Counting Roots of Polynomials over $mathbb{Z}/p^2mathbb{Z}$

Until recently, the only known method of finding the roots of polynomials over prime power rings, other than fields, was brute force. One reason for this is the lack of a division algorithm, obstructing the use of greatest common divisors. Fix a prime $p \in \mathbb{Z}$ and $f \in ( \mathbb{Z}/p^n \mathbb{Z} ) [x]$ any nonzero polynomial of degree $d$ whose coefficients are not all divisible by $p$. For the case $n=2$, we prove a new efficient algorithm to count the roots of $f$ in $\mathbb{Z}/p^2\mathbb{Z}$ within time polynomial in $(d+\operatorname{size}(f)+\log{p})$, and record a concise formula for the number of roots, formulated by Cheng, Gao, Rojas, and Wan.

💡 Research Summary

This paper addresses the long-standing computational problem of counting the roots of a univariate polynomial over the ring of integers modulo a prime power, specifically Z/p^2Z. Prior to this work, only brute-force methods were known for rings that are not fields, largely due to the absence of a division algorithm which prevents the use of tools like greatest common divisors.

The authors present a novel, efficient algorithm for the case n=2 (modulo p^2) and prove that it runs in time polynomial in the degree d of the polynomial, its bit-size size(f), and log p. The centerpiece of their result is a concise, exact formula for the number of roots: #V_{p^2}(f) = deg(f_1) + p * deg(h_2).

The derivation begins by reducing the polynomial f modulo p to obtain h₁. This polynomial over the finite field Z/pZ is factored into the form h₁ = f₁ * f₂² * … * f_ℓ^ℓ * g, where the f_i are monic, pairwise coprime, and separable polynomials whose roots modulo p have multiplicity i, and g has no roots modulo p. A key auxiliary polynomial t is defined from the difference between f and a specific lift of its factorization pattern.

The formula’s first term, deg(f₁), counts the roots modulo p² that descend from simple roots modulo p (where the derivative is non-zero). Hensel’s Lemma (Version I) guarantees that each such root lifts uniquely to a root modulo p².

The second term, p * deg(h₂), counts the roots modulo p² that descend from degenerate roots modulo p (where the derivative vanishes). Here, h₂ is defined as gcd(f₂…f_ℓ, t). Not all degenerate roots lift to the higher modulus; Hensel’s Lemma (Version II) implies that a degenerate root modulo p lifts to p distinct roots modulo p² if and only if it is also a root of the auxiliary polynomial t modulo p. Thus, h₂ precisely selects the degenerate roots that satisfy this additional condition, and each contributes p roots.

The proof meticulously justifies this counting mechanism by partitioning the roots modulo p² based on their images modulo p and applying the appropriate version of Hensel’s Lemma. A corollary immediately follows: the number of degenerate roots modulo p that fail to lift is deg(f₂…f_ℓ) - deg(h₂).

The algorithmic claim is supported by referencing known efficient methods for finite field polynomial operations: factorization, polynomial GCD, division, and modular reduction. A crucial step involves computing gcd(h₁, x^p - x) to efficiently extract the separable part of h₁. All required operations are shown to have complexity polynomial in the stated parameters.

An illustrative example with p=5 and a degree-25 polynomial concretely demonstrates the application of the formula and the lifting behavior of roots. The work concludes by framing this result as a significant step towards efficient root counting in prime power rings beyond fields, potentially paving the way for generalizations to Z/p^nZ for n>2.