Factoring Polynomials over Finite Fields

(1)

The Problem The Well-Known Methods The Main Idea Singular Hyperelliptic Curves Factoringf(x)

Factoring Polynomials over Finite Fields

Enver Ozdemir

(2)

1 _F_p_,_p_{is an odd prime.} 2 _f₍_x₎∈_Fp_[_x_]

3 The Problem: Findf

i(x)∈Fp[x],f(x) =f1(x). . .fn(x), fi(x)irreducible and coprime.

(3)

1 _F_p_,_p_{is an odd prime.} 2 _f_(x₎∈_F_p_[x_]

i(x)∈Fp[x],f(x) =f1(x). . .fn(x), fi(x)irreducible and coprime.

(4)

1 _F_p_,_p_{is an odd prime.} 2 _f_(x₎∈_F_p_[x_]

i(x)∈Fp[x],f(x) =f1(x). . .fn(x),

fi(x)irreducible and coprime.

(5)

1 _{Berlekamp and Cantor-Zassenhaus (PARI etc.)}

2 _{Berlekamp: Find}_h₍_x₎∈_Fp_[_x_],_hp₍_x₎≡_h₍_x₎_(mod_f₍_x₎₎ 3 _gcd(_h₍_x₎−_t_,_f₍_x₎₎

4 _{Cantor-Zassenhaus: gcd(}_h₍_x₎(pd−1)/2−₁_,_f₍_x₎₎_each irreducible factor off(x)is of degreen.

5 _{probabilistic,}∼₁_/_{2 chance for}_h₍_x₎

(6)

1 _{Berlekamp and Cantor-Zassenhaus (PARI etc.)} 2 _{Berlekamp: Find}_h(x₎∈_F

p[x],hp(x)≡h(x)(modf(x))

3 _gcd(h(x)−_t_,_f_(x₎₎

4 _{Cantor-Zassenhaus: gcd(}_h₍_x₎(pd−1)/2−₁_,_f₍_x₎₎_each irreducible factor off(x)is of degreen.

(7)

3 _gcd(h(x)−_t_,_f_(x₎₎

4 _{Cantor-Zassenhaus: gcd(h(x)}(pd−1)/2−₁_,_f_(x₎₎_each irreducible factor off(x)is of degreen.

(8)

3 _gcd(h(x)−_t_,_f_(x₎₎

4 _{Cantor-Zassenhaus: gcd(h(x)}(pd−1)/2−₁_,_f_(x₎₎_each irreducible factor off(x)is of degreen.

5 _{probabilistic,}∼₁_/_{2 chance for}_h(x₎

(9)

What is a hyperelliptic curve The Jacobian

Factoringf(x)

1 _k _{is a finite field of characteristic different from 2.} 2 _H _:_y2₌_f₍_x₎

3 f₍x₎is a monic polynomial with simple roots and deg(f(x)) =2g+1

(10)

Factoringf(x)

1 _k _{is a finite field of characteristic different from 2.} 2 _H _:_y2₌_f_(x₎

3 f₍x₎is a monic polynomial with simple roots and deg(f(x)) =2g+1

(11)

Factoringf(x)

1 _k _{is a finite field of characteristic different from 2.} 2 _H _:_y2₌_f_(x₎

3 f(x₎is a monic polynomial with simple roots and deg(f(x)) =2g+1

(12)

Factoringf(x)

1 _{Jac(H) =Pic}o_(H)

2 _{Pic(H) =}_{the group of all isomorphism classes of invertible} k[x,y]/(y2−f(x)-modules.

3 D∈Jac(H)

4 _{the Mumford Representation: Unique pair of polynomials} (u(x),v(x))satisfying the followings

u(x)is monic

degv(x)<degu(x)≤g

f(x)−v(x)2is a multiple ofu(x)

5 _{Cantor’s Algorithm: Computing in Jac(}_H_{), only polynomial} arithmetics

(13)

Factoringf(x)

3 D∈Jac(H)

u(x)is monic

degv(x)<degu(x)≤g

(14)

Factoringf(x)

3 D∈Jac(H)

u(x)is monic

degv(x)<degu(x)≤g

(15)

Factoringf(x)

3 D∈Jac(H)

u(x)is monic

degv(x)<degu(x)≤g

(16)

Factoringf(x)

3 D∈Jac(H)

u(x)is monic

degv(x)<degu(x)≤g

(17)

Factoringf(x)

3 D∈Jac(H)

u(x)is monic

degv(x)<degu(x)≤g

(18)

Factoringf(x)

3 D∈Jac(H)

u(x)is monic

degv(x)<degu(x)≤g

5 _{Cantor’s Algorithm: Computing in Jac(H), only polynomial} arithmetics

(19)

Factoringf(x)

1 _f_(x₎_{is square-free and reducible in}_k_[x_] 2 _deg_f₍_x_{) =}₂_g₊₁

3 _H _:_y2₌_f₍_x₎_over_k 4 _{2-torsion points of Jac(}_H_):

(u(x),0) degu(x)≤g

f(x)is divisible byu(x)

(20)

Factoringf(x)

1 _f_(x₎_{is square-free and reducible in}_k_[x_] 2 _{degf(x) =}_2g₊₁

3 _H _:_y2₌_f₍_x₎_over_k 4 _{2-torsion points of Jac(}_H_):

(21)

Factoringf(x)

3 _H _:_y2₌_f_(x₎_over_k 4 _{2-torsion points of Jac(}_H_):

(22)

Factoringf(x)

3 _H _:_y2₌_f_(x₎_over_k 4 _{2-torsion points of Jac(H}_):

(23)

Factoringf(x)

3 _H _:_y2₌_f_(x₎_over_k 4 _{2-torsion points of Jac(H}_):

(24)

Factoringf(x)

Finding a 2-torsion point in Jac(

H

)

1 _{Find a random}_D_{in Jac(H)} 2 _{Find #Jac(}_H_{) =}₂e_m_,₍_m_,_{2) =}₁

3 ₂i_m₍_D₎_{is a 2-torsion point for some}_i _<_e_{if #}_D_{is even} 4 _{Two big problems:}

Finding a random divisor classDin Jac(H)

Finding the order of Jac(H)

(25)

Factoringf(x)

Finding a 2-torsion point in Jac(

H

)

1 _{Find a random}_D_{in Jac(H)} 2 _{Find #Jac(H) =}₂e_m,_(m_,_{2) =}₁

3 ₂i_m₍_D₎_{is a 2-torsion point for some}_i _<_e_{if #}_D_{is even} 4 _{Two big problems:}

(26)

Factoringf(x)

Finding a 2-torsion point in Jac(

H

)

3 ₂i_m(D)_{is a 2-torsion point for some}_i _<_e_{if #}_D_{is even} 4 _{Two big problems:}

(27)

Factoringf(x)

Finding a 2-torsion point in Jac(

H

)

3 ₂i_m(D)_{is a 2-torsion point for some}_i _<_e_{if #}_D_{is even} 4 _{Two big problems:}

Finding a random divisor classDin Jac(H) Finding the order of Jac(H)

(28)

The Mumford Representation for Singular Hyperelliptic Curves

1 H _:y2₌f(x),f(x)has repeated roots and degf(x) =2g+1

2 _{Singular points:} ₍_a_,₀₎_where_a_{is a root of}_f₍_x₎_with multiplicity>1

3 _{the Mumford Representation: any}_D_∈_Jac(_H_{) is uniquely} represented by a pair of polynomials(u(x),v(x))satisfying the followings:

u(x)is monic

degv(x)<degu(x)≤g f(x)−v(x)2_{is divisible by}_u₍_x₎

if bothu(x)andv(x)are divisible by(x −a)for a singular point(a,0)then(f−v(x)2₎_/_u₍_x₎_{is not divisible by}₍_x ₋_a₎

(29)

2 _{Singular points:} _(a_,₀₎_where_a_{is a root of}_f_(x₎_with multiplicity>1

3 _{the Mumford Representation: any}_D_∈_Jac(_H_{) is uniquely} represented by a pair of polynomials(u(x),v(x))satisfying the followings:

u(x)is monic

(30)

3 _{the Mumford Representation: any}_D_∈_{Jac(H) is uniquely} represented by a pair of polynomials(u(x),v(x))satisfying the followings:

u(x)is monic

(31)

u(x)is monic

(32)

u(x)is monic

(33)

u(x)is monic

(34)

The Algorithm for factoringf(x)

1 _k ₌_F p,p 2 _f₍_x_{) =}_f 1(x)· · ·fn(x), degfi(x) =di 3 _H _:_y2₌_xf₍_x₎2 4 _Jac(_H_{) =}_G 1 L · · ·L Gn

(35)

1 _k ₌_F p,p 2 _f_(x_{) =}_f 1(x)· · ·fn(x), degfi(x) =di 3 _H _:_y2₌_xf₍_x₎2 4 _Jac(_H_{) =}_G 1 L · · ·L Gn

(36)

1 _k ₌_F p,p 2 _f_(x_{) =}_f 1(x)· · ·fn(x), degfi(x) =di 3 _H _:_y2₌_xf_(x₎2 4 _Jac(_H_{) =}_G 1 L · · ·L Gn

(37)

1 _k ₌_F p,p 2 _f_(x_{) =}_f 1(x)· · ·fn(x), degfi(x) =di 3 _H _:_y2₌_xf_(x₎2 4 _{Jac(H) =}_G 1 L · · ·L Gn

(38)

1 _Any_D_e ∈_{Jac(H) is uniquely represented by a pair of the} form[ef(x)2,eh(x)ef(x)]such that deg(eh(x))<deg(ef(x)) and ef(x)dividesf(x) 2 _D i = [fi(x)2,hi(x)fi(x)]∈Gi, deghi(x)<deg(di) 3 _#_D i divides eitherpdi +1 orpdi −1 4 _D_{= [}_f₍_x₎2_,_h₍_x₎_f₍_x_{)] =}_D 1+· · ·+Dnsuch thatDi ∈Gi 5 _{if a power}_D_{annihilates some of}_D

i we get a non-trivial factor off(x) 6 _D₌_D 1+· · ·+Ds· · ·+Dr = [f₁2,h1g1] +· · ·+ [fs2+hsfs] +· · ·+ [fr2,hrfr] 7 _mDs₌_0, mD = [f₁2,he₁g₁] +· · ·+0+· · ·+ [f_r2,eh_rf_r] = [f₁2f₂2· · ·f_r2,· · ·] 8 ₍_pj_±₁₎_D_for_j ₌₁_{, . . . ,}_e_d _=max{_d i}, gives a non-trivial factor or[1,0]

9 _{the probability of getting a non-trivial factor is at least 1/2} Enver, Ozdemir Factoring Polynomials over Finite Fields

(39)

1 _Any_D_e ∈_{Jac(H) is uniquely represented by a pair of the} form[ef(x)2,eh(x)ef(x)]such that deg(eh(x))<deg(ef(x)) and ef(x)dividesf(x) 2 _D i = [fi(x)2,hi(x)fi(x)]∈Gi, deghi(x)<deg(di) 3 _#_D i divides eitherpdi +1 orpdi −1 4 _D_{= [}_f₍_x₎2_,_h₍_x₎_f₍_x_{)] =}_D 1+· · ·+Dnsuch thatDi ∈Gi 5 _{if a power}_D_{annihilates some of}_D

(40)

1 _Any_D_e ∈_{Jac(H) is uniquely represented by a pair of the} form[ef(x)2,eh(x)ef(x)]such that deg(eh(x))<deg(ef(x)) and ef(x)dividesf(x) 2 _D i = [fi(x)2,hi(x)fi(x)]∈Gi, deghi(x)<deg(di) 3 _#D i divides eitherpdi +1 orpdi −1 4 _D_{= [}_f₍_x₎2_,_h₍_x₎_f₍_x_{)] =}_D 1+· · ·+Dnsuch thatDi ∈Gi 5 _{if a power}_D_{annihilates some of}_D

(41)

1 _Any_D_e ∈_{Jac(H) is uniquely represented by a pair of the} form[ef(x)2,eh(x)ef(x)]such that deg(eh(x))<deg(ef(x)) and ef(x)dividesf(x) 2 _D i = [fi(x)2,hi(x)fi(x)]∈Gi, deghi(x)<deg(di) 3 _#D i divides eitherpdi +1 orpdi −1 4 _D_{= [f}_(x₎2_,_h(x_)f_(x_{)] =}_D 1+· · ·+Dnsuch thatDi ∈Gi

5 _{if a power}_D_{annihilates some of}_D

(42)

(43)

(44)

i we get a non-trivial factor off(x) 6 _D₌_D 1+· · ·+Ds· · ·+Dr = [f₁2,h1g1] +· · ·+ [fs2+hsfs] +· · ·+ [fr2,hrfr] 7 _mD_s₌_0, mD = [f₁2,he₁g₁] +· · ·+0+· · ·+ [f_r2,eh_rf_r] = [f₁2f₂2· · ·f_r2,· · ·] 8 ₍_pj_±₁₎_D_for_j ₌₁_{, . . . ,}_e_d _=max{_d i}, gives a non-trivial factor or[1,0]

(45)

i we get a non-trivial factor off(x) 6 _D₌_D 1+· · ·+Ds· · ·+Dr = [f₁2,h1g1] +· · ·+ [fs2+hsfs] +· · ·+ [fr2,hrfr] 7 _mD_s₌_0, mD = [f₁2,he₁g₁] +· · ·+0+· · ·+ [f_r2,eh_rf_r] = [f₁2f₂2· · ·f_r2,· · ·] 8 _(pj_±_1)D_for_j ₌₁_{, . . . ,}_e_d _=max{d i}, gives a non-trivial factor or[1,0]

(46)

i we get a non-trivial factor off(x) 6 _D₌_D 1+· · ·+Ds· · ·+Dr = [f₁2,h1g1] +· · ·+ [fs2+hsfs] +· · ·+ [fr2,hrfr] 7 _mD_s₌_0, mD = [f₁2,he₁g₁] +· · ·+0+· · ·+ [f_r2,eh_rf_r] = [f₁2f₂2· · ·f_r2,· · ·] 8 _(pj_±_1)D_for_j ₌₁_{, . . . ,}_e_d _=max{d i}, gives a non-trivial factor or[1,0]

(47)

1 _Suppose_(pr ±_1)D_{= [1}_,_0]_and_pr ±₁₌₂e_m,_(m_,_{2) =}₁ 2 _if_#_D_{is even then 2}s_m₍_D₎_{must be a 2-torsion point for}

s=0, . . . ,e

3 _{2-torsion points}_[_x_,_0],_[_x_e_f₍_x₎2_,_0],_[_e_f₍_x₎2_,_0]_{such that}_e_f₍_x₎_is a non-trivial factor off(x)

4 _{the probability of finding a non-trivial factor of}_f₍_x₎_{in a} single trial is at least 3/4

5 _{this probability is close to 1/2 for C-Z and Berlekamp’s} algorithms

6 O₍_d_e3_lgp_),_d_e₌_max{_d i}

(48)

1 _Suppose_(pr ±_1)D_{= [1}_,_0]_and_pr ±₁₌₂e_m,_(m_,_{2) =}₁ 2 _if_#D_{is even then 2}s_m(D)_{must be a 2-torsion point for}

s=0, . . . ,e

3 _{2-torsion points}_[_x_,_0],_[_x_e_f₍_x₎2_,_0],_[_e_f₍_x₎2_,_0]_{such that}_e_f₍_x₎_is a non-trivial factor off(x)

(49)

s=0, . . . ,e

3 _{2-torsion points}_[x_,_0],_[x_e_f_(x₎2_,_0],_[_e_f_(x)2_,_0]_{such that}_e_f(x)_is a non-trivial factor off(x)

(50)

s=0, . . . ,e

4 _{the probability of finding a non-trivial factor of}_f_(x₎_{in a} single trial is at least 3/4

(51)

s=0, . . . ,e

(52)

s=0, . . . ,e

6 O₍_d_e3_lgp),_d_e₌_max{d

i}