Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Rigorous methods for computational number theory

Koen de Boer, Alice Pellet-Mary, Benjamin Wesolowski

TL;DR

The paper presents the first rigorous algorithm for computing class groups and unit groups of arbitrary number fields in probabilistic subexponential time under ERH, by introducing a general, provable ideal-sampling strategy that handles smooth and near-prime families. It blends Arakelov ray class group theory, lattice basis reduction (BKZ), and discrete Gaussian sampling to convert heuristic sampling steps into rigorously analyzed processes, and then applies it to obtain a full computation of class groups and unit groups, with complexity bounds tied to L-functions and the Dedekind zeta residue. A two-part structure is developed: Part I proves a general sampling theorem ensuring densities drive success rates, while Part II provides the provable lattice-based machinery (log-S-unit lattices, BKZ variants, and post-processing) that yields the final rigorous algorithm. The work thus transforms long-standing heuristic subexponential class-group computations into a framework with explicit probabilistic guarantees, contingent on ERH, and with broad implications for related problems in computational number theory like principal ideals and discrete logarithms.

Abstract

We present the first algorithm for computing class groups and unit groups of arbitrary number fields that provably runs in probabilistic subexponential time, assuming the Extended Riemann Hypothesis (ERH). Previous subexponential algorithms were either restricted to imaginary quadratic fields, or relied on several heuristic assumptions that have long resisted rigorous analysis. The heart of our method is a new general strategy to provably solve a recurring computational problem in number theory (assuming ERH): given an ideal class $[\mathfrak{a}]$ of a number field $K$, sample an ideal $\mathfrak b \in [\mathfrak{a}]$ belonging to a particular family of ideals (e.g., the family of smooth ideals, or near-prime ideals). More precisely, let $\mathcal{S}$ be an arbitrary family of ideals, and $\mathcal{S}_B$ the family of $B$-smooth ideals. We describe an efficient algorithm that samples ideals $\mathfrak b \in [\mathfrak{a}]$ such that $\mathfrak b \in \mathcal{S} \cdot\mathcal{S}_B$ with probability proportional to the density of $\mathcal{S}$ within the set of all ideals. The case where $\mathcal{S}$ is the set of prime ideals yields the family $\mathcal{S}\cdot\mathcal{S}_B$ of near-prime ideals, of particular interest in that it constitutes a dense family of efficiently factorable ideals. The case of smooth ideals $\mathcal{S} = \mathcal{S}_B$ regularly comes up in index-calculus algorithms (notably to compute class groups and unit groups), where it has long constituted a theoretical obstacle overcome only by heuristic arguments.

Rigorous methods for computational number theory

TL;DR

The paper presents the first rigorous algorithm for computing class groups and unit groups of arbitrary number fields in probabilistic subexponential time under ERH, by introducing a general, provable ideal-sampling strategy that handles smooth and near-prime families. It blends Arakelov ray class group theory, lattice basis reduction (BKZ), and discrete Gaussian sampling to convert heuristic sampling steps into rigorously analyzed processes, and then applies it to obtain a full computation of class groups and unit groups, with complexity bounds tied to L-functions and the Dedekind zeta residue. A two-part structure is developed: Part I proves a general sampling theorem ensuring densities drive success rates, while Part II provides the provable lattice-based machinery (log-S-unit lattices, BKZ variants, and post-processing) that yields the final rigorous algorithm. The work thus transforms long-standing heuristic subexponential class-group computations into a framework with explicit probabilistic guarantees, contingent on ERH, and with broad implications for related problems in computational number theory like principal ideals and discrete logarithms.

Abstract

We present the first algorithm for computing class groups and unit groups of arbitrary number fields that provably runs in probabilistic subexponential time, assuming the Extended Riemann Hypothesis (ERH). Previous subexponential algorithms were either restricted to imaginary quadratic fields, or relied on several heuristic assumptions that have long resisted rigorous analysis. The heart of our method is a new general strategy to provably solve a recurring computational problem in number theory (assuming ERH): given an ideal class of a number field , sample an ideal belonging to a particular family of ideals (e.g., the family of smooth ideals, or near-prime ideals). More precisely, let be an arbitrary family of ideals, and the family of -smooth ideals. We describe an efficient algorithm that samples ideals such that with probability proportional to the density of within the set of all ideals. The case where is the set of prime ideals yields the family of near-prime ideals, of particular interest in that it constitutes a dense family of efficiently factorable ideals. The case of smooth ideals regularly comes up in index-calculus algorithms (notably to compute class groups and unit groups), where it has long constituted a theoretical obstacle overcome only by heuristic arguments.

Paper Structure

This paper contains 134 sections, 117 theorems, 499 equations, 5 figures, 7 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Notation
  4. The Extended Riemann Hypothesis
  5. Euclidean lattices
  6. Number fields
  7. Ideal lattices
  8. Representation of elements and ideals
  9. The logarithmic embedding
  10. Divisors
  11. Probabilities and (Discrete) Gaussian distributions
  12. Acknowledgements
  13. Sampling ideals in a class: smooth, near-prime or otherwise
  14. Introduction
  15. Background on the Arakelov class group
  16. ...and 119 more sections

Key Result

Theorem 1.1

Assuming ERH, there is a randomized algorithm $\mathcal{A}$ such that the following holds. Let $K$ be a number field, with degree $n$, discriminant $\Delta_K$, and let an LLL-reduced basis of the ring of integers $\mathcal{O}_K$ be given. Let $\mathfrak a \subseteq \mathcal{O}_K$ be an integral idea

Figures (5)

  • Figure 1: A commutative diagram of short exact sequences involving the Arakelov ray class group.
  • Figure 2: A depiction of the (dominant part of the) provable running time compared to the (dominant part of the) heuristic running time for number fields $K$, depending on $\log(\rho_K)$ and the value of $\log(|\Delta_K|)$ compared to the degree $n$. The blue line corresponds to the heuristic running time claimed in ANTS:BiasseFiecker14. The provable running time of the ${\mathbb{S}}$-unit algorithm of the present work varies between the blue and red lines, depending on $\log(\rho_K)$. The running time can be found in this graph by first searching the point $\log|\Delta_K|$ (in terms of powers of the degree $n$) on the $x$-axis, and then read off, depending on the size of $\log(\rho_K)$, where between the blue and red line the (logarithm of the) run time must be. For number fields with $\log(\rho_K) \leq n^{2/3}$, the running time is dictated by the blue line, and when $\log(\rho_K) \geq n$, the complexity is dictated by the red line.
  • Figure : Uniform sampling in $x \cdot ((\mathfrak b + \gamma) \cap \tau K^{\mathfrak{m},1}) \cap r {{\mathcal{B}}_\infty}$
  • Figure : Sampling of $\beta \in \mathfrak b$ such that $\beta \in \tau K^{\mathfrak{m},1}$
  • Figure : The BKZ' algorithm of Hanrot, Pujol and Stehlé, for integer bases

Theorems & Definitions (262)

  • Theorem 1.1: ERH
  • Remark 1.2
  • Theorem 1.3: ERH
  • Definition 2.1
  • Definition 2.2: Generating radius
  • Lemma 2.3
  • proof
  • Lemma 2.3
  • proof
  • Definition 2.4
  • ...and 252 more