SEQUENCES OF IRREDUCIBLE POLYNOMIALS OVER ODD PRIME FIELDS VIA ELLIPTIC CURVE ENDOMORPHISMS, II 5 1 0 S.UGOLINI 2 r Abstract. In this paper weextend aprevious investigation by us regarding a an iterative construction of irreducible polynomials over finite fields of odd M characteristic. Inparticular,weshowhowitispossibletoiterativelyconstruct irreduciblepolynomialsbymeansoftwofamiliesoftransforms,whichwecall 0 theQk andQˆk-transforms,relatedtocertaindegreetwoisogeniesoverelliptic 3 curves,whichsplitthemultiplication-by-2map. ] S D . 1. Introduction h t a Inspired by the Q-transformand the R-transform(see [1], [2]), in [4] we defined m the Q -transforms over any finite field of odd characteristic as follows. k [ If p is an odd prime, q is a power of p and k ∈F∗p, then the Qk-transform takes any polynomial f ∈Fp[x] of positive degree n to 2 v x n fQk(x)= ·f(ϑ (x)), 9 k k 6 (cid:16) (cid:17) 2 where ϑk is the map which takes any element x∈P1(Fq)=Fq ∪{∞} to 1 0 ∞ if x=0 or ∞, ϑ (x)= 1. k (k·(x+x−1) otherwise. 0 5 In [4] we showed how one can construct sequences of irreducible polynomials 1 over finite fields by repeated applications of the Qk-transforms when k and p fall : into one of the following cases: v i • k ≡±1 mod p; X 2 • k is a root of x2+ 1 and p≡1 (mod 4); r 4 a • k or −k is a root of x2+ 1x+ 1 and p≡1,2, or 4 (mod 7). 2 2 Since the dynamics of the maps ϑ seems to be chaotic for any k different from k the aforementioned values, in this paper we illustrate an iterative construction of irreducible polynomials, which is independent of the characteristic of the field and employs two families of transforms, namely the Q -transforms and the Qˆ - k k transforms, which are below introduced. We notice that if k is a quadratic residue in F∗ and α is a square root of k3 in p k F∗, then the map ϑ is involved in the definition of the isogeny p k x2y−y ψ (x,y) = ϑ (x),α · k k k x2 (cid:18) (cid:19) from the elliptic curve E : y2 =x3+x 1 2 S.UGOLINI to the elliptic curve E : y2 =x3−4k2x. k Consider now the map ϑˆ which takes any element x∈P1(F ) to k q ∞ if x=0 or ∞, ϑˆ (x)= k (x2−4k2 otherwise, 4kx and the Qˆ -transform, which takes any polynomial f ∈ F [x] of positive degree n k p to fQˆk(x)=(4kx)n·f(ϑˆ (x)). k The map ϑˆ is involved in the definition of the isogeny k y(x2+4k2) ψˆ (x,y) = ϑˆ (x), k k 8α x2 (cid:18) k (cid:19) from E to E, namely the dual isogeny of ψ . If we denote by [2] the duplication k k map on E, then [2] = ψˆ ◦ψ . k k While the isogeniesψ andψˆ havebeen definedonly for the quadraticresidues k k kinF∗,theconstructionofsequencesofirreduciblepolynomials,whichisdescribed p in Section 3, can be carried over to any k ∈F∗, as explained in Remark 2.1. p 2. Preliminaries Let F be a finite field of odd characteristic p. q The structure of the groupE(F ) of rational points of E over F depends upon q q p. In fact, if p ≡ 1 (mod 4), then E is an ordinary elliptic curve, while E is supersingular if p≡3 (mod 4) (see [5, Proposition 4.37]). Whichever p is, we can consider the map [˜2] defined over P1(F ) as q ∞ if x∈{0,i ,−i ,∞}, [˜2]:x7→ p p (x44(−x23x+2x+)1 otherwise, where i is a square root of −1 in F . p p For any x∈P1(F ) and any quadratic residue k ∈F∗ we have that q p [˜2](x)=ϑˆ (ϑ (x)). (2.1) k k Remark 2.1. While inthe currentsectionk isassumedto be aquadraticresiduein F∗, we notice that [˜2]=ϑˆ ◦ϑ whichever k ∈F∗ we take. This fact will let us to p k k p extend our iterative construction of irreducible polynomials in Section 3 to any k. WecanconstructthefunctionalgraphGq of[˜2]overP1(F ),wherethevertices [˜2] q are the elements of P1(F ) and an arrow joins a vertex α to a vertex β if β = q [˜2](α). Since any vertex of Gq is either [˜2]-periodic or preperiodic, any connected [˜2] component of Gq contains exactly one cycle, whose vertices are roots of reversed [˜2] trees. In the following, for any non-negative integer i and any [˜2]-periodic element x ∈P1(F ), we denote by Tq2i(x ) the reversed tree of Gq2i rooted in x . 0 q [˜2] 0 [˜2] 0 The following holds. 3 Lemma 2.2. If x˜∈P1(F ), then q 2 if x˜∈{±i ,0}, |{x∈P1(F ):[˜2](x)=x˜}|= p q (4 otherwise. Proof. We introduce the following notations for any x ∈P1(F ): 0 q ϑ−1{x } = {x∈P1(F ):ϑ (x)=x }; k 0 q k 0 ϑˆ−1{x } = {x∈P1(F ):ϑˆ (x)=x }; k 0 q k 0 ˜2 −1{x } = {x∈P1(F ):[˜2](x)=x }. 0 q 0 (cid:2) (cid:3) We have that 1 if x ∈{±2k}, |ϑ−1{x }| = 0 k 0 (2 otherwise, 1 if x ∈{±i }, |ϑˆ−1{x }| = 0 p k 0 (2 otherwise. Moreover, ϑˆ {±2ki } = {±i }, k p p ϑˆ {±2k} = {0}. k We can now analyse the different cases. • Ifx˜∈P1(F )\{±i ,0},thenϑˆ−1{x˜}={x ,x },where{x ,x }∩{±2k}= q p k 1 2 1 2 ∅. Therefore, ˜2 −1{x˜} =4. • If x˜∈{±ip}, t(cid:12)(cid:12)(cid:2)he(cid:3)n ϑˆ−k1{x˜(cid:12)(cid:12)}={2kx˜}. Therefore, ˜2 −1{x˜} =2. (cid:12) (cid:12) • If x˜=0, then ϑˆ−k1{x˜}={±2k}. Therefore, ˜2 −(cid:12)(cid:12)(cid:2)1{(cid:3)x˜} =2(cid:12)(cid:12). (cid:12) (cid:12) (cid:12) (cid:12) All considered, the result follows. (cid:12)(cid:2) (cid:3) (cid:12) (cid:3) (cid:12) (cid:12) According to Lemma 2.2 the following holds. Corollary 2.3. Let x ∈P1(F ) be [˜2]-periodic. Then, Tq2i(x ) is a 4-ary tree for 0 q [˜2] 0 any non-negative integer i. Example 2.4. Below is represented the graph G49. As regards the labels of the [˜2] nodes, ‘0’is the zeroin F , while allthe other labels differentfrom ∞ refer to the 49 exponents of the powers αi, being α a generator of the field F . We notice that 49 every node, which is not a leaf, has exactly 4 children, except for 12, 36 and ‘0’. This fact is in accordance with Lemma 2.2, since (α12)2 =(α36)2 =−1. 4 S.UGOLINI 31 17 47 1 3 41 28 9 25 39 23 20 4 36 45 7 ∞ 12 32 15 ‘0’ 24 44 30 21 18 27 0 16 33 42 6 40 8 2 5 46 10 11 38 14 34 35 22 26 29 43 37 13 19 2.1. The ordinary case. In[3,Section3]andin[4,Section2.1],relyingupon[6], we studied some properties of the group of rational points of E over a finite field. We summarize the relevant facts for the reader’s convenience. Let m be a positive integer, l a non-negative integer and q = p2lm. If we set R=Z[i]anddenote by π the representationin R ofthe Frobenius endomorphism p of E, then E(Fp2lm)∼=R/(πp2lm−1)R∼=R/ρe0lR×R/ρ1R, where ρ = 1+i, e is a non-negative integer which depends on l and ρ is an 0 l 1 element of R coprime to ρ such that ρel ·ρ =π2lm−1. According to [4, Lemma 0 0 1 p 2.13 (1), (4)], the following holds. 5 Lemma 2.5. We have that • e ≥2; l • e =e +2, if l ≥2. l l−1 Since [2] = ψˆ ◦ψ and 2 = −i·ρ2 in R, we can prove the forthcoming result k k 0 concerning the depth of the trees rooted in [˜2]-periodic elements of Gq . [˜2] Theorem 2.6. Let x ∈P1(F ) be [˜2]-periodic. Then, 0 q (1) Tq2(x ) has depth d:=⌈el+1⌉ and its leaves have height at least d−1; [˜2] 0 2 (2) the children of the leaves of Tq2i(x ) in P1(F ) are leaves of Tq2i+1(x ), [˜2] 0 q [˜2] 0 for any positive integer i. Proof. (1) The dynamics of [˜2] over P1(F ) can be studied relying upon the iter- q2 ations of [2]=[−iρ2] in 0 R/(π2l+1m−1)R∼=S =R/ρel+1R×R/ρ R. p 0 1 Byhypothesis, x ∈P1(F ). Therefore,eitherx =∞or(x ,y )∈E(F ), 0 q 0 0 0 q2 forsomey ∈F . Inbothcases,thecorrespondingpointQinS isofthe form 0 q2 Q=(0,Q ). 1 Consider the point P =([1],[2]−dQ )∈S. Then, [2]dP =Q, while [2]hP 6= 1 Q for any positive integer h < d. More in general, if (P ,P ) ∈ S, then 0 1 [2]dP =0 in R/ρel+1R. Hence, Tq2(x ) has depth d. 0 0 [˜2] 0 Let now x˜ be a leaf of Tq2(x ). Suppose that P = (P ,P ) is the point [˜2] 0 0 1 in S having such a x-coordinate and that P = [a] for some a ∈ R. Then, 0 ρ2 ∤ a. Indeed, if a = ρ2c for some c ∈ R, then we could take the point 0 0 P˜ = ([ic],[2]−1P ) and notice that [2]P˜ = P, which is absurd, since x˜ is a 1 leaf of the tree. Consequently, if [2]hP = 0 for some positive integer h, then 0 h≥⌈el+1⌉−1. 2 (2) Consider a leaf x˜ of Tq2i(x ), for some positive integer i. Let x′ be one of the [˜2] 0 direct predecessors of x˜ in Tq2i+1(x ). Since the greatest power of ρ which [˜2] 0 0 divides π2l+i+1m −1 is e and e = e +2 according to Lemma 2.5, p l+i+1 l+i+1 l+i we have that x′ is a leaf of Tq2i+1(x ). [˜2] 0 (cid:3) 2.2. The supersingular case. Let i and m be two positive integers. Then, ac- cording to [6, Theorem 4.1], E(Fp2im)∼=Z/((−p)2i−1m−1)Z×Z/((−p)2i−1m−1)Z. The following holds. Lemma 2.7. There exist two positive integers e and e and two odd integers r i−1 i and s such that (−p)2i−1m−1 = 2ei−1 ·r, (−p)2im−1 = 2ei ·s. Moreover, e =e +1. i i−1 6 S.UGOLINI Proof. Since −p≡1 (mod 4), we have that (−p)2i−1m−1 ≡ 0 (mod 4), (−p)2i−1m+1 ≡ 2 (mod 4). Therefore, (−p)2i−1m−1 = 2ei−1 ·r, (−p)2i−1m+1 = 2·r′, for some integer e ≥2 and some odd integers r and r′. Hence, i−1 (−p)2im−1=((−p)2i−1m−1)·((−p)2i−1m+1)=2ei−1+1·r·r′. The result follows setting e =e +1 and s=r·r′. (cid:3) i i−1 According to Lemma 2.7, if we set q =pm, then E(Fq2i)∼=Si =(Z/2ei−1Z×Z/rZ)2. The following holds. Theorem 2.8. Let x ∈P1(F ) be [˜2]-periodic. Then 0 q (1) Tq2i(x ) has depth e ; [˜2] 0 i−1 (2) the children of the leaves of Tq2i(x ) in P1(F ) are leaves of Tq2i+1(x ). [˜2] 0 q [˜2] 0 Proof. (1) Since x is [˜2]-periodic in P1(F ), it is the x-coordinate of a rational 0 q point in E(Fq2i), which corresponds to a point in Si of the form ([0],[a ],[0],[b ]) r r forsomeintegersa andb . Wenoticethate isthesmallestpositiveinteger r r i−1 k such that [2]k[c]=[0] for any [c] in Z/2ei−1Z. Indeed, any leaf of T[q˜22]i(x0) is the x-coordinate of a point ([a ],[2]−ei−1[a ],[b ],[2]−ei−1[b ]) 2 r 2 r in S for some integers a and b which are not both divisible by 2 in Z. i 2 2 Therefore, the tree Tq2i(x ) has depth e and, in analogy, Tq2i+1(x ) has [˜2] 0 i−1 [˜2] 0 depth e . i (2) Any leaf of Tq2i(x ) lies on the level e of the tree Tq2i+1(x ), which has [˜2] 0 i−1 [˜2] 0 depth e . Consequently, its children are leaves of Tq2i+1(x ). i [˜2] 0 (cid:3) Example 2.9. Let q =72. Then, E(F72)∼=Z/(−8)Z×Z/(−8)Z. According to Theorem 2.8, any [˜2]-periodic element x ∈P1(F ) is root of a tree 0 49 having depth 3. This is the case of ∞, as we can see in Example 2.4. 7 3. Constructing sequences of irreducible polynomials Letf be a monic irreduciblepolynomialofpositivedegreen belongingto F [x], p for some odd prime p, and set q = pn. For a fixed k ∈ F∗ we can construct two p sequences {g } and {h } of monic irreducible polynomials as follows. i i≥0 i i≥0 • We set g :=f and h :=f. 0 0 • We set g := fQˆk and h := fQˆk, if fQˆk is irreducible. Otherwise, we set 1 1 g equalto one ofthe twomonic irreducible factorsof fQˆk and h equal to 1 1 the other factor. • For any positive integer i we set g (resp. h ) equal to i i – one of the monic irreducible factors of gQˆk (resp. hQˆk ), if i is odd; i−1 i−1 – one of the monic irreducible factors of gQk (resp. hQk ), if i is even. i−1 i−1 Remark 3.1. We notice inpassingthatiff˜∈F [x] isirreducible ofdegreem, then p either f˜Qk (resp. f˜Qˆk) is irreducible of degree 2m, or it splits into the product of two irreducible factors of degree m. Indeed, if α is a root of f˜Qk (resp. f˜Qˆk), then f(ϑ (α))=0 (resp. f(ϑˆ (α))=0). Hence, either α has degree 2m or it has degree k k m over F . p The following holds. Lemma 3.2. If x˜ is a root of f in F , then q (1) x˜ belongs to the level r of the tree Tq (x ), for some non-negative integer r [˜2] 0 and x ∈P1(F ); 0 q (2) for any positive integer j, either any polynomial g or any polynomial h 2j 2j has a root x˜ belonging to the level r + j of the tree Tq2i(x ) for some j [˜2] 0 non-negative integer i. Proof. We prove separately the two assertions. (1) The assertion holds because any element in P1(F ) is either [˜2]-periodic or q preperiodic. In the former case x = x˜, while in the latter case some iterate 0 of x˜ is [˜2]-periodic and we set x equal to the first of such iterates which is 0 [˜2]-periodic. (2) The assertion can be proved by induction on j. Firstwe define g˜:=gQˆk. We notice that g andh arefactorsof g˜Qk. Since 0 2 2 [˜2] = ϑˆ ◦ϑ , the (at most) 4 preimages of x˜ with respect to the map [˜2] in k k P1(F )arerootsofg˜Qk. Moreover,atmostoneofthepreimagesis[˜2]-periodic. q Therefore, without loss of generality, we can suppose that g has a root which 2 isnot[˜2]-periodic. Ifwedenotebyx˜ sucharoot,thenthe basestepisproved. 1 As regards the inductive step, suppose that g has a root x˜ belonging to 2j j the level r+j of the tree Tq2i(x ) for some positive integers i and j. Using [˜2] 0 the same argument as above, we can define g˜ := gQˆk and notice that g is 2j 2j+2 a factor of g˜Qk. Therefore, the preimages of x˜ in Tq2i+1(x ) are roots of g˜Qk. j [˜2] 0 One of the preimages, which we denote by x˜ , is a root of g and the j+1 2j+2 inductive step is proved. (cid:3) 8 S.UGOLINI We discuss the ordinary and the supersingular case separately. 3.1. Ordinary case: p ≡ 1 (mod 4). Suppose that π2n −1 = ρe1 ·ρ , for some p 0 1 positive integer e and some element ρ ∈R coprime to ρ . The following holds. 1 1 0 e Theorem 3.3. There exists a positive integer t ≤ 1 such that at least one of 2 the following holds: l m • g and g have degree 21+j ·n for any integer j ≥1; t+2j−1 t+2j • h and h have degree 21+j ·n for any integer j ≥1. t+2j−1 t+2j Proof. Adopting the notations of Section 2.1, let m = n, q = pm and l = 0. In accordance with Lemma 3.2(2), we can say without loss of generality that, for any positive integer j, any polynomial g has a rootbelonging to the level r+j of the 2j treeTq2i(x ),forsomex ∈P1(F )andforsomenon-negativeintegeri. According [˜2] 0 0 q toTheorem2.6(1),thetreeTq2(x )hasdepth e1 . Lettbe thesmallestindex2j [˜2] 0 2 such that g2j has a root in Fq2, while g2j+2 hals amroot in Fq22. The result follows because the degree of g is twice the degree of g for any integer j ≥ 1 t+2j t+2(j−1) and the result follows according to Theorem 2.6(2). (cid:3) 3.2. Supersingular case: p≡3 (mod 4). Suppose that p≡3 (mod 4) and that (−p)n−1=2e0 ·r, for some integers e0 and r. The following holds. Theorem 3.4. There exists a positive integer t ≤ e such that at least one of the 0 following holds: • g and g have degree 21+j ·n for any integer j ≥1; t+2j−1 t+2j • h and h have degree 21+j ·n for any integer j ≥1. t+2j−1 t+2j Proof. The current theorem can be proved as Theorem 3.3 relying upon Theorem 2.8 and Lemma 3.2. (cid:3) References 1. S.D.Cohen,Theexplicitconstructionof irreduciblepolynomials overfinitefields,Des.Codes Cryptogr.2(1992), no.2,169–174. 2. H.Meyn,Ontheconstructionofirreducibleself-reciprocalpolynomialsoverfinitefields,Appl. AlgebraEngrg.Comm.Comput.1(1990), no.1,43–53. 3. S. Ugolini, On the iterations of certain maps X 7→ K·(X +X−1) over finite fields of odd characteristic,J.NumberTheory142(2014), 274–297. 4. ,Sequencesofirreduciblepolynomialsoveroddprimefieldsviaellipticcurveendomor- phisms,J.NumberTheory152(2015), 21–37. 5. L.C.Washington, Elliptic curves: numbertheory and cryptography,CRCPress,BocaRaton, 2008. 6. C.Wittmann,Groupstructureofellipticcurvesoverfinitefields,J.NumberTheory88(2001), 335–344. E-mail address: [email protected]