A note on Gröbner bases and Berlekamp’s algorithm

Available online at www.sciencedirect.com

Applied Mathematics and Computation 196 (2008) 77–85 www.elsevier.com/locate/amc

A note on Gro¨bner bases and Berlekamp’s algorithm Manuel A. Insua, Manuel Ladra

*,1

Departamento de A´lgebra, Universidad de Santiago, E-15782, Spain

Abstract It will be shown that it is possible to factorize square-free polynomials over finite fields using Gro¨bner bases and a MAPLE implementation of this method will be described.  2007 Elsevier Inc. All rights reserved. Keywords: Gro¨bner bases; Finite fields; Factorization of polynomials; Berlekamp’s algorithm; Maple

1. Introduction Gro¨bner bases show their great adaptability to solve many different problems in several areas of mathematics, in this occasion we show how they can be utilized in the factorization of square-free polynomials in one variable over finite fields. The factorization of polynomials over finite fields, apart from its intrinsic mathematical interest, plays a crucial role in many topics of mathematics, especially in cryptography (enormously fomented since internet’s popularization), number theory and coding theory. On the other hand, knowing how to factorize polynomials over finite fields is very important, because it is the initial point to another algorithms of polynomial factorization into more complexes rings as: Q½x; Q½x1 ; . . . ; xn ; F q ½x1 ; . . . ; xn ; QðaÞ½x; QðaÞ½x1 ; . . . ; xn  [13]. In general, factorization methods existing in present time can be classified in two parts perfectly distinguished: deterministic techniques and probabilistic techniques. While deterministic techniques are based on classical algorithms, probabilistic ones are based on algorithms that use probabilistic methods to obtain the wished result. Using a deterministic method guarantees that the solution will always arrive (at least in theory, it may happen that the number of operations is so high that makes it impossible). If we used a probabilistic method, the algorithm could fail because the probability of having a mistake is greater than zero. Certainly, this probability is always searched to be the smallest, one way to achieve it is

*

1

Corresponding author. E-mail address: [email protected] (M. Ladra). Supported by the MEC (Spain), MTM 2006-15338-C02 (European FEDER support included).

0096-3003/$ - see front matter  2007 Elsevier Inc. All rights reserved. doi:10.1016/j.amc.2007.05.038

78

M.A. Insua, M. Ladra / Applied Mathematics and Computation 196 (2008) 77–85

running the algorithm several times. This little ‘‘trick’’ reduces the probability of the algorithm failure [13] and is used when Cantor–Zassenhaus algorithm is applied [3]. Berlekamp’s algorithm [1], subject of this article, and Niederreiter’s algorithm [10] are two examples of deterministic techniques of factorization. Cantor–Zassenhaus [3], Las Vegas type Berlekamp [2], von zur Gathen–Shoup [12] and Kaltofen–Shoup [7] algorithms are examples of factorization probabilistic techniques. The interest of this article is centered on Berlekamp’s algorithm. This algorithm provides the factorization of a square-free polynomial, which is the real difficulty when a polynomial is factorized. The use of Gro¨bner bases to factorize polynomials is not novel. In fact, for bivariate polynomials over finite fields, surprisingly Gro¨bner bases are useful in practice [11]. The aim of this article is to use Gro¨bner bases to obtain the greatest common divisors needed to apply Berlekamp’s algorithm, which at last, will provide the factorization of the polynomial we had in the beginning. Next, in the second section, Berlekamp’s algorithm is briefly exposed. In the third section, the theorem that allows to obtain the factorization of a polynomial using Gro¨bner bases theory is exposed and proved; and in the fourth and last section, a Maple package which calculates the factorization of a square-free polynomial in one variable over a finite field using this kind of techniques is shown. 2. Brief description of Berlekamp’s algorithm Let Fq be a finite field of q elements and characteristic p, and a(x) 2 Fq[x]  {0} of degree n, monic, greater than zero and square-free. n o F q ½x F q ½x Lemma 1 [1]. Let W ¼ ½vðxÞ 2 haðxÞi j½vðxÞq ¼ ½vðxÞ . Then W is an Fq-vector subspace of haðxÞi whose dimension is the number of irreducible factors in the factorization of a(x). Corollary 2 [1]. a(x) irreducible if and only if dimF q W ¼ 1. Definition 3. Let Q be the matrix which has as rows (and in this order), the residues of x0 ; xq ; . . . ; xðn1Þq modulo a(x). The matrix Q representing the Frobenius map is called Berlekamp–Petr matrix. Theorem 4 [1]. W ¼ fðv0 ; . . . ; vn1 Þjðv0 ; . . . ; vn1 Þ  ðQ  IÞ ¼ 0g: Theorem 5 [1]. Let a(x) be a square-free polynomial in Fq[x] and v(x) be a non-constant polynomial in W. Then Y aðxÞ ¼ GCDðaðxÞ; vðxÞ  cÞ: c2F q

Berlekamp algorithm [1] consists on: • Calculating an Fq-basis for W ðfv1 ðxÞ ¼ 1; v2 ðxÞ; . . . ; vk ðxÞgÞ. • Applying Theorem 5, taking v(x) = v2(x). • If a(x) factorizes in a product of k factors, then the process stops. If it were not like this, Theorem 5 would be newly applied to each factor a(x) previously obtained, taking v(x) = v3(x); and so on. 3. Berlekamp with Gro¨bner bases Calculating an Fq-basis for W is the first point to begin with Berlekamp algorithm. Thanks to Theorem 4 it is known that solving the following lineal system ðx1 ; . . . ; xn Þ  ðQ  IÞ ¼ ð0; . . . ; 0Þ is enough to obtain an Fq-basis for W.

M.A. Insua, M. Ladra / Applied Mathematics and Computation 196 (2008) 77–85

79

From a certain point of view, it could be said that Berlekamp’s algorithm is the reiterate application of Theorem 5. The biggest difficulty in this result is calculating all the greatest common divisors. We can obtain with a Gro¨bner basis the greatest common divisor of n polynomials in one variable, so it seems that there must be a connection between Gro¨bner bases theory and Theorem 5. Lazard in [9] presents some structural properties of bivariate Gro¨bner bases, and Czichowski [5], in a similar problem to the treated here but in a very different context, uses the structure theorem of [9] for the calculation of integrals of rational functions over a field of characteristic zero. Using ideas of [9] and Theorem 5 we obtain the following theorem. Some parts can also be obtained from the results of [9]. Theorem 6. Let aðxÞ; vðxÞ 2 F q ½x, with a(x) monic square-free and degðaðxÞÞ ¼ n P 1; vðxÞ 2 W ; I ¼ haðxÞ; vðxÞ  zi  F q ½x; z, and G ¼ fP 1 ðx; zÞ ¼ R1 ðzÞ  xn1 þ    ; P 2 ðx; zÞ ¼ R2 ðzÞ  xn2 þ    ; . . . ; P m ðx; zÞ ¼ Rm ðzÞ  xnm þ   g be the reduced Gro¨bner basis of I, with respect to the lexicographic monomial order with x > z. It is supposed that, moreover, G is ordered with respect to its principal terms in ascendant order. Then (1) Rkþ1 ðzÞjRk ðzÞ; k ¼ 1; . . . ; m  1. (2) Rm(z) 2 Fq. (3) P 1 ðx; zÞ ¼ R1 ðzÞ and R1(z) is the radical of Resultantx(a(x), v(x)  z). Moreover, Resultantx(a(x), v(x)  z) has all its roots in Fq. (4) P k ðx; zÞ ¼ Rk ðzÞ  S k ðx; zÞ; k ¼ 1; . . . ; m, being S k ðx; zÞ a monic polynomial with respect to its biggest power in xðS k ðx; zÞ ¼ xnk þ   Þ. (5) If Qk ðzÞ; k ¼ 1; . . . ; m  1, denotes the polynomial defined by Rk ðzÞ ¼ Qk ðzÞ  Rkþ1 ðzÞ, then ! Y Y aðxÞ ¼ S kþ1 ðx; cÞ : k¼1;...;m1

c=Qk ðcÞ¼0

Proof (1) Let k 2 f1; 2; . . . ; m  1g, as nk < nk+1 and G is the reduced Gro¨bner basis of the ideal I, then deg(Rk(z)) > deg(Rk+1(z)). There are AðzÞ; BðzÞ 2 F q ½z such that AðzÞRk ðzÞþ BðzÞRkþ1 ðzÞ ¼ GCDðRk ðzÞ; Rkþ1 ðzÞÞ. Let P ðx;zÞ ¼ AðzÞ xnkþ1 nk P k ðx;zÞ þ BðzÞ P kþ1 ðx;zÞ ¼ GCDðRk ðzÞ;Rkþ1 ðzÞÞ xnk þ1 þ . Since P ðx;zÞ 2 I, then P ðx;zÞ!G 0. The principal term of P ðx;zÞ is GCDðRk ðzÞ; Rkþ1 ðzÞÞ  xnkþ1 and it can only be divisible by the principal term of P kþ1 ðx;zÞ. Then, it is verified that GCDðRk ðzÞ;Rkþ1 ðzÞÞ ¼ Rkþ1 ðzÞ, and so Rk+1(z)jRk(z) for any k, k 2 f1;2;...;m  1g. (2) Since a(x) ! G0 and the principal term of a(x) is xn, then Rm(z) must be constant. (3) I is an ideal zero-dimensional and it is radical since a(x) is square-free and v(x)  z is linear in z [8]. Taking the order of G and the Elimination Theorem [4] into account, we can conclude that P1(x, z) = R1(z) and I1 = hR1(z)i, where I1 = I \ Fq[z]. Resultantx ðaðxÞ; vðxÞ  zÞ 2 I \ F q ½z and so R1(z)j Resultantx ðaðxÞ; vðxÞ  zÞ. Let x1 ; . . . ; xn be the n different roots of a(x) (possibly in the algebraic closure of Fq). Since v(x) Q 2 W, i.e., vq(x)  v(x) mod a(x) then vðxi Þ 2 F q ; i 2 f1; . . . ; ng, and so Resultantx ðaðxÞ; vðxÞ  zÞ ¼ i¼1;...;n ðvðxi Þ  zÞ [6] has all its roots in Fq. (4) We will check that P k ðx; zÞ ¼ Rk ðzÞ  S k ðx; zÞ for k ¼ 1; . . . ; m. This result will be proved by induction. For k = 1, P 1 ðx; zÞ ¼ R1 ðzÞ  S 1 ðx; zÞ, being S 1 ðx; zÞ ¼ 1 (see 3). It is supposed that the result is true for k. Let Qk(z) 2 Fq[z] such that Rk(z) = Qk(z) Æ Rk+1(z). It is defined P ðx; zÞ ¼ Qk ðzÞ  P kþ1 ðx; zÞ  xnkþ1 nk  P k ðx; zÞ 2 I; P ðx; zÞ!G 0; and even more; P ðx; zÞ!fP 1 ;...;P k g 0: Then Qk ðzÞ  P kþ1 ðx; zÞ ¼

X

ci ðx; zÞ  P i ðx; zÞ;

i¼1;...;k

P kþ1 ðx; zÞ ¼

Rk ðx;zÞ Qk ðzÞ

|ffl{zffl}



X i¼1;...;k

Rkþ1 ðzÞ

and so Rkþ1 ðzÞ j P kþ1 ðx; zÞ.

ci ðx; zÞ 

P i ðx;zÞ Rk ðx;zÞ

|ffl{zffl}

Rk ðzÞjRi ðzÞi¼1;...;k1

80

M.A. Insua, M. Ladra / Applied Mathematics and Computation 196 (2008) 77–85

(5) Let k 2 f1; . . . ; m  1g; c 2 F q GCDðaðxÞ; vðxÞ  cÞ.

such

that

Qk(c) = 0.

We

will

first

check

that

S kþ1 ðx; cÞ ¼

Let j > k, it is defined P ðx; zÞ ¼ Qj ðzÞ  P jþ1 ðx; zÞ  xnjþ1 nj  P j ðx; zÞ!G 0: Then

X

Qj ðzÞ  P jþ1 ðx; zÞ ¼

ci ðx; zÞ  P j ðx; zÞ;

i¼1;...;j

evaluated in c is P jþ1 ðx; cÞ ¼

X i¼kþ1;...;j

ci ðx; cÞ  P i ðx; cÞ: Qj ðcÞ

And so it can be concluded that P kþ1 ðx; cÞjP j ðx; cÞ; j 2 fk þ 1; . . . ; m  1g: Therefore P kþ1 ðx; cÞ ¼ GCDðfP j ðx; cÞgmj¼kþ1 Þ; or if a monic polynomial is chosen S kþ1 ðx; cÞ ¼ GCDðfP j ðx; cÞgmj¼kþ1 Þ: As fP 1 ðx; zÞ; . . . ; P m ðx; zÞg is a Gro¨bner basis of I ¼ haðxÞ; vðxÞ  zi, it is verified that hP 1 ðx; cÞ; . . . ; P m ðx; cÞi ¼ haðxÞ; vðxÞ  ci: This fact, together with Theorem 5, provides the searched result.

h

After this theoretical development, we need to explain the power of this result with an example. Example 7. Factorize the square-free polynomial a(x) = x4 + 2 2 Z3[x]. Z 3 ½x Note: Take into account that we are working in the quotient ring haðxÞi , which is also an F3-vector space with 2 3 basis f1; x; x ; x g; and that is why will indistinctly talk about vector ða; b; c; dÞ or polynomial a + bx + cx2 + dx3. Berlekamp–Petr Matrix Monomial

Residue modulo a(x)

0

x x3 x6 x9

(1, 0, 0, 0) (0, 0, 0, 1) (0, 0, 1, 0) (0, 1, 0, 0) 0

1

1

0 0

0

B0 B Q¼B @0

0 0 0 1

1C C C 0A

0

1 0

0

A Z3-basis for W is fð1; 0; 0; 0Þ; ð0; 0; 1; 0Þ; ð0; 1; 0; 1Þg, and so the number of irreducible factors in which a(x) is decomposed is 3. Theorem 6 is applied to the vector (0, 0, 1, 0) = x2.

M.A. Insua, M. Ladra / Applied Mathematics and Computation 196 (2008) 77–85

81

So ideal I is I ¼ hx4 þ 2; x2  zi: The reduced Gro¨bner basis of I with respect to the lexicographic monomial order, with x > z, is G ¼ f2 þ z2 ; x2  zg: So P 1 ðzÞ ¼ 2 þ z2 ¼ R1 ðzÞ; P 2 ðx; zÞ ¼ x2  z; R2 ðzÞ ¼ 1; S 2 ðx; zÞ ¼ x2  z: Following Theorem 6 aðxÞ ¼

Y k¼1;...;21

Y c=Qk ðcÞ¼0

! S kþ1 ðx; cÞ

¼

Y

S 2 ðx; cÞ ¼ S 2 ðx; 1Þ  S 2 ðx; 2Þ ¼ ðx2  1Þ  ðx2  2Þ:

c=c2 þ2¼0

As it decomposes just in two factors (and it must be three), we have to go on applying Theorem 6. To do it, we take the next element of the base and one of the factors. Theorem 6 is applied to the vector ð0; 1; 0; 1Þ ¼ x þ x3 and to the first factor. Ideal I is now I ¼ hx2  1; x3 þ x  zi: The reduced Gro¨bner basis of I with respect to the lexicographic monomial order, with x > z, is G ¼ fz2 þ 2; x þ zg: And so P 1 ðx; zÞ ¼ z2 þ 2 ¼ ðz  1Þ  ðz  2Þ ¼ R1 ðzÞ; P 2 ðx; zÞ ¼ x þ z; R2 ðzÞ ¼ 1; S 2 ðx; zÞ ¼ x þ z: Then x2  1 ¼ S 2 ðx; 2Þ  S 2 ðx; 1Þ ¼ ðx þ 2Þ  ðx þ 1Þ: We can summarize all the process in the following diagram:

82

M.A. Insua, M. Ladra / Applied Mathematics and Computation 196 (2008) 77–85

4. Maple program Once a theoretical result with a clearly practical implication has been proven, it results nice to apply it to concrete cases. The version with Gro¨bner bases of the Berlekamp’s algorithm, which is deduced from the theorem exposed in this article has been developed in five functions in Maple 9.5. The Maple code is given below and it is also available in http://web.usc.es/~mladra. To run this code right, Andreas Pirklbauer’s package GB must be loaded before. This package is in the Share Library and performs the Gro¨bner basis computation over a finite field. A pair of examples of utilization of this functions package are shown. Example 8. To calculate the factorization of x4 + 2 2 Z3[x], it should be written: > GBerlekampðx^ 4 þ 2; x; 3; alpha; alphaÞ; f2 þ x; x2 þ 1; 1 þ xg Example 9. To calculate the factorization of ð1 þ a þ a3 Þ þ ax þ ð1 þ a2 þ a3 Þx3 þ ð1 þ a þ a3 Þx4 þ x5 2 Z 2 ½a;x ¼ F 16 , it should be written: ha4 þaþ1i > GBerlekampð1 þ alpha þ alpha^ 3 þ alpha  x þ ð1 þ alpha^ 2 þ alpha^ 3Þ  x^ 3þ ð1 þ alpha þ alpha^ 3Þ  x^ 4 þ x^ 5; x; 2; alpha^ 4 þ alpha þ 1; alphaÞ; fa3 þ 1 þ ða3 þ aÞx þ x3 þ x2 ða2 þ a þ 1Þ; a2 þ 1 þ ða3 þ a2 Þx þ x2 g 5. Maple code GBerlekamp:¼proc(apoly,var,p::prime,irredpoly,alpha) #This function returns the factorization of a monic square-free polynomial local GB_apolydeg,GB_card::integer,GB _W,proceslist,aux,icont,hcont,dimW::integer, blnContinue,cardproceslist::integer,domloop, apolycan,irredpolycan; apolycan:¼CanonicalForm(apoly,irredpoly,alpha,p); irredpolycan:¼Normal(irredpoly) mod p; proceslist:¼{apolycan}; blnContinue:¼true; GB_apolydeg:¼degree(apoly,var); GB_card:¼p^ degree(irredpoly,alpha); #We calculate a basis for W. GB_W:¼ WBasis(apolycan,var,GB_apolydeg,p,GB_card,irredpolycan,alpha); GB_W:¼evalm([seq(var ^ icont,icont=0..GB_apolydeg-1)] & * GB_W); GB_W:¼convert(GB_W,set); dimW:¼nops(GB_W); if dimW > 1 then for hcont in GB_W[2..-1] while blnContinue do domloop:¼proceslist; for icont in domloop while blnContinue do aux:¼GroebnerKernel(icont,hcont,var,p,irredpolycan,alpha); if nops(aux) > 1 then proceslist:¼proceslist union {op(aux)}; proceslist:¼proceslist minus {icont}; fi;

M.A. Insua, M. Ladra / Applied Mathematics and Computation 196 (2008) 77–85

if dimW=nops(proceslist) then blnContinue:¼false; fi; end do; end do; fi; return(proceslist); end proc;

BerlekampPetrMatrix:¼proc(apoly,var,apolydeg,p,cardfinitefield,irredpoly,alpha) # This function returns Berlekamp-Petr Matrix local mat::list,apolydegm1::integer,aux, icont::integer, jcont::integer; mat:¼array(1..apolydeg,1..apolydeg); apolydegm1:¼apolydeg-1; for icont from 0 to apolydegm1 do aux:¼Rem(var^ (icont*cardfinitefield),apoly,var) mod p; aux:¼CanonicalForm(aux,irredpoly,alpha,p); for jcont from 0 to apolydegm1 do mat[icont + 1, jcont + 1]:¼coeff(aux, var, jcont); end do; end do; return evalm(mat); end proc;

WBasis:¼proc(apoly,var,apolydeg,p,cardfinitefield,irredpoly,alpha) # This procedure obtains a base for W # local sysmat,tagvars,syspoly,indepvars,aux::integer,hbasis,icont::integer, jcont::integer,scont::integer,tcont::integer,equats,remvars,dimKer:: integer; tagvars:¼[seq(tagvar[icont],icont=1..apolydeg)]; indepvars:¼[]; # System Matrix to Solve # sysmat:¼evalm(BerlekampPetrMatrix (apoly,var,apolydeg,p,cardfinitefield, irredpoly,alpha)-array(identity,1..apolydeg,1..apolydeg)); syspoly:¼evalm(tagvars& *sysmat); syspoly:¼GB(convert(syspoly,set) union {irredpoly}, [op(tagvars),alpha],plex) mod p; syspoly:¼convert(syspoly,set) minus {irredpoly}; # Calculus of independent variables # for icont in tagvars do aux:¼nops(select(has ,syspoly,icont)); if aux <>1 then # Independent variable found # indepvars:¼[op(indepvars),icont]; fi; end do; dimKer:¼apolydeg-nops(syspoly); if nops(indepvars) < dimKer then

83

84

M.A. Insua, M. Ladra / Applied Mathematics and Computation 196 (2008) 77–85

remvars:¼convert(tagvars,set) minus convert(indepvars,set); for icont in remvars while nops(indepvars) < dimKer do aux:¼select(has,syspoly,icont); if nops(indets(aux[1]) minus {alpha})-\ nops(indets(aux[1]) intersect convert(indepvars,set)) > 1 then # Independent variable found # indepvars:¼[op(indepvars),icont]; fi; end do; fi; hbasis:¼array(1..apolydeg,1..nops(indepvars)); scont:¼0; for icont in indepvars do scont:¼scon+1; equats:¼map(x->if x=icont then x=1 else x=0 fi,indepvars); aux:¼subs(equats,syspoly); tcont:¼0; for jcont in tagvars do tcont:¼tcont+1; if member(jcont,indepvars) then if jcont=icont then hbasis[tcont,scont]:¼1; else hbasis[tcont,scont]:¼0; fi; else hbasis[tcont,scont]:¼CanonicalForm(op(2, solve( {select(has,aux, jcont)[1]=0}, jcont)[1]),irredpoly,alpha,p); fi; end do; end do; return(hbasis); end proc;

GroebnerKernel:¼proc(apoly,hbasispoly,var,p,irredpoly,alpha) # This procedures calculates the factorization of a monic square-free polynomial. local factorslist,GB_varz,Rk,Rkp1,GB _G,indset,icont::integer,Qroots,Pkp1,aux; factorslist:¼[]; GB_G:¼GB({apoly,hbasispoly-GB_varz,irredpoly}, [var,GB_varz,alpha],plex) mod p; GB_G:¼convert(GB_G,set); GB_G:¼GB_G minus {irredpoly}; indset:¼map(t->degree(t,var),GB_G); # Resultant of apoly and hbasispoly-GB_varz # Rk:¼select(t->if degree(t,var)=0 then true else false fi,GB_G)[1]; # We delete zero in indset # indset:¼indset[2..-1];

M.A. Insua, M. Ladra / Applied Mathematics and Computation 196 (2008) 77–85

85

# GB does not return ordered polynomials by their degree in var # for icont in indset do Pkp1:¼select(t->if degree(t,var)=icont then true else false fi,GB_G)[1]; Rkp1:¼coeff(Pkp1,var,icont); Pkp1:¼Quo(Pkp1,Rkp1,var) mod p; aux:¼Quo(Rk,Rkp1,GB_varz) mod p; aux:¼subs(alpha=RootOf(irredpoly),aux); if degree(irredpoly,alpha)=1 then Qroots:¼Roots(aux) mod p; else Qroots:¼Roots(aux,RootOf(irredpoly)) mod p; Qroots:¼subs(RootOf (irredpoly)=alpha,Qroots); fi; factorslist:¼[op(map(t->CanonicalForm(subs(GB_varz=t[1], Pkp1),irredpoly,alpha,p),Qroots)),op(factorslist)]; Rk:¼Rkp1; end do; return(factorslist); end proc;

CanonicalForm:¼proc(expr,irredpoly,alpha,p) # This procedure calculates the canonical form of expr in a finite field # local aux; if degree(irredpoly,alpha) > 1 then aux:¼subs(alpha=RootOf(irredpoly),expr); aux:¼Normal(aux) mod p; aux:¼subs(RootOf(irredpoly)=alpha,aux); else aux:¼Normal(expr) mod p; end if; return(aux); end proc; References [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]

E. Berlekamp, Factoring polynomials over finite fields, Bell System Tech. J. 46 (1967) 1853–1859. E. Berlekamp, Factoring polynomials over large finite fields, Math. Comput. 24 (1970) 713–735. D. Cantor, H. Zassenhaus, A new algorithm for factoring polynomials over finite fields, Math. Comput. 36 (1981) 587–592. D. Cox, J. Little, D. O’Shea, Ideals, Varieties and Algorithms. An Introduction to Computational Algebraic Geometry and Commutative Algebra, Springer-Verlag, New York, 1992, p. 513. G. Czichowski, A note on Gro¨bner bases and integration of rational functions, J. Symb. Comput. 20 (1995) 163–167. K. Geddes, S. Czapor, G. Labahn, Algorithms for Computer Algebra, Kluwer Academic Publishers, Boston, MA, 1992, p. 585. E. Kaltofen, V. Shoup, Subquadratic-time factoring of polynomials over finite fields, Math. Comput. 67 (1998) 1179–1197. M. Kreuzer, L. Robbiano, Computational Commutative Algebra 1, Springer-Verlag, Berlin, 2000, p. 321. D. Lazard, Ideal bases and primary decomposition: case of two variables, J. Symb. Comput. 1 (1985) 261–270. H. Niederreiter, Factoring polynomials over finite fields using differential equations and Normal Bases, Math. Comput. 62 (1994) 819–830. M. Noro, K. Yokoyama, Yet another practical implementation of polynomial factorization over finite fields, in: Proc. ISAAC’2002, ACM Press, New York, 2002, pp. 200–206. J. von zur Gathen, V. Shoup, Computing Frobenius maps and factoring polynomials, Comput. Complexity 2 (1992) 187–224. J. von zur Gathen, J. Gerhard, Modern Computer Algebra, Cambridge University Press, Cambridge, UK, 1999, p. 753.