lilT 25 (1985), 667-674

ON THE NUMBER OF POLYNOMIALS OVER GF(2) THAT FACTOR INTO 2, 3 OR 4 PRIME POLYNOMIALS

BERNARD SMEETS

Department of Computer Engineering, University of Lund, P.O. Box 118, S-221 O0 Lund, Sweden

Abstract. In this paper a simple method is presented to derive formulas for the number of polynomials

over GF(2) which factor into two, three, and four prime polynomials only. A table is given, summarizing the above numbers for polynomials of degree up to 127. Furthermore, the computed values are compared with an asymptotic approximation for these values.

1. Introduction.

The performance of Coppersmith's algorithm for computing logarithms over finite fields of characteristic two [1] is closely connected to the distribution of prime factors of the polynomials over GF(2) [2]. In the algorithm the event of a prime factorization in which prime factors of large degrees are obtained causes problems. In order to get an idea of the number of those cases, the number of polynomials that factor into (few) prime polynomials of large degree is investigated in this paper.

Let Ne(d), e = 2, 3, 4, be the number of polynomials over GF(2) of a given degree d that factor into 2, 3, and 4 prime polynomials. The subject of this paper is to present a simple method by which one can determine expressions for the numbers Ne(d). The values of Ne(d) make it possible to estimate roughly the number of polynomials that factor into prime polynomials of large degree.

Section 2 starts with the introduction of an equivalence relation. This relation is subsequently used in connection with the Polya-Burnside method of enumeration in order to count the polynomials that factor into two, three or four factors. The method can also be used to calculate the values of N~(d) for e > 4, but this is not done here.

The values of Ne(d), e = 2, 3, 4, for polynomials up to degree 127 have been computed. The results are presented in Section 3. The computed values are

This work was supported in part by the National Swedish Board for Technical Development under 8rants 81-3323 and 83.4364 at the University of Lund.

Received January 1985. Revised May 1985.

668 BERNARD SMEETS

compared with an asymptotic approximation of the values of Ne(d) given in [3] and [4].

2. A counting argument.

Let u I . . . . uL be L prime polynomials in the polynomial ring GF(2)[x] over GF(2). Furthermore, let the sum of their degrees be d ~ N and let U~. be their product. Now let V L also be such a product, i.e., Vt. = l-I~v~, with all v~ prime in GF(2)[x] and the sum of their degrees equal to d.

DEVINmON. The L-tuple (u~ . . . . . uL) is called equivalent to the L-tuple (vl . . . . . vL) iff VL = Uv

This relation, although very simple, will make it possible to count the number of polynomials which factor in GF(2)[x] into L prime factors. But first we need the following lemmas.

LEMMA 1. The defined relation is an equivalence relation.

PROOF: It is easily seen that the relation is reflexive, symmetric and transitive.

LEMMA 2. I f Ut. = VL, then the L-tuples related to Ut. and V L contain the same prime elements.

PROOF: GF(2)[x] is a unique factorization domain and 1 is the only unit.

From Lemma 2 we have the following corollary.

COROLLARY: I f U L = V L then the L-tuple related to Ur. can be reyarded as a permutated version of the L-tuple related to V v

We also need a well-known result giving us the values of Nl(d):

(1) NI(d) = d - 1 ~ / 4 i ) 2 "/' ila

where # is the MObius function [5]. For convenience we put N ( d ) = Nl(d). Note that the product related to an L-tuple is invariant under any

permutation of the L-tuple. The polynomials of degree d, d > 1, that have two prime factors are counted with help of the Polya-Burnside method of enumeration [6]. From this case it will be clear how the cases e = 3 and e = 4 are handled.

ON THE NUMBER OF POLYNOMIALS OVER GF(2) T H A T . . . 6 6 9

Let S be the symmetric group of permutations of two objects and let S act on the set R : = {(u, v)lu, v ~ GF(2)[x], u, v prime and uv has degree d}, i.e. the set of all pairs of prime polynomials whose product has degree d. Furthermore, let P be the set of equivalence classes of such prime pairs. Obviously N2(d)= IPt--I{orbit (r)l r 6 R}I. Combining Lemma 1 and the Corollary with Burnside's theorem gives

(2 ) IPI = ISI - t ~ Fix(s), s~S

{(12) (12)}, i.e., the identity where Fix(s) = I{r~RIs(r) = r}l. Note that S = 12 ' 21

permutation s o and the cyclic permutation of two elements s t. If s = s o then So(a,b) = (a,b) for all (a ,b)eR. Hence Fix(so) = IRI = Rx. It is easily seen that

d - 1

(3) R t = ~ N( i )N(d- i ) . i = t

If s = s I then s I (a, b) = (b, a) = (a, b) iff a = b. This shows ~ that if d is odd, then sl(a,b) ~ (a,b) for all (a ,b)~R. Furthermore, if a = b then, obviously, a and b have equal degrees. Hence F ix(s t )= 0 if d is odd and N(d/2) if d is even. Summarizing all this, we have the following proposition.

PROPOSITION 1. For d > 1,

ld/21-1 t4) N2(d) = 2

i = l

0, d = odd N ( i ) N ( d - i ) + N(d/2)(N(d/2)+ 1)/2, d = even,

where Ix] is the ceiling function. Determining an expression from which N3(d ) can be calculated is a little

more tricky. We find;

PROPOSITION 2. For d > 2,

l ~ J ~ 2 d - ' - ' = N(i)N(j)N(d - i - j ) + 3 (5) N3(d) 6 Li-- I )=~1

{ O i f d ¢ O m o d 3 1 2N (d/3 ), otherwise_]

l d / 2 1 - 1

~, N ( i ) N ( d - 2i) + i = l

PROOF. Let R be the set of all triplets of prime polynomials whose product has degree d and let S be the symmetric group of permutations of 3 objects. Using a similar approach as before we calculate [PI, where P is the set of equivalence classes of triplets in R. Table 1 summarizes the calculations.

670 BERNARD SMEETS

Table 1. The calculation of the number of equivalence classes Iel of products of degree d of

three not necessarily distinct prime polynomials.

triplet condition for eqval, condition on d s(u,v,w) s(u,v,w) ffi (u,v,w) triplets

(u, v, w) none IRI none (w, u, v) w ffi u ffi v R3 d ffi 0 rood 3 (v, w, u) w ffi u -- v R3 d ffi 0 mod 3 (u, w,v) w = v R2 (w,v,u) u = w R, (v,u,w) u = v R2

611~ = IRI+3R2+(2R3 ifd ffi 0 rood 3)

The value of IRI is the number of polynomials of degree d having three prime factors. Hence,

d - 2 d - i - I (6) IRI= ~ ~. N ( i ) N ( j ) N ( d - i - j ) .

i~- | j = l

The value of R 2 is the number of polynomials of degree d having three prime factors of which two are equal. An easy calculation gives;

Id/2l - l (7) R2ffi ~ N( i )N(d-2 i ) .

1=1

R 3 is the number of polynomials of degree d that factor into 3 equal prime polynomials. Hence R3 = N(d/3) if d = 0 mod3 and zero otherwise. Noting that [PI -- N3(d) establishes the proof.

Using the same ideas as before one rinds.

PROPOSITION 3. For d > 3,

1 r ~ 3 d - ~ - i d - l - i - J N( i )N( j )N(k )N(d - i --j - k)

N , (d) = -~ u = l j ffi I k~ffit

a - 3 f ( d - 0 / 2 l - 1 rd/31- t

+ 6 E • N ( i ) N ( j ) N ( d - i - 2 j ) + 8 E /ffit j = l iffil

N(i)N(d - 3i) +

0 i f d ~ 0 m o d 2 ~ 0 i f d ~ 0 m o d 4 1 + ~ d / 2 - 1 +

( 3 E N( i )N( (d-2 i ) /2 ) (6N(d/4), otherwise_] t ffi l

PROOF. Table 2 shows that 2 4 N 4 ( d ) = I R I + 6 R z + 8 R 3 + 3 R z z + 6 R 4 . The values of IRI, R2, R3, R4 are easily determined as the corresponding expressions given in the proposition. R22 is the number of polynomials of degree d that

ON THE NUMBER OF POLYNOMIALS OVER GF(2) THAT . . . 671

T a b l e 2

T h e c a l c u l a t i o n o f t h e n u m b e r o f e q u i v a l e n c e c lasses IPI o f p r o d u c t s o f d e g r e e d o f

f o u r n o t n e c e s s a r i l y d i s t i n c t p r i m e p o l y n o m i a l s .

4-tuple condition for eqvaL condition on d s(t, u, v, w) s(t, u, v, . ,) = (t, u, v, w) 4-tuples

(t, u, v, w) none IRI none (t, w, u, v) w = u = v R~ ( t ,v ,w,u) w = u = v R~ ( t ,u ,w,v) w = v R , ( t ,w,v ,u) u = w R , (t , v , u, w ) u = v R2

(u, t ,v ,w) t ffi u Rz (u,w, t ,v) t ffi u = w = v R 4 d ffi 0 mod4 (u,v,w,t) t ffi u = v = w R4 d ffi 0 mod4 (u, t ,w,v) t = u, v = w Rz2 d = 0 rood2 (u,w,v , t ) t = u = w R3 (u,v,t,w) t = u = v R3

(V, U, t , w) t ~ V R 2 (v,w,u,t) t = v = u ffi w R4 (v, t ,w,u) t = v = w = u R4 (v ,u,w,t) t = v = w R~ (v ,w, t ,u) t = v,u = w Rz2 (v , t ,u ,w) t = v = u R 3

d = 0 mod4 d = 0 m o d 4

d -- 0 mod2

(w, U, V, t) t ---- w R 2 (w, t ,u ,v) t = w = v = u R4 d = 0 mod4 (w,v , t ,u) t = w = u = v R4 d = 0 rood4 (w, u, t, v) t ~= w = v R~ (w,t,v,u) t = w = u R3 (w,v,u,t) t = w,u = v R~2 d = 0 rood2

24]PJ = IRI +6R2 +8R3 + 3Rz, + 6R4

h a v e t w o p a i r w i s e e q u a l p r i m e f a c t o r s . H e n c e , if d is o d d , t h e n Rz2 = 0. I f d is

e v e n , t h e n

d/2 - l

(9 ) R22 = ~ N ( i ) N ( ( d - 2 i ) / 2 ) . i=1

3 . N u m e r i c a l r e s u l t s f o r p o l y n o m i a l s u p t o d e g r e e 1 2 7 .

T h e v a l u e s o f N e ( d ), e -- 2 , 3 , 4 , h a v e b e e n c o m p u t e d u p t o d e g r e e 127. T h e

r e s u l t s a r e c o m p a r e d w i t h a s y m p t o t i c a p p r o x i m a t i o n s , d e n o t e d b y ~ e ( d ) , b y

c a l c u l a t i n g f o r e -- 2

2 d ( 1 0 a ) ~ 2 ( d ) / N 2 ( d ) = ~ (In ( d - l ) + ? - 0 . 4 5 2 2 ) / N z ( d ) ,

672 BERNARD SMEETS

where ), is Eulers constant and for e = 3, 4 by calculating

(lOb) ffl e(d)/ N e(d) = (ln d) ~- ~ 2d/N ~(d)" d(e- 1)!

For e = 3, 4 the approximations are due to Cohen [3], [4]. The approximation of N2(d) is obtained from (4). For odd values of d formula (4) can be written as

(11) _ _ E i - 1 N 2 ( d ) = , = l ~ N(i)N(d-i) i (d-i) + d - , : ~

From (1) it is clear that if d > m = 23, then N(d) is very close to 2'l/d, to be more precise N(d)=d-l(2'2-2ct2 d/2) where 0 < ct ~< 1. The first summation in (11) is divided into two sums. One sum is formed by restricting the first summation to the parts where 1 ~< i -%< m and d - m ~< i ~< d - 1. The second sum adds the remaining parts. Both sums can be bounded from below and above using the actual values of N(d) for 1 ~< d ~< m and using the bounds for N(d) when d > m. The second summation in (11) can be approximated by applying the Euler-MacLaurin sum formula on l + l / 2 + . . . + l / ( d - 1 ) . After some manipulations one obtains

(12) ~ i -1 = l n ( d - 1 ) + ~ + 2(d_l-------~ + (--1)k(d 1)2------- z , i = 1 k = l

where ak are positive constants containing the Bernoulli numbers [7]. Combining the results shows that for large odd d there exists a 6, 0 ~< 6 ~< 2 -(=-3)/2 such that

(13) N2(d) = 1 - 6 ) I n ( d - 1)+),-0.4522 +O(2J/d2).

For large odd d, ~2(d) is taken as the first part of (13) with 6 = 0. If d is even, then the extra term N(d/2)(N(d/2)+ 1)/2 has to be added. This term is of size 2did 2. Thus (13) holds also for large even values of d.

Besides these values it is interesting to know how many polynomials of all the polynomials of degree d factor in at most four prime factors. A similar thing can be asked for all the polynomials of degree less than or equal to d. By noting that there are 2 d polynomials over GF(2) of degree d and 2 J+t - 1 polynomial~of degree less than or equal to d, the fractions Ft(d) and F2(d ) are computed, where

4 d 4

(14) Fa(d)= ~, Ne(d)/2 a, F2(d)= ~ ~ Ne(i)/(2'~+t-1) e = l i = t e l l

ON THE NUMBER OF POLYNOMIALS OVER GF(2) THAT . . . 6 7 3

Table 3 Ne(d), ~e(d)/Ne(d), e = 2, 3, 4, and Fl(d), F2(d) for some values of d between 4

and 127.

d N2(d ) N2/N2 N3(d) 1~!3/N 3 N4(d) I~,,/N4 Ft(d) F2(d)

4 5 0.979 3 1.281 5 0.355 1.00 0.967 10 226 1.052 234 1.160 191 1.091 0.732 0.749 20 157677 1.021 219881 1.070 207764 1.131 0.608 0.618 30 123674876 1.011 199218740 1.039 212427398 1.105 0.531 0.538 40 1.034x 1011 1.007 1.826x t0 It 1.024 2.118× 1011 1.086 0.477 0.482 50 9.000 x 1013 1.005 1.696 x 1014 1.0t6 2.094 x 10 TM 1.073 0.436 0.440 60 8.044 × 1016 1.004 1.594 X 1017 1.010 2.067 × 1017 1.063 0.404 0.407 70 7.329 × 1019 1.003 1.512 x 1020 1.006 2.041 x 1020 1.056 0.377 0.379 80 6.774 x 1022 1.003 1.446 × 1023 1.003 2.017 x 1023 1.051 0.354 0.357 90 6.332 × 1025 1.002 1.391 x 1026 1.001 1.997 x 1026 1.046 0.335 0.337

100 5.972 × 1028 1.002 1.345 × 1029 0.999 1.980 × 1029 1.042 0.319 0.320 110 5.674 × 1031 1.002 1.306 x 1032 0.998 1.966 x 1032 1.039 0.304 0.306 120 5.424 x 1033 1.002 1.273 x 1035 0.997 1.955 x 103s 1,036 0.291 0.293 127 6.637 x 1036 1.001 1.578 × 1037 0.996 2.453 × 1037 1.035 0.283 0.284

Table 3 summarizes the computations. A complete table with the exact values of Ne(d), 4 <~ d <~ 127 can be found in [8].

Conclusions.

Using a simple counting argument one can derive expressions for the number of polynomials over GF(2) that have two, three and four prime factors in GF(2)[x]. The numerical results show that an asymptotic approximation of these numbers is very well in agreement with the exact values even for small values of d. By calculating the values of Ne(d) one can bound the number of polynomials of a given degree d that have few prime factors of large degree. The results show that this number is relatively small for large d. It is interesting to note that the results above show that for not too small d, the polynomials over GF(2) have generally more than four prime factors. When a natural number is considered, say n, the normal order of the number of prime factors in n is In In n, [9]. Hence numbers near 1025 will usually have about four prime factors. This shows that the polynomials over GF(2) have a more composite nature than the natural numbers.

Acknowledgement.

Thanks are due to T. Herlestam for suggesting this problem.

674 BERNARD SMEETS

R E F E R E N C E S

I. D. Coppersmith, Fast evaluation of logarithms in fields of characteristic two, IEEE Trans. Inform. Th., Vol. IT-30, 583-594, 1984.

2. A. Odlyzko, Discrete logarithms in finite fields and their cryptographic importance, preliminary report Bell Labs., 1983.

3. S. D. Cohen, Further arithmetical functions in finite fields, Proc. Edinburgh Math. Soc., Ser. 2, Vol. 16, 349-363, 1968.

4. M. Car, Factorisation dans Fq[X], Comptes Rendus, Ser. 1, 147-150, 1982. 5. E. R. Berlekamp, Algebraic Coding Theory, McGraw-Hill, New York, 1968. 6. N. G. de Bruijn, Enumerative combinatorial problems concerning structures, Nieuw Archief voor

Wiskunde, Vol. 11, 142-161, 1963. 7. D. E. Knuth, The Art of Computer Programming, Vol. 1: Fundamental Algorithms, 2nd ed.,

Addison-Wesley, 1973. 8. B. J. M. Smeets, New results on the Herlestam.Johannesson algorithm for computing logarithms

over GF(2P), report, in preparation. 9. G. H. Hardy and E. M. Wright, An Introduction to the Theory of Numbers, 5-th ed., Oxford, 1979,