Factoring polynomials over finite fields

(1)

Factoring polynomials over finite fields

Summary and et questions 12 octobre 2011

1 Finite fields

Let p an odd prime and let F p = Z/pZ the (unique up to automorphism) field with p-elements. We want to classify finite fields up to automorphism.

Question 1 Give a field with 4 elements. Is there any field with 6 elements ? Let K be a finite field. Its characteristic p is finite. Otherwise K would contain Q.

So K contains a subfield isomorphic to F p . So K is a vector space over F p . Let d be its dimension. The cardinality of K is p ^d .

Let Φ : K → K be the map defined by Φ(x) = x ^p . It is an F p -linear map.

It is even a ring homomorphism. It is called the Frobenius endomorphism.

The multiplicative group K ^∗ is cyclic. More generally, any finite subgroup in the multiplicative group of a field is cyclic.

A primitive element of K is by definition a generator of the group K ^∗ . Be carefull : some people call primitive any element that generates K as an F p -algebra.

Question 2 Find a primitive element in F 101 . How many primitive elements do we have in F p ? How can we find such an element in general ?

Let F (x) ∈ F p [x] be a degree d irreducible polynomial. Then F p [x]/F (x) is a finite field with cardinality p ^d .

Question 3 Is every finite field isomorphic to such a quotient ?

We prove that for any positive integer d there exists a degree d irreducible polynomial in F p [x]. This finishes the classification of finite fields.

To prove the existence of irreducible polynomial for every degree we first prove the following identity in F p [x]

x ^p

^d

− x = Y

f (x) (1)

where f (x) runs over the set of irreducible polynomials with degree dividing d.

We deduce that

(2)

p ^d = X

e|d

eN (e) (2)

where N (e) is the number of monic irreducible polynomials of degree e in F p [x].

Using Mœbius inversion formula we deduce dN (d) = X

e|d

µ( d

e )p ^e (3)

To prove the existence of a degree d irreducible polynomial it suffices to prove that the sum P

e|d µ( ^d _e )p ^e is positive.

Indeed if d ≥ 2 then

X

e|d

µ( d

e )p ^e ≥ p ^d − X

e|d et e6=d

p ^e ≥ p ^d − X

1≤e≤d/2

p ^e ≥ p ^d − p ^d/2+1 + 1 ≥ 1.

So there exists a field with cardinality p ^d . It is easy to see that two finite fields with the same cardinality are isomorphic.

We write F q for the field with q elements. This is a questionable notation because this field is only defined up to isomorphism, unless we have fixed one algebraic closure Ω for F p .

In this text we are interesed in the following problem : given a polynomial A(x) in F p [x], find the decomposition of A(x) as a product of irreducible factors.

The algorithm we present decomposes in three steps. There are variants for the third step. We only present one of them.

Question 4 About the various meanings of primitive element. How many pri- mitive elements do we have in F 256 ? How many generators of the group F ^∗ ₂₅₆ ?

How many generators of the F 2 -algebra F 256 ?

Deduce the number of degree 8 irreducible polynomials in F 2 [x].

2 Berlekamp’s algorithm, first step

We want to factor A(x) ∈ F p [x]. Assume A is monic. Let A(x) = Y

1≤i≤I

f _i ^e

ⁱ

(x)

be the prime decomposition. The integer e i ≥ 1 is the multiplicity of f _i (x) in A. The goal of this first step is to reduce to the case where A is square-free (i.e.

all multiplicities are 0 or 1). The square-free case will be treated in steps 2 and 3.

The multiplicity of f i (x) in the derivative A ⁰ (x) is e i − 1 if e _i is non-zero modulo p. Otherwise it is e _i .

Set B = pgcd(A, A ⁰ ).

If B = A then p divides all e i so A is a p-th power. One easily finds an R(x)

such that R ^p = A. We reduce to factoring R.

(3)

If B 6= A then we set C = A/B and we reduce to factoring C and B. We note that C is square-free.

An example with Mupad : R := Dom :: IntegerMod(5);

A := poly((x-1)(x-2)^2(x-3)^6,R);

We obtain a degree 9 polynomial to be factored.

B := gcd(A,diff(A,x));

C := A/B;

The equivalent commands in Maple are A:=(x-1)(x-2)^2(x-3)^6;

A:=expand(A);

B:=Gcd(A,diff(A,x)) mod 5;

Rem(A,B,x) mod 5;

C:=Quo(A,B,x) mod 5;

The polynomial C has degree 3 and is square-free, so we are content with it.

The polynomial B has degree 6. We continue.

F := gcd(B,diff(B,x));

G := B/F;

The polynomial G has degree 1. We are content with it. We continue with F .

H := gcd(F,diff(F,x));

We find H = F . This is not a surprise because H = x ⁵ + 2 is a 5-th power.

Indeed H(x) = (x + 2) ⁵ .

3 Second step

Thanks to the first step we now have square-free polynomials to factor.

We use the identity (1).

If A(x) is square-free we set A ₁ (x) = pgcd(A(x), x ^p − x). We check the A ₁ is the product of all degree 1 irreducible factors of A(x).

We set A ₂ (x) = pgcd(A/A ₁ , x ^p

²

− x). This is the product of all degree 2 irre- ducible factors of A. We continue and compute A ₃ (x) = pgcd(A/(A ₁ A ₂ ), x ^p

³

−x) . . .

In the end we have decomposed A as a product of polynomials A ₁ , A ₂ , A ₃ , . . . , where A _i is square-free and has only degree i irreductible factors.

Factoring such polynomials will be the purpose of the third step.

An example of the second step treated in Mupad :

(4)

R := Dom :: IntegerMod(2);

A := poly(x^9+x^8+x^7+x^2+x+1,[x],R);

B := gcd(A,diff(A,x));

We obtain

poly(1, [x], Dom::IntegerMod(2)) Then

A1 := gcd(A,poly(x^2-x,[x],R));

C1 := A/A1;

We obtain A 1 = x + 1. Then A2 := gcd(C1,poly(x^4-x,[x],R));

C2 := C1/A2;

A3 := gcd(C2,poly(x^8-x,[x],R));

We obtain A ₂ = x ² + x + 1 et A ₃ = C ₂ .

Question 5 What can we deduce about the factors of A ?

We now treat an example with p = 101. Let A(x) = x ⁴ + x + 7 ∈ F 101 [x]

the polynomial to be factored.

We don’t want to compute the gcd of x ¹⁰¹ − x and A(x) directly. Even less the gcd with x ¹⁰¹

²

− x.

We work in the ring R = F p [x]/A(x) and set α = x mod A(x). We compute α ^p = U (x) mod A(x) with deg(U ) < deg(A). We check that

pgcd(x ^p − x, A(x)) = pgcd(U (x) − x, A(x)).

This way we avoid dealing with big polynomials.

Note that α ^p ∈ R can be computed using the fast exponentiation algorithm.

Another example of the second step in Mupad : R := Dom :: IntegerMod(101);

A := poly(x^4+x+7,[x],R);

B := gcd(A,diff(A,x));

U := powermod(x,101,A);

We obtain B = 1 and U = 21x ³ + 58x ² + 89x + 41.

Equivalent instructions in Maple are A := x^4+x+7;

B := Gcd(A,diff(A,x)) mod 101;

U:=Powmod(x,101,A,x) mod 101;

We continue

(5)

C := gcd(poly(U-x,R),A);

We find C = x ² + 38x + 11.

Question 6 What can we deduce about the irreducible factors of A ?

Question 7 Give an estimate for the number of elementary operations required by the second step of Berlekamp’s algorithm.

4 Third step

After the second step we find ourselves with square-free polynomials having equal degree irreducible factors. So let A ∈ F p [x] be such a polynomial and let k be the degree of all its irreducible factors. Let I be the number of these factors.

So deg(A) = Ik.

We assume the characteristic p is odd. We come back to equation (1). We set r _d = ^p

^d

₂ ⁻¹ . We find

(x ^r

^d

− 1)(x ^r

^d

+ 1)x = Y

f (x) (4)

where the product is over all irreducible monic polynomials in F p [x] having degree dividing d.

We set A ₁ = pgcd(A, x ^r

^k

−1), A ₋₁ = pgcd(A, x ^r

^k

+1), and A ₀ = pgcd(A, x).

So A = A ₀ A ₁ A −1 .

If f is an irreducible factor of A and α ∈ F p

^k

a root of f , then f divides A 1

if and only if α is a non-zero square in F p

^k

.

More generally, let U (x) be a polynomial in F p [x] and set

A ^U ₁ = pgcd(A, U (x) ^r

^k

−1), A ^U ₋₁ = pgcd(A, U (x) ^r

^k

+1), and A ^U ₀ = pgcd(A, U (x)).

So A = A Û ₀ A Û ₁ A Û ₋₁ . If f is an irreducible factor of A and α ∈ F p

^k

a root of f , then f divides A ^U ₁ if and only if U (α) is a non-zero square in F p

^k

.

Question 8 Pick a random (with uniform distribution) U (x) among all poly- nomials F p [x] having degree ≤ deg(A) − 1. What is the probability that one of polynomials A Û ₀ , A Û ₁ , A Û ₋₁ be a non-trivial factor of A ?

How many trials do we need on average to find such a non-trivial factor ? Question 9 Give an upper bound for the number of elementary operations that are necessary to compute A Û ₀ , A Û ₁ and A Û ₋₁ . Deduce an estimate for the complexity of the third step as a function of log p, k and deg(A).

We come back to the example in the previous section. So let C = x ² +38x+11 and F = A/C = x ² + 63x + 19.

F := A/C;

V := powermod(x,50,C);

W := gcd(poly(V-1,R),C);

K := C/W;

(6)

We obtain V = 89x + 75 and W = x + 78 and K = x + 61.

Question 10 Deduce the factorisation of A.

Question 11 Give the structure of the multiplicative group (Z/107Z) ^∗ . Give an adapted generating set. Same question with (Z/10807Z) ^∗ . Same question with (F 2 [x]/A(x)) ^∗ where A(x) = x ⁷ + x ⁶ + x ⁵ + x + 1.

Question 12 Let p be a prime and let d be a positive integer. Set T _d (x) = x + x ^p + x ^p

Factoring polynomials over finite fields

Factoring polynomials over finite fields

Summary and et questions 12 octobre 2011

1 Finite fields

Let p an odd prime and let F p = Z/pZ the (unique up to automorphism) field with p-elements. We want to classify finite fields up to automorphism.

Question 1 Give a field with 4 elements. Is there any field with 6 elements ? Let K be a finite field. Its characteristic p is finite. Otherwise K would contain Q.

So K contains a subfield isomorphic to F p . So K is a vector space over F p . Let d be its dimension. The cardinality of K is p d .

Let Φ : K → K be the map defined by Φ(x) = x p . It is an F p -linear map.

It is even a ring homomorphism. It is called the Frobenius endomorphism.

The multiplicative group K ∗ is cyclic. More generally, any finite subgroup in the multiplicative group of a field is cyclic.

A primitive element of K is by definition a generator of the group K ∗ . Be carefull : some people call primitive any element that generates K as an F p -algebra.

Question 2 Find a primitive element in F 101 . How many primitive elements do we have in F p ? How can we find such an element in general ?

Let F (x) ∈ F p [x] be a degree d irreducible polynomial. Then F p [x]/F (x) is a finite field with cardinality p d .

Question 3 Is every finite field isomorphic to such a quotient ?

We prove that for any positive integer d there exists a degree d irreducible polynomial in F p [x]. This finishes the classification of finite fields.

To prove the existence of irreducible polynomial for every degree we first prove the following identity in F p [x]

x p

− x = Y

f (x) (1)

where f (x) runs over the set of irreducible polynomials with degree dividing d.

We deduce that

p d = X

e|d

eN (e) (2)

where N (e) is the number of monic irreducible polynomials of degree e in F p [x].

Using Mœbius inversion formula we deduce dN (d) = X

e|d

µ( d

e )p e (3)

To prove the existence of a degree d irreducible polynomial it suffices to prove that the sum P

e|d µ( d e )p e is positive.

Indeed if d ≥ 2 then

X

e|d

µ( d

e )p e ≥ p d − X

e|d et e6=d

p e ≥ p d − X

1≤e≤d/2

p e ≥ p d − p d/2+1 + 1 ≥ 1.

So there exists a field with cardinality p d . It is easy to see that two finite fields with the same cardinality are isomorphic.

We write F q for the field with q elements. This is a questionable notation because this field is only defined up to isomorphism, unless we have fixed one algebraic closure Ω for F p .

In this text we are interesed in the following problem : given a polynomial A(x) in F p [x], find the decomposition of A(x) as a product of irreducible factors.

The algorithm we present decomposes in three steps. There are variants for the third step. We only present one of them.

Question 4 About the various meanings of primitive element. How many pri- mitive elements do we have in F 256 ? How many generators of the group F ∗ 256 ?

How many generators of the F 2 -algebra F 256 ?

Deduce the number of degree 8 irreducible polynomials in F 2 [x].

2 Berlekamp’s algorithm, first step

We want to factor A(x) ∈ F p [x]. Assume A is monic. Let A(x) = Y

1≤i≤I

f i e

(x)

be the prime decomposition. The integer e i ≥ 1 is the multiplicity of f i (x) in A. The goal of this first step is to reduce to the case where A is square-free (i.e.

all multiplicities are 0 or 1). The square-free case will be treated in steps 2 and 3.

The multiplicity of f i (x) in the derivative A 0 (x) is e i − 1 if e i is non-zero modulo p. Otherwise it is e i .

Set B = pgcd(A, A 0 ).

If B = A then p divides all e i so A is a p-th power. One easily finds an R(x)

such that R p = A. We reduce to factoring R.

If B 6= A then we set C = A/B and we reduce to factoring C and B. We note that C is square-free.

An example with Mupad : R := Dom :: IntegerMod(5);

A := poly((x-1)*(x-2)^2*(x-3)^6,R);

We obtain a degree 9 polynomial to be factored.

B := gcd(A,diff(A,x));

C := A/B;

The equivalent commands in Maple are A:=(x-1)*(x-2)^2*(x-3)^6;

A:=expand(A);

B:=Gcd(A,diff(A,x)) mod 5;

Rem(A,B,x) mod 5;

C:=Quo(A,B,x) mod 5;

The polynomial C has degree 3 and is square-free, so we are content with it.

The polynomial B has degree 6. We continue.

F := gcd(B,diff(B,x));

G := B/F;

The polynomial G has degree 1. We are content with it. We continue with F .

H := gcd(F,diff(F,x));

We find H = F . This is not a surprise because H = x 5 + 2 is a 5-th power.

Indeed H(x) = (x + 2) 5 .

3 Second step

Thanks to the first step we now have square-free polynomials to factor.

We use the identity (1).

So K contains a subfield isomorphic to F p . So K is a vector space over F p . Let d be its dimension. The cardinality of K is p ^d .

Let Φ : K → K be the map defined by Φ(x) = x ^p . It is an F p -linear map.

The multiplicative group K ^∗ is cyclic. More generally, any finite subgroup in the multiplicative group of a field is cyclic.

A primitive element of K is by definition a generator of the group K ^∗ . Be carefull : some people call primitive any element that generates K as an F p -algebra.

Let F (x) ∈ F p [x] be a degree d irreducible polynomial. Then F p [x]/F (x) is a finite field with cardinality p ^d .

x ^p

p ^d = X

e )p ^e (3)

e|d µ( ^d _e )p ^e is positive.

e )p ^e ≥ p ^d − X

p ^e ≥ p ^d − X

p ^e ≥ p ^d − p ^d/2+1 + 1 ≥ 1.

So there exists a field with cardinality p ^d . It is easy to see that two finite fields with the same cardinality are isomorphic.

Question 4 About the various meanings of primitive element. How many pri- mitive elements do we have in F 256 ? How many generators of the group F ^∗ ₂₅₆ ?

f _i ^e

be the prime decomposition. The integer e i ≥ 1 is the multiplicity of f _i (x) in A. The goal of this first step is to reduce to the case where A is square-free (i.e.

The multiplicity of f i (x) in the derivative A ⁰ (x) is e i − 1 if e _i is non-zero modulo p. Otherwise it is e _i .

Set B = pgcd(A, A ⁰ ).

such that R ^p = A. We reduce to factoring R.

A := poly((x-1)(x-2)^2(x-3)^6,R);

The equivalent commands in Maple are A:=(x-1)(x-2)^2(x-3)^6;

We find H = F . This is not a surprise because H = x ⁵ + 2 is a 5-th power.

Indeed H(x) = (x + 2) ⁵ .

If A(x) is square-free we set A ₁ (x) = pgcd(A(x), x ^p − x). We check the A ₁ is the product of all degree 1 irreducible factors of A(x).

We set A ₂ (x) = pgcd(A/A ₁ , x ^p

− x). This is the product of all degree 2 irre- ducible factors of A. We continue and compute A ₃ (x) = pgcd(A/(A ₁ A ₂ ), x ^p

In the end we have decomposed A as a product of polynomials A ₁ , A ₂ , A ₃ , . . . , where A _i is square-free and has only degree i irreductible factors.

We obtain A ₂ = x ² + x + 1 et A ₃ = C ₂ .

We now treat an example with p = 101. Let A(x) = x ⁴ + x + 7 ∈ F 101 [x]

We don’t want to compute the gcd of x ¹⁰¹ − x and A(x) directly. Even less the gcd with x ¹⁰¹

We work in the ring R = F p [x]/A(x) and set α = x mod A(x). We compute α ^p = U (x) mod A(x) with deg(U ) < deg(A). We check that

pgcd(x ^p − x, A(x)) = pgcd(U (x) − x, A(x)).

Note that α ^p ∈ R can be computed using the fast exponentiation algorithm.

We obtain B = 1 and U = 21x ³ + 58x ² + 89x + 41.

We find C = x ² + 38x + 11.

We assume the characteristic p is odd. We come back to equation (1). We set r _d = ^p

₂ ⁻¹ . We find

(x ^r

− 1)(x ^r

We set A ₁ = pgcd(A, x ^r

−1), A ₋₁ = pgcd(A, x ^r

+1), and A ₀ = pgcd(A, x).

So A = A ₀ A ₁ A −1 .

A ^U ₁ = pgcd(A, U (x) ^r

−1), A ^U ₋₁ = pgcd(A, U (x) ^r

+1), and A ^U ₀ = pgcd(A, U (x)).

So A = A Û ₀ A Û ₁ A Û ₋₁ . If f is an irreducible factor of A and α ∈ F p

a root of f , then f divides A ^U ₁ if and only if U (α) is a non-zero square in F p

Question 8 Pick a random (with uniform distribution) U (x) among all poly- nomials F p [x] having degree ≤ deg(A) − 1. What is the probability that one of polynomials A Û ₀ , A Û ₁ , A Û ₋₁ be a non-trivial factor of A ?

We come back to the example in the previous section. So let C = x ² +38x+11 and F = A/C = x ² + 63x + 19.