Irreducible compositions of degree two polynomials over finite fields have regular structure

Let$u,v$be words of$S*$of equal length$n≥1$⁠. Let$u′,v′$be the$(n−1)$-suffixes of$u$and$v$⁠, respectively. Then

• $π(u)=π(v)$implies$u′∼v′,$

• $u∼v$if and only if$π(fu)=π(gv)$for some$f,g∈S$⁠.

Let us now prove (ii). If $u∼v$⁠, by definition we have $π(u)−a=π(v)−a′$ for $a−a′∈Ab−Ab$ for some $b$⁠. Now, by squaring and subtracting $b$ on both sides of the equality we get $f(π(u))=g(π(v))$ for some $f,g∈S$⁠, and hence $π(fu)=π(gv)$⁠. Vice versa, if there exists $f,g∈S$ such that $π(fu)=π(gv)$⁠, then (i) applies.□

Let$u,v$be words of$S*$of equal length$n≥1$⁠. If$∣DS∣=∣S∣$or$∣DS∣=1$⁠, then we have that$u∼v$if and only if$π(u)=π(v)$⁠.

One direction is trivial: if $π(u)=π(v)$⁠, then $u∼v$⁠. For the other direction, we look at the two cases separately.

In the case $∣DS∣=∣S∣$⁠, it follows from $u∼v$ that $π(u)−π(v)=c∈Ab−Ab$ for some $b∈DS$⁠. However, $Ab$ consists of only one element, so $c=0$⁠.

For the case $∣DS∣=1$⁠, assume that $u∼v$⁠, so $π(u)=π(v)+c$ for some $c∈Fq$⁠. Let $u′,v′$ be the $(n−1)$-suffixes of $u$ and $v$⁠. Then, since $∣DS∣=1$⁠, we have that $(π(u′)−a1)2−(π(v′)−a2)2=c$ for some $a1,a2∈Fq$⁠. As $c$ is constant, this forces $(π(u′)−a1)−(π(v′)−a2)=0$⁠, which in turn forces $c=0$ and hence $π(u)=π(v)$⁠.□

If$∣DS∣=∣S∣$or$∣DS∣=1$⁠, then$CS≅S*$⁠.

Clearly, a polynomial of degree two in $CS$ cannot have two distinct writings in terms of compositions. Let $F$ be a polynomial in $CS$ of minimal degree with two different writings, that is, such that $F=π(fu)=π(gv)$ for $f,g∈S$ and $u,v∈S*$ of positive length. From $π(fu)=π(gv)$⁠, one deduces by Proposition 2.1 that $u∼v$⁠. Lemma 2.2 now gives $π(u)=π(v)$⁠, which implies $u=v$ by the minimality of $F$⁠.□

If$∣S∣=2$then$CS≅S*$⁠.

Immediate by observing that $∣DS∣=1$ or $∣DS∣=∣S∣=2$⁠.□

Let$K$be a field and$f,g∈K[x]$polynomials. Let$β∈K¯$be a root of$g$⁠. Then, $g◦f$is irreducible over$K$if and only if$g$is irreducible over$K$and$f−β$is irreducible over$K(β)$⁠.

Let$g∈Fq[x]$be monic and irreducible of even degree, and let$f=(x−af)2−bf∈Fq[x]$⁠. Then, $g◦f$is irreducible if and only if$g(−bf)$is not a square in$Fq$⁠.

Let$f1,…,fk∈Fq[x]$be monic polynomials of degree two. Write$fi=(x−ai)2−bi$for all$i$⁠. Then, $f1◦⋯◦fk$is irreducible if and only if all of the following are non-squares in$Fq$⁠:

• $b1$

• $f1(−b2)$

  $⋮$

• $(f1◦⋯◦fk−1)(−bk)$⁠.

Clearly, $f1$ is irreducible if and only if $b1$ is a non-square. The rest follows by inductive application of Lemma 3.2.□

A language is regular if and only if it is accepted by a DFA.

If a language$L$is accepted by a DFA or an NFA, then it is regular.

The states of the automaton $N(S)$ are given by the following:

• A special start state $I$⁠. It is accepting.

• For each $a∈Fq$⁠, we have a distinguished state $[a]$⁠. It is accepting if $−a$ is a non-square.

• For each $a∈Fq$⁠, we have a state ${a}$⁠. It is accepting if $a$ is a non-square.

• For each $f∈S$⁠, we have a transition $I→f[−bf]$⁠.

• For each $f∈S$ and each $a∈Fq$⁠, we have a transition $[a]→f{f(a)}$⁠.

• For each $f∈S$ and each $a∈Fq$⁠, we have a transition ${a}→f{f(a)}$⁠.

The reason we distinguish between the states ${a}$ and $[a]$ is that they may be accepting at different times: ${a}$ accepts if $a$ is non-square, $[a]$ if $−a$ is non-square. In the case that $−1$ is a square in $Fq$⁠, the two are equivalent and we can identify the two types of states.

The language$I$of irreducible compositions is regular.

Let $L$ be the regular language over the alphabet $S$ that is accepted by the automaton $N$ reading from right to left. It is easy to see that a single letter $f$ is in $L$ if and only if $bf$ is nonsquare. Furthermore, a word $f1…fk$⁠, $k≥2$⁠, is in $L$ if and only if $(f1◦…◦fk−1)(−bfk)$ is nonsquare. By Proposition 3.3, it follows that the word $f1…fk$ corresponds to an irreducible polynomial if and only if each prefix $f1…fl$⁠, $l≤k$⁠, lies in $L$⁠. In other words, $I$ is the language of all words whose every prefix is in $L$⁠.

We want to prove that $I$ is regular. To do so, let us first construct a non-deterministic automaton $U$ from $N$ by reversing all the arrows of $N$ and setting the start state of $N$ as final state of $U$ and the final states of $N$ as start states of $U$⁠. Observe that the accepted language of $U$ is again the language $L$⁠, this time reading from left to right as usual. Now we use subset construction (see for example [12, Section 2.3.5]) to generate a new deterministic automaton $V$ having the same accepted language as $U$⁠. Finally, we remove all non-accepting states from $V$ to obtain the partial automaton $M$⁠. It is easily seen that $M$ accepts exactly those words whose every prefix is accepted by $V$⁠, which as explained above is $I$⁠.□

Notice that the language accepted by the final automaton $M$ is prefix closed.

As a simple example, consider the case $q=5$ and $S={f,g}$ with $f=x2−2$ and $g=(x−1)2−3$⁠.

We first construct the interim automaton $N$ using the method described in Definition 3.6. Since $p≡1mod4$⁠, we can identify the nodes $[a]$ and ${a}$⁠. Note that we have removed the node ${0}$ since it is not reachable from $I$⁠. The result is seen in Fig. 1.

After performing the transformation described in the proof of Theorem 3.8 and cutting out all unreachable states, we end up with the simple partial automaton $M$ in Fig. 2. This shows that the irreducible compositions of $f$ and $g$ are precisely those of the form $f(n)$⁠, $f(n)◦g$⁠, $f(n)◦g(2)$ and $f(n)◦g(2)◦f$ for $n≥0$⁠.

Let$Fq$be a finite field of characteristic different from 2. The set of monic irreducible polynomials having coefficients in$Fq$which can be written as a non-empty composition of degree 2 polynomials can be partitioned into a finite disjoint union$⨆a∈FqLa$in such a way that each$La$is in natural bijection with the words of a regular language$L$⁠, which is independent of$a$⁠. In particular, the set of monic irreducible polynomials has a finite regular expression in terms of the elementary operations$∪,·,*$⁠.

For fixed$q$⁠, we can list all monic irreducible polynomials of degree$2n$which are compositions of degree 2 polynomials with complexity$O(qn2nn8log*(2n))$⁠, where the implied constant depends only on$q$⁠.

First, we choose $S={x2−a:a∈Fq}$ and write down the automaton $M$ given by Theorem 3.8. The complexity of this step is $O(1)$⁠, where the implied constant clearly depends only on $q$⁠. Since the distinguished set is maximal, we can identify the polynomials $CS$ and the words in $S*$⁠. Now the construction is recursive: let $L0(m)$ be the set of words of $S*$ of length $m$ (so polynomials of degree $2m$⁠). For any word $g∈L0(m)$ and any $f∈S$⁠, check if the word $gf$ is accepted by the automaton $M$⁠: if it is, $gf$ is an element in $L0(m+1)$⁠. This check takes constant time for fixed $q$ if for each element of $L0(m)$ we also store the state in which the automaton ends after reading it. As we observed in Remark 3.9, the language accepted by $M$ is prefix closed, so all the elements of $L0(m+1)$ can be constructed in this way. Then, constructing $L0(m+1)$ from $L0(m)$ costs at most $O(qm+1)$⁠.

In order to represent the elements of $D(n)$ by coefficients, we now need to evaluate the elements of $L0(n)$⁠. For a single such element, if we evaluate it from inside out, this means squaring polynomials of degree $d=1,2,…,2n−1$ and subtracting a constant each time. According to [10], such a squaring can be done in time $O(dlog(d)8log*(d))$⁠, the total time for each element hence being $O(2nn8log*(2n))$⁠.□

The reader should notice that this is much quicker than listing such polynomials by using an irreducibility test. This would have in fact complexity $O(qn2nn8log*(2n)I(2n))$⁠, where $I(2n)$ is the cost of the chosen irreducibility test for a polynomial of degree $2n$⁠. Again, the implied constant depends on the time of constructing the automaton, which just depends on the parameter $q$⁠.

Let$f$be a polynomial of degree$2n$which is known to be a composition of monic degree two polynomials. Then$f$can be tested for irreducibility in time$O(2nn28log*(2n))$⁠, where the implied constant depends only on$q$⁠.

We need to write $f$ in the form $f=g1◦g2◦…◦gn◦ℓ$⁠, where $gi=x2−ai$ and $ℓ=x−b$⁠, with $ai$ and $b$ in $Fq$⁠.

For this, suppose we have $F=G◦H$ with $G=x2−a$⁠, where $a∈Fq$⁠, and $H$ is a polynomial of degree $d≥1$⁠. Assume $F$ is known, and we seek $G$ and $H$⁠. We apply the algorithm Univariate decomposition from [7, Section 2] with $r=2$⁠. This gives us the unique $G˜$ of degree 2 and $H˜$ of degree $d$ with $H˜(0)=0$ such that $F=G˜◦H˜$⁠. Clearly, setting $c=H(0)$⁠, we have $H˜=H−c$ and $G˜=G(x+c)=x2+2cx+c2−a$⁠. From this, it is easy to recover $c$⁠, $a$⁠, $G$ and $H$⁠. The algorithm Univariate decomposition takes time $O(dlog(d)28log*(d))$⁠, again using the multiplication algorithm from [10].

Applying this repeatedly to the $f$ from the theorem will find the decomposition $f=g1◦g2◦…◦gn◦ℓ$ in $O(2nn28log*(2n))$ time, which can then be checked for irreducibility with the automaton in time $O(n)$⁠. Again, for fixed $q$⁠, constructing the automaton has constant complexity, independently of the degree of the polynomial we are testing.□

For fixed $q$⁠, testing irreducibility for a polynomial of degree $2n$ using for example Rabin’s test [18] with fast polynomial operations costs $O(n4n)$⁠.

As we already mentioned, the whole point is that our algorithm is very efficient in the regime of small fixed $q$ and large $n$⁠. Let us nonetheless have a quick look at the complexity with regard to $q$⁠. If we follow the algorithm as described in Corollary 3.15 directly, the complexity appears to be exponential in $q$⁠. In particular, we can expect the subset construction step to take exponential time and space.

Fortunately, it is not in fact necessary to construct the entire automaton to execute the above algorithm. Instead, we can solely construct the interim automaton $N$ from Theorem 3.8. This takes $O(q2)$ field operations, and has to be done only once for each $q$⁠. Then, given the decomposition of the polynomial into $f1◦…◦fn$ we can run a word $f1…fn$ through $N$ directly as follows: define $S0$ as the set of accepting states of $N$⁠. Then, for $i$ from $1$ to $n$⁠, let $Si$ be the set of all states $t$ such that there is an $s∈Si−1$ and a transition $t→fis$ in $N$⁠. If at some point $Si$ does not contain the initial state $I$⁠, we reject the word. Otherwise, we accept.

This method mirrors the reversal and subset construction from Theorem 3.8, except that only the parts that are actually used are computed. The complexity of this algorithm is easy to determine: when computing $Si$ from $Si−1$⁠, we can iterate over all states $t$ of the automaton and check whether the unique outgoing transition labelled $fi$ ends in $Si−1$⁠. Hence, each step takes only $O(q)$ field operations, for a total cost of $O(q2+nq)$⁠. Since for small $q$ the quantity $2nn28log*(2n)$ dominates $q2+nq$⁠, the complexity in terms of $Fq$-operations remains unchanged.

See [14, Lemma 2.6].□

Let$f1,…,fk∈OK[x]$be monic polynomials of degree 2 such that$ϖ∤disc(f1)$⁠. Then$f1◦…◦fk$is irreducible in$K[x]$if and only if$f1˜◦…◦fk˜$is irreducible in$Fq[x]$⁠.

The language$I$is regular.

It is enough to apply Theorem 3.8 to the language of irreducible compositions of the elements of $S˜$⁠.□