Algorithms and Statistics for Additive Polynomials

Mark Giesbrecht with Joachim von zur Gathen and Konstantin Ziegler

Symbolic Computation Group Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, Canada

November 28, 2013

1/29 Decomposition Given f ∈ F[x], can it be decomposed? Do there exist g, h ∈ F[x] such that f = g ◦ h?

f = x 4 − 2x 3 + 8x 2 − 7x + 5 f = g ◦ h g = x 2 + 3x − 5 h = x 2 − x − 2

Polynomial Composition and Decomposition

Functional Composition Let g, h ∈ F[x], for a ﬁeld F. Compose g, h as functions f (x) = g(h(x)) = g ◦ h Generally non-distributive operation (not always, as we’ll see!): g(h1(x) + h2(x)) , g(h1(x)) + g(h2(x))

2/29 Polynomial Composition and Decomposition

Decomposition Given f ∈ F[x], can it be decomposed? Do there exist g, h ∈ F[x] such that f = g ◦ h?

f = x 4 − 2x 3 + 8x 2 − 7x + 5 f = g ◦ h g = x 2 + 3x − 5 h = x 2 − x − 2

2/29 Tame and Wild Decomposition Let F be a ﬁeld of characteristic p and f ∈ F[x] monic of degree d. Normalize f , g, h to monic and original: h(0) = 0 f is tame if p - d f is wild if p | d Traditionally this describes the ramiﬁcation of F(x) over F(f (x)).

3/29 Tame and Wild Decomposition Let F be a ﬁeld of characteristic p and f ∈ F[x] monic of degree d. Normalize f , g, h to monic and original: h(0) = 0 f is tame if p - d f is wild if p | d Traditionally this describes the ramiﬁcation of F(x) over F(f (x)). Tame decomposition

Ritt (1922) describes all tame decompositions and “ambiguities”. For a ﬁxed s, there are either 0 or 1 monic h ∈ F[x] of degree s with h(0) = 0 such that f (x) = g(h(x)). See von zur Gathen (2013) for complete decompositions.

Life is much more difficult (G, 1988) For a finite field F of characteristic p, there are f ∈ F[x] of degree d with > dλ log d monic, original, h ∈ F[x] √ of degree s ≈ s such that f (x) = g(h(x)), where λ = (6 log p)−1.

On the bright side, there are at most (d − 1)/(s − 1) indecomposable monic, orginal h ∈ F[x] of degree s such that f (x) = g(h(x)). (Von zur Gathen, G, Ziegler, 2010)

3/29 Example 3 Let F125 = F5[θ]/(θ + θ + 1).

f = x 25 + (3θ2 + 4θ + 2)x 5 + (3θ2 + 4θ + 2)x is an additive polynomial, and f = (x 5 + (θ2 + θ + 4)x) ◦ (x 5 + 3θx) = (x 5 + (2θ2 + 4θ + 2)x) ◦ (x 5 + (θ2 + 2θ)x)

Additive Polynomials Additive or linearized polynomials are those such that

f (x + y) = f (x) + f (y) Non-linear additive polynomials only exist in F[x] if F has prime characteristic p, and have the form p p2 pn f = a0x + a1x + a2x + ··· + an x ∈ F[x].

4/29 Additive Polynomials Additive or linearized polynomials are those such that

f (x + y) = f (x) + f (y) Non-linear additive polynomials only exist in F[x] if F has prime characteristic p, and have the form p p2 pn f = a0x + a1x + a2x + ··· + an x ∈ F[x].

Example 3 Let F125 = F5[θ]/(θ + θ + 1).

f = x 25 + (3θ2 + 4θ + 2)x 5 + (3θ2 + 4θ + 2)x is an additive polynomial, and f = (x 5 + (θ2 + θ + 4)x) ◦ (x 5 + 3θx) = (x 5 + (2θ2 + 4θ + 2)x) ◦ (x 5 + (θ2 + 2θ)x)

4/29 Ore’s Legacy

In 1932-4, Oystein Ore wrote four seminal papers for ﬁnite ﬁelds, differential algebra, and computer algebra

1 O. Ore, Formale Theorie der linearen Differentialgleichungen, J. reine angew. Math., v. 168, pp. 233-252, 1932.

2 O. Ore, Theory of Non-Commutative Polynomials, "Annals of Mathematics", v. 34, no. 22, pp. 480–508, 1933.

3 O. Ore, On a Special Class of Polynomials, Trans. Amer. Math. Soc., v. 35, pp. 559-584, 1933.

4 O. Ore, Contributions to the Theory of Finite Fields, Trans. Amer. Math. Soc., v. 36, pp. 243-274, 1934.

[1,2] form the basis for modern computational theory of LODEs (Ore_algebra,OreTools) [3,4] have had great influence on theory of finite fields

5/29 Ore Polynomials in Computational Algebra

Additive polynomials are employed in Error correcting codes HFE and other cryptosystems Mathematical constructions in algebraic function ﬁelds General fun and parlour tricks.

Despite their large (exponential) degrees we will see that we can compute very efﬁciently with them.

6/29 Ore polynomials over Fq :

i Fq [x ; σp] = ai x ∈ Fq [x] 0 i n 6X6 Ring under usual polynomial addition (+) and multiplication

xa = σp (a)x p σp (a) = a is the Frobenius automorphism of Fq /Fp

Ore Polynomials and Additive Polynomials Let q = pe for prime p and integer e. Fq the ﬁnite ﬁeld with q elements.

Additive polynomials over Fq :

pi Fq [x ; p] = ai x ∈ Fq [x] 0 i n 6X6 Ring under usual polynomial addition (+) and functional composition(◦), with x p ◦ ax = a px p.

7/29 Ore Polynomials and Additive Polynomials Let q = pe for prime p and integer e. Fq the ﬁnite ﬁeld with q elements.

Additive polynomials over Fq :

pi Fq [x ; p] = ai x ∈ Fq [x] 0 i n 6X6 Ring under usual polynomial addition (+) and functional composition(◦), with x p ◦ ax = a px p.

Ore polynomials over Fq :

i Fq [x ; σp] = ai x ∈ Fq [x] 0 i n 6X6 Ring under usual polynomial addition (+) and multiplication

xa = σp (a)x p σp (a) = a is the Frobenius automorphism of Fq /Fp 7/29 Ore Polynomials and Additive Polynomials Let q = pe for prime p and integer e. Fq the ﬁnite ﬁeld with q elements.

Additive polynomials over Fq :

pi Fq [x ; p] = ai x ∈ Fq [x] 0 i n 6X6 Ring under usual polynomial addition (+) and functional composition(◦), with x p ◦ ax = a px p.

Ore polynomials over Fq :

i Fq [x ; σp] = ai x ∈ Fq [x] 0 i n Isomorphic 6X6 Ring under usual polynomial addition (+) and multiplication

xa = σp (a)x p σp (a) = a is the Frobenius automorphism of Fq /Fp 7/29 0 f squarefree ⇐⇒ f = a0 , 0

Roots Vf ⊆ Fq of f form Fp-vector space of dimension n.

If W an Fp-subspace of Vf , and h ∈ Fq [x] has roots exactly W then h ∈ Fq [x ; p] and ∃g ∈ Fq [x ; p] such that f = g ◦ h.

q Let σq (a) = a , the q-Frobenius automorphism.

If W is also σq -invariant, then h ∈ Fq [x ; p]

The Geometry of Additive Polynomials n Assume f ∈ Fq [x ; p] squarefree of degree p

8/29 Roots Vf ⊆ Fq of f form Fp-vector space of dimension n.

If W an Fp-subspace of Vf , and h ∈ Fq [x] has roots exactly W then h ∈ Fq [x ; p] and ∃g ∈ Fq [x ; p] such that f = g ◦ h.

q Let σq (a) = a , the q-Frobenius automorphism.

If W is also σq -invariant, then h ∈ Fq [x ; p]

The Geometry of Additive Polynomials n Assume f ∈ Fq [x ; p] squarefree of degree p 0 f squarefree ⇐⇒ f = a0 , 0

8/29 If W an Fp-subspace of Vf , and h ∈ Fq [x] has roots exactly W then h ∈ Fq [x ; p] and ∃g ∈ Fq [x ; p] such that f = g ◦ h.

q Let σq (a) = a , the q-Frobenius automorphism.

If W is also σq -invariant, then h ∈ Fq [x ; p]

The Geometry of Additive Polynomials n Assume f ∈ Fq [x ; p] squarefree of degree p 0 f squarefree ⇐⇒ f = a0 , 0

Roots Vf ⊆ Fq of f form Fp-vector space of dimension n.

8/29 q Let σq (a) = a , the q-Frobenius automorphism.

If W is also σq -invariant, then h ∈ Fq [x ; p]

The Geometry of Additive Polynomials n Assume f ∈ Fq [x ; p] squarefree of degree p 0 f squarefree ⇐⇒ f = a0 , 0

Roots Vf ⊆ Fq of f form Fp-vector space of dimension n.

If W an Fp-subspace of Vf , and h ∈ Fq [x] has roots exactly W then h ∈ Fq [x ; p] and ∃g ∈ Fq [x ; p] such that f = g ◦ h.

8/29 q Let σq (a) = a , the q-Frobenius automorphism.

If W is also σq -invariant, then h ∈ Fq [x ; p]

The Geometry of Additive Polynomials n Assume f ∈ Fq [x ; p] squarefree of degree p 0 f squarefree ⇐⇒ f = a0 , 0

Roots Vf ⊆ Fq of f form Fp-vector space of dimension n.

If W an Fp-subspace of Vf , and h ∈ Fq [x] has roots exactly W then h ∈ Fq [x ; p] and ∃g ∈ Fq [x ; p] such that f = g ◦ h.

Decomposing additive polynomials ≡ ﬁnding subspaces of Vf

8/29 The Geometry of Additive Polynomials n Assume f ∈ Fq [x ; p] squarefree of degree p 0 f squarefree ⇐⇒ f = a0 , 0

Roots Vf ⊆ Fq of f form Fp-vector space of dimension n.

If W an Fp-subspace of Vf , and h ∈ Fq [x] has roots exactly W then h ∈ Fq [x ; p] and ∃g ∈ Fq [x ; p] such that f = g ◦ h.

Decomposing additive polynomials ≡ ﬁnding subspaces of Vf

q Let σq (a) = a , the q-Frobenius automorphism.

If W is also σq -invariant, then h ∈ Fq [x ; p]

Decomposing additive polynomial over Fq [x] ≡ ﬁnding σq -invariant subspace of Vf

8/29 The Geometry of Additive Polynomials (2)

Example 3 Again let F125 = F5[θ]/(θ + θ + 1), and

f = x 25 + (3θ2 + 4θ + 2)x 5 + (3θ2 + 4θ + 2)x

Then

µ = RootOf x 4 + (θ2 + 3θ + 4)x 2 + (3θ2 + 4θ)x + (4θ2 + θ) ν = RootOf x 4 + (4θ2 + 2θ + 1)x 2 + (4θ2 + 2θ)x + (4θ2 + θ)

Vf = {αµ + βν : α, β ∈ Fp} ⊆ F512 3 3 σ = (after some ugly calculations) q 2 3

Probably not the best way to work with additive polynomials...

9/29 Right Composition Factors as Eigenvectors of σq

Given f ∈ Fq [x ; p], ﬁnd

p # h = x + ax ∈ Fq [x ; p]: ∃g ∈ Fq [x ; p] with f = g ◦ h

The number of right composition factors of f degree p

10/29 Right Composition Factors as Eigenvectors of σq

Given f ∈ Fq [x ; p], ﬁnd

p # h = x + ax ∈ Fq [x ; p]: ∃g ∈ Fq [x ; p] with f = g ◦ h

The number of right composition factors of f degree p

= number of 1-dimensional σq -invariant subspaces of Vf

= number of eigenvectors of σq

Remember, σq : Vf → Vf is a Fp-linear map σq acts like an n × n matrix over Fp

10/29 Right Composition Factors as Eigenvectors of σq

Given f ∈ Fq [x ; p], ﬁnd

p # h = x + ax ∈ Fq [x ; p]: ∃g ∈ Fq [x ; p] with f = g ◦ h

The number of right composition factors of f degree p

= number of 1-dimensional σq -invariant subspaces of Vf

= number of eigenvectors of σq

Remember, σq : Vf → Vf is a Fp-linear map σq acts like an n × n matrix over Fp

New questions:

How many eigenvectors can an n × n matrix over Fq have? How can we compute this?

10/29 Right Composition Factors as Eigenvectors of σq (2) How many eigenvectors can a matrix have? n×n Look at the (rational) Jordan form in Fp Example: degree p2 (n = 2): the number of ways of decomposing p2 p f = x + a1x + a0x p p = (x + b0x) ◦ (x + c0x)

Put σq in rational Jordan form; there are only four possibilities:

0 α λ 1 λ 0 λ 0 σ ∼ , , , q 1 β 0 λ 0 µ 0 λ

∗ 2 Here λ, µ, α, β ∈ Fp, λ , µ and y − βy − α ∈ Fp[y] is irreducible.

11/29 Right Composition Factors as Eigenvectors of σq (2) How many eigenvectors can a matrix have? n×n Look at the (rational) Jordan form in Fp Example: degree p2 (n = 2): the number of ways of decomposing p2 p f = x + a1x + a0x p p = (x + b0x) ◦ (x + c0x)

Put σq in rational Jordan form; there are only four possibilities:

0 α λ 1 λ 0 λ 0 σ ∼ , , , q 1 β 0 λ 0 µ 0 λ 0

∗ 2 Here λ, µ, α, β ∈ Fp, λ , µ and y − βy − α ∈ Fp[y] is irreducible.

Put σq in rational Jordan form; there are only four possibilities:

0 α λ 1 λ 0 λ 0 σ ∼ , , , q 1 β 0 λ 0 µ 0 λ 01

∗ 2 Here λ, µ, α, β ∈ Fp, λ , µ and y − βy − α ∈ Fp[y] is irreducible.

Put σq in rational Jordan form; there are only four possibilities:

0 α λ 1 λ 0 λ 0 σ ∼ , , , q 1 β 0 λ 0 µ 0 λ 012

∗ 2 Here λ, µ, α, β ∈ Fp, λ , µ and y − βy − α ∈ Fp[y] is irreducible.

Put σq in rational Jordan form; there are only four possibilities:

0 α λ 1 λ 0 λ 0 σ ∼ , , , q 1 β 0 λ 0 µ 0 λ 012 p + 1

∗ 2 Here λ, µ, α, β ∈ Fp, λ , µ and y − βy − α ∈ Fp[y] is irreducible.

2 An f ∈ Fq [x ; σ] of degree p can have only 0, 1, 2, or p + 1 right composition factors of degree p.

11/29 Right Composition Factors as Eigenvectors of σq (3) Example: degree p3 (n = 3): the number of ways of decomposing p3 p2 p f = x + a2x + a1x + a0x p2 p p = (x + b1x + b0x) ◦ (x + c0x) λ λ 1 λ 1 λ 1 σq ∼ λ , λ , λ 1 , λ λ λ λ µ ! ! λ λ λ λ , µ , , µ ν

12/29 Right Composition Factors as Eigenvectors of σq (3) Example: degree p3 (n = 3): the number of ways of decomposing p3 p2 p f = x + a2x + a1x + a0x p2 p p = (x + b1x + b0x) ◦ (x + c0x) λ λ 1 λ 1 λ 1 σq ∼ λ , λ , λ 1 , λ λ λ λ µ ! ! λ λ λ λ , µ , , µ ν p + 2310

3 An f ∈ Fq [x ; σ] of degree p can have only

0, 1, 2, 3, p + 1, p + 2, or p2 + p + 1

right composition factors of degree p.

12/29 General categorization of number of composition factors

How many composition factors of degree p can an additive n polynomial of degree p have? Sn is the set of possible numbers:

S0 = {0}

S1 = {0, 1}

S2 = {0, 1, 2, p + 1} 2 S3 = {0, 1, 2, 3, p + 1, p + 2, p + p + 1} 2 3 2 S4 = {0, 1, 2, 3, 4, 2p + 2, p + p + 2, p + p + p + 1} . . . .

In general #Sn = P(k), where P(k) is the number of 06k6n additive partitions of k. P

13/29 Efﬁcient Counting of Composition Factors

n Roots of f ∈ Fq [x ; p] of degree p may be in an extension ﬁeld of 2 high degree (O(pO(n ))). Can’t really compute directly with Vf . Want algorithms which take time poly in n log p (not pn )

14/29 Left (and right) Euclidean ring: LCLM and GCRD operations. No unique factorization (but Jordan-Hölder and Krull-Schmidt give a lot of structure to factorizations) Fast algorithms for +, ◦, lclm and gcrd (time O(n 3 log2 q)).

Efﬁcient Counting of Composition Factors

n Roots of f ∈ Fq [x ; p] of degree p may be in an extension ﬁeld of 2 high degree (O(pO(n ))). Can’t really compute directly with Vf . Want algorithms which take time poly in n log p (not pn )

Look at the ring structure of Fq [x ; p]

Fq [x ; p] is a (non-commutative) ring under the + and ◦

14/29 Efﬁcient Counting of Composition Factors

n Roots of f ∈ Fq [x ; p] of degree p may be in an extension ﬁeld of 2 high degree (O(pO(n ))). Can’t really compute directly with Vf . Want algorithms which take time poly in n log p (not pn )

Look at the ring structure of Fq [x ; p]

Fq [x ; p] is a (non-commutative) ring under the + and ◦ Left (and right) Euclidean ring: LCLM and GCRD operations. No unique factorization (but Jordan-Hölder and Krull-Schmidt give a lot of structure to factorizations) Fast algorithms for +, ◦, lclm and gcrd (time O(n 3 log2 q)).

14/29 Efﬁcient Counting of Composition Factors

n Roots of f ∈ Fq [x ; p] of degree p may be in an extension ﬁeld of 2 high degree (O(pO(n ))). Can’t really compute directly with Vf . Want algorithms which take time poly in n log p (not pn )

Example (F125[x ; 5] again – a left Euclidean ring)

f = x 25 + (3θ2 + 4θ + 2)x 5 + (3θ2 + 4θ + 2)x g = x 25 + (3θ2 + θ + 3)x 5 + (4θ2 + 2θ + 2)x f + g = 2x 25 + (3θ2 + 2θ + 3)x 5 + (4θ2 + 3θ + 2)x f ◦ g = x 625 + (4θ2 + 2)x 125 + ··· + (2θ2 + 3θ + 1)x lclm(f , g) = x 125 + (θ2 + 3θ + 1)x 25 + (2θ2 + 3)x 5 + (2θ2 + 2θ + 3)x gcrd(f , g) = x 5 + 3θx

14/29 The Centre of It All

The centre of Fq [x ; p] is also very useful:

qi centre(Fq [x ; p]) = Fp[x ; q] = αi x ∈ Fp[x] X

15/29 The Centre of It All

The centre of Fq [x ; p] is also very useful:

qi centre(Fq [x ; p]) = Fp[x ; q] = αi x ∈ Fp[x]

Fp[y] the usualX (commutative) polynomials! qi i αi x 7→ αi y for a0,..., an ∈ Fp 0 i n 0 i n 6X6 6X6

15/29 The Centre of It All

The centre of Fq [x ; p] is also very useful:

qi centre(Fq [x ; p]) = Fp[x ; q] = αi x ∈ Fp[x]

15/29 The Centre of It All

The centre of Fq [x ; p] is also very useful:

qi centre(Fq [x ; p]) = Fp[x ; q] = αi x ∈ Fp[x]

Fp[y] the usualX (commutative) polynomials! qi i αi x 7→ αi y for a0,..., an ∈ Fp 0 i n 0 i n 6X6 6X6 A cool trick Given any f ∈ Fq [x ; p] we can ﬁnd a left multiple in the center with 3 2 O(n log q) operations in Fq . 25 2 5 2 f = x + (3θ + 4θ + 2)x + (3θ + 4θ + 2)x ∈ Fq [x ; 5] ∗ 1252 125 f = x + 4x + 3x ∈ Fp[x ; 125] f ∗ is the minimal central left multiple (mclm) of f

15/29 The Centre of It All (2) Basis of the factoring algorithm in G (1992, 1998): Factor the minimal central left multiple and take GCRDs:

25 2 5 2 f = x + (3θ + 4θ + 2)x + (3θ + 4θ + 2)x ∈ Fq [x ; 5] ∗ 1252 125 f = x + 4x + 3x ∈ Fp[x ; 125] 7→ y2 + 4y + 3 = (y + 1)(y + 3) f ∗ = (x 125 + x) ◦ (x 125 + 3x) = (x 125 + 3x) ◦ (x 125 + x)

f1 f2

gcrd| (f ,{zf ) =}x 5|+ (θ{z2 + 2}θ)x 1 5 right composition factors of f gcrd(f , f2) = x + 3θx

Can’t completely decompose with this technique...

16/29 Hardest when minimal central left multiple is irreducible in Fp[y]. Construct a finite algebra A from f , called the eigenring; show that zero-divisors in A yields composition factors of f . Show how to find zero divisors in a finite algebra quickly. Build very explicit Krull-Schmidt and Jordan-Hölder like decompositions, which show structure of all decompositions

Decomposition in Fq [x ; p]

Theorem (G 1992, 1998) pi Given f = ai x ∈ Fq [x], can ﬁnd g, h ∈ Fq [x], if they 06i6n exist, such that f = g ◦ h. Requires expected time O(n 4 log2 q) P operations in Fq (Las Vegas).

17/29 Decomposition in Fq [x ; p]

Theorem (G 1992, 1998) pi Given f = ai x ∈ Fq [x], can ﬁnd g, h ∈ Fq [x], if they 06i6n exist, such that f = g ◦ h. Requires expected time O(n 4 log2 q) P operations in Fq (Las Vegas).

Hardest when minimal central left multiple is irreducible in Fp[y]. Construct a finite algebra A from f , called the eigenring; show that zero-divisors in A yields composition factors of f . Show how to find zero divisors in a finite algebra quickly. Build very explicit Krull-Schmidt and Jordan-Hölder like decompositions, which show structure of all decompositions

17/29 Enter the Eigenring

Decompose an algebra over Fq associated with f . Deﬁnitions

Idealizer: If ⊆ R largest subring in which Rf a two-sided ideal

If = {u ∈ R : fu ∈ Rf }

Eigenring: Ef = If /Rf an associative algebra over Fq

Theorems

Ef has zero divisors uv = 0 iff f is decomposable. Zero divisors “split” f : gcrd(f , v) , 1. 2 2 Ef has orthogonal idempotents v = 1,w = 1 with v + w = 1 iff f = lclm(f1, f2), with gcrd(f1, f2) = 1 3 Can ﬁnd eigenring with O˜(n ) operations in Fq

18/29 Detour: Decomposing Associative Algebras over Fq

m×m Describe associative algebra A by a Fq -basis a1,..., a` ∈ Fq m×m A = ha1,..., a`i ⊆ Fq How do we Find zero-divisors or certify there are none

If A semisimple, decompose A = A1 ⊕ · · · ⊕ Ar , for Ai simple s×s If A is simple, ﬁnd the explicit isomorphism with Fqη

Friedl & Rónyai (1985) show how to do all this in polynomial time (up to factoring polynomials in Fp[x]) G & Eberly (2000, 2004): “nearly optimal” O(m 3 log m + m 2`) operations in Fq

Las Vegas for semisimple algebras over Fq

Monte Carlo for general algebras over Fq

19/29 Detour: Decomposing Associative Algebras over Fq

Density Theorems n×n Let A = ha1,..., a`i ⊆ Fq be an associative algebra over Fq , a randomly chosen from A, and f = minpoly(a) ∈ Fq [x].

For any A over Fq with zero divisors,

Prob f reducible > 1/9

If f = f1f2 then f1(a)f2(a) = 0, so f1(a), f2(a) zero divisors When A is a ﬁeld, Prob{deg f = n} > 1/4.

20/29 Can ﬁnd the minimal polynomial of σq quickly

Can compute the complete rational Jordan form of σq n Given f ∈ Fq [x ; p] of degree p , we can compute the number of right composition factors of degree p with O(n 3 log2 q) operations in Fq .

Central Multiples and Frobenius Automorphisms

Theorem (von zur Gathen, G, and Ziegler 2010)

n f ∈ Fq [x ; p] squarefree of degree p with roots Vf

σq : Vf → Vf the Frobenius automorphism. ∗ f ∈ Fp[x ; q] be the minimal central left multiple of f .

∗ q + i f = αi x i f = αi y is min poly of σq . 06i6n 06i6n P P

21/29 Central Multiples and Frobenius Automorphisms

Theorem (von zur Gathen, G, and Ziegler 2010)

n f ∈ Fq [x ; p] squarefree of degree p with roots Vf

σq : Vf → Vf the Frobenius automorphism. ∗ f ∈ Fp[x ; q] be the minimal central left multiple of f .

∗ q + i f = αi x i f = αi y is min poly of σq . 06i6n 06i6n P P Can ﬁnd the minimal polynomial of σq quickly

Can compute the complete rational Jordan form of σq n Given f ∈ Fq [x ; p] of degree p , we can compute the number of right composition factors of degree p with O(n 3 log2 q) operations in Fq .

21/29 Back to our example in F125[x ; 5]

25 2 5 2 f = x + (3θ + 4θ + 2)x + (3θ + 4θ + 2)x ∈ Fq [x ; 5] ∗ 1252 125 f = x + 4x + 3x ∈ Fp[x ; 125] = (x 125 − 4x) ◦ (x 125 − 2x)

σ has two eigenvectors 4 0 q So σq ∼ and f has two right factors of degree 5 0 2 5 2 5 h1 = x +θ x+2θx , h2 = x +3θx

22/29 Lemma pi p Ψ has a root c ∈ Fq ⇐⇒ ai x = g ◦ (x − cx) for g ∈ Fq [x ; p]

Theorem P

We can compute the number of roots in Fq of a subadditive 3 2 Ψ ∈ Fq [x] with O(n log q) operations in Fq (even though deg Ψ ≈ pn−1).

Subadditive/Projective Polynomials Subadditive polynomials: Cohen (1990), Abhyankar (1997):

(pi −1)/(p−1) Ψ = ai x ∈ Fq [x] for b , 0 0 i n 6X6 Numerous applications: strong Davenport pairs, difference sets, cryptographically secure sequences, error-correcting codes... Bluher (2004) showed that x p+1 + ax + b has either 0, 1, 2, or p + 1 roots in Fq . This looks familiar!

23/29 Theorem

We can compute the number of roots in Fq of a subadditive 3 2 Ψ ∈ Fq [x] with O(n log q) operations in Fq (even though deg Ψ ≈ pn−1).

Subadditive/Projective Polynomials Subadditive polynomials: Cohen (1990), Abhyankar (1997):

23/29 Subadditive/Projective Polynomials Subadditive polynomials: Cohen (1990), Abhyankar (1997):

Theorem P

We can compute the number of roots in Fq of a subadditive 3 2 Ψ ∈ Fq [x] with O(n log q) operations in Fq (even though deg Ψ ≈ pn−1). 23/29 Inverse Problem – degree p2 case For each possible number of right components, how many additive polynomials of degree n have that many right components?

Equivalently: how many subadditive polynomials in Fq [x] have each possible number of roots in Fq ?

24/29 Inverse Problem – degree p2 case For each possible number of right components, how many additive polynomials of degree n have that many right components?

Equivalently: how many subadditive polynomials in Fq [x] have each possible number of roots in Fq ?

p2 p Bluher (2004): For f = x + a1x + a0x ∈ Fq [x ; p] (a0 , 0)

Right components # additive polynomials of degree p2 of degree p with that many right components p2−p q2−1 0 2 · p−1 q2−q (p−1) 1 · p2−p (p−1)(p−2) (q−1)2 2 2 · (p−1)2 (q−1)(q−p) (p−1) p + 1 · p(p−1)2(p+1) 24/29 Inverse Problem – degree p2 case For each possible number of right components, how many additive polynomials of degree n have that many right components?

Equivalently: how many subadditive polynomials in Fq [x] have each possible number of roots in Fq ?

p2 p Bluher (2004): For f = x + a1x + a0x ∈ Fq [x ; p] (a0 , 0)

Right components # additive polynomials of degree p2 of degree p with that many right components

2 2 0 p −p · q −1 2 p−1 Get an elementary q2−q (p−1) 1 · p2−p proof, algorithm for (p−1)(p−2) (q−1)2 enumeration 2 2 · (p−1)2 (q−1)(q−p) (p−1) p + 1 · p(p−1)2(p+1) 24/29 Inverse Problem – the degree p3 case

3 Von zur Gathen & G (2011): degree p in Fq [x ; p]

3 Right components Number of f ∈ Fq [x ; p] of degree p of degree p with speciﬁed number of right components p3−p q3−1 0 3 · p3−1 p2−p q−1 q2−1 q3−q2 (p−1) (p−1) 1 · 2 · p−1 · p2−1 + · p3−p2 q2−q q−1 (p−1)(p−2) 2 · p2−p · p−1 (p−1)(p−2)(p−3) (q−1)3 3 6 · (p−1)3 q2−q q−p 1 (p−1) p + 1 · p2−p · p−1 · p2 q−1 (q−1)(q−p) (p−1)(p−2) p + 2 · p−1 · p(p−1)2(p+1) (q−1)(q−p)(q−p2) 2 (p−1) p + p + 1 · (p3−1)(p3−p)(p3−p2)

25/29 Indecomposable Additive Polynomials

Indecomposable additive polynomials f ∈ Fq [x ; p]

σq has a single, irreducible Jordan block ∗ f ∈ Fp[y] is irreducible of degree n

k # irreducibles in Fp[y] Let Np(n) = µ(n/k)p = of degree d Xk|n Number of indecomposable additive polynomials is then qn − 1 qn · N (n) ≈ pn − 1 p n

Gives a very compact proof of a theorem of Odoni (1999) n A random additive polynomial of degree p in Fq [x ; p] will be indecomposable with probability about 1/n Randomized polynomial-time algorithm for generating. 26/29 Algorithm: Find right components of x q − cx of degree pn all have (pn − 1)/(p − 1) distinct right components of degree p 4 Cost is O(n ) operations in Fq

Maximizing collisions

n For f ∈ Fq [x ; r] of degree p , the number of distinct right components of degree p is at most (pn − 1)/(p − 1).

Goal: Generate f ∈ Fq [x ; r] with this maximal number

Let Vf ⊆ Fq and σq : Vf → Vf

Components maximized when σ = c · Id for some c ∈ Fp Happens when minpoly(σ) = y − c

27/29 Maximizing collisions

n For f ∈ Fq [x ; r] of degree p , the number of distinct right components of degree p is at most (pn − 1)/(p − 1).

Goal: Generate f ∈ Fq [x ; r] with this maximal number

Let Vf ⊆ Fq and σq : Vf → Vf

Components maximized when σ = c · Id for some c ∈ Fp Happens when minpoly(σ) = y − c Algorithm: Find right components of x q − cx of degree pn all have (pn − 1)/(p − 1) distinct right components of degree p 4 Cost is O(n ) operations in Fq

27/29 How many maximal collisions?

Count the number of n-dimensional subspaces of Vf ∗ :

(q − 1)(q − p) ··· (q − pn−1) S(q, p, n) = (pn − 1)(pn − p) ··· (pn − pn−1) assuming pn−1 < q.

∗ q There are p − 1 non-zero values for c ∈ Fp in f = x − cx

Total number of "maximal collision polynomials" is thus:

(p − 1) · S(q, p, n)

28/29 Open Questions

Inverse theory for number of right factors of degree p of any polynomial in Fq [x ; p] Automatically generate inverse formulas Compute number of right factors of any given degree of a polynomial in Fq [x ; σ] Resolve conjecture: how many decompositions possible for a general polynomial?

29/29