 such that
 such that  is not of the form
 is not of the form
![$ \mathbf{Z}[a]$](img478.png) for any
 for any  .  Even worse, Dedekind found a
field
.  Even worse, Dedekind found a
field  such that
 such that 
![$ 2\mid [\O _K : \mathbf{Z}[a]]$](img542.png) for all
 for all
 , so there is no choice of
, so there is no choice of  such that
Theorem 8.1.3 can be used to factor
 such that
Theorem 8.1.3 can be used to factor  for
 for  (see
Example 8.1.6 below).
 (see
Example 8.1.6 below).
Most algebraic number theory books do not describe an algorithm for decomposing primes in the general case. Fortunately, Cohen's book [Coh93, §6.2]) describes how to solve the general problem. The solutions are somewhat surprising, since the algorithms are much more sophisticated than the one suggested by Theorem 8.1.3. However, these complicated algorithms all run very quickly in practice, even without assuming the maximal order is already known.
For simplicity we consider the following slightly easier problem whose
solution contains the key ideas:  Let  be any order in
 be any order in  and let
and let  be a prime of
 be a prime of 
 .  Find the prime ideals of
.  Find the prime ideals of  that
contain
 that
contain  .
.
To go from this special case to the general case, given a prime  that we wish to factor in
that we wish to factor in  , we find a
, we find a  -maximal order
-maximal order  ,
i.e., an order
,
i.e., an order  such that
 such that 
![$ [\O _K:\O ]$](img544.png) is coprime to
 is coprime to  .  A
.  A
 -maximal order can be found very quickly in practice using the
``round 2'' or ``round 4'' algorithms.  (Remark: Later we will see
that to compute
-maximal order can be found very quickly in practice using the
``round 2'' or ``round 4'' algorithms.  (Remark: Later we will see
that to compute  , we take the sum of
, we take the sum of  -maximal orders, one for
every
-maximal orders, one for
every  such that
 such that  divides
 divides 
 .  The time-consuming
part of this computation of
.  The time-consuming
part of this computation of  is finding the primes
 is finding the primes  such that
 such that
 , not finding the
, not finding the  -maximal orders.  Thus a
fast algorithm for factoring integers would not only break
many cryptosystems, but would massively speed up computation of the ring of
integers of a number field.)
-maximal orders.  Thus a
fast algorithm for factoring integers would not only break
many cryptosystems, but would massively speed up computation of the ring of
integers of a number field.)
 is an order in the ring
 is an order in the ring  of integers of a number
field
 of integers of a number
field  .  For any prime
.  For any prime 
 , the following (sketch of an)
algorithm computes the set of maximal ideals of
, the following (sketch of an)
algorithm computes the set of maximal ideals of  that contain
 that contain  .
.
Sketch of algorithm. 
Let 
 be a number field given
by an algebraic integer
 be a number field given
by an algebraic integer  as a root of its
minimal monic polynomial
 as a root of its
minimal monic polynomial  of degree
 of degree  .
We assume that an order
.
We assume that an order  has been 
given by a basis
 has been 
given by a basis 
 and that
and that  that contains
 that contains 
![$ \mathbf{Z}[a]$](img478.png) .
Each of the following steps can be carried out 
efficiently using little more
than linear algebra over
.
Each of the following steps can be carried out 
efficiently using little more
than linear algebra over 
 .  
The details are in [Coh93, §6.2.5].
.  
The details are in [Coh93, §6.2.5].
![$ p\nmid \disc (\mathbf{Z}[a]) / \disc (\O )$](img550.png) (so
 (so 
![$ p\nmid [\O :\mathbf{Z}[a]]$](img551.png) ), then by a 
slight modification of Theorem 8.1.3, we
easily factor
), then by a 
slight modification of Theorem 8.1.3, we
easily factor  .
.
 be the  of
 be the  of  , which is the ideal of 
elements
, which is the ideal of 
elements  such that
 such that 
 for some positive integer
 
for some positive integer  .
Using linear algebra over the finite field
.
Using linear algebra over the finite field 
 , we can quickly compute a basis for
, we can quickly compute a basis for  .
(We never compute
.
(We never compute 
 .)
.)
 basis for
 basis for
 
 ,
which is clear by definition.  Note that
,
which is clear by definition.  Note that 
 is obtained by simply reducing the basis
is obtained by simply reducing the basis 
 modulo
 modulo  .
.
 is a finite Artin ring with
no nilpotents, so it decomposes as a product
 is a finite Artin ring with
no nilpotents, so it decomposes as a product 
![$ A \cong \prod \mathbf{F}_p[x]/g_i(x)$](img560.png) of fields.  We can quickly find such
a decomposition explicitly, as described in 
[Coh93, §6.2.5].
 of fields.  We can quickly find such
a decomposition explicitly, as described in 
[Coh93, §6.2.5].
 ] Each maximal ideal
] Each maximal ideal 
 lying over
 lying over  is the kernel of
 
is the kernel of 
![$ \O\rightarrow A \rightarrow \mathbf{F}_p[x]/g_i(x)$](img561.png) .
.
 that contain the radical
 that contain the radical  of
 of
 .  Every such prime clearly contains
.  Every such prime clearly contains  , so to see that the
algorithm is correct, we must prove that the primes
, so to see that the
algorithm is correct, we must prove that the primes 
 of
 of  that
contain
 that
contain  also contain
 also contain  .  If
.  If 
 is a prime of
 is a prime of  that
contains
 that
contains  , then
, then 
 .  If
.  If  then
 then 
 for some
for some  , so
, so 
 which implies that
 which implies that 
 by primality
of
 by primality
of 
 .  Thus
.  Thus 
 contains
 contains  , as required.
, as required.
William Stein 2004-05-06