A recurrent construction of irreducible polynomials of fixed degree over finite fields

In this paper we consider in detail the composition of an irreducible polynomial with X2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$X^2$$\end{document} and suggest a recurrent construction of irreducible polynomials of fixed degree over finite fields of odd characteristics. More precisely, given an irreducible polynomial of degree n and order 2rt\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^rt$$\end{document} with t odd, the construction produces ordt(2)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ord_t(2)$$\end{document} irreducible polynomials of degree n and order t. The construction can be used for example to search irreducible polynomials with specific requirements on its coefficients.


Introduction
The so-called composition method is a powerful tool to study and construct polynomials over finite fields.It is extensively used for construction of irreducible polynomials, computing a square root and factorization of polynomials, see for example [3,7,8,9,10,13].General recurrent constructions of irreducible polynomials based on composition of irreducible polynomials with quadratic rational functions are suggested in [7,8].For these constructions it is not yet understood which of them are particularly well suited for algorithmic applications.In this paper we consider in detail the composition of an irreducible polynomial with X 2 and suggest a recurrent construction of irreducible polynomials of fixed degree over finite fields of odd characteristics.
Let q be a power of an odd prime number.In this paper we consider the composition of an irreducible polynomial A(X) = X of degree n ≥ 1 over the finite field F q with the polynomial X 2 .Set B(X) := A(X 2 ).If an element β from an extension field of F q is a zero of B(X), then β 2 is a zero of A(X).Consequently β 2 is a proper element of F q n , that is β 2 belongs to F q n but not to any subfield F q s = F q n of it.Next we need to distinguish whether β 2 is a non-square or square in F q n .In the first case β ∈ F q n while β ∈ F q 2n , or equivalently B(X) is irreducible over F q .In the case when β 2 is a square in F q n the element β belongs to F q n , and clearly it is proper in it since β 2 is so.Hence the minimal polynomial C(X) of β over F q has degree n and it is a factor of B(X).Clearly, along with β also −β is a zero of B(X).The polynomial (−1) n C(−X) is the minimal polynomial of −β over F q .In particular, if C(X) = (−1) n C(−X), then the polynomial B(X) is the product of monic irreducible polynomials C(X) and (−1) n C(−X).The next well-known lemma describes in more detail the factorization of B(X).It shows in particular, that under our assumptions C(X) = (−1) n C(−X) always holds.
Lemma 1 Let q be odd, n ≥ 1 and α = 0 a proper element of Proof The statement in (a) follows from the discussions before this lemma.To prove (b), recall that (−1) n A(0) is the norm N (α) = α (q n −1)/(q−1) of α over F q .Note that α is a square in F q n exactly when its norm is a square in F q .Indeed, let S q n and S q be the sets of non-zero squares in F q n resp. in F q .Then the image N (S q n ) is a subset of S q .Since the size of the preimage N −1 (S q ) is (q n − 1)/2 = |S q n |, the equality N (S q n ) = S q holds.Hence using (a) B(X) is reducible over F q if and only if α is a square in F q n .By discussions before this lemma, to complete the proof of (c) it remains to show that C(X) = (−1) n C(−X).Recall that A(X) factorizes over F q n as follows and consequently ).
Let β ∈ F q n such that α = β 2 and then Observe that since α is a proper element of F q n so is β too.This implies that is the minimal polynomial of β over F q and (X + β)(X + β q ) . . .
is the minimal polynomial of −β over F q .Hence C(X) = (−1) n C(−X) is equivalent to the property that the minimal polynomials of β and −β are different.These minimal polynomials are equal if and only if −β is a conjugate of β over F q , that is β q i = −β for some 1 ≤ i ≤ n − 1.In the latter case α q i = α and hence α ∈ F q gcd (n,i) , a contradiction to the assumption α is proper in F q n .⊓ ⊔ Two immediate consequences of Lemma 1 are the characterization of the minimal polynomials of proper elements β in F q 2n with β 2 ∈ F q n and a construction of irreducible polynomials of degree 2 k n by blowing up those of degree n: Corollary 1 Let q be odd and n ≥ 1.A proper element β in F q 2n satisfies β 2 ∈ F q n if and only if the minimal polynomial B(X) of β over F q fulfills B(X) = A(X 2 ) for some A(X) ∈ F q [X].In such a case, A(X) is the minimal polynomial of β 2 over F q .
Proof If B(X) is irreducible, then the polynomial A(X) is irreducible as well.Hence a zero α of A(X) is a proper element of F q n satisfying α = β 2 .Suppose now β ∈ F q 2n is proper and β 2 ∈ F q n .Then β 2 is a non-square in F q n , and hence the statement follows from Lemma 1 (a).

⊓ ⊔
Corollary 2 Let q be odd and F (X) ∈ F q [X] be monic and irreducible of degree n ≥ 1 with (−1) n F (0) a non-square in F q .Then F (X 2 ) is irreducible over F q .The polynomial F (X 2 k ) with k ≥ 2 is irreducible over F q if and only if either q ≡ 3 (mod 4) and n is even, or q ≡ 1 (mod 4).
An important feature of Corollary 2 is that it ensures the existence of sparse irreducible polynomials of degree 2 k n, as the following example demonstrates: Recall that the order of an irreducible polynomial F (X) = X ∈ F q [X] of degree n is defined as the order of its zero in F q n .We denote it by ord(F (X)).
For our next discussions we need the following observation on the irreducible polynomials satisfying C(X) = (−1) n C(−X).
(we set c n = 1) be an irreducible polynomial.Then the following statements are equivalent: Proof The degree n of C(X) = D(X 2 ) is even, and hence in such a case proving the implication (b) from (a).Next we show that for an irreducible polynomial C(X) of degree n ≥ 2 from (b) follows (a).Suppose C(X) = (−1) n C(−X).If n is even the considered equality reduces to C(X) = C(−X).The latter is satisfied if and only if ) for an appropriate polynomial D(X) of degree n/2.For n odd we get C(X) = −C(−X), which forces c i = 0 for all even indicies i, in particular c 0 = 0 too.The irreducibility of C(X) yields then C(X) = X.Hence (a) and (b) are indeed equivalent.Next we show equivalence of (a) and (c).Let α be a root of D(X) and β of C(X).Then β 2 = α.Since α ∈ F q n/2 , from (a) follows (c).Suppose (c) holds and β ∈ F q n is a root of C(X).Then α := β 2 has order dividing (q n/2 − 1), and hence α is in F q n/2 .Further α is proper in F q n/2 , since β is proper in F q n .This implies that (a) holds with D(X) being the minimal polynomial of α.
⊓ ⊔ The next result is obtained by reversing arguments of Lemma 1 and Proposition 1.
Corollary 3 Let q be odd and n ≥ 1.Let C(X) = X n + n−1 i=0 c i X i be a monic irreducible polynomial of degree n over F q (we set here c n = 1).Then there is a polynomial A(X) ∈ F q [X] of degree n such that

More precisely,
(a) The polynomial A(X) is irreducible over F q if and only if there is at least one odd 1 ≤ i ≤ n with c i = 0. (b) If A(X) = X is irreducible then it is the minimal polynomial of β 2 , where β ∈ F q n is a zero of C(X).In this case ord(A(X)) = ord(C(X))/ gcd(2, ord(C(X))).
Proof Set F (X) := C(X) • (−1) n C(−X).Since by construction F (X) = F (−X), there is a polynomial A(X) satisfying F (X) = A(X 2 ).Direct calculations show that A(X) is given by the formula (2).To prove (a), note that if c i = 0 for all odd i, then 2 .So it remains to show that A(X) is irreducible if there is at least one odd i with c i = 0. Let C(X) be the minimal polynomial of β ∈ F q n .Then A(β 2 ) = 0 and thus minimal polynomial of β 2 divides A(X).Since there is an odd i with c i = 0, Corollary 1 implies that β 2 is not contained in any proper subfield of F q n .This shows that the minimal polynomial of β 2 has degree n, and hence A(X) is the minimal polynomial of it.This proves also (b).

⊓ ⊔
In next section we use Corollary 3 to construct irreducible polynomials from a given one.For this construction also the following easy observation is of interest.
Proposition 2 Let B(X) = A(X 2 ) ∈ F q [X] be monic irreducible polynomial of degree 2n ≥ 2 with gcd(n, q) = 1 and q odd.Then for any a ∈ F q , a = 0, the polynomial F (X) = B(X + a) is irreducible over F q and F (X) has at least one coefficient f i = 0 with odd 0 ≤ i < 2n.
Proof Clearly F (X) ∈ F q [X] is irreducible.Next we show that the coefficients of X 2n−1 in it is 2na, which is non-zero under our assumptions.Let

⊓ ⊔ 2 Recurrent construction of irreducible polynomials of fixed degree
In this section using Corollary 3 we describe two recursive constructions of irreducible polynomials of degree n from a given irreducible polynomial C(X) of degree n.In Construction 1, we assume that the order of the initial polynomial C(X) is known and use it to terminate the construction.In Construction 2 the order of the initial polynomial C(X) is supposed to be unknown.The number of performed iterations in Construction 2 can be then used to compute the order of C(X).
For an odd natural number t, we denote by ord t (2) the order of 2 modulo t.
Construction 1 Let q be odd, C(X) = X n + n−1 j=0 c j X j ∈ F q [X], C(X) = X and c n = 1, be a given irreducible polynomial of degree n ≥ 1.Further suppose the order ord(C(X)) = 2 r t is known, where r ≥ 0 and t ≥ 1 odd.Given a polynomial C i with i ≥ 0 set C i+1 (X) to denote the polynomial of degree n constructed from C i (X) as follows If 0 ≤ i ≤ r − 1 and the polynomial C i has at least one non-zero odd coefficient, then continue with (3) to construct C i+1 , otherwise stop. For The next theorem describes the performance and proves the correctness of Constructions 1.
Theorem 1 Let C(X) be as in Construction 1. Then the following holds: (1) If n is odd or n is even and t does not divide q n/2 − 1, Construction 1 produces one polynomial of order 2 i t for each 1 ≤ i ≤ r and ord t (2) different polynomials of order t (including C 0 ).(2) If n is even and s, 1 ≤ s ≤ r −2, is minimal such that 2 r−s t divides 2(q n/2 −1), then Construction 1 yields one polynomial of order 2 r−i t for each 0 ≤ i ≤ s (including C 0 ) and stops.
Proof By Corollary 3 the order of C i+1 (X) is equal to ord(C i )/ gcd(ord(C i (X)), 2) for any i ≥ 0. For 0 ≤ i ≤ r−1 Construction 1 terminates after producing C i+1 (X) if C i+1 has all its odd coefficients equal to 0. This occurs if and only if n is even and ord(C i+1 ) divides 2(q n/2 − 1) by Proposition 1 (c).Otherwise all produced polynomials have a non-zero odd coefficient and the construction will stop after constructing ord t (2) polynomials of order t.⊓ ⊔ In the case when the order of initial polynomial C(X) is unknown we modify the stopping condition in Construction 1.The stopping condition in this case relies on the following observation: If q n − 1 = 2 u w with w odd, then clearly 2 u+1 does not divide order of C(X).Hence after h ≤ u steps of construction, polynomial C h will have an odd order t, and after further ord t (2) steps the construction will produce , C(X) = X and c n = 1, be a given irreducible polynomial of degree n ≥ 1.Further, let q n −1 = 2 u w with u ≥ 0 and an odd w ≥ 1.
Set C 0 (X) := C(X), if the polynomial C 0 has at least one non-zero odd coefficient, continue with (3) to construct C 1 otherwise stop.
Remark 1 Construction 2 provides information on the order of the initial polynomial C 0 .Indeed, suppose the last constructed polynomial is ) then order of C 0 is 2 k v with v dividing 2(q n/2 −1) by Proposition 1. Otherwise suppose C k = C l with l < k.Then the order of C 0 is 2 l m where m is an odd divisor of q n − 1 with k − l = ord 2 (m).This observation can also be adapted for computing the order of an elemenent α ∈ F q n , provided that its minimal polynomial A(X) over F q is known.The minimal polynomial can be computed using formula (1).However it is in general not efficient since the computations are done in F q n .An alternative way is solving a system of linear equations over F q , as suggested in [1, page 112].
Remark 2 Construction 1 produces ord t (2) different irreducible polynomials of degree n and order t.In generic case this is going to be a large amount of polynomials, since there are good indications that the average order of 2 modulo an odd integer is large [6,12].An interesting discussion on the topic can be found in [11].
Corollary 2 and Construction 1 or 2 can be combined to construct polynomials of degree 2 k n from a suitable polynomial of degree n: Let k ≥ 1. Suppose an irreducible polynomial U (X) ∈ F q [X] satisfies the conditions of Corollary 2 and H(X) = U (X 2 k ) is irreducible as well.Observe that if H(X) is used as an initial polynomial in Construction 1 or 2, then no new irreducible polynomials will be produced, since all odd coefficients in H(X) are equal to zero.Instead we can take the irreducible polynomial H(x + a) with a ∈ F q , which by Proposition 2 has a non-zero odd coefficient.This observation allows effective constructions of irreducible polynomials, which are of particular interest for small n and large k.The next example illustrates these ideas for q = 19, n = 3 and k = 2.
If we repeat the construction choosing C(X) to be H(X + 5).Then C 0 (X) = C(X) is primitive, that is ord(C 0 (X)) = 19 6 − 1.In this case we get 1767 irreducible polynomials, among which there are 3 polynomials with exactly 4 non-zero coefficients.
Table 1 summarizes our numerical calculations for H(X + a) with all a ∈ F 19 .Observe that H(X + a) and H(X − a) can be obtained from each other by substituting −X.Hence their orders are either equal (in this case the order is even) or differ by factor 2 (and then one of them is odd).This explains the similarities in behavior of data in Table 1 for polynomials H(X + a) and H(X − a).Our computations are done with SageMath1 .

⊓ ⊔
It is interesting to note that in Example 2 we start with a polynomial H(X) which has a small order and then obtain polynomials H(X + a) with large orders, six of them are even of largest possible order q 6 − 1, that is they are primitive.A result of Davenport (for q prime) and Carlitz (any q) states, that for an irreducible polynomial F (X) of sufficiently large degree n over F q there is always an element a ∈ F q such that F (X + a) is primitive.However little is known about the number of element a ∈ F q with F (X + a) of a specified order.Stephen Cohen generalized this result in several directions, for latest developments in this area see [4].

Table 1
Numerical results on polynomials of Example 2.Here N = 19 6 − 1 and k l in Weight distribution indicates that the construction produces l polynomials with exactly k non-zero terms.