Algorithmic Methods for Finitely Generated Abelian Groups

J. Symbolic Computation (2001) 31, 133–147 doi:10.1006/jsco.2000.1014 Available online at http://www.idealibrary.com on

Algorithmic Methods for Finitely Generated Abelian Groups HENRI COHEN† , FRANCISCO DIAZ Y DIAZ‡ AND MICHEL OLIVIER§ Laboratoire A2X, U.M.R. 5465 du C.N.R.S., Universit´e Bordeaux I, 351 Cours de la Lib´eration, 33405 Talence, France

We describe algorithmic tools to compute with exact sequences of Abelian groups. Although simple in nature, these are essential for a number of applications such as the determination of the structure of (ZK /m)∗ for an ideal m of a number field K, of ray class groups of number fields, and of conductors of the corresponding Abelian extensions. c 2001 Academic Press

1. Algorithmic Representation of Groups In this note, we give the main algorithmic tools which are necessary for working with finitely generated Abelian groups. Although simple in nature, they are not completely trivial, and are essential for many applications, in particular in computational class field theory (see Cohen et al., 1996 and Section 7). Furthermore, we have not been able to locate them explicitly in the mathematical literature. We refer to Cohen (2000) for additional details. All the groups that we consider are assumed to be finitely generated (in fact usually finite) Abelian groups. In number theory, the groups are for example class and unit groups or groups of the type (ZK /m)∗ , which are all written multiplicatively, hence we will use a multiplicative notation. When we use the word “group”, we will always mean a finitely generated Abelian group. We will systematically use the following matrix notation. If A is a group and (α1 , . . . , αr ) are elements of A, we let A be the row vector of Q the αi . If X is a column vector with integer entries xi , we denote by AX the element i αixi of A. More generally, if M is a matrix with r rows having integer entries, we denote by AM the row vector of the elements βj = AMj , where Mj denotes the jth column of M . We will use the following additional notation. If A and B are row vectors, or matrices with the same number of rows, we denote by (A|B) the (horizontal) concatenation of A and B. If X and Y are
column vectors, or matrices with the same number of columns, we will denote by X the (vertical) concatenation of X and Y . Y We will always use row vectors to represent lists of elements in some Abelian group, while column vectors and matrices will always have integer (or sometimes rational) entries. † E-mail:

[email protected] [email protected] § E-mail: [email protected] ‡ E-mail:

0747–7171/01/010133 + 15

$35.00/0

c 2001 Academic Press

134

H. Cohen et al.

Finally, if A is a group, we will denote by 1A the unit element of A and by 1A a row vector of unit elements of A. Definition 1.1. Let A be a group, G = (g1 , . . . , gr ) be elements of A, and M be an r × k integral matrix. We say that (G, M ) is a system of generators and relations for A if the gi are generators, and if any relation between the gi is a linear combination with integer coefficients of the columns of the matrix M . In matrix terms, this can be written concisely as follows: α ∈ A ⇐⇒ ∃X ∈ Zr , GX = α, GX = 1A ⇐⇒ ∃Y ∈ Zk , X = M Y. In particular, we have GM = 1A . A reformulation of the above definition is the existence of the following exact sequence (a presentation of A): M

G

Zk −→ Zr −→ A −→ 1. Definition 1.2. Let A be a group. We say that (A, DA ) is a Smith normal form for A if (A, DA ) is a system of generators and relations for A, if DA is a diagonal matrix in Smith normal form (in other words the diagonal entries ai are non-negative and satisfy ai+1 | ai for i < r) , and if no diagonal entry is equal to 1 (if A is infinite of rank n, this implies that ai = 0 for 1 ≤ i ≤ n and ai > 0 for n < i ≤ r) . The elementary divisor theorem states that there exists a Smith normal form and that the matrix DA is unique. On the other hand, the generators A are not unique. The following algorithm, although immediate, will be frequently useful. Algorithm 1.3. (SNF for finite groups) Let (G, M ) be a system of generators and relations for a finite group A. This algorithm computes a Smith normal form (A, DA ) for A. It also outputs a matrix Ua which will be essential for discrete logarithm computations. 1. [Apply Hermite] Let H be the Hermite normal form of the matrix M obtained by applying a HNF algorithm. If H is not a square matrix (equivalently if M is not of maximal rank), output an error message saying that either M cannot be a complete system of relations or that A is an infinite group, and terminate the algorithm. 2. [Apply Smith] Using a Smith normal form algorithm, compute unimodular matrices U and V and a diagonal matrix D in Smith normal form such that U HV = D. Set A0 ← GU −1 . 3. [Remove trivial components] Let n be the largest i such that Di,i 6= 1 (0 if none exist). Let DA be the matrix obtained from D be keeping only the first n rows and columns, let A be the row vector obtained by keeping only the first n entries of A0 , and let Ua be the (not necessarily square) matrix obtained by keeping only the first n rows of U . Output (A, DA ), output Ua and terminate the algorithm. The validity of this algorithm is clear. Note the important relation AUa = G. The reason for keeping the matrix Ua is also clear: If an element α of A is known on the generators G as α = GX, then on the new generators A we have α = A(Ua X), so the matrix Ua allows us to go from one system of generators to another.

Algorithmic Methods for Finitely Generated Abelian Groups

135

Remark. The Hermite and Smith normal form algorithms which must be used are very classical, and can be found for example in Cohen (1996, Chapter 2). Definition 1.4. Let A be a group. We say that the group A is algorithmically known if we have done the following. (1) We have computed a system (G, M ) of generators and relations for the group A, or equivalently by Algorithm 1.3, a Smith normal form (A, DA ). (2) We have found an efficient algorithm which, given an element α ∈ A, finds a column vector X with integer entries such that α = GX (or α = AX if we have the SNF) . The column vector X will be called the discrete logarithm of α on the given generators. When we say that we have computed an Abelian group, we will always mean that we know it algorithmically in the above sense. Note that this definition is not really a mathematical one since we have not said what we mean by an efficient algorithm. A similar definition applies to maps. Definition 1.5. Let A and B be two groups and ψ a homomorphism from A to B. We say that ψ is algorithmically known if we have the following. If B has been computed, then if α ∈ A, we can compute ψ(α) expressed on the generators of B. On the other hand, if A has been computed, then, if β ∈ Im(ψ), we can compute α ∈ A such that β = ψ(α). 2. Algorithmic Representation of Subgroups A subgroup of an algorithmically known group can of course be represented abstractly as (A, DA ) as for any other group, but this is often not convenient since it forgets the subgroup structure. There is an alternate, richer representation, based on the following proposition. Proposition 2.1. Let B be a finite Abelian group given by a SNF (B, DB ), where B = (βi )1≤i≤n . There is a natural one to one correspondence between subgroups A of B and integral matrices H in Hermite normal form satisfying H −1 DB ∈ Mn (Z). The correspondence is as follows. (1) The subgroup A associated to such a matrix H is the group given by generators and relations (not necessarily in SNF ) , as A = (BH, H −1 DB ). (2) Conversely, if A is a subgroup of B and B 0 is a row vector of generators of A, we can write B 0 = BP for some integer matrix P . The corresponding matrix H is the Hermite normal form of the matrix (P |DB ). (3) Let H be a matrix in HNF, and let A be the corresponding subgroup. Then |A| = |B| / det(H) or equivalently |B/A| = [B : A] = det(H). Proof. Let B = (βi )1≤i≤n and let DB = diag((bi )1≤i≤n ), where diag((bi )i ) denotes the diagonal matrix whose diagonal entries are the bi . By definition, the following sequence is exact: n M φ 1 −→ bi Z −→ Zn −→ B −→ 1, i=1

136

H. Cohen et al.

where φ(x1 , . . . , xn ) =

Y

βixi .

1≤i≤n n

Let (ε Li )1≤i≤n be the canonical basis elements of Z , and let Λ be the lattice defined by Λ = i bi εi . We thus have a canonical isomorphism B ' Zn /Λ, obtained by sending the ith generator βi of B to the class of εi . Subgroups of Zn /Λ are of the form Λ0 /Λ, where Λ0 is a lattice such that Λ ⊂ Λ0 ⊂ Zn . Such a lattice Λ0 can be defined in a unique way by a matrix H in Hermite normal form so that the columns of this matrix express a Z-basis of Λ0 on the εi . The condition Λ0 ⊂ Zn means that H has integer entries, and the condition Λ ⊂ Λ0 means that H −1 DB also has integer entries, since it is the matrix which expresses the given basis of Λ in terms of that of Λ0 . In terms of generators, this correspondence translates into the equality B 0 = BH. Furthermore, B 0 X = 1B if and only if BHX = 1B , hence HX = DB Y , or X = H −1 DB Y , and so if A is the subgroup of B corresponding to Λ0 /Λ, it is given in terms of generators and relations by (BH, H −1 DB ), proving (1). For (2), we note that BDB = 1B , hence if B 00 = B(P |DB ), we have simply added some 1A ’s to the generators of A. Thus, the group can be defined by the generators B 00 and the matrix of relations of maximal rank (P |DB ), hence also by (B 00 , H), where H is the Hermite normal form of this matrix. For (3), we know that H −1 DB expresses a basis of Λ in terms of a basis of Λ0 , hence |A| = |Λ0 /Λ| = det(H −1 DB ) = |B| / det(H). 2 Example. The matrix H corresponding to the subgroup {1B } of B is H = DB , and the matrix corresponding to the subgroup B of B is H = In . A matrix H in HNF such that H −1 D ∈ Mn (Z) will be called a left divisor of D. We will implicitly assume that all left divisors are in HNF, since if H is a left divisor of D, then for any unimodular matrix U , HU is also a left divisor of D. The above proposition states that subgroups of B are in canonical one-to-one correspondence with left divisors of DB , hence it is usually better to represent a subgroup A of B by the matrix H. If we really want a Smith normal form for A, we simply apply Algorithm 1.3 to the system of generators and relations (BH, H −1 DB ) for the group A. Conversely, if we are given a subgroup A by a SNF (A, DA ) together with an injective group homomorphism ψ from A to B, we can compute the HNF matrix H associated to ψ(A) as follows. Using the discrete logarithm algorithm in B, we compute an integral matrix P such that ψ(A) = BP , and H is simply the Hermite normal form of the matrix (P |DB ). This is a restatement of Proposition 2.1 (2). Finding a discrete logarithm algorithm for a subgroup is done as follows. If A is represented as a subgroup of B by a matrix H, then to compute the discrete logarithm of β ∈ A, we first apply the discrete logarithm algorithm in the full group B thus obtaining an integer vector X such that β = BX. Hence β = BH(H −1 X), so H −1 X is the discrete logarithm on the generators BH (it is an integer vector if and only if β ∈ A). We can of course left multiply by the matrix Ua output by Algorithm 1.3 to give the discrete logarithm on the SNF (A, DA ) if we have explicitly computed it. In the remainder of this paper, we shall give a number of algorithms for computing with Abelian groups, such as computing kernels, inverse images, images, quotients, extensions, etc. In each case, we will choose the most suitable representation for the result, either as

Algorithmic Methods for Finitely Generated Abelian Groups

137

an abstract group given in SNF, or as a subgroup by a HNF matrix H which is a left divisor of a SNF matrix D as above. Going back and forth between these representations is done as we have just explained. 3. Computing Quotients Let ψ

φ

A −→ B −→ C −→ 1 be an exact sequence of Abelian groups. In this section, we assume that A and B are algorithmically known (in the sense of Definition 1.4), and that we want to compute C. We assume also that the maps ψ and φ are algorithmically known. We do not necessarily assume that ψ is injective. Let (A, DA ) (resp. (B, DB )) be a Smith normal form of A (resp. B) (it is only necessary for these to be generators and relations, but usually they will be in SNF). Since φ is surjective, it is clear that if we set B 0 = φ(B), B 0 is a system of generators of C. We must find all the relations between them. Let V be such a relation, expressed as a column vector. Then B 0 V = 1C ⇐⇒ φ(BV ) = 1C ⇐⇒ BV ∈ Im(ψ) ⇐⇒ BV = ψ(A)X for a certain integer vector X. Since the group B is algorithmically known, we know how to compute a matrix P such that ψ(A) = BP . Hence B 0 V = 1C ⇐⇒ BV = BP X ⇐⇒ B(V − P X) = 1B ⇐⇒ V − P X ∈ Im(DB ) ⇐⇒ V ∈ Im(P |DB ). It follows that (φ(B), (P |DB )) is a system of generators and relations for C, and we finish using Algorithm 1.3. Formally, this gives the following. Algorithm 3.1. (Quotient of groups) Given two groups A = (A, DA ) and B = ψ

φ

(B, DB ) in SNF and an exact sequence A −→ B −→ C −→ 1, this algorithm computes the SNF of the group C. 1. [Compute P ] Using the discrete logarithm in B, compute a matrix P such that ψ(A) = BP . 2. [Compute SNF] Apply Algorithm 1.3 to (φ(B), (P |DB )), output the SNF (C, DC ) of the result and the auxiliary matrix Ua , and terminate the algorithm. To solve the corresponding discrete logarithm problem, we proceed as follows. Let γ ∈ C. Since φ is surjective and is algorithmically known, we can find β ∈ B such that γ = φ(β). Since we know how to compute discrete logarithms in B, we can find X such that β = BX, hence γ = φ(BX) = φ(B)X = CUa X, where Ua is the auxiliary matrix output by Algorithm 1.3. It follows that the discrete logarithm of γ on the generators C is given by the vector Ua X. Remark. If the group A is given as a subgroup of B by a left HNF divisor H of DB ,

138

H. Cohen et al.

and the map ψ is the natural injection, the algorithm simplifies considerably since the HNF of (P |DB ) is equal to H, since P = H is a left divisor of DB . Thus we simply apply Algorithm 1.3 to the system of generators and relations (φ(B), H). 4. Computing Group Extensions Let A = (A, DA ) and C = (C, DC ) be two groups given in SNF, and assume now that we have an exact sequence ψ

φ

1 −→ A −→ B −→ C −→ 1. We want to compute the SNF (B, DB ) of the group B. Let B 0 be chosen (arbitrarily but algorithmically) such that φ(B 0 ) = C. If β ∈ B then for some vector Y we have φ(β) = CY = φ(B 0 )Y = φ(B 0 Y ), hence β − B 0 Y ∈ Ker(φ) so β − B 0 Y = ψ(AX) for some integer vector X. Thus β = ψ(A)X + B 0 Y = (ψ(A)|B 0 )R
X where R = Y . It follows that (ψ(A)|B 0 ) forms a generating set for B (this is of course trivial, but we prefer to do everything in matrix terms).
Let us find the relations between these generators. If R = X is such a relation, we Y have ψ(A)X + B 0 Y = 1B . If we apply φ to this relation, we obtain φ(B 0 )Y = CY = 1C , hence Y ∈ ImDC , so that Y = DC Y1 for some integral vector Y1 . Thus we have ψ(A)X + B 0 DC Y1 = 1B . Set B 00 = B 0 DC . Then φ(B 00 ) = φ(B 0 )DC = CDC = 1C , hence the entries of B 00 are in Ker(φ) = Im(ψ), and since we can solve the discrete logarithm problem in A we can find a matrix P such that B 00 = ψ(AP ) = ψ(A)P . So finally, the equation for our relation is ψ(A)X + ψ(A)P Y1 = 1B ⇐⇒ ψ(A)(X + P Y1 ) = 1B ⇐⇒ A(X + P Y1 ) = 1A ⇐⇒ X + P Y1 ∈ ImDA ⇐⇒ X + P Y1 = DA T for some integer vector T (note that here we have used the injectivity of ψ).
is a relation if and only if we have In other words, R = X Y    DA −P T R= 0 DC Y1 for some integer vectors T and Y1 . We then obtain the SNF as before by applying Algorithm 1.3. Formally, this gives the following. Algorithm 4.1. (Group extensions) Given two groups A = (A, DA ) and C = (C, DC ) ψ

φ

in SNF, and an exact sequence 1 −→ A −→ B −→ C −→ 1 with ψ and φ algorithmically known, this algorithm computes the SNF (B, DB ) of the group B. 1. [Compute generators] Compute B 0 such that φ(B 0 ) = C (which can be done since φ is algorithmically known), and compute ψ(A). 2. [Compute P ] Set B 00 ← B 0 DC , and let A00 be such that B 00 = ψ(A00 ) (B 00 is in the image of ψ and A00 can be found since ψ is algorithmically known). Using the discrete logarithm in A, compute an integral matrix P such that
A00 = AP . 3. [Terminate] Set G ← (ψ(A)|B 0 ) and M ← D0A −P DC . Apply Algorithm 1.3 to the system of generators and relations (G, M ), output the SNF (B, DB ) of B, the auxiliary matrix Ua , and terminate the algorithm.

Algorithmic Methods for Finitely Generated Abelian Groups

139

Solving the corresponding discrete logarithm problem is easy. Let β ∈ B. Using the discrete logarithm in C we can find Y such that φ(β) = CY = φ(B 0 )Y , hence φ(β − B 0 Y ) = 1C so β − B 0 Y ∈ Im(ψ), and using the discrete logarithm in A we obtain

. Finally, this gives β = BUa X β − B 0 Y = ψ(A)X for some X, so β = (ψ(A)|B 0 ) X Y Y
X hence Ua Y is our desired discrete logarithm. Remark. From the above discussion, it is clear that the matrix −P measures the obstruction to the fact that the exact sequence is split. More precisely, if −P = 0, the sequence splits, and conversely, if the sequence splits, then one can find generators such that −P = 0. 5. Right Four-term Exact Sequences In view of applications to ray class group computations, we will also use right fourterm exact sequences (left four-term exact sequences can be treated in a similar manner). More precisely, assume that we have an exact sequence of the form ρ

ψ

φ

E −→ Z −→ B −→ C −→ 1. We assume that we know algorithmically the groups E = (E, DE ), Z = (Z, DZ ) and C = (C, DC ), and we want to compute B. In the application that we have in mind, E is in general infinite, and in that case the diagonal entry of DE is equal to zero for each infinite cyclic component. This could be treated as a three-term exact sequence by introducing the quotient group Z/ρ(E), but it is more elegant and just as easy to treat it directly as a right four-term exact sequence. We proceed essentially as in Section 4. Let B 0 be such that φ(B 0 ) = C, and let β ∈ B. We have φ(β) = CY for some Y , hence φ(β − B 0 Y ) = 1C , hence β − B 0 Y ∈ ψ(Z). It follows that β − B 0 Y = ψ(Z)X for some X, in other words (ψ(Z)|B 0 ) is a generating set for B.
Let us find the relations between these generators. If R = X is such a relation, we Y have ψ(Z)X + B 0 Y = 1B . If we apply φ to this relation, we obtain φ(B 0 )Y = CY = 1C , hence Y ∈ ImDC , so that Y = DC Y1 for some integral vector Y1 . Thus we have ψ(Z)X + B 0 DC Y1 = 1B . Set B 00 = B 0 DC . Then φ(B 00 ) = φ(B 0 )DC = CDC = 1C . Thus all the entries of B 00 are in Ker(φ) = Im(ψ). Since ψ is assumed to be algorithmically known, we can find Z 0 such that ψ(Z 0 ) = B 00 . Since we can solve the discrete logarithm problem in Z, we can find a matrix P such that Z 0 = ZP .
X Thus, R = Y is a relation if and only if ψ(Z)X + ψ(Z)P Y1 = 1B , or in other words Z(X + P Y1 ) ∈ Ker(ψ) = Im(ρ). Thus, there exists a vector T such that Z(X + P Y1 ) = ρ(E)T . Using again the discrete logarithm in Z, we can find a matrix Q such that ρ(E) = ZQ. Hence we get Z(X +P Y1 −QT ) = 1Z , or equivalently X +P Y1 −QT = DZ T 0 0 for still another integer vector
T . X In other words, R = Y is a relation if and only if we have     T Q DZ −P  0  T R= 0 0 DC Y1 for some integer vectors T , T 0 and Y1 . We then obtain the SNF as before by applying Algorithm 1.3. Formally, this gives the following.

140

H. Cohen et al.

Algorithm 5.1. (Right four-term exact sequences) Given three Abelian groups ρ

ψ

E = (E, DE ), Z = (Z, DZ ) and C = (C, DC ) in SNF and an exact sequence E −→ Z −→ φ

B −→ C −→ 1 with ρ, ψ and φ algorithmically known, this algorithm computes the SNF (B, DB ) of the group B. 1. [Compute generators] Compute B 0 such that φ(B 0 ) = C (which can be done since φ is algorithmically known), and compute ψ(Z). 2. [Compute P ] Set B 00 ← B 0 DC , and let Z 0 be such that B 00 = ψ(Z 0 ) (B 00 is in the image of ψ and Z 0 can be found since ψ is algorithmically known). Using the discrete logarithm in Z, compute a matrix P such that Z 0 = ZP . 3. [Compute Q] Using the discrete logarithm in Z, compute a matrix Q such that ρ(E) = ZQ.   Q DZ −P 0 4. [Terminate] Set G ← (ψ(Z)|B ) and M ← . Apply Algorithm 1.3 0 0 DC to the system of generators and relations (G, M ), output the SNF (B, DB ) of B, the auxiliary matrix Ua and terminate the algorithm. In applications to ray class group computations, the group E will be the group of units of a number field, hence finitely generated but not finite in general. As can be seen from Step 3, however, only a finite set of generators is needed. Apart from this group, all of the other groups that we will use are finite. Solving the corresponding discrete logarithm problem is again easy. Let β ∈ B. Using the discrete logarithm in C we can find Y such that φ(β) = CY = φ(B 0 )Y , hence φ(β−B 0 Y ) = 1C so β−B 0 Y ∈ Im(ψ). Since Z has been computed and ψ is algorithmically 0 known, using the
discrete logarithm in Z we obtain
β−B Y =
ψ(Z)X for some X, so X 0 X β = (ψ(Z)|B ) Y . Finally, this gives β = BUa Y , hence Ua X is our desired discrete Y logarithm. 6. Computing Images, Inverse Images and Kernels Let B = (B, DB ) and C = (C, DC ) be two algorithmically given Abelian groups, let φ be a group homomorphism from B to C, and let A be a subgroup of B, given by a HNF matrix HB which is a left divisor of DB as explained in Proposition 2.1. We can easily compute the image of φ using the following algorithm. Algorithm 6.1. (Image of a subgroup) Let B = (B, DB ) and C = (C, DC ) be two algorithmically given Abelian groups in SNF, let φ be a group homomorphism from B to C, and let A be a subgroup of B given by a left divisor HB of DB . This algorithm computes the image φ(A) as a subgroup of C, in other words it outputs a left divisor HC of DC which represents the subgroup φ(A) according to Proposition 2.1. 1. [Compute matrix P ] Using the discrete logarithm algorithm in C, compute an integer matrix P such that φ(B) = CP . 2. [Terminate] Let M ← (P HB |DC ) be the horizontal concatenation of P HB and DC . Let HC be the HNF of the matrix M (which is a left divisor of DC ). Output HC and terminate the algorithm.

Algorithmic Methods for Finitely Generated Abelian Groups

141

Proof. By definition of HB , B 0 = BHB is a system of generators for A, and φ(B 0 ) = φ(B)HB = C(P HB ). Hence, by Proposition 2.1 (2), the desired matrix HC is the HNF of the matrix (P HB |DC ). 2 Once again, let B = (B, DB ) and C = (C, DC ) be two algorithmically given Abelian groups, let φ be a group homomorphism from B to C, but now let A be a subgroup of C, given by a HNF matrix HC which is a left divisor of DC . We want to compute φ−1 (A) as a subgroup of B. This is done as follows. Algorithm 6.2. (Inverse image of a subgroup) Let B = (B, DB ) and C = (C, DC ) be two algorithmically given Abelian groups in SNF, let φ be a group homomorphism from B to C, and let A be a subgroup of C given by a left divisor HC of DC . This algorithm computes the inverse image φ−1 (A) as a subgroup of B, in other words it outputs a left divisor HB of DB which represents the subgroup φ−1 (A) according to Proposition 2.1. 1. [Compute P ] Using the discrete logarithm algorithm in C, compute an integral matrix P such that φ(B) = CP .
1 U2 2. [Compute U1 ] Apply a HNF algorithm to the matrix (P |HC ), and let U = U U3 U4 be a unimodular matrix and H a HNF matrix such that (P |HC )U = (0|H). We can discard the matrices U2 , U3 , U4 and H. 3. [Terminate] Let HB be the HNF of the matrix (U1 |DB ). Output HB and terminate the algorithm. Proof. Let X be an integer vector representing an element of B on the generators B. We have BX ∈ φ−1 (A) ⇐⇒ φ(B)X ∈ A ⇐⇒ CP X = CHC Y ⇐⇒ C(P X − HC Y ) = 1C for some integer vector Y , so BX ∈ φ−1 (A) ⇐⇒ P X − HC Y = DC Z for some integer vector Z. We know however that HC is a left divisor of DC , so DC = HC HC0 for some integer matrix HC0 . Hence X represents an element of φ−1 (A) on B if and only if there exist integer vectors Y and Z such that P X − HC (Y + HC0 Z) = 0, hence if and only if there exists an integer vector T such that P X + HC T = 0 (indeed, T = −(Y + HC0 Z) exists, but conversely if T is given, we can choose Z = 0 and Y = −T ). We now use (Cohen, 1996, Proposition 2.4.9) which states that if   U1 U2 (P |HC ) = (0|H) U3 U4 is the HNF decomposition of the matrix   (P |HC ), a Z-basis of the kernel of (P |HC ) is 1 given by the columns of the matrix U U3 . In other words, P X + HC T = 0 if and only if there exists a column vector X1 such that
 U1  X T = U3 X 1 . Hence X represents an element of φ−1 (A) if and only if it is in the image of U1 , hence a generating system of φ−1 (A) is given by BU1 , and we conclude by Proposition 2.1 (2). 2 Remarks.

(1) To compute the kernel φ−1 ({1C }) of the map φ, we apply the above

142

H. Cohen et al.

algorithm to the matrix HC = DC , which is the matrix representing {1C } in the subgroup representation. (2) It is easy to write an algorithm for computing the cokernel C/Im(φ) of φ. Finally, note the following lemma, which gives an important property of the matrix U1 used in the above algorithm. Lemma 6.3. Assume that we have a matrix equality of the form (P |H1 )U = (0|H), where U is invertible and H1 is a square matrix with non-zero determinant. Let r be the number of columns of P , or equivalently the number of 0 columns on the right-hand side. Then the upper left r × r sub-matrix U1 of U has non-zero determinant equal to ± det(H1 )/ det(H), where the sign is equal to the determinant of U . Proof. Write U = 

U1 U2 U3 U4

H1 −P




. One easily checks the block matrix identity      0 U1 U2 H1 0 U1 U2 = , H 0 I 0 H1 U3 U4

and since det(H1 ) 6= 0, it follows that det(U1 ) det(H) = ± det(H1 ) where the sign is equal to det(U ). This proves the lemma. 2 Note that it is easy to write the inverse of U1 in GLr (Q) in terms of the block matrix decomposition of U −1 . 7. A Number-theoretical Example As mentioned several times, one of the main applications of the techniques developed in this paper is the computation of ray class groups. In this section we give in complete detail an easy but not completely trivial example, following Algorithm 5.1. We use the notation Cn to denote a cyclic group √ of order n. √ Let K be the quadratic field Q( 195). An integral basis is (1, ω) with ω = (1+ 195)/2. All ideals of K can be represented in a unique way by an HNF matrix on this integral basis. Let p5 be the prime ideal above 5, and let m be the modulus of K whose finite part is equal to p5 and with no Archimedean places. We want to compute algorithmically the ray class group modulo m, denoted by Clm (K). For this, we use the well-known right four-term exact sequence ρ

ψ

φ

U (K) −→ (ZK /m)∗ −→ Clm (K) −→ Cl(K) −→ 1. The (ordinary) class group Cl(K) of K is isomorphic to C2 ×C2 , with generators equal 5 to the classes of the ideals given in HNF by b1 = ( 60 31 ) and b2 = ( 10 0 1 ) (these generators being of course not unique). The√unit group U (K) is isomorphic to {±1} × εZ with the fundamental unit ε equal to 14 + 195. Finally, since p5 is an ideal of degree 1, the group (ZK /m)∗ is a cyclic group of order 4 generated by the class of 2. Thus all the groups and maps are algorithmically known except for Clm (K), so we can use Algorithm 5.1. Step 1. We have C = (b1 , b2 ) and we must compute B 0 such that φ(B 0 ) = C, in other words we must lift b1 and b2 to Clm (K). Since b1 is coprime to 5, we can lift b1 to the class of b1 in Clm (K). On the other hand, b2 is not coprime to 5. It is easy to find

Algorithmic Methods for Finitely Generated Abelian Groups

143

algorithmically an element β ∈ K such that βb2 is an integral ideal coprime to 5 (see for 12 example Cohen, 2000, Algorithm 1.3.14). Here, we find βb2 = ( 17 0 1 ), so we lift b2 to 0 0 the class of βb2 in Clm (K). To summarize, we set b1 = b1 , b2 = βb2 and B 0 = (b01 , b02 ) in Clm (K). Finally, with the notation of the algorithm it is clear that ψ(Z) = b00 with b00 = ( 20 02 ). Step 2. Using the principal ideal algorithm, we easily compute that √ 2 2 B 00 = B 0 DC = (b01 , b02 ) ( 20 02 ) = (b01 , b02 ) = (6ZK , (22 − 195)ZK ) = (ZK , 2ZK ) so that Z 0 = (1, 2) and trivially (in our case) P √ 2 2 Step 3. Since − 1 = 2 and 14 + 195 = 2 0 0 0 Step 4. We set G = (b0 , b1 , b2 ) and  2 2 4 M = 0 0 0 0 0 0

= (0 1). in (ZK /m)∗ , we have Q = (2 2).

Using a HNF algorithm, we find that the HNF  2 0 H = 0 2 0 0

of M is equal to  1 0 , 2

 0 −1 2 0 . 0 2

and using a SNF algorithm we find that we have U HV = D with      2 0 −1 1 0 0 4 U = −2 1 1  V =  2 1 0 D = 0 1 0 0 −2 0 1 0

0 2 0

 0 0 . 1

Thus U −1



0 = 1 −1

 0 1 1 0 . 0 2

From this computation, it follows that the ray class group Clm (K) is isomorphic to −1 C4 × C2 with generators equal to the classes in Clm (K) of b01 b02 (of order 4) and b01 0 0 0 0 −1 −1 (of order 2). Thus, b2 = b1 (b1 b2 ) is still of order 4, hence we can take (b02 , b01 ) as generators. 8. Operations on Subgroups It is easy to modify the preceding algorithms so that they perform operations on subgroups, represented as explained in Section 2. Thus, let B = (B, DB ) be a fixed Abelian group in SNF, and let A1 and A2 be subgroups of B given by HNF left divisors H1 and H2 of DB . We want to compute their intersection and their sum, which is by definition the subgroup generated by A1 and A2 . We leave the easy proof of the following algorithm to the reader. Algorithm 8.1. (Intersection and sum of subgroups) Given an Abelian group B = (B, DB ) in SNF and two subgroups A1 and A2 given by HNF left divisors H1 and H2 of DB , this algorithm computes the HNF left divisors of DB giving the intersection A1 ∩ A2 and the sum A1 + A2 of A1 and A2 .

144

H. Cohen et al.


1 U2 1. [Compute HNF] Let (H1 |H2 ) U = (0|H) be the HNF decomposition of the U3 U4 matrix (H1 |H2 ). 2. [Terminate] Let H3 be the HNF of (H1 U1 |DB ) (or equivalently of (H2 U3 |DB )). Output H3 as the HNF of the intersection, H as the HNF of the sum, and terminate the algorithm. If we want the intersection or the sum of more than two subgroups, we can either apply the above algorithm recursively, or directly use the HNF of the concatenation of all the matrices. The first method is clearly preferable since it is better to compute k − 1 times the HNF of an n × 2n matrix than the HNF of a single n × kn matrix. There is, however, another natural problem which we will encounter below. As above, let A1 and A2 be subgroups of B given by HNF divisors H1 and H2 . We would like to compute the intersection of these two subgroups as a subgroup of A2 , in other words as a left divisor of the SNF of A2 and not of B. This is easily done using the following algorithm, whose easy proof is again left to the reader. Algorithm 8.2. (Intersection of subgroups in a subgroup) Given an Abelian group B = (B, DB ) in SNF and two subgroups A1 and A2 given by HNF left divisors H1 and H2 of DB , this algorithm computes the SNF (A2 , DA2 ) of A2 and the left HNF divisor of DA2 giving A1 ∩ A2 as a subgroup of A2 . 1. [Compute SNF of A2 ] Using Algorithm 1.3 (except that one should skip Step 1 which is not necessary) applied to the system of generators and relations (BH2 , H2−1 DB ), compute the SNF (A2 , DA2 ) of the group A2 , the matrix Ua , and output this SNF.
1 U2 2. [Compute HNF of intersection] Let (H1 |H2 ) U U3 U4 = (0|H) be the HNF decomposition of the matrix (H1 |H2 ). 3. [Terminate] Output the HNF of the matrix (Ua U3 |DA2 ) as left HNF divisor of DA2 representing A1 ∩ A2 , and terminate the algorithm. Let C = (C, DC ) be a group, and let p be a prime number. We would also like to compute the p-Sylow subgroup Cp of C. Recall that by definition, this is the subgroup of C consisting of all elements g ∈ C whose order is a power of p. We will use the following convenient notation which should be standard in number theory. If m ∈ Z, m 6= 0, we will denote by (p∞ , m) the limit as k → ∞ of (pk , m). Of course, this sequence stabilizes for k large enough, so the limit exists, and more precisely, (p∞ , m) = pvp (m) where as usual vp (m) is the p-adic valuation of m. The following proposition gives the answer to our question. Proposition 8.3. Let C = (C, DC ) be a group given in SNF, with C = (γi )1≤i≤n and DC = diag((ci )1≤i≤n ), and let p be a prime number. Let rc be the largest index i ≤ n such that p | ci (rc = 0 if none exist) . Then Cp is given in SNF by Cp = (Cp , DC,p ), where c /(p∞ ,ci ) Cp = (γi i )1≤i≤rc and DC,p = diag((p∞ , ci )1≤i≤rc ). Q a Proof. Let g ∈ Cp . There exists a ≥ 0 such that g p = 1. Let g = 1≤i≤n γixi . Thus, ci | pa xi , hence (ci /(pa , ci )) | xi , which implies that (ci /(p∞ , ci )) | xi . Hence, if we set c /(p∞ ,ci ) γi,p = γi i , the γi,p are generators of Cp , and we can restrict to i ≤ rc , otherwise

Algorithmic Methods for Finitely Generated Abelian Groups

145

the γi,p are equal to 1. It is clear that the matrix of relations between the γi,p is given by DC,p = diag((p∞ , ci )), and since this is already in SNF, this proves the proposition. 2 This proposition giving explicitly the SNF of Cp , it is not necessary to give a formal algorithm. If we want to consider Cp as a subgroup of C, the corresponding HNF left divisor of DC is evidently the diagonal matrix diag((ci /(p∞ , ci ))1≤i≤n ). 9. Enumeration of Subgroups Class field theory states that Abelian extensions of a base field K correspond to equivalence classes of congruence subgroups, or equivalently to equivalence classes of subgroups of ray class groups Clm (K), which are finite Abelian groups. Thus, it is important to be able to enumerate these groups. We consider this problem here. Let C = (C, DC ) be a fixed Abelian group given in SNF. By Proposition 2.1, enumerating subgroups of C is equivalent to enumerating HNF matrices H which are left divisors of DC (two matrices M and M 0 which differ only by right multiplication by a unimodular matrix U define the same subgroup). The question of finding these divisors in an efficient manner is not immediate (see Theorem 9.1 below). In the context of class groups, however, it is reasonable to assume that C will often be cyclic or close to cyclic (see Cohen and Lenstra, 1984; Cohen and Martinet, 1987, 1990). Hence, we can proceed as follows. Let n be the number of cyclic components of C as above, and let DC = diag(c1 , . . . , cn ). If n = 1, H divides DC if and only if H = (e1 ) where e1 | c1 and e1 ≥ 1, hence we simply look at all (positive) divisors of c1 .
If n = 2 then an immediate computation shows that H = e01 fe21 divides DC if and only if for i = 1 and i = 2, ei is a positive divisor of ci , and f1 = ke1 / gcd(e1 , c2 /e2 ) with 0 ≤ k < gcd(e1 , c2 /e2 ). If n ≥ 3, we can try all possible HNF matrices H = (ei,j ) with ei,i | ci and ei,i+1 ≡ 0

(mod ei,i / gcd(ei,i , ci+1 /ei+1,i+1 )),

which are easily seen to be necessary conditions. This is however wasteful, since we need to examine many more HNF matrices than there are subgroups. Thus, we need a method which enables us to construct the HNF matrices which correspond to subgroups (in other words the left divisors of DC ) and only those. We first make an important reduction. As in the preceding section, let Cp be the pc /(p∞ ,ci ) Sylow subgroup of C, generated by the γi i . We claim that it suffices to enumerate the subgroups of Cp for each p. Indeed, let B be a subgroup of C given by an HNF matrix H. The p-Sylow subgroup Bp of B is of course equal to B ∩ Cp . We want to consider it as a subgroup of Cp , and as such it can be computed as a left divisor Hp of the matrix DC,p given by Proposition 8.3, by using Algorithm 8.2 (note that in that algorithm Ua is the identity matrix in our case). Conversely, if for each p we are given a left divisor −1 of Hp of DC,p corresponding to a subgroup Bp of Cp , then it is clear that DC DC,p Hp is a left divisor of DC corresponding to Bp considered as a subgroup of C, hence we can reconstruct the subgroup B by summing these subgroups using Algorithm 8.1. Although the above may sound like useless nitpicking, it is however essential for a correct implementation. Once this reduction is made, we may assume that our group C is a p-group, in other

146

H. Cohen et al.

words that its order is a power of p. In this case, the complete answer to our problem has been given by Birkhoff (see Birkhoff, 1934–5; Butler, 1994). We give the theorem as stated by Butler (slightly modified for our purposes), and refer to Birkhoff (1934–5) and Butler (1994) for details and proof. Theorem 9.1. Let C = (C, DC ) be an Abelian p-group in SNF, and write DC = diag((pxi )1≤i≤s ). Consider all the matrices M obtained as follows. (1) We choose an integer t such that 0 ≤ t ≤ s and a family of integers (yi )1≤i≤t such that yi+1 ≤ yi for i < t and such that yi ≤ xi . We set by convention yi = 0 for t < i ≤ s. (2) We choose a permutation σ of [1, s] such that for all i ≤ t, yi ≤ xσ(i) , and for all i < s such that yi = yi+1 then σ(i) > σ(i + 1). Set τ = σ −1 . (3) We choose integers ci,j for τ (i) > j, 1 ≤ i ≤ s, 1 ≤ j ≤ t satisfying the following. =⇒ 1 ≤ ci,j ≤ pyj −yτ (i)

(a)

i < σ(j)

(b)

i > σ(j) and xi < yj =⇒ 1 ≤ ci,j ≤ pxi −yτ (i)

(c)

i > σ(j) and xi ≥ yj =⇒ 1 ≤ ci,j ≤ pyj −yτ (i) −1

(4) We define the s × t matrix M = (mi,j ) by setting   pxi if τ (i) < j    x −y  i j  if τ (i) = j p mi,j = ci,j pxi −yj in case (a)    ci,j in case (b)     c pxi −yj +1 in case (c). i,j To each subgroup A of C is associated a unique such matrix M , where the SNF of A is (CM, diag((pyi )1≤i≤t )) and conversely each such matrix M gives rise to a subgroup whose corresponding left HNF divisor of DC is the HNF of the matrix (M |DC ). Using this theorem and the algorithmic reductions to p-groups that we have made above, it is now easy to write a complete algorithm for the enumeration of subgroups of a finite Abelian group, and we will not do this formally. Note that it may be more efficient to first choose the permutation, and then the yi . Using this theorem, the reader can for example explicitly find all the subgroups of C = (Z/p2 Z) × (Z/pZ): in addition to the trivial subgroups of order 1 and p3 , there are p + 1 subgroups of order p and p + 1 subgroups of order p2 . The situation simplifies considerably if we want to enumerate not all subgroups, but only subgroups of given index . (By class field theory, in the ray class field case, computing congruence subgroups of given index is equivalent to computing Abelian extensions of given degree.) In particular, if the degree is prime we have the following proposition. Proposition 9.2. Let C = (C, DC ) be an Abelian group given in SNF, with DC = diag((ci )i ), and let ` be a prime number. Let rc be the largest index i such that ` | ci (rc = 0 if none exist) , so that rc is the `-rank of C. The subgroups of C of index ` correspond under Proposition 2.1 to matrices H =

Algorithmic Methods for Finitely Generated Abelian Groups

147

(hi,j ) such that there exists a row index k (necessarily unique) satisfying the following properties. (1) We have k ≤ rc . (2) For i 6= k, then hi,j = 0 for j 6= i and hi,i = 1. (3) We have hk,k = `, hk,j = 0 if j < k or j > rc , and 0 ≤ hk,j < ` if k < j ≤ rc . In particular, there are (`rc −1)/(`−1) subgroups of index ` (this is of course a well-known and easy result) .

Proof. The proof of this proposition is easy and left to the reader. 2 This proposition leads to the following algorithm. Algorithm 9.3. (Subgroups of index `) Given an Abelian group C = (C, DC ) in HNF with DC = diag((ci )1≤i≤n ) and a prime number `, this algorithm computes the list C of all subgroups of C of index ` as HNF left divisors of DC . 1. [Initializations] Let C ← ∅, let rc be the largest index i (0 if none exist) such that ` | ci , and set k ← 0. 2. [Loop on k] Set k ← k + 1. If k > rc , output C and terminate the algorithm. Otherwise, set A ← −1. 3. [Loop on A] Let A ← A + 1. If A ≥ `rc −k−1 , go to Step 2. Otherwise, let H ← In be the identity matrix of order n, set Hk,k ← `, set j ← k and a ← A. 4. [Loop on j] Set j ← j + 1, If j > rc set C ← C ∪ {H} and go to Step 3. Otherwise, let a = `q + r be the Euclidean division of a by ` with 0 ≤ r < `, set Hk,j ← r, a ← q and go to Step 4.

References Birkhoff, G. (1934–5). Subgroups of abelian groups. Proc. Lond. Math. Soc. (2), 38, 385–401. Butler, L. (1994). Subgroup lattices and symmetric functions. Memoirs of the A.M.S., 539. Cohen, H. (1996). A Course in Computational Algebraic Number Theory (3rd corrected printing), volume 138 of Graduate Texts in Mathematics. New York, Springer. Cohen, H. (2000). Advanced Topics in Computational Number Theory, volume 193 of Graduate Texts in Mathematics. New York, Springer. Cohen, H., Diaz y Diaz, F., Olivier, M. (1996). Computing ray class groups, conductors and discriminants. In Proceedings of ANTS II, LNCS 1122, pp. 49–57. Cohen, H., Lenstra, H. W. (1984). Heuristics on class groups of number fields. In Number Theory, Noordwijkerhout 1983, LNM 1068, pp. 33–62. Cohen, H., Martinet, J. (1987). Class groups of number fields: numerical heuristics. Math. Comp., 48, 123–137. Cohen, H., Martinet, J. (1990). Etude heuristique des groupes de classes de corps de nombres dans le cas g´ en´ eral. J. reine angew. Math., 404, 39–76.

Originally Received 1 October 1996 Accepted 31 January 2000