Mache
Math.
Ann.
261,
515—534
(1982)
Ariiwen
©
Springer-Verlag
1982
Factoring
Polynomials
with
Rational
Coefficients
A.
K.
Lenstra
1
,
H.
W.
Lenstra,
Jr.
2
,
and
L.
Lovâsz
3
1
Mathematiseb
Centrum,
Kruislaan
413,
NL-1098
SJ
Amsterdam,
The
Netherlands
2
Mathematisch
Instituut,
Universiteit
van
Amsterdam,
Roetersstraat
15,
NL-1018
WB
Amsterdam,
The
Netherlands
3
Bolyai
Institute,
A.
József
University.
Aradi
vértan6k
tere
1,
H-6720
Szeged,
Hungary
In
this
paper
we
present
a
polynomial-time
algorithm
to
solve
the
following
problem:
given
a
non-zero
polynomial
fe
Q[X]
in
one
variable
with
rational
coefficients,
find
the
decomposition
of
f
into
irreducible
factors
in
Q[X].
It
is
well
known
that
this
is
equivalent
to
factoring
primitive
polynomials
fe
[X]
into
irreducible
factors
in
7L[X].
Here
we
call
fe7L[X]
primitive
if
the
greatest
common
divisor
of
its
coefficients
(the
content
of
f)
is
1.
Our
algorithm
performs
well
in
practice,
cf.
[8].
Its
running
time,
measured
in
bit
operations,
is
O(n
12
+n
9
(logfI)
3
).
Here
fE[X]
is
the
polynomial
to
be
factored,
n
=
deg(f)
is
the
degree
of
J
and
ZaiXi
=
for
a
polynomial
Za
1
X
1
with
real
coefficients
a
1
.
An
outline
of
the
algorithm
is
as
follows.
First
we
find,
for
a
suitable
small
prime
number
p,
a
p-adic
irreducible
factor
h
of
J
to
a
certain
precision.
This
is
done
with
Berlekamp’s
algorithm
for
factoring
polynomials
over
small
finite
fields,
combined
with
Hensel’s
lemma.
Next
we
look
for
the
irreducible
factor
h0
of
f
in
ZL[X]
that
is
divisible
by
h.
The
condition
that
h0
is
divisible
by
h
means
that
h0
belongs
to
a
certain
lattice,
and
the
condition
that
h0
divides
f
implies
that
the
coefficients
of
h0
are
relatively
small.
It
follows
that
we
must
look
for
a
“small”
element
in
that
lattice,
and
this
is
done
by
means
of
a
basis
reduction
algorithm.
It
turns
out
that
this
enables
us
to
determine
h0
.
The
algorithm
is
repeated
until
all
irreducible
factors
of
f
have
been
found.
The
basis
reduction
algorithm
that
we
employ
is
new,
and
it
is
described
and
analysed
in
Sect.
1.
It
improves
the
algorithm
given
in
a
preliminary
version
of
[9,
Sect.
3].
At
the
end
of
Sect.
1
we
briefly
mention
two
applications
of
the
new
algorithm
to
diophantine
approximation.
The
connection
between
factors
off
and
reduced
bases
of
a
lattice
is
treated
in
detail
in
Sect.
2.
The
theory
presented
here
extends
a
result
appearing
in
[8,
Theorem
2].
It
should
be
remarked
that
the
latter
result,
which
is
simpler
to
prove,
would
in
principle
have
sufficed
for
our
purpose.
0025-5831/82/0261/051
5/$04.0O
516
A.
K.
Lenstra
et
al.
Polynomials
with
Rational
Coefficients
517
Section
3,
finally,
contains
the
description
and
the
analysis
of
our
algorithm
for
where
I
denotes
the
ordinary
Euclidean
length.
Notice
that
the
vectors
b
factoring
polynomials.
+p
1_1
b’_
1
and
b_
1
appearing
in
(1.5)
are
the
projections
of
b1
and
b_
1
on
the
It
may
be
expected
that
other
irreducibility
tests
and
factoring
methods
that
‘
2
depend
on
diophantine
approximation
(Cantor
[3],
Ferguson
and
Forcade
[5]
orthogonal
complement
of
Z
IRb.
The
constant
in
(1.5)
is
arbitrarily
chosen,
Brentjes
[2,
Sect.
4A],
and
Zassenhaus
[16])
can also
be
made
into
polynomial-
and
may
be
replaced
by
any
fixed
real
number
y
with
<y<
1.
time
algorithms
with
the
help
of
the basis
reduction
algorithm
presented
in
Sect.
1.
Splitting
an
arbitrary
non-zero
polynomial
fclZ[X]
into
its
content
and
its
(16)
Proposition.
Let
b1
,b
2
,
...,b
be
a
reduced
basis
for
a
lattice
L
in
lR,
and
let
b*
b*
primitive
part,
we
deduce
from
our
main
result
that
the
problem
of
factoring
such
a
1’
2’
.,
b
be
defined
as
above.
Then
we
have
polynomial
is
polynomial-time
reducible
to
the
problem
of
factoring
positive
(1.7)
bj
2
<
2
i
1
Ib
2
for
1
j
in,
integers.
The
same
fact was
proved
by
Adleman
and
Odlyzko
[1]
under
the
n
assumption
of
several
deep
and
unproved
hypotheses
from
number
theory.
(1.8)
d(L)
fl
b1
2”°’
‘
4
•d(L),
The
generalization
of
our
result
to
algebraic
number
fields
and
to
polynomials
in
several
variables
is
the
subject
of
future
publications.
(1.9)
b1
I2
t
‘‘
4
.d(L)”
Remark.
If
in
(1.5)
is
replaced
by
y,
with
<y<
1,
then
the
powers
of
2
appearing
in
(1.7),
(1.8)
and
(1.9)
must
be
replaced
by
the
same
powers
of
4
/(
4
y—
1).
1.
Reduced
Bases
for
Lattices
Remark.
From
(1.8)
we
see
that
a
reduced
basis
is
also
reduced
in
the
sense
of
[9,
Let
n
be
a
positive
integer.
A
subset
L
of
the
n-dimensional
real
vector
space
IR
is
(7)]
called
a
lattice
if
there
exists
a
basis
b1
,
b.,,
..
.,
b,
1
of
lR
such
that
Proof
of
(1.6).
From
(1.5)
and
(1.4)
we
see
that
ii
I
fl
L=
b1
rjb:rjv(1in)}.
i=1
In
this
situation
we
say
that
b1
,
b2
,
...,
b
form
a
basis
for
L,
or
that
they
span
L.
We
for
1
<i
n,
so
by
induction
call
n
the
rank
of
L.
The
determinant
d(L)
of
L
is
defined
by
b7I
2
2’i.Ib
2
for
1jin.
(1.1)
d(L)=Idet(b
1
,b
2
,...,b)I,
From
(1.2)
and
(1.4)
we
now
obtain
i—i
the
b
being
written
as
column
vectors.
This
is
a
positive
real
number
that
does
not
b112
IbI
2
+
depend
on
the
choice
of
the basis
[4,
Sect.
1.2].
i
I
i—I
Let
b1
,b
2
,
...,beIR’
be
linearly
independent.
We
recall
the
Gram-Schmidt
IbI
2
+
2IbI
2
orthogonalization
process.
The
vectors
b
(1
in)
and
the
real
numbers
p(l
j
—
j=
1
<in)
are
inductively
defined
by
=(1+(2i_2)).Ib*I
2
i—i
I
(1.2)
b=b
1
—
I
21
.Ib
2
.
j1
It
follows
that
(1.3)
jç=(b
1
,
b)/(b7,
br),
IbI
22
.
b7I
22
‘.
where
(,)
denotes
the
ordinary
inner
product
on
1W.
Notice
that
b’
is
the
j1
for
1
jin.
This
proves
(1.7).
projection
of
b
on
the
orthogonal
complement
of
1Rb,
and
that
IRb
From
(1.1),
(1.2)
it
follows
that
j=1
j1
i—i
d(L)
=
det(b’,
b,
..
.,
=
Z
lRb’,
for
1
i
n.
It
follows
that
b*
b*
,
b
is
an
orthogonal
basis
of
1W.
1’
2’”
j
1
and
therefore,
since
the
b
are
pairwise
orthogonal
In this
paper,
we
call
a
basis
b1
,h
7
,
...,b
for
a
lattice
L
reduced
if
n
(1.4)
(pHI
1/2
for
1
j
<
i
n
d(L)
JJ
b.
i
1
and
From
bI
b
and
bI
2
-
l)2•
Ib’!
we
now
obtain
(1.8).
Putting]
=
1
in
(1.7)
and
(1.5)
b
+
1
b_
I2
>
31
h*
2
for
1
taking
the
product
over
i=
1,2
n
we
find
(1.9).
This
proves
(1.6).
i—il
rflflra_.
-.-.
-
—
518
A.
K.
Lenstra
et
al
Polynomials
with
Rational
Coefficients
519
Remark.
Notice
that
the
proof
of
the
inequality
(1.10)
n
d(L)
fljbI
did
not
require
the
basis
to
be
reduced.
This
is
Hadamard’s
inequality.
(1.11)
Proposition.
Let
LClR
be
a
lattice
with
reduced
basis
b1
,b
2
,
...,b.
Then
for
every
xnL,
x1O.
Ib
1
I
2
2’IxI
2
Proof
Write
x
r
1
b=
ii
rb’
with
r
1
e71,
rlR
(1
in).
If
i
is
the
largest
index
with
r+O
then
r=r,
so
1x12
r2
.
IbV
IbV
By
(1.7),
we
have
Ib
1
I221_1.IbI
22
‘IbI
2
.
This
proves
(1.11).
(1.12)
Proposition.
Let
LClR
be
a
lattice
with
reduced
basis
b1
,b
2
,
...,b.
Let
x1
,
.,
xe
L
be
linearly
independent.
Then
we
have
for
j=1,2,...,t.
bl22n_1.max{lxil
2
,ix
2
li
Proof
Write
x
rb
1
with
re
71
(1
I
n)
for
1
j
t.
For
fixed
j,
let
1(j)
denote
the
largest
i
for
which
r
1
+O.
Then
we
have,
by
the
proof
of
(1.11)
(1.13)
IxI
2
>1b*
2
I
i(j)I
for
1
j
t.
Renumber
the
x
such
that
1(1)
1(2)
...
i(t).
We
claim
that
j
1(j)
for
1jt.
If
not,
then
x1
,x
2
,
...,xwould
all
belong
to
lRb
1
+Rb
2
+
...
+1Rb_
1
,
a
contradiction
with
the
linear
independence
of
x1
,
x2
x.
From
j
i(j)
and
(1.7)
we
obtain,
using
(1.13):
lbl
2
<
2
i(Jl—
1
.ib*
2
t
.
b
2
•Ixt
2
1(f)
1(f)
for
j=
1,2,
...,
t.
This
proves
(1.12).
Remark.
Let
)
denote
the
successive
minima
of
2
on
L,
see
[4,
Chap.
VIII],
and
let
b1
,b
2
,
...,b
be
a
reduced
basis
for
L.
Then
(1.7)
and
(1.12)
easily
imply
that
2’
1
lb
1
l
2
2’).
1
for
1in,
so
1b
112
is
a
reasonable
approximation
of
;
1
.
(1.14)
Remark.
Notice
that
the
number
2’
may
in
(1.11)
be
replaced
by
max{lb
1
I
2
/Ibt
2
:
1in}
and
in
(1.12)
by
max{IbI
2
/IbI
2
:
1jin}.
(1.15)
We
shall
now
describe
an
algorithm
that
transforms
a
given
basis
b1
,
b2
,
...,
b
for
a
lattice
L
into
a
reduced
one.
The
algorithm
improves
the
algorithm
given
in
a
preliminary
version
of
[9,
Sect.
3].
Our
description
incorporates
an
additional
improvement
due
to
J.
J.
M.
Cuppen,
reducing
our
running
time
estimates
by
a
factor
n.
To
initialize
the
algorithm
we
compute
b’
(1
in)
and
‘i
(1
j<in)
using
(1.2)
and
(1.3).
In
the
course
of
the
algorithm
the
vectors
b1
,b
2
b
will
be
changed
several
times,
but
always
in
such
a
way
that
they
form
a
basis
for
L.
After
every
change
of
the
b.
we
shall
update
the
b
and
in
such
a
way
that
(1.2)
and
(1.3)
remain
valid.
At
each
step
of
the
algorithm
we
shall
have
a
current
subscript
ke{1,2,...,n+1}.
We
begin
with
k=2.
We
shall
now
iterate
a
sequence
of
steps
that
starts
from,
and
returns
to,
a
situation
in
which
the
following
conditions
are
satisfied:
(1.16)
(1.17)
iiI•-
for
1j<i<k,
2
for
1<i<k
—1
These
conditions
are
trivially
satisfied
if
k
=
2.
In
the
above
situation
one
proceeds
as
follows.
If
k
n
+
1
then
the
basis
is
reduced,
and
the
algorithm
terminates.
Suppose
now
that
kn.
Then
we
first
achieve
that
(1.18)
1<
if
k>1
I
Ik
k
—
11
=
2
If
this
does
not
hold,
let
r
be
the
integer
nearest
to
kk—i’
and
replace
bk
by
bk
—
rbk
The
numbers
ukJ
with
j
<
k
—
1
are
then
replaced
by
kf
—
riLk
-
,
and
k—i
by
yk
k—i
—
r.
The
other
and
all
b
are
unchanged.
After
this
change
(1.18)
holds.
Next
we
distinguish
two
cases.
Case
1.
Suppose
that
k2
and
(1.19)
Ib+y
b*
I
2
<b*
‘2
kk—i
k—il
k—il
Then
we
interchange
bk_i
and
bk,
and
we
leave
the
other
b1
unchanged.
The
vectors
b’_
1
and
b
and
the
numbers
Iukk_
1’
ILk_If,
11
kj’
Iik—
1’
Iik’
for
j<k—
1
and
for
1>
k,
have
now
to
be
replaced.
This
is
done
by
formulae
that
we
give
below.
The
most
important
one
of
these
changes
is
that
b’_
1
is
replaced
by
b’
+
/
1k
k—
1
b,_
;
so
the
new
value
of
b_
i12
is
less
than
times
the
old
one.
These
changes
being
made,
we
replace
k
by
k—i.
Then
we
are
in
the
situation
described
by
(1.16)
and
(1.17),
and
we
proceed
with
the
algorithm
from
there.
Case
2.
Suppose
that
k
=
1
or
(1.20)
In
this
case
we
first
achieve
that
(1.21)
b+u
b*
12
>
3
Ib*
2
kk—i
k—Il
=41
k—il
IPkjI2
for
1jk—1
[For
j=k—
1
this
is
already
true,
by
(1.18).]
If
(1.21)
does
not
hold,
let
I
be
the
largest
index
<k
with
klJ
>-,
let
r
be
the
integer
nearest
to
11
k1’
and
replace
bk
by
520
A.
K.
Lenstra
et
al
Polynomials
with
Rational
Coefficients
521
bk
—
rb
1
.
The
numbers
with
j
<1
are
then
replaced
by
Pkj
—
ri
1
,
and
11k1
by
11
kI
—
r;
the
other
and
all
b’
are
unchanged.
This
is
repeated
until
(1.21)
holds.
Next
we
replace
k
by
k+
1.
Then
we
are
in
the
situation
described
by
(1.16)
and
(1.17),
and
we
proceed
with
the
algorithm
from
there.
Notice
that
in
the
case
k
1
we
have
done
no
more
than
replacing
k
by
2.
This
finishes
the
description
of
the
algorithm.
Below
we
shall
prove
that
the
algorithm
terminates.
(1.22)
For
the
sake
of
completeness
we
now
give
the
formulae
that
are
needed
in
case
1.
Let
b1
,
b2
b
be
the
current
basis
and
br’,
as
in
(1.2)
and
(1.3).
Let
k
be
the
current
subscript
for
which
(1.16),
(1.17),
(1.18),
and
(1.19)
hold.
By
c,
c”,
and
v1
we
denote
the
vectors
and
numbers
that
will
replace
b1
,
br’,
and
jib,
respectively.
The
new
basis
c
1
,c
2
,
...,c
is
given
by
ck_i=bk,
ck=bk_1,
c=b
for
izl=k_1,k.
Since
c
is
the
projection
of
bk
on
the
orthogonal
complement
of
we
have,
as
announced:
,.*
b*
Uk_i
k
+/.1kk_i
k—i
[cf.
the
remark
after
(1.5)].
To
obtain
c’
we
must
project
b’_
1
on
the
orthogonal
complement
of
lRc’_
.
That
leads
to
Finally,
we
have
_(l.*
*
/(*
*
k—i
Wk
1
C_
l)/Ck_
1’
Ck_
1
iI..*
2’
*
i2
_/ikk_1Itk_11
/iCk_il
*_b*
Ck—
k—i
Vkk_lCk_1.
t’k_l
jI
1
kj’
Vkj)Ik_i
j
for
1j<k—1,
and
{i,j}r{k—1,
k}=’ø.
We
remark
that
after
the
initialization
stage
of
the
algorithm
it
is
not
necessary
to
keep
track
of
the
vectors
br’.
It
suffices
to
keep
track
of
the
numbers
b2
,
in
addition
to
and
the
vectors
b,.
Notice
that
Ic
2
Ib_
I2.
IbI
2
/Ic_
I2
in
the
above,
and
that
the
left
hand
side
of
(1.19),
(1.20)
equals
b2+IIk_ljb_lI
2
.
The
entire
algorithm
is
represented
in
Fig.
1,
in
which
B
1
=jb’I
2
.
b’:=b,;
for
j=i,2
i—i;
for
i=1,2
n;
b’:=b—p,b
j
B,:
=(b’,
b)
k:=2;
(1)
perform
(*)
for
l=k—
1;
if
Bk<(—p_
1
)B_
1
,
goto(2);
perform
(*)
for
1=
k—
2,
k—
3
1;
if
k
=
n,
terminate;
k:=k+1;
go
to
(1)
(2)
p:=,kk_l;B:=Bk+p
2
Bk_L;pkk_,:=pBk_L/B;
Bk:=Bk.
1
B,/B;
Bk.,
:=B;
(bk..l’(
bk
\
b
Jbkl
(Pk_tJ).(
Pkj
)
for
j=1,2.
k—2;
Pkf
Pk—lj
(ik_L._(l
Pkk_1(O
1
(P_t
for
i=k+i,k+2
n;
P
I
0
1
Ri
—pR
p
15
/
if
k>2,
then
k:=k—i;
go
to
(1).
r:==integer
nearest
to
11
k1;
b5
:=b
5
—rb,;
=Ps—
rjA
1
for
j=
1,2
i—i;
PkI
:
Pkl
—
r.
Fig.
1.
The
reduction
algorithm
(1.23)
To
prove
that
the
algorithm
terminates
we
introduce
the
quantities
(1.24)
d
det((b,
b1
))
1
<
for
0
I
n.
It
is
easily
checked
that
(1.25)
d=
fl
jbj’1
2
j=
1
for
0
1
n.
Hence
the
d.
are
positive
real
numbers.
Notice
that
d0
1
and
d
=d(L)
2
.
Put
=
:‘
d1
.
By
(1.25),
the
number
D
only
changes
if
some
b’
is
changed,
which
only
occurs
in
case
1.
In
case
1,
the
number
dk_
is
reduced
by
a
factor
<,
by
(1.25),
whereas
the
other
d
are
unchanged,
by
(1.24);
hence
D
is
reduced
by
a
factor
<.
Below
we
prove
that
there
is
a
positive
lower
bound
for
d.
that
only
depends
on
L.
It
follows
(*)
If
IlklI>2,
then:
For
14k—
1.
k
we
have
c’=b’.
Let
now
j>k.
To
find
V1k_1
and
V1k
we
substitute
b
*
—
*
*
k—i
—
Vkk_
iCk_
1
b*_(1_
*
—
*
k’.
kk_iVkk_1)Ck_i
fLkk_lCk
_j,*2/
*
*
—
*
k
/
Ck_i
i
C_
ILkk_iCk
in
b1
=
b
+
That
yields
*
2
*
2
1
ik—
lVkk_
1
k
I
/Ick_
1
k—
1
I-
1
ikI
1k
k—i
522
A.
K.
Lenstra
et
al.
Polynomials
with
Rational
Coefficients
523
that
there
is
also
a
positive
lower
bound
for
D,
and
hence
an
upper
bound
for
the
number
of
times
that
we
pass
through
case
1.
In
case
1,
the
value
of
k
is
decreased
by
1,
and
in
case
2
it
is
increased
by
1.
Initially
we
have
k
=
2,
and
k
n
+
1
throughout
the
algorithm.
Therefore
the
number
of
times
that
we
pass
through
case
2
is
at most
n— I
more
than
the
number
of
times
that
we
pass
through
case
1,
and
consequently
it
is
bounded.
This
implies
that
the
algorithm
terminates.
To prove
that
d1
has
a
lower
bound
we
put
m(L)=min{1x1
2
:xeL,x
+O}.
This
is
a
positive
real
number.
For
i>0,
we
can
interpret
d1
as
the
square
of
the
determinant
of
the
lattice
of
rank
i
spanned
by
b1
,
b2
,
...,
b
in
the
vector
space
lRb.
By
[4,
Chap.
I,
Lemma
4
and
Chap.
II,
Theorem
I],
this
lattice
contains
a
non-zero
vector
x
with
1x1
2
(4/3)U
‘‘
2
d.
Therefore
d
(3/4yU
12
m(L),
as
required.
We
shall
now
analyse
the
running
time
of
the
algorithm
under
the
added
hypothesis
that
b1
E7L
for
1in.
By
an
arithmetic
operation
we
mean an
addition,
subtraction,
multiplication
or
division
of
two integers.
Let
the
binary
length
of
an
integer
a
be
the
number
of
binary
digits of
al.
(1.26)
Proposition.
Let
Lc7L
be
a
lattice
with
basis
b1
,b
2
,
...,b,
and
let
BeIR,
B2,
be
such
that
Ibl
2
B
for
1
in.
Then
the
number
of
arithmetic
operations
needed
by
the
basis
reduction
algorithm
described
in
(1.15)
is
0(n
4
logB),
and
the
integers
on
which
these
operations
are
performed
each
have
binary
length
0(nlogB).
Remark.
Using
the
classical
algorithms
for
the
arithmetic
operations
we
find
that
the
number
of
bit
operations
needed
by
the
basis
reduction
algorithm
is
0(n
6
(logB)
3
).
This can
be
reduced
to
0(n
5
(logB)
2
9,
for every
E
>0,
if
we
employ
fast
multiplication
techniques.
Proof
of
(1.26).
We
first
estimate
the
number
of
times
that
we
pass
through
cases
1
and
2.
In
the
beginning
of
the
algorithm
we
have
d.
B,
by
(1.25),
SO
D
B’
1)/2
Throughout
the
algorithm
we
have
D
1,
since
de1L
by
(1.24)
and
d.>0
by
(1.25).
So
by
the
argument
in
(1.23)
the
number
of
times
that
we
pass
through
case
1
is
0(n
2
log
B),
and
the
same
applies
to
case
2.
The
initialization
of
the
algorithm
takes
0(n
3
)
arithmetic
operations
with
rational
numbers;
below
we
shall
see
how they
can
be
replaced
by
operations
with
integers.
For
(1.18)
we
need
0(n)
arithmetic
operations,
and
this
is
also
true
for
case
1.
In
case
2
we
have
to
deal
with
0(n)
values
of
1,
that
each
require
0(n)
arithmetic
operations.
Since
we
pass
through
these
cases
0(n
2
log
B)
times
we
arrive
at
a
total
of
0(n
4
log
B)
arithmetic
operations.
In
order
to
represent
all
numbers
that
appear
in
the
course
of
the
algorithm
by
means
of
integers
we
also
keep
track
of
the
numbers
d.
defined
by
(1.24).
In
the
initialization
stage
these can
be
calculated
by
(1.25).
After
that,
they
are
only
changed
in
case
1.
In
that
case,
dk_i
is
replaced
by
dk_i.Ic’_lI
2
/lbll
2
=dk_
2
lc_
i2
[in
the
notation
of
(1.22)]
whereas
the
other
d1
are unchanged.
By
(1.24),
the
d
are
integers,
and
we
shall
now
see
that
they
can
be
used
as
denominators
for
all
numbers
that
appear:
(1.27)
lb9
2
=d/d
1_1
(lin),
(1.28)
d_
1
beLc7L”
(lin),
(1.29)
dy
1
e7L
(1j<in).
i—i
The
first
of
these
follows
from
(1.25).
For
the
second,
we
write
b’
=b—
.Z
with
e1R.
Solving
1
j1
2
1j1
from
the
system
(b
1
,
b1
)
=
b1
)
(1
1
i—
1)
and
using
(1.24)
we
find
that
d1_121
e,
whence
(1.28).
Notice
that
the
same
argument
yields
dI_l(bk_
kJbJ)
for
ik;
this
is
useful
for
the
calculation
of
b
at
the
beginning
of
the
algorithm.
To
prove
(1.29)
we
use
(1.3),
(1.27),
and
(1.28):
1
(b
1
,b7)=(b,d_
1
b’)ezz.
To
finish
the
proof
of
(1.26)
we
estimate
all
integers
that
appear.
Since
no
d.
is
ever
increased
we
have
dB
1
throughout
the
algorithm.
This
estimates
the
denominators.
To
estimate
the
numerators
it
suffices
to
find
upper
bounds
for
Ibl
2
,
bl
2
,
and
At
the
beginning
we
have
Ibl
2
lbl
2
B,
and
max{jb
2
:lin}
is
non-
increasing;
to
see
this,
use
that
Ic_
1
l
2
<1b_
1
I
2
and
lc
2
lb’_
1
I
2
in
(1.22),
the
latter
inequality
because
c’
is
a
projection
of
b_
.
Hence
we
have
b’I
2
B
throughout
the
algorithm.
To
deal
with
1bJ
2
and
‘i
we
first
prove
that
every
time
we
arrive
at
the
situation
described
by
(1.16)
and
(1.17)
the
following
inequalities
are
satisfied:
lbl
2
nB
for
i4k,
jbkl
2n2
(4B)
if
ktn+1,
lIjl
for
1j<i,
i<k,
for
1
j<i,
i>k,
(1.34)
l1Ll2(nB)
for
1
j<k,
if
k+n+
1.
Here
(1.30),
for
i<k,
is
trivial
from
(1.32),
and
(1.31)
follows
from
(1.34).
Using
that
(1.35)
we
see
that
(1.33)
follows
from
(1.30),
and
(1.32)
is
the
same
as
(1.16).
It
remains
to
prove
(1.30)
for
i
>
k
and
to
prove
(1.34).
At
the
beginning
of
the
algorithm
we
even
have
Jb
1
J
2
B
and
i.jBi,
by
(1.35),
so it
suffices
to
consider
the
situation
at
the
(1.30)
(1.31)
(1.32)
(1.33)
