### A counterexample to Roy's lemma 3.7

Say $f = \prod_{i=1}^n(x-\xi_i) \in \mathbb{F}_p[x].$

Say $p-1 = 2^rw$ for odd $w$. 

Say $\eta$ is a generator of the 2-sylow multiplicative subgroup of $\mathbb{F}_p$.[<sup>1</sup>](#fn1)

The claim seems, if $(\xi_i)^w \neq (\xi_j)^w$, then $gcd(f, \prod_{i=0}^{{2^k}-1}(x^{\frac{p-1}{2^{k+1}}}-\eta^i))$ is a proper factor for some $k, 0 \leq k \leq r-1$.

---
<span id="fn1"> [^1]: Eta can be computed by taking a quadratic nonresidue to the $w$-th power, which you can show via an argument $\mathbb{F}_p^\times \cong (\mathbb{Z}/(p-1)\mathbb{Z})^+ \cong (\mathbb{Z}/2^r\mathbb{Z})^+ \times (\mathbb{Z}/w\mathbb{Z})^+$, explained further in my thesis. </span>

---

*open questions*
- how does runtime remain polynomial when these products contain O(p/w) terms?
- why is claim true despite the following p=17 counterexample?

In [21]:
# establish prime field modulus, build polynomial ring
p = 17
w = 1
r = 4
assert(p-1 == 2^r * w)
R.<x> = PolynomialRing(IntegerModRing(p))
print('R = ', R)

# f a polynomial whose roots meet precondition (here w=1, so it's sufficient for roots to be distinct)
f = (x+5)*(x+10)*(x+11)
print('f =', f)
assert(pow(-5,w,p) != pow(-10,w,p)) # roots are different, when raised to power of w

# verify eta is a quadratic nonresidue to the power of w
nonresidue = 3
for i in range(p):
    assert(i*i != eta)
eta = pow(nonresidue, w, p) # nonresidue^w mod p
print('eta = ', eta, '\n---')

# build product term for k, 0 \leq k \leq r-1 = 3
pi0 = prod([(x^8 - eta^i) for i in range(1)])
pi1 = prod([(x^4 - eta^i) for i in range(2)])
pi2 = prod([(x^2 - eta^i) for i in range(4)])
pi3 = prod([(x^1 - eta^i) for i in range(8)])

# compute s_k terms for k, 0 \leq k \leq r-1 = 3
s0 = gcd(f, pi0)
s1 = gcd(f, pi1)
s2 = gcd(f, pi2)
s3 = gcd(f, pi3)

print('gcds:')
print('s0 = ', s0)
print('s1 = ', s1)
print('s2 = ', s2)
print('s3 = ', s3)

print('claim:', s0 != 1 or s1 != 1 or s2 != 1 or s3 != 1)

R =  Univariate Polynomial Ring in x over Ring of integers modulo 17
f = x^3 + 9*x^2 + 11*x + 6
eta =  3 
---
gcds:
s0 =  1
s1 =  1
s2 =  1
s3 =  1
claim: False


from above, conclude 
  * **despite $f$ whose roots meet precondition, none of the gcd's produce a proper factor. Regrettably, this contradicts lemma 3.7**
  
below, more certainty

In [37]:
# if you want more assurance that eta is a quadratic nonresidue and generator of 2-syl subgroup
## quadratic nonresidue
squares = []
print(f'squares mod {p}, observe 3 not present:')
for i in range(p):
    squares.append(i*i%p)
print(squares)
print('---')
## generates subgroup order 16 (2-syl subgroup)
## note: largest p^k subgroup is unique (order 2^r = 16), because p^k groups are conjugate
print(f'powers of eta = {eta} mod {p}, observe distinct:')
powers_of_eta = []
for i in range(1, p): #eta^1 to eta^p-1
    powers_of_eta.append(pow(eta, i, p))
print(powers_of_eta)

squares mod 17, observe 3 not present:
[0, 1, 4, 9, 16, 8, 2, 15, 13, 13, 15, 2, 8, 16, 9, 4, 1]
---
powers of eta = 3 mod 17, observe distinct:
[3, 9, 10, 13, 5, 15, 11, 16, 14, 8, 7, 4, 12, 2, 6, 1]


In [49]:
# if you want more assurance that the gcds are in-fact 1
## recall polynomial rings over a field are Unique-Factorization-Domains, 
## so gcd(a,b)=1 iff irreducible factors are non-overlapping
print('pi0=', pi0)
print('pi1=', pi1)
print('pi2=', pi2)
print('pi3=', pi3)

print('---')

print('pi0=', pi0.factor())
print('pi1=', pi1.factor())
print('pi2=', pi2.factor())
print('pi3=', pi3.factor())

print('===\n\n', 'look to see factors of f = [(x+5)*(x+10)*(x+11)] appear nowhere in pi-terms')

pi0= x^8 + 16
pi1= x^8 + 13*x^4 + 3
pi2= x^8 + 11*x^6 + 16*x^4 + 8*x^2 + 15
pi3= x^8 + x^7 + 9*x^6 + 10*x^5 + 12*x^4 + 8*x^3 + x^2 + 5*x + 4
---
pi0= (x + 1) * (x + 2) * (x + 4) * (x + 8) * (x + 9) * (x + 13) * (x + 15) * (x + 16)
pi1= (x + 1) * (x + 4) * (x + 13) * (x + 16) * (x^4 + 14)
pi2= (x + 1) * (x + 3) * (x + 14) * (x + 16) * (x^2 + 7) * (x^2 + 14)
pi3= (x + 2) * (x + 4) * (x + 6) * (x + 7) * (x + 8) * (x + 12) * (x + 14) * (x + 16)
===

 look to see factors of f = [(x+5)*(x+10)*(x+11)] appear nowhere in pi-terms


In [25]:
# if you want more assurance that this isn't a degenerate case caused by w=1
## you can do the same thing with bigger polynomials for larger p.
## just compute the pi-terms, factorize them, and pick an f from linear factors that don't appear in any pi-term
## factorization