\documentclass[11pt]{article}
\usepackage{latexsym}
\usepackage{amsmath}
\usepackage{amssymb}
\usepackage{amsthm}
\usepackage{hyperref}
\usepackage{algorithmic}
\usepackage{algorithm}
\newcommand{\handout}[5]{
\noindent
\begin{center}
\framebox{
\vbox{
\hbox to 5.78in { {\bf Algebra and Computation } \hfill Course Instructor: #2 }
\vspace{4mm}
\hbox to 5.78in { {\Large \hfill #5 \hfill} }
\vspace{2mm}
\hbox to 5.78in { {\em #3 \hfill #4} }
}
}
\end{center}
\vspace*{4mm}
}
\newcommand{\lecture}[4]{\handout{#1}{#2}{Lecturer: #3}{Scribe: #4}{Lecture #1}}
\newtheorem{theorem}{Theorem}
\newtheorem{theorem*}{Theorem}
\newtheorem{corollary}[theorem]{Corollary}
\newtheorem{lemma}[theorem]{Lemma}
\newtheorem{observation}[theorem]{Observation}
\newtheorem{proposition}[theorem]{Proposition}
\newtheorem{definition}[theorem]{Definition}
\newtheorem{claim}[theorem]{Claim}
\newtheorem{fact}[theorem]{Fact}
\newtheorem{subclaim}[theorem]{Subclaim}
% my custom commands
\newcommand{\inparen}[1]{\left(#1\right)} %\inparen{x+y} is (x+y)
\newcommand{\inbrace}[1]{\left\{#1\right\}} %\inbrace{x+y} is {x+y}
\newcommand{\insquar}[1]{\left[#1\right]} %\insquar{x+y} is [x+y]
\newcommand{\inangle}[1]{\left\langle#1\right\rangle} %\inangle{A} is
\newcommand{\abs}[1]{\left|#1\right|} %\abs{x} is |x|
\newcommand{\norm}[1]{\left\Vert#1\right\Vert} %\norm{x} is ||x||
\newcommand{\union}{\cup}
\newcommand{\Union}{\bigcup}
\newcommand{\intersection}{\cap}
\newcommand{\super}[2]{#1^{\inparen{#2}}} %\super{G}{i-1} is G^{(i-1)}
\newcommand{\setdef}[2]{\inbrace{{#1}\ : \ {#2}}}
\newcommand{\inv}[1]{#1^{-1}}
% Commands specific to this file
% TODO: Find the right way to typeset group index
\DeclareMathOperator{\Sym}{Sym}
\newcommand{\gpidx}[2]{\insquar{#1 : #2}} %\gpidx{H}{K} is [H : K]
\newcommand{\gpigs}[2]{\gpidx{\super{G}{#1}}{\super{G}{#2}}} %Group index of g super ...
\newcommand{\llhd}{\!\!\lhd\!\!\lhd}
% \newcommand{\ceil}[1]{\lceil #1 \rceil}
\newcommand{\floor}[1]{\lfloor #1 \rfloor}
\newcommand{\F}{\mathbb{F}}
\newcommand{\N}{\mathbb{N}}
\newcommand{\Q}{\mathbb{Q}}
% \newcommand{\R}{\mathbb{R}}
%for algorithms
\renewcommand{\algorithmicrequire}{\textbf{Input:}}
\begin{document}
\lecture{11: Some field theory and irreducibility tests}{V. Arvind}{V. Arvind}{Kazim Bhojani and Shreevatsa R}
\section{Crash course in Field theory}
Definition, size is prime power, the generating function counting,
cyclic,
\begin{align}
\label{eq:irredpdt}
X^{q^{n}}-X = \prod_{\substack{\deg{f}|n \\ f\text{ monic and irreducible in }\F_{q}[X]}}{f(X)}
\end{align}
%TODO: Typeset this so that it looks less ugly (but keep the label)
the equality with the product of irreducible polynomials, uniqueness
\section{Algorithms}
We now have enough understanding of fields to look at various problems.
In general, we will be given as input a field $\F_{q}$, where
$q=p^{m}$ for some prime number $p$. It is unreasonable to expect to
be given $\F_{q}$ as a list of elements and addition/multiplication
tables. As $\F_{q}=\F_{p}[X]/(h(X))$ for some irreducible polynomial
$h(X)$ of degree $m$, it can be specified by $p$ and the coefficients
of $h(X)$, and that is what we are given. (This contributes $m\log{p}
= \log{q}$ to the input size, and a particular element of $\F_{q}$ can
be written down using $\log{q}$ bits).
\subsection{Testing Irreducibility}
Given a polynomial $f(X)$ of degree $n$ over $\F_{q}$, we want to test
whether it is irreducible.
The input needs to specify the coefficients of $f(X)$, each of which
is an element of $\F_{q}$, so the input size is $(\deg{f})(\log{q})$.
We observe that by \autoref{eq:irredpdt}, if $f(X)$ is irreducible, it
must divide $X^{q^{n}}-X$, i.e.,
$\gcd(f(X),X^{q^{n}}-X)=f(X)$. Conversely, if $f(X)$ is not
irreducible, there exists some $d$ less than $n$ such that
$\gcd(f(X),X^{q^{d}}-X) \neq 1$.
Thus we have reduced testing irreducibility to finding the gcd of two
polynomials, which is simply Euclid's algorithm. Note here that
although the polynomials $X^{q^{d}}-X$ are of exponentially large
degree, we only need them modulo $f(X)$, and we can easily compute
$X^{r}$ modulo $f(X)$ for exponential $r$ in polynomial time by using
the repeating squaring algorithm for powering.
% TODO: the stupid algorithm goes here, but finish project of deciding
% how to typeset algorithms first.
\subsection{Factorisation: Cantor--Zassenhaus algorithm}
The next thing we would like to do is to actually factorise $f(X)$
into its irreducible factors. In this subsection, we describe an
algorithm due to Cantor and Zassenhaus which is randomised and is in
Las Vegas polytime.
Firstly, note that any repeated factors of $f$ are factors of
$\gcd(f,f')$ as well. In fact, if $ f = g_1^{l_1}g_2^{l_2} \dots
g_r^{l_r}$, then $\frac{f}{\gcd(f,f')}=g_1g_2 \dots g_r$, and once we
have the factorisation of the latter, we can easily find each $l_i$ as
the highest power of $g_i$ that is present in $f$. So we can assume
$f$ is square-free.
Further, we can use the gcd idea (\autoref{eq:irredpdt}) to separate
out the irreducible factors of degree $d$, for every $d$. That is, let
\begin{align*}
f_1 &= \gcd(f,X^q-X) & f \gets \frac{f}{f_1} \\
f_2 &= \gcd(f,f,X^{q^2}-X) & f \gets \frac{f}{f_2}
\end{align*}
and so on, then $f_1(X)$ is the product of all the linear factors,
$f_2(X)$ is the product of all the quadratic factors, and in general,
$f_d(X)$ is the product of all the irreducible factors of $f(X)$ of
degree $d$. We can deal with each the $f_d$s separately. So we can
assume $f = g_1g_2 \dots g_r$ where all the $g_i$ are irreducible and
of (known) degree $d$.
By the Chinese Remainder Theorem,
\begin{align*}
\frac{\F_q[X]}{(f(X))}
&\cong \frac{\F_q[X]}{(g_1(X))} \times \dots \times \frac{\F_q[X]}{(g_r(X))}\\
&\cong \F_{q^d} \times \dots \times F_{q^d}
\end{align*}
(We proved the Chinese Remainder Theorem here)
Of the nonzero elements in $\F_q[X]/(f(X))$, the units (those with gcd
$1$ with $f(X)$) are large in number --- there are $(q^d-1)^r$ of
them, out of the $q^n = q^{dr}$ total. What we would like to get, for
factorisation, are the zero divisors (those with nontrivial gcd with
$f(X)$).
\subsubsection{If q is odd}
For each $x \in \F_{q^d}^*$, $x^{q^d-1}=1$, and $x^{\frac{q^d-1}{2}}$
is $+1$ or $-1$ with probability $\frac12$ each. This means that
$a(X) \mapsto {a(X)}^{\frac{q^d-1}{2}}-1$ takes $a(X)$ to
$(\pm1-1,\pm1-1,\dots,\pm1-1)$, which is zero only when every
``co-ordinate'' is $0$ and a unit only when each of them is $-2$, each
of which happens with probability $\frac{1}{2^r}$. Thus, with
probability $1-\frac{2}{2^r}$, we get a zero divisor, whose gcd with
$f(X)$ gives us a factor. We can now remove this factor, test for
irreducibility, and recurse.
\subsubsection{If q is even}
When $q$ is even (the characteristic is $2$), the above does not work
as $1$ and $-1$ are the same. $q$ is a power of $2$, say $q = 2^k$.
The $m$th trace polynomial is defined as
\begin{align*}
T_m(X) = X + X^{2} + X^{2^2} + X^{2^3} + \dots + X^{2^{m-1}}
\end{align*}
Consider
\begin{align*}
T_m(X)(T_m(X)+1) &= T_m(X)^2 + T_m(X)\\
&= T_m(X^2) + T_m(X) && \text{characteristic 2} \\
&= x^{2^m} + x && \text{everything else occurs twice}
\end{align*}
For any $m$, in $\F_{2^m}$, $T_m(T_m+1)$ splits as $\prod_{\alpha \in \F_{2^m}}{x-\alpha}$.
For a random element $\alpha \in \F_{2^m}$, $\Pr[T_m(\alpha)=0]=\Pr[T_m(\alpha)=1]=\frac12$.
We have
\begin{align*}
\frac{\F_q[X]}{(f(X))} &\cong \F_{2^{kd}} \times \dots \times \F_{2^{kd}}
\end{align*}
so for $m=kd$, $T_m(a(X))$ is a zero divisor with probability
$1-\frac{2}{2^r}$. As before, we can get a factor, remove it, and recurse.
\subsection{Factorisation: Berlekamp's algorithm}
The Cantor--Zassenhaus algorithm is randomised. Berlekamp's algorithm
is a deterministic algorithm, which runs in polynomial time when the
$q$ is small.
As before, we can remove repeated factors of $f$, so we can assume
that $f = g_1g_2 \dots g_r$ where all the $g_i$s are distinct
irreducible factors.
Now consider the map
\begin{align*}
\phi : \frac{\F_q[X]}{(f(X))} \to \frac{\F_q[X]}{(f(X))}
\end{align*}
defined as $a \mapsto a^q-a$. This is a linear map (check).
Let $\mathcal{B} = \ker(\phi) = \setdef{a \in \frac{\F_q[X]}{(f(X))}}{a^q=a}$.
Let $\psi : \frac{\F_q[X]}{f} \to \frac{\F_q[X]}{g_1} \times \dots \times \frac{\F_q[X]}{g_r}$
be the isomorphism given by the Chinese Remainder Theorem.
$\psi(\mathcal(B)) = \F_q \times \dots \times \F_q$.
We want to find $\mathcal(B)$ -- that is, find a basis for it. This is
easy; we can find out for each $X^j$ its image $X^{qj}-X^j \bmod f$,
and hence write down the matrix for the linear map $\phi$.
Note that the elements of $\mathcal(B)$ are precisely the zero
divisors. So we can sample from $\mathcal(B)$, and use the zero
divisors to get factors of $f$, remove them and recurse, as before.
%%% Local Variables:
%%% mode: latex
%%% TeX-master: "lecture11"
%%% End:
\end{document}