Finite Fields

Finite eldsFrom Wikipedia, the free encyclopedia

Contents

1 AKS primality test 11.1 Importance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2 Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.3 History and running time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.4 Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

1.4.1 Example 1: n = 31 is Prime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.6 Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51.7 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2 Alternant code 62.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.2 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

3 BCH code 73.1 Denition and illustration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3.1.1 Primitive narrow-sense BCH codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73.1.2 General BCH codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83.1.3 Special cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

3.2 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83.3 Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93.4 Decoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.4.1 Calculate the syndromes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103.4.2 Calculate the error location polynomial . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103.4.3 Factor error locator polynomial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123.4.4 Calculate error values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123.4.5 Decoding based on extended Euclidean algorithm . . . . . . . . . . . . . . . . . . . . . . 133.4.6 Correct the errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143.4.7 Decoding examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3.5 Citations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.6.1 Primary sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

i

ii CONTENTS

3.6.2 Secondary sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173.7 Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

4 Berlekamps algorithm 184.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184.2 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194.3 Implementation in Computer Algebra Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194.4 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

5 BerlekampWelch algorithm 205.1 History on decoding ReedSolomon codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205.2 Error locator polynomial of ReedSolomon codes . . . . . . . . . . . . . . . . . . . . . . . . . . 205.3 The BerlekampWelch decoder and algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215.4 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225.5 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245.7 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

6 CantorZassenhaus algorithm 256.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

6.1.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256.1.2 Core result . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256.1.3 Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

6.2 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266.3 Implementation in computer algebra systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266.4 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

7 Carlitz exponential 287.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287.2 Relation to the Carlitz module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

8 ChevalleyWarning theorem 308.1 Statement of the theorems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308.2 Proof of Warnings theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308.3 Artins conjecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318.4 The AxKatz theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318.5 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

9 Chien search 329.1 Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

CONTENTS iii

9.2 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

10 CMAC 3410.1 Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3510.2 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3510.3 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

11 Computation of cyclic redundancy checks 3711.1 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3711.2 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3811.3 Bit ordering (Endianness) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3911.4 Parallel computation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

11.4.1 Parallel computation without table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4111.5 Two-step computation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4111.6 One-pass checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4111.7 CRC variants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

11.7.1 Preset to 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4111.7.2 Post-invert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

11.8 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4211.9 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4211.10External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

12 Concatenated error correction code 4312.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4312.2 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4312.3 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4512.4 Decoding concatenated codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

12.4.1 Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4512.5 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4612.6 Turbo codes: A parallel concatenation approach . . . . . . . . . . . . . . . . . . . . . . . . . . . 4612.7 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4612.8 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4612.9 Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4712.10External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

13 Conway polynomial (nite elds) 4813.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4813.2 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4813.3 Computation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4913.4 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4913.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

14 Cyclic code 50

iv CONTENTS

14.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5114.2 Algebraic structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5114.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

14.3.1 Trivial examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5114.4 Quasi-cyclic codes and shortened codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

14.4.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5214.4.2 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

14.5 Cyclic codes for correcting errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5214.5.1 For correcting two errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

14.6 Hamming code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5314.6.1 Hamming code for correcting single errors . . . . . . . . . . . . . . . . . . . . . . . . . . 53

14.7 Cyclic codes for correcting burst errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5314.7.1 Fire codes as cyclic bounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

14.8 Cyclic codes on Fourier transform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5414.8.1 Fourier transform over nite elds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5414.8.2 Spectral description of cyclic codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5514.8.3 Quadratic residue codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

14.9 Generalizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5514.10See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5614.11Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5614.12References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5614.13Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5614.14External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

15 Cyclic redundancy check 5815.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5815.2 Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5915.3 Data integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5915.4 Computation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5915.5 Mathematics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

15.5.1 Designing polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6015.6 Specication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6115.7 Standards and common use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6215.8 Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6215.9 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6215.10References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6315.11External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

16 DieHellman problem 6516.1 Problem description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6516.2 Computational complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6516.3 Other variants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

CONTENTS v

16.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

17 Discrete logarithm 6717.1 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6717.2 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6717.3 Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6817.4 Comparison with integer factorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6817.5 Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6917.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

18 Dowling geometry 7018.1 The original denitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7018.2 Graphical denitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7018.3 Characteristic polynomial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7118.4 Generalizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7118.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

19 Drinfeld module 7219.1 Drinfeld modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

19.1.1 The ring of additive polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7219.1.2 Denition of Drinfeld modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7219.1.3 Examples of Drinfeld modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

19.2 Shtukas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7319.3 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7319.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

19.4.1 Drinfeld modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7419.4.2 Shtukas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

20 Elliptic curve cryptography 7520.1 Rationale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7520.2 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7520.3 Theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7520.4 Cryptographic schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7620.5 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

20.5.1 Domain parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7620.5.2 Key sizes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7720.5.3 Projective coordinates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7820.5.4 Fast reduction (NIST curves) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

20.6 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7820.7 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

20.7.1 Side-channel attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7920.7.2 Quantum computing attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

20.8 Patents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

vi CONTENTS

20.9 Alternative representations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7920.10See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8020.11Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8020.12References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8120.13External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

21 Field with one element 8321.1 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8321.2 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8421.3 Computations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

21.3.1 Sets are projective spaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8521.3.2 Permutations are ags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8521.3.3 Subsets are subspaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

21.4 Field extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8521.5 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8621.6 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8621.7 Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8721.8 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

22 Finite eld 8822.1 Denitions, rst examples, and basic properties . . . . . . . . . . . . . . . . . . . . . . . . . . . 8822.2 Existence and uniqueness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8922.3 Polynomial factorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

22.3.1 Irreducible polynomials of a given degree . . . . . . . . . . . . . . . . . . . . . . . . . . 9022.3.2 Number of monic irreducible polynomials of a given degree over a nite eld . . . . . . . . 90

22.4 Explicit construction of nite elds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9022.4.1 Non-prime elds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9022.4.2 Field with four elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9122.4.3 GF(p2) for an odd prime p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9122.4.4 GF(8) and GF(27) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9222.4.5 GF(16) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

22.5 Multiplicative structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9322.5.1 Discrete logarithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9322.5.2 Roots of unity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9322.5.3 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

22.6 Frobenius automorphism and Galois theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9522.7 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9522.8 Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

22.8.1 Algebraic closure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9522.8.2 Wedderburns little theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

22.9 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9622.10Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

CONTENTS vii

22.11References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9722.12External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

23 Finite eld arithmetic 9823.1 Eective polynomial representation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9823.2 Addition and subtraction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9823.3 Multiplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

23.3.1 Rijndaels nite eld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9923.4 Multiplicative inverse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10023.5 Implementation tricks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10023.6 Program examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

23.6.1 C programming example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10123.6.2 D programming example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

23.7 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

24 Frobenius endomorphism 10224.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10224.2 Fixed points of the Frobenius endomorphism . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10324.3 As a generator of Galois groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10324.4 Frobenius for schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

24.4.1 The absolute Frobenius morphism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10424.4.2 Restriction and extension of scalars by Frobenius . . . . . . . . . . . . . . . . . . . . . . 10424.4.3 Relative Frobenius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10624.4.4 Arithmetic Frobenius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10624.4.5 Geometric Frobenius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10724.4.6 Arithmetic and geometric Frobenius as Galois actions . . . . . . . . . . . . . . . . . . . . 108

24.5 Frobenius for local elds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10824.6 Frobenius for global elds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10924.7 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10924.8 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11024.9 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

25 Galois geometry 11125.1 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11225.2 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11225.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11225.4 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

26 Galois/Counter Mode 11326.1 Encryption and authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11326.2 Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11426.3 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11526.4 Patents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

viii CONTENTS

26.5 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11526.6 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11626.7 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11626.8 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11626.9 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

27 Generalized minimum-distance decoding 11827.1 Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11827.2 Randomized algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11827.3 Modied randomized algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12027.4 Deterministic algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12027.5 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12127.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

28 GF(2) 12228.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12228.2 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12228.3 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12228.4 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12328.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

29 Goppa code 12429.1 Construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12429.2 Function code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12429.3 Residue code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12629.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12629.5 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

30 Hasses theorem on elliptic curves 12730.1 Hasse-Weil Bound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12730.2 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12730.3 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12830.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

31 HasseWitt matrix 12931.1 Approach to the denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12931.2 Cohomology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12931.3 Abelian varieties and their p-rank . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12931.4 Case of genus 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13031.5 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13031.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

32 Hidden Field Equations 13132.1 Mathematical background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

CONTENTS ix

32.2 Multivariate cryptosystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13232.3 HFE polynomial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13232.4 Encryption and decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13232.5 HFE variations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13332.6 HFE attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13332.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

33 Homomorphic signatures for network coding 13433.1 Network coding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13433.2 Decoding at the receiver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13533.3 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13533.4 Advantages of homomorphic signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13533.5 Signature scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

33.5.1 Elliptic curves cryptography over a nite eld . . . . . . . . . . . . . . . . . . . . . . . . 13633.5.2 Weil pairing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13633.5.3 Homomorphic signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13633.5.4 Signature verication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

33.6 System setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13733.7 Proof of security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13733.8 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13833.9 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13833.10External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

34 Itoh-Tsujii inversion algorithm 13934.1 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

35 Justesen code 14035.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14035.2 Property of Justesen code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14035.3 Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14035.4 Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14135.5 An example of a Justesen code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14135.6 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14235.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

36 Lenstra elliptic curve factorization 14336.1 Lenstras elliptic curve factorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14336.2 Why does the algorithm work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14436.3 An example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14436.4 The algorithm with projective coordinates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14536.5 Twisted Edwards curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14636.6 Stage 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14636.7 Success probability using EECM-MPFQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

x CONTENTS

36.8 Hyperelliptic curve method (HECM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14736.9 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14736.10References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14736.11External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

37 Linear code 14937.1 Denition and parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14937.2 Generator and check matrices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14937.3 Example: Hamming codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15037.4 Example: Hadamard codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15037.5 Nearest neighbor algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15137.6 Popular notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15137.7 Singleton bound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15137.8 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15137.9 Generalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15237.10See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15237.11References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15237.12External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

38 Linear network coding 15438.1 Encoding and decoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15438.2 A brief history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15438.3 The buttery network example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15538.4 Random network coding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

38.4.1 Open issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15638.5 Wireless Network Coding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15638.6 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15638.7 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15738.8 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15738.9 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

39 Local zeta-function 15939.1 Formulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15939.2 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16039.3 Motivations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16139.4 Riemann hypothesis for curves over nite elds . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16139.5 General formulas for the zeta function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16139.6 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16239.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

40 Mathematics of cyclic redundancy checks 16340.1 Math . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16340.2 Polynomial arithmetic modulo 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

CONTENTS xi

40.3 Variations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16440.4 Reversed representations and reciprocal polynomials . . . . . . . . . . . . . . . . . . . . . . . . . 165

40.4.1 Polynomial representations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16540.4.2 Reciprocal polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

40.5 Error detection strength . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16640.5.1 Bitlters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

40.6 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16740.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

41 MillerRabin primality test 16841.1 Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16841.2 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16941.3 Algorithm and running time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16941.4 Accuracy of the test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17041.5 Deterministic variants of the test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17141.6 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17241.7 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

42 Modular representation theory 17342.1 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17342.2 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17342.3 Ring theory interpretation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17442.4 Brauer characters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17442.5 Reduction (mod p) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17442.6 Number of simple modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17442.7 Blocks and the structure of the group algebra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17542.8 Projective modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17542.9 Some orthogonality relations for Brauer characters . . . . . . . . . . . . . . . . . . . . . . . . . . 17542.10Decomposition matrix and Cartan matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17542.11Defect groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17642.12References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

43 MULTI-S01 17843.1 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17843.2 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

44 Nimber 17944.1 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

44.1.1 Addition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17944.1.2 Multiplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

44.2 Addition and multiplication tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18044.3 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18044.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

xii CONTENTS

45 Preparata code 18445.1 Construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18445.2 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18445.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

46 Rijndael mix columns 18546.1 MixColumns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18546.2 Implementation example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18546.3 InverseMixColumns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18646.4 Test vectors for MixColumns(); not for InvMixColumns . . . . . . . . . . . . . . . . . . . . . . . 18646.5 Galois Multiplication lookup tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18646.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18746.7 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

47 Rijndael S-box 18947.1 Forward S-box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18947.2 Inverse S-box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19047.3 Design criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19147.4 Alternate equation for the ane transformation . . . . . . . . . . . . . . . . . . . . . . . . . . . 19147.5 Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19147.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

48 Sastry automorphism 19348.1 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

49 SatoTate conjecture 19449.1 Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19449.2 Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19449.3 Proofs and claims in progress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19549.4 Generalisation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19549.5 More precise questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19549.6 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19549.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19649.8 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

50 Schoofs algorithm 19750.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19750.2 Hasses theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19750.3 The Frobenius endomorphism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19850.4 Computation modulo primes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

50.4.1 Case 1 (xq2 ; yq2) 6= q(x; y) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19950.4.2 Case 2 (xq2 ; yq2) = q(x; y) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19950.4.3 Additional case l = 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

CONTENTS xiii

50.5 The algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19950.6 Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20050.7 Improvements to Schoofs algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20050.8 Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20150.9 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20150.10References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

51 SchoofElkiesAtkin algorithm 20251.1 Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20251.2 Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20251.3 External links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

52 Srivastava code 20352.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20352.2 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20352.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

53 Steinberg representation 20453.1 The Steinberg representation of a nite group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20453.2 The Steinberg representation of a p-adic group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20453.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

54 Table of costs of operations in elliptic curves 20654.1 Abbreviations for the operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20654.2 Tabulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20654.3 Importance of doubling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20754.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

55 Ternary Golay code 20855.1 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

55.1.1 Ternary Golay code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20855.1.2 Extended ternary Golay code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

55.2 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20955.3 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20955.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

56 Triangular network coding 21056.1 Coding and decoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21056.2 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

57 Trigonometry in Galois elds 21157.1 Trigonometry over a Galois eld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

57.1.1 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21257.2 Unimodular groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

xiv CONTENTS

57.2.1 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21357.3 Polar form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21357.4 The Z plane in a Galois eld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

57.4.1 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21457.4.2 Back to the GF(p)-trigonometry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21657.4.3 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

57.5 Trajectories over the Galois Z plane in GF(p) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21657.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

58 Twisted polynomial ring 21858.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21858.2 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21858.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

59 Weil conjectures 22059.1 Background and history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22059.2 Statement of the Weil conjectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22159.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

59.3.1 The projective line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22259.3.2 Projective space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22259.3.3 Elliptic curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

59.4 Weil cohomology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22259.5 Grothendiecks formula for the zeta function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22359.6 Delignes rst proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

59.6.1 Use of Lefschetz pencils . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22359.6.2 The key estimate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22359.6.3 Completion of the proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

59.7 Delignes second proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22559.8 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22659.9 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

60 XTR 22960.1 Fundamentals of XTR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

60.1.1 Arithmetic operations in GF (p2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22960.1.2 Traces over GF (p2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23060.1.3 Algorithm for the quick computation of Tr(gn) given Tr(g) . . . . . . . . . . . . . . . . 231

60.2 Parameter selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23260.2.1 Finite eld and subgroup size selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23260.2.2 Subgroup selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

60.3 Cryptographic schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23360.3.1 XTR-DH key agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23360.3.2 XTR ElGamal encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

CONTENTS xv

60.4 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23460.4.1 Discrete logarithms in a general GF (pt) . . . . . . . . . . . . . . . . . . . . . . . . . . 23460.4.2 Security of XTR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

60.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

61 Zechs logarithm 23761.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23761.2 Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23861.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23861.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

62 Zyablov bound 24062.1 Statement of the bound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24062.2 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24162.3 Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24162.4 See also . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24162.5 References and External Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24162.6 Text and image sources, contributors, and licenses . . . . . . . . . . . . . . . . . . . . . . . . . . 242

62.6.1 Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24262.6.2 Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24662.6.3 Content license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Chapter 1

AKS primality test

The AKS primality test (also known as AgrawalKayalSaxena primality test and cyclotomic AKS test) is adeterministic primality-proving algorithm created and published by Manindra Agrawal, Neeraj Kayal, and Nitin Sax-ena, computer scientists at the Indian Institute of Technology Kanpur, on August 6, 2002, in a paper titled PRIMESis in P.[1] The algorithm determines whether a number is prime or composite within polynomial time. The authorsreceived the 2006 Gdel Prize and the 2006 Fulkerson Prize for this work.

1.1 ImportanceAKS is the rst primality-proving algorithm to be simultaneously general, polynomial, deterministic, and uncondi-tional. Previous algorithms had been developed for centuries and achieved three of these properties at most, but notall four.

The AKS algorithm can be used to verify the primality of any general number given. Many fast primality testsare known that work only for numbers with certain properties. For example, the LucasLehmer test worksonly for Mersenne numbers, while Ppins test can be applied to Fermat numbers only.

The maximum running time of the algorithm can be expressed as a polynomial over the number of digits inthe target number. ECPP and APR conclusively prove or disprove that a given number is prime, but are notknown to have polynomial time bounds for all inputs.

The algorithm is guaranteed to distinguish deterministically whether the target number is prime or compos-ite. Randomized tests, such as MillerRabin and BailliePSW, can test any given number for primality inpolynomial time, but are known to produce only a probabilistic result.

The correctness of AKS is not conditional on any subsidiary unproven hypothesis. In contrast, the Miller testis fully deterministic and runs in polynomial time over all inputs, but its correctness depends on the truth ofthe yet-unproven generalized Riemann hypothesis.

While the algorithm is of immense theoretical importance, it is not used in practice. For 64-bit inputs, the BailliePSW is deterministic and runs many orders of magnitude faster. For larger inputs, the performance of the (alsounconditionally correct) ECPP and APR tests is far superior to AKS. Additionally, ECPP can output a Primalitycerticate that allows independent and rapid verication of the results, which is not possible with the AKS algorithm.

1.2 ConceptsThe AKS primality test is based upon the following theorem: An integer n ( 2) is prime if and only if the polynomialcongruence relation

(x a)n (xn a) (mod n) (1)

1

2 CHAPTER 1. AKS PRIMALITY TEST

holds for all integers a coprime to n (or even just for some such integer a, in particular for a = 1).[1] Note that x is afree variable. It is never substituted by a number; instead you have to expand (x a)n and compare the coecientsof the x powers.This theorem is a generalization to polynomials of Fermats little theorem, and can easily be proven using the binomialtheorem together with the following property of the binomial coecient:

nk

0 (mod n) for all 0 < k < n if and only if n is prime.While the relation (1) constitutes a primality test in itself, verifying it takes exponential time. Therefore, to reducethe computational complexity, AKS makes use of the related congruence

(x a)n (xn a) (mod (n; xr 1)) (2)

which is the same as:

(x a)n (xn a) = nf + (xr 1)g (3)

for some polynomials f and g. This congruence can be checked in polynomial time with respect to the number ofdigits in n, because it is provable that r need only be logarithmic with respect to n. Note that all primes satisfy thisrelation (choosing g = 0 in (3) gives (1), which holds for n prime). However, some composite numbers also satisfythe relation. The proof of correctness for AKS consists of showing that there exists a suitably small r and suitablysmall set of integers A such that, if the congruence holds for all such a in A, then n must be prime.

1.3 History and running timeIn the rst version of the above-cited paper, the authors proved the asymptotic time complexity of the algorithm to be~O(log12(n)) (using from big O notation). In other words, the algorithm takes less time than the twelfth power ofthe number of digits in n times a polylogarithmic (in the number of digits) factor. However, the upper bound provedin the paper was rather loose; indeed, a widely held conjecture about the distribution of the Sophie Germain primeswould, if true, immediately cut the worst case down to ~O(log6(n)) .In the months following the discovery, new variants appeared (Lenstra 2002, Pomerance 2002, Berrizbeitia 2003,Cheng 2003, Bernstein 2003a/b, Lenstra and Pomerance 2003), which improved the speed of computation by ordersof magnitude. Due to the existence of the many variants, Crandall and Papadopoulos refer to the AKS-class ofalgorithms in their scientic paper On the implementation of AKS-class primality tests, published in March 2003.In response to some of these variants, and to other feedback, the paper PRIMES is in P was updated with a newformulation of the AKS algorithm and of its proof of correctness. (This version was eventually published in Annals ofMathematics.) While the basic idea remained the same, r was chosen in a new manner, and the proof of correctnesswas more coherently organized. While the previous proof had relied on many dierent methods, the new versionrelied almost exclusively on the behavior of cyclotomic polynomials over nite elds. The new version also allowedfor an improved bound on the time complexity, which can now be shown by simple methods to be ~O(log10:5(n)) .Using additional results from sieve theory, this can be further reduced to ~O(log7:5(n)) .In 2005, Carl Pomerance and H. W. Lenstra, Jr. demonstrated a variant of AKS that runs in ~O(log6(n)) operations,where n is the number to be tested a marked improvement over the initial ~O(log12(n)) bound in the originalalgorithm.[2] An updated version of the paper is also available.[3]

Agrawal, Kayal and Saxena suggest a variant of their algorithm which would run in ~O(log3(n)) if Agrawals conjectureis true; however, a heuristic argument by Hendrik Lenstra and Carl Pomerance suggests that it is probably false.[1]

1.4 AlgorithmThe algorithm is as follows:[1]

1.4. ALGORITHM 3

Input: integer n > 1.

1. If n = ab for integers a > 1 and b > 1, output composite.

2. Find the smallest r such that Or(n) > (log2 n)2.

3. If 1 < gcd(a,n) < n for some a r, output composite.

4. If n r, output prime.

5. For a = 1 to bp'(r) log2

4 CHAPTER 1. AKS PRIMALITY TEST

For [a=r, a > 1, a--,If [(gcd=GCD[a,n]) > 1 && gcd < n, Return[Composite]]

];gcd={GCD(29,31)=1, GCD(28,31)=1, ..., GCD(2,31)=1} 1

4. If n r, output prime.If [n r, Return[Prime]]; (* this step may be omitted if n > 5690034 *)31 > 29

5. For a = 1 to bp'(r) log(n)c doif (X+a)n Xn+a (mod Xr 1,n), output composite;[x_]:=EulerPhi[x];PolyModulo[f_]:=PolynomialMod[ PolynomialRemainder[f,xr1,x],n];max=Floor[Log[2,n]r;For[a=1, a max, a++,

If[PolyModulo[(x+a)n]-PolynomialRemainder[xn+a, xr1, x]0,Return[Composite]

]];(x+a)31 =

a31 +31a30x +465a29x2 +4495a28x3 +31465a27x4 +169911a26x5 +736281a25x6 +2629575a24x7+7888725a23x8 +20160075a22x9 +44352165a21x10 +84672315a20x11 +141120525a19x12+206253075a18x13 +265182525a17x14 +300540195a16x15 +300540195a15x16 +265182525a14x17+206253075a13x18 +141120525a12x19 +84672315a11x20 +44352165a10x21 +20160075a9x22+7888725a8x23 +2629575a7x24 +736281a6x25 +169911a5x26 +31465a4x27 +4495a3x28+465a2x29 +31ax30 +x31

PolynomialRemainder [(x+a)31, x291] =465a2 +a31 +(31a+31a30)x +(1+465a29)x2 +4495a28x3 +31465a27x4 +169911a26x5 +736281a25x6+2629575a24x7 +7888725a23x8 +20160075a22x9 +44352165a21x10 +84672315a20x11+141120525a19x12 +206253075a18x13 +265182525a17x14 +300540195a16x15 +300540195a15x16+265182525a14x17 +206253075a13x18 +141120525a12x19 +84672315a11x20 +44352165a10x21+20160075a9x22 +7888725a8x23 +2629575a7x24 +736281a6x25 +169911a5x26 +31465a4x27+4495a3x28

A) PolynomialMod [PolynomialRemainder [(x+a)31, x291], 31] = a31+x2B) PolynomialRemainder [x31+a, x291] = a+x2A) - B) = a31+x2 - (a+x2) = a31-amax = b log2 (31) p'(29)c = 26{1311=0 (mod 31), 2312=0 (mod 31), 3313=0 (mod 31), ..., 263126=0 (mod 31)}

6. Output prime.31 Must be Prime

Where PolynomialMod is a term-wise modulo reduction of the polynomial. e.g. PolynomialMod[x+2x2+3x3, 3] =x+2x2+0x3

1.5 References[1] Agrawal, Manindra; Kayal, Neeraj; Saxena, Nitin (2004). PRIMES is in P (PDF). Annals of Mathematics 160 (2):

781793. doi:10.4007/annals.2004.160.781. JSTOR 3597229.

[2] H. W. Lenstra Jr. and Carl Pomerance, "Primality testing with Gaussian periods", preliminary version July 20, 2005.

[3] H. W. Lenstra jr. and Carl Pomerance, "Primality testing with Gaussian periods", version of April 12, 2011.

1.6. FURTHER READING 5

1.6 Further reading Dietzfelbinger, Martin (2004). Primality testing in polynomial time. From randomized algorithms to ``PRIMESis in P. Lecture Notes in Computer Science 3000. Berlin: Springer-Verlag. ISBN 3-540-40344-2. Zbl1058.11070.

1.7 External links Weisstein, Eric W., AKS Primality Test, MathWorld. R. Crandall, Apple ACG, and J. Papadopoulos (March 18, 2003): On the implementation of AKS-class pri-

mality tests (PDF)

Article by Borneman, containing photos and information about the three Indian scientists (PDF) Andrew Granville: It is easy to determine whether a given integer is prime The Prime Facts: From Euclid to AKS, by Scott Aaronson (PDF) The PRIMES is in P little FAQ by Anton Stiglic 2006 Gdel Prize Citation 2006 Fulkerson Prize Citation The AKS PRIMES in P Algorithm Resource Grime, Dr. James. Fool-Proof Test for Primes - Numberphile (VIDEO). Brady Haran. [the video describes

the exponential time relation (1), which it calls AKS]

Chapter 2

Alternant code

In coding theory, alternant codes form a class of parameterised error-correcting codes which generalise the BCHcodes.

2.1 DenitionAn alternant code over GF(q) of length n is dened by a parity check matrix H of alternant form Hi,j = iyi, wherethe j are distinct elements of the extension GF(qm), the yi are further non-zero parameters again in the extensionGF(qm) and the indices range as i from 0 to 1, j from 1 to n.

2.2 PropertiesThe parameters of this alternant code are length n, dimension n m and minimum distance + 1. There existlong alternant codes which meet the Gilbert-Varshamov bound.The class of alternant codes includes

BCH codes Goppa codes Srivastava codes

2.3 References F.J. MacWilliams; N.J.A. Sloane (1977). The Theory of Error-Correcting Codes. North-Holland. pp. 332

338. ISBN 0-444-85193-3.

6

Chapter 3

BCH code

In coding theory, the BCH codes form a class of cyclic error-correcting codes that are constructed using nite elds.BCH codes were invented in 1959 by French mathematician Alexis Hocquenghem, and independently in 1960 byRaj Bose and D. K. Ray-Chaudhuri.[1][2][3] The acronym BCH comprises the initials of these inventors names.One of the key features of BCH codes is that during code design, there is a precise control over the number of symbolerrors correctable by the code. In particular, it is possible to design binary BCH codes that can correct multiplebit errors. Another advantage of BCH codes is the ease with which they can be decoded, namely, via an algebraicmethod known as syndrome decoding. This simplies the design of the decoder for these codes, using small low-power electronic hardware.BCH codes are used in applications such as satellite communications,[4] compact disc players, DVDs, disk drives,solid-state drives[5] and two-dimensional bar codes.

3.1 Denition and illustration

3.1.1 Primitive narrow-sense BCH codesGiven a prime power q and positive integers m and d with d qm 1, a primitive narrow-sense BCH code over thenite eld GF(q) with code length n = qm 1 and distance at least d is constructed by the following method.Let be a primitive element of GF(qm). For any positive integer i, let mi(x) be the minimal polynomial of i overGF(q). The generator polynomial of the BCH code is dened as the least common multiple g(x) = lcm(m1(x),,md (x)). It can be seen that g(x) is a polynomial with coecients in GF(q) and divides xn 1. Therefore, the polynomialcode dened by g(x) is a cyclic code.

Example

Let q=2 and m=4 (therefore n=15). We will consider dierent values of d. There is a primitive root in GF(16)satisfying

its minimal polynomial over GF(2) is

m1(x) = x4 + x+ 1:

The minimal polynomials of the rst seven powers of are

m1(x) = m2(x) = m4(x) = x4 + x+ 1;

7

8 CHAPTER 3. BCH CODE

m3(x) = m6(x) = x4 + x3 + x2 + x+ 1;

m5(x) = x2 + x+ 1;

m7(x) = x4 + x3 + 1:

The BCH code with d = 2; 3 has generator polynomialg(x) = m1(x) = x

4 + x+ 1:

It has minimal Hamming distance at least 3 and corrects up to one error. Since the generator polynomial is of degree4, this code has 11 data bits and 4 checksum bits.The BCH code with d = 4; 5 has generator polynomialg(x) = lcm(m1(x);m3(x)) = (x4 + x+ 1)(x4 + x3 + x2 + x+ 1) = x8 + x7 + x6 + x4 + 1:It has minimal Hamming distance at least 5 and corrects up to two errors. Since the generator polynomial is of degree8, this code has 7 data bits and 8 checksum bits.The BCH code with d = 8 and higher has generator polynomialg(x) = lcm(m1(x);m3(x);m5(x);m7(x))

= (x4 + x+ 1)(x4 + x3 + x2 + x+ 1)(x2 + x+ 1)(x4 + x3 + 1)

= x14 + x13 + x12 + + x2 + x+ 1:This code has minimal Hamming distance 15 and corrects 7 errors. It has 1 data bit and 14 checksum bits. In fact,this code has only two codewords: 000000000000000 and 111111111111111.

3.1.2 General BCH codes

General BCH codes dier from primitive narrow-sense BCH codes in two respects.First, the requirement that be a primitive element of GF(qm) can be relaxed. By relaxing this requirement, thecode length changes from qm 1 to ord(); the order of the element :Second, the consecutive roots of the generator polynomial may run from c; : : : ; c+d2 instead of ; : : : ; d1:Denition. Fix a nite eld GF (q); where q is a prime power. Choose positive integers m;n; d; c such that 2 d n; gcd(n; q) = 1; and m is the multiplicative order of q modulo n:As before, let be a primitive n th root of unity in GF (qm); and let mi(x) be the minimal polynomial overGF (q) of i for all i: The generator polynomial of the BCH code is dened as the least common multiple g(x) =lcm(mc(x); : : : ;mc+d2(x)):Note: if n = qm 1 as in the simplied denition, then gcd(n; q) is automatically 1, and the order of q modulo nis automatically m: Therefore, the simplied denition is indeed a special case of the general one.

3.1.3 Special cases A BCH code with c = 1 is called a narrow-sense BCH code. A BCH code with n = qm 1 is called primitive.

The generator polynomial g(x) of a BCH code has coecients from GF(q): In general, a cyclic code over GF(qp)with g(x) as the generator polynomial is called a BCH code over GF(qp): The BCH code over GF(qm) with g(x)as the generator polynomial is called a ReedSolomon code. In other words, a ReedSolomon code is a BCH codewhere the decoder alphabet is the same as the channel alphabet.[6]

3.2 Properties1. The generator polynomial of a BCH code has degree at most (d 1)m: Moreover, if q = 2 and c = 1; thegenerator polynomial has degree at most dm/2:

3.3. ENCODING 9

Proof: each minimal polynomial mi(x) has degree at most m:

Therefore, the least common multiple of d 1 of them has degree at most (d 1)m: Moreover, if q = 2; thenmi(x) = m2i(x) for all i: Therefore, g(x) is the least common multiple of at most d/2 minimal polynomials mi(x)for odd indices i; each of degree at most m:2. A BCH code has minimal Hamming distance at least d: Proof: Suppose that p(x) is a code word with fewer thand non-zero terms. Then

p(x) = b1xk1 + + bd1xkd1 ; where k1 < k2 < < kd1:

Recall that c; : : : ; c+d2 are roots of g(x); hence of p(x): This implies that b1; : : : ; bd1 satisfy the followingequations, for i = c; : : : ; c+ d 2 :

p(i) = b1ik1 + b2

ik2 + + bd1ikd1 = 0:

In matrix form, we have

26664ck1 ck2 ckd1

(c+1)k1 (c+1)k2 (c+1)kd1... ... ...

(c+d2)k1 (c+d2)k2 (c+d2)kd1

3777526664

b1b2...

bd1

37775 =2666400...0

37775:The determinant of this matrix equals

d1Yi=1

cki

!det

0BBB@1 1 1k1 k2 kd1

... ... ...(d2)k1 (d2)k2 (d2)kd1

1CCCA = d1Yi=1

cki

!det(V ):

The matrix V is seen to be a Vandermonde matrix, and its determinant is

det(V ) =Y

1i


3. Calculate the roots of the error location polynomial to nd the error locations Xi

4. Calculate the error values Yi at those error locations

5. Correct the errors

During some of these steps, the decoding algorithm may determine that the received vector has too many errors andcannot be corrected. For example, if an appropriate value of t is not found, then the correction would fail. In atruncated (not primitive) code, an error location may be out of range. If the received vector has more errors thanthe code can correct, the decoder may unknowingly produce an apparently valid message that is not the one that wassent.

3.4.1 Calculate the syndromes

The received vector R is the sum of the correct codeword C and an unknown error vector E: The syndrome valuesare formed by considering R as a polynomial and evaluating it at c; : : : ; c+d2: Thus the syndromes are[7]

sj = R(j) = C(j) + E(j)

for j = c to c + d 2: Since j are the zeros of g(x); of which C(x) is a multiple, C(j) = 0: Examining thesyndrome values thus isolates the error vector so one can begin to solve for it.If there is no error, sj = 0 for all j: If the syndromes are all zero, then the decoding is done.

3.4.2 Calculate the error location polynomial

If there are nonzero syndromes, then there are errors. The decoder needs to gure out how many errors and thelocation of those errors.If there is a single error, write this as E(x) = e xi; where i is the location of the error and e is its magnitude. Thenthe rst two syndromes are

sc = e c i

sc+1 = e (c+1) i = isc

so together they allow us to calculate e and provide some information about i (completely determining it in the caseof ReedSolomon codes).If there are two or more errors,

E(x) = e1xi1 + e2x

i2 +

It is not immediately obvious how to begin solving the resulting syndromes for the unknowns ek and ik: First step isnding locator polynomial

(x) =Qtj=1(x

ij 1) compatible with computed syndromes and with minimal possible t:

Two popular algorithms for this task are:

1. PetersonGorensteinZierler algorithm

2. BerlekampMassey algorithm

3.4. DECODING 11

PetersonGorensteinZierler algorithm

Petersons algorithm is the step 2 of the generalized BCH decoding procedure. Petersons algorithm is used to cal-culate the error locator polynomial coecients 1; 2; : : : ; v of a polynomial

(x) = 1 + 1x+ 2x2 + + vxv:

Now the procedure of the PetersonGorensteinZierler algorithm.[8] Expect we have at least 2t syndromes sc,...,sct.Let v = t.

Start by generating the Svv matrix with elements that are syndrome values

Svv =

26664sc sc+1 : : : sc+v1sc+1 sc+2 : : : sc+v

... ... . . . ...sc+v1 sc+v : : : sc+2v2

37775:

Generate a cv1 vector with elements

Cv1 =

26664sc+vsc+v+1

...sc+2v1

37775:

Let denote the unknown polynomial coecients, which are given by

v1 =

26664vv1

...1

37775:

Form the matrix equation

Svvv1 = Cv1 :

If the determinant of matrix Svv is nonzero, then we can actually nd an inverse of this matrix and solve forthe values of unknown values.

If det(Svv) = 0; then follow

if v = 0 then declare an empty error locator polynomial stop Peterson procedure. end set v v 1 continue fromthe beginning of Petersons decoding by making smaller Svv

After you have values of , you have with you the error locator polynomial. Stop Peterson procedure.


3.4.3 Factor error locator polynomialNow that you have the(x) polynomial, its roots can be found in the form(x) = (i1x1)(i2x1) (ivx1)by brute force for example using the Chien search algorithm. The exponential powers of the primitive element willyield the positions where errors occur in the received word; hence the name 'error locator' polynomial.The zeros of (x) are i1 , ..., iv.

3.4.4 Calculate error valuesOnce the error locations are known, the next step is to determine the error values at those locations. The error valuesare then used to correct the received values at those locations to recover the original codeword.For the case of binary BCH, (with all characters readable) this is trivial; just ip the bits for the received word at thesepositions, and we have the corrected code word. In the more general case, the error weights ej can be determined bysolving the linear system

sc = e1c i1 + e2

c i2 + sc+1 = e1

(c+1) i1 + e2(c+1) i2 +

...

Forney algorithm

However, there is a more ecient method known as the Forney algorithm.Let S(x) = sc + sc+1x+ sc+2x2 + + sc+d2xd2:Let v d 1; 0 6= 0; and (x) =

Pvi=0 ix

i = 0 Qvk=0(

ikx 1):Let (x) = S(x) (x) (mod xd1) be the error evaluator polynomial[9]

Let 0(x) = vi=1i ixi1; where i x denotes herePi

k=1 x rather than multiplying in the eld.Than if syndromes could be explained by an error word, which could be nonzero only on positions ik , then errorvalues are

ek = ik(ik)

cik0(ik):

For narrow-sense BCH codes, c = 1, so the expression simplies to:

ek = (ik)

0(ik):

Explanation of Forney algorithm computation

It is based on Lagrange interpolation and techniques of generating functions.Look at S(x)(x): Let for simplicity k = 0 for k > v; and sk = 0 for k > c+ d 2:Then S(x)(x) =P1j=0Pji=0 sji+1ixj :S(x) =

d2Xi=0

vXj=1

ej(c+i)ijxi =

vXj=1

ejc ij

d2Xi=0

(ij )ixi =vX

j=1

ejc ij

(xij )d1 1xij 1 :

S(x)(x) = S(x)0

vY`=1

(i`x 1) = 0vX

j=1

ejc ij

(xij )d1 1xij 1

vY`=1

(i`x 1):

3.4. DECODING 13

We could gain form of polynomial:

S(x)(x) = 0

vXj=1

ejc ij ((xij )d1 1)

Y`2f1;:::;vgnfjg

(i`x 1):

We want to compute unknowns ej ; and we could simplify the context by removing the (xij )d1 terms. This leadsto the error evaluator polynomial

(x) = S(x) (x) (mod xd1):

Thanks to v d 1 we have

(x) = 0vX

j=1

ejc ij

Y`2f1;:::;vgnfjg

(i`x 1):

Look at (ik): Thanks to (the Lagrange interpolation trick) the sum degenerates to only one summand

(ik) = 0ekcikY

`2f1;:::;vgnfkg(i`ik 1):

To get ek we just should get rid of the product. We could compute the product directly from already computed rootsij of ; but we could use simpler form.As formal derivative 0(x) = 0

Pvj=1

ijQ`2f1;:::;vgnfjg(

i`x 1); we get again only one summand in

0(ik) = 0ikY

`2f1;:::;vgnfkg(i`ik 1):

So nally

ek = ik(ik)

cik0(ik):

This formula is advantageous when one computes the formal derivative of form its (x) = Pvi=1 ixi form,gaining

0(x) = vi=1i ixi1;

where i x denotes herePik=1 x rather than multiplying in the eld.3.4.5 Decoding based on extended Euclidean algorithmThe process of nding both the polynomial and the error values could be based on the Extended Euclidean algo-rithm. Correction of unreadable characters could be incorporated to the algorithm easily as well.Let k1; :::; kk be positions of unreadable characters. One creates polynomial localising these positions (x) =Qki=1(x

ki 1): Set values on unreadable positions to 0 and compute the syndromes.As we have already dened for the Forney formula let S(x) =Pd2i=0 sc+ixi:Let us run extended Euclidean algorithm for locating least common divisor of polynomials S(x)(x) and xd1: Thegoal is not to nd the least common divisor, but a polynomial r(x) of degree at most b(d+k3)/2c and polynomials


a(x); b(x) such that r(x) = a(x)S(x)(x) + b(x)xd1: Low degree of r(x) guarantees, that a(x) would satisfyextended (by ) dening conditions for :Dening (x) = a(x)(x) and using on the place of (x) in the Fourney formula will give us error values.The main advantage of the algorithm is that it meanwhile computes (x) = S(x)(x)modxd1 = r(x) requiredin the Forney formula.

Explanation of the decoding process

The goal is to nd a codeword which diers from the received word minimally as possible on readable positions.When expressing the received word as a sum of nearest codeword and error word, we are trying to nd error word withminimal number of non-zeros on readable positions. Syndrom si restricts error word by condition si =

Pn1j=0 ej

ij :

We could write these conditions separately or we could create polynomial S(x) =Pd2i=0 sc+ixi and compare coef-cients near powers 0 to d 2: S(x)f0;:::; d2g= E(x) =

Pd2i=0

Pn1j=0 ej

ijcjxi:

Suppose there is unreadable letter on position k1; we could replace set of syndromes fsc; : : : ; sc+d2g by set ofsyndromes ftc; : : : ; tc+d3g dened by equation ti = k1si si+1: Suppose for an error word all restrictions byoriginal set fsc; : : : ; sc+d2g of syndromes hold, than ti = k1si si+1 = k1

Pn1j=0 ej

ij Pn1j=0 ejjij =Pn1j=0 ej(

k1 j)ij : New set of syndromes restricts error vector fj = ej(k1 j) the same way the originalset of syndromes restricted the error vector ej : Note, that except the coordinate k1; where fk1 = 0; an fj is zero, iej is zero. For the goal of locating error positions we could change the set of syndromes in the similar way to reectall unreadable characters. This shortens the set of syndromes by k:In polynomial formulation, the replacement of syndromes set fsc; : : : ; sc+d2g by syndromes set ftc; : : : ; tc+d3gleads to T (x) =Pd3i=0 tc+ixi = k1Pd3i=0 sc+ixiPd2i=1 sc+ixi1:Therefore xT (x)f1;:::; d2g= (xk11)S(x):After replacement of S(x) by S(x)(x) , one would require equation for coecients near powers k; : : : ; d 2:One could consider looking for error positions from the point of view of eliminating inuence of given positionssimilarly as for unreadable characters. If we found v positions such that eliminating their inuence leads to obtainingset of syndromes consisting of all zeros, than there exists error vector with errors only on these coordinates. If (x)denotes the polynomial eliminating the inuence of these coordinates, we obtain S(x)(x)(x)fk+v;:::; d2g= 0:In Euclidean algorithm, we try to correct at most (d 1 k)/2 errors (on readable positions), because with biggererror count there could be more codewords in the same distance from the received word. Therefore, for (x) we arelooking for, the equation must hold for coecients near powers starting from k + b(d 1 k)/2c:In Forney formula, (x) could be multiplied by a scalar giving the same result.It could happen that the Euclidean algorithm nds (x) of degree higher than (d 1 k)/2; having number ofdierent roots equal to its degree, where the Fourney formula would be able to correct errors in all its roots, anywayscorrecting such many errors could be risky (especially with no other restrictions on received word). Usually aftergetting (x) of higher degree, we decide not to correct the errors. Correction could fail in the case (x) has rootswith higher multiplicity or the number of roots is smaller than its degree. Fail could be detected as well by Forneyformula returning error outside the transmitted alphabet.

3.4.6 Correct the errors

Using the error values and error location, correct the errors and form a corrected code vector by subtracting errorvalues at error locations.

3.4.7 Decoding examples

Decoding of binary code without unreadable characters

Consider a BCH code in GF(24) with d = 7 and g(x) = x10 + x8 + x5 + x4 + x2 + x + 1 . (This is used in QRcodes.) Let the message to be transmitted be [1 1 0 1 1], or in polynomial notation, M(x) = x4 + x3 + x+ 1: Thechecksum symbols are calculated by dividing x10M(x) by g(x) and taking the remainder, resulting in x9+x4+x2

3.4. DECODING 15

or [ 1 0 0 0 0 1 0 1 0 0 ]. These are appended to the message, so the transmitted codeword is [ 1 1 0 1 1 1 0 0 0 0 10 1 0 0 ].Now, imagine that there are two bit-errors in the transmission, so the received codeword is [ 1 0 0 1 1 1 0 0 0 1 1 01 0 0 ]. In polynomial notation:

R(x) = C(x) + x13 + x5 = x14 + x11 + x10 + x9 + x5 + x4 + x2

In order to correct the errors, rst calculate the syndromes. Taking = 0010; we have s1 = R(1) = 1011;s2 = 1001; s3 = 1011; s4 = 1101; s5 = 0001; and s6 = 1001: Next, apply the Peterson procedure by row-reducing the following augmented matrix.

[S33jC31] =24s1 s2 s3 s4s2 s3 s4 s5s3 s4 s5 s6

35 =241011 1001 1011 11011001 1011 1101 00011011 1101 0001 1001

35)240001 0000 1000 01110000 0001 1011 00010000 0000 0000 0000

35Due to the zero row, S is singular, which is no surprise since only two errors were introduced into the codeword.However, the upper-left corner of the matrix is identical to [S | C], which gives rise to the solution 2 = 1000;1 = 1011: The resulting error locator polynomial is (x) = 1000x2 + 1011x+ 0001; which has zeros at 0100 =13 and 0111 = 5: The exponents of correspond to the error locations. There is no need to calculate the errorvalues in this example, as the only possible value is 1.

Decoding with unreadable characters

Suppose the same scenario, but the received word has two unreadable characters [ 1 0 0 ? 1 1 ? 0 0 1 1 0 1 00 ]. We replace the unreadable characters by zeros while creating the polynom reecting their positions (x) =(8x 1)(11x 1): We compute the syndromes s1 = 7; s2 = 1; s3 = 4; s4 = 2; s5 = 5; ands6 =

7: (Using log notation which is independent on GF(24) isomorphisms. For computation checking we canuse the same representation for addition as was used in previous example. Hexadecimal description of the powers of are consecutively 1,2,4,8,3,6,C,B,5,A,7,E,F,D,9 with the addition based on bitwise xor.)Let us make syndrome polynomial S(x) = 7 + 1x + 4x2 + 2x3 + 5x4 + 7x5; compute S(x)(x) =7 + 4x+ 1x2 + 6x3 + 1x4 + 5x5 + 7x6 + 3x7:

Run the extended Euclidean algorithm:S(x)(x)

x6

=

7 + 4x+ 1x2 + 6x3 + 1x4 + 5x5 + 7x6 + 3x7

x6

=

7 + 3x 1

1 0

x6

7 + 4x+ 1x2 + 6x3 + 1x4 + 5x5 + (7 + 7)x6 + (3 + 3)x7

=

7 + 3x 1

1 0

4 + 5x 1

1 0

0@ 7 + 4x+ 1x2 + 6x3 + 1x4 + 5x53 + (7 + 3)x+ (3 + 1)x2+(5 + 6)x3 + (3 + 1)x4 + (6 + 6)x5 + (0 + 1)x6

1A=

(1 + 4) + (1 + 2)x+ 7x2 7 + 3x

4 + 5x 1

7 + 4x+ 1x2 + 6x3 + 1x4 + 5x5

3 + 2x+ 0x2 + 2x3 + 6x4

=

3 + 5x+ 7x2 7 + 3x

4 + 5x 1

5 + 4x 1

1 0

0BBBB@3 + 2x+ 0x2 + 2x3 + 6x4

(7 + 7) + (7 + 7 + 4)x+(5 + 6 + 1)x2+(7 + 4 + 6)x3+

(4 + 6 + 1)x4 + (5 + 5)x5

1CCCCA=

7x+ 5x2 + 3x3 3 + 5x+ 7x2

3 + 5x+ 6x2 4 + 5x

3 + 2x+ 0x2 + 2x3 + 6x4

4 + 4x+ 2x2 + 5x3

:

We have reached polynomial of degree at most 3, and as (4 + 5x) 3 + 5x+ 7x23 + 5x+ 6x2 (7x+ 5x2 + 3x3)

7x+ 5x2 + 3x3 3 + 5x+ 7x2

3 + 5x+ 6x2 4 + 5x

=

1 00 1

; we get

(4 + 5x) 3 + 5x+ 7x23 + 5x+ 6x2 (7x+ 5x2 + 3x3)

S(x)(x)

x6

=

0BB@3 + 2x+ 0x2+

2x3 + 6x4

4 + 4x+ 2x2+5x3

1CCA:


Therefore S(x)(x)(3 + 5x+ 6x2) (7x+ 5x2 + 3x3)x6 = 4 + 4x+ 2x2 + 5x3:Let (x) = 3+5x+6x2: Don't worry that 0 6= 1: Find by brute force a root of : The roots are 2; and 10(after nding for example 2 we can divide by corresponding monom (x 2) and the root of resulting monomcould be found easily).Let (x) = (x)(x) = 3 + 4x2 + 2x3 + 5x4; and let (x) = S(x)(x) mod x6 = 4 + 4x +2x2 + 5x3: Let us look for error values using formula ej = (ij )/0(ij ); where ij are roots of(x): 0(x) = 2x2: We get e1 = (4)/0(4) = (4 + 7 + 5 + 7)/5 = 5/5 = 1;e2 = (7)/0(7) = (4 + 4 + 1 + 1)/1 = 0; e3 = (10)/0(10) = (4 + 1 + 7 +5)/7 = 7/7 = 1; e4 = (2

Documents

Finite Fields