DOCSLIB.ORG

What Can (And Can't) We Do with Sparse Polynomials?

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
What Can (And Can't) We Do with Sparse Polynomials? What Can (and Can’t) we Do with Sparse Polynomials? Daniel S. Roche United States Naval Academy Annapolis, Maryland, U.S.A. [email protected] ABSTRACT This sparse representation matches the one used by default for Simply put, a sparse polynomial is one whose zero coefficients are multivariate polynomials in modern computer algebra systems and not explicitly stored. Such objects are ubiquitous in exact computing, libraries such as Magma [83], Maple [73], Mathematica, Sage [84], and so naturally we would like to have efficient algorithms to handle and Singular [81]. them. However, with this compact storage comes new algorithmic challenges, as fast algorithms for dense polynomials may no longer 1.1 Sparse polynomial algorithm complexity be efficient. In this tutorial we examine the state of the art forsparse Sparse polynomials in the distributed representation are also called polynomial algorithms in three areas: arithmetic, interpolation, and lacunary or supersparse [55] in the literature to emphasize that, in factorization. The aim is to highlight recent progress both in theory this representation, the degree of a polynomial could be exponen- and in practice, as well as opportunities for future work. tially larger than its bit-length. This exposes the essential difficulty of computing with sparse polynomials, in that efficient algorithms KEYWORDS for dense polynomials may cost exponential-time in the sparse setting. sparse polynomial, interpolation, arithmetic, factorization Specifically, when analyzing algorithms for dense polynomials, the most important measure is the degree bound D 2 N such that ACM Reference Format: Daniel S. Roche. 2018. What Can (and Can’t) we Do with Sparse Polyno- deg f < D. The size of the dense representation of a univariate poly- mials?. In ISSAC ’18: 2018 ACM International Symposium on Symbolic and nomial is D ring elements, and many operations can be performed ¹ º ¹ º Algebraic Computation, July 16–19, 2018, New York, NY, USA. ACM, New in DO 1 ring operations, or even D¹log DºO 1 . York, NY, USA, 6 pages. https://doi.org/10.1145/3208976.3209027 In the sparse representation, we need to also consider the num- ber of nonzero terms t, and the bit-length of the exponents. For 1 SPARSE POLYNOMIALS a multivariate (sparse) polynomial, the representation size is O¹tº Sparse polynomials are found in the core of nearly every com- ring elements plus O¹nt log Dº bits, where n is the number of vari- puter algebra system or library, and polynomials with many zero ables and D is now an upper bound on the maximum degree. The coefficients frequently occur in practical settings. goal, then, is to develop new sparse polynomial algorithms which Mathematically, the dividing line between a sparse and dense minimize the cost in terms of n, t, and log D. polynomial is not well-defined. From a computer science stand- The coefficient ring R makes a difference for some algorithms. point, there is a clear distinction, depending on the representation In the general setting we let R be an arbitrary integral domain, and of that polynomial in memory: A dense representation stores zero count ring operations. Another important setting is when R = Z, coefficients explicitly and exponents implicitly, whereas a sparse the ring of integers, in which case we also account for the size of representation does not store zero coefficients at all, but stores coefficients. Write H¹f º for the height of a polynomial, which is the exponents explicitly. maximum magnitude maxi jci j of its coefficients; then a fast algo- There are many variants of sparse representations [25]. This rithm on f should have a small running time in terms of log H¹f º. tutorial considers algorithms for the most compact representation, For simplicity of presentation, and because the algorithmic work the so-called distributed sparse storage [72]. Let f 2 R»x1;:::; xn¼ with sparse polynomials is still at a much more coarse level than, be an n-variate polynomial with coefficients in a ring R. The repre- say, that of integers and dense polynomials, we frequently use sentation of f is by a list of t nonzero terms the soft-oh notation O¹γ º := O γ · ¹logγ ºO¹1º , where γ is some arXiv:1807.08289v1 [cs.SC] 22 Jul 2018 e ¹c1; e1;1;:::; e1;nº; ¹c2; e2;1;:::; e2;nº;:::; ¹ct ; et;1;:::; et;nº running-time function. such that 1.2 Overview e1;1 ··· e1;n e2;1 ··· e2;n ··· et;1 ··· et;n f = c1x1 xn + c2x1 xn + + ct x1 xn The basic challenge of sparse polynomial algorithms is to match with each coefficient ci 2 R nonzero and all exponent tuples the complexity of dense polynomial algorithms for the same task. n ¹ei;1;:::; ei;nº 2 N distinct. We also assume that the terms are In some cases, interestingly, this is (provably) not possible — for sorted according to their exponents in some consistent way. a few problems, even a polynomial-time algorithm in the sparse representation size would imply that P = NP. This paper is authored by an employee(s) of the United States Government and is in the public domain. Non-exclusive copying or redistribution is allowed, provided that Where algorithms are possible, one interesting feature is that the article citation is given and the authors and agency are clearly identified as its they must usually take into account not only the coefficient arith- source. metic over R, but also the exponent arithmetic over Z. In fact, the ISSAC ’18, July 16–19, 2018, New York, NY, USA 2018. ACM ISBN 978-1-4503-5550-6/18/07. latter frequently poses the most difficulty in the design of efficient https://doi.org/10.1145/3208976.3209027 algorithms. 25 ISSAC ’18, July 16–19, 2018, New York, NY, USA Daniel S. Roche This tutorial aims to outline the state of sparse polynomial algo- and a careful analysis. They point out that, while the asymptotic rithms, dividing roughly into the three areas of arithmetic, interpo- runtime is the same, the space for intermediate results is only O¹tº, lation, and factorization. We highlight where essentially-optimal no matter how many terms are in the output. This has tremendous algorithms are already known, where they are known not to exist, practical performance benefits, and it seems that many computer and the numerous cases of open problems in between. algebra systems now use this approach in at least some cases. In fact, there seems to be considerable interest in the fastest practical 2 ARITHMETIC speeds for sparse polynomial multiplication on a variety of hard- Polynomials stored in the dense representation can be added and ware platforms including parallel computing [10, 29, 30, 70, 77]. subtracted in linear-time. Dense polynomial multiplication costs Still, this is unsatisfying from an algorithmic perspective since O D2 ring operations using the classical algorithm, but consider- the number of ring and bit-operations is still quadratic in every able research effort has gone to reducing this complexity, which case, meaning that even the heap-based algorithms will have a hard we now denote as simply M¹Dº. The most general result of [16] cut-off with the speed of dense multiplication as polynomials start gives M¹Dº 2 O¹D log D loglognº, and more recent work [27, 44] to fill-in with nonzero coefficients. reduces this even further for most commonly-used rings. Another approach is to consider the size of the output as a pa- Many other polynomial computations can be reduced to mul- rameter in the complexity. In the worst case, this can be quadratic tiplication. In particular, Euclidean division with remainder costs in the input size, but in cases where the output is smaller, we can O¹M¹Dºº, and (extended) gcd, multi-point evaluation, interpola- hope for faster computation. Furthermore, considering the output tion, Chinese remaindering, and rational reconstruction all cost size allows for a smooth transition to dense algorithms, where the O¹M¹Dº log Dº ring operations [14, §2–6] [32, §8–11]. Note that all output is guaranteed to have at most 2D nonzero terms. these operations take quasi-linear time in the input size Oe¹Dº. Open Problem 1. Develop an algorithm to multiply two sparse As discussed previously, these algorithms are not polynomial- polynomials f ;д 2 R»x¼ using Oe¹t log Dº ring and bit operations, time in the size of the sparse representation. where t is the number of terms in f , д, and f д, and D is an upper bound on their degrees. 2.1 Addition and subtraction Adding or subtracting sparse polynomials is a matter of combining Considerable progress has been made toward this open problem, like terms, which amounts to a merge operation on the two lists of and it seems now nearly within reach. Some authors have looked at nonzero terms. From our assumption that terms are stored in sorted special cases, when the support of nonzero coefficients has a certain order, this costs O¹t log Dº bit operations and O¹tº ring additions, structure, to reduce to dense multiplication and achieve the desired where t is the number of terms in the two input polynomials. This complexity in those cases [45, 79, 80]. matches the size of the input and is therefore optimal. A more general solution approach is to use sparse interpolation Notice, however, that the size of the output can grow much more algorithms, which we examine in further detail in the next section. quickly than with dense polynomials. When adding two dense poly- First, [46] showed that the open problem is essentially solved when nomials with degrees less than D, the cost is O¹Dº and the output the support of the product is already known.
Load more

Recommended publications
  • A New Algorithm to Search for Irreducible Polynomials Using Q Decimal Equivalents of Polynomials Over Galois Field GF(P )
    A New Algorithm to Search for Irreducible Polynomials Using q Decimal Equivalents of Polynomials over Galois Field GF(p ) 1 2 Sankhanil Dey and Ranjan Ghosh Institute of Radio Physics and Electronics University of Calcutta, 92 A. P. C. Road, Kolkata – 700 009 1 2 [email protected], [email protected] Abstract. In this paper a new algorithm to find the decimal equivalents of all monic irreducible polynomials (IPs) over Galois Field GF(pq) has been introduced. This algorithm is effective to find the decimal equivalents of monic IPs over Galois Field with a large value of prime modulus and also with a large extension of the prime modulus. The algorithm introduced in this paper is much more time effective with less complexity. It is able to find monic irreducible polynomials for a large value of prime modulus and also with large extension of the prime modulus in few seconds. Introduction. From the last few decades, efficient implementation of cryptographic algorithms has been in the focal point of major research efforts in cryptography. Cryptography is one of the most dominant application areas of the finite field arithmetic [1]. Almost all symmetric-key cryptographic algorithms, including recent algorithms such as elliptic curve and pairing-based cryptography depends heavily on finite field arithmetic. Majority of cryptographic algorithms utilize arithmetic in finite mathematical structures such as finite multiplicative groups, rings, polynomials and finite fields [2]. The use of basic arithmetic operations (i.e. addition, multiplication, and inversion) over finite fields, GF(pq), where p is prime modulus and q is extension of the prime modulii, are dominant in many cryptographic algorithms such as RSA algorithm [3], Diffie-Hellman key exchange algorithm [4], the US federal Digital Signature Standard [5], elliptic curve cryptography [6][7], and also recently pairing-based cryptography [8][9].
    [Show full text]
  • Taking Place Value Seriously: Arithmetic, Estimation, and Algebra
    Taking Place Value Seriously: Arithmetic, Estimation, and Algebra by Roger Howe, Yale University and Susanna S. Epp, DePaul University Introduction and Summary Arithmetic, first of nonnegative integers, then of decimal and common fractions, and later of rational expres- sions and functions, is a central theme in school mathematics. This article attempts to point out ways to make the study of arithmetic more unified and more conceptual through a systematic emphasis on place-value structure in the base 10 number system. The article contains five sections. Section one reviews the basic principles of base 10 notation and points out the sophisticated structure underlying its amazing efficiency. Careful definitions are given for the basic constituents out of which numbers written in base 10 notation are formed: digit, power of 10 ,andsingle-place number. The idea of order of magnitude is also discussed, to prepare the way for considering relative sizes of numbers. Section two discusses how base 10 notation enables efficient algorithms for addition, subtraction, mul- tiplication and division of nonnegative integers. The crucial point is that the main outlines of all these procedures are determined by the form of numbers written in base 10 notation together with the Rules of Arithmetic 1. Division plays an especially important role in the discussion because both of the two main ways to interpret numbers written in base 10 notation are connected with division. One way is to think of the base 10 expansion as the result of successive divisions-with-remainder by 10; the other way involves suc- cessive approximation by single-place numbers and provides the basis for the usual long-division algorithm.
    [Show full text]
  • 3 Finite Field Arithmetic
    18.783 Elliptic Curves Spring 2021 Lecture #3 02/24/2021 3 Finite field arithmetic In order to perform explicit computations with elliptic curves over finite fields, we first need to understand how to compute in finite fields. In many of the applications we will consider, the finite fields involved will be quite large, so it is important to understand the computational complexity of finite field operations. This is a huge topic, one to which an entire course could be devoted, but we will spend just one or two lectures on this topic, with the goal of understanding the most commonly used algorithms and analyzing their asymptotic complexity. This will force us to omit many details, but references to the relevant literature will be provided for those who want to learn more. Our first step is to fix an explicit representation of finite field elements. This might seem like a technical detail, but it is actually quite crucial; questions of computational complexity are meaningless otherwise. Example 3.1. By Theorem 3.12 below, the multiplicative group of a finite field Fq is cyclic. One way to represent the nonzero elements of a finite field is as explicit powers of a fixed generator, in which case it is enough to know the exponent, an integer in [0; q − 1]. With this representation multiplication and division are easy, solving the discrete logarithm problem is trivial, but addition is costly (not even polynomial time). We will instead choose a representation that makes addition (and subtraction) very easy, multiplication slightly harder but still easy, division slightly harder than multiplication but still easy (all these operations take quasi-linear time).
    [Show full text]
  • Implementation Techniques for Fast Polynomial Arithmetic in a High-Level Programming Environment
    Implementation Techniques For Fast Polynomial Arithmetic In A High-level Programming Environment Akpodigha Filatei Xin Li Marc Moreno Maza ORCCA, University of Western ORCCA, University of Western ORCCA, University of Western Ontario (UWO) Ontario (UWO) Ontario (UWO) London, Ontario, Canada London, Ontario, Canada London, Ontario, Canada afi[email protected] [email protected] [email protected] Eric´ Schost LIX, Ecole´ polytechnique 91128 Palaiseau, France [email protected] ABSTRACT multiplication is “better than the classical method approxi- Though there is increased activity in the implementation of mately when n + m ≥ 600”, where n and m are the degrees asymptotically fast polynomial arithmetic, little is reported of the input polynomials. In [22] p. 501, quoting [3], Knuth on the details of such effort. In this paper, we discuss how we writes “He (R. P. Brent) estimated that Strassen’s scheme achieve high performance in implementing some well-studied would not begin to excel over Winograd’s until n ≈ 250 and fast algorithms for polynomial arithmetic in two high-level such enormous matrices rarely occur in practice unless they programming environments, AXIOM and Aldor. are very sparse, when other techniques apply.” Two approaches are investigated. With Aldor we rely The implementation of asymptotically fast arithmetic was only on high-level generic code, whereas with AXIOM we not the primary concern of the early computer algebra sys- endeavor to mix high-level, middle-level and low-level spe- tems, which had many other challenges to face. For in- stance, one of the main motivations for the development of cialized code. We show that our implementations are satis- AXIOM factory compared with other known computer algebra sys- the computer algebra system [19] was the design tems or libraries such as Magma v2.11-2 and NTL v5.4.
    [Show full text]
  • Cryptography and Network Security Chapter 4
    Cryptography and Network Chapter 4 –Basic Concepts in Number Security Theory and Finite Fields Chapter 4 The next morning at daybreak, Star flew indoors, seemingly keen for a lesson. I said, "Tap eight." She did a brilliant exhibition, first tapping it in 4, 4, then giving me a hasty glance and doing it in 2, 2, 2, 2, before coming for her nut. It is astonishing that Star learned to count up to 8 with no difficulty, and of her own accord discovered that each number could be given with various different divisions, this leaving no doubt that she was Fifth Edition consciously thinking each number. In fact, she did mental arithmetic, although unable, like humans, to name the numbers. But she learned to by William Stallings recognize their spoken names almost immediately and was able to remember the sounds of the names. Star is unique as a wild bird, who of her own free will pursued the science of numbers with keen interest and astonishing intelligence. Lecture slides by Lawrie Brown — Living with Birds, Len Howard Introduction Divisors • will now introduce finite fields • say a non‐zero number b divides a if for some m • of increasing importance in cryptography have a=mb (a,b,m all integers) – AES, Elliptic Curve, IDEA, Public Key • that is b divides into a with no remainder • concern operations on “numbers” • denote this b|a – where what constitutes a “number” and the type • and say that b is a divisor of a of operations varies considerably • eg. all of 1,2,3,4,6,8,12,24 divide 24 • start with basic number theory concepts • eg.
    [Show full text]
  • Finite Fields (PART 3): Polynomial Arithmetic
    Lecture 6: Finite Fields (PART 3) PART 3: Polynomial Arithmetic Theoretical Underpinnings of Modern Cryptography Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) February 4, 2021 12:02 Noon ©2021 Avinash Kak, Purdue University Goals: To review polynomial arithmetic Polynomial arithmetic when the coefficients are drawn from a finite field The concept of an irreducible polynomial Polynomials over the GF (2) finite field CONTENTS Section Title Page 6.1 Polynomial Arithmetic 3 6.2 Arithmetic Operations on Polynomials 5 6.3 Dividing One Polynomial by Another Using Long 7 Division 6.4 Arithmetic Operations on Polynomial Whose 9 Coefficients Belong to a Finite Field 6.5 Dividing Polynomials Defined over a Finite Field 11 6.6 Let’s Now Consider Polynomials Defined 13 over GF (2) 6.7 Arithmetic Operations on Polynomials 15 over GF (2) 6.8 So What Sort of Questions Does Polynomial 17 Arithmetic Address? 6.9 Polynomials over a Finite Field Constitute a Ring 18 6.10 When is Polynomial Division Permitted? 20 6.11 Irreducible Polynomials, Prime Polynomials 22 6.12 Homework Problems 23 2 Computer and Network Security by Avi Kak Lecture 6 Back to TOC 6.1 POLYNOMIAL ARITHMETIC Why study polynomial arithmetic? For the very simple reason that we can represent a bit pattern by a polynomial in, say, the variable x. Each power of x in the polynomial can stand for a bit position in a bit pattern. For example, we can represent the bit pattern 111 by the polynomial x2 + x +1. On the other hand, the bit pattern 101 would be represented by the polynomial x2 + 1 and the pattern 011 by the polynomial x +1.
    [Show full text]
  • Algorithms and Data Structures for Sparse Polynomial Arithmetic
    mathematics Article Algorithms and Data Structures for Sparse Polynomial Arithmetic Mohammadali Asadi, Alexander Brandt *, Robert H. C. Moir and Marc Moreno Maza Department of Computer Science, University of Western Ontario, London, ON N6A 5B7, Canada; [email protected] (M.A.); [email protected] (R.H.C.M.); [email protected] (M.M.M.) * Correspondence: [email protected] Received: 1 February 2019; Accepted: 12 May 2019; Published: 17 May 2019 Abstract: We provide a comprehensive presentation of algorithms, data structures, and implementation techniques for high-performance sparse multivariate polynomial arithmetic over the integers and rational numbers as implemented in the freely available Basic Polynomial Algebra Subprograms (BPAS) library. We report on an algorithm for sparse pseudo-division, based on the algorithms for division with remainder, multiplication, and addition, which are also examined herein. The pseudo-division and division with remainder operations are extended to multi-divisor pseudo-division and normal form algorithms, respectively, where the divisor set is assumed to form a triangular set. Our operations make use of two data structures for sparse distributed polynomials and sparse recursively viewed polynomials, with a keen focus on locality and memory usage for optimized performance on modern memory hierarchies. Experimentation shows that these new implementations compare favorably against competing implementations, performing between a factor of 3 better (for multiplication over the integers) to more than 4 orders of magnitude better (for pseudo-division with respect to a triangular set). Keywords: sparse polynomials; polynomial arithmetic; normal form; pseudo-division; pseudo-remainder; sparse data structures 1. Introduction Technological advances in computer hardware have allowed scientists to greatly expand the size and complexity of problems tackled by scientific computing.
    [Show full text]
  • Finite Fields (PART 4)
    Lecture 7: Finite Fields (PART 4) PART 4: Finite Fields of the Form GF (2n) Theoretical Underpinnings of Modern Cryptography Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) February 9, 2021 4:58pm ©2021 Avinash Kak, Purdue University Goals: n To review finite fields of the form GF (2 ) To show how arithmetic operations can be carried out by directly operating on the bit patterns for the elements of GF (2n) Perl and Python implementations for arithmetic in a Galois Field using my BitVector modules CONTENTS Section Title Page 7.1 Consider Again the Polynomials over GF (2) 3 7.2 Modular Polynomial Arithmetic 5 7.3 How Large is the Set of Polynomials When 8 Multiplications are Carried Out Modulo x2 + x +1 7.4 How Do We Know that GF (23) is a Finite Field? 10 7.5 GF (2n) a Finite Field for Every n 14 7.6 Representing the Individual Polynomials 15 in GF (2n) by Binary Code Words 7.7 Some Observations on Bit-Pattern Additions 18 in GF (2n) 7.8 Some Observations on Arithmetic Multiplication 20 in GF (2n) 7.9 Direct Bitwise Operations for Multiplication 22 in GF (28) 7.10 Summary of How a Multiplication is Carried 25 Out in GF (28) 7.11 Finding Multiplicative Inverses in GF (2n) 27 with Implementations in Perl and Python 7.12 Using a Generator to Represent the Elements 34 of GF (2n) 7.13 Homework Problems 38 2 Computer and Network Security by Avi Kak Lecture 7 Back to TOC 7.1 CONSIDER AGAIN THE POLYNOMIALS OVER GF (2) Recall from Lecture 6 that GF (2) is a finite field consisting of the set {0, 1}, with modulo 2 addition as the group operator and modulo 2 multiplication as the ring operator.
    [Show full text]
  • Polynomial Inversion Over GF(2M) Based on Extended Euclidean Algorithm
    Polynomial Inversion Over GF(2m) Based on Extended Euclidean Algorithm FPGA Design and Implementation ELEC543 Project Report Summer 2015 VLSI Prepared by: Ibrahim Hazmi Supervised by: Dr. Fayez Gebali Contents Abstract 3 Project Overview 4 Objective 4 Introduction 4 Background on the extended Euclidean algorithm (EEA) 4 Project Description and Project Milestones 5 Design methodology and alternatives 7 The Design in Details 8 Binary Polynomial Divider (BPD) Design 8 The Extension Module Design 11 Top-Level Design: The Extended Euclidean Algorithm (EEA) 12 Simulation 14 Hardware Implementation 17 Conclusion 19 Appendix 20 Bibliography 22 2 !3 ELEC543_EEA_REPORT Abstract The objective of the project was to design a “Polynomial Inverter” over binary field based on the extended Euclidean algorithm (EEA). The main focus in the project was on the functionality of the design, which has been verified in ISE simulation and implemented successfully on Xilinx Spartan 3E FPGA. The project has been divided into three stages. First, designing the binary division algorithm (BDA), which was the main building block of the inversion circuit and the bottle nick of the design as well. The ultimate goal in this stage was to produce the remainder and the quotient in a minimum number of cycles. Computing the quotient was the most challenging part of the BDA design as the idea was to utilize degree difference of the polynomials in order to obtain the right number of required shifts each cycle. There were different attempts to design the BDA, starting with a spreadsheet, which works similarly to the manual procedure and was used as a reference.
    [Show full text]
  • EMPIRICAL OPTIMIZATION of DIVISOR ARITHMETIC on HYPERELLIPTIC CURVES OVER F2m
    Advances in Mathematics of Communications doi:10.3934/amc.2013.7.485 Volume 7, No. 4, 2013, 485–502 EMPIRICAL OPTIMIZATION OF DIVISOR ARITHMETIC ON HYPERELLIPTIC CURVES OVER F2m Laurent Imbert CNRS, LIRMM Université Montpellier 2 161 rue Ada F-34095 Montpellier, France Michael J. Jacobson, Jr. Department of Computer Science University of Calgary 2500 University Drive NW Calgary, Alberta T2N 1N4, Canada (Communicated by Andreas Stein) Abstract. A significant amount of effort has been devoted to improving divi- sor arithmetic on low-genus hyperelliptic curves via explicit versions of generic algorithms. Moderate and high genus curves also arise in cryptographic appli- cations, for example, via the Weil descent attack on the elliptic curve discrete logarithm problem, but for these curves, the generic algorithms are to date the most efficient available. Nagao [22] described how some of the techniques used in deriving efficient explicit formulas can be used to speed up divisor arith- metic using Cantor’s algorithm on curves of arbitrary genus. In this paper, we describe how Nagao’s methods, together with a sub-quadratic complexity partial extended Euclidean algorithm using the half-gcd algorithm can be ap- plied to improve arithmetic in the degree zero divisor class group. We present numerical results showing which combination of techniques is more efficient for hyperelliptic curves over F2n of various genera. 1. Introduction Hyperelliptic curves defined over finite fields were first proposed for cryptograph- ic use by Koblitz [19] in 1989, with the special case of genus one curves (elliptic curves) having been proposed earlier by Koblitz and Miller independently [20, 18].
    [Show full text]
  • New Algorithms for Finding Irreducible Polynomials Over Finite Fields
    mathematics of computation volume 54, number 189 january 1990,pages 435-447 NEW ALGORITHMS FOR FINDING IRREDUCIBLE POLYNOMIALS OVER FINITE FIELDS VICTOR SHOUP Abstract. We present a new algorithm for finding an irreducible polynomial of specified degree over a finite field. Our algorithm is deterministic, and it runs in polynomial time for fields of small characteristic. We in fact prove the stronger result that the problem of finding irreducible polynomials of specified degree over a finite field is deterministic polynomial-time reducible to the problem of factoring polynomials over the prime field. 1. Introduction In this paper we present some new algorithms for finding irreducible polyno- mials over finite fields. Such polynomials are used to implement arithmetic in extension fields found in many applications, including coding theory (Berlekamp [5]), cryptography (Chor and Rivest [8]), multivariate polynomial factoring (von zur Gathen and Kaltofen [13]), and parallel polynomial arithmetic (Eberly [9]). Let p be a prime number, F the finite field G¥(p), and n a positive integer. Consider the deterministic complexity of finding an irreducible polynomial in F[X] of degree n. Since encoding a polynomial in F[X] of degree n requires about n \ogp bits, a polynomial-time algorithm for finding irreducible polyno- mials in F[X] of degree n should run in time bounded by a polynomial in n and logp . There is no known deterministic polynomial-time algorithm for this problem. However, in many applications p is small, and so an algorithm that ran in time polynomial in n and p would be of value. We present one here.
    [Show full text]
  • Positional Arithmetic: Subtraction, Multiplication and Division Over Extended Galois Field GF(P )
    Positional Arithmetic: Subtraction, Multiplication and Division over Extended Galois Field GF(pq). Sankhanil Dey1 and Ranjan Ghosh2, [email protected], [email protected], Institute of Radio Physics and Electronics, 92 APC Road, Kolkata-700009, University of Calcutta. Abstract. The method to Subtract, Multiply and Divide two Field Numbers over the Extended Galois Field GF(pq) is a well needed solution to the field of Discrete Mathematics as well as in Cryptology. In this paper the addition of two Galois Field Numbers over Extended Galois Field GF(pq) has been reviewed and Subtraction, Multiplication and Division of two Galois Field Number over Extended Galois Field GF(pq) has been defined. Introduction. In Galois field addition [1][2] two digits of two different Galois field number of the same position have been added in decimal and modulated with Galois field Prime Modulus P to obtain the respective digits of the Sum Galois field Number over Galois Field GF(pq) . In Galois field subtraction digits of the less valued Galois field number from the greater valued Galois field number of the same position have been subtracted in decimal and modulated with Galois field Prime Modulus P to obtain the respective digits of the Difference Galois field Number over Galois Field GF(pq). q In Multiplication of two Galois Field Numbers over extended Galois field GF(p ) The product Number st nd must have (q1+q2)+1 digits in it if 1 number contains q1 positions and 2 number contains q2 positions. The q position of the terms of the Product Number over extended Galois field GF(p ) varies from 0 → (q1+q2).
    [Show full text]