Schemes for Deterministic Polynomial Factoring

Sc hemes for Determini s tic P olynomial F actoring G´ ab or Iv an y os ∗ Marek Karpinski † Nitin Saxena ‡ Octob er 29, 20 18 Abstract In this w ork w e relate the deterministic complexity of factoring p olynomials (ov er fi nite fields) to certain com binatorial ob jects w e call m -schemes. W e extend the know n conditional deterministic sub exp onential t ime p olynomial factoring algorithm for finite fields to get an underlying m - sc heme. W e demonstrate how the properties of m -schemes relate to impro ve- ments in th e det erministic complexity of factori ng p olyn omials ov er finite fields assuming the generalized Riemann Hyp othesis (GRH). I n particular, we give the first deterministic p oly- nomial time algorithm (assuming GRH) to find a nontri vial factor of a p olynomial of prime degree n where ( n − 1) is a smooth num b er. Keywo rds: Polynomials, F actoring, Deterministic, Schemes, GRH . 1 In tro duction W e consider the cla ssical problem of finding a nontrivial factor of a g iven p olynomia l ov er a finite field. This problem has v arious randomized p olynomial time algorithms – Berlek amp [Ber67], Cantor a nd Zassenha us [CZ81], von zur Gathen and Shoup [GS92], Kalto fen a nd Shoup [KS98] – but its deterministic complexity is a long standing op en pr oblem. In this pape r we study the deterministic complexity of the pro blem as suming the generalized Riemann Hyp othesis (GRH). The assumption of GRH in this pap er is needed only to find primitive r -th nonresidues in a finite field F q which a re in turn used to find a r o ot x (if it exists in F q ) of “s pecia l” polyno mials: x r − a ov er F q (see [Evd8 9]). Assuming GRH, there ar e many d eterministic factor ing algorithms known but all of them are exponential-time except on sp ecial ins tances. R´ ony ai [R´ o92] showed under GRH that any po lynomial f ( x ) ∈ Z [ x ], such that Q [ x ] / ( f ) is a Ga lois extension, can b e factor ed mo dulo p in de- terministic p olynomia l time except for finitely many primes p . R´ onyai’s result g eneralizes previous results by Huang [Hua91], Evdokimov [Evd89] and Adleman, Ma nders a nd Miller [AMM77]. Over sp ecial finite fields, Ba ch, von zur Gathen and Lenstra [B GL01] s how ed that po lynomials ov er finite fields of c haracter istic p can b e facto red in deter ministic p olynomial time if φ k ( p ) is smo o th for some in teger k , where φ k ( x ) is the k -th cyclotomic p oly nomial. This result generaliz es the previous works o f R´ ony ai [R´ o 89], Mignotte and Schnorr [MS8 8], von zur Ga then [vzG87], Camion [Cam83] and Mo enck [Mo e 77]. The line o f resea rch that we extend in this pa per was started by R´ on yai [R´ o8 8]. There it was shown how to use GRH to find a nontrivial factor of a p olynomia l f ( x ), where the degr ee n of f ( x ) has a small prime factor , in deterministic p olynomia l time. The basic idea of [R´ o88], in the ca se whe n n is even, was to g o to a ring extension A (2) := F q [ x 1 , x 2 ] / ( f ( x 1 ) , f 2 ( x 1 , x 2 )) of A (1) := F q [ x 1 ] / ( f ( x 1 )), where f 2 ( x 1 , x 2 ) := f ( x 2 ) x 2 − x 1 , and then use the s ymmetry of A (2) to ∗ Computer and Automation Researc h Institute of the Hungarian Academ y of Science s, L´ agym´ an yosi u. 11, 1111 Budapest, Hungary . E-mai l : Gabor.Ivany os@sztaki.hu † Departmen t of Computer Science, Univ ersity of Bonn, 53117 Bonn, Germany . E-mail: marek@cs. uni-bonn.de ‡ Hausdorff Cent er f or Mathematics, Endenic her Allee 60, 53115 Bonn, Germany . E-mail: ns@hcm.uni-bo nn.de 1 decomp ose A (2) under GRH. A decompo sition of A (2) gives us a nontrivial factor of f ( x ) since n is even. [R´ o 88] sho wed that this basic idea can be extended to the case when a prime r | n but then the deterministic algor ithm finds a non trivial factor o f f ( x ) in time pol y (log q, n r ). The n r depe ndence app ears in the complexity estimate becaus e this is roughly the dimension o f the algebras, like: F q [ x 1 , . . . , x r ] / ( f ( x 1 ) , . . . , f r ( x 1 , . . . , x r )) (1) in whic h the algorithm does computation. Naively , it w ould seem that this algorithm will tak e time pol y (log q, n n ) in the worst ca se (for ex ample w hen n is a prime). But E vdokimov [Evd94] show ed that R´ ony ai’s a lgorithm c an b e mo dified s uc h that it is enough to work with algebras like (1) with r = log n , thus, p olynomial factor ing can b e done deterministically in time poly (log q , n log n ) under GRH. W e ex tend Evdokimov’s algorithm and show that our a lgorithm has an under lying natural combinatorial structure that we ca ll a n m -scheme (a genera lization of sup erschemes intro duced by Smith [Smi94]). An m -scheme on n p oints is, roughly spea king, a partition P o f the se t [ n ] m , where [ n ] denotes the set { 1 , . . . , n } : [ n ] m = ∪ P ∈P P that satisfies certain “natural” prop erties (defined in Section 2 ). There is an abundance of exa mples of m -schemes in algebraic combinatorics: • a r egular graph on n vertices is an example of a 2 -scheme o n n points, • a s trongly reg ular graph on n vertices is a n example of a 3 -scheme o n n points, • an a sso ciation scheme (see [Zie]) gives rise to a 3-scheme and vice-versa. See Section 2 .2 for these k ind of examples. • n -schemes o n n points always ar ise fr om gro ups. See Section 2.3 for cons tructing them from groups and [Smi94] for the con verse. This imp ortant example sugg ests that m -schemes can be considered as a g eneralizatio n of finite g roups. • curiously enoug h, m -s c hemes on n p oints also app ear when the ( m − 1)-dimensiona l W eisfeiler- Lehman method for gra ph isomorphism is applied to a gr aph on n v ertices , see [CFI92]. The m -schemes that a ppea r in o ur po lynomial factoring algorithm p osses s a sp ecial structur e and we b elieve tha t their pr op erties can b e exploited to get a deterministic and efficient p olynomial factoring alg orithm (under GRH). W e demonstrate tha t this belief infact works in sev era l ca ses. It is a standar d re sult that to solve p olynomial factor ing it is enough to factor p olynomia ls that split completely ov er prime fields (see Berlek amp [Ber6 7, Ber70] a nd Zas senhaus [Zas69]). Thu s, we will as sume in this pa per that the input p oly nomial f ( x ) o f deg ree n has n distinct r o ots in F p for some prime p . Our algor ithm for factoring f ( x ) constructs an r -s c heme o n the n ro ots while working in the algebra of Equation (1), ov er a suitable F q ⊇ F p . W e give several results in this w ork showing how to utilise the proper ties o f these under lying r -schemes to efficiently find a nontrivial factor of f ( x ). The pap er is org anized as follows. W e forma lly define m -s chem es in Section 2 and exhibit t wo imp ortant examples. In Section 3 we introduce our framework of the tensor powers A ⊗ m of the algebr a A := F p [ x ] / ( f ( x )) and present our algor ithm that co nstructs a n underlying m - scheme, on the n ro o ts of f ( x ), while w or king in A ⊗ m . In Sec tion 4 we show how to interpret Evdokimov’s sub exp onential algorithm in our framework of m -schem es and g ive a conjecture ab out the s tructure of m -schemes which if true would ma k e our algo rithm deterministic p olynomial time under GRH. W e also prov e the conjecture in the impo rtant ex ample of m -schemes arising from groups. In Section 5 we show that our fra mework o f m -schemes finds a nontrivial factor o f f ( x ) in deterministic p olynomia l time under GRH if n is a prime and ( n − 1) is smo oth. In Section 6 we s how that the levels r (a s in E quation (1)) in Evdokimov’s a lgorithm can be reduced to log n 1 . 5 2 using prop er ties of m -schemes. In Section 7 we in tro duce a concept of primitivity in m -schemes, inspired from the connectivity o f graphs, and give some hints ho w it could improv e the factoring algorithm. 2 In tro ducing m -sc hemes In this section w e define sp ecial partitions of the set [ n ] m that w e call m -schemes on n p oints. These combinatorial ob jects ar e closely re lated to sup er schemes whic h were first de fined by [Smi94]. 2.1 Basic definitions Let V = { v 1 , . . . , v n } b e a set of n distinct element s. F or 1 ≤ s ≤ n , define the set of s - tuples: V ( s ) := { ( v i 1 , . . . , v i s ) ∈ V s | v i 1 , . . . , v i s are s distinct elements of V } . If s > 1 there are s pro jections π s 1 , . . . , π s s : V ( s ) → V ( s − 1) given as: π s i : ( v 1 , . . . , v i − 1 , v i , v i +1 , . . . , v s ) 7→ ( v 1 , . . . , v i − 1 , v i +1 , . . . , v s ) . The s ymmetric gr oup on s e lemen ts Symm s acts on V ( s ) in a natural way by p er m uting the co ordinates of the s -tuples . T o b e more accurate, the action is the following: for σ ∈ Symm s , ( v 1 , . . . , v i , . . . , v s ) σ = ( v 1 σ , . . . , v i σ , . . . , v s σ ) . F or 1 ≤ m ≤ n an m - c ol le ction o n V is a colle ction Π of partitions P 1 , P 2 , . . . , P m of V = V (1) , V (2) , . . . , V ( m ) resp ectively . F or 1 ≤ s ≤ m we denote by ≡ P s the equiv alence relation on V ( s ) corres po nding to the partition P s . W e call the e quiv alence classes of ≡ P s c olors at level s . W e define b elow some natural prop erties of collections that are rele v ant to us. Let Π = {P 1 , P 2 , . . . , P m } be an m -collection o n V . Compatibili t y: W e say that Π is c omp atible at level 1 < s ≤ m if ¯ u , ¯ v ∈ P ∈ P s implies that for every 1 ≤ i ≤ s there ex ists Q ∈ P s − 1 such that π s i ( ¯ u ) , π s i ( ¯ v ) ∈ Q . In other words, if tw o tuples (at level s ) hav e the same color then for ev ery pro jection the pro jected tuples (at level s − 1) ha ve the sa me co lor as well. It follows tha t for a class P ∈ P s , the sets π s i ( P ) := { π s i ( ¯ v ) | ¯ v ∈ P } , for all i ∈ [ s ], are co lors in P s − 1 . Regularity : W e say that Π is r e gular at lev el 1 < s ≤ m if ¯ u, ¯ v ∈ Q ∈ P s − 1 implies that for every 1 ≤ i ≤ s and for ev ery P ∈ P s , # { ¯ u ′ ∈ P | π s i ( ¯ u ′ ) = ¯ u } = # { ¯ v ′ ∈ P | π s i ( ¯ v ′ ) = ¯ v } W e call the tuples in P ∩ ( π s i ) − 1 ( ¯ u ) a s π s i -fib ers of ¯ u in P . So regular it y , in o ther words, mea ns that the cardinalities of the fib ers above a tuple dep end only on the color of the tuple. The above t wo prop erties motiv ate the definition of the sub de gr e e of a c olor P over a c olor Q as # P # Q when Π is compatible and reg ular at level s and π s i ( P ) = Q for so me i . In v ariance: An m -c ollection is invariant at level 1 < s ≤ m if for every P ∈ P s , a nd σ ∈ Symm s we have: P σ := { ¯ v σ | ¯ v ∈ P } ∈ P s . In o ther words, the par titions P 1 , . . . , P m are in v a riant under the a ction o f the cor resp onding symmetric gr oup. Homogenei t y: W e say that the m -collection Π is homo gene ous if |P 1 | = 1. Symmetry: W e say tha t an m -collectio n Π is symmetric at level s if for every P ∈ P s and σ ∈ Symm s , we hav e P σ = P . An tisymmetry: W e sa y that an m -collection Π is a ntisymmetric at level s if for every P ∈ P s and 1 6 = σ ∈ Symm s , we hav e P σ 6 = P . 3 Definition 1. An m -c ol le ction is c al le d c omp atible, r e gular, invariant, symmetric, or antisymmet- ric if it is at every level 1 < s ≤ m c omp atible, r e gular, invariant, symm et ric, or antisymmetric r esp e ct ively. An m -c ol le ction is c al le d an m -scheme if it is c omp atible, r e gular and invariant. W e s hould remark that the m -schemes that app ear in our factor ing algorithm are homogeneous and antisymmetric as w ell. Let us now s ee some easily describa ble examples of m -schemes. 2.2 Example: 3 -sc hemes from c oheren t configurations Coherent configurations ar e standard co mb inator ial ob jects that hav e strongly regular gr aphs as examples (se e [Came99]). Recall that a coherent configuration is just a 2 -scheme {P 1 , P 2 } that also has a comp ositio n prop erty: Comp osi tion: F o r any P i , P j , P k ∈ P 2 and an ( α, β ) ∈ P k the num b er: # { γ ∈ V | ( α, γ ) ∈ P i and ( γ , β ) ∈ P j } is independent of which tuple ( α, β ) in P k we chose. In other words, the relations P i and P j can be “comp osed” to get a bigger relatio n that is just a “linear combination” of the relations in P 2 . In the literature a homog eneous coherent configuration is usually ca lled an asso ciation scheme . In this p ap er we do not enforce symmetricit y or an tisymmetricity in the definition of an asso ciation scheme. Coherent configurations a nd 3-schemes are similar notions. F rom a coher ent co nfiguration {P 1 , P 2 } we can define a partition P 3 on the triples such that for any tw o triples ( u 1 , u 2 , u 3 ) and ( v 1 , v 2 , v 3 ) we hav e: ( u 1 , u 2 , u 3 ) ≡ P 3 ( v 1 , v 2 , v 3 ) if and only if ( u 1 , u 2 ) ≡ P 2 ( v 1 , v 2 ), ( u 1 , u 3 ) ≡ P 2 ( v 1 , v 3 ), ( u 2 , u 3 ) ≡ P 2 ( v 2 , v 3 ). It follows that for P ∈ P 3 , the cardinality # { u 3 ∈ V | ( u 1 , u 2 , u 3 ) ∈ P } of the π 3 3 -fib ers of ( u 1 , u 2 ) in P is exa ctly # { u 3 ∈ V | ( u 1 , u 3 ) ∈ π 3 2 ( P ) and ( u 2 , u 3 ) ∈ π 3 1 ( P ) } and thu s regularity at level 3 is equiv alent to the compo sition pro per t y of {P 1 , P 2 } . It is ea sy to show that {P 1 , P 2 , P 3 } als o satisfies co mpatibilit y and in v a riance, thus, it is a 3 -scheme. Similarly , a co n verse can b e shown: Lemma 2. If Π = {P 1 , P 2 , P 3 } is a homo gene ous 3 -scheme then {P 1 , P 2 } is an asso ciation scheme. Pr o of. By the hypo thesis w e alrea dy hav e that {P 1 , P 2 } is a homog eneous 2- scheme. Thus, we only need to show the comp osition pro per t y . Let P i , P j , P k ∈ P 2 and let ( α, β ) ∈ P k . Then by compatibility at level 3 ther e exists a subset S ⊆ P 3 such tha t the set: { γ ∈ V | ( α, γ ) ∈ P i , ( γ , β ) ∈ P j } can b e partitioned as: ⊔ P ∈S { γ ∈ V | ( α, γ ) ∈ P i , ( γ , β ) ∈ P j , ( α, γ , β ) ∈ P } which a gain by the compatibilit y of Π at lev el 3 is: ⊔ P ∈S { γ ∈ V | ( α, γ , β ) ∈ P } now by the regular it y of Π at level 3 the size of the ab ov e sets is simply # P # P k which is independent of the c hoice o f ( α, β ). Thus, {P 1 , P 2 } has the comp osition prope rty . ✷ 4 2.3 Example: orbit sc hemes Perm utation groups pr ovide a host o f examples (se e [Smi94]). Let G ≤ Symm V be a p ermutation group. The orbits o f G on the s -tuples (1 ≤ s ≤ m ≤ n ) giv e a n m -s cheme. More formally , define the partition P s as: for any tw o s -tuples ( u 1 , . . . , u s ) and ( v 1 , . . . , v s ) in V ( s ) , ( u 1 , . . . , u s ) ≡ P s ( v 1 , . . . , v s ) iff ∃ σ ∈ G , ( σ ( u 1 ) , . . . , σ ( u s )) = ( v 1 , . . . , v s ). It is easy to see that these partitions naturally satisfy co mpatibilit y , regular it y and inv ariance pro per ties and hence form an m -scheme. W e call m -schemes arising in this wa y orbit m -s chemes . The orbit sc heme is homogeneous if and only if G is transitive. F ur thermore, assume that G is transitive and for some int eger m < n , gcd( m ! , | G | ) = 1. Then the corresp onding orbit m -sc heme is a homog eneous ant isymmetric m - scheme. O ur attention to this cla ss of exa mples has b een drawn by D. Pasec hnik. A t the moment, we ar e not aw are of any other examples of homogeneous a n tisymmetric m - schemes with m → ∞ . The ho mogeneous antisymmetric m - schemes a re the ones that a rise in our factoring alg orithm and we do b elieve that their pa rameters satisfy more stringent conditions than the ge neral m -schemes. F o r a conjecture along these lines see Section 4.1 . 2.4 Difference b etw een v arious notions of sc hemes The term schemes a rises in the mathematical literature in many con texts. Our m -schemes should not b e confused with the notion of schemes in a lgebraic g eometry . How ever, our m -schemes ar e closely related to asso ciation schemes , sup erschemes (Smith [Smi94]) and heigh t t pr esup erschemes (W o jdy lo [W o j01]). Smith’s supers c hemes are m -schemes that also satisfy a suitable higher dimen- sional generalizatio n of the comp osition prop erty . It is not difficult to s ee that a super scheme on n p oints is just a n -scheme on n p oints. W o jdy lo’s heig ht t pre super scheme consists o f the bo ttom t levels of a supers cheme. In par ticular, a level 0 presupe rscheme is just an asso ciation sch eme. It can b e shown that a height t presup erscheme on n -p oints co nsists just of the fir st ( t + 2 ) levels of a ( t + 3)-scheme o n n points. 3 Decomp osition of tensor p o w ers of algebras In this section w e describ e our p olynomial factoring algor ithm a nd simultaneously s how how m - schemes a ppea r in the algor ithm. Recall that in the input w e ar e g iven a p olynomia l f ( x ) ∈ F p of degree n having distinct roots α 1 , . . . , α n in F p . F or any extension field k of F p we have the natura l asso ciated algebra A := k [ X ] / ( f ( X )). No te that A is a completely split semisimple n - dimensional algebra o ver the field k , i.e . A is isomorphic to k n the direct sum of n copies of the one-dimensional k -algebr a k . W e interpret A as the set of functions : V := { α 1 , . . . , α n } → k equipp ed with the p oint wise op era tions. Algo rithmically , we hav e A b y str ucture constants with resp ect to some basis b 1 , . . . , b n (for example, 1 , X , . . . , X n − 1 ) and the problem of factor ing f ( X ) completely can be viewed as finding an explicit is omorphism fr om A to k n . How do the factors of f ( X ) app e ar in A ? They a ppea r as zer o divisors in A . Recall that a zero divisor is a no nzero element z ( X ) ∈ A such tha t y ( X ) z ( X ) = 0 for some nonzer o element y ( X ) ∈ A . This mea ns tha t f ( X ) | y ( X ) · z ( X ) which implies (b y the nonzeroness of y and z ) g cd ( f ( X ) , z ( X )) factors f ( X ) nontrivially . As g cd of polynomia ls can be computed b y the deterministic polyno mial time Euclidea n alg orithm, we infer that finding a zer o divisor in the factor algebra k [ X ] / ( f ( X )) is – up to p olynomial time deterministic reductions – equiv alent to finding a nont rivia l divis or of f ( X ). F urthermore, co mputing an explicit isomor phism with k n is equiv alent to factoring f ( X ) completely . 5 How ar e the ide als of A r elate d to t he ro ots of f ( x ) ? L et I b e a n ideal of A . The supp ort of I , Supp( I ) is defined as Supp( I ) := V \ { v ∈ V | a ( v ) = 0 for ev ery a ∈ I } Conv ersely , fo r U ⊆ V , the ideal I( U ) is defined as: I( U ) := { b ∈ A | b ( u ) = 0 for every u ∈ U } and I ⊥ ( U ) is the annihilator o f I( U ): I ⊥ ( U ) := { a ∈ A | ab = 0 for every b ∈ I( U ) } . It can be easily seen that Supp is an inclusion preserv ing bijection fro m the idea ls o f A to the subsets of V with inverse map I ⊥ . In view of this cor resp ondence, partial decomp ositions of A int o sums o f pair wise or thogonal ideals corresp ond to partitions o f the set V . Let us formulate the ab ov e discussion in a lemma. Lemma 3. If I 1 , . . . , I t ar e p airwise ort ho gonal ide als of A such t hat A = I 1 + · · · + I t then V = Supp( I 1 ) ⊔ · · · ⊔ Supp( I t ) . W e no w move up to the tensor p ow ers of A and ther e we show a wa y o f getting the partitions of V ( m ) . F or m ∈ [ n ], let A ⊗ m denote the m th tensor pow er of A . A ⊗ m is also a completely split semisimple algebra; it is isomor phic to k n m . W e aga in interpret it as the alg ebra o f functions from V m to k . Note that in this in terpreta tion the ra nk 1 tenso r element h 1 ⊗ · · · ⊗ h m corres po nds to a function V m → k that maps ( x 1 , . . . , x m ) 7→ h 1 ( x 1 ) · · · h m ( x m ) . The essential p art A ( m ) of A ⊗ m is the ideal consisting o f the functions which v anish on all the m -tuples ( v 1 , . . . , v m ) with v i = v j for some i 6 = j . Then A ( m ) can b e in terpreted as the algebra of functions V ( m ) → k . W e show b elow that a basis for A ( m ) can be computed easily and then this is the algebra where our factoring a lgorithm do es computations. Lemma 4. Given f ( X ) , a p olynomial of de gr e e n having n distinct r o ots in F p , a b asis for A ( m ) = ( k [ X ] / ( f ( X ))) ( m ) over k ⊇ F p c an b e c ompute d by a deterministic algorithm in time pol y (log p, n m ) . Pr o of. T o s ee this, co nsider embeddings µ i of A into A ⊗ m ( i = 1 , . . . , m ) g iven as µ i ( a ) = 1 ⊗ . . . ⊗ 1 ⊗ a ⊗ 1 ⊗ . . . ⊗ 1 where a is of course in the i -th place. In the interpretation as functions, µ i ( A ) corres po nd to the functions on V m which dep end only on the i th elemen t in the tuples. O bserve that the set, for 1 ≤ i < j ≤ m : ∆ m i,j = { b ∈ A ⊗ m | ( µ i ( a ) − µ j ( a )) b = 0 for ev ery a ∈ A} is the ideal of A ⊗ m consisting of the functions which are zero on every tuple ( v 1 , . . . , v m ) with v i 6 = v j . Given a bas is for A , a basis for ∆ m i,j can b e co mputed by solv ing a system o f linea r equations in time p olynomial in the dimension of A ⊗ m (ov er k ) which is n m . Fina lly , notice that A ( m ) can b e computed as w ell since it is the annihilator of P 1 ≤ i 1. It is clea r tha t Q 2 = P (2) 1 is a disjoint union o f some color s in P 2 . Cho o se a smallest color P 2 ∈ P 2 with P 2 ⊆ Q 2 . By the definition of an m -scheme: π 2 1 ( P 2 ) = π 2 2 ( P 2 ) = P 1 . Also, by antisymmetry we ca n infer that d 2 := | P 2 | | P 1 | < d 1 / 2. If d 2 = 1 then P 2 is a matching. If d 2 > 1 then we pro ceed in the following iterative w ay . Supp ose that, fo r some 2 < s < m , we hav e already chosen co lors P 1 ∈ P 1 , . . . , P s − 1 ∈ P s − 1 with π i i − 1 ( P i ) = π i i ( P i ) = P i − 1 and 1 < d i := | P i | | P i − 1 | < d i − 1 / 2 for every 2 ≤ i ≤ s − 1. Since d s − 1 > 1, the set Q s = { ¯ v ∈ V ( s ) | π s s − 1 ( ¯ v ) ∈ P s − 1 , π s s ( ¯ v ) ∈ P s − 1 } is no nempt y . Let P s be a smallest class from P s with P s ⊆ Q s . Again antisymmetry implies that d s := | P s | | P s − 1 | < d s − 1 / 2. If d s = 1 then P s is clearly a matc hing. Otherwise we pro cee d to the level ( s + 1) and further halve the sub degree. T his pro cedure finds a matching in at mo st log 2 d 1 ≤ log 2 n r ounds. ✷ F rom our algo rithm in the la st section a nd the ab ov e tw o lemmas it follows tha t, under GRH, we can completely factor f ( x ) deter ministically in pol y (log p, n log n ) time. This is the r esult o f Evdokimov [Evd94]. It migh t be w orth noting th at in the above Lemma w e used an tisy mmetry (and ev en in v aria nce) merely at level 2. Indeed, if a compatible a nd reg ular m -collection {P 1 , . . . , P m } is antisymmet- ric at level 2 then for every 1 < s ≤ m a nd every s - element subset { v 1 , . . . , v s } ⊆ V w e have ( v 1 , . . . , v s − 1 , v s ) 6≡ P s ( v 1 , . . . , v s , v s − 1 ). (This can be seen by pro jecting to the last tw o co ordi- nates.) 4.1 A Conjecture ab out Matc hings Here we make a conjecture ab out the structure of homogeneous, a n tisymmetric 4-schemes and higher schemes. It might seem a bit unmotiv a ted but w e s how b elow, interestingly , that it is true in the case of orbit schemes. Note that or bit schemes are the only (infinite) family of 4 -schemes we c urrently know that are homo geneous and a n tisymmetric. Conjecture 11. Ther e exists a c onstant m ≥ 4 such t hat every homo gene ous , antisymmetric m -scheme c ontains a matching. It is clear b y Lemma 9 tha t a proof of this conjecture w ould result in a deterministic p olynomial time alg orithm for facto ring p olyno mials ov er finite fields (under GRH). W e will now show that Conjecture 1 1 holds, with m = 4, for the impor tant ex ample of o rbit schemes. It is eas y to see that the 2-s cheme associa ted to a pe rmut ation group G is a n tisymmetric if and only if | G | is o dd. Assume that G is a nontrivial permutation group of o dd o rder on V = { 1 , . . . , n } . Let H b e a subgroup minimally containing the sta bilizer G 1 of G . Let B = Orb( H , 1) be the orbit of 1 under the action of H . Then H acts as a primitive p ermutation group on B . Also, by [Ser96], there is a base o f size s ≤ 3 o f H . This is a subset { b 1 , . . . , b s } ⊆ B such that H b 1 ∩ · · · ∩ H b s = N , where where N is the kernel of the p ermutation representation o f H on B . W e as sume that this base is irredundant, in particular K = H b 1 ∩ · · · ∩ H b s − 1 > N . Since K b s = N < K there exists b s +1 ∈ Orb( K, b s ) \ { b s } . In order to simplify nota tion, we assume b 1 = 1 , b 2 = 2 , . . . , b s +1 = s + 1. The firs t e quality b 1 = 1 can b e ensured using the transitivity of H on B , while the others ca n be achieved b y r en umbering V . F ro m G 1 < H we infer that N = H 1 ∩ · · · ∩ H t = G 1 ∩ · · · ∩ G t holds fo r every t ∈ { 1 , . . . , s + 1 } . Let P be the G -orbit of (1 , . . . , s + 1). Since (1 , . . . , s − 1 , s ) and (1 , . . . , s − 1 , s + 1) a re in the same orbit, we hav e π s +1 s ( P ) = π s +1 s +1 ( P ). Also, since the (1 , . . . , s ) and (1 , . . . , s, s + 1) b oth hav e stabilizer N , the s ize of the orbits of both tuples co incide with | G : N | . These prop erties imply that P is a matching. 9 5 F actoring p olynomials of smo oth prime degree W e saw in Se ction 3 how to obtain a homogeneous m -scheme on n p oints from a given po lynomial of degree n and we also sa w in Lemma 2 that a homog eneous 3- scheme is an asso ciation s cheme. W e no w use a recent interesting result of Hanaki and U no [HU06] about the structure of a sso ciation schemes, on a prime num b er of p oints, to facto r p olynomials when n is a smo oth prime num be r. Theorem 12. If n > 2 is prime, r is the lar gest prime factor of ( n − 1) and f ( x ) is a de gr e e n p oly- nomial over F p then we c an find a nontrivial factor of f ( x ) deterministic al ly in time poly (log p , n r ) under GRH. Pr o of. Wlog we can a ssume that f ( x ) has n dis tinct ro ots ( α i ’s) in F p . F rom Section 3 we can again assume that w e hav e constructed a homogeneous ant isymmetric ( r + 1)-scheme on n po in ts: ( P 1 , . . . , P r +1 ). Now from Lemma 2 we know that ( P 1 , P 2 ) is a n antisymmetric a sso ciation scheme. F rom [HU06]: ∃ d | ( n − 1 ), ∀ P ∈ P 2 , # P = dn . If d = 1 then w e hav e matc hings in P 2 and hence by Le mma 9 w e ca n find a nontrivial factor o f f ( x ). On the other hand if d > 1 then the color s in ( P 2 , . . . , P r +1 ) natur ally induce homogeneous antisymmetric r -s ch emes on d points (for e xample, r estrict the partitions to tuples that hav e α 1 in the first coo rdinate). As d has a prime divisor which is at most r there do not exist such s ch emes by Rema rk 7. The time complexity follows from our a lgorithm ov erview . ✷ 6 Reducing the n um b er of lev els in Evdokimo v’s algorithm W e saw in Lemma 10 that a homogeneous m - scheme o n n p oints that is antisymmetric at level 2 has a matching b elow the ⌈ log 2 n ⌉ -th lev el. Recall from Section 3 that from a p olyno mial we ca n construct an m - scheme that is antisymmetric at every level > 1 a nd no t just at level 2. Are we then guaranteed to g et a matching at a level less than log n ? W e conjectur e that there should b e a matching at a m uch smaller lev el as intuitiv ely a n tisymmetricity reduces the sub degrees of the colors but we could prove only a constant fra ction of log n upp er b ound o n the n umber of levels. First we prove a lemma: Lemma 13. L et Π = ( P 1 , . . . , P 4 ) b e a homo gene ous, antisymmetric 4 -scheme on n > 8 p oints. Then ther e is a c olor P ∈ P 2 and its π 3 3 -fib er Q ∈ P 3 such that π 3 2 ( Q ) = π 3 3 ( Q ) = P and the sub de gr e e of Q over P is less t han n 8 . Pr o of. Clearly , P 1 just has one colo r, sa y , [ n ]. If P 2 has more t han t wo colo rs then b y an tisymmetry it has at least 4 color s a nd hence one of the color s P ∈ P 2 will ha ve subdegr ee o ver [ n ] less than n 4 . Again by the antisymmetry a π 3 3 -fib er Q ∈ P 3 of P will hav e sub degr ee < n 8 and π 3 2 ( Q ) = π 3 3 ( Q ) = P . In the case when P 2 has just tw o c olors - P and its “flipp ed” color P T - let us define: Q 1 := { x ∈ [ n ] | (1 , x ) ∈ P } Q 2 := { x ∈ [ n ] | (1 , x ) ∈ P T } Then obviously Q 1 , Q 2 are disjoint sets of s ize n 1 := n − 1 2 partitioning { 2 , . . . , n } . Clear ly , the image o f the colors in P 3 restricting the first coo rdinate to 1 gives us an antisymmetric partition Γ of the sets Q (2) 1 , Q 1 × Q 2 , Q 2 × Q 1 and Q (2) 2 ; which is an asso ciation sc heme on Q (2) 1 and Q (2) 2 . By the an tisymmetricity of Π, the colo rs corresp onding to Q 2 × Q 1 are just the transp ose (i.e. swap the tw o c o ordinates) of thos e co rresp onding to Q 1 × Q 2 . Each c olor in Γ can be naturally viewed as a n 1 × n 1 zero/o ne matrix. F or e xample, a co lor R co rresp onding to Q 1 × Q 2 can b e repr esented as a matrix whose rows a re indexed by Q 1 and whose c olumns are indexed by Q 2 such tha t: for 10 all ( i, j ) ∈ Q 1 × Q 2 , R i,j = 1 if ( i, j ) ∈ R and R i,j = 0 if ( i, j ) 6∈ R . Interestingly , in the matrix representation the comp osition pr op erty of Lemma 2 simply means that the linea r combinations of the ident ity matrix I and the colors in the partition of Q 1 × Q 1 (or Q 2 × Q 2 ) by Γ is a matrix algebra, say A 1 (or A 2 ). If Q (2) 1 (or Q (2) 2 ) is partitioned by Γ into more than tw o parts then by a n tisymmetry there will be ≥ 4 parts which means that one of the parts will hav e s ubdeg ree < n 8 . This gives us a required π 3 3 -fib er Q ∈ P 3 of a P ∈ P 2 . So w e can assume that Q (2) 1 and Q (2) 2 are b oth partitioned into exactly t wo parts. Say , • R and R T are the t wo matrices re presenting the partition o f Q (2) 1 by Γ. • S and S T are the t wo matrices re presenting the partition o f Q (2) 2 by Γ. Note that: R + R T = S + S T = J − I where I is the identit y matrix and J is the all one matrix of suitable dimensions. How do the partitions of Q 1 × Q 2 lo ok like? Let U be a matrix in the partition of Q 1 × Q 2 by Γ. If U = J (i.e. Γ partitions Q 1 × Q 2 in a trivial way) then b y an tisymmetricity P 3 has exactly 3! = 6 color s each of car dinality n · # U = n · n 2 1 . But this is a c ont ra diction as 6 · n · n 2 1 is not n ( n − 1)( n − 2). Thus, Γ pa rtitions Q 1 × Q 2 int o at leas t 2 colors. Now s ince b y antisymmetricit y the n umber of colo rs in P 3 has to be a multiple o f 6 , we deduce that Γ partitions Q 1 × Q 2 int o at lea st 4 co lors, say , { U 1 , . . . , U 4 } . By the co mpo sition pro pe rty o f Γ, U 1 U T 1 is in A 1 . In other words, ther e a re p ositive in tegers α, β such that: U 1 U T 1 = αI + β ( R + R T ) = β J + ( α − β ) I Thu s, if U 1 is a singular ma trix then U 1 U T 1 = β J implying that U 1 has equal rows. W e ca n r epea t the same a rgument with U T 1 U 1 (whic h is in A 2 ) and deduce that U 1 has e qual co lumns. Now a zero/o ne matrix U 1 can hav e equal r ows and equal columns iff U 1 = J . This contradiction implies that U 1 is a n inv ertible matr ix. But then: { U 1 U T 1 , U 1 U T 2 , U 1 U T 3 , U 1 U T 4 } is a set of 4 linea rly indep endent matrice s in A 1 which contradicts the fact that A 1 is a matrix algebra of dimension 3. This contradiction implies that o ne of Q (2) 1 or Q (2) 2 is partitioned into a t least four parts. Thu s, in all the cases the lemma is true. ✷ F rom the ab ov e lemma we se e that a t 2 levels higher we g et a suitable color with sub degre e reduced to a fractio n of 2 − 3 . This immediately g ives us the following constant-factor improv ement to Lemma 10. Prop ositio n 14. If the m -scheme Π := { P 1 , . . . , P m } on n p oints is antisymmetric at the first thr e e levels, |P 1 | < n and m ≥ 2 3 log 2 n then ther e is a matching in {P 1 , . . . , P m } . 7 Primitivit y of m -sc hemes and fu r th er researc h A 2-scheme Π = ( P 1 , P 2 ) on n p oints can b e viewed as a co mplete directed colo red g raph on n vertices, where vertices o f one c olor corresp ond to a P ∈ P 1 and the edges of one co lor corresp ond to a Q ∈ P 2 . If an m -scheme is coming from a p olynomial f ( x ), ov er k , then we ca n try to r elate graph prop er ties of the m -scheme to the algebraic pro per ties of the ideals defining the m - scheme. It turns o ut that such m -schemes can b e efficiently tested for one s uc h pro per t y: connectivity . One can intro duce a re lated notion: primitivity which is actually an extension of the primitivity of asso c iation schemes. 11 Let Π b e a homogeneo us 2-scheme on the p oints [ n ] with P 2 = { P 2 , 1 , . . . , P 2 ,t 2 } . F or every index i ∈ { 1 , . . . , t 2 } let G 2 ,i denote the undirected graph on [ n ] whose edges ar e unor dered pairs { u, v } where either ( u, v ) ∈ P 2 ,i or ( v , u ) ∈ P 2 ,i . W e say that Π is primitive if all the g raphs G 2 , 1 , . . . , G 2 ,t 2 are co nnected. Let I 2 ,i := I ⊥ ( P 2 ,i ) b e the ideal of A (2) corres po nding to P 2 ,i . W e define a s ubset S ( I 2 ,i ) of A (1) whose meaning w ould be clear later : S ( I 2 ,i ) := { h ∈ A (1) | ( h ⊗ 1 − 1 ⊗ h ) ∈ I ⊥ 2 ,i } It is easy to s ee that k ⊆ S ( I 2 ,i ) is a subalg ebra of A (1) . The following lemma rela tes the subalgebr as S ( I 2 ,i ) to the notion o f primitivity . Lemma 15. The dimension of the algebr a S ( I 2 ,i ) over k is e qual to the numb er of the c onne cte d c omp onents of the gr aph G 2 ,i . Pr o of. Let G 2 ,i hav e c connected comp onents. Observe that h ( x ) ∈ S ( I 2 ,i ) iff ( h ( x 1 ) − h ( x 2 )) I 2 ,i = 0 iff h ( u ) = h ( v ) for all ( u, v ) ∈ Supp( I 2 ,i ). The last condition precisely means that h ( x ) is constan t on the connected co mpo nen ts o f G 2 ,i . It follows that the p olynomials h j ( x ), for j ∈ [ c ], that are 1 o n all the vertices in the j - th connected comp onent and 0 o n the rest, for m a basis of S ( I 2 ,i ). Thu s, the dimension of S ( I 2 ,i ) is c . ✷ The ab ov e lemma s hows that if for some i the gr aph G 2 ,i is not c onnected (say , it has c connected comp onents) then (by s olving a system of linea r equations) we compute a no n trivia l subalgebra S ( I 2 ,i ) of A (1) . This in explicit terms means that if Π w as o btained from a poly nomial f ( x ) of de gree n then we can compute g ( y ) o f degr ee c such that S ( I 2 ,i ) ∼ = k [ y ] / ( g ( y )) and: A (1) ∼ = ( k [ y ] / ( g ( y )))[ x ] / ( ˜ f ( y , x )) where, the deg x of ˜ f ( y , x ) is n c . Th us, we get t wo p oly nomials g ( y ) and ˜ f ( y , x ) of degrees c and n c resp ectively to factor (the latter ov er the algebra S ( I 2 ,i ) ∼ = k [ y ] / ( g ( y )) rather than ov er the base field k ). If we succeed in finding a nontrivial factor of either of these p oly nomials then we can find a zero divis or in A (1) and then a fa ctor of f ( x ) therefrom. In particula r, if c ≤ √ n then it seems to b e w orth pr o ceeding with factoring g ( y ). W e can gene ralize the notion of primitivity to higher levels as well. Definition 16. L et Γ = ( P 1 , . . . , P m ) b e a m -scheme. F or a P ∈ P s such that π s s ( P ) = π s s − 1 ( P ) =: Q ∈ P s − 1 , we fix ( v 1 , . . . , v s − 2 ) ∈ π s − 1 s − 1 ( Q ) . We define the gr aph G ( P, v 1 , . . . , v s − 2 ) on t he vertex set { v ∈ [ n ] : ( v 1 , . . . , v s − 2 , v ) ∈ Q } with e dges { u , v } such that either ( v 1 , . . . , v s − 2 , u , v ) ∈ P or ( v 1 , . . . , v s − 2 , v , u ) ∈ P . It turns out that c onne cte dness of G ( P, v 1 , . . . , v s − 2 ) is indep endent of the choic e of the t uple ( v 1 , . . . , v s − 2 ) . We say t hat Γ is primitive at level s if for every P ∈ P s with π s s ( P ) = π s s − 1 ( P ) , the gr aph G ( P, . . . ) is c onne cte d. We say t hat Γ is pr imitiv e if it is primitive at al l levels 2 ≤ s ≤ m . Put I s,i := I ⊥ ( P ), I s − 1 ,i ′ := I ⊥ ( Q ), I s − 2 ,i ′′ := I ⊥ ( π s − 1 s − 1 ( Q )) and define: S ( I s,i ) := { h ∈ I s − 1 ,i ′ | ( ι s s ( h ) − ι s s − 1 ( h )) ∈ I ⊥ s,i } One can show that S ( I s,i ) is a suba lgebra of I s − 1 ,i ′ and the num ber of connected comp onents of G ( P, . . . ) is dim k S ( I s,i ) dim k I s − 2 ,i ′′ . Thus in case o f imprimitivity , we can co mpute a subalgebra ”be t ween” I s − 2 ,i ′′ and I s − 1 ,i ′ by solving a system of linear equations. If 1 < dim k S ( I s,i ) dim k I s − 2 ,i ′′ ≤ q dim k I s − 1 ,i ′ dim k I s − 2 ,i ′′ , it seems to b e worth pro ceeding with decomp osing the idea l I s − 1 ,i ′ by finding a zero diviso r in the subalgebra S ( I s,i ). W e feel that primitivity imposes stro ng conditions on the par ameters of an m -scheme but w e do not know how to exactly use pr imitivit y or imprimitivity and lea ve that for future resea rch. 12 Ac kno wledgemen ts N.S. would like to thank Centrum voor Wiskunde en Infor matica, Amster dam for the p ostdo c fellowship. G.I. a nd N.S. would lik e to a ckno wledge the hospitality of Hausdorff Research Institute for Ma thematics, Bonn where this work was partially done. W e w ould lik e to thank Eiichi Bannai, La jos R´ on yai and Ronald de W o lf for several interesting discussio ns. References [AMM77] L. Adleman, K . Ma nders, G. Miller, On taking ro ots in finite fields ; Pr o c. 18th F OCS, 1977, 175-178. [BGL01] E. Bach, J. von zur Gathen, H. W. Lens tra, Jr., F actoring p olynomials over spe cial finite fields; Finite Fields and Their Applic ations 7(2001), 5-28. [Ber67] E. R. Berlek a mp, F actoring p oly nomials over finite fields; Bel l System T e chnic al Journ al 46(1967 ), 1853-1859. [Ber70] E. R. Ber lek amp, F actor ing p olynomials ov er la rge finit e fields; Math. Comp., 24, (1970), 713-735 . [Came99] Peter J. Camer on, Perm utation Groups; LMS Stu dent T ext 45. Cambridge University Pr ess, Cambridge, 1999. [Cam83] P . Ca mion, A deter ministic algor ithm fo r factorizing p olyno mials of F q [ x ]; Ann. Discr. Math., 17, (1983), 149-157. [CFI92] J. Cai, M. F ¨ urer, N. Immer man, An optimal low er b ound on the num b er of v ariables for graph identification; Combinatoric a, 12(1992 ), 389-410. [CZ81] D. G. Cantor, H. Za ssenhaus, A new algo rithm for factoring p oly nomials over finite fields; Mathematics of Computation, 36(154), 1981, 587-592. [Evd89] S. A. Evdo kimov, F actor ization of a so lv able po lynomial ov er finite fields and the gener- alized Riemann Hypo thesis; Zapiski N au chnyck Seminar ov LOMI, 176(1989), 104-117. [Evd94] S. A. E vdokimov, F a ctorization of p olynomials ov er finite fields in subexp onential time under GRH; Pr o c. 1st AN TS, L e ctur e Notes In Computer Scienc e 877, Springer-V erlag 1994, 209-219. [vzG87] J. von zur Gathen, F actoring p olyno mials and pr imitiv e elements for sp ecial primes; The or etic al Computer Scienc e, 52, 1987, 77-89. [GS92] J. von zur Gathen, V. Shoup, Computing F rob enius maps and factoring p olyno mials; Comput. Complexity, 2(1992), 187-224. [HU06] A. Hanaki, K. Uno, Algebraic str ucture of asso ciation sc hemes of prime order; J. Alge- br aic. Combin. 23 ( 2006), 189-195 . [Hua91] M. A. Huang, Generalized Riemann Hyp othesis and factoring po lynomials over finite fields; J . A lgorithms, 12(1991), 464-481. [KS98] E. Ka ltofen, V. Sho up, Subqua dratic-time fac toring o f p olyno mials over finite fields; Math. Comp., 67(1998), 1179-119 7. [MS88] M. Mignotte, C.-P . Schnorr, Calc ul d´ eterministe des racines d”un p olynˆ ome dans un corps fini; Comptes R en dus A c ad ´ emie des Scienc es (Paris), 306, (1988), 467-472. 13 [Mo e77] R. T. Mo e nc k, On the efficiency of algor ithms for po lynomial factoring; Math. Comp., 31, (1977), 235-250. [R´ o8 8] L. R´ ony ai, F a ctoring Polynomials over finite fields, Jou r n al of Al gorithms 9, (1988), 391-400 . [R´ o8 9] L. R´ ony ai, F a ctoring polyno mials modulo sp ecial primes; Combinatoric a, 9, (1989), 199- 206. [R´ o9 2] L. R´ onyai, Ga lois Groups and F actor ing Polynomials over Finite Fields, SIA M J. on Discr ete Mathematics 5, (1992), 345–365. [Ser96] ´ A. Seress, The minimal base size of primitive solv able p ermutation groups; J . L ondon Math. So c. 53, (1996), 243–255. [Smi94] J. D. H. Smith, Asso ciation schemes, sup erschemes, and relations inv ariant under p er- m utation groups, Eur op e an J. Combin. 15(3), (1994), 285-29 1. [W o j01] J. W o jdy lo, An Ine xtensible Ass o ciation Scheme Asso ciated with a 4-regula r Gr aph; Gr aphs and Combinatorics 17(1), (2001), 185-192. [Zas69] H. Zass enhaus, On Hensel factorization, I; J. Numb er The ory, 1(1969), 291-311. [Zie] P .-H. Ziesc hang, Theo ry of Associa tion Schemes; Springer, Berlin, 2005. 14