DOCSLIB.ORG

Implementation Techniques for Fast Polynomial Arithmetic in a High-Level Programming Environment

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Implementation Techniques for Fast Polynomial Arithmetic in a High-Level Programming Environment Implementation Techniques For Fast Polynomial Arithmetic In A High-level Programming Environment Akpodigha Filatei Xin Li Marc Moreno Maza ORCCA, University of Western ORCCA, University of Western ORCCA, University of Western Ontario (UWO) Ontario (UWO) Ontario (UWO) London, Ontario, Canada London, Ontario, Canada London, Ontario, Canada afi[email protected] [email protected] [email protected] Eric´ Schost LIX, Ecole´ polytechnique 91128 Palaiseau, France [email protected] ABSTRACT multiplication is “better than the classical method approxi- Though there is increased activity in the implementation of mately when n + m ≥ 600”, where n and m are the degrees asymptotically fast polynomial arithmetic, little is reported of the input polynomials. In [22] p. 501, quoting [3], Knuth on the details of such effort. In this paper, we discuss how we writes “He (R. P. Brent) estimated that Strassen’s scheme achieve high performance in implementing some well-studied would not begin to excel over Winograd’s until n ≈ 250 and fast algorithms for polynomial arithmetic in two high-level such enormous matrices rarely occur in practice unless they programming environments, AXIOM and Aldor. are very sparse, when other techniques apply.” Two approaches are investigated. With Aldor we rely The implementation of asymptotically fast arithmetic was only on high-level generic code, whereas with AXIOM we not the primary concern of the early computer algebra sys- endeavor to mix high-level, middle-level and low-level spe- tems, which had many other challenges to face. For in- stance, one of the main motivations for the development of cialized code. We show that our implementations are satis- AXIOM factory compared with other known computer algebra sys- the computer algebra system [19] was the design tems or libraries such as Magma v2.11-2 and NTL v5.4. of a language where mathematical properties and algorithms could be expressed in a natural and efficient manner. Nev- Categories and Subject Descriptors: ertheless, successful implementations of the FFT-based uni- I.1.2 [Computing Methodologies]: Symbolic and Alge- variate polynomial multiplication [25] and Strassen’s matrix braic Manipulation – Algebraic Algorithms multiplication [2] have been reported for several decades. General Terms: In the last decade, several software for performing sym- Algorithms, Experimentation, Performance, Theory bolic computations have put a great deal of effort in pro- Keywords: viding outstanding performances, including successful im- High-performance, polynomials, Axiom, Aldor. plementation of asymptotically fast arithmetic. As a result, the general-purpose computer algebra system Magma [5] NTL 1. INTRODUCTION and the Number Theory Library [26, 18] have set world records for polynomial factorization and determining orders Asymptotically fast algorithms for exact polynomial and of elliptic curves. The book Modern Computer Algebra [12] matrix arithmetic have been known for more than forty has also contributed to increase the general interest of the years. Among others, the work of Karatsuba [21], Cooley computer algebra community for these algorithms. and Tukey [6], and Strassen [27] has initiated an intense ac- As to linear algebra, in addition to Magma, let us men- tivity in this area. Unfortunately, its impact on computer tion the C++ template library LinBox [17] for exact linear algebra systems has been reduced until recently. One reason algebra computation with dense, sparse, and structured ma- was, probably, the belief that these algorithms were of very trices over the integers and over finite fields. A cornerstone limited practical interest. In [13] p. 132, referring to [25], of this library is the use of BLAS libraries such as ATLAS the authors state that the FFT-based univariate polynomial to provide high-speed routines for matrices over small finite fields, through floating-point computations [9]. Today, it is common practice to assume that a new al- gorithm, say for GCD computations over products of fields Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are as in [8], can rely on asymptotically fast polynomial multi- not made or distributed for profit or commercial advantage and that copies plication. Therefore, it is desirable not only to offer im- bear this notice and the full citation on the first page. To copy otherwise, to plementations of asymptotically fast arithmetic, but also republish, to post on servers or to redistribute to lists, requires prior specific programming environments for developing new such algo- permission and/or a fee. rithms. In addition, it is also a demand to achieve this goal ISSAC'06, July 9–12, 2006, Genova, Italy. in the context of high-level programming languages, where Copyright 2006 ACM 1-59593-276-3/06/0007 ...$5.00. new ideas can be tested quickly and where algorithms can a given AXIOM or Aldor ring R, the domains SUP(R) and be easily made generic. These are the goals of this paper, DUP(R), for sparse and dense univariate polynomials respec- which reports on implementation techniques for asymptot- tively, provide exactly the same operations; that is they have ically fast algorithms in two high-level programming envi- the same user interface, which is defined by the category ronments, AXIOM and Aldor. We focus on polynomial UnivariatePolynomialCategory(R). But, of course, the im- arithmetic and our test-operations are univariate and mul- plementation of the operations of SUP(R) and DUP(R) is quite tivariate multiplication, and computations of power series different. While SUP(R) implements polynomials with linked inverses as well as GCDs for univariate polynomials. lists of terms, DUP(R) implements them with arrays of coef- Implementing asymptotically fast algorithms for these op- ficients indexed by their degrees. This allows us to specify erations in a high-level programming environment presents a package, FFTPolynomialMultiplication(R, U), parame- several difficulties. First, compilation of high-level generic terized by R, an FFTRing, that is, a ring supporting the FFT; code to machine code through middle-level, say Lisp, and and by U, a domain of UnivariatePolynomialCategory(R). low-level, say C, may lead to a running-time overhead, with respect to carefully hand-written C code. This may reduce 2.1 The Aldor environment the benefit of these algorithms, since they generally involve Aldor can be used both as a compiled and interpreted changes of data representation, whereas classical algorithms language. Code optimization is however only available when work usually in a straightforward manner. Minimizing this used in compiled mode. An Aldor program can be com- overhead is the motivation of our work in Aldor where piled into: stand-alone executable programs; object libraries our entire code is written for univariate polynomials over an in native operating system formats (which can be linked arbitrary field supporting the FFT. Second, compiled and with one another, or with C or Fortran code to form ap- optimized high-level code may not take advantage of some plication programs); portable byte code libraries; and C or hardware features. If writing architecture-aware code can be Lisp source [16]. Code improvements by techniques such done in C [20], this remains a challenge in a non-imperative as program specialization, cross-file procedural integration language like Lisp. Thus, in our second high-level program- and data structure elimination, are performed at intermedi- ming environment, namely AXIOM, we take advantage of ate stages of compilation [28]. This produces code that is every component of the system, by mixing low-level code comparable to hand-optimized C. (C and assembly code), middle-level code (Lisp) and high- level code in the AXIOM language. We develop specialized 2.2 The AXIOM environment Z Z code for univariate and multivariate polynomials over /p AXIOM has both an interactive mode for user interac- where p is a prime; we distinguish also the cases where p is tions and a high level programming language, called SPAD, machine word size and a big integer. for building library modules. In the interactive mode, users AXIOM Section 2 contains an overview of the features of can evaluate arithmetic expressions, declare and define vari- Aldor and systems. In Sections 3 and 4, we discuss our ables, call library functions and define their own functions. Aldor AXIOM implementation techniques in the and en- Programmers can also add new functions to the local AX- vironments. We compare our implementation of asymptot- IOM library. To do so, they need to integrate their code in Magma NTL ically fast algorithms with those of and . In AXIOM type constructors. Section 5 we report on our experiments. Our generic imple- SPAD code is translated into Common Lisp code by a Aldor mentations in are only, approximately, twice slower built-in compiler, then translated into C code by the GCL NTL than those of for comparable operations. Our special- compiler. Finally, GCL makes use of a native C compiler, AXIOM ized implementation in leads to comparable per- such as GCC, to generate machine code. Since these compil- Magma formances and sometimes outperforms those of and ers can generate fairly efficient code, programmers can con- NTL . A review of the algorithms we implemented is given centrate on their mathematical algorithms and write them in appendix. All timings given in this article are obtained in SPAD. However, to achieve higher performance, our im- on a bi-Pentium 4, 2.80GHz machine, with 1 Gb of RAM. plementation also involves Lisp, C, and assembly level code. By modifying the AXIOM makefiles, new Lisp functions can be compiled and made available at SPAD level. Moreover, 2. HIGH LEVEL PROGRAMMING by using the GCL system provided make-function macro, ENVIRONMENT one can add new C functions into the GCL system, then AXIOM and Aldor designers attempted to surmount use them at the GCL and SPAD level.
Load more

Recommended publications
  • What Can (And Can't) We Do with Sparse Polynomials?
    What Can (and Can’t) we Do with Sparse Polynomials? Daniel S. Roche United States Naval Academy Annapolis, Maryland, U.S.A. [email protected] ABSTRACT This sparse representation matches the one used by default for Simply put, a sparse polynomial is one whose zero coefficients are multivariate polynomials in modern computer algebra systems and not explicitly stored. Such objects are ubiquitous in exact computing, libraries such as Magma [83], Maple [73], Mathematica, Sage [84], and so naturally we would like to have efficient algorithms to handle and Singular [81]. them. However, with this compact storage comes new algorithmic challenges, as fast algorithms for dense polynomials may no longer 1.1 Sparse polynomial algorithm complexity be efficient. In this tutorial we examine the state of the art forsparse Sparse polynomials in the distributed representation are also called polynomial algorithms in three areas: arithmetic, interpolation, and lacunary or supersparse [55] in the literature to emphasize that, in factorization. The aim is to highlight recent progress both in theory this representation, the degree of a polynomial could be exponen- and in practice, as well as opportunities for future work. tially larger than its bit-length. This exposes the essential difficulty of computing with sparse polynomials, in that efficient algorithms KEYWORDS for dense polynomials may cost exponential-time in the sparse setting. sparse polynomial, interpolation, arithmetic, factorization Specifically, when analyzing algorithms for dense polynomials, the most important measure is the degree bound D 2 N such that ACM Reference Format: Daniel S. Roche. 2018. What Can (and Can’t) we Do with Sparse Polyno- deg f < D.
    [Show full text]
  • A New Algorithm to Search for Irreducible Polynomials Using Q Decimal Equivalents of Polynomials Over Galois Field GF(P )
    A New Algorithm to Search for Irreducible Polynomials Using q Decimal Equivalents of Polynomials over Galois Field GF(p ) 1 2 Sankhanil Dey and Ranjan Ghosh Institute of Radio Physics and Electronics University of Calcutta, 92 A. P. C. Road, Kolkata – 700 009 1 2 [email protected], [email protected] Abstract. In this paper a new algorithm to find the decimal equivalents of all monic irreducible polynomials (IPs) over Galois Field GF(pq) has been introduced. This algorithm is effective to find the decimal equivalents of monic IPs over Galois Field with a large value of prime modulus and also with a large extension of the prime modulus. The algorithm introduced in this paper is much more time effective with less complexity. It is able to find monic irreducible polynomials for a large value of prime modulus and also with large extension of the prime modulus in few seconds. Introduction. From the last few decades, efficient implementation of cryptographic algorithms has been in the focal point of major research efforts in cryptography. Cryptography is one of the most dominant application areas of the finite field arithmetic [1]. Almost all symmetric-key cryptographic algorithms, including recent algorithms such as elliptic curve and pairing-based cryptography depends heavily on finite field arithmetic. Majority of cryptographic algorithms utilize arithmetic in finite mathematical structures such as finite multiplicative groups, rings, polynomials and finite fields [2]. The use of basic arithmetic operations (i.e. addition, multiplication, and inversion) over finite fields, GF(pq), where p is prime modulus and q is extension of the prime modulii, are dominant in many cryptographic algorithms such as RSA algorithm [3], Diffie-Hellman key exchange algorithm [4], the US federal Digital Signature Standard [5], elliptic curve cryptography [6][7], and also recently pairing-based cryptography [8][9].
    [Show full text]
  • Taking Place Value Seriously: Arithmetic, Estimation, and Algebra
    Taking Place Value Seriously: Arithmetic, Estimation, and Algebra by Roger Howe, Yale University and Susanna S. Epp, DePaul University Introduction and Summary Arithmetic, first of nonnegative integers, then of decimal and common fractions, and later of rational expres- sions and functions, is a central theme in school mathematics. This article attempts to point out ways to make the study of arithmetic more unified and more conceptual through a systematic emphasis on place-value structure in the base 10 number system. The article contains five sections. Section one reviews the basic principles of base 10 notation and points out the sophisticated structure underlying its amazing efficiency. Careful definitions are given for the basic constituents out of which numbers written in base 10 notation are formed: digit, power of 10 ,andsingle-place number. The idea of order of magnitude is also discussed, to prepare the way for considering relative sizes of numbers. Section two discusses how base 10 notation enables efficient algorithms for addition, subtraction, mul- tiplication and division of nonnegative integers. The crucial point is that the main outlines of all these procedures are determined by the form of numbers written in base 10 notation together with the Rules of Arithmetic 1. Division plays an especially important role in the discussion because both of the two main ways to interpret numbers written in base 10 notation are connected with division. One way is to think of the base 10 expansion as the result of successive divisions-with-remainder by 10; the other way involves suc- cessive approximation by single-place numbers and provides the basis for the usual long-division algorithm.
    [Show full text]
  • 3 Finite Field Arithmetic
    18.783 Elliptic Curves Spring 2021 Lecture #3 02/24/2021 3 Finite field arithmetic In order to perform explicit computations with elliptic curves over finite fields, we first need to understand how to compute in finite fields. In many of the applications we will consider, the finite fields involved will be quite large, so it is important to understand the computational complexity of finite field operations. This is a huge topic, one to which an entire course could be devoted, but we will spend just one or two lectures on this topic, with the goal of understanding the most commonly used algorithms and analyzing their asymptotic complexity. This will force us to omit many details, but references to the relevant literature will be provided for those who want to learn more. Our first step is to fix an explicit representation of finite field elements. This might seem like a technical detail, but it is actually quite crucial; questions of computational complexity are meaningless otherwise. Example 3.1. By Theorem 3.12 below, the multiplicative group of a finite field Fq is cyclic. One way to represent the nonzero elements of a finite field is as explicit powers of a fixed generator, in which case it is enough to know the exponent, an integer in [0; q − 1]. With this representation multiplication and division are easy, solving the discrete logarithm problem is trivial, but addition is costly (not even polynomial time). We will instead choose a representation that makes addition (and subtraction) very easy, multiplication slightly harder but still easy, division slightly harder than multiplication but still easy (all these operations take quasi-linear time).
    [Show full text]
  • Cryptography and Network Security Chapter 4
    Cryptography and Network Chapter 4 –Basic Concepts in Number Security Theory and Finite Fields Chapter 4 The next morning at daybreak, Star flew indoors, seemingly keen for a lesson. I said, "Tap eight." She did a brilliant exhibition, first tapping it in 4, 4, then giving me a hasty glance and doing it in 2, 2, 2, 2, before coming for her nut. It is astonishing that Star learned to count up to 8 with no difficulty, and of her own accord discovered that each number could be given with various different divisions, this leaving no doubt that she was Fifth Edition consciously thinking each number. In fact, she did mental arithmetic, although unable, like humans, to name the numbers. But she learned to by William Stallings recognize their spoken names almost immediately and was able to remember the sounds of the names. Star is unique as a wild bird, who of her own free will pursued the science of numbers with keen interest and astonishing intelligence. Lecture slides by Lawrie Brown — Living with Birds, Len Howard Introduction Divisors • will now introduce finite fields • say a non‐zero number b divides a if for some m • of increasing importance in cryptography have a=mb (a,b,m all integers) – AES, Elliptic Curve, IDEA, Public Key • that is b divides into a with no remainder • concern operations on “numbers” • denote this b|a – where what constitutes a “number” and the type • and say that b is a divisor of a of operations varies considerably • eg. all of 1,2,3,4,6,8,12,24 divide 24 • start with basic number theory concepts • eg.
    [Show full text]
  • Finite Fields (PART 3): Polynomial Arithmetic
    Lecture 6: Finite Fields (PART 3) PART 3: Polynomial Arithmetic Theoretical Underpinnings of Modern Cryptography Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) February 4, 2021 12:02 Noon ©2021 Avinash Kak, Purdue University Goals: To review polynomial arithmetic Polynomial arithmetic when the coefficients are drawn from a finite field The concept of an irreducible polynomial Polynomials over the GF (2) finite field CONTENTS Section Title Page 6.1 Polynomial Arithmetic 3 6.2 Arithmetic Operations on Polynomials 5 6.3 Dividing One Polynomial by Another Using Long 7 Division 6.4 Arithmetic Operations on Polynomial Whose 9 Coefficients Belong to a Finite Field 6.5 Dividing Polynomials Defined over a Finite Field 11 6.6 Let’s Now Consider Polynomials Defined 13 over GF (2) 6.7 Arithmetic Operations on Polynomials 15 over GF (2) 6.8 So What Sort of Questions Does Polynomial 17 Arithmetic Address? 6.9 Polynomials over a Finite Field Constitute a Ring 18 6.10 When is Polynomial Division Permitted? 20 6.11 Irreducible Polynomials, Prime Polynomials 22 6.12 Homework Problems 23 2 Computer and Network Security by Avi Kak Lecture 6 Back to TOC 6.1 POLYNOMIAL ARITHMETIC Why study polynomial arithmetic? For the very simple reason that we can represent a bit pattern by a polynomial in, say, the variable x. Each power of x in the polynomial can stand for a bit position in a bit pattern. For example, we can represent the bit pattern 111 by the polynomial x2 + x +1. On the other hand, the bit pattern 101 would be represented by the polynomial x2 + 1 and the pattern 011 by the polynomial x +1.
    [Show full text]
  • Algorithms and Data Structures for Sparse Polynomial Arithmetic
    mathematics Article Algorithms and Data Structures for Sparse Polynomial Arithmetic Mohammadali Asadi, Alexander Brandt *, Robert H. C. Moir and Marc Moreno Maza Department of Computer Science, University of Western Ontario, London, ON N6A 5B7, Canada; [email protected] (M.A.); [email protected] (R.H.C.M.); [email protected] (M.M.M.) * Correspondence: [email protected] Received: 1 February 2019; Accepted: 12 May 2019; Published: 17 May 2019 Abstract: We provide a comprehensive presentation of algorithms, data structures, and implementation techniques for high-performance sparse multivariate polynomial arithmetic over the integers and rational numbers as implemented in the freely available Basic Polynomial Algebra Subprograms (BPAS) library. We report on an algorithm for sparse pseudo-division, based on the algorithms for division with remainder, multiplication, and addition, which are also examined herein. The pseudo-division and division with remainder operations are extended to multi-divisor pseudo-division and normal form algorithms, respectively, where the divisor set is assumed to form a triangular set. Our operations make use of two data structures for sparse distributed polynomials and sparse recursively viewed polynomials, with a keen focus on locality and memory usage for optimized performance on modern memory hierarchies. Experimentation shows that these new implementations compare favorably against competing implementations, performing between a factor of 3 better (for multiplication over the integers) to more than 4 orders of magnitude better (for pseudo-division with respect to a triangular set). Keywords: sparse polynomials; polynomial arithmetic; normal form; pseudo-division; pseudo-remainder; sparse data structures 1. Introduction Technological advances in computer hardware have allowed scientists to greatly expand the size and complexity of problems tackled by scientific computing.
    [Show full text]
  • Finite Fields (PART 4)
    Lecture 7: Finite Fields (PART 4) PART 4: Finite Fields of the Form GF (2n) Theoretical Underpinnings of Modern Cryptography Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) February 9, 2021 4:58pm ©2021 Avinash Kak, Purdue University Goals: n To review finite fields of the form GF (2 ) To show how arithmetic operations can be carried out by directly operating on the bit patterns for the elements of GF (2n) Perl and Python implementations for arithmetic in a Galois Field using my BitVector modules CONTENTS Section Title Page 7.1 Consider Again the Polynomials over GF (2) 3 7.2 Modular Polynomial Arithmetic 5 7.3 How Large is the Set of Polynomials When 8 Multiplications are Carried Out Modulo x2 + x +1 7.4 How Do We Know that GF (23) is a Finite Field? 10 7.5 GF (2n) a Finite Field for Every n 14 7.6 Representing the Individual Polynomials 15 in GF (2n) by Binary Code Words 7.7 Some Observations on Bit-Pattern Additions 18 in GF (2n) 7.8 Some Observations on Arithmetic Multiplication 20 in GF (2n) 7.9 Direct Bitwise Operations for Multiplication 22 in GF (28) 7.10 Summary of How a Multiplication is Carried 25 Out in GF (28) 7.11 Finding Multiplicative Inverses in GF (2n) 27 with Implementations in Perl and Python 7.12 Using a Generator to Represent the Elements 34 of GF (2n) 7.13 Homework Problems 38 2 Computer and Network Security by Avi Kak Lecture 7 Back to TOC 7.1 CONSIDER AGAIN THE POLYNOMIALS OVER GF (2) Recall from Lecture 6 that GF (2) is a finite field consisting of the set {0, 1}, with modulo 2 addition as the group operator and modulo 2 multiplication as the ring operator.
    [Show full text]
  • Polynomial Inversion Over GF(2M) Based on Extended Euclidean Algorithm
    Polynomial Inversion Over GF(2m) Based on Extended Euclidean Algorithm FPGA Design and Implementation ELEC543 Project Report Summer 2015 VLSI Prepared by: Ibrahim Hazmi Supervised by: Dr. Fayez Gebali Contents Abstract 3 Project Overview 4 Objective 4 Introduction 4 Background on the extended Euclidean algorithm (EEA) 4 Project Description and Project Milestones 5 Design methodology and alternatives 7 The Design in Details 8 Binary Polynomial Divider (BPD) Design 8 The Extension Module Design 11 Top-Level Design: The Extended Euclidean Algorithm (EEA) 12 Simulation 14 Hardware Implementation 17 Conclusion 19 Appendix 20 Bibliography 22 2 !3 ELEC543_EEA_REPORT Abstract The objective of the project was to design a “Polynomial Inverter” over binary field based on the extended Euclidean algorithm (EEA). The main focus in the project was on the functionality of the design, which has been verified in ISE simulation and implemented successfully on Xilinx Spartan 3E FPGA. The project has been divided into three stages. First, designing the binary division algorithm (BDA), which was the main building block of the inversion circuit and the bottle nick of the design as well. The ultimate goal in this stage was to produce the remainder and the quotient in a minimum number of cycles. Computing the quotient was the most challenging part of the BDA design as the idea was to utilize degree difference of the polynomials in order to obtain the right number of required shifts each cycle. There were different attempts to design the BDA, starting with a spreadsheet, which works similarly to the manual procedure and was used as a reference.
    [Show full text]
  • EMPIRICAL OPTIMIZATION of DIVISOR ARITHMETIC on HYPERELLIPTIC CURVES OVER F2m
    Advances in Mathematics of Communications doi:10.3934/amc.2013.7.485 Volume 7, No. 4, 2013, 485–502 EMPIRICAL OPTIMIZATION OF DIVISOR ARITHMETIC ON HYPERELLIPTIC CURVES OVER F2m Laurent Imbert CNRS, LIRMM Université Montpellier 2 161 rue Ada F-34095 Montpellier, France Michael J. Jacobson, Jr. Department of Computer Science University of Calgary 2500 University Drive NW Calgary, Alberta T2N 1N4, Canada (Communicated by Andreas Stein) Abstract. A significant amount of effort has been devoted to improving divi- sor arithmetic on low-genus hyperelliptic curves via explicit versions of generic algorithms. Moderate and high genus curves also arise in cryptographic appli- cations, for example, via the Weil descent attack on the elliptic curve discrete logarithm problem, but for these curves, the generic algorithms are to date the most efficient available. Nagao [22] described how some of the techniques used in deriving efficient explicit formulas can be used to speed up divisor arith- metic using Cantor’s algorithm on curves of arbitrary genus. In this paper, we describe how Nagao’s methods, together with a sub-quadratic complexity partial extended Euclidean algorithm using the half-gcd algorithm can be ap- plied to improve arithmetic in the degree zero divisor class group. We present numerical results showing which combination of techniques is more efficient for hyperelliptic curves over F2n of various genera. 1. Introduction Hyperelliptic curves defined over finite fields were first proposed for cryptograph- ic use by Koblitz [19] in 1989, with the special case of genus one curves (elliptic curves) having been proposed earlier by Koblitz and Miller independently [20, 18].
    [Show full text]
  • New Algorithms for Finding Irreducible Polynomials Over Finite Fields
    mathematics of computation volume 54, number 189 january 1990,pages 435-447 NEW ALGORITHMS FOR FINDING IRREDUCIBLE POLYNOMIALS OVER FINITE FIELDS VICTOR SHOUP Abstract. We present a new algorithm for finding an irreducible polynomial of specified degree over a finite field. Our algorithm is deterministic, and it runs in polynomial time for fields of small characteristic. We in fact prove the stronger result that the problem of finding irreducible polynomials of specified degree over a finite field is deterministic polynomial-time reducible to the problem of factoring polynomials over the prime field. 1. Introduction In this paper we present some new algorithms for finding irreducible polyno- mials over finite fields. Such polynomials are used to implement arithmetic in extension fields found in many applications, including coding theory (Berlekamp [5]), cryptography (Chor and Rivest [8]), multivariate polynomial factoring (von zur Gathen and Kaltofen [13]), and parallel polynomial arithmetic (Eberly [9]). Let p be a prime number, F the finite field G¥(p), and n a positive integer. Consider the deterministic complexity of finding an irreducible polynomial in F[X] of degree n. Since encoding a polynomial in F[X] of degree n requires about n \ogp bits, a polynomial-time algorithm for finding irreducible polyno- mials in F[X] of degree n should run in time bounded by a polynomial in n and logp . There is no known deterministic polynomial-time algorithm for this problem. However, in many applications p is small, and so an algorithm that ran in time polynomial in n and p would be of value. We present one here.
    [Show full text]
  • Positional Arithmetic: Subtraction, Multiplication and Division Over Extended Galois Field GF(P )
    Positional Arithmetic: Subtraction, Multiplication and Division over Extended Galois Field GF(pq). Sankhanil Dey1 and Ranjan Ghosh2, [email protected], [email protected], Institute of Radio Physics and Electronics, 92 APC Road, Kolkata-700009, University of Calcutta. Abstract. The method to Subtract, Multiply and Divide two Field Numbers over the Extended Galois Field GF(pq) is a well needed solution to the field of Discrete Mathematics as well as in Cryptology. In this paper the addition of two Galois Field Numbers over Extended Galois Field GF(pq) has been reviewed and Subtraction, Multiplication and Division of two Galois Field Number over Extended Galois Field GF(pq) has been defined. Introduction. In Galois field addition [1][2] two digits of two different Galois field number of the same position have been added in decimal and modulated with Galois field Prime Modulus P to obtain the respective digits of the Sum Galois field Number over Galois Field GF(pq) . In Galois field subtraction digits of the less valued Galois field number from the greater valued Galois field number of the same position have been subtracted in decimal and modulated with Galois field Prime Modulus P to obtain the respective digits of the Difference Galois field Number over Galois Field GF(pq). q In Multiplication of two Galois Field Numbers over extended Galois field GF(p ) The product Number st nd must have (q1+q2)+1 digits in it if 1 number contains q1 positions and 2 number contains q2 positions. The q position of the terms of the Product Number over extended Galois field GF(p ) varies from 0 → (q1+q2).
    [Show full text]