Sequences of irreducible polynomials over odd prime fields via elliptic curve endomorphisms

Journal of Number Theory 152 (2015) 21–37

Contents lists available at ScienceDirect

Journal of Number Theory www.elsevier.com/locate/jnt

Sequences of irreducible polynomials over odd prime fields via elliptic curve endomorphisms S. Ugolini Dipartimento di Matematica, Università degli studi di Trento, Via Sommarive 14, I-38050 Povo (Trento), Italy

a r t i c l e

i n f o

a b s t r a c t

Article history: Received 25 May 2014 Received in revised form 9 September 2014 Accepted 18 December 2014 Available online 7 February 2015 Communicated by David Goss

Text. In this paper we present and analyze a construction of irreducible polynomials over odd prime fields via the transforms which  n take any polynomial f ∈ Fp [x] of positive degree n to xk · f (k(x + x−1 )), for some specific values of the odd prime p and k ∈ Fp . Video. For a video summary of this paper, please visit http://youtu.be/Lmw5m_c-i8s. © 2015 Elsevier Inc. All rights reserved.

Keywords: Irreducible polynomial iterative constructions Finite fields Elliptic curves

1. Introduction Let f be a polynomial of positive degree n defined over the field Fp with p elements, for some odd prime p. We set q = pn and denote by Fq the finite field with q elements. For a chosen k ∈ F∗p we define the Qk -transform of f as f Qk (x) =

 x n k

E-mail address: [email protected]. http://dx.doi.org/10.1016/j.jnt.2014.12.027 0022-314X/© 2015 Elsevier Inc. All rights reserved.

· f (ϑk (x)) ,

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

22

where ϑk is the map which takes any element x ∈ P1 (Fq ) = Fq ∪ {∞} to  ∞ if x = 0 or ∞, ϑk (x) = k · (x + x−1 ) otherwise. The aforementioned Qk -transforms seem a natural generalization of some specific transforms employed by different authors for the synthesis of irreducible polynomials over finite fields. In [3] Meyn used the so-called Q-transform, which coincides with the Q1 -transform according to the notations of the present paper. Moreover, setting k = 12 we recover the R-transform introduced by Cohen [1] and used more recently by us [5] to construct sequences of irreducible polynomials over odd prime fields. In this paper we would like to take advantage of the knowledge of the dynamics of the maps ϑk for some specific values of k [4] and extend our investigation [5]. In the following we will give a thorough description of the sequences of irreducible polynomials constructed by repeated applications of a Qk -transform, when k belongs to one of the following sets: • • • •

  C1 = 12 , − 12 ;   C2 = k ∈ Fp : k is a root of x2 + 14 , provided that p ≡ 1 (mod 4);   C3 = k ∈ Fp : k is a root of x2 + 12 x + 12 , provided that p ≡ 1, 2, or 4 (mod 7);   C3− = k ∈ Fp : −k is a root of x2 + 12 x + 12 , provided that p ≡ 1, 2, or 4 (mod 7).

Indeed, the case k = 12 has been analyzed in [5] and we can easily adapt the results of that paper to the case k = − 12 (see the subsequent Remark 2.2). Hence, in this paper we will mainly concentrate on the cases that k ∈ C2 ∪ C3 ∪ C3− . 2. Preliminaries Let p be an odd prime and q a power of p. For a fixed k ∈ F∗p , the dynamics of the map ϑk over P1 (Fq ) can be visualized by means of the graph Gqϑk , whose vertices are labeled by the elements of P1 (Fq ) and where a vertex α is joined to a vertex β if β = ϑk (α). As in [4] we say that an element x ∈ P1 (Fq ) is ϑk -periodic if ϑrk (x) = x for some positive integer r. We will call the smallest of such integers r the period of x with respect to the map ϑk . Nonetheless, if an element x ∈ P1 (Fq ) is not ϑk -periodic, then it is preperiodic, namely ϑlk (x) is ϑk -periodic for some positive integer l. In [4] the reader can find more details about the length and the number of the cycles of Gqϑk , when k ∈ C1 ∪C2 ∪C3 . For the purposes of the present paper we are just interested in the structure of the reversed binary trees attached to the vertices of a cycle. The following lemma shows how the maps ϑk and ϑ−k are related, for any k ∈ F∗p . Lemma 2.1. Let k ∈ F∗p and x ∈ P1 (Fq ). The following hold: 2r (1) ϑ2r k (x) = ϑ−k (x) for any nonnegative integer r;

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

23

(2) if ϑtk (x) is ϑk -periodic, for some nonnegative integer t, then ϑt−k (x) is ϑ−k -periodic too. Proof. We prove separately the statements. (1) We proceed by induction on r. If r = 0, then ϑ0k (x) = ϑ0−k (x) = x.

2(r−1)

For the inductive step, assume that ϑk r > 0. Therefore,

2(r−1)

(x) = ϑ−k 

2r−2 2 ϑ2r (x)) = ϑ2k (˜ x) = k · k (x) = ϑk (ϑk

 = −k ·

2

−k x˜ x˜+1 −k ·

+1

2

2

k·

x ˜2 +1 x ˜

k x˜ x˜+1

2

x ˜2 +1

(x) = x ˜ for some integer

+1

= ϑ2−k (˜ x) = ϑ2r −k (x).

x ˜

(2) Let x ˜ = ϑtk (x). By hypothesis, ϑrk (˜ x) = x ˜ for some nonnegative integer r. Then, 2r ϑ−k (˜ x) = ϑ2r (˜ x ) = x ˜ according to (1). 2 k Remark 2.2. In virtue of Lemma 2.1, the results in [5] still hold replacing ϑ 12 with ϑ− 12 and the R-transform with the Q− 12 -transform. In particular, [5, Theorem 3.1], which describes the iterative construction of irreducible polynomials via the R-transform, holds with the current Q− 12 -transform. We introduce the following notations in analogy with [5]. Definition 2.3. If f ∈ Fp [x]\{x} is a monic irreducible polynomial and α is a non-zero root of f in an appropriate extension of Fp , then we denote by f˜ϑk the minimal polynomial of ϑk (α) over Fp . Definition 2.4. We denote by Irrp the set of all monic irreducible polynomials of Fp [x]. If n is a positive integer, then Irrp (n) denotes the set of all polynomials of Irrp of degree n. Remark. The reader can notice a slight difference in the definition of Irrp with respect to [5, Definition 2.3]. Indeed, in [5] we excluded the polynomials x + 1 and x − 1 from Irrp , because 1 and −1 are the only ϑ 12 -periodic elements in Gq1 which are not root of 2

any reversed binary tree, for any power q of p. If k ∈ C2 ∪ C3 ∪ C3− this phenomenon does not occur, namely any ϑk -periodic element is root of a reversed binary tree. The forthcoming Lemma 2.5, Theorem 2.6 and Theorem 2.7 generalize respectively [5, Lemma 2.5, Theorem 2.6, Theorem 2.7].

24

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

Lemma 2.5. Let f be a polynomial of positive degree n in Fp [x]. Suppose that β is a root of f and that β = ϑk (α) for some α, β in suitable extensions of Fp . Then, α and α−1 are roots of f Qk . Proof. By hypothesis, f (ϑk (α)) = f (ϑk (α−1 )) = f (β) = 0. Therefore,  α n k

· f (ϑk (α)) =

α−1 k

n

· f (ϑk (α−1 )) = 0,

namely f Qk (α) = f Qk (α−1 ) = 0. 2 Theorem 2.6. Let f be a polynomial of Irrp (n)\{x, x+1, x−1}, for some positive integer n. The following hold. • If the set of roots of f is not inverse-closed, then f˜ϑk ∈ Irrp (n). • If the set of roots of f is inverse-closed, then n is even and f˜ϑk ∈ Irrp (n/2). Proof. If β = ϑk (α) for some root α of f , then α is a root of the polynomial x2 −k−1 βx+1, which has coefficients in Fp (β). Since α has degree n over Fp , either β has degree n or it has degree n/2 over Fp , the latter being possible only if n is even. i i Any root of f˜ϑk can be expressed as β p = ϑk (αp ) for some non-negative integer i. Therefore, ϑk induces an onto correspondence between the sets of roots of f and f˜ϑk i i i respectively. Since ϑk (x) = β p if and only if x ∈ {αp , α−p }, we conclude that such a correspondence is injective, and consequently f˜ϑk ∈ Irrp (n), if and only if the set of roots of f is not inverse-closed. 2 Theorem 2.7. Let f (x) = xn + an−1 xn−1 + · · · + a1 x + a0 ∈ Irrp (n) for some positive integer n. The following hold. • 0 is not a root of f Qk . • The set of roots of f Qk is closed under inversion. • Either f Qk ∈ Irrp (2n) or f Qk splits into the product of two polynomials mα , mα−1 in Irrp (n), which are respectively the minimal polynomial of α and α−1 , for some α ∈ Fpn . Moreover, in the latter case at least one of α and α−1 is not ϑk -periodic. Proof. We notice that the constant coefficient of the polynomial

f Qk (x) =

 x n k



n−1   n −1 n · k x+x + ai ki (x + x−1 )i

is 1. Therefore, 0 cannot be a root of f Qk .

i=0

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

25

Let α ∈ Fp2n be a root of f Qk and β = ϑk (α). Then, f Qk (α) =

 α n k

· f (β) = 0

and consequently f (β) = 0. Therefore, α−1 is a root of f Qk according to Lemma 2.5. Hence, the set of roots of f Qk is closed under inversion. Since β has degree n over Fp , either α has degree 2n or it has degree n over Fp . In the former case f Qk ∈ Irrp (2n). In the latter case, f Qk = mα · mα , for some polynomials mα and mα in Irrp (n). Indeed, mα is the minimal polynomial of α over Fp and mα = x, because mα (0) = 0. Moreover, (m ˜ α )ϑk = f , because ϑk (α) = β. We have two possible scenarios. • If mα ∈ {x + 1, x − 1}, then α ∈ {1, −1} and α = α−1 . Hence, β = ±2k and f (x) = x ± 2k. Therefore, f Qk (x) =

x k

· (k(x + x−1 ) ± 2k) = (x ± 1)2 ,

which implies that mα = mα = mα−1 . We notice also that 1 and −1 are not ϑk -periodic. Indeed, ϑk (±1) = ±2k,

ϑk (±2k) = 0,

ϑk (0) = ∞ and ϑk (∞) = ∞.

• If mα ∈ / {x + 1, x − 1}, then the set of roots of mα is not inverse-closed according to Theorem 2.6. Hence, mα = mα−1 and α = α−1 , because α = α−1 if and only if α ∈ {1, −1}. If one of α and α−1 is ϑk -periodic, then β is ϑk -periodic too. Since at most one of α and α−1 can be the direct predecessor of β in the cycle containing this latter element in Gqϑk , we conclude that at least one of α and α−1 is not ϑk -periodic. 2 Before dealing with the construction of sequences of irreducible polynomials, we prove some additional results for the dynamics of the maps ϑk , when k belongs respectively to C2 , C3 or C3− . Such results complement our investigation [4]. 2.1. Case k ∈ C2 For the reader’s convenience we sum up the results proved in [4, Section 3] for the dynamics of the map ϑk , when k is a root of x2 + 14 for a fixed prime p ≡ 1 (mod 4). Let αω and αω be the roots of the polynomial x2 − 2x + 2 ∈ Fp [x], whose discriminant is −4. Since −4 is a quadratic residue in Fp , we have that αω and αω belong to Fp . We set −2 −2 kω = αω and kω = αω and notice that kω2 ≡ kω2 ≡ − 14 (mod p) and kω ≡ −kω (mod p).

26

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

From now on, we fix a positive integer n and set σ = ω or σ = ω. The dynamics of the map ϑkσ over P1 (Fpn ) can be studied relying upon the elliptic curve E of equation y 2 = x3 + x over Fp . Indeed, the map ekσ (x, y) =

kσ x2 − 1 ϑkσ (x), ·y· ασ x2

,

defined for any rational point (x, y) in E(Fpn ), is an endomorphism of E over Fp . In particular, ekσ ◦ ekσ = 2, which is the duplication map over E. Since ϑkσ is involved in the definition of the endomorphism ekσ , the dynamics of ϑkσ on P1 (Fpn ) can be studied relying upon the dynamics of ekσ over E(Fpn ). The endomorphism ring End(E) of E over Fp is isomorphic to R = Z[i], which is a Euclidean ring with Euclidean function N (a + bi) = a2 + b2 , for every choice of the integers a and b. In R we have that 2 = α · α, where α = (1 + i) ∈ C. Therefore, the representation of ekσ in R is either α or α. We remind the reader that there exists an isomorphism ψn : E(Fpn ) → R/(πpn − 1)R, where πp is the representation in R of the Frobenius endomorphism of E over Fp . Therefore, the dynamics of ekσ in E(Fpn ) can be studied by means of the dynamics of [ρ0 ] in R/(πpn − 1)R, where  ρ0 =

α,

if α−2 ≡ kσ (mod πp ),

α, if α−2 ≡ kσ (mod πp ).

Now, we define the sets E(Fp )∗ = {O, (0, 0), (ip , 0), (−ip , 0)} ⊆ E(Fpn ), E(Fp )∗x = {∞, 0, ip , −ip } ⊆ P1 (Fpn ), where O is the point at infinity of E and ip a square root of −1 in Fp . Since p ≡ 1 or 5 (mod 8), we partition accordingly P1 (Fpn ) as follows. (1) If n is odd and p ≡ 5 (mod 8), then we define An = {x ∈ Fpn : (x, y) ∈ E(Fpn ) for some y ∈ Fpn }\E(Fp )∗x ; Bn = {x ∈ Fpn : (x, y) ∈ E(Fp2n ) for some y ∈ Fp2n \Fpn } ∪ E(Fp )∗x .

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

27

(2) If n is even or n is odd and p ≡ 1 (mod 8), then we define An = {x ∈ Fpn : (x, y) ∈ E(Fpn ) for some y ∈ Fpn } ∪ {∞}; Bn = {x ∈ Fpn : (x, y) ∈ E(Fp2n ) for some y ∈ Fp2n \Fpn }. We notice that in both cases An ∩ Bn = ∅ and P1 (Fpn ) = An ∪ Bn . Moreover, the dynamics of ϑkσ can be studied separately on the elements of An and Bn , as a consequence of the following result, which corresponds to [4, Lemma 3.2]. Lemma 2.8. Let x ˜ ∈ P1 (Fpn ). Then, x ˜ ∈ An ⇔ ϑkσ (˜ x) ∈ An . Consider now the sets E(Fpn )An = {(x, y) ∈ E(Fpn ) : x ∈ An \{∞}} ,   E(Fp2n )Bn = (x, y) ∈ E(Fp2n ) : x ∈ Bn \{∞} . Then, there exist two isomorphisms ψn : E(Fpn )An ∪ E(Fp )∗ → R/(πpn − 1)R, ψn : E(Fp2n )Bn ∪ E(Fp )∗ → R/(πpn + 1)R, as a consequence of the following result, which corresponds to [4, Lemma 3.3]. Lemma 2.9. Let P be a rational point of E(Fp2n ) such that either P = O, or P = (˜ x, y˜), for some x ˜ ∈ Fpn and y˜ ∈ Fp2n . Then, (πpn − 1)P = O ⇔ P ∈ E(Fpn )An ∪ E(Fp )∗ ; (πpn + 1)P = O ⇔ P ∈ E(Fp2n )Bn ∪ E(Fp )∗ . All considered, the dynamics of the map ϑkσ on An (resp. Bn ) can be studied relying upon the iterations of [ρ0 ] in R/(πpn − 1)R (resp. R/(πpn + 1)R). n The graph Gpϑk presents remarkable symmetries. In particular, any connected comσ ponent is formed by one cycle whose vertices are roots of binary trees having the same depth, as the reader can notice in the forthcoming example. Example 2.10. Let p = 53 and n = 1. The roots in Fp of the polynomial x2 − 2x + 2 are αω = 24 and αω = 31. Consequently, kω = 15 and kω = 38.

28

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

In G53 ϑ15 there is 1 connected component due to the elements of A1 .

The remaining 2 connected components of G53 ϑ15 are due to the elements of B1 .

In Example 2.10 the reader can notice that all ϑ15 -periodic elements which belong to A1 are roots of binary trees having depth 2, while all ϑ15 -periodic elements which belong to B1 are roots of binary trees having depth 3. In general, suppose that πpn − 1 (resp. πpn + 1) factors in R as ρe00 · ρ1

(resp. ρe0˜0 · ρ˜1 ),

(2.1)

where e0 and e˜0 are two nonnegative integers, while ρ1 and ρ˜1 are two elements in R coprime to ρ0 . We notice in passing that ρ1 and ρ˜1 are coprime to ρ0 too, because ρ0 = ±i · ρ0 . Therefore, N (ρ1 ) and N (˜ ρ1 ) are not divisible by 2. n The depth of the trees in Gpϑk is easily determined, once we know e0 and e˜0 . In fact, σ the following result, which is based upon [4, Theorem 3.5], holds. Theorem 2.11. Any ϑkσ -periodic element in An (resp. Bn ) is the root of a reversed binary tree of depth e0 (resp. e˜0 ). Moreover, the root has exactly one child, while all

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

29

other vertices have two children, except for the vertices at the level two of the tree rooted in ∞, which have exactly one child each. In the last part of the current section we will denote kσ by k for the sake of simplicity. Before proving Lemma 2.13, which will be useful for the construction we are going to present in Theorem 3.1, we introduce the following notation. Definition 2.12. Let m = 2e · f , for some odd integer f and non-negative integer e. Then, we denote by ν2 (m) the exponent of the greatest power of 2 which divides m, namely ν2 (m) = e. Lemma 2.13. Let m and n be two positive integers. Then, the following hold: (1) (2) (3) (4)

ν2 (N (πpn − 1)) ≥ 2; if ν2 (N (πpn − 1)) = 2, then ν2 (N (πpn + 1)) ≥ 3; if ν2 (N (πpn − 1)) ≥ 3, then ν2 (N (πpn + 1)) = 2; i+1 i ν2 (N (πp2 m − 1)) = ν2 (N (πp2 m − 1)) + 2, for any positive integer i.

Proof. Since πpn − 1 ∈ Z[i], we have that πpn − 1 = a + ib, for some a, b ∈ Z, and consequently πpn + 1 = (a + 2) + ib. We prove separately the statements. (1) Let S = R/ρe00 R × R/ρ1 R ∼ = R/(πpn − 1)R. Consider the following points in S: Q = (Q0 , Q1 ) = ψn (ip , 0); P = (P0 , P1 ) = ψn (0, 0); O = (0, 0) = ψn (O). Since ϑk (ip ) = 0 and ϑk (0) = ∞, we have that [ρ0 ]Q = P and [ρ0 ]P = O. Moreover, by the fact that ρ0 and ρ1 are coprime, we deduce that P1 = 0 and Q1 = 0. In addition, Q0 = 0 and P0 = 0. Therefore, [ρ0 ]Q0 = 0 in R/ρe00 R. Since this latter is true only if e0 ≥ 2, we get the result. (2) By hypothesis, N (πpn − 1) = a2 + b2 = 4c,

(2.2)

for some odd integer c, and consequently a and b have the same parity. Indeed, a and b are both even. Suppose, on the contrary, that a and b are both odd. Then, a ≡ ±1 (mod 4), b ≡ ±1 (mod 4) and a2 +b2 ≡ 2 (mod 4), in contradiction with (2.2).

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

30

Evaluating N (πpn + 1) we get N (πpn + 1) = a2 + 4a + 4 + b2 = 4c + 4(1 + a) = 4(1 + a + c). We notice that 1 + a is odd, because a is even. Therefore, 1 + a + c is even and consequently N (πpn + 1) ≡ 0 (mod 8). Hence, ν2 (N (πpn + 1)) ≥ 3. (3) By hypothesis, N (πpn − 1) = a2 + b2 = 8c,

(2.3)

for some integer c. In particular, a and b are both even, as proved in (2). We evaluate N (πpn + 1) and get N (πpn + 1) = a2 + 4a + 4 + b2 = 8c + 4(1 + a). We notice that 1 + a is odd, because a is even. Therefore, N (πpn + 1) ≡ 4 · (1 + a) ≡ 0

(mod 8)

and consequently ν2 (N (πpn + 1)) = 2. (4) Set n := 2i−1 m. Then, i

ν2 (N (πp2

m

− 1)) = ν2 (N (πp2n − 1)) = ν2 (N (πpn − 1)) + ν2 (N (πpn + 1)).

From (1), (2) and (3) we get that ν2 (N (πpn − 1)) + ν2 (N (πpn + 1)) ≥ 5. Hence, i ν2 (N (πp2 m − 1)) ≥ 5. Set now n := 2i m. Then, i+1

ν2 (N (πp2 i

Since ν2 (N (πp2

m

m

− 1)) = ν2 (N (πpn − 1)) + ν2 (N (πpn + 1)).

− 1)) ≥ 5, from (3) we get that ν2 (N (πpn + 1)) = 2. All considered, i+1

ν2 (N (πp2

m

i

− 1)) = ν2 (N (πp2

m

− 1)) + 2.

2

2.2. Case k ∈ C3 In the first part of this section we sum up the results proved in [4, Section 4] for the dynamics of the map ϑk , when k is a root of x2 + 12 x + 12 for a fixed prime p ≡ 1, 2, or 4 (mod 7). Let ω and ω be the roots of the polynomial x2 − x + 2 ∈ Fp [x], whose discriminant is −7. Since −7 is a quadratic residue in Fp , we have that ω and ω belong to Fp . We set kω ≡ ω−1 (mod p) and kω ≡ ω−1 (mod p) and notice that kω and kω are the roots of 2 2 the polynomial x2 + 12 x + 12 ∈ Fp [x].

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

31

From now on, we fix a positive integer n and set σ = ω or σ = ω. The map ϑkσ is conjugated to the map ηkσ defined over P1 (Fpn ) as follows:  ηkσ (x) =

∞  1 σ2 · x −

7·(1−σ)4 x+σ 2 −2



if x = −σ 2 + 2 or ∞, otherwise.

Indeed, in [4, Lemma 4.1] it has been proved that there exists a bijective map χkσ defined over P1 (Fpn ) such that χ−1 kσ ◦ ηkσ ◦ χkσ (x) = ϑkσ (x) for any x ∈ P1 (Fpn ). Therefore, the graph associated with the dynamics of ϑkσ over P1 (Fpn ) is isomorphic to the graph associated with the dynamics of ηkσ . This latter map is involved in the definition of the endomorphism ekσ (x, y) =

ηkσ (x),



1 7 · (1 − σ)4 · y · 1 + σ3 (x + σ 2 − 2)2

of the elliptic curve E having equation y 2 = x3 − 35x + 98 over Fp . In particular, 2 = ekσ ◦ ekσ , where 2 is the duplication map defined over E. Therefore, we can study the dynamics of ηkσ over P1 (Fpn ) by means of the dynamics of the endomorphism ekσ n on E(Fpn ). Doing so we can describe the structure of the graph Gpηkσ associated with the iterations of ηkσ over P1 (Fpn ). The √ endomorphism ring End(E) of E over Fp is isomorphic to R = Z[α], where α = 1+ 2 −7 ∈ C. The ring R is Euclidean with Euclidean function N (a + bα) = (a + bα)(a + bα), for any choice of the integers a and b. Since in R we have that 2 = α · α, we deduce that the representation of ekσ in R is either α or α. We remind the reader that there exists an isomorphism ψn : E(Fpn ) → R/(πpn − 1)R, where πp is the representation in R of the Frobenius endomorphism of E over Fp . Therefore, the dynamics of ekσ in E(Fpn ) can be studied by means of the dynamics of [ρ0 ] in R/(πpn − 1)R, where  ρ0 =

α, if α ≡ σ (mod πp ), α, if α ≡ σ (mod πp ).

Now we define the sets E(Fp )∗ = {O, (−7, 0), (σ + 3, 0), (σ + 3, 0)} ⊆ E(Fpn ), E(Fp )∗x = {∞, −7, σ + 3, σ + 3} ⊆ P1 (Fpn ),

32

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

where O is the point at infinity of E. We notice in passing that, according to the following result which is based upon [4, Lemma 4.3], the elements σ + 3 and ∞ are ηkσ -periodic, while −7 and σ + 3 are preperiodic. Lemma 2.14. The following hold: • ηkσ (−7) = σ + 3 and ηkσ (σ + 3) = σ + 3; • ηkσ (2σ − 1) = σ + 3, ηkσ (σ + 3) = ∞ and ηkσ (∞) = ∞. We can partition the elements of P1 (Fpn ) in two subsets as follows: (1) if ρ20  (πpn − 1), then An = {x ∈ Fpn : (x, y) ∈ E(Fpn ) for some y ∈ Fpn }\E(Fp )∗x , Bn = {x ∈ Fpn : (x, y) ∈ E(Fp2n ) for some y ∈ Fp2n \Fpn } ∪ E(Fp )∗x ; (2) if ρ20 | (πpn − 1), then An = {x ∈ Fpn : (x, y) ∈ E(Fpn ) for some y ∈ Fpn } ∪ {∞}, Bn = {x ∈ Fpn : (x, y) ∈ E(Fp2n ) for some y ∈ Fp2n \Fpn }. We notice that in both cases An ∩ Bn = ∅ and P1 (Fpn ) = An ∪ Bn . The set E(Fp )∗x has been defined in such a way that the dynamics of the map ηkσ can be studied separately on the elements of An and Bn , as a consequence of the following result, which corresponds to [4, Lemma 4.4]. Lemma 2.15. Let x ˜ ∈ P1 (Fpn ). Then, x ˜ ∈ An ⇔ ηkσ (˜ x) ∈ An . If we define the sets E(Fpn )An and E(Fp2n )Bn as in Section 2.1, then we notice that Lemma 2.9 holds verbatim in this new setting. Therefore, we can define the isomorphism ψn as in Section 2.1 and study the iterations of ηkσ on the elements of An (resp. Bn ), relying upon the action of [ρ0 ] in R/(πpn − 1)R (resp. R/(πpn + 1)R). Suppose now that πpn − 1 (resp. πpn + 1) factors in R as ρe00 · ρ1

(resp. ρe0˜0 · ρ˜1 ),

(2.4)

where e0 and e˜0 are two nonnegative integers, while ρ1 and ρ˜1 are two elements in R coprime to ρ0 . By means of the following result, which is based upon [4, Theorem 4.6], n n we can determine the depth of the trees in Gpηkσ and consequently in Gpϑk . σ

Theorem 2.16. Any ηkσ -periodic element in An (resp. Bn ) is the root of a reversed binary tree of depth e0 (resp. e˜0 ). Moreover, the root has exactly one child, while all other vertices

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

33

have two distinct children, except for the vertices at the level 1 of the trees rooted in σ + 3 and in ∞, which have exactly one child each. In the last part of the current section we denote kσ by k. Before proceeding we introduce the following notation. Definition 2.17. Let r = r0e0 · r1 , where r0 and r1 are two coprime elements of R and e0 is a nonnegative integer. Then, we denote by νr0 (r) the exponent of the greatest power of r0 which divides r, namely νr0 (r) = e0 . We prove a technical lemma, which provides some useful results for the construction of the sequences of irreducible polynomials. Lemma 2.18. Let n be a positive integer. Then, the following hold: (1) (2) (3) (4)

νρ0 (πpn − 1) ≥ 1; if νρ0 (πpn − 1) = 1, then νρ0 (πpn + 1) ≥ 2; if νρ0 (πpn − 1) ≥ 2, then νρ0 (πpn + 1) = 1; i+1 i νρ0 (πp2 n − 1) = νρ0 (πp2 n − 1) + 1, for any positive integer i.

Proof. Let S = R/ρe00 R × R/ρ1 R ∼ = R/(πpn − 1)R, ρ1 R ∼ S˜ = R/ρe0˜0 R × R/˜ = R/(πpn + 1)R. We define xP = σ + 3, xQ = 2σ − 1 and denote by yQ and −yQ the y-coordinates of the two rational points in E(Fp2n ) having xQ as x-coordinate. According to Lemma 2.14, ηk (xQ ) = xP ; ηk (xP ) = ∞. ˜ P˜ in S˜ defined as follows: Consider the points O, P in S and the points O, O = (0, 0) = ψn (O); ˜ = (0, 0) = ψn (O); O P = (P0 , P1 ) = ψn (xP , 0); P˜ = (P˜0 , P˜1 ) = ψn (xP , 0). (1) Since ηk (xP ) = ∞, we have that [ρ0 ]P = ([ρ0 ]P0 , [ρ0 ]P1 ) = O. Indeed, P1 = 0, because ρ0 and ρ1 are coprime. Moreover, P = O and consequently P0 = 0. Therefore, e0 = νρ0 (πpn − 1) ≥ 1. (2) Since xQ ∈ Fpn , either xQ belongs to An or xQ belongs to Bn .

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

34

Suppose that xQ ∈ An and define Q = (Q0 , Q1 ) = ψn (xQ , yQ ). Then, [ρ0 ]Q = P and [ρ0 ]2 Q = O. In particular, Q1 = 0, because ρ0 and ρ1 are coprime. Moreover, since e0 = 1 by hypothesis, [ρ0 ]Q0 = 0 and consequently P0 = 0. This latter is absurd and we deduce that xQ ∈ Bn . ˜ we conclude that ˜ = (Q ˜0, Q ˜ 1 ) = ψn (xQ , yQ ). Since [ρ0 ]Q ˜ = P˜ = O, Define now Q n e˜0 = νρ0 (πp + 1) ≥ 2. ˜ we deduce that νρ (π n + 1) ≥ 1. Indeed, νρ (π n + (3) Since P˜ ∈ S˜ and P˜ = O, p p 0 0 1) = 1. Suppose, on the converse, that νρ0 (πpn + 1) ≥ 2. Consider the point ˜ we have that [ρ0 ]R ˜ = ([ρ0 ]e˜0 −2 , 0) ∈ S. ˜ Since [ρ0 ]2 R ˜ = O, ˜ = P˜ . In particular, R   ˜ ∈ ψn (xQ , yQ ), ψn (xQ , −yQ ) . As a consequence, xQ ∈ Bn . Since by hypothesis R e0 ≥ 2, any tree rooted in an element of An has depth at least 2. Therefore, xQ ∈ An , n because it belongs to the level 2 of the tree of Gpηk rooted in ∞. All considered, we get a contradiction due to the fact that An ∩ Bn = ∅ by definition. (4) From (1), (2) and (3) we deduce that i

ν0 (πp2

n

i−1

− 1) = ν0 (πp2

n

i−1

− 1) + ν0 (πp2

n

+ 1) ≥ 3.

Finally, according to (3), i+1

ν0 (πp2

n

i

− 1) = ν0 (πp2

n

i

− 1) + ν0 (πp2

n

i

+ 1) = ν0 (πp2

n

− 1) + 1.

2

2.3. Case k ∈ C3− According to Lemma 2.1, if k ∈ C3− and n is a positive integer, then the dynamics of ϑk on P1 (Fpn ) is strictly related to the dynamics of ϑ−k , a map which belongs to the family of maps investigated in [4, Section 4]. Indeed, an element x ˜ ∈ P1 (Fpn ) is ϑk -periodic if and only if it is ϑ−k -periodic. In the case that x ˜ is not ϑk -periodic, x ˜ n n belongs to a certain level t of some tree both in Gpϑk and in Gpϑ−k . 3. Constructing irreducible polynomials via the Qk -transforms The following theorem describes how the iterative procedure for constructing irreducible polynomials via the Qk -transforms works, when k ∈ C2 ∪ C3 ∪ C3− . Theorem 3.1. Let f0 ∈ Irrp (n), for some odd prime p and some positive integer n, and k ∈ C2 ∪ C3 ∪ C3− . Define two nonnegative integers e0 and e1 as follows: • if k ∈ C2 , then e0 = ν2 (N (πpn − 1)), e1 = ν2 (N (πpn + 1)), where ν2 , N and πp are defined as in Section 2.1;

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

35

• if k ∈ C3 ∪ C3− , then e0 = νρ0 (πpn − 1), e1 = νρ0 (πpn + 1), where ρ0 , νρ0 and πp are defined as in Section 2.2. If f0Qk is irreducible, define f1 := f0Qk . Otherwise, as stated in Theorem 2.7, factor into the product of two monic irreducible polynomials g1 , g2 of the same degree n, where g1 has a non-ϑk -periodic root in Fpn . In this latter case we set f1 := g1 . For i ≥ 2 define inductively a sequence of polynomials {fi }i≥2 in such a way: f0Qk

Qk Qk • if fi−1 is irreducible, then set fi := fi−1 ; Qk Qk into the product of two monic irreducible • if fi−1 is not irreducible, then factor fi−1 polynomials g1 , g2 of the same degree and set fi := g1 .

Then, there exist a nonnegative integer s and a positive integer t such that: • • • •

s ≤ max{e0 , e1 }; s + t ≤ e0 + e1 ; {f0 , . . . , fs } ⊆ Irrp (n); {fs+1 , . . . , fs+t } ⊆ Irrp (2n).

Moreover, the following hold: • if k ∈ C2 , then {fs+t+2j−1 , fs+t+2j } ⊆ Irrp (2j+1 · n) for any j ≥ 1;   • if k ∈ C3 ∪ C3− , then fs+t+j ∈ Irrp 2j+1 · n for any j ≥ 1. Proof. The proof of the present theorem follows the same lines as the proof of [5, Theorem 3.1]. First, we denote by β0 ∈ Fpn a root of f0 . Then, we construct inductively a sequence {βi }i≥0 of elements belonging to Fpn or to appropriate extensions of Fpn such that, for any i ≥ 0, the following hold: • fi (βi ) = 0; • ϑk (βi+1 ) = βi . n

We notice that, being the roots of f1 not ϑk -periodic, β0 is a vertex of some tree in Gpϑk . n

Since the depth of a tree in Gpϑk is either equal to e0 or to e1 , we conclude that there exists a non-negative integer s ≤ max{e0 , e1 } such that βs has degree n over Fp , while βs+1 has degree 2n over Fp , implying that {f0 , . . . , fs } ⊆ Irrp (n), while fs+1 ∈ Irrp (2n).

36

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

2n

We notice that β0 is a vertex of a tree in Gpϑk which has depth e0 + e1 . Therefore, there exists a positive integer t, with s + t ≤ e0 + e1 , such that βs+t has degree 2n over Fp , while βs+t+1 has degree 4n over Fp , implying that {fs+1 , . . . , fs+t } ⊆ Irrp (2n). The last two statements regarding the polynomials fi , for i > s + t, follow respectively from Lemma 2.13 and Lemma 2.18. 2 Remark 3.2. One of the hypotheses of Theorem 3.1 is that the polynomial f1 has no ϑk -periodic roots. While this is true if f0Qk ∈ Irrp (2n), the same does not always hold if f0Qk (x) = g1 (x) · g2 (x), for some monic irreducible polynomials g1 , g2 of equal degree n. More precisely, at least one of g1 and g2 has no ϑk -periodic roots. If one of them, say g1 , has ϑk -periodic roots and we set f1 := g1 , it can happen that fe˜ ∈ Irrp (n), where e˜ = max{e0 , e1 }. If this is the case, then we break the iterative procedure and set f1 := g2 . Doing that, the hypotheses of the theorem are satisfied and we can proceed with the iterative construction. Example 3.3. Consider the prime p = 53. We notice that p ≡ 1 (mod 4) and p ≡ 4 (mod 7). First, we fix a root k of x2 + 14 in Fp , namely k = 15, and construct a sequence of monic irreducible polynomials from the polynomial f0 (x) = x5 + 3x + 51 ∈ Irr53 (5) via the transform Q15 . Proceeding as explained in Theorem 3.1, using a computational tool as [2], we get that f1 , f2 and f3 belong to Irr53 (10), while f4 ∈ Irr53 (20). Therefore, in accordance with the notations and the claims of Theorem 3.1, in this example s = 0, t = 3 and {f3+2j−1 , f3+2j } ⊆ Irr53 (2j+1 · 5) for any j ≥ 1. Q15 We notice in passing that, while f3+2j−1 = f3+2j−2 for any j ≥ 1, any polynomial Q15 f3+2j is equal to one of the two irreducible factors of f3+2j−1 . This latter is equivalent to saying that every two steps in our construction the factorization of a polynomial is required. While efficient algorithms for the factorization of a polynomial into two equal-degree polynomials are known, one can reduce this burden taking k ∈ C3 ∪ C3− . Consider now k = 7 ∈ C3 and f0 as before. Constructing a sequence of monic irreducible polynomials via the transform Q7 starting from f0 we get that f1 ∈ Irr53 (10), while f2 ∈ Irr53 (20). Therefore, in accordance with Theorem 3.1, in this example s = 0, t = 1 and f1+j ∈ Irr53 (2j+1 · 5) for any j ≥ 1. In particular, fj+1 = fjQ7 for j ≥ 1 and no factorization is required. Acknowledgment The author is grateful to the anonymous Reviewer for the helpful comments which contributed to improve the paper. References [1] S.D. Cohen, The explicit construction of irreducible polynomials over finite fields, Des. Codes Cryptogr. 2 (2) (1992) 169–174.

S. Ugolini / Journal of Number Theory 152 (2015) 21–37

37

[2] The GAP Group, GAP – Groups, Algorithms and Programming, http://www.gap-system.org. [3] H. Meyn, On the construction of irreducible self-reciprocal polynomials over finite fields, Appl. Algebra Engrg. Comm. Comput. 1 (1) (1990) 43–53. [4] S. Ugolini, On the iterations of certain maps X → K ·(X +X −1 ) over finite fields of odd characteristic, J. Number Theory 142 (2014) 274–297. [5] S. Ugolini, Sequences of irreducible polynomials without prescribed coefficients over odd prime fields, Des. Codes Cryptogr. (November 2013).