How do you discover an irreducible polynomial over a finite field that has a chosen degree?
$begingroup$
I'm would like to find a few polynomials of degree 127 irreducible over $mathbb{F}_2$ for use in constructing $GF(2^{127})$. This is because I'm thinking of trying to make my own version of AES-GCM that doesn't have the small-subgroup problem (because it currently uses $GF(2^{128})$). And since $2^{127}-1$ is a Mersenne Prime, every element except 1 and 0 will be a generator for the whole field under multiplication.
Are there any good techniques for discovering such polynomials quickly? I've been picking polynomials randomly and testing with Fermat's Little Theorem on a few randomly chosen field elements (aka does $a^{2^{127}-1} mod p = 1$ where $a$ is a polynomial with degree < 127 over $mathbb{F}_2[x]), a notin {0,1}$ and $p$ is my candidate polynomial?). Is there a better way? Are there any pitfalls for my way?
Please forgive me if I've stated things imprecisely or used the wrong terminology. I'm primarily a software engineer who's learned some abstract algebra because I like knowing the math stuff is based on rather than blindly implementing it.
field-theory finite-fields
$endgroup$
|
show 4 more comments
$begingroup$
I'm would like to find a few polynomials of degree 127 irreducible over $mathbb{F}_2$ for use in constructing $GF(2^{127})$. This is because I'm thinking of trying to make my own version of AES-GCM that doesn't have the small-subgroup problem (because it currently uses $GF(2^{128})$). And since $2^{127}-1$ is a Mersenne Prime, every element except 1 and 0 will be a generator for the whole field under multiplication.
Are there any good techniques for discovering such polynomials quickly? I've been picking polynomials randomly and testing with Fermat's Little Theorem on a few randomly chosen field elements (aka does $a^{2^{127}-1} mod p = 1$ where $a$ is a polynomial with degree < 127 over $mathbb{F}_2[x]), a notin {0,1}$ and $p$ is my candidate polynomial?). Is there a better way? Are there any pitfalls for my way?
Please forgive me if I've stated things imprecisely or used the wrong terminology. I'm primarily a software engineer who's learned some abstract algebra because I like knowing the math stuff is based on rather than blindly implementing it.
field-theory finite-fields
$endgroup$
$begingroup$
For what it's worth you have an explicit formula for the number of irreducible polynomials of degree $n$ over a field of order $q$ which involves Moebius function. From this, if you pick random polynomial of high degree then you have a fairly good change to end up with an irreducible polynomial. What is the degree of the polynomial you are picking? If this is low degree, maybe it is a good idea to directly make the list of all polynomials.
$endgroup$
– Clément Guérin
Mar 14 '18 at 3:30
$begingroup$
@ClémentGuérin - In order to construct a field that contains all the elements of $GF(2^{127})$ I need a polynomial of degree 128, correct?
$endgroup$
– Omnifarious
Mar 14 '18 at 3:35
2
$begingroup$
Ok, to test if a polynomial over a finite field is irreducible you can use Cantor-Zassenhaus algorithm see the Wikipedia page. You also have Berlekamp algorithm.
$endgroup$
– Clément Guérin
Mar 14 '18 at 3:53
2
$begingroup$
@ClémentGuérin Your computation is incorrect. I tried a simulation, with 1000 random polynomials of degree 127 over $mathbb F_2$, and only $8$ were irreducible. So maybe that $0.00787...$ should be the probability that it is irreducible. Well, I can see right away that the probability of being irreducible must be less than half, since if the constant term is $0$ it's certainly reducible.
$endgroup$
– Robert Israel
Mar 14 '18 at 4:52
1
$begingroup$
@RobertIsrael, the formula I have in mind is this one : math.stackexchange.com/questions/152880/…. You are right, thanks for checking! The number of irreducible polynomials is equivalent to $q^n/n$ when $n$ goes to infinity. Which obviously make the probability goes to $0$ when $n$ gets bigger. Sorry Omnifarious.
$endgroup$
– Clément Guérin
Mar 14 '18 at 7:08
|
show 4 more comments
$begingroup$
I'm would like to find a few polynomials of degree 127 irreducible over $mathbb{F}_2$ for use in constructing $GF(2^{127})$. This is because I'm thinking of trying to make my own version of AES-GCM that doesn't have the small-subgroup problem (because it currently uses $GF(2^{128})$). And since $2^{127}-1$ is a Mersenne Prime, every element except 1 and 0 will be a generator for the whole field under multiplication.
Are there any good techniques for discovering such polynomials quickly? I've been picking polynomials randomly and testing with Fermat's Little Theorem on a few randomly chosen field elements (aka does $a^{2^{127}-1} mod p = 1$ where $a$ is a polynomial with degree < 127 over $mathbb{F}_2[x]), a notin {0,1}$ and $p$ is my candidate polynomial?). Is there a better way? Are there any pitfalls for my way?
Please forgive me if I've stated things imprecisely or used the wrong terminology. I'm primarily a software engineer who's learned some abstract algebra because I like knowing the math stuff is based on rather than blindly implementing it.
field-theory finite-fields
$endgroup$
I'm would like to find a few polynomials of degree 127 irreducible over $mathbb{F}_2$ for use in constructing $GF(2^{127})$. This is because I'm thinking of trying to make my own version of AES-GCM that doesn't have the small-subgroup problem (because it currently uses $GF(2^{128})$). And since $2^{127}-1$ is a Mersenne Prime, every element except 1 and 0 will be a generator for the whole field under multiplication.
Are there any good techniques for discovering such polynomials quickly? I've been picking polynomials randomly and testing with Fermat's Little Theorem on a few randomly chosen field elements (aka does $a^{2^{127}-1} mod p = 1$ where $a$ is a polynomial with degree < 127 over $mathbb{F}_2[x]), a notin {0,1}$ and $p$ is my candidate polynomial?). Is there a better way? Are there any pitfalls for my way?
Please forgive me if I've stated things imprecisely or used the wrong terminology. I'm primarily a software engineer who's learned some abstract algebra because I like knowing the math stuff is based on rather than blindly implementing it.
field-theory finite-fields
field-theory finite-fields
edited Mar 16 '18 at 1:29
Omnifarious
asked Mar 14 '18 at 3:21
OmnifariousOmnifarious
1336
1336
$begingroup$
For what it's worth you have an explicit formula for the number of irreducible polynomials of degree $n$ over a field of order $q$ which involves Moebius function. From this, if you pick random polynomial of high degree then you have a fairly good change to end up with an irreducible polynomial. What is the degree of the polynomial you are picking? If this is low degree, maybe it is a good idea to directly make the list of all polynomials.
$endgroup$
– Clément Guérin
Mar 14 '18 at 3:30
$begingroup$
@ClémentGuérin - In order to construct a field that contains all the elements of $GF(2^{127})$ I need a polynomial of degree 128, correct?
$endgroup$
– Omnifarious
Mar 14 '18 at 3:35
2
$begingroup$
Ok, to test if a polynomial over a finite field is irreducible you can use Cantor-Zassenhaus algorithm see the Wikipedia page. You also have Berlekamp algorithm.
$endgroup$
– Clément Guérin
Mar 14 '18 at 3:53
2
$begingroup$
@ClémentGuérin Your computation is incorrect. I tried a simulation, with 1000 random polynomials of degree 127 over $mathbb F_2$, and only $8$ were irreducible. So maybe that $0.00787...$ should be the probability that it is irreducible. Well, I can see right away that the probability of being irreducible must be less than half, since if the constant term is $0$ it's certainly reducible.
$endgroup$
– Robert Israel
Mar 14 '18 at 4:52
1
$begingroup$
@RobertIsrael, the formula I have in mind is this one : math.stackexchange.com/questions/152880/…. You are right, thanks for checking! The number of irreducible polynomials is equivalent to $q^n/n$ when $n$ goes to infinity. Which obviously make the probability goes to $0$ when $n$ gets bigger. Sorry Omnifarious.
$endgroup$
– Clément Guérin
Mar 14 '18 at 7:08
|
show 4 more comments
$begingroup$
For what it's worth you have an explicit formula for the number of irreducible polynomials of degree $n$ over a field of order $q$ which involves Moebius function. From this, if you pick random polynomial of high degree then you have a fairly good change to end up with an irreducible polynomial. What is the degree of the polynomial you are picking? If this is low degree, maybe it is a good idea to directly make the list of all polynomials.
$endgroup$
– Clément Guérin
Mar 14 '18 at 3:30
$begingroup$
@ClémentGuérin - In order to construct a field that contains all the elements of $GF(2^{127})$ I need a polynomial of degree 128, correct?
$endgroup$
– Omnifarious
Mar 14 '18 at 3:35
2
$begingroup$
Ok, to test if a polynomial over a finite field is irreducible you can use Cantor-Zassenhaus algorithm see the Wikipedia page. You also have Berlekamp algorithm.
$endgroup$
– Clément Guérin
Mar 14 '18 at 3:53
2
$begingroup$
@ClémentGuérin Your computation is incorrect. I tried a simulation, with 1000 random polynomials of degree 127 over $mathbb F_2$, and only $8$ were irreducible. So maybe that $0.00787...$ should be the probability that it is irreducible. Well, I can see right away that the probability of being irreducible must be less than half, since if the constant term is $0$ it's certainly reducible.
$endgroup$
– Robert Israel
Mar 14 '18 at 4:52
1
$begingroup$
@RobertIsrael, the formula I have in mind is this one : math.stackexchange.com/questions/152880/…. You are right, thanks for checking! The number of irreducible polynomials is equivalent to $q^n/n$ when $n$ goes to infinity. Which obviously make the probability goes to $0$ when $n$ gets bigger. Sorry Omnifarious.
$endgroup$
– Clément Guérin
Mar 14 '18 at 7:08
$begingroup$
For what it's worth you have an explicit formula for the number of irreducible polynomials of degree $n$ over a field of order $q$ which involves Moebius function. From this, if you pick random polynomial of high degree then you have a fairly good change to end up with an irreducible polynomial. What is the degree of the polynomial you are picking? If this is low degree, maybe it is a good idea to directly make the list of all polynomials.
$endgroup$
– Clément Guérin
Mar 14 '18 at 3:30
$begingroup$
For what it's worth you have an explicit formula for the number of irreducible polynomials of degree $n$ over a field of order $q$ which involves Moebius function. From this, if you pick random polynomial of high degree then you have a fairly good change to end up with an irreducible polynomial. What is the degree of the polynomial you are picking? If this is low degree, maybe it is a good idea to directly make the list of all polynomials.
$endgroup$
– Clément Guérin
Mar 14 '18 at 3:30
$begingroup$
@ClémentGuérin - In order to construct a field that contains all the elements of $GF(2^{127})$ I need a polynomial of degree 128, correct?
$endgroup$
– Omnifarious
Mar 14 '18 at 3:35
$begingroup$
@ClémentGuérin - In order to construct a field that contains all the elements of $GF(2^{127})$ I need a polynomial of degree 128, correct?
$endgroup$
– Omnifarious
Mar 14 '18 at 3:35
2
2
$begingroup$
Ok, to test if a polynomial over a finite field is irreducible you can use Cantor-Zassenhaus algorithm see the Wikipedia page. You also have Berlekamp algorithm.
$endgroup$
– Clément Guérin
Mar 14 '18 at 3:53
$begingroup$
Ok, to test if a polynomial over a finite field is irreducible you can use Cantor-Zassenhaus algorithm see the Wikipedia page. You also have Berlekamp algorithm.
$endgroup$
– Clément Guérin
Mar 14 '18 at 3:53
2
2
$begingroup$
@ClémentGuérin Your computation is incorrect. I tried a simulation, with 1000 random polynomials of degree 127 over $mathbb F_2$, and only $8$ were irreducible. So maybe that $0.00787...$ should be the probability that it is irreducible. Well, I can see right away that the probability of being irreducible must be less than half, since if the constant term is $0$ it's certainly reducible.
$endgroup$
– Robert Israel
Mar 14 '18 at 4:52
$begingroup$
@ClémentGuérin Your computation is incorrect. I tried a simulation, with 1000 random polynomials of degree 127 over $mathbb F_2$, and only $8$ were irreducible. So maybe that $0.00787...$ should be the probability that it is irreducible. Well, I can see right away that the probability of being irreducible must be less than half, since if the constant term is $0$ it's certainly reducible.
$endgroup$
– Robert Israel
Mar 14 '18 at 4:52
1
1
$begingroup$
@RobertIsrael, the formula I have in mind is this one : math.stackexchange.com/questions/152880/…. You are right, thanks for checking! The number of irreducible polynomials is equivalent to $q^n/n$ when $n$ goes to infinity. Which obviously make the probability goes to $0$ when $n$ gets bigger. Sorry Omnifarious.
$endgroup$
– Clément Guérin
Mar 14 '18 at 7:08
$begingroup$
@RobertIsrael, the formula I have in mind is this one : math.stackexchange.com/questions/152880/…. You are right, thanks for checking! The number of irreducible polynomials is equivalent to $q^n/n$ when $n$ goes to infinity. Which obviously make the probability goes to $0$ when $n$ gets bigger. Sorry Omnifarious.
$endgroup$
– Clément Guérin
Mar 14 '18 at 7:08
|
show 4 more comments
2 Answers
2
active
oldest
votes
$begingroup$
I'm not sure whether this is what the OP had in mind, but here is one way of testing whether a given polynomial of degree $127$ from $GF(2)[x]$ is irreducible.
This relies on $127$ being a prime number, but some modifications could be made to work for other for non-primes also, I think. This is not for paper & pencil work, just a simple test you can do, if you have implemented arithmetic of polynomials with coefficients in $GF(2)$.
Input: A polynomial $p(x)in GF(2)[x]$ of degree $127$.
Goal: Determine whether $p(x)$ is irreducible over $GF(2)$.
Assumptions:
- I assume that $p(x)$ is square-free. In other words, there are no non-constant polynomials $q(x)in GF(2)[x]$ such that $q(x)^2mid p(x)$. This is easy to test. All you need to do is to calculate $gcd(p(x),p'(x))$ with the Euclidean algorithm. Here $p'(x)$ is the (formal) derivative of $p(x)$. If $q(x)^2mid p(x)$, then also $q(x)mid p'(x)$, and hence $q(x)$ is a common factor of $p(x)$ and $p'(x)$. So if the gcd is equal to one, then $p(x)$ is square-free. Otherwise we can immediately conclude that $p(x)$ is not irreducible.
- For simplicity we can also assume that $p(0)=1$. For otherwise $p(0)=0$, $x$ is a factor, and $p(x)$ is trivially not irreducible.
Claim (or the algorithm): The input polynomial $p(x)$ is irreducible in $GF(2)[x]$ if and only if
$$
x^{2^{127}}equiv xpmod {p(x)}.
$$
Here the remainder of $x^{2^{127}}$ modulo $p(x)$ can be efficiently calculated with repeated squaring. In other words we recursively define the sequence of polynomials $(r_n)$ of degrees $<127$ as follows:
$r_0(x)=x$,
if we have calculated $r_k(x)$, we then calculate $r_{k+1}(x)$ as the remainder of $r_k(x)^2$ modulo $p(x)$,
then $r_{127}(x)$ is the desired remainder.
Proof. This test shows that $p(x)$ is a factor of $S(x):=x^{2^{127}}-x$. Because $127$ is a prime, this implies that $p(x)$ is irreducible. All factors of $S(x)$ of degree $127$ are irreducible because $S(x)$ is known to be the product of all the irreducible polynomials of degrees that are factors of $127$. In the present case, the degrees of irreducible factors of $S(x)$ are thus $1$ or $127$, and all such irreducible polynomials appear.
Remarks. This is mostly about generalizing the above test to non-prime degrees.
- In the case of degree $127$ the square-free test was superfluous. It becomes necessary, if instead of degree $127$ we study the irreducibility of polynomials of non-prime degrees. See the next item.
- If, in the general case, $p(x)$ is a square-free polynomial of degree $m$, then it is a product of distinct irreducible factors, say
$$p(x)=p_1(x)p_2(x)cdots p_k(x).$$ In this case the Chinese Remainder Theorem tells us that the quotient ring
$$GF(2)[x]/langle p(x)ranglesimeq bigoplus_{i=1}^kGF(2)[x]/langle p_i(x)rangle.$$ Consequently $x^{2^ell}equiv xpmod {p(x)}$ if and only if $x^{2^ell}equiv xpmod{p_i(x)}$ for all $i=1,2,ldots,k$ if and only if $ell$ is divisible by the degrees $deg p_i(x)$ of all the irreducible factors. - From the previous remark we see that that if $m$ is the least common multiple of the degrees $deg p_i(x), i=1,2,ldots,k$, then the polynomial $p(x)$ passes the simple test of the main algorithm. We can soup up the algorithm by testing whether the polynomial $r_d(x)-x$ has a common factor with $p(x)$ for those values of $d$ such that $dmid m$. This will then catch $p(x)$ is reducible. Namely, if $p_i(x)$ is a factor of degree $d$, then $p_i(x)$ is a common factor of $p(x)$ and $x^{2^d}-x$, and will thus be a factor of $r_d(x)-x$.
- The OP discussed testing the remainder of $a^{2^{127}-1}$ modulo $p(x)$ for some generic element $ain GF(2^{127})setminus GF(2)$. I'm not sure what they wanted to do here, because without the irreducible polynomial $p(x)$ we may not have implemented the field $GF(2^{127})$ yet. The main algorithm uses the coset of $x$ modulo $p(x)$ as a generic element of a "candidate field" $GF(2)[x]/langle p(x)rangle$ much the same way, so in that sense the method works. Indeed, because $2^{127}-1$ is also a prime, the order of $x$ must be precisely $2^{127}-1$ in the positive cases.
$endgroup$
$begingroup$
@Omnifarious I chose to post this as another answer. It is quite distinct from the trickery of the other answer, so I think it is ok to keep it separate. I hope this answers your actual question. At least this is how I understood (or made sense of) the algorithm you proposed.
$endgroup$
– Jyrki Lahtonen
Mar 15 '18 at 22:21
$begingroup$
Thank you. :-) I tried to clarify what I meant since you're right, I didn't get my statement of what I was doing quite right. :-)
$endgroup$
– Omnifarious
Mar 16 '18 at 1:13
add a comment |
$begingroup$
In general this is difficult (in the sense that I don't know a general method for finding one), but with degree $127$ the following special trick springs to mind.
Consider the polynomial $L(x)=x^{128}+x^2+xin GF(2)[x]$. It is the linearized associate of the polynomial $m(x)=x^7+x+1$ (replace exponent $ell$ with $2^ell$ throughout to get the linearized associate). It is easy to verify that $m(x)$ is irreducible:
- It has no zeros in $GF(2)$ and hence no linear factors in $GF(2)[x]$.
- It is not divisible by the one and only irreducible quadratic $x^2+x+1$, because that is a factor of $x^3+1$ and hence also of $x^6+1$ and $x^7+x$.
- It is not divisible by either of the irreducible cubics, because those are factors of $x^7+1$.
The zeros of $m(x)$ are thus elements of $GF(2^7)$, and because $2^7-1=127$ is a prime those zeros have order $127$. Therefore $m(x)mid x^{127}-1$ in $GF(2)[x]$. Again, by the theory of linearized and conventional associates this implies that $$
L(x)mid x^{2^{127}}-x.
$$
Namely, if a polynomial divides another, then its linearized associate divides the linearized associate of the other even symbolically (= as an innermost composition factor), and hence
also in the polynomial ring.
But, $GF(2^{127})$ is well known to consist of the zeros of $p(x)=x^{2^{127}}-x$. Again, as $127$ is a prime, this implies that apart from the trivial factors $x$ and $x-1$ all the irreducible factors of $p(x)$ have degree $127$.
Drums, please. We just saw that
$$f(x)=L(x)/x=x^{127}+x+1$$
is a degree $127$ factor of $p(x)$. Hence it must be irreducible.
$endgroup$
$begingroup$
Because $x^7+x^3+1$ is also irreducible, a similar argument shows that $$x^{127}+x^7+1=frac1x(x^{2^7}+x^{2^3}+x^{2^0})$$ is another irreducible polynomial of degree $127$.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:35
$begingroup$
For basic facts about linearized polynomials I refer the interested reader to Chapter 3.4 of Lidl & Niederreiter.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:41
$begingroup$
It's going to take me a little while to wrap my head around this. Is there anything wrong with my "Femat's Little Theorem" based method of testing? I realize it's probabilistic, but shouldn't it generally work well if you try enough different values for $a$?
$endgroup$
– Omnifarious
Mar 14 '18 at 16:05
$begingroup$
According to Maple, $x^{127} + x^k + 1$ is irreducible over $mathbb F_2$ for $k = 1, 7, 15, 30, 63, 64, 97, 112, 120$, and $126$.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:15
$begingroup$
See also OEIS sequence A278573 and references there.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:30
|
show 4 more comments
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "69"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f2690289%2fhow-do-you-discover-an-irreducible-polynomial-over-a-finite-field-that-has-a-cho%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
I'm not sure whether this is what the OP had in mind, but here is one way of testing whether a given polynomial of degree $127$ from $GF(2)[x]$ is irreducible.
This relies on $127$ being a prime number, but some modifications could be made to work for other for non-primes also, I think. This is not for paper & pencil work, just a simple test you can do, if you have implemented arithmetic of polynomials with coefficients in $GF(2)$.
Input: A polynomial $p(x)in GF(2)[x]$ of degree $127$.
Goal: Determine whether $p(x)$ is irreducible over $GF(2)$.
Assumptions:
- I assume that $p(x)$ is square-free. In other words, there are no non-constant polynomials $q(x)in GF(2)[x]$ such that $q(x)^2mid p(x)$. This is easy to test. All you need to do is to calculate $gcd(p(x),p'(x))$ with the Euclidean algorithm. Here $p'(x)$ is the (formal) derivative of $p(x)$. If $q(x)^2mid p(x)$, then also $q(x)mid p'(x)$, and hence $q(x)$ is a common factor of $p(x)$ and $p'(x)$. So if the gcd is equal to one, then $p(x)$ is square-free. Otherwise we can immediately conclude that $p(x)$ is not irreducible.
- For simplicity we can also assume that $p(0)=1$. For otherwise $p(0)=0$, $x$ is a factor, and $p(x)$ is trivially not irreducible.
Claim (or the algorithm): The input polynomial $p(x)$ is irreducible in $GF(2)[x]$ if and only if
$$
x^{2^{127}}equiv xpmod {p(x)}.
$$
Here the remainder of $x^{2^{127}}$ modulo $p(x)$ can be efficiently calculated with repeated squaring. In other words we recursively define the sequence of polynomials $(r_n)$ of degrees $<127$ as follows:
$r_0(x)=x$,
if we have calculated $r_k(x)$, we then calculate $r_{k+1}(x)$ as the remainder of $r_k(x)^2$ modulo $p(x)$,
then $r_{127}(x)$ is the desired remainder.
Proof. This test shows that $p(x)$ is a factor of $S(x):=x^{2^{127}}-x$. Because $127$ is a prime, this implies that $p(x)$ is irreducible. All factors of $S(x)$ of degree $127$ are irreducible because $S(x)$ is known to be the product of all the irreducible polynomials of degrees that are factors of $127$. In the present case, the degrees of irreducible factors of $S(x)$ are thus $1$ or $127$, and all such irreducible polynomials appear.
Remarks. This is mostly about generalizing the above test to non-prime degrees.
- In the case of degree $127$ the square-free test was superfluous. It becomes necessary, if instead of degree $127$ we study the irreducibility of polynomials of non-prime degrees. See the next item.
- If, in the general case, $p(x)$ is a square-free polynomial of degree $m$, then it is a product of distinct irreducible factors, say
$$p(x)=p_1(x)p_2(x)cdots p_k(x).$$ In this case the Chinese Remainder Theorem tells us that the quotient ring
$$GF(2)[x]/langle p(x)ranglesimeq bigoplus_{i=1}^kGF(2)[x]/langle p_i(x)rangle.$$ Consequently $x^{2^ell}equiv xpmod {p(x)}$ if and only if $x^{2^ell}equiv xpmod{p_i(x)}$ for all $i=1,2,ldots,k$ if and only if $ell$ is divisible by the degrees $deg p_i(x)$ of all the irreducible factors. - From the previous remark we see that that if $m$ is the least common multiple of the degrees $deg p_i(x), i=1,2,ldots,k$, then the polynomial $p(x)$ passes the simple test of the main algorithm. We can soup up the algorithm by testing whether the polynomial $r_d(x)-x$ has a common factor with $p(x)$ for those values of $d$ such that $dmid m$. This will then catch $p(x)$ is reducible. Namely, if $p_i(x)$ is a factor of degree $d$, then $p_i(x)$ is a common factor of $p(x)$ and $x^{2^d}-x$, and will thus be a factor of $r_d(x)-x$.
- The OP discussed testing the remainder of $a^{2^{127}-1}$ modulo $p(x)$ for some generic element $ain GF(2^{127})setminus GF(2)$. I'm not sure what they wanted to do here, because without the irreducible polynomial $p(x)$ we may not have implemented the field $GF(2^{127})$ yet. The main algorithm uses the coset of $x$ modulo $p(x)$ as a generic element of a "candidate field" $GF(2)[x]/langle p(x)rangle$ much the same way, so in that sense the method works. Indeed, because $2^{127}-1$ is also a prime, the order of $x$ must be precisely $2^{127}-1$ in the positive cases.
$endgroup$
$begingroup$
@Omnifarious I chose to post this as another answer. It is quite distinct from the trickery of the other answer, so I think it is ok to keep it separate. I hope this answers your actual question. At least this is how I understood (or made sense of) the algorithm you proposed.
$endgroup$
– Jyrki Lahtonen
Mar 15 '18 at 22:21
$begingroup$
Thank you. :-) I tried to clarify what I meant since you're right, I didn't get my statement of what I was doing quite right. :-)
$endgroup$
– Omnifarious
Mar 16 '18 at 1:13
add a comment |
$begingroup$
I'm not sure whether this is what the OP had in mind, but here is one way of testing whether a given polynomial of degree $127$ from $GF(2)[x]$ is irreducible.
This relies on $127$ being a prime number, but some modifications could be made to work for other for non-primes also, I think. This is not for paper & pencil work, just a simple test you can do, if you have implemented arithmetic of polynomials with coefficients in $GF(2)$.
Input: A polynomial $p(x)in GF(2)[x]$ of degree $127$.
Goal: Determine whether $p(x)$ is irreducible over $GF(2)$.
Assumptions:
- I assume that $p(x)$ is square-free. In other words, there are no non-constant polynomials $q(x)in GF(2)[x]$ such that $q(x)^2mid p(x)$. This is easy to test. All you need to do is to calculate $gcd(p(x),p'(x))$ with the Euclidean algorithm. Here $p'(x)$ is the (formal) derivative of $p(x)$. If $q(x)^2mid p(x)$, then also $q(x)mid p'(x)$, and hence $q(x)$ is a common factor of $p(x)$ and $p'(x)$. So if the gcd is equal to one, then $p(x)$ is square-free. Otherwise we can immediately conclude that $p(x)$ is not irreducible.
- For simplicity we can also assume that $p(0)=1$. For otherwise $p(0)=0$, $x$ is a factor, and $p(x)$ is trivially not irreducible.
Claim (or the algorithm): The input polynomial $p(x)$ is irreducible in $GF(2)[x]$ if and only if
$$
x^{2^{127}}equiv xpmod {p(x)}.
$$
Here the remainder of $x^{2^{127}}$ modulo $p(x)$ can be efficiently calculated with repeated squaring. In other words we recursively define the sequence of polynomials $(r_n)$ of degrees $<127$ as follows:
$r_0(x)=x$,
if we have calculated $r_k(x)$, we then calculate $r_{k+1}(x)$ as the remainder of $r_k(x)^2$ modulo $p(x)$,
then $r_{127}(x)$ is the desired remainder.
Proof. This test shows that $p(x)$ is a factor of $S(x):=x^{2^{127}}-x$. Because $127$ is a prime, this implies that $p(x)$ is irreducible. All factors of $S(x)$ of degree $127$ are irreducible because $S(x)$ is known to be the product of all the irreducible polynomials of degrees that are factors of $127$. In the present case, the degrees of irreducible factors of $S(x)$ are thus $1$ or $127$, and all such irreducible polynomials appear.
Remarks. This is mostly about generalizing the above test to non-prime degrees.
- In the case of degree $127$ the square-free test was superfluous. It becomes necessary, if instead of degree $127$ we study the irreducibility of polynomials of non-prime degrees. See the next item.
- If, in the general case, $p(x)$ is a square-free polynomial of degree $m$, then it is a product of distinct irreducible factors, say
$$p(x)=p_1(x)p_2(x)cdots p_k(x).$$ In this case the Chinese Remainder Theorem tells us that the quotient ring
$$GF(2)[x]/langle p(x)ranglesimeq bigoplus_{i=1}^kGF(2)[x]/langle p_i(x)rangle.$$ Consequently $x^{2^ell}equiv xpmod {p(x)}$ if and only if $x^{2^ell}equiv xpmod{p_i(x)}$ for all $i=1,2,ldots,k$ if and only if $ell$ is divisible by the degrees $deg p_i(x)$ of all the irreducible factors. - From the previous remark we see that that if $m$ is the least common multiple of the degrees $deg p_i(x), i=1,2,ldots,k$, then the polynomial $p(x)$ passes the simple test of the main algorithm. We can soup up the algorithm by testing whether the polynomial $r_d(x)-x$ has a common factor with $p(x)$ for those values of $d$ such that $dmid m$. This will then catch $p(x)$ is reducible. Namely, if $p_i(x)$ is a factor of degree $d$, then $p_i(x)$ is a common factor of $p(x)$ and $x^{2^d}-x$, and will thus be a factor of $r_d(x)-x$.
- The OP discussed testing the remainder of $a^{2^{127}-1}$ modulo $p(x)$ for some generic element $ain GF(2^{127})setminus GF(2)$. I'm not sure what they wanted to do here, because without the irreducible polynomial $p(x)$ we may not have implemented the field $GF(2^{127})$ yet. The main algorithm uses the coset of $x$ modulo $p(x)$ as a generic element of a "candidate field" $GF(2)[x]/langle p(x)rangle$ much the same way, so in that sense the method works. Indeed, because $2^{127}-1$ is also a prime, the order of $x$ must be precisely $2^{127}-1$ in the positive cases.
$endgroup$
$begingroup$
@Omnifarious I chose to post this as another answer. It is quite distinct from the trickery of the other answer, so I think it is ok to keep it separate. I hope this answers your actual question. At least this is how I understood (or made sense of) the algorithm you proposed.
$endgroup$
– Jyrki Lahtonen
Mar 15 '18 at 22:21
$begingroup$
Thank you. :-) I tried to clarify what I meant since you're right, I didn't get my statement of what I was doing quite right. :-)
$endgroup$
– Omnifarious
Mar 16 '18 at 1:13
add a comment |
$begingroup$
I'm not sure whether this is what the OP had in mind, but here is one way of testing whether a given polynomial of degree $127$ from $GF(2)[x]$ is irreducible.
This relies on $127$ being a prime number, but some modifications could be made to work for other for non-primes also, I think. This is not for paper & pencil work, just a simple test you can do, if you have implemented arithmetic of polynomials with coefficients in $GF(2)$.
Input: A polynomial $p(x)in GF(2)[x]$ of degree $127$.
Goal: Determine whether $p(x)$ is irreducible over $GF(2)$.
Assumptions:
- I assume that $p(x)$ is square-free. In other words, there are no non-constant polynomials $q(x)in GF(2)[x]$ such that $q(x)^2mid p(x)$. This is easy to test. All you need to do is to calculate $gcd(p(x),p'(x))$ with the Euclidean algorithm. Here $p'(x)$ is the (formal) derivative of $p(x)$. If $q(x)^2mid p(x)$, then also $q(x)mid p'(x)$, and hence $q(x)$ is a common factor of $p(x)$ and $p'(x)$. So if the gcd is equal to one, then $p(x)$ is square-free. Otherwise we can immediately conclude that $p(x)$ is not irreducible.
- For simplicity we can also assume that $p(0)=1$. For otherwise $p(0)=0$, $x$ is a factor, and $p(x)$ is trivially not irreducible.
Claim (or the algorithm): The input polynomial $p(x)$ is irreducible in $GF(2)[x]$ if and only if
$$
x^{2^{127}}equiv xpmod {p(x)}.
$$
Here the remainder of $x^{2^{127}}$ modulo $p(x)$ can be efficiently calculated with repeated squaring. In other words we recursively define the sequence of polynomials $(r_n)$ of degrees $<127$ as follows:
$r_0(x)=x$,
if we have calculated $r_k(x)$, we then calculate $r_{k+1}(x)$ as the remainder of $r_k(x)^2$ modulo $p(x)$,
then $r_{127}(x)$ is the desired remainder.
Proof. This test shows that $p(x)$ is a factor of $S(x):=x^{2^{127}}-x$. Because $127$ is a prime, this implies that $p(x)$ is irreducible. All factors of $S(x)$ of degree $127$ are irreducible because $S(x)$ is known to be the product of all the irreducible polynomials of degrees that are factors of $127$. In the present case, the degrees of irreducible factors of $S(x)$ are thus $1$ or $127$, and all such irreducible polynomials appear.
Remarks. This is mostly about generalizing the above test to non-prime degrees.
- In the case of degree $127$ the square-free test was superfluous. It becomes necessary, if instead of degree $127$ we study the irreducibility of polynomials of non-prime degrees. See the next item.
- If, in the general case, $p(x)$ is a square-free polynomial of degree $m$, then it is a product of distinct irreducible factors, say
$$p(x)=p_1(x)p_2(x)cdots p_k(x).$$ In this case the Chinese Remainder Theorem tells us that the quotient ring
$$GF(2)[x]/langle p(x)ranglesimeq bigoplus_{i=1}^kGF(2)[x]/langle p_i(x)rangle.$$ Consequently $x^{2^ell}equiv xpmod {p(x)}$ if and only if $x^{2^ell}equiv xpmod{p_i(x)}$ for all $i=1,2,ldots,k$ if and only if $ell$ is divisible by the degrees $deg p_i(x)$ of all the irreducible factors. - From the previous remark we see that that if $m$ is the least common multiple of the degrees $deg p_i(x), i=1,2,ldots,k$, then the polynomial $p(x)$ passes the simple test of the main algorithm. We can soup up the algorithm by testing whether the polynomial $r_d(x)-x$ has a common factor with $p(x)$ for those values of $d$ such that $dmid m$. This will then catch $p(x)$ is reducible. Namely, if $p_i(x)$ is a factor of degree $d$, then $p_i(x)$ is a common factor of $p(x)$ and $x^{2^d}-x$, and will thus be a factor of $r_d(x)-x$.
- The OP discussed testing the remainder of $a^{2^{127}-1}$ modulo $p(x)$ for some generic element $ain GF(2^{127})setminus GF(2)$. I'm not sure what they wanted to do here, because without the irreducible polynomial $p(x)$ we may not have implemented the field $GF(2^{127})$ yet. The main algorithm uses the coset of $x$ modulo $p(x)$ as a generic element of a "candidate field" $GF(2)[x]/langle p(x)rangle$ much the same way, so in that sense the method works. Indeed, because $2^{127}-1$ is also a prime, the order of $x$ must be precisely $2^{127}-1$ in the positive cases.
$endgroup$
I'm not sure whether this is what the OP had in mind, but here is one way of testing whether a given polynomial of degree $127$ from $GF(2)[x]$ is irreducible.
This relies on $127$ being a prime number, but some modifications could be made to work for other for non-primes also, I think. This is not for paper & pencil work, just a simple test you can do, if you have implemented arithmetic of polynomials with coefficients in $GF(2)$.
Input: A polynomial $p(x)in GF(2)[x]$ of degree $127$.
Goal: Determine whether $p(x)$ is irreducible over $GF(2)$.
Assumptions:
- I assume that $p(x)$ is square-free. In other words, there are no non-constant polynomials $q(x)in GF(2)[x]$ such that $q(x)^2mid p(x)$. This is easy to test. All you need to do is to calculate $gcd(p(x),p'(x))$ with the Euclidean algorithm. Here $p'(x)$ is the (formal) derivative of $p(x)$. If $q(x)^2mid p(x)$, then also $q(x)mid p'(x)$, and hence $q(x)$ is a common factor of $p(x)$ and $p'(x)$. So if the gcd is equal to one, then $p(x)$ is square-free. Otherwise we can immediately conclude that $p(x)$ is not irreducible.
- For simplicity we can also assume that $p(0)=1$. For otherwise $p(0)=0$, $x$ is a factor, and $p(x)$ is trivially not irreducible.
Claim (or the algorithm): The input polynomial $p(x)$ is irreducible in $GF(2)[x]$ if and only if
$$
x^{2^{127}}equiv xpmod {p(x)}.
$$
Here the remainder of $x^{2^{127}}$ modulo $p(x)$ can be efficiently calculated with repeated squaring. In other words we recursively define the sequence of polynomials $(r_n)$ of degrees $<127$ as follows:
$r_0(x)=x$,
if we have calculated $r_k(x)$, we then calculate $r_{k+1}(x)$ as the remainder of $r_k(x)^2$ modulo $p(x)$,
then $r_{127}(x)$ is the desired remainder.
Proof. This test shows that $p(x)$ is a factor of $S(x):=x^{2^{127}}-x$. Because $127$ is a prime, this implies that $p(x)$ is irreducible. All factors of $S(x)$ of degree $127$ are irreducible because $S(x)$ is known to be the product of all the irreducible polynomials of degrees that are factors of $127$. In the present case, the degrees of irreducible factors of $S(x)$ are thus $1$ or $127$, and all such irreducible polynomials appear.
Remarks. This is mostly about generalizing the above test to non-prime degrees.
- In the case of degree $127$ the square-free test was superfluous. It becomes necessary, if instead of degree $127$ we study the irreducibility of polynomials of non-prime degrees. See the next item.
- If, in the general case, $p(x)$ is a square-free polynomial of degree $m$, then it is a product of distinct irreducible factors, say
$$p(x)=p_1(x)p_2(x)cdots p_k(x).$$ In this case the Chinese Remainder Theorem tells us that the quotient ring
$$GF(2)[x]/langle p(x)ranglesimeq bigoplus_{i=1}^kGF(2)[x]/langle p_i(x)rangle.$$ Consequently $x^{2^ell}equiv xpmod {p(x)}$ if and only if $x^{2^ell}equiv xpmod{p_i(x)}$ for all $i=1,2,ldots,k$ if and only if $ell$ is divisible by the degrees $deg p_i(x)$ of all the irreducible factors. - From the previous remark we see that that if $m$ is the least common multiple of the degrees $deg p_i(x), i=1,2,ldots,k$, then the polynomial $p(x)$ passes the simple test of the main algorithm. We can soup up the algorithm by testing whether the polynomial $r_d(x)-x$ has a common factor with $p(x)$ for those values of $d$ such that $dmid m$. This will then catch $p(x)$ is reducible. Namely, if $p_i(x)$ is a factor of degree $d$, then $p_i(x)$ is a common factor of $p(x)$ and $x^{2^d}-x$, and will thus be a factor of $r_d(x)-x$.
- The OP discussed testing the remainder of $a^{2^{127}-1}$ modulo $p(x)$ for some generic element $ain GF(2^{127})setminus GF(2)$. I'm not sure what they wanted to do here, because without the irreducible polynomial $p(x)$ we may not have implemented the field $GF(2^{127})$ yet. The main algorithm uses the coset of $x$ modulo $p(x)$ as a generic element of a "candidate field" $GF(2)[x]/langle p(x)rangle$ much the same way, so in that sense the method works. Indeed, because $2^{127}-1$ is also a prime, the order of $x$ must be precisely $2^{127}-1$ in the positive cases.
edited Dec 24 '18 at 4:37
answered Mar 15 '18 at 22:18
Jyrki LahtonenJyrki Lahtonen
110k13171381
110k13171381
$begingroup$
@Omnifarious I chose to post this as another answer. It is quite distinct from the trickery of the other answer, so I think it is ok to keep it separate. I hope this answers your actual question. At least this is how I understood (or made sense of) the algorithm you proposed.
$endgroup$
– Jyrki Lahtonen
Mar 15 '18 at 22:21
$begingroup$
Thank you. :-) I tried to clarify what I meant since you're right, I didn't get my statement of what I was doing quite right. :-)
$endgroup$
– Omnifarious
Mar 16 '18 at 1:13
add a comment |
$begingroup$
@Omnifarious I chose to post this as another answer. It is quite distinct from the trickery of the other answer, so I think it is ok to keep it separate. I hope this answers your actual question. At least this is how I understood (or made sense of) the algorithm you proposed.
$endgroup$
– Jyrki Lahtonen
Mar 15 '18 at 22:21
$begingroup$
Thank you. :-) I tried to clarify what I meant since you're right, I didn't get my statement of what I was doing quite right. :-)
$endgroup$
– Omnifarious
Mar 16 '18 at 1:13
$begingroup$
@Omnifarious I chose to post this as another answer. It is quite distinct from the trickery of the other answer, so I think it is ok to keep it separate. I hope this answers your actual question. At least this is how I understood (or made sense of) the algorithm you proposed.
$endgroup$
– Jyrki Lahtonen
Mar 15 '18 at 22:21
$begingroup$
@Omnifarious I chose to post this as another answer. It is quite distinct from the trickery of the other answer, so I think it is ok to keep it separate. I hope this answers your actual question. At least this is how I understood (or made sense of) the algorithm you proposed.
$endgroup$
– Jyrki Lahtonen
Mar 15 '18 at 22:21
$begingroup$
Thank you. :-) I tried to clarify what I meant since you're right, I didn't get my statement of what I was doing quite right. :-)
$endgroup$
– Omnifarious
Mar 16 '18 at 1:13
$begingroup$
Thank you. :-) I tried to clarify what I meant since you're right, I didn't get my statement of what I was doing quite right. :-)
$endgroup$
– Omnifarious
Mar 16 '18 at 1:13
add a comment |
$begingroup$
In general this is difficult (in the sense that I don't know a general method for finding one), but with degree $127$ the following special trick springs to mind.
Consider the polynomial $L(x)=x^{128}+x^2+xin GF(2)[x]$. It is the linearized associate of the polynomial $m(x)=x^7+x+1$ (replace exponent $ell$ with $2^ell$ throughout to get the linearized associate). It is easy to verify that $m(x)$ is irreducible:
- It has no zeros in $GF(2)$ and hence no linear factors in $GF(2)[x]$.
- It is not divisible by the one and only irreducible quadratic $x^2+x+1$, because that is a factor of $x^3+1$ and hence also of $x^6+1$ and $x^7+x$.
- It is not divisible by either of the irreducible cubics, because those are factors of $x^7+1$.
The zeros of $m(x)$ are thus elements of $GF(2^7)$, and because $2^7-1=127$ is a prime those zeros have order $127$. Therefore $m(x)mid x^{127}-1$ in $GF(2)[x]$. Again, by the theory of linearized and conventional associates this implies that $$
L(x)mid x^{2^{127}}-x.
$$
Namely, if a polynomial divides another, then its linearized associate divides the linearized associate of the other even symbolically (= as an innermost composition factor), and hence
also in the polynomial ring.
But, $GF(2^{127})$ is well known to consist of the zeros of $p(x)=x^{2^{127}}-x$. Again, as $127$ is a prime, this implies that apart from the trivial factors $x$ and $x-1$ all the irreducible factors of $p(x)$ have degree $127$.
Drums, please. We just saw that
$$f(x)=L(x)/x=x^{127}+x+1$$
is a degree $127$ factor of $p(x)$. Hence it must be irreducible.
$endgroup$
$begingroup$
Because $x^7+x^3+1$ is also irreducible, a similar argument shows that $$x^{127}+x^7+1=frac1x(x^{2^7}+x^{2^3}+x^{2^0})$$ is another irreducible polynomial of degree $127$.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:35
$begingroup$
For basic facts about linearized polynomials I refer the interested reader to Chapter 3.4 of Lidl & Niederreiter.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:41
$begingroup$
It's going to take me a little while to wrap my head around this. Is there anything wrong with my "Femat's Little Theorem" based method of testing? I realize it's probabilistic, but shouldn't it generally work well if you try enough different values for $a$?
$endgroup$
– Omnifarious
Mar 14 '18 at 16:05
$begingroup$
According to Maple, $x^{127} + x^k + 1$ is irreducible over $mathbb F_2$ for $k = 1, 7, 15, 30, 63, 64, 97, 112, 120$, and $126$.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:15
$begingroup$
See also OEIS sequence A278573 and references there.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:30
|
show 4 more comments
$begingroup$
In general this is difficult (in the sense that I don't know a general method for finding one), but with degree $127$ the following special trick springs to mind.
Consider the polynomial $L(x)=x^{128}+x^2+xin GF(2)[x]$. It is the linearized associate of the polynomial $m(x)=x^7+x+1$ (replace exponent $ell$ with $2^ell$ throughout to get the linearized associate). It is easy to verify that $m(x)$ is irreducible:
- It has no zeros in $GF(2)$ and hence no linear factors in $GF(2)[x]$.
- It is not divisible by the one and only irreducible quadratic $x^2+x+1$, because that is a factor of $x^3+1$ and hence also of $x^6+1$ and $x^7+x$.
- It is not divisible by either of the irreducible cubics, because those are factors of $x^7+1$.
The zeros of $m(x)$ are thus elements of $GF(2^7)$, and because $2^7-1=127$ is a prime those zeros have order $127$. Therefore $m(x)mid x^{127}-1$ in $GF(2)[x]$. Again, by the theory of linearized and conventional associates this implies that $$
L(x)mid x^{2^{127}}-x.
$$
Namely, if a polynomial divides another, then its linearized associate divides the linearized associate of the other even symbolically (= as an innermost composition factor), and hence
also in the polynomial ring.
But, $GF(2^{127})$ is well known to consist of the zeros of $p(x)=x^{2^{127}}-x$. Again, as $127$ is a prime, this implies that apart from the trivial factors $x$ and $x-1$ all the irreducible factors of $p(x)$ have degree $127$.
Drums, please. We just saw that
$$f(x)=L(x)/x=x^{127}+x+1$$
is a degree $127$ factor of $p(x)$. Hence it must be irreducible.
$endgroup$
$begingroup$
Because $x^7+x^3+1$ is also irreducible, a similar argument shows that $$x^{127}+x^7+1=frac1x(x^{2^7}+x^{2^3}+x^{2^0})$$ is another irreducible polynomial of degree $127$.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:35
$begingroup$
For basic facts about linearized polynomials I refer the interested reader to Chapter 3.4 of Lidl & Niederreiter.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:41
$begingroup$
It's going to take me a little while to wrap my head around this. Is there anything wrong with my "Femat's Little Theorem" based method of testing? I realize it's probabilistic, but shouldn't it generally work well if you try enough different values for $a$?
$endgroup$
– Omnifarious
Mar 14 '18 at 16:05
$begingroup$
According to Maple, $x^{127} + x^k + 1$ is irreducible over $mathbb F_2$ for $k = 1, 7, 15, 30, 63, 64, 97, 112, 120$, and $126$.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:15
$begingroup$
See also OEIS sequence A278573 and references there.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:30
|
show 4 more comments
$begingroup$
In general this is difficult (in the sense that I don't know a general method for finding one), but with degree $127$ the following special trick springs to mind.
Consider the polynomial $L(x)=x^{128}+x^2+xin GF(2)[x]$. It is the linearized associate of the polynomial $m(x)=x^7+x+1$ (replace exponent $ell$ with $2^ell$ throughout to get the linearized associate). It is easy to verify that $m(x)$ is irreducible:
- It has no zeros in $GF(2)$ and hence no linear factors in $GF(2)[x]$.
- It is not divisible by the one and only irreducible quadratic $x^2+x+1$, because that is a factor of $x^3+1$ and hence also of $x^6+1$ and $x^7+x$.
- It is not divisible by either of the irreducible cubics, because those are factors of $x^7+1$.
The zeros of $m(x)$ are thus elements of $GF(2^7)$, and because $2^7-1=127$ is a prime those zeros have order $127$. Therefore $m(x)mid x^{127}-1$ in $GF(2)[x]$. Again, by the theory of linearized and conventional associates this implies that $$
L(x)mid x^{2^{127}}-x.
$$
Namely, if a polynomial divides another, then its linearized associate divides the linearized associate of the other even symbolically (= as an innermost composition factor), and hence
also in the polynomial ring.
But, $GF(2^{127})$ is well known to consist of the zeros of $p(x)=x^{2^{127}}-x$. Again, as $127$ is a prime, this implies that apart from the trivial factors $x$ and $x-1$ all the irreducible factors of $p(x)$ have degree $127$.
Drums, please. We just saw that
$$f(x)=L(x)/x=x^{127}+x+1$$
is a degree $127$ factor of $p(x)$. Hence it must be irreducible.
$endgroup$
In general this is difficult (in the sense that I don't know a general method for finding one), but with degree $127$ the following special trick springs to mind.
Consider the polynomial $L(x)=x^{128}+x^2+xin GF(2)[x]$. It is the linearized associate of the polynomial $m(x)=x^7+x+1$ (replace exponent $ell$ with $2^ell$ throughout to get the linearized associate). It is easy to verify that $m(x)$ is irreducible:
- It has no zeros in $GF(2)$ and hence no linear factors in $GF(2)[x]$.
- It is not divisible by the one and only irreducible quadratic $x^2+x+1$, because that is a factor of $x^3+1$ and hence also of $x^6+1$ and $x^7+x$.
- It is not divisible by either of the irreducible cubics, because those are factors of $x^7+1$.
The zeros of $m(x)$ are thus elements of $GF(2^7)$, and because $2^7-1=127$ is a prime those zeros have order $127$. Therefore $m(x)mid x^{127}-1$ in $GF(2)[x]$. Again, by the theory of linearized and conventional associates this implies that $$
L(x)mid x^{2^{127}}-x.
$$
Namely, if a polynomial divides another, then its linearized associate divides the linearized associate of the other even symbolically (= as an innermost composition factor), and hence
also in the polynomial ring.
But, $GF(2^{127})$ is well known to consist of the zeros of $p(x)=x^{2^{127}}-x$. Again, as $127$ is a prime, this implies that apart from the trivial factors $x$ and $x-1$ all the irreducible factors of $p(x)$ have degree $127$.
Drums, please. We just saw that
$$f(x)=L(x)/x=x^{127}+x+1$$
is a degree $127$ factor of $p(x)$. Hence it must be irreducible.
edited Mar 14 '18 at 15:49
answered Mar 14 '18 at 15:31
Jyrki LahtonenJyrki Lahtonen
110k13171381
110k13171381
$begingroup$
Because $x^7+x^3+1$ is also irreducible, a similar argument shows that $$x^{127}+x^7+1=frac1x(x^{2^7}+x^{2^3}+x^{2^0})$$ is another irreducible polynomial of degree $127$.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:35
$begingroup$
For basic facts about linearized polynomials I refer the interested reader to Chapter 3.4 of Lidl & Niederreiter.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:41
$begingroup$
It's going to take me a little while to wrap my head around this. Is there anything wrong with my "Femat's Little Theorem" based method of testing? I realize it's probabilistic, but shouldn't it generally work well if you try enough different values for $a$?
$endgroup$
– Omnifarious
Mar 14 '18 at 16:05
$begingroup$
According to Maple, $x^{127} + x^k + 1$ is irreducible over $mathbb F_2$ for $k = 1, 7, 15, 30, 63, 64, 97, 112, 120$, and $126$.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:15
$begingroup$
See also OEIS sequence A278573 and references there.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:30
|
show 4 more comments
$begingroup$
Because $x^7+x^3+1$ is also irreducible, a similar argument shows that $$x^{127}+x^7+1=frac1x(x^{2^7}+x^{2^3}+x^{2^0})$$ is another irreducible polynomial of degree $127$.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:35
$begingroup$
For basic facts about linearized polynomials I refer the interested reader to Chapter 3.4 of Lidl & Niederreiter.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:41
$begingroup$
It's going to take me a little while to wrap my head around this. Is there anything wrong with my "Femat's Little Theorem" based method of testing? I realize it's probabilistic, but shouldn't it generally work well if you try enough different values for $a$?
$endgroup$
– Omnifarious
Mar 14 '18 at 16:05
$begingroup$
According to Maple, $x^{127} + x^k + 1$ is irreducible over $mathbb F_2$ for $k = 1, 7, 15, 30, 63, 64, 97, 112, 120$, and $126$.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:15
$begingroup$
See also OEIS sequence A278573 and references there.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:30
$begingroup$
Because $x^7+x^3+1$ is also irreducible, a similar argument shows that $$x^{127}+x^7+1=frac1x(x^{2^7}+x^{2^3}+x^{2^0})$$ is another irreducible polynomial of degree $127$.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:35
$begingroup$
Because $x^7+x^3+1$ is also irreducible, a similar argument shows that $$x^{127}+x^7+1=frac1x(x^{2^7}+x^{2^3}+x^{2^0})$$ is another irreducible polynomial of degree $127$.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:35
$begingroup$
For basic facts about linearized polynomials I refer the interested reader to Chapter 3.4 of Lidl & Niederreiter.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:41
$begingroup$
For basic facts about linearized polynomials I refer the interested reader to Chapter 3.4 of Lidl & Niederreiter.
$endgroup$
– Jyrki Lahtonen
Mar 14 '18 at 15:41
$begingroup$
It's going to take me a little while to wrap my head around this. Is there anything wrong with my "Femat's Little Theorem" based method of testing? I realize it's probabilistic, but shouldn't it generally work well if you try enough different values for $a$?
$endgroup$
– Omnifarious
Mar 14 '18 at 16:05
$begingroup$
It's going to take me a little while to wrap my head around this. Is there anything wrong with my "Femat's Little Theorem" based method of testing? I realize it's probabilistic, but shouldn't it generally work well if you try enough different values for $a$?
$endgroup$
– Omnifarious
Mar 14 '18 at 16:05
$begingroup$
According to Maple, $x^{127} + x^k + 1$ is irreducible over $mathbb F_2$ for $k = 1, 7, 15, 30, 63, 64, 97, 112, 120$, and $126$.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:15
$begingroup$
According to Maple, $x^{127} + x^k + 1$ is irreducible over $mathbb F_2$ for $k = 1, 7, 15, 30, 63, 64, 97, 112, 120$, and $126$.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:15
$begingroup$
See also OEIS sequence A278573 and references there.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:30
$begingroup$
See also OEIS sequence A278573 and references there.
$endgroup$
– Robert Israel
Mar 14 '18 at 18:30
|
show 4 more comments
Thanks for contributing an answer to Mathematics Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f2690289%2fhow-do-you-discover-an-irreducible-polynomial-over-a-finite-field-that-has-a-cho%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
$begingroup$
For what it's worth you have an explicit formula for the number of irreducible polynomials of degree $n$ over a field of order $q$ which involves Moebius function. From this, if you pick random polynomial of high degree then you have a fairly good change to end up with an irreducible polynomial. What is the degree of the polynomial you are picking? If this is low degree, maybe it is a good idea to directly make the list of all polynomials.
$endgroup$
– Clément Guérin
Mar 14 '18 at 3:30
$begingroup$
@ClémentGuérin - In order to construct a field that contains all the elements of $GF(2^{127})$ I need a polynomial of degree 128, correct?
$endgroup$
– Omnifarious
Mar 14 '18 at 3:35
2
$begingroup$
Ok, to test if a polynomial over a finite field is irreducible you can use Cantor-Zassenhaus algorithm see the Wikipedia page. You also have Berlekamp algorithm.
$endgroup$
– Clément Guérin
Mar 14 '18 at 3:53
2
$begingroup$
@ClémentGuérin Your computation is incorrect. I tried a simulation, with 1000 random polynomials of degree 127 over $mathbb F_2$, and only $8$ were irreducible. So maybe that $0.00787...$ should be the probability that it is irreducible. Well, I can see right away that the probability of being irreducible must be less than half, since if the constant term is $0$ it's certainly reducible.
$endgroup$
– Robert Israel
Mar 14 '18 at 4:52
1
$begingroup$
@RobertIsrael, the formula I have in mind is this one : math.stackexchange.com/questions/152880/…. You are right, thanks for checking! The number of irreducible polynomials is equivalent to $q^n/n$ when $n$ goes to infinity. Which obviously make the probability goes to $0$ when $n$ gets bigger. Sorry Omnifarious.
$endgroup$
– Clément Guérin
Mar 14 '18 at 7:08