# Lattices of compatibly embedded finite fields in Nemo/Flint

<center>Luca De Feo, Hugues Randriambololona, Édouard Rousseau</center>

*Demonstrating the newly implemented lattices of compatibly embedded
finite fields in Nemo.*


<center> <img src="img/issac.png"> </center>

## <font color="blue">Jupyter</font>

* The slides are available as a *Jupyter Notebook* on *Binder* at [https://github.com/erou/Nemo-embeddings-demo](https://github.com/erou/Nemo-embeddings-demo)
* Press `Alt + r` to enter/quit slide mode
* every cells are interactive so you can **play around**

In [None]:
2^12

## <font color="blue">Nemo and Flint</font>

<center> <img src="img/julia.svg"> </center>


* [Nemo](http://nemocas.org/) is a computer algebra package for the [Julia](https://julialang.org/) programming language <font color="green">[maintained by Hart, Hofmann, Fieker, Johansson, and others]</font>
    * among many things, it includes a Flint wrapper
* [Flint](http://flintlib.org/) is a number theory library for the C programming language <font color="green">[maintained by William Hart]</font>

## <font color="blue">Nemo and Flint</font>

A quick taste of Julia:

In [None]:
function foo(L)
    m = L[1]    
    for i in 2:length(L)
        if m < L[i]
            m = L[i]
        end
    end
    return m
end

In [None]:
L = [2, 4, 1, 5, 7, 11, 17, 3]
foo(L)

## <font color="blue">Nemo and Flint</font>

In [None]:
using Nemo

We can play with standard mathematical objects

In [None]:
p = 13
k, x = FiniteField(p, 4, "x")
R, T = PolynomialRing(k, "T")
P = rand(R, 3)

## <font color="blue">The embedding problem</font>
*Example inspired by "On the powers of 2" <font color="green">[Granger, Kleinjung, Zumbrägel '14]</font>.*

Let $P$ be an irreducible polynomial in $\mathbb F_{13^4}[T]$

In [None]:
P = T^4+(8*x^3+6*x^2+12*x+2)*T^3+(8*x^3+3*x^2+2*x+2)*T^2+(2*x^3+5*x^2+7*x+12)*T+(3*x^3+4*x^2+6*x+5)
factor(P)

We really want to factor it in degree $2$ factors in $\mathbb F_{13^8}[U]$:

In [None]:
K, y = FiniteField(p, 8, "y")
S, U = PolynomialRing(K, "U")
Q = S(P)
factor(Q)

## <font color="blue">The embedding problem</font>

* $f$ irreducible polynomial of degree $m$ in $\mathbb F_p[X]$
* $g$ irreducible polynomial of degree $n$ in $\mathbb F_p[Y]$
* $m\;|\;n$
* $E = \mathbb F_p[X]/(f(X))$
* $F = \mathbb F_p[Y]/(g(Y))$

<center> $E\cong \mathbb F_{p^m} \hookrightarrow F\cong \mathbb F_{p^n}$ </center>

* <font color="red"> **Embedding problem:** </font> how to compute the embedding from $E$ to $F$ ?

## <font color="blue">Description and evaluation</font>

<font color="green">[Brieulle, De Feo, Doliskani, Flori, Schost '17]</font>

**<font color="red">Two steps:</font>**
- <font color=#9966ff>Description:</font> find $\alpha_1, \alpha_2$ such that:
    - $E = \mathbb F_p(\alpha_1)$
    - *there exists* an embedding $\phi:E\to F$ mapping $\alpha_1\mapsto\alpha_2$
- <font color=#9966ff>Evaluation:</font> 
    - Compute $\phi(\gamma)\in F$ for $\gamma\in E$
    - Test if $\delta\in\phi(E)$ for $\delta\in F$
    - If $\delta\in\phi(E)$, compute $\phi^{-1}(\delta)\in E$    

## <font color="blue">Description - naive algorithm</font>

**<font color="red">Context:</font>**
- $E = \mathbb{F}_p[X]/(f)$
- $F=\mathbb{F}_p[Y]/(g)$

**<font color="red">Algorithm:</font>**
- Find a root $\rho$ of $f$ in $F$
- $\alpha_1 = \overline X$
- $\alpha_2 = \rho$

**<font color="red">Other algorithms exist:</font>**
- <font color="green">[Lenstra '91]</font>
- <font color="green">[Allombert '02]</font>
- <font color="green">[Rains '96]</font>
- <font color="green">[Narayanan '18]</font>

## <font color="blue">Description - naive algorithm</font>

Compute an embedding with `embed`.

In [None]:
E, x = FiniteField(13, 6, "x")
F, y = FiniteField(13, 12, "y")
ϕ = embed(E, F) 

and evaluate it

In [None]:
ϕ(x)

## <font color="blue">Some sanity checks</font>

We can check that `ϕ` is indeed a morphism:

In [None]:
a = rand(E)
b = rand(E)
ϕ(a^2 + b^7) == ϕ(a)^2 + ϕ(b)^7

and that the image of ϕ is in the subfield of $F$ with $13^6$ elements

In [None]:
ϕ(a)^(13^6) == ϕ(a), ϕ(b)^(13^6) == ϕ(b)

## <font color="blue">The end ?</font>

<center> <img src="img/end.png"> </center>

# <center><font color="red">No!</font></center>

## <font color="blue">The compatibility problem</font>

Assume the user wants to use many extensions of $\mathbb F_p$:

<center> <img src="img/extensions.png"> </center>

## <font color="blue">The compatibility problem</font>

**<font color="red">Context:</font>**
* $E$, $F$, $G$ fields
* $E$ subfield of $F$ and $F$ subfield of $G$
* $\phi_{E\hookrightarrow F}$, $\phi_{F\hookrightarrow G}$, $\phi_{E\hookrightarrow G}$ embeddings

<center>
<img src="img/compatibility.png">
<font color="red">$\phi_{F\hookrightarrow G}\circ\phi_{E\hookrightarrow F}\overset{?}{=}\phi_{E\hookrightarrow G}$</font>
</center>

## <font color="blue">The compatibility problem</font>

**<font color="red">Solutions:</font>**

- Conway polynomials <font color="green">[Parker '90]</font>, <font color="green">[Heath, Loehr '98]</font>
    - used in Magma, Sage,  PARI, ...
    - only practical with small finite fields
- Bosma, Cannon and Steel framework <font color="green">[Bosma, Cannon, Steel '97]</font>

## <font color="blue">Bosma, Cannon and Steel framework</font>

- Allows to work with arbitrary, user-defined finite fields
- Allows to build the embeddings in arbitrary order
- Used in MAGMA
- based on the naive algorithm

## <font color="blue">Bosma, Cannon and Steel framework</font>
<center> <img src="img/triangle.png"> </center>

- Consider $\alpha$ such that $F=\mathbb{F}_p(\alpha)$
- Take $\rho$ a root of $\phi_{E\hookrightarrow G}(\text{Minpoly}_E(\alpha))$
- Map $\alpha\mapsto\rho$

## <font color="blue">Bosma, Cannon and Steel framework</font>

It works with multiple subfields!
<center> <img src="img/triangles.png"> </center>

- Consider $\alpha$ such that $F=\mathbb{F}_p(\alpha)$
- Take $\rho$ a root of $\text{gcd}_i(\phi_{E_i\hookrightarrow G}(\text{Minpoly}_{E_i}(\alpha)))$
- Map $\alpha\mapsto\rho$

## <font color="blue">The compatibility problem</font>

We define some finite fields $E = \mathbb F_{p^2}$, $F = \mathbb F_{p^4}$ and $G = \mathbb F_{p^8}$.

In [None]:
p = 5

E, x2 = FiniteField(p, 2, "x2")
F, x4 = FiniteField(p, 4, "x4")
G, x8 = FiniteField(p, 8, "x8")

and we compute the embeddings $\phi_{E\hookrightarrow F}$, $\phi_{F\hookrightarrow G}$, $\phi_{E\hookrightarrow G}$

In [None]:
ϕE_F = embed(E, F)
ϕE_G = embed(E, G)
ϕF_G = embed(F, G)

## <font color="blue">The compatibility problem</font>

**<font color="red">Morphisms are compatible!</font>**

In [None]:
a = rand(E)
ϕE_G(a) == (ϕF_G ∘ ϕE_F)(a)

## <font color="blue">The compatibility problem II</font>

<center><img src="img/compatibility2.png">
<font color="red">$\phi_{G\hookrightarrow H}\circ\phi_{E\hookrightarrow G}\overset{?}{=}\phi_{F\hookrightarrow H}\circ\phi_{E\hookrightarrow F}$</font>
</center>

## <font color="blue">The compatibility problem II</font>

We create new finite fields

In [None]:
G, x6 = FiniteField(p, 6, "x6")
H, x12 = FiniteField(p, 12, "x12")

and embeddings between them

In [None]:
ϕE_G = embed(E, G)
ϕF_H = embed(F, H)
ϕG_H = embed(G, H)

## <font color="blue">The compatibility problem II</font>


**<font color="red">Morphisms are still compatible!</font>**

In [None]:
a = rand(E)
(ϕG_H ∘ ϕE_G)(a) == (ϕF_H ∘ ϕE_F)(a)

## <font color="blue">Implicit conversion</font>

We do not need to explicitly call ``embed``. Standard object oriented conversion also works.

In [None]:
k3, x3 = FiniteField(p, 3, "x3")
k24, x24 = FiniteField(p, 24, "x24")

In [None]:
z = k24(x3)

In [None]:
z^(p^3) == z

In [None]:
k3(z)

## <font color="blue">Sections</font>

We can also compute sections of morphisms.

In [None]:
k7, x7 = FiniteField(p, 7, "x7")
k21, x21 = FiniteField(p, 21, "x21")

In [None]:
f7_21 = embed(k7, k21)

In [None]:
s21_7 = section(f7_21)

## <font color="blue">Sections</font>

Sections give the preimage of an element if it is in the codomain of the embedding

In [None]:
a = rand(k7)  
(s21_7 ∘ f7_21)(a) == a

And throw an error otherwise

In [None]:
s21_7(x21)

## <font color="blue">Sections</font>


This can also be called implicitly

In [None]:
k7(k21(x7))

In [None]:
k7(x21)

## <font color="blue">Behind the scenes</font>

- root finding is done by *Flint* (in C)
- minimal polynomials are computed by *Nemo* (in Julia)
- additionnal requirements of Bosma, Cannon and Steel framework are done in *Nemo*
- (almost) all the time is spent in *root finding*
- embedding evaluation is done via *matrix-vector multiplication*

## <font color="blue">More features planned</font>

- Vector space morphisms,
- Algorithmic improvements,
- more efficient framework using Lenstra/Allombert embedding algorithm as building block

# <center> Thank you! </center>