In this paper we consider in detail the composition of an irreducible polynomial with \(X^2\) and suggest a recurrent construction of irreducible polynomials of fixed degree over finite fields of odd characteristics. More precisely, given an irreducible polynomial of degree n and order \(2^rt\) with t odd, the construction produces \(ord_t(2)\) irreducible polynomials of degree n and order t. The construction can be used for example to search irreducible polynomials with specific requirements on its coefficients.

Hinweise

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

1 Introduction

The so-called composition method is a powerful tool to study and construct polynomials over finite fields. It is extensively used for construction of irreducible polynomials, computing a square root and factorization of polynomials, see for example [2, 4, 8‐10, 13]. General recurrent constructions of irreducible polynomials based on composition of irreducible polynomials with quadratic rational functions are suggested in [8, 9]. For these constructions it is not yet understood which of them are particularly well suited for algorithmic applications. In this paper we consider in detail the composition of an irreducible polynomial with \(X^2\) and suggest a recurrent construction of irreducible polynomials of fixed degree over finite fields of odd characteristics.

Let q be a power of an odd prime number. In this paper we consider the composition of an irreducible polynomial \(A(X)\ne X\) of degree \(n\ge 1\) over the finite field \({\mathbb {F}}_q\) with the polynomial \(X^2\). Set \(B(X) := A(X^2)\). If an element \(\beta\) from an extension field of \({\mathbb {F}}_q\) is a zero of B(X), then \(\beta ^2\) is a zero of A(X). Consequently \(\beta ^2\) is a proper element of \({\mathbb {F}}_{q^n}\), that is \(\beta ^2\) belongs to \({\mathbb {F}}_{q^n}\) but not to any subfield \({\mathbb {F}}_{q^s} \ne {\mathbb {F}}_{q^n}\) of it. Next we need to distinguish whether \(\beta ^2\) is a non-square or square in \({\mathbb {F}}_{q^n}\). In the first case \(\beta \not \in {\mathbb {F}}_{q^n}\) while \(\beta \in {\mathbb {F}}_{q^{2n}}\), or equivalently B(X) is irreducible over \({\mathbb {F}}_q\). In the case when \(\beta ^2\) is a square in \({\mathbb {F}}_{q^n}\) the element \(\beta\) belongs to \({\mathbb {F}}_{q^n}\), and clearly it is proper in it since \(\beta ^2\) is so. Hence the minimal polynomial C(X) of \(\beta\) over \({\mathbb {F}}_q\) has degree n and it is a factor of B(X). Clearly, along with \(\beta\) also \(-\beta\) is a zero of B(X). The polynomial \((-1)^nC(-X)\) is the minimal polynomial of \(-\beta\) over \({\mathbb {F}}_q\). In particular, if \(C(X) \ne (-1)^nC(-X)\), then the polynomial B(X) is the product of monic irreducible polynomials C(X) and \((-1)^nC(-X)\). The next well-known lemma describes in more detail the factorization of B(X). It shows in particular, that under our assumptions \(C(X) \ne (-1)^nC(-X)\) always holds.

Anzeige

Lemma 1

Letqbe odd, \(n\ge 1\)and\(\alpha \ne 0\)be a proper element of\({\mathbb {F}}_{q^n}\). If\(A(X) \in {\mathbb {F}}_q[X]\)is the minimal polynomial of\(\alpha\), then the polynomial\(B(X) := A(X^2)\)has the following properties:

(a)

B(X) is irreducible over \({\mathbb {F}}_q\) if and only if \(\alpha\) is a non-square in \({\mathbb {F}}_{q^n}\).

(b)

B(X) is irreducible over \({\mathbb {F}}_q\) if and only if \((-1)^nA(0)\) is a non-square in \({\mathbb {F}}_q\).

(c)

B(X) is the product of two different irreducible polynomials C(X) and \((-1)^nC(-X)\) over \({\mathbb {F}}_q\) if and only if \(\alpha\) is a square in \({\mathbb {F}}_{q^n}\).

Proof

The statement in (a) follows from the discussions before this lemma. To prove (b), recall that \((-1)^nA(0)\) is the norm \(N(\alpha ) = \alpha ^{(q^n-1)/(q-1)}\) of \(\alpha\) over \({\mathbb {F}}_q\). Note that \(\alpha\) is a square in \({\mathbb {F}}_{q^n}\) exactly when its norm is a square in \({\mathbb {F}}_q\). Indeed, let \(S_{q^n}\) and \(S_q\) be the sets of non-zero squares in \({\mathbb {F}}_{q^n}\) resp. in \({\mathbb {F}}_q\). Then the image \(N(S_{q^n})\) is a subset of \(S_q\). Since the size of the preimage \(N^{-1}(S_q)\) is \((q^n-1)/2 = |S_{q^n}|\), the equality \(N(S_{q^n}) = S_q\) holds. Hence using (a) B(X) is reducible over \({\mathbb {F}}_q\) if and only if \(\alpha\) is a square in \({\mathbb {F}}_{q^n}\). By discussions before this lemma, to complete the proof of (c) it remains to show that \(C(X) \ne (-1)^nC(-X)\). Recall that A(X) factorizes over \({\mathbb {F}}_{q^n}\) as follows

is the minimal polynomial of \(-\beta\) over \({\mathbb {F}}_q\). Hence \(C(X) \ne (-1)^nC(-X)\) is equivalent to the property that the minimal polynomials of \(\beta\) and \(-\beta\) are different. These minimal polynomials are equal if and only if \(-\beta\) is a conjugate of \(\beta\) over \({\mathbb {F}}_q\), that is \(\beta ^{q^i} = -\beta\) for some \(1\le i \le n-1\). In the latter case \(\alpha ^{q^i} = \alpha\) and hence \(\alpha \in {\mathbb {F}}_{q^{\gcd {(n,i)}}}\), a contradiction to the assumption \(\alpha\) is proper in \({\mathbb {F}}_{q^n}\). \(\square\)

Two immediate consequences of Lemma 1 are the characterization of the minimal polynomials of proper elements \(\beta\) in \({\mathbb {F}}_{q^{2n}}\) with \(\beta ^2 \in {\mathbb {F}}_{q^n}\) and a construction of irreducible polynomials of degree \(2^kn\) by blowing up those of degree n:

Corollary 1

Letqbe odd and\(n \ge 1\). A proper element\(\beta\)in\({\mathbb {F}}_{q^{2n}}\)satisfies\(\beta ^2 \in {\mathbb {F}}_{q^n}\)if and only if the minimal polynomialB(X) of\(\beta\)over\({\mathbb {F}}_q\)fulfills\(B(X) = A(X^2)\)for some\(A(X) \in {\mathbb {F}}_q[X]\). In such a case, A(X) is the minimal polynomial of\(\beta ^2\)over\({\mathbb {F}}_q\).

Anzeige

Proof

If B(X) is irreducible, then the polynomial A(X) is irreducible as well. Hence a zero \(\alpha\) of A(X) is a proper element of \({\mathbb {F}}_{q^n}\) satisfying \(\alpha = \beta ^2\). Suppose now \(\beta \in {\mathbb {F}}_{q^{2n}}\) is proper and \(\beta ^2 \in {\mathbb {F}}_{q^n}\). Then \(\beta ^2\) is a non-square in \({\mathbb {F}}_{q^n}\), and hence the statement follows from Lemma 1(a). \(\square\)

Corollary 2

Letqbe odd and\(F(X) \in {\mathbb {F}}_q[X]\)be monic and irreducible of degree\(n\ge 1\)with\((-1)^nF(0)\)a non-square in\({\mathbb {F}}_q\). Then\(F(X^2)\)is irreducible over\({\mathbb {F}}_q\). The polynomial\(F(X^{2^k})\)with\(k\ge 2\)is irreducible over\({\mathbb {F}}_q\)if and only if either\(q \equiv 3 \pmod 4\)andnis even, or\(q \equiv 1 \pmod 4\).

Proof

The irreducibility of \(F(X^2)\) follows directly from Lemma 1(b). Let \(k = 2\). Using again Lemma 1(b) the polynomial \(F(X^4)\) is irreducible if and only if \((-1)^{2n}F(0) = F(0)\) is a non-square in \({\mathbb {F}}_q\). The latter is not fulfilled if and only if \((-1)^n\) is a non-square in \({\mathbb {F}}_q\), that is if and only if n is odd and \(q \equiv 3 \pmod 4\). It remains to observe that \(F(X^{2^k})\) for \(k \ge 3\) is irreducible if and only if \(F(X^4)\) is irreducible over \({\mathbb {F}}_q\). \(\square\)

An important feature of Corollary 2 is that it ensures the existence of sparse irreducible polynomials of degree \(2^kn\), as the following example demonstrates:

Example 1

The polynomial \(F(X)=X^6+X+3\) is irreducible over \({\mathbb {F}}_{19}\) and \((-1)^6F(0)=3\) is a non-square in \({\mathbb {F}}_{19}\). By Corollary 2 the trinomial \(X^{2^k6}+X^{2^k}+3\) is irreducible over \({\mathbb {F}}_{19}\) for any \(k\ge 1\).

Recall that the order of an irreducible polynomial \(F(X)\ne X \in {\mathbb {F}}_q[X]\) of degree n is defined as the order of its zero in \({\mathbb {F}}_{q^n}\). We denote it by ord(F(X)).

For our next discussions we need the following observation on the irreducible polynomials satisfying \(C(X) = (-1)^nC(-X)\).

Proposition 1

Letqbe odd, \(n\ge 2\)and\(C(X) = X^n +\sum _{i=0}^{n-1}c_{i}X^{i}\)\(\in {\mathbb {F}}_q[X]\) (we set\(c_n=1\)) be an irreducible polynomial. Then the following statements are equivalent:

(a)

\(C(X) = D(X^2)\)for some\(D(X) \in {\mathbb {F}}_q[X]\), that is\(c_i=0\)for all odd indices\(1\le i \le n\).

(b)

\(C(X) = (-1)^nC(-X)\).

(c)

The order ofC(X) divides\(2(q^{n/2}-1)\).

Proof

The degree n of \(C(X) = D(X^2)\) is even, and hence in such a case

proving the implication (b) from (a). Next we show that for an irreducible polynomial C(X) of degree \(n\ge 2\) from (b) follows (a). Suppose \(C(X) = (-1)^nC(-X)\). If n is even the considered equality reduces to \(C(X) =C(-X)\). The latter is satisfied if and only if \(C(X) = \sum _{i=0}^{n/2}c_{2i}X^{2i}\) or equivalently if \(C(X) = D(X^2)\) for an appropriate polynomial D(X) of degree n/2. For n odd we get \(C(X) =-C(-X)\), which forces \(c_{i} =0\) for all even indicies i, in particular \(c_0=0\) too. The irreducibility of C(X) yields then \(C(X)=X\). Hence (a) and (b) are indeed equivalent. Next we show equivalence of (a) and (c). Let \(\alpha\) be a root of D(X) and \(\beta\) of C(X). Then \(\beta ^2 = \alpha\). Since \(\alpha \in {\mathbb {F}}_{q^{n/2}}\), from (a) follows (c). Suppose (c) holds and \(\beta \in {\mathbb {F}}_{q^n}\) is a root of C(X). Then \(\alpha := \beta ^2\) has order dividing \((q^{n/2}-1)\), and hence \(\alpha\) is in \({\mathbb {F}}_{q^{n/2}}\). Further \(\alpha\) is proper in \({\mathbb {F}}_{q^{n/2}}\), since \(\beta\) is proper in \({\mathbb {F}}_{q^n}\). This implies that (a) holds with D(X) being the minimal polynomial of \(\alpha\). \(\square\)

The next result is obtained by reversing arguments of Lemma 1 and Proposition 1.

Corollary 3

Letqbe odd and\(n \ge 1\). Let\(C(X) = X^n+ \sum _{i=0}^{n-1}c_iX^i\)be a monic irreducible polynomial of degreenover\({\mathbb {F}}_q\) (we set here\(c_n=1\)). Then there is a polynomial\(A(X) \in {\mathbb {F}}_q[X]\)of degreensuch that

$$\begin{aligned} A(X) = (-1)^n\sum _{j=0}^n\sum _{u=0}^{2j}(-1)^uc_uc_{2j-u}X^j, \text{ with } c_s = 0 \text{ for } s >n. \end{aligned}$$

(2)

(a)

The polynomialA(X) is irreducible over\({\mathbb {F}}_q\)if and only if there is at least one odd\(1 \le i \le n\)with\(c_i \ne 0\).

(b)

If\(A(X)\ne X\)is irreducible then it is the minimal polynomial of\(\beta ^2\), where\(\beta \in {\mathbb {F}}_{q^n}\)is a zero ofC(X). In this case\(ord(A(X)) = ord(C(X))/\gcd (2,ord(C(X)))\).

Proof

Set \(F(X) := C(X) \cdot (-1)^nC(-X)\). Since by construction \(F(X) = F(-X)\), there is a polynomial A(X) satisfying \(F(X)=A(X^2)\). Direct calculations show that A(X) is given by the formula (2). To prove (a), note that if \(c_i=0\) for all odd i, then \(C(X) = D(X^2)\) for a certain \(D(X) \in {\mathbb {F}}_q[X]\). Hence \(A(X^2) = (-1)^nC(X)C(-X) = D(X^2)^2\), implying \(A(X) = D(X)^2\). So it remains to show that A(X) is irreducible if there is at least one odd i with \(c_i\ne 0\). Let C(X) be the minimal polynomial of \(\beta \in {\mathbb {F}}_{q^n}\). Then \(A(\beta ^2)=0\) and thus minimal polynomial of \(\beta ^2\) divides A(X). Since there is an odd i with \(c_i \ne 0\), Corollary 1 implies that \(\beta ^2\) is not contained in any proper subfield of \({\mathbb {F}}_{q^n}\). This shows that the minimal polynomial of \(\beta ^2\) has degree n, and hence A(X) is the minimal polynomial of it. This proves also (b). \(\square\)

In next section we use Corollary 3 to construct irreducible polynomials from a given one. For this construction also the following easy observation is of interest.

Proposition 2

Let\(B(X) = A(X^2) \in {\mathbb {F}}_q[X]\)be monic irreducible polynomial of degree\(2n \ge 2\)with\(\gcd (n,q)=1\)andqodd. Then for any\(a \in {\mathbb {F}}_q, a \ne 0,\)the polynomial\(F(X) = B(X+a)\)is irreducible over\({\mathbb {F}}_q\)andF(X) has at least one coefficient\(f_i \ne 0\)with odd\(0\le i <2n\).

Proof

Clearly \(F(X) \in {\mathbb {F}}_q[X]\) is irreducible. Next we show that the coefficients of \(X^{2n-1}\) in it is 2na, which is non-zero under our assumptions. Let

2 Recurrent construction of irreducible polynomials of fixed degree

In this section using Corollary 3 we describe two recursive constructions of irreducible polynomials of degree n from a given irreducible polynomial C(X) of degree n. In Construction 1, we assume that the order of the initial polynomial C(X) is known and use it to terminate the construction. In Construction 2 the order of the initial polynomial C(X) is supposed to be unknown. The number of performed iterations in Construction 2 can be then used to compute the order of C(X).

For an odd natural number t, we denote by \(ord_t(2)\) the order of 2 modulo t.

Construction 1

Letqbe odd, \(C(X) = X^n +\sum _{j=0}^{n-1}c_jX^j \in {\mathbb {F}}_q[X], C(X) \ne X\)and\(c_n=1\), be a given irreducible polynomial of degree\(n \ge 1\). Further suppose the order\(ord(C(X)) = 2^rt\)is known, where\(r\ge 0\)and\(t\ge 1\)is odd. Given a polynomial\(C_i\)with\(i \ge 0\)set\(C_{i+1}(X)\)to denote the polynomial of degreenconstructed from\(C_{i}(X)\)as follows

If\(0\le i \le r-1\)and the polynomial\(C_{i}\)has at least one non-zero odd coefficient, then continue with (3) to construct\(C_{i+1}\), otherwise stop.

For\(r \le i \le r+ord_t(2)-2\)with\(t>1\)construct\(C_{i+1}\)by (3). \(\square\)

The next theorem describes the performance and proves the correctness of Constructions 1.

Theorem 1

LetC(X) be as in Construction1. Then the following holds:

(1)

Ifnis odd ornis even andtdoes not divide\(q^{n/2}-1\), Construction1produces one polynomial of order\(2^it\)for each\(1\le i \le r\)and\(ord_t(2)\)different polynomials of ordert (including\(C_0\)).

(2)

Ifnis even ands, \(1\le s \le r-2\), is minimal such that\(2^{r-s}t\)divides\(2(q^{n/2}-1)\), then Construction1yieldsone polynomial of order\(2^{r-i}t\)for each\(0\le i \le s\) (including\(C_0\)) and stops.

Proof

By Corollary 3 the order of \(C_{i+1}(X)\) is equal to \(ord(C_i)/\gcd (ord(C_i(X)),2)\) for any \(i\ge 0\). For \(0\le i \le r-1\) Construction 1 terminates after producing \(C_{i+1}(X)\) if \(C_{i+1}\) has all its odd coefficients equal to 0. This occurs if and only if n is even and \(ord(C_{i+1})\) divides \(2(q^{n/2}-1)\) by Proposition 1(c). Otherwise all produced polynomials have a non-zero odd coefficient and the construction will stop after constructing \(ord_t(2)\) polynomials of order t. \(\square\)

In the case when the order of initial polynomial C(X) is unknown we modify the stopping condition in Construction 1. The stopping condition in this case relies on the following observation: If \(q^n-1 = 2^u w\) with w odd, then clearly \(2^{u+1}\) does not divide order of C(X). Hence after \(h \le u\) steps of construction, polynomial \(C_h\) will have an odd order t, and after further \(ord_t(2)\) steps the construction will produce \(C_h\) again. Indeed if \(\gamma \in {\mathbb {F}}_{q^n}\) is a zero of \(C_h\) then \(\gamma ^{2^i}\) is a zero of \(C_{h+i}\) and \(\gamma ^{2^{ord_t(2)}}=\gamma .\)

Construction 2

Letqbe odd, \(C(X) = X^n +\sum _{j=0}^{n-1}c_jX^j \in {\mathbb {F}}_q[X], C(X) \ne X\)and\(c_n=1\), be a given irreducible polynomial of degree\(n \ge 1\). Further, let\(q^n-1 = 2^uw\)with\(u\ge 0\)and an odd\(w\ge 1\).

Set\(C_0(X) := C(X)\), if the polynomial\(C_{0}\)has at least one non-zero odd coefficient, continue with (3) to construct\(C_{1}\)otherwise stop.

For\(1\le i \le u\), if the polynomial\(C_{i}\)has at least one non-zero odd coefficient and\(C_{i} \notin \{ C_0, \ldots , C_{i-1}\}\), continue with (3) to construct\(C_{i+1}\)otherwise stop.

Construction 2 provides information on the order of the initial polynomial \(C_0\). Indeed, suppose the last constructed polynomial is \(C_k\) with \(k \ge 1.\) If \(C_k(X) = D(X^2)\) then order of \(C_0\) is \(2^kv\) with v dividing \(2(q^{n/2}-1)\) by Proposition 1. Otherwise suppose \(C_k = C_l\) with \(l<k\). Then the order of \(C_0\) is \(2^l m\) where m is an odd divisor of \(q^n-1\) with \(k-l = ord_2(m)\).

This observation can also be adapted for computing the order of an elemenent \(\alpha \in {\mathbb {F}}_{q^n}\), provided that its minimal polynomial A(X) over \({\mathbb {F}}_q\) is known. The minimal polynomial can be computed using formula (1). However it is in general not efficient since the computations are done in \({\mathbb {F}}_{q^n}\). An alternative way is solving a system of linear equations over \({\mathbb {F}}_q\), as suggested in [1, page 112].

Remark 2

Construction 1 produces \(ord_t(2)\) different irreducible polynomials of degree n and order t. In generic case this is going to be a large amount of polynomials, since there are good indications that the average order of 2 modulo an odd integer is large [7, 12]. An interesting discussion on the topic can be found in [11].

Corollary 2 and Constructions 1 or 2 can be combined to construct polynomials of degree \(2^kn\) from a suitable polynomial of degree n: Let \(k\ge 1\). Suppose an irreducible polynomial \(U(X)\in {\mathbb {F}}_q[X]\) satisfies the conditions of Corollary 2 and \(H(X) = U(X^{2^k})\) is irreducible as well. Observe that if H(X) is used as an initial polynomial in Constructions 1 or 2, then no new irreducible polynomials will be produced, since all odd coefficients in H(X) are equal to zero. Instead we can take the irreducible polynomial \(H(x+a)\) with \(a \in {\mathbb {F}}_q\), which by Proposition 2 has a non-zero odd coefficient. This observation allows effective constructions of irreducible polynomials, which are of particular interest for small n and large k. The next example illustrates these ideas for \(q=19, n=3\) and \(k=2\).

Example 2

Take \(q = 19\). Then \(U(X) = X^3+X+1\) is irreducible over \({\mathbb {F}}_{19}\). By Corollary 2 is also \(H(X) := U(X^2)=X^6+X^2+1\) irreducible over \({\mathbb {F}}_{19}\). The order of this polynomial is \(1524=2\cdot (19^3-1)/9= (19^6-1)/30870\). By Proposition 2 also \(C(X):=H(X+1)= X^6 + 6X^5 + 15X^4 + X^3 + 16X^2 + 8X + 3\) is irreducible over \({\mathbb {F}}_{19}\), which has an odd non-zero coefficient. The order of C(X) is \(9409176 = (19^6-1)/5 = 2^3\cdot 1176147\). If we initialize Construction 1 with \(C_0(X) =C(X)\), after 3 iterations we get the polynomial \(C_3(X)= X^6 + X^5 + 18X^3 + 2X^2 + 7X + 6\) of odd order \(9409176/8 = 1176147\). Altogether the construction yields \(3 + ord_{1176147}(2) = 885\) irreducible polynomials of degree 6, and 882 of them have order 1176147. Among these polynomials 9 are with exactly 5 nonzero coefficients, and 198 are with exactly 6 and the remaining 678 polynomials have all 7 coefficients non-zero.

If we repeat the construction choosing C(X) to be \(H(X+5)\). Then \(C_0(X) =C(X)\) is primitive, that is \(ord(C_0(X)) = 19^6-1\). In this case we get 1767 irreducible polynomials, among which there are 3 polynomials with exactly 4 non-zero coefficients.

Table 1 summarizes our numerical calculations for \(H(X+a)\) with all \(a \in {\mathbb {F}}_{19}\). Observe that \(H(X+a)\) and \(H(X-a)\) can be obtained from each other by substituting \(-X\). Hence their orders are either equal (in this case the order is even) or differ by factor 2 (and then one of them is odd). This explains the similarities in behavior of data in Table 1 for polynomials \(H(X+a)\) and \(H(X-a)\). Our computations are done with SageMath.^{1}\(\square\)

It is interesting to note that in Example 2 we start with a polynomial H(X) which has a small order and then obtain polynomials \(H(X+a)\) with large orders, six of them are even of largest possible order \(q^6-1\), that is they are primitive. A result of Davenport (for q prime) and Carlitz (any q) states, that for an irreducible polynomial F(X) of sufficiently large degree n over \({\mathbb {F}}_q\) there is always an element \(a \in {\mathbb {F}}_q\) such that \(F(X+a)\) is primitive. However little is known about the number of element \(a \in {\mathbb {F}}_q\) with \(F(X+a)\) of a specified order. Stephen Cohen generalized this result in several directions, for latest developments in this area see [5].

Here \(N = 19^6-1\) and \(k^l\) in Weight distribution indicates that the construction produces l polynomials with exactly k non-zero terms

Acknowledgements

Open Access funding provided by Projekt DEAL.

Open AccessThis article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.