Factoring Polynomials Over Finite Fields

Factoring polynomials over ﬁnite ﬁelds

Summary and et questions

12 octobre 2011

1 Finite ﬁelds

Let p an odd prime and let Fp = Z/pZ the (unique up to automorphism) field with p-elements. We want to classify finite fields up to automorphism.

Question 1 Give a ﬁeld with 4 elements. Is there any ﬁeld with 6 elements ?

Let K be a finite field. Its characteristic p is finite. Otherwise K would contain Q. So K contains a subfield isomorphic to Fp. So K is a vector space over Fp. Let d be its dimension. The cardinality of K is pd. p Let Φ : K → K be the map defined by Φ(x) = x . It is an Fp-linear map. It is even a ring homomorphism. It is called the Frobenius endomorphism. The multiplicative group K ∗ is cyclic. More generally, any finite subgroup in the multiplicative group of a field is cyclic. A primitive element of K is by definition a generator of the group K ∗. Be carefull : some people call primitive any element that generates K as an Fp-algebra.

Question 2 Find a primitive element in F101. How many primitive elements do we have in Fp ? How can we ﬁnd such an element in general ?

Let F (x) ∈ Fp[x] be a degree d irreducible polynomial. Then Fp[x]/F (x) is a ﬁnite ﬁeld with cardinality pd.

Question 3 Is every ﬁnite ﬁeld isomorphic to such a quotient ?

We prove that for any positive integer d there exists a degree d irreducible polynomial in Fp[x]. This finishes the classification of finite fields. To prove the existence of irreducible polynomial for every degree we first prove the following identity in Fp[x]

d Y xp − x = f(x) (1) where f(x) runs over the set of irreducible polynomials with degree dividing d. We deduce that

1 X pd = eN(e) (2) e|d where N(e) is the number of monic irreducible polynomials of degree e in Fp[x]. Using Mœbius inversion formula we deduce

X d dN(d) = µ( )pe (3) e e|d To prove the existence of a degree d irreducible polynomial it suﬃces to P d e prove that the sum e|d µ( e )p is positive. Indeed if d ≥ 2 then

X d X X µ( )pe ≥ pd − pe ≥ pd − pe ≥ pd − pd/2+1 + 1 ≥ 1. e e|d e|d et e6=d 1≤e≤d/2

So there exists a field with cardinality pd. It is easy to see that two finite fields with the same cardinality are isomorphic. We write Fq for the field with q elements. This is a questionable notation because this field is only defined up to isomorphism, unless we have fixed one algebraic closure Ω for Fp. In this text we are interesed in the following problem : given a polynomial A(x) in Fp[x], find the decomposition of A(x) as a product of irreducible factors. The algorithm we present decomposes in three steps. There are variants for the third step. We only present one of them.

Question 4 About the various meanings of primitive element. How many pri- ∗ mitive elements do we have in F256 ? How many generators of the group F256 ? How many generators of the F2-algebra F256 ? Deduce the number of degree 8 irreducible polynomials in F2[x].

2 Berlekamp’s algorithm, ﬁrst step

We want to factor A(x) ∈ Fp[x]. Assume A is monic. Let

Y ei A(x) = fi (x) 1≤i≤I be the prime decomposition. The integer ei ≥ 1 is the multiplicity of fi(x) in A. The goal of this ﬁrst step is to reduce to the case where A is square-free (i.e. all multiplicities are 0 or 1). The square-free case will be treated in steps 2 and 3. 0 The multiplicity of fi(x) in the derivative A (x) is ei − 1 if ei is non-zero modulo p. Otherwise it is ei. Set B = pgcd(A, A0). If B = A then p divides all ei so A is a p-th power. One easily ﬁnds an R(x) such that Rp = A. We reduce to factoring R.

2 If B 6= A then we set C = A/B and we reduce to factoring C and B. We note that C is square-free. An example with Mupad :

R := Dom :: IntegerMod(5); A := poly((x-1)*(x-2)^2*(x-3)^6,R);

We obtain a degree 9 polynomial to be factored.

B := gcd(A,diff(A,x)); C := A/B;

The equivalent commands in Maple are

A:=(x-1)*(x-2)^2*(x-3)^6; A:=expand(A); B:=Gcd(A,diff(A,x)) mod 5; Rem(A,B,x) mod 5; C:=Quo(A,B,x) mod 5;

The polynomial C has degree 3 and is square-free, so we are content with it. The polynomial B has degree 6. We continue.

F := gcd(B,diff(B,x)); G := B/F;

The polynomial G has degree 1. We are content with it. We continue with F .

H := gcd(F,diff(F,x));

We ﬁnd H = F . This is not a surprise because H = x5 + 2 is a 5-th power. Indeed H(x) = (x + 2)5.

3 Second step

Thanks to the ﬁrst step we now have square-free polynomials to factor. We use the identity (1). p If A(x) is square-free we set A1(x) = pgcd(A(x), x − x). We check the A1 is the product of all degree 1 irreducible factors of A(x). p2 We set A2(x) = pgcd(A/A1, x −x). This is the product of all degree 2 irre- p3 ducible factors of A. We continue and compute A3(x) = pgcd(A/(A1A2), x −x) ... In the end we have decomposed A as a product of polynomials A1, A2, A3, . . . , where Ai is square-free and has only degree i irreductible factors. Factoring such polynomials will be the purpose of the third step.

An example of the second step treated in Mupad :

3 R := Dom :: IntegerMod(2); A := poly(x^9+x^8+x^7+x^2+x+1,[x],R); B := gcd(A,diff(A,x));

We obtain poly(1, [x], Dom::IntegerMod(2))

Then

A1 := gcd(A,poly(x^2-x,[x],R)); C1 := A/A1;

We obtain A1 = x + 1. Then

A2 := gcd(C1,poly(x^4-x,[x],R)); C2 := C1/A2; A3 := gcd(C2,poly(x^8-x,[x],R));

2 We obtain A2 = x + x + 1 et A3 = C2.

Question 5 What can we deduce about the factors of A ?

4 We now treat an example with p = 101. Let A(x) = x + x + 7 ∈ F101[x] the polynomial to be factored. We don’t want to compute the gcd of x101 − x and A(x) directly. Even less the gcd with x1012 − x. We work in the ring R = Fp[x]/A(x) and set α = x mod A(x). We compute αp = U(x) mod A(x) with deg(U) < deg(A). We check that

pgcd(xp − x, A(x)) = pgcd(U(x) − x, A(x)).

This way we avoid dealing with big polynomials. Note that αp ∈ R can be computed using the fast exponentiation algorithm.

Another example of the second step in Mupad :

R := Dom :: IntegerMod(101); A := poly(x^4+x+7,[x],R); B := gcd(A,diff(A,x)); U := powermod(x,101,A);

We obtain B = 1 and U = 21x3 + 58x2 + 89x + 41. Equivalent instructions in Maple are

A := x^4+x+7; B := Gcd(A,diff(A,x)) mod 101; U:=Powmod(x,101,A,x) mod 101;

We continue

4 C := gcd(poly(U-x,R),A);

We ﬁnd C = x2 + 38x + 11.

Question 6 What can we deduce about the irreducible factors of A ?

Question 7 Give an estimate for the number of elementary operations required by the second step of Berlekamp’s algorithm.

4 Third step

After the second step we ﬁnd ourselves with square-free polynomials having equal degree irreducible factors. So let A ∈ Fp[x] be such a polynomial and let k be the degree of all its irreducible factors. Let I be the number of these factors. So deg(A) = Ik. We assume the characteristic p is odd. We come back to equation (1). We pd−1 set rd = 2 . We ﬁnd Y (xrd − 1)(xrd + 1)x = f(x) (4) where the product is over all irreducible monic polynomials in Fp[x] having degree dividing d. r r We set A1 = pgcd(A, x k −1), A−1 = pgcd(A, x k +1), and A0 = pgcd(A, x). So A = A0A1A−1. If f is an irreducible factor of A and α ∈ Fpk a root of f, then f divides A1 if and only if α is a non-zero square in Fpk . More generally, let U(x) be a polynomial in Fp[x] and set U rk U rk U A1 = pgcd(A, U(x) −1), A−1 = pgcd(A, U(x) +1), and A0 = pgcd(A, U(x)). U U U So A = A0 A1 A−1. If f is an irreducible factor of A and α ∈ Fpk a root of f, U then f divides A1 if and only if U(α) is a non-zero square in Fpk .

Question 8 Pick a random (with uniform distribution) U(x) among all polynomials Fp[x] having degree ≤ deg(A) − 1. What is the probability that one of U U U polynomials A0 , A1 , A−1 be a non-trivial factor of A ? How many trials do we need on average to ﬁnd such a non-trivial factor ?

Question 9 Give an upper bound for the number of elementary operations U U U that are necessary to compute A0 , A1 and A−1. Deduce an estimate for the complexity of the third step as a function of log p, k and deg(A).

We come back to the example in the previous section. So let C = x2+38x+11 and F = A/C = x2 + 63x + 19.

F := A/C; V := powermod(x,50,C); W := gcd(poly(V-1,R),C); K := C/W;

5 We obtain V = 89x + 75 and W = x + 78 and K = x + 61.

Question 10 Deduce the factorisation of A.

∗ Question 11 Give the structure of the multiplicative group (Z/107Z) . Give an ∗ adapted generating set. Same question with (Z/10807Z) . Same question with ∗ 7 6 5 (F2[x]/A(x)) where A(x) = x + x + x + x + 1.

Question 12 Let p be a prime and let d be a positive integer. Set

p p2 pd−1 Td(x) = x + x + x + ··· + x . Let q = pd. Prove that xq − x = Q (T (x) − a). a∈Fp d Deduce a variant of the third step that is valid for p = 2.