε_O_˜(log(_p₎₎ _{bit operations.}

Proof. Correctness of the algorithm directly follows from the correctness ofzero index,

and the fact that allmi’s are at mostd, as proved in the deflation lemma.

For the complexity analysis in the particular case _K= _Fp, we know that the cost of

zero index is quasi-linear, so all that matters is the cost of computing polynomials R, at steps 2 and 3.

This is achieved by calling Algorithm normal formsof Proposition 3, with inputt = 1, and L, L0, L00, F, where L is the list [(0, d)], L0 is the list [P] and L00 is the list [S]. In order to satisfy the required assumption HNF, let us write d0 =dd3/2e; then, the product me =de admits the upper bound d3 =O(d02), so we are under the assumptions of that proposition, up to replacing d by d0. As noted in Section 3.4, the output (F1) of this

algorithm takes the form

F1 = d X µ=0 1 µ!Dµζ µ_;

since the index n was chosen to be zero, the entry of L00 depends only onX, Dµ writes

Dµ=

∂µF

∂Yµ(X, S) mod hP(X)i,

so it gives half the polynomials we wanted. Doing the same withG, we obtain all normal forms we required.

In terms of complexity, for any ε > 0, calling Proposition 3 can be done in

d02+εO˜(log(p)) bit operations; this is d3+εO˜(log(p)), as claimed. All other costs are negligible.

Suppose that we are over _K = _Q, and that F and G are in _Z[X, Y]. The following discussion gives conditions under which the above calculation admits a good reduction at a prime p.

Lemma 18. There exists an explicitly computable function∆3,1(d, h, `) = (dh`)O(1) such

that the following holds.

Suppose that F and G are polynomials in _Z[X, Y], with no nontrivial common factor and in general position, with degree at most d and height at most h. Suppose as well that

P and S have height at most `. There exists a nonzero integer δ3,1 such that:

• δ3,1 has height at most ∆3,1(d, h, `);

• for any prime p that satisfies the following conditions:

– p does not divide δ3,1,

– SL(F, G) mod p=SL(F modp, Gmodp),

– for any subset W of V(F, G) defined over _Q, p cancels no denominator in

SL(W),

the sequence obtained from compute m H(F, G, P, S) modp coincides with the output of compute m H(F modp, Gmodp, P modp, S modp).

Proof. Let [ (Pi, Si, mi,Hi) ]1≤i≤s be the output of compute m H(F, G, P, S) modp.

For a given index i in {1, . . . , s}, the corresponding integer mi is characterized as fol-

lows: for each entry, say H, of index less than mi in the sequence [∂F_∂Y,∂G_∂Y, . . . ,∂

d_F

∂Yd,

∂d_G

∂Yd], H(X, Si(X)) = 0 modPi; for the entry Hi, gcd(Hi(X, Si(X)), Pi) = 1. This latter con-

dition is equivalent to Hi vanishing nowhere on V(Pi(X), Y −Si(X)).

Thus, the polynomials Pi, Si, Hi satisfy conditions C0 and C1 of Proposition 1. We

claim that we can take forδ3,1the product of the integersδ1associated by that proposition

Let then p be a prime such that (P modp, S modp) = SL(F modp, Gmodp) and such that for any subset W of V(F, G) defined over _Q, p cancels no denominator in

SL(W); assume as well that does not divide δ3,1.

Then, allPi’s andSi’s can be reduced modulop; besides, becauseP remains squarefree

modulo p, this is also the case for all Pi’s. Thus, the polynomials [ (Pi modp, Si mod

p) ]1≤i≤s] form the Shape Lemma representations ofsomepartition ofV(F modp, Gmod

p). It remains to see whether this is the same partition as the one induced by running the algorithm over _Fp, with input (F, G, P, S) mod p.

The calculation of Algorithm 14 reduces well modulo p as soon as zero index does (all other steps clearly admits a good reduction modulo p). In view of the discussion in the first paragraph, we are led to consider how the relationsH(X, Si(X)) = 0 modPi or

H(Xi, Si(X)) = 0 modPi that hold overQ reduce modulo p.

Of course, a relation of the form H(X, Si(X)) = 0 modPi will remain true modulo

p, for any p which which both sides make sense. The more delicate question is whether the relation gcd(H(X, Si(X)), Pi) = 1 remains true after reduction. Proposition 1 shows

that as soon as p does not divide the integerδ1 associated to Pi, Si, Hi, the gcd remains

one modulo p, as requested.

Thus, our claims are proved, except for the upper bound on the height δ3,1. This

follows directly from Proposition 1, and the fact that there are at most d2 indices i to take into account.

In document On The Applications of Lifting Techniques (Page 75-78)