(where r is either q or one of the p~) are represented as integers of magnitude less
than
r/2.
The algorithm follows:
(1)
Set Cl = cont(Fl'), c2 = cont(E2'),
c =
gcd(Cl, c2).
(2)
Set F~ =
Fx'/Cl, F2
=
F2'/c2.
(3)
Set fl = lc (F1), f2 = lc (F~), 0 = gcd (.,q, f2).
(4)
Seth = 0, e = min(a(F~), O(F2)).
(5)
Set fi = 20 max I~1, where ¢ ranges over the coefficients of F1 and F2.
Usually, it will be true that fi > p, but exceptions are possible as discussed in Section
5.2.
(6)
Let p be a new odd prime not dividing fl or fi.
(7)
Set ~ = g mod p, F1 = 0F1 mod p, F2 = ~F2 mod p.
(S)
Invoke Algorithm P (Section 4.5) to compute (~ = 0'gcd(F1, F2),/ql =
F1/G, and/t: = F2/G, all in
Zv[xl,
• • • , x~]. These relations imply that lc (G) = 0,
and ~(0) > d.
(9)
If it(G) = 0, set G =
1, H~ = F1,H2 = F2, and skip to Step (15). If
O(G) > e, go back to step 6. If i)(G) < e, set n = 0, e = i)(G).
(10)
Setn = n +
1.
(11)
Ifn = 1, setq = p,G* = G,H,* = /ql,H2* =/72.Otherwise, updatethe
quadruple (q, G*, Hi*, H2*) to include (p, G, H1,/q2) by using the Chinese remainder
algorithm (Section 4.8) with moduli ~nl = q and ~
= p to extend (37) (coefficient
by coefficient), and then replacing q by
pq
to extend (36).
(12)
If q < fi, go back to Step (6). Otherwise, we now know that (40) holds
unless e > d or q < g. To exclude these unlikely possibilities, it suffices to prove the
relations G'Hi* = F~ and
G'H2* = fi2,
which hold modulo q by (31), (33), (36),
and (37).
(13)
Choose g* such that
~*/2
is an integer bound on the magnitudes of the
coefficients of
G*H~*
and
G'H2*.
If q < u*, go back to Step (6). Otherwise, we have
q] (G'H1* -
fl)
and q > max (u*, ~) _> max I~ [, where ~, ranges over the coef-
ficients of
(G'Hi* - F1),
and therefore G'Hi* = fix. Similarly,
G'H2*
= fi2, and
therefore (40) is established.
(14)
Set G = pp(G*), g = lc(G), H~ =
Hl*/g, H~ = H2*/g.
(15)
Set G' =
cG, Hi' = (Cl/C)H1, H~' = (c2/c)H:,
and return.
4.4
UNLUCKY PR~IES.
We shall call the prime p chosen in Step (6) of Algorithm
5I lucky
if e = d, and
unlucky
otherwise.
In executing Algorithm 5I, the first lucky prime causes us to discard the informa-
tion from any previous unlucky primes [by setting n = 0 in the third part of Step
(9)], and to set e = d. Any subsequent unlucky primes are rejected in the second
part of Step (9). In Step (13), G*, H~*, and H:* are rejected if no lucky primes have
yet been encountered, or if q is still less than u.
In Theorem 1, we shall prove that all of the unlucky primes are divisors of an
integer a, which depends only
on F1
and F:. Using this result, Theorem 2 bounds the
number of unlucky primes which might occur, thereby establishing the fact that the
algorithm terminates. Finally, Theorem 3 shows that the probability of p being un-
lucky is at most
v/p.
In practice, this probability is always exceedingly small, since p is chosen in the
Journal of the Association for Computing Machinery, Vol. 18, No. 4, October 1971