We can “compose” thendistinctnth powers into just one by calling the composi- tum algorithm 4.10. This will give us an elementα ∈F such that E(αn) has more
thannelements. In caseEalready has enough elements, we simply takeα= 1. We may now assume that E is “large”; and for such fields E we can easily find some nth powers that together generate F over E, as the following Lemma and its Corollary show.
Lemma 4.12 Let β generateF overE, and supposec0, . . . , cn are distinct elements of E. Then ifβ 6∈E, we also have(β+ci)n6∈Efor at least onei with0≤i≤n.
Proof. Assume the contrary; putq = |E|. Then for all i, we have (β+ci)nq =
(β+ci)n, so (β +ci)q−1 is an nth root of unity in F, of which there are at most
n. By the pigeonhole principle, there exist i and j with 0 ≤ i < j ≤ n such that (β+ci)q−1= (β+cj)q−1, which implies ββ++ccij ∈E.But this is a contradiction, because
β is not inE, and we haveci6=cj.
Corollary 4.13 With the same assumptions as in the Lemma, the elements(β+ci)n (fori= 0, . . . , n) together generateF overE.
Proof. Retaining the same elementsci, apply the Lemma successively to all maxi-
mal subfields ofFcontainingE(in the role ofE). It follows that no such field contains all the elements (β+ci)n. Therefore these elements generate the whole field F.
We apply this construction toF/E(αn), whereαis defined as above. Once we have
obtained theci, then with a second call to Algorithm 4.10, we “compose” the elements
β+ci, for i= 0, . . . , n, together withα, to find a single elementαwhosenth power
generatesFoverE. This solves our problem.
Algorithm 4.14 (Finding annth power generator for a finite field.)
Input: finite fields E ⊆ F, with |E| = q and [F : E] = e, and a positive integer n dividingqe
−1.
Output: an elementα∈Fsuch that E(αn) is equal to the fieldK generated over E
by allnth powers inF. [We haveK=Fwheneverqe> n2.]
1: [Fsmall?] Ifqe
≤n2 then:
a: [Find powers] Putt= qen−1 and letγ1, . . . , γtbe elements ofF∗ whosenth
powers are all distinct.
b: [Find degree] Compute βq, where β is the given generator of F over E.
Using Algorithm 4.5, find i with 1 ≤ i ≤ t such that [E(γn
i) : E] is
maximal.
2: [Esmall?] Put α= 1. Ifq≤nthen:
a: [Find powers] Enumerate elements of F until we have found n nonzero elementsγ1, . . . , γn whosenth powers are all distinct.
b: [Compose] Apply Algorithm 4.10 to E, F, and γ1n, . . . , γnn; let x1, . . . , xn
be the result. Replace α by γx1
1 · · ·γnxn. [Now E(αn) has more than n
elements.]
3: [Not done yet?] If [E(αn) :E]<[F:E] then:
a: [Enumerate] Computen+1 arbitrary distinct elementsc0, . . . , cnofE(αn).
b: [Compose] Apply Algorithm 4.10 toE,F, andαn,(β+c0)n, . . . ,(β+c n)n,
where β is the given generator forFoverE; letz, y0, . . . , yn be the result.
Replaceαby
αz(β+c0)y0
· · ·(β+cn)yn.
4: [Result] Output αand terminate.
Remarks. The degree in Step 3 is computed already by Algorithm 4.10, although formally it is not given as output.
If we compute theγi in Step 2, we can reuse them in Step 3a by puttingci=γin
fori≥1, andc0= 0.
Proposition 4.15 Algorithm 4.14 is correct and deterministic. It can be run using
˜
O(n2e+ne2+elogq)operations inE, wheree= [F:E]andq=|E|.
Proof. The correctness of Algorithm 4.14 follows from the discussion above. Step 1a and Step 2a each take at mostO(n2logn) operations inF, because every equationxn=ahas at mostnsolutions, and we havet < nin Step 1a. Each of the
two calls to Algorithm 4.10, and also Step 1b, which is a subset of Algorithm 4.10, takes ˜O(e(logq) +ne2) operations in Eby Proposition 4.11, while the computations of the new values forβ in Steps 2b and 3b takeO(ne) operations inF, due to thexi,
yi, andz being bounded bye= [F:E]. The bound in the Proposition follows by the
assumption that one operation inFtakes ˜O(e) operations inE.
Proof of Theorem 4.2. Writeq=|F|. Ifndoes not divideq−1, we replacenby gcd(n, q−1) as described in Section 2.2. Now Algorithm 4.14, applied to the extension
Fp⊆F, generates the subfield Kof sums ofnth powers inFby means of adjunction
of βn to F
p. By Proposition 4.15, this algorithm is correct and deterministic, and
finishes in time polynomial innand logq.
Generalisations. The multiplicative compositum algorithm 4.10 is valid for a finite cyclic extensionL/K of arbitrary fields, provided:
4.4. Findingnth power generators 41
(ii) we can determine (efficiently) whether a field element is contained in one or more intermediate fields (i.e., fields M with K ⊆ M ⊆L). This condition is satisfied, for example, if we know a generator of the Galois group ofLoverK. It follows that Algorithm 4.10 should work for cyclic extensions of number fields, for example, as well as for finite fields.
We note that Lemma 4.12 and its Corollary are valid for arbitrary finite cyclic Galois extensions. (The same proof works, except that one should replace the map x7→xq by a generator of the Galois group.) It follows thatnth power generators can
be computed for such extensions by Algorithm 4.14.
As regards Lemma 4.7, it is an interesting question from representation theory under which conditions every basis contains a ring generator, if we consider noncyclic extensions of fields or more general rings. For example, if L/K is a Galois extension with Galois groupV4, then one can easily write down a basis forLoverK such that no basis element generatesL; this follows because the vector space sum of the three quadratic intermediate fields is equal to L. Also, ifK andL are number fields, it is natural to restrict attention tointegral bases. See [51] for some results in this area.