Unique Factorization in ACL2: Euclidean Domains John R. Cowles Ruben Gamboa Department of Computer Science Department of Computer Science University of Wyoming University of Wyoming Laramie, Wyoming Laramie, Wyoming [email protected] [email protected] ABSTRACT Mathematicians have identified many domains, other than ACL2 is used to systematically study domains whose ele- the positive integers, that can also be said to have some form ments can be “uniquely” factored into products of “irre- of unique factorization. For example, polynomials, of a sin- ducible” elements. The best known examples of such do- gle variable, with rational coefficients, can each be factored mains are the positive integers, which can be factored into into a product of irreducible polynomials. Moreover, this products of primes, and univariate polynomials with ration- product is essentially unique except for the order of the ir- al coefficients, which can be factored into products of irre- reducible polynomials. ducible polynomials. There are many other such domains. We are using ACL2 to carry out a systematic study of Euclidean domains are an algebraic abstraction, of both such domains. We begin by studying domains where the the positive integers and the rational polynomials, in which standard proof, of unique factorization for the positive in- the usual proofs of unique factorization, for both the integers tegers, can be easily generalized. This explains the second and the polynomials, can be generalized. half of our title: Mathematicians call those domains, where the standard proof can be readily carried out, Euclidean [3, 8, 7]. Also, we anticipate eventually extending our study Categories and Subject Descriptors to domains where unique factorization holds, but where the F.4.1 [Mathematical Logic and Formal Languages]: proof is not a straight-forward generalization of the stan- Mathematical Logic—Mechanical theorem proving, Compu- dard proof for the positive integers. This is part of an even tational logic larger effort formalizing those parts of computational num- ber theory used in modern cryptography. General Terms Verification 2. THE STANDARD PROOF The statement of the theorem, in both THM and ACL2, Keywords uses finite lists of positive integers to represent factorizations of positive integers. Explicit functions are used to overcome Boyer-Moore logic,unique factorization, Euclidean domains, the complete lack of existential quantification in THM. ACL2 The statement of the theorem has two parts. Existence. This part states that an explicitly defined func- 1. INTRODUCTION tion produces a prime factorization of its positive in- Before the computational logic ACL2 [4], there was the teger input argument. version of the Boyer-Moore Logic known as NQTHM [2], and before NQTHM, there was the version of the logic called Uniqueness. This part states that any two lists of primes, THM [1]. In 1979, when the book A Computational Logic [1], whose products are equal integers, are equal when the describing THM, was published, the deepest and hardest lists are treated as bags (or multisets). That is, the theorem, yet verified in the logic, was the Unique Prime Fac- two lists have the same members and each member torization Theorem: has the same multiplicity in the two lists. Theorem 1. Every positive integer can be factored into Existence depends on the Proper Factor binary relation on a finite product of primes. Moreover, this product is unique the positive integers being well-founded. except for the order of the primes. Definition 1. Positive integer x is a factor (or divisor) of positive integer z just in case there is a positive integer y such that x · y = z. Permission to make digital or hard copies of all or part of this work for Definition 2. Positive integer x is a proper factor (or proper personal or classroom use is granted without fee provided that copies are divisor) of positive integer z just in case x is a factor of z not made or distributed for profit or commercial advantage and that copies and 1 < x < z. bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific Thus, over the positive integers, there are no infinite chains permission and/or a fee. ACL2 ’06 Seattle, Washington USA of proper factors. Copyright 2006 ACL2 Steering Committee 0-9788493-0-2/06/08. Uniqueness depends on this key property of primes. Theorem 2. If prime p is a factor of the product of pos- Proof. If the domain contains only one element 0E, then itive integers a · b, then either p is a factor of a or p is a let 1E be 0E. factor of b. Otherwise the domain contains a nonzero element. Choose a nonzero domain element, b, of smallest possible Size. The standard proof of this key theorem employs the theory By the Division property, b divides every domain element of the greatest common divisor of two positive integers. The (because the remainder must be 0E). classical way to compute Greatest Common Divisors is by Let 1 be quot(b, b). Then b · 1 is b · quot(b, b) which use of the Euclidean Algorithm. E E E E is b (since the remainder is 0E). An ACL2 book, described in Appendix A, containing a For any domain element x, b · quot(x, b) = x. Therefore version of the original THM proof can be found in the file E prime-fac.lisp. An explicitly defined, but rather ineffi- 1E ·E x = 1E ·E (b ·E quot(x, b)) cient, function in this book can, of course, be executed and = (1E ·E b) ·E quot(x, b) actually produces prime factorizations of positive integers. = b ·E quot(x, b)) = x. 3. EUCLIDEAN DOMAINS An Euclidean Domain is a set E with two binary operations, Book 1, of many ACL2 Euclidean Domain books described +E and ·E, an unary operation, −E, and a set element 0E that satisfy these expected algebraic laws: For all X, Y, Z ∈ E, in Appendix A, in ed1.lisp formalizes and verifies this proof in ACL2. Closure. X +E Y ∈ E, X ·E Y ∈ E, −EX ∈ E, 0E ∈ E; Perhaps the most interesting step to translate into ACL2 is, “Choose a nonzero domain element, b, of smallest possible Commutative. X +E Y = Y +E X, X ·E Y = Y ·E X; Size.” In the ACL2 proof, defchoose is first used to choose a nonzero domain element (a) (assuming it exists). Then Associative. (X + Y ) + Z = X + (Y + Z), E E E E for every nonnegative integer n, defchoose is used to choose (X · Y ) · Z = X · (Y · Z); E E E E a nonzero domain element (b n) with Size n (if such an Distributive. X · (Y + Z) = (X · Y ) + (X · Z); element exists). Then at least one member of this finite list, E E E E E (b 0), (b 1), ..., (b (Size (a))), must be a nonzero domain element satisfying (equal (Size (b j) j)). The Identity. 0E +E X = X: first such list element must, in fact, be a nonzero domain Inverse. X +E (−EX) = 0E: element of smallest possible Size. Euclidean multiplication, ·E, behaves like integer multipli- 3.2 Well-founded Factors cation to the extent that it satisfies A proof, that, over nonzero Euclidean domain elements, there are no infinite chains of proper factors, is greatly sim- • if X · Y = 0 , then (X = 0 ∨ Y = 0 ). E E E E plified if this Multiplicative Size Property holds: These domains are called Euclidean because they come • Size(x) ≤ Size(x·Ey), for all nonzero domain elements equipped with enough additional structure to implement the x and y. Euclidean Algorithm for the computation of Greatest Com- Unfortunately, there are Euclidean domains (see the exam- mon Divisors. That is, Euclidean division, with quotients ple below) that do not satisfy this property. However, the and remainders, must be possible. Thus, there are two bi- next theorem shows there is no loss of generality in assum- nary functions, and , and an unary function, , quot rem Size ing the Multiplicative Size Property always holds in a given from into the nonnegative integers, that satisfy: For all E Euclidean domain. X, Y ∈ E, with Y 6= 0E, Theorem 4. If the Euclidean domain Closure. quot(X, Y ) ∈ E, rem(X, Y ) ∈ E: (E, +E, ·E, −E, 0E, 1E, quot1, rem1, Size1), Division Property. X = Y ·E quot(X, Y ) +E rem(X, Y ), does not satisfy the Multiplicative Size Property, then rem(X, Y ) = 0E ∨ Size(rem(X, Y )) < Size(Y ). “new” operations quot, rem, and Size can always be defined so that In ACL2, these properties are consistently axiomatized using ENCAPSULATE. In fact, the ACL2 axiomatization is (E, +E, ·E, −E, 0E, 1E, quot, rem, Size), slightly generalized by replacing = with an equivalence re- is an Euclidean domain that does satisfy the Multiplicative lation with the appropriate congruence properties. Size Property. 3.1 Multiplicative Identity Proof. If the domain contains only one element 0E, then the Multiplicative Size Property holds vacuously. Theorem 3. Every Euclidean Domain has a multiplica- Otherwise the domain contains a nonzero element. For tive identity. each nonzero domain element, x, choose a nonzero domain element c(x) such that Size1(x·E c(x)) is as small as possible. Define Thus, there always is a domain element, 1E, so that for any X ∈ , E Size(x) = Size1(x ·E c(x)) quot(x, y) = c(y) · quot (x, y · c(y)) 1E ·E X = X. E 1 E rem(x, y) = rem1(x, y ·E c(y)) Then the Division Property remains true of these “new” Book 2b, described in Appendix A, in ed2b.lisp verifies operations.