/* g in Z[X] potentially defines a subfield of Q[X]/f. It is a subfield iff A
* (cf subfield) was a block system; then there
* exists h in Q[X] such that f | g o h. listdelta determines h s.t f | g o h
* in Fp[X] (cf chinese_retrieve_pol). Try to lift it; den is a
* multiplicative bound for denominator of lift. */
static GEN
embedding(GEN g, GEN DATA, primedata *S, GEN den, GEN listdelta)
{
GEN TR, w0_Q, w0, w1_Q, w1, wpow, h0, gp, T, q2, q, maxp, a, p = S->p;
long rt;
pari_sp av;
T = gel(DATA,1); rt = brent_kung_optpow(degpol(T), 2);
maxp= gel(DATA,7);
gp = derivpol(g); av = avma;
w0 = chinese_retrieve_pol(DATA, S, listdelta);
w0_Q = centermod(gmul(w0,den), p);
h0 = FpXQ_inv(FpX_FpXQ_compo(gp,w0, T,p), T,p); /* = 1/g'(w0) mod (T,p) */
wpow = NULL; q = sqri(p);
for(;;)
{/* Given g,w0,h0 in Z[x], s.t. h0.g'(w0) = 1 and g(w0) = 0 mod (T,p), find
* [w1,h1] satisfying the same conditions mod p^2, [w1,h1] = [w0,h0] (mod p)
* (cf. Dixon: J. Austral. Math. Soc., Series A, vol.49, 1990, p.445) */
if (DEBUGLEVEL>1)
fprintferr("lifting embedding mod p^k = %Z^%ld\n",p, Z_pval(q,p));
/* w1 := w0 - h0 g(w0) mod (T,q) */
if (wpow)
a = FpX_FpXQV_compo(g,wpow, T,q);
else
a = FpX_FpXQ_compo(g,w0, T,q); /* first time */
/* now, a = 0 (p) */
a = gmul(gneg(h0), gdivexact(a, p));
w1 = gadd(w0, gmul(p, FpX_rem(a, T,p)));
w1_Q = centermod(gmul(w1, remii(den,q)), q);
if (gequal(w1_Q, w0_Q) || cmpii(q,maxp) > 0)
{
GEN G = gcmp1(den)? g: RgX_rescale(g,den);
if (gcmp0(RgX_RgXQ_compo(G, w1_Q, T))) break;
}
if (cmpii(q, maxp) > 0)
{
if (DEBUGLEVEL) fprintferr("coeff too big for embedding\n");
return NULL;
}
gerepileall(av, 5, &w1,&h0,&w1_Q,&q,&p);
q2 = sqri(q);
wpow = FpXQ_powers(w1, rt, T, q2);
/* h0 := h0 * (2 - h0 g'(w1)) mod (T,q)
* = h0 + h0 * (1 - h0 g'(w1)) */
a = gmul(gneg(h0), FpX_FpXQV_compo(gp, FpXV_red(wpow,q),T,q));
a = ZX_Z_add(FpX_rem(a, T,q), gen_1); /* 1 - h0 g'(w1) = 0 (p) */
a = gmul(h0, gdivexact(a, p));
h0 = gadd(h0, gmul(p, FpX_rem(a, T,p)));
w0 = w1; w0_Q = w1_Q; p = q; q = q2;
}
TR = gel(DATA,5);
if (!gcmp0(TR)) w1_Q = translate_pol(w1_Q, TR);
return gdiv(w1_Q,den);
}
/* return t such that e(t) > sqrt(N), set *faet = odd prime divisors of e(t) */
static ulong
compute_t(GEN N, GEN *e, GEN *faet)
{
/* 2^e b <= N < 2^e (b+1), where b >= 2^52. Approximating log_2 N by
* log2(gtodouble(N)) ~ e+log2(b), the error is less than log(1+1/b) < 1e-15*/
double C = dbllog2(N) + 1e-6; /* > log_2 N */
ulong t;
GEN B;
/* Return "smallest" t such that f(t) >= C, which implies e(t) > sqrt(N) */
/* For N < 2^3515 ~ 10^1058 */
if (C < 3514.6)
{
t = compute_t_small(C);
*e = compute_e(t, faet);
return t;
}
B = sqrti(N);
for (t = 8648640+840;; t+=840)
{
pari_sp av = avma;
*e = compute_e(t, faet);
if (cmpii(*e, B) > 0) break;
avma = av;
}
return t;
}
static GEN
F2xq_elltrace_Harley(GEN a6, GEN T2)
{
pari_sp ltop = avma;
pari_timer ti;
GEN T, sqx;
GEN x, x2, t;
long n = F2x_degree(T2), N = ((n + 1)>>1) + 2;
long ispcyc;
if (n==1) return gen_m1;
if (n==2) return F2x_degree(a6) ? gen_1 : stoi(-3);
if (n==3) return F2x_degree(a6) ? (F2xq_trace(a6,T2) ? stoi(-3): gen_1)
: stoi(5);
timer_start(&ti);
sqx = mkvec2(F2xq_sqrt(polx_F2x(T2[1]),T2), T2);
if (DEBUGLEVEL>1) timer_printf(&ti,"Sqrtx");
ispcyc = zx_is_pcyc(F2x_to_Flx(T2));
T = ispcyc? F2x_to_ZX(T2): F2x_canonlift(T2, N-2);
if (DEBUGLEVEL>1) timer_printf(&ti,"Teich");
T = FpX_get_red(T, int2n(N));
if (DEBUGLEVEL>1) timer_printf(&ti,"Barrett");
x = solve_AGM_eqn(F2x_to_ZX(a6), N-2, T, sqx);
if (DEBUGLEVEL>1) timer_printf(&ti,"Lift");
x2 = ZX_Z_add_shallow(ZX_shifti(x,2), gen_1);
t = (ispcyc? Z2XQ_invnorm_pcyc: Z2XQ_invnorm)(x2, T, N);
if (DEBUGLEVEL>1) timer_printf(&ti,"Norm");
if (cmpii(sqri(t), int2n(n + 2)) > 0)
t = subii(t, int2n(N));
return gerepileuptoint(ltop, t);
}
static trace_data *
init_trace(trace_data *T, GEN S, nflift_t *L, GEN q)
{
long e = gexpo(S), i,j, l,h;
GEN qgood, S1, invd;
if (e < 0) return NULL; /* S = 0 */
qgood = int2n(e - 32); /* single precision check */
if (cmpii(qgood, q) > 0) q = qgood;
S1 = gdivround(S, q);
if (gcmp0(S1)) return NULL;
invd = ginv(itor(L->den, DEFAULTPREC));
T->dPinvS = gmul(L->iprk, S);
l = lg(S);
h = lg(T->dPinvS[1]);
T->PinvSdbl = (double**)cgetg(l, t_MAT);
init_dalloc();
for (j = 1; j < l; j++)
{
double *t = dalloc(h * sizeof(double));
GEN c = gel(T->dPinvS,j);
pari_sp av = avma;
T->PinvSdbl[j] = t;
for (i=1; i < h; i++) t[i] = rtodbl(mpmul(invd, gel(c,i)));
avma = av;
}
T->d = L->den;
T->P1 = gdivround(L->prk, q);
T->S1 = S1; return T;
}
int do_factor(GEN n, long prec)
{
pari_sp ltop;
GEN sq = gfloor(gsqrt(n, prec));
GEN q = stoi(2);
ltop = avma;
for (;;) {
if (cmpii(q, sq) > 0)
return -1;
if (equalsi(0, gmod(n, q))) {
pari_printf("%Ps = %Ps * %Ps\n", n, q, gdiv(n, q));
return 0;
}
gaddz(gen_1, q, q);
avma = ltop;
}
}
int
ratlift(GEN x, GEN m, GEN *a, GEN *b, GEN amax, GEN bmax)
{
GEN d,d1,v,v1,q,r;
pari_sp av = avma, av1, lim;
long lb,lr,lbb,lbr,s,s0;
ulong vmax;
ulong xu,xu1,xv,xv1; /* Lehmer stage recurrence matrix */
int lhmres; /* Lehmer stage return value */
if ((typ(x) | typ(m) | typ(amax) | typ(bmax)) != t_INT) pari_err(arither1);
if (signe(bmax) <= 0)
pari_err(talker, "ratlift: bmax must be > 0, found\n\tbmax=%Z\n", bmax);
if (signe(amax) < 0)
pari_err(talker, "ratilft: amax must be >= 0, found\n\tamax=%Z\n", amax);
/* check 2*amax*bmax < m */
if (cmpii(shifti(mulii(amax, bmax), 1), m) >= 0)
pari_err(talker, "ratlift: must have 2*amax*bmax < m, found\n\tamax=%Z\n\tbmax=%Z\n\tm=%Z\n", amax,bmax,m);
/* we _could_ silently replace x with modii(x,m) instead of the following,
* but let's leave this up to the caller
*/
avma = av; s = signe(x);
if (s < 0 || cmpii(x,m) >= 0)
pari_err(talker, "ratlift: must have 0 <= x < m, found\n\tx=%Z\n\tm=%Z\n", x,m);
/* special cases x=0 and/or amax=0 */
if (s == 0)
{
if (a != NULL) *a = gen_0;
if (b != NULL) *b = gen_1;
return 1;
}
else if (signe(amax)==0)
return 0;
/* assert: m > x > 0, amax > 0 */
/* check here whether a=x, b=1 is a solution */
if (cmpii(x,amax) <= 0)
{
if (a != NULL) *a = icopy(x);
if (b != NULL) *b = gen_1;
return 1;
}
/* There is no special case for single-word numbers since this is
* mainly meant to be used with large moduli.
*/
(void)new_chunk(lgefint(bmax) + lgefint(amax)); /* room for a,b */
d = m; d1 = x;
v = gen_0; v1 = gen_1;
/* assert d1 > amax, v1 <= bmax here */
lb = lgefint(bmax);
lbb = bfffo(*int_MSW(bmax));
s = 1;
av1 = avma; lim = stack_lim(av, 1);
/* general case: Euclidean division chain starting with m div x, and
* with bounds on the sequence of convergents' denoms v_j.
* Just to be different from what invmod and bezout are doing, we work
* here with the all-nonnegative matrices [u,u1;v,v1]=prod_j([0,1;1,q_j]).
* Loop invariants:
* (a) (sign)*[-v,v1]*x = [d,d1] (mod m) (componentwise)
* (sign initially +1, changes with each Euclidean step)
* so [a,b] will be obtained in the form [-+d,v] or [+-d1,v1];
* this congruence is a consequence of
* (b) [x,m]~ = [u,u1;v,v1]*[d1,d]~,
* where u,u1 is the usual numerator sequence starting with 1,0
* instead of 0,1 (just multiply the eqn on the left by the inverse
* matrix, which is det*[v1,-u1;-v,u], where "det" is the same as the
* "(sign)" in (a)). From m = v*d1 + v1*d and
* (c) d > d1 >= 0, 0 <= v < v1,
* we have d >= m/(2*v1), so while v1 remains smaller than m/(2*amax),
* the pair [-(sign)*d,v] satisfies (1) but violates (2) (d > amax).
* Conversely, v1 > bmax indicates that no further solutions will be
* forthcoming; [-(sign)*d,v] will be the last, and first, candidate.
* Thus there's at most one point in the chain division where a solution
* can live: v < bmax, v1 >= m/(2*amax) > bmax, and this is acceptable
* iff in fact d <= amax (e.g. m=221, x=34 or 35, amax=bmax=10 fail on
* this count while x=32,33,36,37 succeed). However, a division may leave
* a zero residue before we ever reach this point (consider m=210, x=35,
* amax=bmax=10), and our caller may find that gcd(d,v) > 1 (numerous
* examples -- keep m=210 and consider any of x=29,31,32,33,34,36,37,38,
* 39,40,41).
* Furthermore, at the start of the loop body we have in fact
* (c') 0 <= v < v1 <= bmax, d > d1 > amax >= 0,
* (and are never done already).
*
* Main loop is similar to those of invmod() and bezout(), except for
* having to determine appropriate vmax bounds, and checking termination
* conditions. The signe(d1) condition is only for paranoia
*/
while (lgefint(d) > 3 && signe(d1))
{
/* determine vmax for lgcdii so as to ensure v won't overshoot.
* If v+v1 > bmax, the next step would take v1 beyond the limit, so
* since [+-d1,v1] is not a solution, we give up. Otherwise if v+v1
* is way shorter than bmax, use vmax=MAXULUNG. Otherwise, set vmax
* to a crude lower approximation of bmax/(v+v1), or to 1, which will
* allow the inner loop to do one step
*/
r = addii(v,v1);
lr = lb - lgefint(r);
lbr = bfffo(*int_MSW(r));
if (cmpii(r,bmax) > 0) /* done, not found */
{
avma = av;
return 0;
}
else if (lr > 1) /* still more than a word's worth to go */
{
vmax = MAXULONG;
}
else /* take difference of bit lengths */
{
lr = (lr << TWOPOTBITS_IN_LONG) - lbb + lbr;
if ((ulong)lr > BITS_IN_LONG)
vmax = MAXULONG;
else if (lr == 0)
vmax = 1UL;
else
vmax = 1UL << (lr-1);
/* the latter is pessimistic but faster than a division */
}
/* do a Lehmer-Jebelean round */
lhmres = lgcdii((ulong *)d, (ulong *)d1, &xu, &xu1, &xv, &xv1, vmax);
if (lhmres != 0) /* check progress */
{ /* apply matrix */
if ((lhmres == 1) || (lhmres == -1))
{
s = -s;
if (xv1 == 1)
{
/* re-use v+v1 computed above */
v=v1; v1=r;
r = subii(d,d1); d=d1; d1=r;
}
else
{
r = subii(d, mului(xv1,d1)); d=d1; d1=r;
r = addii(v, mului(xv1,v1)); v=v1; v1=r;
}
}
else
{
r = subii(muliu(d,xu), muliu(d1,xv));
d1 = subii(muliu(d,xu1), muliu(d1,xv1)); d = r;
r = addii(muliu(v,xu), muliu(v1,xv));
v1 = addii(muliu(v,xu1), muliu(v1,xv1)); v = r;
if (lhmres&1)
{
setsigne(d,-signe(d));
s = -s;
}
else if (signe(d1))
{
setsigne(d1,-signe(d1));
}
}
/* check whether we're done. Assert v <= bmax here. Examine v1:
* if v1 > bmax, check d and return 0 or 1 depending on the outcome;
* if v1 <= bmax, check d1 and return 1 if d1 <= amax, otherwise
* proceed.
*/
if (cmpii(v1,bmax) > 0) /* certainly done */
{
avma = av;
if (cmpii(d,amax) <= 0) /* done, found */
{
if (a != NULL)
{
*a = icopy(d);
setsigne(*a,-s); /* sign opposite to s */
}
if (b != NULL) *b = icopy(v);
return 1;
}
else /* done, not found */
return 0;
}
else if (cmpii(d1,amax) <= 0) /* also done, found */
{
avma = av;
if (a != NULL)
{
if (signe(d1))
{
*a = icopy(d1);
setsigne(*a,s); /* same sign as s */
}
else
*a = gen_0;
}
if (b != NULL) *b = icopy(v1);
return 1;
}
} /* lhmres != 0 */
if (lhmres <= 0 && signe(d1))
{
q = dvmdii(d,d1,&r);
#ifdef DEBUG_LEHMER
fprintferr("Full division:\n");
printf(" q = "); output(q); sleep (1);
#endif
d=d1; d1=r;
r = addii(v,mulii(q,v1));
v=v1; v1=r;
s = -s;
/* check whether we are done now. Since we weren't before the div, it
* suffices to examine v1 and d1 -- the new d (former d1) cannot cut it
*/
if (cmpii(v1,bmax) > 0) /* done, not found */
{
avma = av;
return 0;
}
else if (cmpii(d1,amax) <= 0) /* done, found */
{
avma = av;
if (a != NULL)
{
if (signe(d1))
{
*a = icopy(d1);
setsigne(*a,s); /* same sign as s */
}
else
*a = gen_0;
}
if (b != NULL) *b = icopy(v1);
return 1;
}
}
if (low_stack(lim, stack_lim(av,1)))
{
GEN *gptr[4]; gptr[0]=&d; gptr[1]=&d1; gptr[2]=&v; gptr[3]=&v1;
if(DEBUGMEM>1) pari_warn(warnmem,"ratlift");
gerepilemany(av1,gptr,4);
}
} /* end while */
/* Postprocessing - final sprint. Since we usually underestimate vmax,
* this function needs a loop here instead of a simple conditional.
* Note we can only get here when amax fits into one word (which will
* typically not be the case!). The condition is bogus -- d1 is never
* zero at the start of the loop. There will be at most a few iterations,
* so we don't bother collecting garbage
*/
while (signe(d1))
{
/* Assertions: lgefint(d)==lgefint(d1)==3.
* Moreover, we aren't done already, or we would have returned by now.
* Recompute vmax...
*/
#ifdef DEBUG_RATLIFT
fprintferr("rl-fs: d,d1=%Z,%Z\n", d, d1);
fprintferr("rl-fs: v,v1=%Z,%Z\n", v, v1);
#endif
r = addii(v,v1);
lr = lb - lgefint(r);
lbr = bfffo(*int_MSW(r));
if (cmpii(r,bmax) > 0) /* done, not found */
{
avma = av;
return 0;
}
else if (lr > 1) /* still more than a word's worth to go */
{
vmax = MAXULONG; /* (cannot in fact happen) */
}
else /* take difference of bit lengths */
{
lr = (lr << TWOPOTBITS_IN_LONG) - lbb + lbr;
if ((ulong)lr > BITS_IN_LONG)
vmax = MAXULONG;
else if (lr == 0)
vmax = 1UL;
else
vmax = 1UL << (lr-1); /* as above */
}
#ifdef DEBUG_RATLIFT
fprintferr("rl-fs: vmax=%lu\n", vmax);
#endif
/* single-word "Lehmer", discarding the gcd or whatever it returns */
(void)rgcduu((ulong)*int_MSW(d), (ulong)*int_MSW(d1), vmax, &xu, &xu1, &xv, &xv1, &s0);
#ifdef DEBUG_RATLIFT
fprintferr("rl-fs: [%lu,%lu; %lu,%lu] %s\n",
xu, xu1, xv, xv1,
s0 < 0 ? "-" : "+");
#endif
if (xv1 == 1) /* avoid multiplications */
{
/* re-use v+v1 computed above */
v=v1; v1=r;
r = subii(d,d1); d=d1; d1=r;
s = -s;
}
else if (xu == 0) /* and xv==1, xu1==1, xv1 > 1 */
{
r = subii(d, mului(xv1,d1)); d=d1; d1=r;
r = addii(v, mului(xv1,v1)); v=v1; v1=r;
s = -s;
}
else
{
r = subii(muliu(d,xu), muliu(d1,xv));
d1 = subii(muliu(d,xu1), muliu(d1,xv1)); d = r;
r = addii(muliu(v,xu), muliu(v1,xv));
v1 = addii(muliu(v,xu1), muliu(v1,xv1)); v = r;
if (s0 < 0)
{
setsigne(d,-signe(d));
s = -s;
}
else if (signe(d1)) /* sic: might vanish now */
{
setsigne(d1,-signe(d1));
}
}
/* check whether we're done, as above. Assert v <= bmax. Examine v1:
* if v1 > bmax, check d and return 0 or 1 depending on the outcome;
* if v1 <= bmax, check d1 and return 1 if d1 <= amax, otherwise proceed.
*/
if (cmpii(v1,bmax) > 0) /* certainly done */
{
avma = av;
if (cmpii(d,amax) <= 0) /* done, found */
{
if (a != NULL)
{
*a = icopy(d);
setsigne(*a,-s); /* sign opposite to s */
}
if (b != NULL) *b = icopy(v);
return 1;
}
else /* done, not found */
return 0;
}
else if (cmpii(d1,amax) <= 0) /* also done, found */
{
avma = av;
if (a != NULL)
{
if (signe(d1))
{
*a = icopy(d1);
setsigne(*a,s); /* same sign as s */
}
else
*a = gen_0;
}
if (b != NULL) *b = icopy(v1);
return 1;
}
} /* while */
/* get here when we have run into d1 == 0 before returning... in fact,
* this cannot happen.
*/
pari_err(talker, "ratlift failed to catch d1 == 0\n");
/* NOTREACHED */
return 0;
}
static long
nf_pick_prime(long ct, GEN nf, GEN polbase, long fl,
GEN *lt, GEN *Fa, GEN *pr, GEN *Tp)
{
GEN nfpol = gel(nf,1), dk, bad;
long maxf, n = degpol(nfpol), dpol = degpol(polbase), nbf = 0;
byteptr pt = diffptr;
ulong pp = 0;
*lt = leading_term(polbase); /* t_INT */
if (gcmp1(*lt)) *lt = NULL;
dk = absi(gel(nf,3));
bad = mulii(dk,gel(nf,4)); if (*lt) bad = mulii(bad, *lt);
/* FIXME: slow factorization of large polynomials over large Fq */
maxf = 1;
if (ct > 1) {
if (dpol > 100) /* tough */
{
if (n >= 20) maxf = 4;
}
else
{
if (n >= 15) maxf = 4;
}
}
for (ct = 5;;)
{
GEN aT, apr, ap, modpr, red;
long anbf;
pari_timer ti_pr;
GEN list, r = NULL, fa = NULL;
pari_sp av2 = avma;
if (DEBUGLEVEL>3) TIMERstart(&ti_pr);
for (;;)
{
NEXT_PRIME_VIADIFF_CHECK(pp, pt);
if (! umodiu(bad,pp)) continue;
ap = utoipos(pp);
list = (GEN)FpX_factor(nfpol, ap)[1];
if (maxf == 1)
{ /* deg.1 factors are best */
r = gel(list,1);
if (degpol(r) == 1) break;
}
else
{ /* otherwise, pick factor of largish degree */
long i, dr;
for (i = lg(list)-1; i > 0; i--)
{
r = gel(list,i); dr = degpol(r);
if (dr <= maxf) break;
}
if (i > 0) break;
}
avma = av2;
}
apr = primedec_apply_kummer(nf,r,1,ap);
modpr = zk_to_ff_init(nf,&apr,&aT,&ap);
red = modprX(polbase, nf, modpr);
if (!aT)
{ /* degree 1 */
red = ZX_to_Flx(red, pp);
if (!Flx_is_squarefree(red, pp)) { avma = av2; continue; }
anbf = fl? Flx_nbroots(red, pp): Flx_nbfact(red, pp);
}
else
{
GEN q;
if (!FqX_is_squarefree(red,aT,ap)) { avma = av2; continue; }
q = gpowgs(ap, degpol(aT));
anbf = fl? FqX_split_deg1(&fa, red, q, aT, ap)
: FqX_split_by_degree(&fa, red, q, aT, ap);
}
if (fl == 2 && anbf < dpol) return anbf;
if (anbf <= 1)
{
if (!fl) return anbf; /* irreducible */
if (!anbf) return 0; /* no root */
}
if (!nbf || anbf < nbf
|| (anbf == nbf && cmpii(gel(apr,4), gel(*pr,4)) > 0))
{
nbf = anbf;
*pr = apr;
*Tp = aT;
*Fa = fa;
}
else avma = av2;
if (DEBUGLEVEL>3)
fprintferr("%3ld %s at prime\n %Z\nTime: %ld\n",
anbf, fl?"roots": "factors", apr, TIMER(&ti_pr));
if (--ct <= 0) return nbf;
}
}
