Tests and Constructions of Irreducible Polynomials over Finite Fields

In this paper we focus on tests and constructions of irreducible polynomials over nite elds. We revisit Rabin's (1980) algorithm providing a variant of it that improves Rabin's cost estimate by a log n factor. We give a precise analysis of the probability that a random polynomial of degree n contains no irreducible factors of degree less than O(log n). This probability is naturally related to Ben-Or's (1981) algorithm for testing irreducibility of polynomials over nite elds. We also compute the probability of a polynomial being irreducible when it has no irreducible factors of low degree. This probability is useful in the analysis of various algorithms for factoring polynomials over nite elds. We present an experimental comparison of these irreducibility methods when testing random polynomials. 1 Motivation and results For a prime power q and an integer n 2, let IFq be a nite eld with q elements, and IFqn be its extension of degree n. Extensions of nite elds are important in implementing cryptosystems and error correcting codes. One way of constructing extensions of nite elds is via an irreducible polynomial over the ground eld with degree equal to the degree of the extension. Therefore, nding irreducible polynomials and testing the irreducibility of polynomials are fundamental problems in nite elds. A probabilistic algorithm for nding irreducible polynomials that works well in practice is presented in [26]. The central idea is to take polynomials at random and test them for irreducibility. Let In be the number of irreducible polynomials of degree n over a nite eld IFq . It is well-known (see [21], p. 142, Ex. 3.26 & 3.27) that q n q(q n=2 1) (q 1)n In q q n : (1) This means that a fraction 1=n of the polynomials of degree n are irreducible, and so we nd on average one irreducible polynomial of degree n after n tries. In order to transform this idea into an algorithm one has to consider irreducibility tests. In sections 2 and 3, we focus on tests for irreducibility. Let f 2 IFq [x], deg f = n, be a polynomial to be tested for irreducibility. Assume that p1; : : : ; pk are the distinct prime divisors of n. In practice, there are two general approaches for this problem: { Butler (1954): f is irreducible if and only if dimker( I) = 1, where is the Frobenius map on IFq [x]=(f) that sends h 2 IFq [x]=(f) to h 2 IFq[x]=(f), and I is the identity map on IFq [x]=(f) (see [4]); { Rabin (1980): f is irreducible if and only if gcd(f; x n=pi x) = 1 for all 1 i k, and xqn x 0 mod f (see [26]). Other irreducibility tests can be found in [14], [31], and [12]. In this paper, we concentrate on Rabin's test, and a variant presented in [1]. In section 2, we review Rabin's and Ben-Or's irreducibility algorithms. We state a variant of Rabin's algorithm that allows a logn factor saving. In section 3, we focus on Ben-Or's algorithm. This leads us to study the behavior of rough polynomials, i.e., polynomials without irreducible factors of low degrees. The analysis is expressed as an asymptotic form in n, the degree of the polynomial to be tested for irreducibility. First, we x a nite eld IFq , and then we study asymptotics on q. As was noted in [7], probabilistic properties of polynomials over nite elds frequently have a shape that resembles corresponding properties of the cycle decomposition of permutations to which they reduce when the size of the eld goes to in nity. An instance of this is derived for the probability that a polynomial of degree n over IFq contains no factors of degree m, 1 m O(log n), when q ! +1. This probability relates naturally with BenOr's algorithm. The probability of a polynomial being irreducible when it has no irreducible factors of low degree provides useful information for factoring polynomials over nite elds (see for instance [12], x6). We provide the probability of a polynomial being irreducible when it has no irreducible factors of degree at most O(log n). In section 4, we give an experimental comparison on the algorithms discussed in section 2. We provide tables of running times of the algorithms for various elds and polynomial degrees. These results suggest that Ben-Or's algorithm has a much better average time behavior than others, even though its worst-case complexity is the worst. Very sparse irreducible polynomials are useful for several applications: pseudorandom number generators using feedback shift registers ([15]), discrete logarithm over IF2n ([6], [23]), and e cient arithmetic in nite elds (Shoup private communication, 1994). However, few results are known about these polynomials beyond binomials and trinomials (see [22], Chapter 3, and the references there). In section 5, we present a construction of irreducible polynomials over IFq of degree n with up to O(1) nonzero terms (not necessarily the lowest coe cients), for in nitely many degrees n. We assume that arithmetic in IFq is given. The cost measure of an algorithm will be the number of operations in IFq . The algorithms in this paper use basic polynomial operations like products and gcds. We consider in this paper exclusively FFT based arithmetic; similar results hold for classical arithmetic. Let