The problem of factoring a polynomial in a single or several variables over a finite field, the rational numbers or the complex numbers is one of the success stories in the discipline of symbolic computation. In the early 1960s implementors investigated the constructive methods known from classical algebra books, but--with the exception of Gauss's distinct degree factorization algorithm--found the algorithms quite inefficient in practice [16]. The contributions in algorithmic techniques that have been made over the next 40 years are truly a hallmark of symbolic computation research.

The early pioneers, Berlekamp, Musser, Wang, Weinberger, Zassenhaus and others applied new ideas like randomization, that even before the now famous algorithms for primality testing by Rabin and Strassen, and like generic programming with coefficient domains as abstract data classes, and they introduced the powerful Hensel lifting lemma to computer algebra. We note that while de-randomization for integer primality testing has been accomplished recently [1], the same remains open for the problem of computing a root of a polynomial modulo a large prime [12, Research Problem 14.48].

Polynomial-time complexity for rational coefficients was established in the early 1980s by the now-famous lattice basis reduction algorithm of A. Lenstra, H. W. Lenstra, Jr., and L. Lovász. The case of many variables first became an application of the DeMillo and Lipton/Schwartz/Zippel lemma [30] and then triggered a fundamental generalization from the standard sparse (distributed) representation of polynomials to the one by straight line and black box programs [11, 17, 19]. Effective versions of the Hilbert irreducibility theorem are needed for the probabilistic analysis, which serendipitously later have also played a role in the PCP characterization of <i>NP</i> [2]. Unlike many other problems in commutative algebra and algebraic geometry, such as algebraic system solving, the polynomial factoring problem is of probabilistic polynomial-time complexity in the number of variables.

Complex coefficients in multivariate factors can be represented either by exact algebraic numbers or by imprecise floating point numbers. The latter formulation is a cornerstone in the new computer algebra subject of SNAP (Symbolic-Numeric Algorthms for Polynomials) (see, e.g., [4]). The approaches for both exact and imprecise coefficients are manifold, including Ruppert's partial differential equations [26, 27, 6, 10] and Gao's and Lauder's far-reaching generalization of Eisenstein's criterion in the multivariate case to Newton polytope decomposition [8, 9]. The currently best algorithms were all discovered recently within the past ten years.

The baby steps/giant steps technique and fast distinct and equal degree factorization implementations have, at last, yielded in the mid 1990s theoretical and practical improvements over the original univariate Berlekamp algorithm for coefficients in finite fields [13, 29, 18, 3]. The average time analysis for selected algorithms is also completed [5]. For bivariate polynomials over finite fields, surprisingly Gröbner basis techniques are useful in practice [23].

New polynomial-time complexity results are the computation of low degree factors of very high degree sparse (lacunary) polynomials by H. W. Lenstra, Jr. [20, 21], and the deterministic distinct degree factorization for multivariate polynomials over large finite fields [7]. However, many problems with high degree polynomials over large finite fields in sparse or straight line program representations, such as computing a root modulo a large prime, are not known to be in random polynomial time or NP-hard (cf. [24, 25, 15]).

Finally, in 2000 Mark van Hoeij [14] reintroduced lattice basis reduction, now in the Berlekamp-Zassenhaus algorithm, to conquer the hard-to-factor Swinnerton-Dyer polynomials in practice. Sasaki in 1993 had already hinted of the used approach [28].

In my talk I will discuss a selection of the highlights, state remaining open problems, and give some applications including an unusual one due to Moni Naor [22].

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	M. Agrawal, N. Kayal, and N. Saxena. PRIMES is in P. Manuscript, 2002. Available from http://www.cse.iitk.ac.in/news/primality.pdf.
	2	Sanjeev Arora , Madhu Sudan, Improved low-degree testing and its applications, Proceedings of the twenty-ninth annual ACM symposium on Theory of computing, p.485-495, May 04-06, 1997, El Paso, Texas, United States  [doi>10.1145/258533.258642]
	3	Olaf Bonorden , Joachim von zur Gathen , Jürgen Gerhard , Olaf Müller, Factoring a binary polynomial of degree over one million, ACM SIGSAM Bulletin, v.35 n.1, p.16-18, March 2001  [doi>10.1145/504331.504333]
	4	R. M. Corless, E. Kaltofen, and S. M. Watt. Section 2.12.3. Symbolic/Numeric Methods: Hybrid Methods. In J. Grabmeier, E. Kaltofen, and V. Weispfenning, editors, Computer Algebra Handbook, pages 112--125. Springer Verlag, Heidelberg, Germany, 2002.
	5	P. Flajolet , X. Gourdon , D. Panario, The complete analysis of a polynomial factorization algorithm over finite fields, Journal of Algorithms, v.40 n.1, p.37-81, July 2001  [doi>10.1006/jagm.2001.1158]
	6	Shuhong Gao, Factoring multivariate polynomials via partial differential equations, Mathematics of Computation, v.72 n.242, p.801-822, 1 April 2003  [doi>10.1090/S0025-5718-02-01428-X]
	7	S. Gao, E. Kaltofen, and A. Lauder. Deterministic distinct degree factorization for polynomials over finite fields. Paper submitted, 10 pages, 2001.
	8	S. Gao and A. G. B. Lauder. Decomposition of polytopes and polynomials. Discrete and Computational Geometry, 26:89--104, 2001.
	9	Shuhong Gao , Alan G. B. Lauder, Hensel lifting and bivariate polynomial factorisation over finite fields, Mathematics of Computation, v.71 n.240, p.1663-1676, October 2002  [doi>10.1090/S0025-5718-01-01393-X]
	10	S. Gao and V. M. Rodrigues. Irreducibility of polynomials modulo p via Newton polytopes. Preprint, 13 pages. Available from http://www.math.clemson.edu/ sgao/pub.html. To appear J. Number Theory, 2003.
	11	Joachim von zur Gathen, Irreducibility of multivariate polynomials, Journal of Computer and System Sciences, v.31 n.2, p.225-264, Sept. 1985  [doi>10.1016/0022-0000(85)90043-1]
	12	Joachim von zur Gathen , Jürgen Gerhard, Modern computer algebra, Cambridge University Press, New York, NY, 1999
	13	J. Gathenvon zur Gathen and V. Shoup. Computing Frobenius maps and factoring polynomials. Comput. Complexity, 2:187--224, 1992.
	14	M. Hoeijvan Hoeij. Factoring polynomials and the knapsack problem. J. Number Theory, 95:167--189, 2002. Implementation available at http://web.math.fsu.edu/ hoeij/.
	15	O. H. Ibarra, S. Moran, and L. E. Rosier. Probabilistic algorithms and straight-line programs for some rank decision problems. Information Process. Lett., 12:227--232, 1981.
	16	S. C. Johnson. Tricks for improving Kronecker's method. Report, Bell Laboratories, 1966.
	17	E. Kaltofen. Factorization of polynomials given by straight-line programs. In S. Micali, editor, Randomness and Computation, volume 5 of Advances in Computing Research, pages 375--412. JAI Press Inc., Greenwhich, Connecticut, 1989.
	18	Erich Kaltofen , Victor Shoup, Subquadratic-time factoring of polynomials over finite fields, Mathematics of Computation, v.67 n.223, p.1179-1197, July 1, 1998  [doi>10.1090/S0025-5718-98-00944-2]
	19	Erich Kaltofen , Barry M. Trager, Computing with polynomials given by black boxes for their evaluations: greatest common divisors, factorization, separation of numerators and denominators, Journal of Symbolic Computation, v.9 n.3, p.301-320, March 1990  [doi>10.1016/S0747-7171(08)80015-6]
	20	H. W. Lenstra, Jr. Finding small degree factors of lacunary polynomials. In Number Theory in Progress, volume I, Diophantine Problems and Polynomials, pages 267--276. Walter de Gruyter, 1999. Proceedings of a meeting in honor of the 70th birthday of Andrzej Schinzel.
	21	H. W. Lenstra, Jr. On the factorization of lacunary polynomials. In Number Theory in Progress, volume I, Diophantine Problems and Polynomials, pages 277--291. Walter de Gruyter, 1999. Proceedings of a meeting in honor of the 70th birthday of Andrzej Schinzel.
	22	M. Naor. A protocol for spam prevention. Lecture at the "Complexity Theory" Meeting in Oberwolfach, Apr. 2003. To appear in Proc. CRYPTO 2003.
	23	Masayuki Noro , Kazuhiro Yokoyama, Yet another practical implementation of polynomial factorization over finite fields, Proceedings of the 2002 international symposium on Symbolic and algebraic computation, p.200-206, July 07-10, 2002, Lille, France  [doi>10.1145/780506.780532]
	24	D. A. Plaisted. Sparse complex polynomials and polynomial reducibility. J. Comput. System Sci., 14:210--221, 1977.
	25	D. A. Plaisted. Some polynomial and integer divisibility problems are NP-hard. SIAM J. Comput., 7:458--464, 1978.
	26	W. M. Ruppert. Reduzibilität ebener Kurven. J. reine angew. Math., 369:167--191, 1986.
	27	W. M. Ruppert. Reducibility of polynomials f(x,y) modulo p. J. Number Theory, 77:62--70, 1999.
	28	T. Sasaki and M. Sasaki. A unified method for multivariate polynomial factorization. Japan J. of Industrial and Applied Mathem., 10(1):21--39, Feb. 1993.
	29	Victor Shoup, A new polynomial factorization algorithm and its implementation, Journal of Symbolic Computation, v.20 n.4, p.363-397, October 1995  [doi>10.1006/jsco.1995.1055]
	30	Richard Zippel, Newton's iteration and the sparse Hensel algorithm (Extended Abstract), Proceedings of the fourth ACM symposium on Symbolic and algebraic computation, p.68-72, August 05-07, 1981, Snowbird, Utah, United States  [doi>10.1145/800206.806372]