Factoring polynomials over finite fields
Summary and et questions
12 octobre 2011
1
Finite fields
Let p an odd prime and let Fp = Z/pZ the (unique up to automorphism)
field with p-elements. We want to classify finite fields up to automorphism.
Question 1 Give a field with 4 elements. Is there any field with 6 elements ?
Let K be a finite field. Its characteristic p is finite. Otherwise K would
contain Q.
So K contains a subfield isomorphic to Fp . So K is a vector space over Fp .
Let d be its dimension. The cardinality of K is pd .
Let Φ : K → K be the map defined by Φ(x) = xp . It is an Fp -linear map.
It is even a ring homomorphism. It is called the Frobenius endomorphism.
The multiplicative group K ∗ is cyclic. More generally, any finite subgroup
in the multiplicative group of a field is cyclic.
A primitive element of K is by definition a generator of the group K ∗ .
Be carefull : some people call primitive any element that generates K as an
Fp -algebra.
Question 2 Find a primitive element in F101 . How many primitive elements
do we have in Fp ? How can we find such an element in general ?
Let F (x) ∈ Fp [x] be a degree d irreducible polynomial. Then Fp [x]/F (x) is
a finite field with cardinality pd .
Question 3 Is every finite field isomorphic to such a quotient ?
We prove that for any positive integer d there exists a degree d irreducible
polynomial in Fp [x]. This finishes the classification of finite fields.
To prove the existence of irreducible polynomial for every degree we first
prove the following identity in Fp [x]
d
xp − x =
Y
f (x)
(1)
where f (x) runs over the set of irreducible polynomials with degree dividing d.
We deduce that
1
pd =
X
eN (e)
(2)
e|d
where N (e) is the number of monic irreducible polynomials of degree e in Fp [x].
Using Mœbius inversion formula we deduce
dN (d) =
X
e|d
d
µ( )pe
e
(3)
To prove the existence
of a degree d irreducible polynomial it suffices to
P
d e
prove that the sum e|d µ( e )p is positive.
Indeed if d ≥ 2 then
X
e|d
d
µ( )pe ≥ pd −
e
X
X
pe ≥ pd −
pe ≥ pd − pd/2+1 + 1 ≥ 1.
1≤e≤d/2
e|d et e6=d
So there exists a field with cardinality pd . It is easy to see that two finite
fields with the same cardinality are isomorphic.
We write Fq for the field with q elements. This is a questionable notation
because this field is only defined up to isomorphism, unless we have fixed one
algebraic closure Ω for Fp .
In this text we are interesed in the following problem : given a polynomial
A(x) in Fp [x], find the decomposition of A(x) as a product of irreducible factors.
The algorithm we present decomposes in three steps. There are variants for
the third step. We only present one of them.
Question 4 About the various meanings of primitive element. How many primitive elements do we have in F256 ? How many generators of the group F∗256 ?
How many generators of the F2 -algebra F256 ?
Deduce the number of degree 8 irreducible polynomials in F2 [x].
2
Berlekamp’s algorithm, first step
We want to factor A(x) ∈ Fp [x]. Assume A is monic. Let
Y e
A(x) =
fi i (x)
1≤i≤I
be the prime decomposition. The integer ei ≥ 1 is the multiplicity of fi (x) in
A. The goal of this first step is to reduce to the case where A is square-free (i.e.
all multiplicities are 0 or 1). The square-free case will be treated in steps 2 and
3.
The multiplicity of fi (x) in the derivative A0 (x) is ei − 1 if ei is non-zero
modulo p. Otherwise it is ei .
Set B = pgcd(A, A0 ).
If B = A then p divides all ei so A is a p-th power. One easily finds an R(x)
such that Rp = A. We reduce to factoring R.
2
If B 6= A then we set C = A/B and we reduce to factoring C and B. We
note that C is square-free.
An example with Mupad :
R := Dom :: IntegerMod(5);
A := poly((x-1)*(x-2)^2*(x-3)^6,R);
We obtain a degree 9 polynomial to be factored.
B := gcd(A,diff(A,x));
C := A/B;
The equivalent commands in Maple are
A:=(x-1)*(x-2)^2*(x-3)^6;
A:=expand(A);
B:=Gcd(A,diff(A,x)) mod 5;
Rem(A,B,x) mod 5;
C:=Quo(A,B,x) mod 5;
The polynomial C has degree 3 and is square-free, so we are content with
it.
The polynomial B has degree 6. We continue.
F := gcd(B,diff(B,x));
G := B/F;
The polynomial G has degree 1. We are content with it. We continue with
F.
H := gcd(F,diff(F,x));
We find H = F . This is not a surprise because H = x5 + 2 is a 5-th power.
Indeed H(x) = (x + 2)5 .
3
Second step
Thanks to the first step we now have square-free polynomials to factor.
We use the identity (1).
If A(x) is square-free we set A1 (x) = pgcd(A(x), xp − x). We check the A1
is the product of all degree 1 irreducible factors of A(x).
2
We set A2 (x) = pgcd(A/A1 , xp − x). This is the product of all degree 2 irre3
ducible factors of A. We continue and compute A3 (x) = pgcd(A/(A1 A2 ), xp −x)
...
In the end we have decomposed A as a product of polynomials A1 , A2 , A3 ,
. . . , where Ai is square-free and has only degree i irreductible factors.
Factoring such polynomials will be the purpose of the third step.
An example of the second step treated in Mupad :
3
R := Dom :: IntegerMod(2);
A := poly(x^9+x^8+x^7+x^2+x+1,[x],R);
B := gcd(A,diff(A,x));
We obtain
poly(1, [x], Dom::IntegerMod(2))
Then
A1 := gcd(A,poly(x^2-x,[x],R));
C1 := A/A1;
We obtain A1 = x + 1. Then
A2 := gcd(C1,poly(x^4-x,[x],R));
C2 := C1/A2;
A3 := gcd(C2,poly(x^8-x,[x],R));
We obtain A2 = x2 + x + 1 et A3 = C2 .
Question 5 What can we deduce about the factors of A ?
We now treat an example with p = 101. Let A(x) = x4 + x + 7 ∈ F101 [x]
the polynomial to be factored.
We don’t want to compute the gcd of x101 − x and A(x) directly. Even less
2
the gcd with x101 − x.
We work in the ring R = Fp [x]/A(x) and set α = x mod A(x). We compute
αp = U (x) mod A(x) with deg(U ) < deg(A). We check that
pgcd(xp − x, A(x)) = pgcd(U (x) − x, A(x)).
This way we avoid dealing with big polynomials.
Note that αp ∈ R can be computed using the fast exponentiation algorithm.
Another example of the second step in Mupad :
R
A
B
U
:= Dom :: IntegerMod(101);
:= poly(x^4+x+7,[x],R);
:= gcd(A,diff(A,x));
:= powermod(x,101,A);
We obtain B = 1 and U = 21x3 + 58x2 + 89x + 41.
Equivalent instructions in Maple are
A := x^4+x+7;
B := Gcd(A,diff(A,x)) mod 101;
U:=Powmod(x,101,A,x) mod 101;
We continue
4
C := gcd(poly(U-x,R),A);
We find C = x2 + 38x + 11.
Question 6 What can we deduce about the irreducible factors of A ?
Question 7 Give an estimate for the number of elementary operations required
by the second step of Berlekamp’s algorithm.
4
Third step
After the second step we find ourselves with square-free polynomials having
equal degree irreducible factors. So let A ∈ Fp [x] be such a polynomial and let k
be the degree of all its irreducible factors. Let I be the number of these factors.
So deg(A) = Ik.
We assume the characteristic p is odd. We come back to equation (1). We
d
set rd = p 2−1 . We find
(xrd − 1)(xrd + 1)x =
Y
f (x)
(4)
where the product is over all irreducible monic polynomials in Fp [x] having
degree dividing d.
We set A1 = pgcd(A, xrk −1), A−1 = pgcd(A, xrk +1), and A0 = pgcd(A, x).
So A = A0 A1 A−1 .
If f is an irreducible factor of A and α ∈ Fpk a root of f , then f divides A1
if and only if α is a non-zero square in Fpk .
More generally, let U (x) be a polynomial in Fp [x] and set
rk
U
rk
U
AU
1 = pgcd(A, U (x) −1), A−1 = pgcd(A, U (x) +1), and A0 = pgcd(A, U (x)).
U
U
U
So A = A0 A1 A−1 . If f is an irreducible factor of A and α ∈ Fpk a root of f ,
then f divides AU
1 if and only if U (α) is a non-zero square in Fpk .
Question 8 Pick a random (with uniform distribution) U (x) among all polynomials Fp [x] having degree ≤ deg(A) − 1. What is the probability that one of
U
U
polynomials AU
0 , A1 , A−1 be a non-trivial factor of A ?
How many trials do we need on average to find such a non-trivial factor ?
Question 9 Give an upper bound for the number of elementary operations
U
U
that are necessary to compute AU
0 , A1 and A−1 . Deduce an estimate for the
complexity of the third step as a function of log p, k and deg(A).
We come back to the example in the previous section. So let C = x2 +38x+11
and F = A/C = x2 + 63x + 19.
F
V
W
K
:=
:=
:=
:=
A/C;
powermod(x,50,C);
gcd(poly(V-1,R),C);
C/W;
5
We obtain V = 89x + 75 and W = x + 78 and K = x + 61.
Question 10 Deduce the factorisation of A.
Question 11 Give the structure of the multiplicative group (Z/107Z)∗ . Give an
adapted generating set. Same question with (Z/10807Z)∗ . Same question with
(F2 [x]/A(x))∗ where A(x) = x7 + x6 + x5 + x + 1.
Question 12 Let p be a prime and let d be a positive integer. Set
2
d−1
Td (x) = x + xp + xp + · · · + xp .
Q
Let q = pd . Prove that xq − x = a∈Fp (Td (x) − a).
Deduce a variant of the third step that is valid for p = 2.
6