Efficient Gröbner bases computation over principal ideal rings

JID:YJSCO

AID:1985 /FLA

[m1G; v1.261; Prn:29/10/2019; 18:04] P.1 (1-13)

Journal of Symbolic Computation ••• (••••) •••–•••

Contents lists available at ScienceDirect

Journal of Symbolic Computation www.elsevier.com/locate/jsc

Efficient Gröbner bases computation over principal ideal rings Christian Eder a , Tommy Hofmann b a b

University of Leipzig, Department of Mathematics, D-04109 Leipzig, Germany Technische Universität Kaiserslautern, Department of Mathematics, D-67663 Kaiserslautern, Germany

a r t i c l e

i n f o

Article history: Received 31 May 2019 Accepted 15 October 2019 Available online xxxx Keywords: Gröbner bases Principal ideal rings

a b s t r a c t In this paper we present new techniques for improving the computation of strong Gröbner bases over a principal ideal ring R. More precisely, we describe how to lift a strong Gröbner basis along a canonical projection R → R/n, n = 0, and along a ring isomorphism R → R1 × R2 . We then apply this to the computation of strong Gröbner bases over a non-trivial quotient of a principal ideal domain R/nR. The idea is to run a standard Gröbner basis algorithm pretending R/nR to be field. If we discover a non-invertible leading coefficient c, we use this information to try to split n = ab with coprime a, b. If this is possible, we recursively reduce the original computation to two strong Gröbner bases computations over R/aR and R/bR respectively. If no such c is discovered, the returned Gröbner basis is already a strong Gröbner basis for the input ideal over R/nR. © 2019 Elsevier Ltd. All rights reserved.

1. Introduction In 1964 Hironaka already investigated computational approaches towards singularities and introduced the notion of standard bases for local monomial orders, see, for example, Hironaka (1964a,b); Grauert (1972). In Buchberger (1965, 2006), Buchberger initiated, in 1965, the theory of Gröbner bases for global monomial orders by which many fundamental problems in mathematics, science and engineering can be solved algorithmically. Specifically, he introduced some key structural theory, and based on this theory, proposed the first algorithm for computing Gröbner bases. Buchberger’s

E-mail addresses: [email protected] (C. Eder), [email protected] (T. Hofmann). https://doi.org/10.1016/j.jsc.2019.10.020 0747-7171/© 2019 Elsevier Ltd. All rights reserved.

JID:YJSCO

AID:1985 /FLA

2

[m1G; v1.261; Prn:29/10/2019; 18:04] P.2 (1-13)

C. Eder, T. Hofmann / Journal of Symbolic Computation ••• (••••) •••–•••

algorithm introduced the concept of critical pairs and repeatedly carries out a certain polynomial operation (called reduction). Once the underlying structure is no longer a field, one needs the notion of strong Gröbner bases respectively strong standard bases. Influential work was done by Trinks (1978), introducing the first generalization of Buchberger’s algorithm over commutative Noetherian rings, which was simplified in the case of principal ideal domains by Pauer and Pfeifhofer (1988). Möller (1988) and Kandri-Rody and Kapur (1988) introduced the first generalizations of Buchberger’s algorithm over Euclidean domains computing strong Gröbner bases. Since then only a few optimizations have been introduced, see, for example, Wienand (2011); Lichtblau (2012); Eder et al. (2017). For more general rings, like principal ideal rings, more recent approaches can be found, for example, in Kapur and Cai (2009); Norton and Sˇalˇagean (2001); Pauer (2007); Popescu (2016); Francis and Verron (2019). Common to all these approaches is the idea to transfer ideas from the well studied field case, like criteria for predicting zero reductions or the use of linear algebra, to the setting of rings. In some sense, we take this approach to the extreme by just treating the underlying ring as field and by hopefully splitting the computation to smaller problems in case it fails. To be more precise, consider a quotient R/nR of a principal ideal domain R for some non-trivial element n ∈ R. If I ⊆ (R/nR)[x] is an ideal for which we want to find a strong Gröbner basis computation, we pretend that n is prime, that is, R/nR is a field and apply a classical Gröbner basis algorithm from the field case to I . If this does not encounter a non-invertible element, then we are done. Otherwise we use a non-invertible element to split n = ab with coprime elements a, b ∈ R. After computing strong Gröbner bases of I over R/aR and R/bR, we pull them back along the canonical isomorphism R/nR → R/aR × R/bR to obtain a strong Gröbner basis of I . In case we cannot split n, we fall back to a classical algorithm for computing strong Gröbner bases. The most favorable case for the new algorithm are squarefree elements n, since then any non-invertible element allows us to split n. The idea of working in R/nR as if n were a prime, is a common strategy in computer algebra. Other examples include the computation of matrix normal forms over R/nR, see Fieker and Hofmann (2014). To make this approach work in the setting of strong Gröbner bases, we investigate the behavior of strong Gröbner bases with respect to quotients and the Chinese remainder theorem. By properly normalizing the strong Gröbner basis, we prove that one can efficiently pull back strong Gröbner bases along a projection R → R/nR (Theorem 10) as well as along a canonical isomorphism R → R/aR × R/bR (Theorem 12). In the computation of Gröbner bases, the idea of passing to quotient rings has also been used in the context of modular algorithms, see Pauer (1992); Arnold (2003). Here, one starts with an ideal I in R[x], where R is a principal ideal domain, for example, R = Z. Using the Chinese remainder theorem or Hensel lifting, one constructs a Gröbner basis of I ⊆ R/nR[x] for a non-zero element n, such that the Gröbner basis of I can be reconstructed. Here n can be chosen in such a way, that the computations over the residue ring R/nR are as simple as possible. For example, if n is a product of pairwise coprime irreducible elements, then all Gröbner basis computations take place over residue fields of R. However, only so called good primes are permitted, which is a property that can not be checked a priori. In contrast to this, in our setting the non-trivial modulus n is arbitrary and given as part of the input as we describe the efficient computation of Gröbner basis of ideals over principal ideal rings. The algorithm has been implemented to compute strong Gröbner bases over residue class rings of the form Z/nZ, where n ∈ Z>0 , see Section 5. Running standard benchmarks for Gröbner basis computations for n of different shape shows a consistent speed-up across all examples (except one). In case of squarefree n, the new algorithm improves upon the state of the art implementations by a factor of 10–100.

Acknowledgments

This work was supported by DFG project SFB-TRR 195. The authors thank Claus Fieker for helpful comments.

JID:YJSCO

AID:1985 /FLA

[m1G; v1.261; Prn:29/10/2019; 18:04] P.3 (1-13)

C. Eder, T. Hofmann / Journal of Symbolic Computation ••• (••••) •••–•••

3

2. Basic notions Let R be a principal ideal ring, that is a unital commutative ring such that every ideal is principal. Note that R is not necessarily an integral domain. If a, b ∈ R are two elements with aR ⊆ bR we denote by a/b by abuse of notation any element c ∈ R with c · b = a. Recall that a least common multiple of two elements a, b is an element l ∈ R such that lR = aR ∩ bR. By abuse of notation we denote by lcm(a, b) such an element. Similarly, we denote by gcd(a, b) an element of R with aR + bR = gcd(a, b)R and call it a greatest common divisor. For an element n ∈ R we denote by πn : R → R/nR the canonical projection. For an ideal I ⊂ R we define the annihilator of I by

Ann ( I ) = {c ∈ R | ∀a ∈ I : c · a = 0} . For an element a ∈ R we denote by Ann (a) := Ann ( a ) the annihilator of a. The set of all invertible elements of R will be denoted by R× . A polynomial in n variables x1 , . . . , xn over R is a finite R-linear combination of terms n v a v 1 ,..., v n i =1 xi i ,

f =



a v x v :=

finite 

a v 1 ,..., v n

v

xi i ,

i =1

v ∈N n

v

n 

such that v ∈ N and a v ∈ R. The polynomial ring R[x] := R[x1 , . . . , xn ] in n variables over R is vthe set of all polynomials over R together with the usual addition and multiplication. For f = v a v x =   0 ∈ R[x] we define the degree of f by deg( f ) := max v 1 + · · · + v n | v ∈ N n , a v = 0 . For f = 0 we set deg( f ) := −1. We fix once and for all a monomial order < on R[x], which, for the sake of simplicity, is assumed to be global, that is, xα ≥ 1 for all α ∈ N n . Given a monomial order < we can highlight the maximal terms of elements in R[x] with respect to <: For f ∈ R[x] \ {0}, lt ( f ) is the lead term, lm ( f ) the lead monomial, and lc ( f ) the lead coefficient of f . For any set F ⊂ R[x] we define the lead ideal L ( F ) = lt ( f ) | f ∈ F ; for an ideal I ⊂ R[x], L ( I ) is defined as the ideal generated by lead terms of all elements of I . The reduction process of two polynomials f and g in R[x] depends now on the uniqueness of the minimal remainder in the division algorithm in R: n

Definition 1. Let f , g ∈ R[x] and let G = { g 1 , . . . , gr } ⊂ R[x] be a finite set of polynomials. 1. We say that g top-reduces f if lm ( g ) | lm ( f ) and lc ( g ) | lc ( f ). A top-reduction of f by g is then given by

f −

lc ( f ) lm ( f ) lc ( g ) lm ( g )

g.

2. Relaxing the reduction of the lead term to any term of f , we say that g reduces f . In general, we speak of a reduction of a polynomial f with respect to a finite set F ⊂ R[x].  r 3. We say that f has a weak standard representation with respect to G if f = i =1 h i g i for some  h i ∈ R[x] such that lm ( f ) ≥ lm h j g j for all j ∈ {1, . . . , r }. r 4. We say that f has a strong standard representation with respect to G if f = i =1 h i g i for some  h i ∈ R[x] such that lm ( f ) = lm h j g j for a unique j ∈ {1, . . . , r } and lm ( f ) > lm (hk gk ) for all k = j. This kind of reduction is equivalent to definition CP3 from Kandri-Rody and Kapur (1984) and generalizes Buchberger’s attempt from Buchberger (1985). The result of such a reduction might not be unique. This uniqueness is exactly the property that Gröbner bases give us.

JID:YJSCO

AID:1985 /FLA

[m1G; v1.261; Prn:29/10/2019; 18:04] P.4 (1-13)

C. Eder, T. Hofmann / Journal of Symbolic Computation ••• (••••) •••–•••

4

Definition 2. A finite set G ⊂ R[x] is called a Gröbner basis for an ideal I (with respect to <) if G ⊂ I and L (G ) = L ( I ). Furthermore, G is called a strong Gröbner basis if for any f ∈ I \{0} there exists an element g ∈ G such that lt ( g ) | lt ( f ). Remark 3. Note that G being a strong Gröbner basis is equivalent to all elements g ∈ G having a strong standard representation with respect to G. See, for example, Theorem 1 in Lichtblau (2012) for a proof. Clearly, assuming that R is a field, any Gröbner basis is a strong Gröbner basis. But in our setting with R being a principal ideal ring one has to check the coefficients, too, as explained in Definition 1. The fact that for an arbitrary principal ideal ring the notions of Gröbner bases and strong Gröbner bases do not agree, can be observed already for monomial ideals in univariate polynomial rings: Example 4. Consider R = Z and the ideal I = x ⊆ R[ y ] of the univariate polynomial ring R[ y ]. Clearly, G := {2 y , 3 y } is a Gröbner basis for I : L ( I ) = y and y = 3 y − 2 y ∈ L (G ). But G is not a strong Gröbner basis for I since 2 y  y and 3 y  y. In order to compute strong Gröbner bases we need to consider three different types of special polynomials. For more details, we refer, for example, to Möller (1988) and Kapur and Cai (2009). Definition 5. Let f , g ∈ R[x], t = lcm (lm ( f ) , lm ( g )), t f =

t , lm( f )

and t g =

t . lm( g )

1. Let a = lcm (lc ( f ) , lc ( g )), a f = lc(af ) , and a g = lc(ag ) . A S-polynomial of f and g is denoted by

spoly ( f , g ) = a f t f f − a g t g g . 2. Let b = gcd (lc ( f ) , lc ( g )). Choose b f , b g ∈ R such that b = b f lc ( f ) + b g lc ( g ). A GCD-polynomial of f and g is denoted by

gpoly ( f , g ) = b f t f f + b g t g g . 3. Let a ∈ R be a generator of Ann (lc ( f )). An annihilator polynomial of f is denoted by

apoly ( f ) = af = a tail ( f ) . Remark 6. 1. Note that spoly ( f , g ) , gpoly ( f , g ) as well as apoly ( f ) g are not uniquely defined, since quotients, Bézout coefficients and generators are in general not unique. 2. If lc ( f ) is not a zero divisor in R then apoly ( f ) = 0. It follows that if R is a domain, there is no need to handle annihilator polynomials since 0 is the only zero divisor. 3. In the field case we do not need to consider GCD-polynomials at all since we can always normalize the polynomials, that is, ensure that lc ( f ) = 1. From Example 4 it is clear that the usual Buchberger algorithm as in the field case will not compute a strong Gröbner basis as we would only consider spoly (2x, 3x) = 3 · 2x − 2 · 3x = 0. Luckily, we can fix this via taking care of the corresponding GCD-polynomial:

gpoly (2x, 3x) = (−1) · 2x − (−1) · 3x = x. It follows that given an ideal I ⊂ R[x] a strong Gröbner basis for I can be achieved using a generalized version of Buchberger’s algorithm computing not only strong standard representations of S-polynomials but also of GCD-polynomials and annihilator polynomials. We refer, for example, to Lichtblau (2012) for more details.

JID:YJSCO

AID:1985 /FLA

[m1G; v1.261; Prn:29/10/2019; 18:04] P.5 (1-13)

C. Eder, T. Hofmann / Journal of Symbolic Computation ••• (••••) •••–•••

5

Algorithm 1 Buchberger’s algorithm for computing strong Gröbner bases (sBBA). Input: Ideal I = f 1 , . . . , f m ⊂ R[x], normal form algorithm NF (depending on <) Output: A strong Gröbner basis G for I w.r.t. < 1: G ← { f 1 , . . . , f m } 2: P ← {apoly  ( f i ) | 1 ≤ i ≤ n}   3: P ← P ∪ spoly f i , f j , gpoly f i , f j | 1 ≤ i < j ≤ m 4: while ( P = ∅) do 5: Choose h ∈ P , P ← P \ {h} 6: h ← NF (h, G ) 7: if (h = 0) then 8: P ← P ∪ {apoly (h)} 9: P ← P ∪ {spoly ( g , h) , gpoly ( g , h) | g ∈ G } 10: G ← G ∪ {h} 11: return G

So, how do we get a strong standard representation of elements w.r.t. some set G? The answer is given by the concept of a normal form: Definition 7. Let G denote the set of all finite subsets of R[x]. We call the map NF : R[x] × G −→ R[x], ( f , G ) −→ NF ( f , G ), a weak normal form (w.r.t. a monomial ordering <) if for all f ∈ R[x] and all G ∈ G the following hold: 1. NF (0, G ) = 0. 2. If NF ( f , G ) = 0 then lt (NF ( f , G )) ∈ / L ( G ).  0 then there exists a unit u ∈ R[x] such that either u f = NF ( f , G ) or r = u f − NF ( f , G ) 3. If f = has a strong standard representation with respect to G. A weak normal form NF is called a normal form if we can always choose u = 1. Now we state Buchberger’s algorithm for computing strong Gröbner bases, Algorithm 1. For the theoretical background we refer to Chapter 4 in Adams and Loustaunau (1994) 3. Strong Gröbner bases over principal ideal rings In this section we give theoretical results for the computation of strong Gröbner bases over principal ideal rings. These results will then be used in Section 4 for an improved computation of strong Gröbner bases over quotients of principal ideal rings. We begin by analyzing Algorithm 1 in case all occurring leading coefficients are invertible. Lemma 8. Let I = f 1 , . . . , f m ⊂ R[x] be an ideal such that for all i = 1, . . . , m we have that lc ( f i ) is invertible in R. Moreover, assume that for each newly added polynomial h in Line 10 in Algorithm 1 the polynomial lc (h) is invertible in R. Then Algorithm 1 does not need to consider GCD-polynomials and annihilator polynomials. Proof. We show that all GCD-polynomials and all annihilator polynomials are zero in the setting of the lemma: 1. For each element g in the intermediate Gröbner basis G it holds that lc ( g ) is invertible in R and thus, not a zero divisor. It follows that apoly ( g ) = 0 by definition. 2. For each gpoly ( f , g ) for f , g ∈ G it holds that lc ( f ) | lc ( g ): lc ( f ) is invertible in R, so we get





lc ( g ) · (lc ( f ))−1 lc ( f ) = lc ( g ) .

Again, by definition, gpoly ( f , g ) will reduce trivially to zero w.r.t. { f , g }.

2

JID:YJSCO

AID:1985 /FLA

[m1G; v1.261; Prn:29/10/2019; 18:04] P.6 (1-13)

C. Eder, T. Hofmann / Journal of Symbolic Computation ••• (••••) •••–•••

6

Remark 9. From Lemma 8 it follows that as long as Algorithm 1 does not encounter a lead coefficient that is not invertible in R we can use Buchberger’s algorithm from the field case without the need to consider GCD-polynomials and annihilator polynomials for strongness properties. In Section 4 we discuss how one can use this fact to improve the general computations of strong Gröbner bases over R[x]. Let n ∈ R, n = 0. We next show how to pull back a strong Gröbner basis along the canonical projection πn : R[x] → (R/nR)[x]. Theorem 10. Let n ∈ R, n = 0 and I ⊆ R[x] an ideal. Assume that G n ⊆ R[x] is a set of polynomials with the following properties: 1. πn (G n ) is a strong Gröbner basis of πn ( I ); 2. for every g ∈ G n the leading coefficient lc ( g ) divides n and lc ( g ) ∈ / nR. Then G n ∪ {n} is a strong Gröbner basis of I + nR[x]. Proof. It is clear that G n ∪ {n} ⊆ I + nR[x]. Now let f ∈ I + nR[x], f = 0. If πn (lc ( f )) = 0, then the leading term is a multiple of n. Thus we may assume that πn (lc ( f )) = 0. Since πn (G n ) is a strong Gröbner basis of πn ( I ) = πn ( I + nR[x]), there exists g ∈ G n such that lt (πn ( g )) divides lt (πn ( f )). Hence we can find h ∈ R[x] with πn (h) · lt (πn ( g )) = lt (πn ( f )). We can assume that h is a term and lm (h)· lm ( g ) = lm ( f ). By assumption we have πn (lt ( g )) = lt (πn ( g )) as well as πn (lt ( f )) = lt (πn ( f )). Hence we can write h · lt ( g ) − lt ( f ) = c · lm ( f ) for some c ∈ nR. Now by assumption lc ( g ) divides n and therefore c. Since in addition lm ( g ) divides lm ( f ), it follows that c · lm ( f ) = h lt ( g ) for some h ∈ R[x]. Hence h · lt ( g ) − lt ( f ) = h · lt ( g ) and therefore lt ( g ) divides lt ( f ). 2 Remark 11. Assume that we know that an ideal I ⊆ R[x] contains a constant polynomial n ∈ R, n = 0. As I = I + nR[x], Theorem 10 implies that we can compute a strong Gröbner basis of I be properly choosing the lifts of a strong Gröbner basis of the reduction πn ( I ) ⊆ (R/nR)[x]. For R = Z, a similar idea can be found in Section 4 of Eder et al. (2018). There it is described how to check if an ideal I ⊆ Z[x] contains a constant polynomial n ∈ Z, n = 0. In case it exists, the authors describe an ad hoc method which keeps the size of the coefficients of the polynomials in Algorithm 1 bounded by n. Theorem 12. Assume that I ⊆ R[x] is an ideal and that a, b, u , v ∈ R are elements with 1 = ua + vb and ab = 0. Furthermore let K, L be finite index sets and G a = ( ga,k )k∈K , G b = ( gb,l )l∈L strong Gröbner bases of I + aR[x] and I + bR[x] respectively, satisfying the following conditions:









1. For k ∈ K, if ga,k is non-constant, then lc ga,k divides a and lc ga,k ∈ / aR   2. For l ∈ L, if gb,l is non-constant, then lc gb,l divides b and lc gb,l ∈ / b R. For k ∈ K, l ∈ L define



f k,l =ua













lcm lm ga,k , lm gb,l





lm gb,l







lcm lm ga,k , lm gb,l  + vb lm ga,k

 · lc ga,k gb,l  · lc gb,l ga,k .

Then G = { f k,l | k ∈ K, l ∈ L} is a strong Gröbner basis of I . Proof. Note that from 1 = ua + vb it follows at once that I = uaI + vbI . Hence I = uaI + vbI = ua( I + bR[x]) + vb( I + aR[x]) = ua G b + vb G a .

JID:YJSCO

AID:1985 /FLA

[m1G; v1.261; Prn:29/10/2019; 18:04] P.7 (1-13)

C. Eder, T. Hofmann / Journal of Symbolic Computation ••• (••••) •••–•••

7

     We next show that lc ga,k lc gb,l = 0. Assume on the contrary  that lc ga,k lc gb,l =  0. As lc ga,k divides a this implies alc gb,l = 0. Thus lc gb,l = 1 · lc gb,l = ualc gb,l + vblc gb,l =     vblc gb,l ∈ bR. This is a contradiction since lc gb,l ∈ / bR. Hence lc ga,k lc gb,l = 0 and

























ua · lc ga,k lc gb,l + vb · lc gb,k lc ga,l = lc ga,k lc gb,l = 0. In particular







lt f k,l = lcm lm ga,k , lm gb,l



  · lc ga,k lc gb,l .

Consider now  an element h ∈ I. Since h ∈ I + aR[x] and h ∈ I + bR[x], there  exist  ga,k ∈ G a , gb,l ∈ G b such that lt ga,k | lt (h) and lt gb,l | lt (h). Thus lm (h) is divisible by lcm lm ga,k , lm gb,l and    lc (h) is divisible by lc ga,k lc gb,l , that is, lt (h) is divisible by lt f k,l . 2 Note that Theorem 10 and 12 can be applied whenever we have an explicit decomposition of the ring R as R = R1 × R2 with rings R1 , R2 . For if a = (1, 0) and b = (0, 1) denote the unit elements of R1 and R2 respectively, then 1 = a + b, ab = 0 and a2 = a, b2 = b. Thus the assumptions of Theorem 12 are satisfied with u = 1 and v = 1. We illustrate this in the following example. Example 13. Let R = Q × Q and a = (1, 0), b = (0, 1) ∈ R. Consider the polynomial ring R[x1 , x2 ] in two variables with respect to the lexicographical ordering and the ideal I = (1, 0)x1 + (0, 1)x2 . We first want to apply Theorem 10 to determine Gröbner bases of I + aR[x1 , x2 ] and I + bR[x1 , x2 ] respectively. Now {(0, 1)x2 } ⊆ R/aR[x1 , x2 ] is a strong Gröbner basis of πa ( I ), but the set {(0, 1)x2 } does not satisfy part 2 of Theorem 10. (Note that as R/aR ∼ = Q, this is a Gröbner basis computation over a field.) On the other hand (1, 1)x2 ∈ R[x1 , x2 ] satisfies πa ((1, 1)x2 ) = (1, 1)x2 = (0, 1)x2 , and moreover, (1, 1) divides (1, 0) and is not divisible by (1, 0). Thus Theorem 10 implies that G a = {(1, 1)x2 , (1, 0)} is a strong Gröbner basis of I + aR[x1 , x2 ]. Analogously, G b = {(1, 1)x1 , (0, 1)} is a strong Gröbner basis of I + bR[x1 , x2 ]. Note that G a and G b satisfy properties 1 and 2 of Theorem 12. Now Theorem 12 implies that

{(1, 0)x1 , (0, 1)x2 , (1, 1)x1 x2 } is a strong Gröbner basis of I . Note that all Gröbner basis computations took place over a field. We end this section with a reformulation of Theorem 10 and 12 in the context of quotients of principal ideal domains. Corollary 14. Let I ⊆ (R/nR)[x] be an ideal and n = a · b a factorization of n into coprime elements a, b ∈ R. Let K, L be finite index sets. Assume that G a = ( ga,k )k∈K ⊆ (R/nR)[x] is a set of polynomials, such that πa (G a ) ⊆ (R/aR)[x] is a strong Gröbner basis of πa ( I ) ⊆ (R/aR)[x], a ∈ G a and for every g ∈ G a \ {a}, the leading coefficient lc ( g ) divides a and is not divisible by a. Assume that G b = ( gb,l )l∈L ⊆ R/nR[x] has similar properties with respect to b. For k ∈ K, l ∈ L define



f k,l =ua











lcm(lm ga,k , lm gb,l )



lm gb,l







 · lc ga,k gb,l

 lcm(lm ga,k , lm gb,l )  · lc gb,l ga,k . + vb lm ga,k Then G = { f k,l | k ∈ K, l ∈ L} is a strong Gröbner basis of I .

¯ = R/nR we have R ¯ /¯aR ¯ ∼ Proof. Follows at once from Theorems 10 and 12 since for a¯ ∈ R = R/aR. 2

JID:YJSCO

AID:1985 /FLA

[m1G; v1.261; Prn:29/10/2019; 18:04] P.8 (1-13)

C. Eder, T. Hofmann / Journal of Symbolic Computation ••• (••••) •••–•••

8

Algorithm 2 Naive strong Gröbner basis over R/nR. Input: Ideal I = f 1 mod n, . . . , f m mod n ⊂ (R/nR)[x]. Output: Strong Gröbner basis G for I e e 1: Factor n = p 11 · · · p r r , with pairwise coprime irreducible elements p i ∈ R. e e e 2: For 1 ≤ i ≤ r compute strong Gröbner bases G i of I i = f 1 mod p i i , . . . , f m mod p i i ⊆ (R/ p i i )R[x] using Algorithm 1. 3: Apply Corollary 14 recursively to obtain a strong Gröbner basis G of I .

4. Algorithmic approach for computing in quotients of principal ideal domains We now assume that R is a principal ideal domain. Additionally we now also fix a non-trivial element n ∈ R, n = 0. Using the theoretical results from Section 3 we are now able to describe improvements to the Gröbner basis computation over the base ring R/nR. The main ingredient will be Corollary 14. To use this, we need, given a divisor a ∈ R of n, a way to lift polynomials from R/aR to R/nR such that the leading coefficients divide n. Lemma 15. There exists an algorithm, that given c ∈ R determines u ∈ R such that gcd(u , n) ∈ R× and uc = gcd(c , n) mod n. Proof. This can be found in Storjohann and Mulders (1998, Section 2).

2

In case we have an algorithm for factoring elements of R into irreducible elements, this allows us to reduce the strong Gröbner basis computation to computations over smaller quotient rings. This approach is summarized in Algorithm 2. Depending on the ring R, the particular n and the factorization algorithm, Step (1) is infeasible or not. For example if R = Z, the fastest factorization algorithms are subexponential in n (see von zur Gathen and Gerhard, 2003, Chapter 19), rendering this approach futile for non-trivial example with large n. On the other hand, if R = Q[t ] or R = F p [t ] for some prime p, then factoring in R can be done in (randomized) polynomial time in the size of n (see von zur Gathen and Gerhard, 2003, Chapter 14) and thus is a good idea, at least from a theoretical point of view. We now consider the case, where we cannot or do not want to factor the modulus n. The basic idea is to run the algorithm from the field case, pretending that R/nR is a field, and to stop whenever we find a non-invertible leading coefficient. If the algorithm discovers a non-invertible element, we try to split the modulus and the computation of the strong Gröbner basis. The splitting is based on the following consequence of so-called factor refinement.

/ R× ∪ nR, that is, 0 = a¯ ∈ / Proposition 16. There exists an algorithm that given a ∈ R with gcd(a, n) ∈

(R/nR)× , either

1. finds m ∈ R, k ∈ Z>1 with n = mk and m = gcd(a, m), or 2. finds coprime elements p , q ∈ R \ R× with n = p · q. Proof. Using an algorithm for factor refinement, for example the algorithm of Bach–Driscoll–Shallit (see Bach et al., 1993), we can find a set S ⊆ R \ R× of coprime elements such that a and n factor uniquely into elements of S and for all s ∈ S we have gcd(a, s) or gcd(n, s) not in R× . Now pick m ∈ S with m | n. We can write n = mk · u with k ∈ Z>0 and u ∈ R coprime to m. If u is not a unit we are in case (2). Assume now that u is a unit. As n factors over S we must have u = 1 and m = nk . We can also write a = ml · v with l ∈ Z≥0 and v ∈ R coprime to m. As gcd(a, m) is non-trivial, we must have l > 0 and therefore m = gcd(a, m). 2 Incorporating this into the strong Gröbner basis computation we obtain Algorithm 3. Note that we use a slight modification of Algorithm 1, which stops whenever a non-invertible leading coefficient of a polynomial is encountered. In this case, we return this non-invertible element. Theorem 17. Algorithm 3 terminates and is correct.

JID:YJSCO

AID:1985 /FLA

[m1G; v1.261; Prn:29/10/2019; 18:04] P.9 (1-13)

C. Eder, T. Hofmann / Journal of Symbolic Computation ••• (••••) •••–•••

9

Algorithm 3 Strong Gröbner basis over R/nR. Input: Ideal I = f 1 mod n, . . . , f m mod n ⊂ R/nR[x], monomial order <. Output: Strong Gröbner basis G for I w.r.t. < 1: Apply Algorithm 1 to I and stop whenever there is a non-invertible leading coefficient a ∈ R/nR and return a. 2: if Step 1 returned G ⊆ (R/nR)[x] then 3: Return G. 4: else 5: Step 1 returned a ∈ R with gcd(a, n) ∈ / R× ∪ nR. 6: Apply Proposition 16 to the pair (a, n) 7: if Step 6 returned n = p · q with coprime p , q then 8: Set I p = f 1 mod p , . . . , f m mod p ⊆ (R/ p R)[x]. 9: Set I q = f 1 mod q, . . . , f m mod q ⊆ (R/qR)[x]. 10: Apply Algorithm 3 to obtain strong Gröbner bases G p and G q of I p and I q respectively. 11: Use Corollary 14 to obtain a strong Gröbner basis G of I and return G. 12: else 13: Apply Algorithm 1 to I and return the resulting strong Gröbner basis of I .

Proof. Termination follows since in the recursion, the number of irreducible factors of n is strictly decreasing. Correctness follows from Corollary 14. 2 Remark 18. The usefulness of the splitting depends very much on the factorization of n. For example, if n = p e is the power of an irreducible element p, then Algorithm 3 is the same as Algorithm 1. The most favorable input for Algorithm 3 are rings R/nR with n squarefree, that is, n = p 1 . . . p r is the product of pairwise coprime irreducible elements (including the case, where n = p 1 is itself irreducible). In this case, every non-invertible element allows us to split the modulus into coprime elements. Thus all Gröbner basis computations can be done as in the field case. Remark 19. If p is an irreducible element of R and e ∈ Z≥0 , then the quotient ring R/ p e is a finitechain ring, that is, a ring whose ideals form a finite chain. For such rings, (strong) Gröbner bases can be computed efficiently using an adaption of Buchberger’s algorithm, see Norton and S˘al˘agean (2001); Hashemi and Alvandi (2013). 5. Experimental results In the following we present experimental results comparing our new approach to the current implementations in the computer algebra systems Singular (Decker et al., 2019) and Magma (Bosma et al., 1997). All computations were done on an Intel® Xeon® CPU E5-2643 v3 @ 3.40 GHz with 384 GB RAM. Computations that took more than 24 hours were terminated by hand. Our new algorithm is implemented in the Julia package GB.jl (Eder and Hofmann, 2019) which is part of the OSCAR project of the SFB TRR-195. The package GB.jl is based on the C library GB (Eder, 2019) which implements Faugère’s F4 algorithm (Faugère, 1999) for computing Gröbner bases over finite fields. The implementation of Algorithm 3 uses GB and Singular as follows: We give two versions of our new algorithm: All the computations over a ring R/nR for which we want to execute the algorithm from the field case are either delegated to GB (using the F4 Algorithm) or to Singular (using Singular’s Buchberger implementation). In case we find n ∈ R such that n is not prime but we cannot find a factorization of n into coprime elements (Proposition 16 (1)), we delegate the corresponding strong Gröbner basis computation to Singular. In this way we can present the optimizations of our new attempt in two ways: Comparing Singular to our new algorithm only using Singular’s Gröbner basis algorithms we can see how our new approach improves running time while using still the same Gröbner basis algorithm just in better settings. On the other hand, using then F4 from GB instead of Buchberger’s algorithm from Singular in the field case, we can show how the approach of the OSCAR system helps to combine different software packages using Julia. All the lifting and recombination steps are done in Julia (see Fieker et al., 2017). Note that in practice we always compute minimal strong Gröbner bases and make sure that minimality is preserved during the recombination using Corollary 14. This makes sure that for all intermediate Gröbner bases that we compute the size is bounded by the size of a minimal strong Gröbner basis of the input.

JID:YJSCO

AID:1985 /FLA

[m1G; v1.261; Prn:29/10/2019; 18:04] P.10 (1-13)

C. Eder, T. Hofmann / Journal of Symbolic Computation ••• (••••) •••–•••

10

Table 1 Benchmark timings given in seconds, computations in Zn with n = 2 · 3 · 5 · 7 · 11 · 13 · 17 · 19 · 23. Examples

New algorithm with F4

New algorithm with Singular

Singular

Magma

Cyclic-6 Cyclic-7 Cyclic-8 Katsura-8 Katsura-9 Katsura-10 Eco-10 Eco-11 F-744 F-855 Noon-7 Noon-8 Reimer-5 Reimer-6 Lichtblau Mayr-42 * Yang-1 * Jason-210

0.233 1.933 15.140 0.448 1.827 8.257 1.128 8.950 0.544 1.774 1.414 16.447 0.145 1.319 0.043 31.342 53.189 49.164

0.561 9.698 248.215 1.107 4.920 68.079 11.200 191.696 1.174 7.026 2.278 26.763 0.456 88.337 0.053 96.880 45.591 43.038

4.453 1,689.805 > 24 h 89.154 1,592.969 21,316.400 67.440 738.252 61.754 1,685.831 47.787 2,809.623 6.899 869.740 2.904 332.307 210.097 178.348

1.170 303.579 8,304.070 12.980 133.452 2,546.010 110.530 2,799.549 24.810 > 24 h 388.050 > 24 h 4.030 1,282.950 1.630 199.360 115.130 > 24 h

We use a set of different benchmark systems focusing on pair handling, the reduction process, finding of reducers, respectively. We have computed strong Gröbner bases for these systems over Zn using three different settings for n: 1. For n = 2 · 3 · 5 · 7 · 11 · 13 · 17 · 19 · 23 (Table 1) we get a factorization down to the finite prime fields. Thus in all these examples our new implementation can use the F4 algorithm implemented in GB as base case. With “*” we highlight examples for which there was no non-invertible element discovered, that is, the computation from the field case runs through without any splitting of n to be considered. For the Yang-1 and the Jason-210 examples Singular’s Buchberger is slightly faster than GB’s F4. For all other examples using F4 is beneficial. 2. For n = 32771 · 32779 (Table 2) we can see that our approach of applying Lemma 8 is very promising: In none of the examples tested we found non-invertible elements, thus we compute the basis as if we are working over a finite field, receiving a correct strong Gröbner basis over Zn . Note that the timings for the new algorithm using Singular for the Gröbner basis computation on the Reimer-6 example behaves strange: Singular’s implementation of Buchberger’s algorithm is faster when working over principal ideal rings (third column) than when assuming to work directly over a field (second column). Again we can see for Yang-1 and Jason-210 a slightly shorter running time using our new algorithm with Singular’s Buchberger algorithm instead of GB’s F4, whereas in all other examples the variant using F4 wins. 3. For n = 33 · 53 · 73 · 113 (Table 3) we, in general, have to use Singular’s strong Gröbner basis algorithm for computing in Z pk , thus we give for each example only one timing for our new algorithm. The exceptions are again the Mayr-42 and the Yang-1 examples where no non-invertible element is discovered at all. We can see that our approach is most often by a factor of at least 3 faster than directly applying Singular’s implementation over Zn . Again, we highlight with “*” examples for which there was no non-invertible element discovered. Talking about memory consumption we can see a huge benefit using our new algorithm: In general, the algorithm works in Zn for smaller n, thus coefficients are smaller. Moreover, if we can factor down to the field case the memory consumption of the underlying Gröbner basis algorithms is way smaller since no GCD-polynomials and annihilator polynomials need to be handled, checked and possibly reduced. Even so our new algorithm computes several bases instead of only one, memory consumption is in general by a large factor lower. We give typical comparisons between our new

JID:YJSCO

AID:1985 /FLA

[m1G; v1.261; Prn:29/10/2019; 18:04] P.11 (1-13)

C. Eder, T. Hofmann / Journal of Symbolic Computation ••• (••••) •••–•••

11

Table 2 Benchmark timings given in seconds, computations in Zn with n = 32771 · 32779. Examples

New algorithm with F4

New algorithm with Singular

Singular

Magma

Cyclic-6 Cyclic-7 Cyclic-8 Katsura-8 Katsura-9 Katsura-10 Eco-10 Eco-11 F-744 F-855 Noon-7 Noon-8 Reimer-5 Reimer-6 Lichtblau Mayr-42 Yang-1 Jason-210

0.004 0.179 2.481 0.018 0.098 0.613 0.153 0.909 0.016 0.079 0.171 1.234 0.006 0.066 0.002 32.168 53.562 2.781

0.016 1.617 44.862 0.145 1.117 9.634 3.099 76.019 0.105 0.879 0.355 3.239 0.062 11.764 0.004 96.149 45.488 1.764

0.237 53.924 5,970.100 1.252 11.066 113.251 15.824 201.770 2.182 11.939 3.993 78.320 0.136 3.036 0.004 309.142 193.240 12.576

0.070 3.130 257.180 0.330 2.390 18.960 2.970 22.360 0.250 1.710 1.140 8.920 0.130 2.320 0.010 333.880 196.930 62.040

Table 3 Benchmark timings given in seconds, computations in Zn with n = 33 · 53 · 73 · 113 . Examples

New algorithm

Singular

Magma

Cyclic-6 Cyclic-7 Cyclic-8 Katsura-8 Katsura-9 Katsura-10 Eco-10 Eco-11 F-744 F-855 Noon-7 Noon-8 Reimer-5 Reimer-6 Lichtblau Mayr-42 * Yang-1 * Jason-210

2.228 667.388 72,384.055 26.147 432.818 1,187.817 26.468 737.835 146.348 3,432.222 1,125.187 77,824.211 1.477 88.375 0.104 32.6011 45.4652 110.769

5.374 1,638.422 > 24 h 59.659 883.497 11,002.259 66.515 1,058.806 343.612 21,941.538 13,291.706 > 24 h 8.061 927.624 5.079 362.176 220.546 122.727

0.720 1,209.289 9,471.340 40.050 599.736 8, 528.819 574.949 > 24 h 28, 996.159 > 24 h > 24 h > 24 h 27.660 14,069.210 4.060 327.420 204.740 > 24 h

1 Using GB’s F4 algorithm for the direct Gröbner basis computation without discovering a non-invertible element. 2 Using Singular’s Buchberger algorithm for the direct Gröbner basis computation without discovering a non-invertible element.

algorithm using Singular for the Gröbner basis computations and Singular for each setting of n above: 1. For n = 2 · 3 · 5 · 7 · 11 · 13 · 17 · 19 · 23 we can see a big reduction in memory consumption since we are applying several Gröbner basis computations, but those are all done over a finite field, so the Buchberger algorithm becomes way easier. For example, F-855 needs roughly 300 MB with the new algorithm computing 9 Gröbner bases over finite fields, whereas a direct computation over Zn with Singular consumes more than 116 GB.

JID:YJSCO

AID:1985 /FLA

[m1G; v1.261; Prn:29/10/2019; 18:04] P.12 (1-13)

C. Eder, T. Hofmann / Journal of Symbolic Computation ••• (••••) •••–•••

12

2. For n = 32771 · 32779 the reduction in memory consumption is in general the most: Our approach just computes the bases as working over a finite field using Lemma 8. So the Buchberger algorithm becomes way easier. For example, computing Cyclic-7 we need 2.5 MB whereas Singular consumes more than 7.4 GB. 3. For n = 33 · 53 · 73 · 113 we looked at Eco-10: Even so the speed up of our new approach is not that big, it consumes with 2.9 GB less than half of Singular which needs more than 6.2 GB 6. Conclusion We have presented a new approach for computing strong Gröbner bases over principal ideal rings

R which exploits the factorization of composite moduli n to recursively compute strong Gröbner bases in smaller rings and lifting the results back to R. In many situations the base cases of this recursive step boil down to computations over finite fields which are much faster than those over principal ideal rings. One further optimization of our new approach might be the following: Once we have several factors of n found, we can run the different, independent Gröbner basis computations in parallel. This is one of our next steps. Another one is to implement an optimized version of Faugère’s F4 algorithm for R/ pk R in GB. Declaration of competing interest The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper. References Adams, W.W., Loustaunau, P., 1994. An Introduction to Gröbner Bases. Graduate Studies in Mathematics. AMS. Arnold, E.A., 2003. Modular algorithms for computing Gröbner bases. J. Symb. Comput. 35 (4), 403–419. https://doi.org/10.1016/ S0747-7171(02)00140-2. Bach, E., Driscoll, J., Shallit, J., 1993. Factor refinement. J. Algorithms 15 (2), 199–222. https://doi.org/10.1006/jagm.1993.1038. Bosma, W., Cannon, J., Playoust, C., 1997. The Magma algebra system. I. The user language. J. Symb. Comput. 24 (3–4), 235–265. Buchberger, B., 1965. Ein Algorithmus zum Auffinden der Basiselemente des Restklassenringes nach einem nulldimensionalen Polynomideal. Ph.D. thesis. University of Innsbruck. Buchberger, B., 1985. Gröbner-Bases: An Algorithmic Method in Polynomial Ideal Theory. Reidel Publishing Company, Dordrecht - Boston - Lancaster. Buchberger, B., 2006. An algorithm for finding the basis elements of the residue class ring of zero dimensional polynomial ideal. J. Symb. Comput. 41 (3–4), 475–511. Decker, W., Greuel, G.-M., Pfister, G., Schönemann, H., 2019. Singular 4-1-2 — a computer algebra system for polynomial computations. http://www.singular.uni-kl.de. Eder, C., 2019. gb. https://github.com/ederc/gb. Eder, C., Hofmann, T., 2019. gb. https://github.com/ederc/GB.jl. Eder, C., Pfister, G., Popescu, A., 2017. On signature-based Gröbner bases over Euclidean rings. In: ISSAC 2017: Proceedings of the 2011 International Symposium on Symbolic and Algebraic Computation, pp. 141–148. Eder, C., Pfister, G., Popescu, A., 2018. Standard bases over Euclidean domains. https://arxiv.org/abs/1811.05736. Faugère, J.-C., 1999. A new efficient algorithm for computing Gröbner bases (F4). J. Pure Appl. Algebra 139 (1–3), 61–88. http:// www-salsa.lip6.fr/~jcf/Papers/F99a.pdf. Fieker, C., Hart, W., Hofmann, T., Johansson, F., 2017. Nemo/Hecke: computer algebra and number theory packages for the Julia programming language. In: ISSAC’17—Proceedings of the 2017 ACM International Symposium on Symbolic and Algebraic Computation. ACM, New York, pp. 157–164. Fieker, C., Hofmann, T., 2014. Computing in quotients of rings of integers. LMS J. Comput. Math. 17 (suppl. A), 349–365. https:// doi.org/10.1112/S1461157014000291. Francis, M., Verron, T., 2019. Signature-based Möller’s algorithm for strong Gröbner bases over PIDs. CoRR. arXiv:1901.09586. von zur Gathen, J., Gerhard, J., 2003. Modern Computer Algebra, 2nd edition. Cambridge University Press, Cambridge, England. Grauert, H., 1972. Über die Deformation isolierter Singularitäten analytischer Mengen. Invent. Math. 15 (3), 171–198. Hashemi, A., Alvandi, P., 2013. Applying Buchberger’s criteria for computing Gröbner bases over finite-chain rings. J. Algebra Appl. 12 (7), 1350034. https://doi.org/10.1142/S0219498813500345. Hironaka, H., 1964a. Resolution of singularities of an algebraic variety over a field of characteristic zero: I. Ann. Math. 79 (1), 109–203. Hironaka, H., 1964b. Resolution of singularities of an algebraic variety over a field of characteristic zero: II. Ann. Math. 79 (2), 205–326.

JID:YJSCO

AID:1985 /FLA

[m1G; v1.261; Prn:29/10/2019; 18:04] P.13 (1-13)

C. Eder, T. Hofmann / Journal of Symbolic Computation ••• (••••) •••–•••

13

Kandri-Rody, A., Kapur, D., 1984. Algorithms for computing Gröbner bases of polynomial ideals over various Euclidean rings. In: Fitch, J. (Ed.), EUROSAM 84. Springer, Berlin, Heidelberg, pp. 195–206. Kandri-Rody, A., Kapur, D., 1988. Computing a Gröbner basis of a polynomial ideal over a Euclidean domain. J. Symb. Comput. 6 (1), 37–57. http://www.sciencedirect.com/science/article/pii/S0747717188800208. Kapur, D., Cai, Y., 2009. An algorithm for computing a Gröbner basis of a polynomial ideal over a ring with zero divisors. Math. Comput. Sci. 2, 601–634. Lichtblau, D., 2012. Effective computation of strong Gröbner bases over Euclidean domains. Ill. J. Math. 56 (1), 177–194. http:// projecteuclid.org/euclid.ijm/1380287466. Möller, H.M., 1988. On the construction of Gröbner bases using syzygies. J. Symb. Comput. 6 (2), 345–359. http://www. sciencedirect.com/science/article/pii/S074771718880052X. Norton, G.H., S˘al˘agean, A., 2001. Strong Gröbner bases and cyclic codes over a finite-chain ring. In: International Workshop on Coding and Cryptography. Paris, 2001. In: Electron. Notes Discrete Math., vol. 6. Elsevier Sci. B. V., Amsterdam, p. 11. Norton, G.H., Sˇalˇagean, A., 2001. Strong Gröbner bases for polynomials over a principal ideal ring. Bull. Aust. Math. Soc. 64 (3), 505–528. Pauer, F., 1992. On lucky ideals for Gröbner basis computations. J. Symb. Comput. 14 (5), 471–482. https://doi.org/10.1016/07477171(92)90018-Y. Pauer, F., 2007. Gröbner bases with coefficients in rings. J. Symb. Comput. 42 (11), 1003–1011. http://www.sciencedirect.com/ science/article/pii/S0747717107001022. Pauer, F., Pfeifhofer, M., 1988. The theory of Gröbner bases. Enseign. Math. (2) 34 (3–4), 215–232. Popescu, A., 2016. Signature Standard Bases over Principal Ideal Rings. Ph.D. thesis. Technische Universität Kaiserslautern. http:// nbn-resolving.de/urn:nbn:de:hbz:386-kluedo-44575. Storjohann, A., Mulders, T., 1998. Fast algorithms for linear algebra modulo N. In: Algorithms—ESA ’98. Venice. In: Lecture Notes in Comput. Sci., vol. 1461. Springer, Berlin, pp. 139–150. Trinks, W., 1978. Über B. Buchbergers Verfahren, Systeme algebraischer Gleichungen zu lösen. J. Number Theory 10 (4), 475–488. https://doi.org/10.1016/0022-314X(78)90019-7. Wienand, O., 2011. Algorithms for Symbolic Computation and Their Applications - Standard Bases over Rings and Rank Tests in Statistics. Ph.D. thesis. Technische Universität Kaiserslautern.