DOCSLIB.ORG

Computing the Power Residue Symbol

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Computing the Power Residue Symbol Radboud University Master Thesis Computing the power residue symbol Koen de Boer koendeboer.com supervised by dr. W. Bosma dr. H.W. Lenstra Jr. October 31, 2016 ii Foreword Introduction In this thesis, an algorithm is proposed to compute the power residue symbol α b m in arbitrary number rings containing a primitive m-th root of unity. The algorithm consists of three parts: principalization, reduction and evaluation, where the reduction part is optional. The evaluation part is a probabilistic algorithm of which the expected running time might be polynomially bounded by the input size, a presumption made plausible by prime density results from analytic number theory and timing experiments. The principalization part is also probabilistic, but it is not tested in this thesis. The reduction algorithm is deterministic, but might not be a polynomial- time algorithm in its present form. Despite the fact that this reduction part is apparently not effective, it speeds up the overall process significantly in practice, which is the reason why it is incorporated in the main algorithm. When I started writing this thesis, I only had the reduction algorithm; the two other parts, principalization and evaluation, were invented much later. This is the main reason why this thesis concentrates primarily on the reduction al- gorithm by covering subjects like lattices and lattice reduction. Results about the density of prime numbers and other topics from analytic number theory, on which the presumed effectiveness of the principalization and evaluation al- gorithm is based, are not as extensively treated as I would have liked to. Since, in the beginning, I only had the reduction algorithm, I tried hard to prove that its running time is polynomially bounded. When I did not succeed, I attempted to pose some assumptions I thought to be plausible, in order to deduce from it that the reduction algorithm is effective. I did not succeed in making the assumptions plausible nor in deducing the effectiveness of the reduction algorithm. The short research about these assumptions is placed in the appendix (see section B.2). Acknowledgements I would like to thank my supervisor, dr. Wieb Bosma of the FNWI at the Rad- boud University, for his unstoppable faith and enthusiasm. The large amount of freedom and independence that characterizes his supervision might be over- whelming for others, but for me, it was exactly what I needed. His ability to see the big picture in difficult mathematical subjects has often saved me from losing myself in the details. Besides my advisor, I would like to thank dr. H.W. Lenstra of the Mathe- matisch Instituut at the Universiteit Leiden, for being an outstanding teacher and for inspiring me with many very good ideas, including two-sided reduction and principalization. With his expertise and eye for detail, he has pointed out many areas of improvement in my thesis. My sincere thanks also go to dr. J. Bouw of the Mathematisch Instituut at the Universiteit Leiden, for allowing me to read his PhD thesis before the publication, so that I could implement his algorithm that computes Hilbert symbols. This heavily motivated me to think about an effective algorithm to compute power residue symbols. I have good memories of my visit to Leiden, when we verified each other's computations. I would also like to acknowledge dr. M. Kosters of the department of Math- ematics at the University of California (Irvine), for sending me a summary of Bouw's algorithm that focusses on the algorithmic aspect, which has been very useful for me. Furthermore, I would like to thank dr. D. Micciancio of the Computer Science & Engineering department at the University of California (San Diego), for giving a comprehensive answer to my question about q-ary lattices. My thesis would be full of textual mistakes without the proofreaders: Elke de Boer, Els de Jong, Kris Roufs and Janneke de Wit. Many thanks for your effort. Also, many thanks to Djordy Timmermans, who designed the beautiful cover of this thesis. Finally, I must express my gratitude to my parents, to my brothers and sister, and to my partner Kris Roufs for supporting me spiritually throughout writing this thesis and my life in general. This accomplishment would not have been possible without them. Thank you. iv Contents Foreword ii Introduction . iii Acknowledgements . iv 1 Number fields and completions 1 1.1 Introduction . .1 1.2 Number fields . .1 1.2.1 Finite degree field extensions . .1 1.2.2 Number rings . .2 1.2.3 Ideal arithmetic . .4 1.2.4 Discriminant and singular primes . .7 1.3 Local Fields and Completions . 10 1.3.1 Introduction . 10 1.3.2 Absolute values . 10 1.3.3 p-adic completions . 12 1.3.4 p-adic local fields . 13 2 Ideals and lattices 17 2.1 Introduction . 17 2.2 Lattices . 17 2.3 Ideals as lattices . 20 2.3.1 Basis matrix of a lattice . 20 2.3.2 The Hermite normal form . 21 2.3.3 Computing the HNF . 22 2.3.4 HNF and operations on ideals . 23 2.4 Lattice reduction: LLL . 24 2.4.1 Introduction . 24 2.4.2 Reduced bases . 24 2.5 Element reduction modulo an ideal . 27 2.6 q-ary lattices . 28 2.6.1 Introduction . 28 2.6.2 q-ary lattices in the reduction algorithm . 29 2.6.3 Different inner products . 31 3 Power residue symbols and Hilbert symbols 35 3.1 Introduction . 35 3.2 Power residue symbols . 35 3.2.1 Definition . 35 3.2.2 Power residue symbols in number rings . 38 3.3 Hilbert symbols . 39 3.4 Exploitable properties of power residue symbols . 41 3.5 Bouw's algorithm . 43 3.5.1 Introduction . 43 3.5.2 Roots of unity and the weakly distinguished unit . 44 3.5.3 Find the Hilbert symbol from exponential representation 48 4 Heuristic algorithm for the power residue symbol 51 4.1 Introduction . 51 4.2 Squirrel's algorithm . 51 4.2.1 General power residue symbol . 51 4.2.2 Principal power residue symbol . 52 4.3 Preliminaries . 53 4.3.1 Notation . 53 4.3.2 Two-sided reduction . 53 4.3.3 Near-prime ideals . 54 4.4 Description of the main algorithm . 55 4.4.1 Outline . 55 4.4.2 Principalization . 56 4.4.3 Reduction . 56 4.4.4 Evaluation . 58 4.5 The correctness of the algorithm . 60 4.5.1 Principalization correctness . 60 4.5.2 Reduction correctness . 60 4.5.3 Evaluation correctness . 62 4.6 Analysis . 62 4.6.1 Introduction . 62 4.6.2 Reduction analysis . 62 4.6.3 Evaluation analysis . 63 4.6.4 Principalization analysis . 66 4.7 Possible improvements . 67 5 Computational Results 69 5.1 Introduction . 69 5.2 Method . 69 5.2.1 Reduction method . 69 5.2.2 Evaluation method . 70 5.3 Results . 70 5.4 Conclusion . 71 5.4.1 Evaluation . 71 5.4.2 Reduction . 73 5.5 Discussion . 74 vi Appendices 75 A Data 77 B Notes 81 B.1 Introduction . 81 B.2 The QSDL-conjecture . 81 B.3 Other attempts to compute the power residue symbol . 83 C Explanation of the picture on the front cover 87 vii viii CHAPTER 1 Number fields and completions 1.1 Introduction The main subjects of this thesis are the power residue symbol and, to a lesser extent, the related Hilbert symbol. In order to obtain a clear understanding of these symbols, one has to be acquainted with algebraic number theory and its notions: number fields, ideals, orders, integral elements, completions, etcetera. This chapter will give a quick, incomplete and subjective overview of the algebraic number theory topics needed. For professional and complete stud- ies of number fields, I would like to recommend [Jan96] and [CF67]. Another goal of this chapter is introducing notation, to avoid misunderstandings in the remainder of this thesis. We denote the integers by Z, and the rational numbers by Q. We denote rounding to the closest integer by d·c, and the group of invertible matrices with entries in Z by GLn(Z). 1.2 Number fields 1.2.1 Finite degree field extensions Definition 1.1 (Algebraic number field). A number field is a finite degree field extension of the rational numbers Q. In this thesis, a number field is often denoted by the capital letter K (from the German word K¨orper) with degree n = [K : Q] over the rational numbers. Also, towers of finite extensions will occur. In that case, the field above K will be called L. The extension L : K is called a relative extension, in contrast to K : Q, to which is referred as an absolute extension. In a computational context, a number field L is defined by an irreducible polynomial f over its ground field K. Via the isomorphism L ' K[x]=f(x), any 2 Chapter 1. Number fields and completions n element of L can be uniquely represented by a vector (k1; : : : ; kn) 2 K , with n = deg f. Definition 1.2 (Galois extension). Suppose K ⊆ L are both number fields. The finite degree field extension L : K is called a Galois extension if it is a normal extension; i.e., if for every irreducible polynomial f(x) 2 K[x] holds f(x) has a root in L =) f(x) splits in linear factors over L: Remark 1.3. Equivalently, a Galois extension L : K is a splitting field of some polynomial f(x) 2 K[x], see [Lan05, Vx3, i.p. Thm. 3.3]. Every Galois extension has a Galois group G = Gal(L : K) associated with it, which is a subgroup of the permutation group on the zeroes of the defining polynomial.
Load more

Recommended publications
  • Super-Multiplicativity of Ideal Norms in Number Fields
    Super-multiplicativity of ideal norms in number fields Stefano Marseglia Abstract In this article we study inequalities of ideal norms. We prove that in a subring R of a number field every ideal can be generated by at most 3 elements if and only if the ideal norm satisfies N(IJ) ≥ N(I)N(J) for every pair of non-zero ideals I and J of every ring extension of R contained in the normalization R˜. 1 Introduction When we are studying a number ring R, that is a subring of a number field K, it can be useful to understand the size of its ideals compared to the whole ring. The main tool for this purpose is the norm map which associates to every non-zero ideal I of R its index as an abelian subgroup N(I) = [R : I]. If R is the maximal order, or ring of integers, of K then this map is multiplicative, that is, for every pair of non-zero ideals I,J ⊆ R we have N(I)N(J) = N(IJ). If the number ring is not the maximal order this equality may not hold for some pair of non-zero ideals. For example, arXiv:1810.02238v2 [math.NT] 1 Apr 2020 if we consider the quadratic order Z[2i] and the ideal I = (2, 2i), then we have that N(I)=2 and N(I2)=8, so we have the inequality N(I2) > N(I)2. Observe that if every maximal ideal p of a number ring R satisfies N(p2) ≤ N(p)2, then we can conclude that R is the maximal order of K (see Corollary 2.8).
    [Show full text]
  • 6 Ideal Norms and the Dedekind-Kummer Theorem
    18.785 Number theory I Fall 2017 Lecture #6 09/25/2017 6 Ideal norms and the Dedekind-Kummer theorem In order to better understand how ideals split in Dedekind extensions we want to extend our definition of the norm map to ideals. Recall that for a ring extension B=A in which B is a free A-module of finite rank, we defined the norm map NB=A : B ! A as ×b NB=A(b) := det(B −! B); the determinant of the multiplication-by-b map with respect to an A-basis for B. If B is a free A-module we could define the norm of a B-ideal to be the A-ideal generated by the norms of its elements, but in the case we are most interested in (our \AKLB" setup) B is typically not a free A-module (even though it is finitely generated as an A-module). To get around this limitation, we introduce the notion of the module index, which we will use to define the norm of an ideal. In the special case where B is a free A-module, the norm of a B-ideal will be equal to the A-ideal generated by the norms of elements. 6.1 The module index Our strategy is to define the norm of a B-ideal as the intersection of the norms of its localizations at maximal ideals of A (note that B is an A-module, so we can view any ideal of B as an A-module). Recall that by Proposition 2.6 any A-module M in a K-vector space is equal to the intersection of its localizations at primes of A; this applies, in particular, to ideals (and fractional ideals) of A and B.
    [Show full text]
  • DISCRIMINANTS in TOWERS Let a Be a Dedekind Domain with Fraction
    DISCRIMINANTS IN TOWERS JOSEPH RABINOFF Let A be a Dedekind domain with fraction field F, let K=F be a finite separable ex- tension field, and let B be the integral closure of A in K. In this note, we will define the discriminant ideal B=A and the relative ideal norm NB=A(b). The goal is to prove the formula D [L:K] C=A = NB=A C=B B=A , D D ·D where C is the integral closure of B in a finite separable extension field L=K. See Theo- rem 6.1. The main tool we will use is localizations, and in some sense the main purpose of this note is to demonstrate the utility of localizations in algebraic number theory via the discriminants in towers formula. Our treatment is self-contained in that it only uses results from Samuel’s Algebraic Theory of Numbers, cited as [Samuel]. Remark. All finite extensions of a perfect field are separable, so one can replace “Let K=F be a separable extension” by “suppose F is perfect” here and throughout. Note that Samuel generally assumes the base has characteristic zero when it suffices to assume that an extension is separable. We will use the more general fact, while quoting [Samuel] for the proof. 1. Notation and review. Here we fix some notations and recall some facts proved in [Samuel]. Let K=F be a finite field extension of degree n, and let x1,..., xn K. We define 2 n D x1,..., xn det TrK=F xi x j .
    [Show full text]
  • Super-Multiplicativity of Ideal Norms in Number Fields
    Universiteit Leiden Mathematisch Instituut Master Thesis Super-multiplicativity of ideal norms in number fields Academic year 2012-2013 Candidate: Advisor: Stefano Marseglia Prof. Bart de Smit Contents 1 Preliminaries 1 2 Quadratic and quartic case 10 3 Main theorem: first implication 14 4 Main theorem: second implication 19 Introduction When we are studying a number ring R, that is a subring of a number field K, it can be useful to understand \how big" its ideals are compared to the whole ring. The main tool for this purpose is the norm map: N : I(R) −! Z>0 I 7−! #R=I where I(R) is the set of non-zero ideals of R. It is well known that this map is multiplicative if R is the maximal order, or ring of integers of the number field. This means that for every pair of ideals I;J ⊆ R we have: N(I)N(J) = N(IJ): For an arbitrary number ring in general this equality fails. For example, if we consider the quadratic order Z[2i] and the ideal I = (2; 2i), then we have that N(I) = 2 and N(I2) = 8, so we have the inequality N(I2) > N(I)2. In the first chapter we will recall some theorems and useful techniques of commutative algebra and algebraic number theory that will help us to understand the behaviour of the ideal norm. In chapter 2 we will see that the inequality of the previous example is not a coincidence. More precisely we will prove that in any quadratic order, for every pair of ideals I;J we have that N(IJ) ≥ N(I)N(J).
    [Show full text]
  • Dirichlet's Class Number Formula
    Dirichlet's Class Number Formula Luke Giberson 4/26/13 These lecture notes are a condensed version of Tom Weston's exposition on this topic. The goal is to develop an analytic formula for the class number of an imaginary quadratic field. Algebraic Motivation Definition.p Fix a squarefree positive integer n. The ring of algebraic integers, O−n ≤ Q( −n) is defined as ( p a + b −n a; b 2 Z if n ≡ 1; 2 mod 4 O−n = p a + b −n 2a; 2b 2 Z; 2a ≡ 2b mod 2 if n ≡ 3 mod 4 or equivalently O−n = fa + b! : a; b 2 Zg; where 8p −n if n ≡ 1; 2 mod 4 < p ! = 1 + −n : if n ≡ 3 mod 4: 2 This will be our primary object of study. Though the conditions in this def- inition appear arbitrary,p one can check that elements in O−n are precisely those elements in Q( −n) whose characteristic polynomial has integer coefficients. Definition. We define the norm, a function from the elements of any quadratic field to the integers as N(α) = αα¯. Working in an imaginary quadratic field, the norm is never negative. The norm is particularly useful in transferring multiplicative questions from O−n to the integers. Here are a few properties that are immediate from the definitions. • If α divides β in O−n, then N(α) divides N(β) in Z. • An element α 2 O−n is a unit if and only if N(α) = 1. • If N(α) is prime, then α is irreducible in O−n .
    [Show full text]
  • Computing the Power Residue Symbol
    Radboud University Master Thesis Computing the power residue symbol Koen de Boer supervised by dr. W. Bosma dr. H.W. Lenstra Jr. August 28, 2016 ii Foreword Introduction In this thesis, an algorithm is proposed to compute the power residue symbol α b m in arbitrary number rings containing a primitive m-th root of unity. The algorithm consists of three parts: principalization, reduction and evaluation, where the reduction part is optional. The evaluation part is a probabilistic algorithm of which the expected running time might be polynomially bounded by the input size, a presumption made plausible by prime density results from analytic number theory and timing experiments. The principalization part is also probabilistic, but it is not tested in this thesis. The reduction algorithm is deterministic, but might not be a polynomial- time algorithm in its present form. Despite the fact that this reduction part is apparently not effective, it speeds up the overall process significantly in practice, which is the reason why it is incorporated in the main algorithm. When I started writing this thesis, I only had the reduction algorithm; the two other parts, principalization and evaluation, were invented much later. This is the main reason why this thesis concentrates primarily on the reduction al- gorithm by covering subjects like lattices and lattice reduction. Results about the density of prime numbers and other topics from analytic number theory, on which the presumed effectiveness of the principalization and evaluation al- gorithm is based, are not as extensively treated as I would have liked to. Since, in the beginning, I only had the reduction algorithm, I tried hard to prove that its running time is polynomially bounded.
    [Show full text]
  • Unique Factorization of Ideals in OK
    IDEAL FACTORIZATION KEITH CONRAD 1. Introduction We will prove here the fundamental theorem of ideal theory in number fields: every nonzero proper ideal in the integers of a number field admits unique factorization into a product of nonzero prime ideals. Then we will explore how far the techniques can be generalized to other domains. Definition 1.1. For ideals a and b in a commutative ring, write a j b if b = ac for an ideal c. Theorem 1.2. For elements α and β in a commutative ring, α j β as elements if and only if (α) j (β) as ideals. Proof. If α j β then β = αγ for some γ in the ring, so (β) = (αγ) = (α)(γ). Thus (α) j (β) as ideals. Conversely, if (α) j (β), write (β) = (α)c for an ideal c. Since (α)c = αc = fαc : c 2 cg and β 2 (β), β = αc for some c 2 c. Thus α j β in the ring. Theorem 1.2 says that passing from elements to the principal ideals they generate does not change divisibility relations. However, irreducibility can change. p Example 1.3. In Z[ −5],p 2 is irreduciblep as an element but the principal ideal (2) factors nontrivially: (2) = (2; 1 + −5)(2; 1 − −p5). p To see that neither of the idealsp (2; 1 + −5) and (2; 1 − −5) is the unit ideal, we give two arguments. Suppose (2; 1 + −5) = (1). Then we can write p p p 1 = 2(a + b −5) + (1 + −5)(c + d −5) for some integers a; b; c, and d.
    [Show full text]
  • Ideal Norm, Module Index, Dedekind-Kummer Theorem
    18.785 Number theory I Fall 2015 Lecture #6 09/29/2015 6 Ideal norms and the Dedekind-Kummer thoerem 6.1 The ideal norm Recall that for a ring extension B=A in which B is a free A-module of finite rank, we defined the (relative) norm NB=A : B ! A as ×b NB=A(b) := det(L ! L); the determinant of the multiplication-by-b map with respect to some A-basis for B. We now want to extend our notion of norm to ideals, and to address the fact that in the case we are most interested in, in which B is the integral closure of a Dedekind domain A in a finite separable extension L of its fraction field K (the \AKLB setup"), the Dedekind domain B is typically not a free A-module, even though it is finite generated as an A-module (see Proposition 4.60). There is one situation where B is guaranteed to be a free A-module: if A is a PID then it follows from the structure theorem for finitely generated modules over PIDs, that B ' Ar ⊕ T for some torsion A-module T which must be trivial because B is torsion-free (it is a domain containing A).1 This necessarily applies when A is a DVR, so if we localize 2 3 the A-module B at a prime p of A, the module Bp will be a free Ap-module. Thus B is locally free as an A-module. We will use this fact to generalize our definition of NB=A, but first we recall the notion of an A-lattice and define the module index.
    [Show full text]
  • The Meaning of the Form Calculus in Classical Ideal Theory
    THE MEANING OF THE FORM CALCULUS IN CLASSICAL IDEAL THEORY BY HARLEY FLANDERS 1. Introduction. One of the interesting tools in algebraic number theory is the Gauss-Kronecker theorem on the content of a product of forms. This result is used in various ways. For example the fact that the unique factoriza- tion of ideals carries over to finite algebraic extensions was, in the past, proved using this tool [3]. Modern proofs not using the form theory have been constructed from several points of view, we refer to [2; 6; 7; 9]. Actually, in his Grundziige [5], Kronecker gave a development of the arithmetic of number fields (and more general domains) in which the form theory plays the central role, while the ideal theory of Dedekind is very much in the shadows. This is not taken very seriously in our time, however Weyl [8] cast this development of Kronecker into a version more accessible to the modern reader. Finally, the Kronecker theorem on forms is useful in showing that the most natural definition of the norm of an ideal, norm equals the product of conjugates, always yields an ideal in the ground field. In many situations it is extremely convenient, indeed almost imperative, to have a principal ideal ring instead of a Dedekind ring. The usual modern device for passing to this technically vastly simpler situation is to localize either by passing to £-adic completions or by forming the quotient ring with respect to the complement of a finite set of prime ideals. The form theory has not generally been looked upon as a tool for accomplishing this reduction to principal ideals, none-the-less, this is precisely what it accomplishes; and this is what we propose to discuss here.
    [Show full text]
  • The Different Ideal
    THE DIFFERENT IDEAL KEITH CONRAD 1. Introduction The discriminant of a number field K tells us which primes p in Z ramify in OK : the prime factors of the discriminant. However, the way we have seen how to compute the discriminant doesn't address the following themes: (a) determine which prime ideals in OK ramify (that is, which p in OK have e(pjp) > 1 rather than which p have e(pjp) > 1 for some p), (b) determine the multiplicity of a prime in the discriminant. (We only know the mul- tiplicity is positive for the ramified primes.) Example 1.1. Let K = Q(α), where α3 − α − 1 = 0. The polynomial T 3 − T − 1 has discriminant −23, which is squarefree, so OK = Z[α] and we can detect how a prime p 3 factors in OK by seeing how T − T − 1 factors in Fp[T ]. Since disc(OK ) = −23, only the prime 23 ramifies. Since T 3−T −1 ≡ (T −3)(T −10)2 mod 23, (23) = pq2. One prime over 23 has multiplicity 1 and the other has multiplicity 2. The discriminant tells us some prime over 23 ramifies, but not which ones ramify. Only q does. The discriminant of K is, by definition, the determinant of the matrix (TrK=Q(eiej)), where e1; : : : ; en is an arbitrary Z-basis of OK . By a finer analysis of the trace, we will construct an ideal in OK which is divisible precisely by the ramified primes in OK . This ideal is called the different ideal. (It is related to differentiation, hence the name I think.) In the case of Example 1.1, for instance, we will see that the different ideal is q, so the different singles out the particular prime over 23 that ramifies.
    [Show full text]
  • Dedekind Zeta Zeroes and Faster Complex Dimension Computation∗
    Dedekind Zeta Zeroes and Faster Complex Dimension Computation∗ J. Maurice Rojas† Yuyu Zhu‡ Texas A&M University Texas A&M University College Station, Texas College Station, Texas [email protected] [email protected] S k ABSTRACT F 2 (Z[x1;:::; xn]) k;n 2Z Thanks to earlier work of Koiran, it is known that the truth of the has a complex root. While the implication FEASC 2 P =) P=NP has Generalized Riemann Hypothesis (GRH) implies that the dimension long been known, the inverse implication FEASC < P =) P , NP of algebraic sets over the complex numbers can be determined remains unknown. Proving the implication FEASC < P =) P,NP within the polynomial-hierarchy. The truth of GRH thus provides a would shed new light on the P vs. NP Problem, and may be easier direct connection between a concrete algebraic geometry problem than attempting to prove the complexity lower bound FEASC < P and the P vs. NP Problem, in a radically different direction from (whose truth is still unknown). the geometric complexity theory approach to VP vs. VNP. We Detecting complex roots is the D =0 case of the following more explore more plausible hypotheses yielding the same speed-up. general problem: One minimalist hypothesis we derive involves improving the error [ DIM ; 2 N × Z ;:::; k term (as a function of the degree, coefficient height, and x) on the C: Given (D F ) ( [x1 xn]) , fraction of primes p ≤ x for which a polynomial has roots mod p. k;n 2Z decide whether the complex zero set of F has A second minimalist hypothesis involves sharpening current zero- dimension at least D.
    [Show full text]
  • Math 676. Class Groups for Imaginary Quadratic Fields
    Math 676. Class groups for imaginary quadratic fields In general it is a very difficult problem to determine the class number of a number field, let alone the structure of its class group. However, in the special case of imaginary quadratic fields there is a very explicit algorithm that determines the class group. The main point is that if K is an imaginary quadratic field with discriminant D < 0 and we choose an orientation of the Z-module OK (or more concretely, we choose a square root of D in OK ) then this choice gives rise to a natural bijection between the class group of K and 2 2 the set SD of SL2(Z)-equivalence classes of positive-definite binary quadratic forms q(x, y) = ax + bxy + cy over Z with discriminant 4ac − b2 equal to −D. Gauss developed “reduction theory” for binary and ternary quadratic forms over Z, and via this theory he proved that the set of such forms q with 1 ≤ a ≤ c and |b| ≤ a (and b ≥ 0 if either a = c or |b| = a) is a set of representatives for the equivalence classes in SD. This set of representatives is finite because such inequalities in conjunction with the identity 4ac − b2 = −D = |D| force 1 ≤ a ≤ p|D|/3 (and so |b| is also bounded, whence there are only finitely many such triples (a, b, c) since the identity b2 − 4ac = −D determines c once a and b are known). This gives a constructive proof of the finiteness of class groups for imaginary quadratic fields.
    [Show full text]