Throughout the paper, n is a positive integer, p is a prime, \(\mathbb{Z}_{n}\) is the ring of integers modulo n defined as \(\mathbb{Z}_{n} = \lbrace 0, \ldots , n-1 \rbrace \), \(\mathbb{F}\) is a field, and \(\mathbb{F}_{q}\) is the finite field with q elements, where q is a prime power. Also, \(\mathbb{F}_{p}\) is the prime field. Note that \(\mathbb{F}_{p}=\mathbb{Z}_{p}=\lbrace 0, \ldots , p-1 \rbrace \).
Finding (the number of) solutions of univariate and multivariate polynomial equations over fields and rings is a fundamental problem in mathematics, computer science, and related areas with many applications in various domains. In this paper, by a polynomial we mean a univariate polynomial. As a classical example, one can mention the Fundamental Theorem of Algebra which gives the exact number of solutions of polynomial equations over the field of complex numbers.
Theorem 2.1
(Fundamental Theorem of Algebra)
Let \(f(x)\) be a non-zero polynomial of degree \(d \geq 0\) with complex coefficients. Then the equation
has, counting multiplicities, exactly d complex solutions. Equivalently, the field of complex numbers is algebraically closed.
There are about a hundred proofs(!) of the Fundamental Theorem of Algebra [46]. See [46] for “one of the most elegant and certainly the shortest” proof.
By a solution of the polynomial congruence
$$ f(x) \equiv 0 \ (\operatorname {mod} n)$$
we mean an integer in \(\mathbb{Z}_{n}\) that satisfies the congruence. So, every polynomial congruence modulo n has at most n solutions. Similarly, every multivariate polynomial congruence in k variables modulo n has at most \(n^{k}\) solutions.
A natural question is whether the Fundamental Theorem of Algebra can be applied to the ring \(\mathbb{Z}_{n}\) (that is, to polynomial congruences modulo n)? The answer is no; there is no direct analog of the Fundamental Theorem of Algebra for polynomial congruences. Let us see some examples. The following result, proved by D. N. Lehmer [47], gives an explicit formula for the number of solutions of linear congruences:
Theorem 2.2
(Lehmer’s Theorem)
Let \(a_{1},\ldots ,a_{k},b\in \mathbb{Z}\). The linear congruence
$$ a_{1}x_{1}+\cdots +a_{k}x_{k}\equiv b \ (\operatorname {mod} n)$$
has a solution \(\langle x_{1},\ldots ,x_{k} \rangle \in \mathbb{Z}_{n}^{k}\) if and only if \(\ell \mid b\), where \(\ell =\gcd (a_{1}, \ldots , a_{k}, n)\). Furthermore, if this condition is satisfied, then there are \(\ell n^{k-1}\) solutions.
Note that the generalization of Lehmer’s Theorem to higher degree multivariate polynomial congruences is a challenging problem. In fact, even the quadratic version addressed by Cohen [48] has much more complicated formulas.
By Lehmer’s Theorem, the linear congruence \(ax \equiv b \ (\operatorname {mod} n)\), where a and b are integers, has zero, one, or more solutions (in fact, zero or \(\gcd (a,n)\) solutions). As another example, the quadratic congruence \(x^{2} \equiv 1 \ (\operatorname {mod} 8)\) has four solutions 1, 3, 5, and 7. These examples show that the Fundamental Theorem of Algebra is not applicable to polynomial congruences. But when the modulus is prime, we have the following result due to Lagrange which gives an upper bound for the number of solutions (see, e.g., [49]).
Theorem 2.3
(Lagrange’s Theorem)
Given a prime p, let
$$ f(x)=a_{d}x^{d} + \cdots + a_{1}x + a_{0} $$
be a polynomial with integer coefficients such that \(a_{d} \not \equiv 0 \ (\operatorname {mod} p)\) (said to be of degree d). Then the polynomial congruence
$$ f(x) \equiv 0 \ (\operatorname {mod} p)$$
has at most d solutions.
Lagrange’s Theorem can be extended from the prime field \(\mathbb{Z}_{p}\) to arbitrary fields (not necessarily finite) as the following (see, e.g., [50]):
Theorem 2.4
Let \(\mathbb{F}\) be a field and \(f(x)\) be a non-zero polynomial of degree \(d \geq 0\) with coefficients in \(\mathbb{F}\). Then the polynomial equation
has, counting multiplicities, at most d solutions in \(\mathbb{F}\). Therefore, it has at most d distinct solutions in \(\mathbb{F}\).
It would be useful to compare the above results:
Remark 2.5
The following observations are useful, specially when discussing the Polynomial Hash and its variants:
-
Setting \(\mathbb{F}=\mathbb{Z}_{p}\) in Theorem 2.4 we obtain Lagrange’s Theorem but not in full generality. In fact, in Theorem 2.4 when \(\mathbb{F}=\mathbb{Z}_{p}\), the coefficients of the polynomial must be in \(\mathbb{Z}_{p}\), but in Lagrange’s Theorem the coefficients are arbitrary integers.
-
While Theorem 2.4 works on arbitrary fields (including the field of complex numbers), it does not imply the Fundamental Theorem of Algebra. In fact, the Fundamental Theorem of Algebra gives the exact number of complex solutions of polynomial equations over the field of complex numbers, but Lagrange’s Theorem and Theorem 2.4 just give upper bounds for the number of solutions over the prime field and arbitrary fields, respectively.
-
The proof of the Fundamental Theorem of Algebra is totally different from the proof of Lagrange’s Theorem and Theorem 2.4. In fact, the proof of the Fundamental Theorem of Algebra is usually given as a result in complex analysis and “the shortest” proof [46] still requires two pages, but the proofs of Lagrange’s Theorem and Theorem 2.4 are usually given as results in number theory and field theory and can be written in just a few lines (see, e.g., [49, 50]).
Note that Lagrange’s Theorem does not hold for composite moduli. For example, the quadratic congruence \(x^{2} \equiv 1 \ (\operatorname {mod} 8)\) has four solutions 1, 3, 5, and 7. Surprisingly, Vandiver [51] obtained, for ‘restricted’ solutions, exactly the same upper bound as in Lagrange’s Theorem and Theorem 2.4 in the much more general setting of commutative rings with identity (that we call Vandiver’s Theorem), but, unfortunately, his result, while is quite interesting, seems to have been forgotten. Let \({\mathcal{R}}\) be a commutative ring with identity. Two elements \(u, v \in {\mathcal{R}}\) are said to be absolutely distinct if \(u-v\) is not zero and not a zero divisor.
Theorem 2.6
(Vandiver’s Theorem)
Let \({\mathcal{R}}\) be a commutative ring with identity. Let
$$ f(x)=a_{d}x^{d} + \cdots + a_{1}x + a_{0} $$
be a polynomial with coefficients in \({\mathcal{R}}\) such that \(a_{d} \neq0\). Then the polynomial equation
has at most d absolutely distinct solutions.
Taking \({\mathcal{R}}=\mathbb{Z}_{n}\), Vandiver [51] derived the following version for \(\mathbb{Z}_{n}\). Two integers a and b are said to be absolutely incongruent modulo n if \(a-b\) is coprime to n.
Theorem 2.7
(Vandiver’s Theorem for \(\mathbb{Z}_{n}\))
Given a positive integer n, let
$$ f(x)=a_{d}x^{d} + \cdots + a_{1}x + a_{0} $$
be a polynomial with integer coefficients such that \(a_{d} \not \equiv 0 \ (\operatorname {mod} n)\). Then the polynomial congruence
$$ f(x) \equiv 0 \ (\operatorname {mod} n)$$
has at most d absolutely incongruent solutions.
Note that setting \(n=p\), a prime, in Vandiver’s Theorem for \(\mathbb{Z}_{n}\), we re-obtain Lagrange’s Theorem since any two distinct elements of \(\mathbb{Z}_{p}\) are absolutely incongruent modulo p.
The rest of this section is devoted to generalizing Lagrange’s Theorem to composite moduli (or, equivalently, generalizing Vandiver’s Theorem for \(\mathbb{Z}_{n}\) to cover all solutions). For generalization to prime power moduli, an upper bound for the number of solutions can be obtained using the following result (see, e.g., [49]).
Theorem 2.8
Suppose \(\alpha > 1\) is an integer and s is a solution of the polynomial congruence
$$ f(x) \equiv 0 \ (\operatorname {mod} p^{\alpha -1}).$$
Then we have the following cases:
-
If \(f'(s) \not \equiv 0 \ (\operatorname {mod} p)\) then s can be lifted in a unique way from \(p^{\alpha -1}\) to \(p^{\alpha }\). That is, there is a unique \(t \in \mathbb{Z}_{p^{\alpha }}\) which generates s and which satisfies the polynomial congruence
$$ f(x) \equiv 0 \ (\operatorname {mod} p^{\alpha}).$$
-
If \(f'(s) \equiv 0 \ (\operatorname {mod} p)\) then:
-
If \(f(s) \equiv 0 \ (\operatorname {mod} p^{\alpha})\), s can be lifted from \(p^{\alpha -1}\) to \(p^{\alpha }\) in p distinct ways.
-
If \(f(s) \not \equiv 0 \ (\operatorname {mod} p^{\alpha})\), s cannot be lifted from \(p^{\alpha -1}\) to \(p^{\alpha }\).
Given a positive integer n, let
$$ f(x)=a_{d}x^{d} + \cdots + a_{1}x + a_{0} $$
be a polynomial with integer coefficients such that \(a_{d} \not \equiv 0 \ (\operatorname {mod} n)\) (said to be of degree d). Denote by \(N_{d}(a_{0}, a_{1}, \ldots , a_{d}, n)\) the number of solutions of the polynomial congruence
$$ f(x) \equiv 0 \ (\operatorname {mod} n).$$
Lemma 2.9
If
\(\mathcal{G}:=\gcd (a_{0}, a_{1}, \ldots , a_{d}, n)>1\)
then
$$ N_{d}(a_{0}, a_{1}, \ldots , a_{d}, n)=\mathcal{G}N_{d}(a_{0}/ \mathcal{G}, a_{1}/ \mathcal{G}, \ldots , a_{d}/\mathcal{G}, n/ \mathcal{G}). $$
Proof
The proof easily follows from the basic properties of congruences. □
Therefore, by Lemma 2.9, it suffices to consider the number of solutions of the above polynomial congruence with \(\gcd (a_{0}, a_{1}, \ldots , a_{d}, n)=1\). For simplicity, we denote the number of such solutions by \(N(d, n)\).
Using Lagrange’s Theorem and Theorem 2.8, we can obtain the following upper bound for \(N(d, p^{\alpha })\).
Theorem 2.10
Let \(\alpha \geq 1\) be an integer. Then
$$ N\bigl(d, p^{\alpha }\bigr) \leq dp^{\alpha -1}.$$
Proof
Clearly, if \(N(d, p)=0\) then \(N(d, p^{\alpha })=0\), for all integers \(\alpha \geq 1\). So, let \(N(d, p)>0\). Then, using Theorem 2.8, corresponding to each solution of the polynomial congruence modulo p there will be 0, 1, or p solutions modulo \(p^{2}\). So, using Lagrange’s Theorem and Theorem 2.8, \(N(d, p^{2}) \leq dp\). Similarly, corresponding to each solution of the polynomial congruence modulo \(p^{2}\) there will be 0, 1, or p solutions modulo \(p^{3}\). Therefore, \(N(d, p^{3}) \leq dp^{2}\). Repeating this process, the result follows. □
Is there a better upper bound for \(N(d, p^{\alpha })\)? Yes(!), and the best upper bound for \(N(d, p^{\alpha })\) is widely attributed to Stewart [52], and to Schmidt and Stewart [53]. But we have discovered that Konyagin [44, 45] (in Russian and back in 1979) has already obtained a stronger and more general upper bound for \(N(d, p^{\alpha })\) (that we call Konyagin’s Theorem). We remark that all these bounds were obtained using advanced tools in number theory and their proofs are rather long and complicated.
Theorem 2.11
(Konyagin’s Theorem)
Let \(\alpha \geq 1\) be an integer. Then
$$ N\bigl(d, p^{\alpha }\bigr) \leq \frac{d}{\alpha (p-1)}p^{\alpha }.$$
Furthermore, if \(d \geq 2\) and \(p \geq d^{1+1/(d-1)}\), then
$$ N\bigl(d, p^{\alpha }\bigr) \leq p^{\alpha (1-1/d)}.$$
So far, we have very good upper bounds for the number of solutions of polynomial congruences modulo prime powers. Now, we generalize these upper bounds to arbitrary moduli. For this we need the following tool (see, e.g., [49]).
Theorem 2.12
Let \(f(x)\) be a polynomial with integer coefficients. Also, let \(n_{1},\ldots ,n_{r}\) be positive integers, pairwise coprime, and let \(n = n_{1} \cdots n_{r}\). Then the polynomial congruence
$$\begin{aligned} f(x) \equiv 0 \ (\operatorname {mod} n) \end{aligned}$$
(1)
has a solution if and only if each of the polynomial congruences
$$\begin{aligned} f(x) \equiv 0 \ (\operatorname {mod} n_{i}) \quad (i = 1, \dots , r) \end{aligned}$$
(2)
has a solution. Moreover, if \(v(n)\) and \(v(n_{i})\) denote the number of solutions of (1) and (2), respectively, then
$$ v(n) = v(n_{1}) \cdots v(n_{r}). $$
When modulus n is square-free, we obtain the best upper bound for \(N(d, n)\) using Lagrange’s Theorem and Theorem 2.12 as follows.
Theorem 2.13
Let n be square-free with r distinct prime factors. Then
Proof
Let n has the prime factorization \(n= p_{1} \ldots p_{r}\), where \(p_{i}\)’s are distinct primes. By Lagrange’s Theorem, \(N(d, p_{i}) \leq d\) for all i. Since \(p_{i}\)’s are pairwise coprime, using Theorem 2.12 we have
$$ N(d, n) = \prod_{i=1}^{r}N(d, p_{i}) \leq d^{r}.$$
□
Similarly, when modulus n is an arbitrary positive integer, we obtain the best upper bound for \(N(d, n)\) using Konyagin’s Theorem and Theorem 2.12 as follows.
Theorem 2.14
Let \(n>1\) has the prime factorization \(n= \prod_{i=1}^{r}p_{i}^{\alpha _{i}}\), where \(p_{i}\)’s are prime and \(\alpha _{i} \geq 1\) for all i. Then
$$ N(d, n) \leq \frac{nd^{r}}{\prod_{i=1}^{r}\alpha _{i}(p_{i}-1)}.$$
Furthermore, if \(d \geq 2\) and \(p_{i} \geq d^{1+1/(d-1)}\) for all i, then
$$ N(d, n) \leq \frac{n}{\prod_{i=1}^{r} p_{i}^{\alpha _{i}/d}}.$$
Proof
By Konyagin’s Theorem, we have
$$ N\bigl(d, p_{i}^{\alpha _{i}}\bigr) \leq \frac{d}{\alpha _{i}(p_{i}-1)}p_{i}^{ \alpha _{i}},$$
for all i. Since \(p_{i}^{\alpha _{i}}\)’s are pairwise coprime, using Theorem 2.12 we have
$$ N(d, n) = \prod_{i=1}^{r}N\bigl(d, p_{i}^{\alpha _{i}}\bigr) \leq \prod_{i=1}^{r} \frac{d}{\alpha _{i}(p_{i}-1)}p_{i}^{\alpha _{i}}= \frac{nd^{r}}{\prod_{i=1}^{r}\alpha _{i}(p_{i}-1)}.$$
Similarly, if \(d \geq 2\) and \(p_{i} \geq d^{1+1/(d-1)}\) for all i, then by Konyagin’s Theorem and Theorem 2.12, we have
$$ N(d, n) = \prod_{i=1}^{r}N\bigl(d, p_{i}^{\alpha _{i}}\bigr) \leq \prod_{i=1}^{r}p_{i}^{ \alpha _{i}(1-1/d)}= \frac{n}{\prod_{i=1}^{r} p_{i}^{\alpha _{i}/d}}.$$
□
