Remarks on Run-time of the Algorithm Solving the linear system F(xi)yi = N(xi) can be done in O(npoly(log n)) time using the special form of the system. 40 LECTURE 8 Often a much faster way to obtain the message polynomial p(x) is to compute the (at most e) roots of F(x) using a root- nding algorithm, and to then obtain p(x) by fast interpolation at (any of) the points xi which are not roots of F(x). Since the degree of F is at most e, and e is often very small, this method is in practice much faster.

1 Motivating Discussion Let f be a multivariate polynomial over the integers, that is f(x1 ; x2; : : :; xn) 2 Zx1; : : :; xn]. We want to check if f is irreducible. Clearly, this can be done using an exhaustive search. Hilbert asked if this can be done more e ciently. His suggestion was to substitute the variables, that is, let x1 = a1; x2 = a2 ; : : :; xn = an, where ai 2 Z, and check if f(a1 ; a2; : : :; an) is a prime. If f is reducible, say f(x1 ; x2; : : :; xn) = g(x1; x2; : : :; xn) h(x1; x2; : : :; xn); then \usually" g(a1 ; a2; : : :; an) 6= 1 and h(a1 ; a2; : : :; an) 6= 1 and f(a1 ; a2; : : :; an) is composite.

This is reminiscent of methods from numerical analysis which iteratively try to get closer and closer approximations to a solution for a given equation. Indeed Hensel's lifting is based on such intuition. Formally, Hensel's Lifting Lemma tell us how to transform a factorization modulo yk into a factorization modulo y2k . The lemma works for any ideal and can be stated in a very general form. Recall that an ideal is a subset I R of a ring such that 8x; y 2 I; 8 2 R; (x + y) 2 I`mbox and x 2 I: Example of ideals are: Integral multiples of an integer m: Zm = fmn : n 2 Zg.

