A Fast Algorithm to Determine Normal

Polynomial over Finite Fields

Chih-Hua Chien, Trieu-Kien Truong, Yaotsu Chang and Chih-Hsuan Chen

 Abstract--Normal basis in finite fields has proved to Ⅱ. MATHEMATICAL BACKGROUND
be very useful for fast arithmetic computations. The Let p be a prime number and m  2 be an integer.
elements in a normal basis are exactly the roots of a
normal polynomial. Hence a normal polynomial is just
The finite field E = GF(pm) of order pm can be viewed as
another way of describing a normal basis. In this paper, we a vector space of dimension m over F = GF(p). A basis
give some computational results of normal polynomial up m 1

to degree n  19 according to the fast algorithm from of the form  ,  p , , p is called a normal basis,
Chang et al. [1]. and  is called a normal element of E over F. A monic,
irreducible polynomial f (x) F[x] of degree m is
Keywords: normal basis, normal polynomial, finite field
called a normal polynomial if it is the minimal

Ⅰ. INTRODUCTION polynomial of some normal element.

Efficient computations in finite fields and their LetαE be a root of a monic, irreducible polynomial
architectures are important in many applications, p m 1
including coding theory, computer algebra systems and f (x) of degree m. The elements  ,  p , , 
public-key cryptosystems (e.g. elliptic curve are all roots of f (x) and
cryptosystems). Although all finite fields of the same m 1
cardinality are isomorphic, their arithmetic efficiency f (x) = ( x   )( x   p )( x   p ) =
depends greatly on the choice of bases for field element
representations. Consider a basis representation of the m 1 m 1

field elements, addition operation is relatively

x m  (   p     p ) x m1    (1) m  p  p
inexpensive, whereas the multiplication is usually
considered the most important finite field arithmetic . The sum of all roots of f (x) is called the trace of
operation and one of the most complex and time- f (x) , or the trace of α and can be denoted by tr(f) or
consuming operations. Therefore, some different basis
representation for elements of Galois field are needed. tr(), respectively.
Among them, the most popular bases representation are The existence of a normal basis over F is equivalent
the canonical, normal and dual bases. Normal basis is an to the existence of a normal polynomial in F[x]. If
important representation and used in many ways, such
as multiplication representation and inverse 
f (x ) F[x] is a normal polynomial over F, it is
representation. obvious that tr(f) is not zero. To introduce the fast
Normal basis was first introduced without proof algorithm, we need to derive the p-polynomial and the
by Eisenstein [2] in 1850, and Schönemann [3] gave its definition as follows.
proof later in 1850 for the case GF(p), where p is prime.
In 1888, Hensel [4] proved for all arbitrary finite fields Defintion 2.1 A polynomial of the form
 in0 ci x p is called a p-polynomial over F=GF(p).
i
the exact numbers of normal elements in the extensions
over finite fields. Perlis [5] proved that when n is a
power of a prime p, an irreducible polynomial of degree Two forms of p-polynomial will be used throughout this
n is normal if and only if its trace is non-zero. Later in paper, namely,
n

1986, Pei et al. [6] proved that when n  2 r p k and 2 L p ( x n  1)  x p  x , and

is a primitive root modulo p k , an irreducible g n ( x)  L p ( x n 1  ...  x  1)
polynomial of degree n over GF(p) is normal if and only n 1 n2

if its trace is non-zero  xp  xp    x p  x.

The elements in a normal basis are exactly the

i
roots of a normal polynomial. Hence a normal Defintion 2.2 The polynomial n
ci x p  F [ x ]
i 0
polynomial is just another way of describing a normal
basis. In this paper, we give some computational results corresponding with the polynomial
of normal polynomial up to degree n  19 according f ( x)   n
i 0 ci x i is called the linearized p-
to the fast algorithm from Chang et al. [1]. associate of f (x ) in F[x], denoted by L p ( f ( x )) .
This paper is organized as follows: Some
mathematical background is introduced in section 2. Conversely,  n
i 0 ci x i is called conventional p-
Section 3 shows how the fast algorithm determines the

i
n
associate of the p-polynomial i 0 ci x p in F[x].
normal polynomials. Finally, some conclusions and
results are given in section 4. Finally, table 1 shows the
normal polynomials with non-zero trace up to degree Some information about the factor of g n (x) is
n  19 and the flowchart of the fast algorithm is given given in the following proposition.
at the end of this paper.
Proposition 2.3 (Chang et al. [1]) Let f (x) be an
monic irreducible polynomial of degree d and a divisor Proof: Since tr ( f )  0 , by Proposition 2.4, we have
of degree n with d n . Then one has the following: g n (x) is not divided by f (x ) . Therefore, if
(i) If tr ( f )  0 , g n (x) is divided by f (x ) . M i ( x )  L p ( mi ( x )) is not divided by f (x ) for
(ii) If tr ( f )  0 , then g n (x) is divided by i  2, 3,..., t , then from Proposition 2.5 follows that
f (x ) if and only if p divides d n . f (x ) is normal polynomial over F.

Proposition 2.4 Let f ( x)  F [ x ] be an irreducible Fast Algorithm:

polynomial of degree n. If tr ( f )  0 , then g n (x ) is
Step 1: Given an irreducible polynomial f  F [x ]
not divided by f (x ) .
with degree n.
Step 2: The trace of f must not be zero otherwise f is
The following Proposition is well-known for not normal.
factorizing a polynomial f (x) and its linearized p-
Step 3: If n  p k , f (x ) must be a normal
associate L p ( f ( x )) in F [ x ] . polynomial.
Step 4: If n  2 r p k and 2 is a primitive root modulo
Proposition 2.5 (Schwarz[13]) Let f  F [x ] be an p k , f (x ) must be a normal polynomial.
n-th degree irreducible polynomial of non-zero trace.
Step 5: Factor x  1   i 1 (hi ( x)) . Let
n t 
Then f (x) is not normal over F if and only if f (x )
divides L p ( M i ) for some i  1 , where Mi(x) is a h1 ( x )  ( x  1) and then find
maximal factor of xn-1. mi ( x )  ( x n  1) / hi ( x) for i  2,3,..., t .
The following corollaries are used in judging a Step 6: Compute q-associate M i ( x )  L p (mi ( x ))
normal polynomial of degree n with zero trace. for i  2,3,..., t .
Step 7: If M i ( x)  L p ( mi ( x)) is not divided by
Corollary 2.6 (Perlis[5]) Let n  p k for some f (x ) for i  2,3,..., t , then f (x ) is a
integer k and
normal polynomial. Otherwise, f (x ) is not
f ( x )  c0  c1 x  ...  cn 1 x n1  cn x n be an
normal.
irreducible polynomial over GF(p). Then f (x ) is a
normal polynomial if and only if c n 1  0 . Example 3.2 Consider when n  6 , we have
x 6  1  ( x 2  x  1) 2 ( x  1) 2 and ,
Corollary 2.7 (Pei, Wang, Omura [6]) Let n  2 r p k ( x  1) /( x  x  1)  x  x  x  1 . Therefore,
6 2 4 3

and 2 is a primitive root modulo p k . Let 4 3 1 0

L p ( x 4  x 3  x  1)  x 2  x 2  x 2  x 2 . The
f ( x )  c0  c1 x  ...  cn 1 x n1  cn x n be an irreducible polynomial f (x ) of deg( f )=6 with
irreducible polynomial over F. Then f (x ) is a normal tr ( f )  0 are x 6  x 5  1 , x 6  x 5  x 2  x  1 ,
polynomial if and only if c n 1  0 . x6  x5  x3  x 2  1 , x6  x5  x 4  x  1 and

Ⅲ. FAST ALGORITHM x  x  x  x  1 . Among these five polynomials,

6 5 4 2

4 3 1 0
The fast algorithm makes it easy to distinguish if a only x2  x2  x2  x2 is divided by
polynomial f ( x)  F [ x ] is normal or not. x  x  x  x 1
6 5 3 2
and therefore

Theorem 3.1 Let n be a positive integer and

x  x  x  x  1 is the only one polynomial that is
6 5 3 2

not a normal polynomial with degree 6.

x n  1   ti 1 (hi ( x))  for some positive integer
. Usually, we let h1 ( x )  ( x  1) . Suppose Ⅳ. CONCLUSION
Since a normal polynomial is just another way of
mi ( x)  ( x  1) / hi ( x)
n
and describing a normal basis, we derive the fast algorithm
M i ( x )  L p ( mi ( x )) . A monic, irreducible to distinguish if a polynomial is normal or not. Some
computational results of normal polynomials with
polynomial f ( x)  F [ x ] of degree n with nonzero trace up to degree n  19 are given in the
tr ( f )  0 is a normal polynomial if Table1.
M i ( x )  L p ( mi ( x )) is not divided by f (x ) for As one could see, when n  6 , the only
i  2,3,..., t . irreducible but not normal polynomial is
x 6  x 5  x 3  x 2  1 . To simplify the result, we write it Extensions of a Field,” Czechslovak Math. J., 38(1988),
pp. 291-312.
as 109  2 6  2 5  23  2 2  1 . When n  7 , only two [14] F. J. MacWilliams & N. J. A. Slone, The Theory Of
irreducible but not normal polynomials are 241 and 253. Error-Correcting Codes. New York: North-Holland, 1977
When n  10 , there are three irreducible but not [15]Chang, Y., P. Shiue and W. S. Chou, "On the number of
primitive polynomials over finite fields," Finite Fields
normal polynomials, which are 1807, 1821 and 1891. As and their Applications, vol.11, pp.156-163, 2005.01
for n  14 or more, there are 137 or more irreducible
but not normal polynomials. We do not list the result
here. Irreducible polynomial Normal polynomial
REFERENCES n=2 1 1
[1]Y. Chang, T.K.Truong, and I.S. Reed, "Normal Bases over
GF(q)," Journal of Algebra, vol.241, pp.89-101, 2001.07. n=3 1 1
[2] G. Eisentein, Galoissche Theorie und Darstellungstheorie,
Math. Ann. 107 (1993), 140-144.. n=4 2 2
[3] T. Schönemann, Über einige von Herry Dr. Eisenstein
aufgestellte Lehrsätze, Irreduzible Congruenzen betreffend, n=5 3 3
J. Reine Angew. Math. 40(1850). 185-187.
[4] K. Hensel, Über die Darstellung der Zahlen eines n=6 5 4
Gattungsbereiches für einen beliebigen Primdivisor, J.
n=7 9 7
Reine Angew. Math 103(1888), 230-237.
[5] S. Perlis, Normal bases of cyclic fields of prime power n=8 16 16
degree, Duke Math. J. 9(1942),507-517.
[6] D. Pei, C. Wang and J. Omura, Normal bases of finite field n=9 28 28
GF(2m), IEEE Trans. Inform. Theory 32(1986), 285-287.
[7] P. K. S. Wah and M. Z. Wang, “Realization and application n=10 51 48
of the Massey-Omura lock” in Proc. Int. Zurich Seminar,
Mar. 1984, pp. 175-182. n=11 93 93
[8] C. C. Wang, T. K. Truong, H. M. Shao, L. J. Deutsch, J. K.
Omura and I. S. Reed, “VLSI architecture for computing n=12 170 170
multiplications and inverse in GF(2m)”, IEEE Trans.
Comput., vol. C-34, pp. 709-717, 1985. n=13 315 315
[9] D. Y. Pei, C. C. Wang and J. K. Omura, “Normal basis of
n=14 585 469
finite field GF(2m),” IEEE Trans. Inform. Theory, vol. IT-21,
pp. 285-287, 1986 n=15 1091 1035
[10] I. Onyszchuk, R. Mullin, and S. Vanstorne,
“Computational method and apparatus for finite field n=16 2048 2048
multiplication,” U. S. Patent 4 745 568, 1988.
[11] D. W. Ash, I. F. Blake, and S. A. Vanstone, “Low n=17 3855 3825
complexity normal bases,” Discr. Appl. Math., vol. 25,
pp. 191-210, 1989. n=18 7280 5376
[12] C. C. Wang and D. Y. Pei, “A VLSI design for computing
exponentiations in GF(2m) and its applications to generate n=19 13797 13797
pseudorandom number sequences,” IEEE Trans.
Comput., vol. 39, pp. 258-262, 1990. . Table 1
[13] S. Schwarz, “Contruction of Normal Bases in Cyclic
Flowchart of Fast Algorithms