Factoring polynomials over finite fields Summary and et questions 12 octobre 2011 1 Finite fields Let p an odd prime and let Fp = Z=pZ the (unique up to automorphism) field with p-elements. We want to classify finite fields up to automorphism. Question 1 Give a field with 4 elements. Is there any field with 6 elements ? Let K be a finite field. Its characteristic p is finite. Otherwise K would contain Q. So K contains a subfield isomorphic to Fp. So K is a vector space over Fp. Let d be its dimension. The cardinality of K is pd. p Let Φ : K ! K be the map defined by Φ(x) = x . It is an Fp-linear map. It is even a ring homomorphism. It is called the Frobenius endomorphism. The multiplicative group K ∗ is cyclic. More generally, any finite subgroup in the multiplicative group of a field is cyclic. A primitive element of K is by definition a generator of the group K ∗. Be carefull : some people call primitive any element that generates K as an Fp-algebra. Question 2 Find a primitive element in F101. How many primitive elements do we have in Fp ? How can we find such an element in general ? Let F (x) 2 Fp[x] be a degree d irreducible polynomial. Then Fp[x]=F (x) is a finite field with cardinality pd. Question 3 Is every finite field isomorphic to such a quotient ? We prove that for any positive integer d there exists a degree d irreducible polynomial in Fp[x]. This finishes the classification of finite fields. To prove the existence of irreducible polynomial for every degree we first prove the following identity in Fp[x] d Y xp − x = f(x) (1) where f(x) runs over the set of irreducible polynomials with degree dividing d. We deduce that 1 X pd = eN(e) (2) ejd where N(e) is the number of monic irreducible polynomials of degree e in Fp[x]. Using Mœbius inversion formula we deduce X d dN(d) = µ( )pe (3) e ejd To prove the existence of a degree d irreducible polynomial it suffices to P d e prove that the sum ejd µ( e )p is positive. Indeed if d ≥ 2 then X d X X µ( )pe ≥ pd − pe ≥ pd − pe ≥ pd − pd=2+1 + 1 ≥ 1: e ejd ejd et e6=d 1≤e≤d=2 So there exists a field with cardinality pd. It is easy to see that two finite fields with the same cardinality are isomorphic. We write Fq for the field with q elements. This is a questionable notation because this field is only defined up to isomorphism, unless we have fixed one algebraic closure Ω for Fp. In this text we are interesed in the following problem : given a polynomial A(x) in Fp[x], find the decomposition of A(x) as a product of irreducible factors. The algorithm we present decomposes in three steps. There are variants for the third step. We only present one of them. Question 4 About the various meanings of primitive element. How many pri- ∗ mitive elements do we have in F256 ? How many generators of the group F256 ? How many generators of the F2-algebra F256 ? Deduce the number of degree 8 irreducible polynomials in F2[x]. 2 Berlekamp's algorithm, first step We want to factor A(x) 2 Fp[x]. Assume A is monic. Let Y ei A(x) = fi (x) 1≤i≤I be the prime decomposition. The integer ei ≥ 1 is the multiplicity of fi(x) in A. The goal of this first step is to reduce to the case where A is square-free (i.e. all multiplicities are 0 or 1). The square-free case will be treated in steps 2 and 3. 0 The multiplicity of fi(x) in the derivative A (x) is ei − 1 if ei is non-zero modulo p. Otherwise it is ei. Set B = pgcd(A; A0). If B = A then p divides all ei so A is a p-th power. One easily finds an R(x) such that Rp = A. We reduce to factoring R. 2 If B 6= A then we set C = A=B and we reduce to factoring C and B. We note that C is square-free. An example with Mupad : R := Dom :: IntegerMod(5); A := poly((x-1)*(x-2)^2*(x-3)^6,R); We obtain a degree 9 polynomial to be factored. B := gcd(A,diff(A,x)); C := A/B; The equivalent commands in Maple are A:=(x-1)*(x-2)^2*(x-3)^6; A:=expand(A); B:=Gcd(A,diff(A,x)) mod 5; Rem(A,B,x) mod 5; C:=Quo(A,B,x) mod 5; The polynomial C has degree 3 and is square-free, so we are content with it. The polynomial B has degree 6. We continue. F := gcd(B,diff(B,x)); G := B/F; The polynomial G has degree 1. We are content with it. We continue with F . H := gcd(F,diff(F,x)); We find H = F . This is not a surprise because H = x5 + 2 is a 5-th power. Indeed H(x) = (x + 2)5. 3 Second step Thanks to the first step we now have square-free polynomials to factor. We use the identity (1). p If A(x) is square-free we set A1(x) = pgcd(A(x); x − x). We check the A1 is the product of all degree 1 irreducible factors of A(x). p2 We set A2(x) = pgcd(A=A1; x −x). This is the product of all degree 2 irre- p3 ducible factors of A. We continue and compute A3(x) = pgcd(A=(A1A2); x −x) ... In the end we have decomposed A as a product of polynomials A1, A2, A3, . , where Ai is square-free and has only degree i irreductible factors. Factoring such polynomials will be the purpose of the third step. An example of the second step treated in Mupad : 3 R := Dom :: IntegerMod(2); A := poly(x^9+x^8+x^7+x^2+x+1,[x],R); B := gcd(A,diff(A,x)); We obtain poly(1, [x], Dom::IntegerMod(2)) Then A1 := gcd(A,poly(x^2-x,[x],R)); C1 := A/A1; We obtain A1 = x + 1. Then A2 := gcd(C1,poly(x^4-x,[x],R)); C2 := C1/A2; A3 := gcd(C2,poly(x^8-x,[x],R)); 2 We obtain A2 = x + x + 1 et A3 = C2. Question 5 What can we deduce about the factors of A ? 4 We now treat an example with p = 101. Let A(x) = x + x + 7 2 F101[x] the polynomial to be factored. We don't want to compute the gcd of x101 − x and A(x) directly. Even less the gcd with x1012 − x. We work in the ring R = Fp[x]=A(x) and set α = x mod A(x). We compute αp = U(x) mod A(x) with deg(U) < deg(A). We check that pgcd(xp − x; A(x)) = pgcd(U(x) − x; A(x)): This way we avoid dealing with big polynomials. Note that αp 2 R can be computed using the fast exponentiation algorithm. Another example of the second step in Mupad : R := Dom :: IntegerMod(101); A := poly(x^4+x+7,[x],R); B := gcd(A,diff(A,x)); U := powermod(x,101,A); We obtain B = 1 and U = 21x3 + 58x2 + 89x + 41. Equivalent instructions in Maple are A := x^4+x+7; B := Gcd(A,diff(A,x)) mod 101; U:=Powmod(x,101,A,x) mod 101; We continue 4 C := gcd(poly(U-x,R),A); We find C = x2 + 38x + 11. Question 6 What can we deduce about the irreducible factors of A ? Question 7 Give an estimate for the number of elementary operations required by the second step of Berlekamp's algorithm. 4 Third step After the second step we find ourselves with square-free polynomials having equal degree irreducible factors. So let A 2 Fp[x] be such a polynomial and let k be the degree of all its irreducible factors. Let I be the number of these factors. So deg(A) = Ik. We assume the characteristic p is odd. We come back to equation (1). We pd−1 set rd = 2 . We find Y (xrd − 1)(xrd + 1)x = f(x) (4) where the product is over all irreducible monic polynomials in Fp[x] having degree dividing d. r r We set A1 = pgcd(A; x k −1), A−1 = pgcd(A; x k +1), and A0 = pgcd(A; x). So A = A0A1A−1. If f is an irreducible factor of A and α 2 Fpk a root of f, then f divides A1 if and only if α is a non-zero square in Fpk . More generally, let U(x) be a polynomial in Fp[x] and set U rk U rk U A1 = pgcd(A; U(x) −1), A−1 = pgcd(A; U(x) +1), and A0 = pgcd(A; U(x)). U U U So A = A0 A1 A−1. If f is an irreducible factor of A and α 2 Fpk a root of f, U then f divides A1 if and only if U(α) is a non-zero square in Fpk . Question 8 Pick a random (with uniform distribution) U(x) among all poly- nomials Fp[x] having degree ≤ deg(A) − 1. What is the probability that one of U U U polynomials A0 , A1 , A−1 be a non-trivial factor of A ? How many trials do we need on average to find such a non-trivial factor ? Question 9 Give an upper bound for the number of elementary operations U U U that are necessary to compute A0 , A1 and A−1.