In [1]:
from itertools import izip_longest

def composed_product(P, Q):
    '''
    Composed product of P and Q
    '''
    A = P.parent()
    x = A.gen()
    m, n = P.degree(), Q.degree()
    dual = lambda R, d: R.derivative().reverse().multiplication_trunc(R.reverse().inverse_series_trunc(d), d)
    lift = A([(a*b) for a,b in izip_longest(dual(P, 2*m*n+1), dual(Q, 2*m*n+1), fillvalue=0)])
    R = lift.rational_reconstruct(x^(2*m*n+1), m*n, m*n)[1].reverse().monic()
    assert R.degree() == m*n
    return R

In [2]:
# Test
A.<x> = GF(5)[]

B.<X,Y> = GF(5)[]

for i in range(20):
    n = randrange(2,10)
    m = randrange(1,4)
    P = A.irreducible_element(n)
    Q = A.irreducible_element(n+m)
    R = composed_product(P, Q)
    assert R.degree() == P.degree() * Q.degree()
    assert P(X).resultant(Q.reverse()(X*Y)).univariate_polynomial()(x).reverse() == R

In [3]:
def primary_irred(A, q, e):
    return A.irreducible_element(q^e)
def cyclo_deg(k, n):
    return Zmod(n)(k.characteristic()).multiplicative_order()

In [4]:
def irred(k, n):
    A = PolynomialRing(k, 'x')
    P = A.gen() - 1
    for q, e in n.factor():
        P = composed_product(P, primary_irred(A, q, e))
    return P

In [5]:
def complete_algebra(k, n):
    
    q = k.order()
    P = irred(k, q^n-1)
    
    m = GF(q^n).multiplicative_generator().minimal_polynomial()
    K.<z> = GF(q^(q^n-1), modulus = P, check_irreducible = False)
    A = K['z']
    h = A(m)
    
    return sage.rings.polynomial.polynomial_quotient_ring.PolynomialQuotientRing_domain(A, h, 'z')

In [6]:
def frob_l(a, i=1):
    A = a.parent()
    q = a.base_ring().base_ring().order()
    return A(list(c^(q^i) for c in a))

def frob_r(a, i=1):
    A = a.parent()
    z = A.gen()
    q = a.base_ring().base_ring().order()
    return sum(c*z^(j*q^i) for j, c in enumerate(a))

def norm_r(x, a, b):
    d = b//a
    return product(frob_r(x, a*j) for j in range(d))

def nth_root_r(x, n):
    A = x.parent()
    k = A.base_ring().base_ring()
    C = k.extension(A.modulus().change_ring(k), 'x')
    y = C([k(a) for a in x.list()])
    return A(y.nth_root(n))

In [7]:
def change_basis(elem, basis, d2):
    
    k = elem.base_ring()
    d1 = elem.parent().degree()
    A = MatrixSpace(k, d1, d2)()
    
    for i in range(d2):
        L = (basis^i).list()
        for j in range(d1):
            A[j,i] = L[j]
            
    S2 = MatrixSpace(k, d1, 1)
    B = S2(elem.list())
    X = A.solve_right(B)
    
    return X[0,0]

"""
Express `elem` in the base `newbase`. Outputs a column matrix.
"""
def base_change(elem, newbase):
    k = elem.base_ring()
    d = elem.parent().degree()
    A = MatrixSpace(k, d, d)()
    
    for i in range(d):
        L = (newbase^i).list()
        for j in range(d):
            A[j,i] = L[j]
            
    B = A^-1
    S = MatrixSpace(k, d, 1)
    X = S(elem.list())
    Y = B*X
    return Y

In [8]:
def is_h90(a, zeta):
    return frob_l(a) == zeta * a

def solve_h90(A, z = None):
    x = A(1)
    n = A.base_ring().degree()
    if z == None:
        z = A.gen()
    while not is_h90(x, z):
        x = A.random_element()
        x = sum(frob_l(x, i)*z^-i for i in range(n))
    return x

def solve_h90bis(A, z = None, more = False, l = None):
    x = A(1)
    n = A.base_ring().degree()
    if l == None:
        l = n
    if z == None:
        z = A.gen()
    while not is_h90(x, z):
        x = A.random_element()
        y = x
        zinv = z^-1
        zz = A.one()
        for i in range(1, n):
            zz *= zinv
            y = frob_l(y)
            x += y*zz
    
    if not more:
        return x
    else:
        k = A.base_ring().base_ring()
        t = (A.gen()^A.degree())/(x^l)
        return x*nth_root_r(t, l)

def test_h90(A, x, n = 10):
    z = A.gen()
    x1, x2 = x, x
    x1 = sum(frob_l(x1, i)*z^-i for i in range(n))
    
    y = x
    zinv = z^-1
    zz = A.one()
    for i in range(1, n):
        zz *= zinv
        y = frob_l(y)
        x2 += y*zz
    
    return x1 == x2

def time_h90(A, x, n = 10):
    z = A.gen()
    return sum(frob_l(x, i)*z^-i for i in range(n))

def time_h90bis(A, x, n = 10):
    z = A.gen()
    y = x
    zinv = z^-1
    zz = A.one()
    for i in range(1, n):
        zz *= zinv
        y = frob_l(y)
        x += y*zz
    return x

In [9]:
def trans(x, v):
    n, l = v.dimensions()
    for j in range(l):
        L = x[j].polynomial().list()
        for i in range(len(L)):
            v[i, j] = L[i]
    return v
    

def frob_lbis(x, M):
    
    A = x.parent()
    n = A.base_ring().degree()
    l = A.degree()
    V = MatrixSpace(A.base_ring().base_ring(), n, l)
    v = V()

    %time v = trans(x, v) # 90+ % spent here ... too bad
    Y = M*v
    
    return Y

In [10]:
def basis_matrix(a, n = None):
    K = a.parent()
    m = K.degree()
    
    if n == None:
        n = m
    
    k = K.prime_subfield()
    S = MatrixSpace(k, m, n)()
    for j in range(n):
        L = (a^j).polynomial().list()
        i = 0
        for l in L:
            S[i, j] = l
            i += 1
    return S

def fflist(x):
    L = x.polynomial().list()
    l = len(L)
    k = x.parent()
    d = k.degree()
    if l < d:
        L += (d-l)*[k()]
        
    return L

def compute_map(a, b):
    
    A = basis_matrix(a)
    B = basis_matrix(b, a.parent().degree())
    C = B*A^(-1)
    
    K = b.parent()
    k = K.prime_subfield()
    S = MatrixSpace(k, a.parent().degree(), 1)

    return lambda x : K((C*S(fflist(x))).column(0))

def compute_emb(h1, h2):
    
    A, B = h1.parent(), h2.parent()
    a, b = A.degree(), B.degree()
    l, m = h1.base_ring().degree(), h2.base_ring().degree()

    p = h1.parent().characteristic()
    
    zeta_l, ZETA_L = A.gen()^((p^a-1)/l), B.gen()^((p^b-1)/l)

    u = base_change(h1, zeta_l)[0, 0]
    v = change_basis(h2, ZETA_L, a)
    return compute_map(u, v)

In [11]:
def allombert(hl, hm):
    Al, Am = hl.parent(), hm.parent()
    a, b = Al.degree(), Am.degree()
    za = Am.gen()^((p^b-1)/(p^a-1))
    k = Al.base_ring().base_ring()
    R = k['x']
    l, m = Al.base_ring().degree(), Am.base_ring().degree()
    al, am = Am(R((hl^(l)).list()).subs(za)), hm^(m)
    r = nth_root_r(al/am, l)
    return r * hm^(m//l)

def factor_refinement(l, m):
    
    t = gcd(l, m)
    u, v = m//t, t
    d = gcd(u, v)
    
    while d != 1: 
        u, v = u//d, v*d
        d = gcd(u, v)
    
    return v, u
"""
Return N, e, t such that Norm( (alpha_N)^e ) = (a_l)^t · alpha_l
and m | N.
"""
def height(p, l, m):
    k = GF(p)
    a, b = cyclo_deg(k, l), cyclo_deg(k, m)
    S = p^a-1
    x, y = m//l, (p^b-1)//S
    
    xl, (yl, ym) = factor_refinement(l, x)[0], factor_refinement(l, y)
    t = (yl/xl).denominator()
    
    u = factor_refinement(l, m)[1]
        
    N = l*yl*t*u
    f = ym/u
    
    e = inverse_mod(f.numerator(), l)
    
    return N, t*e*f.denominator(), ((f.numerator()*e)//l)%S

def test_height(p, l, m):
    k = GF(p)
    R = k['z']
    N, e, c = height(p, l, m)
    a, b = cyclo_deg(k, l), cyclo_deg(k, m)
    Fpb = GF(p^b)
    zb = Fpb.multiplicative_generator()
    Pb = zb.minimal_polynomial()
    Pa = (zb^((p^b-1)//(p^a-1))).minimal_polynomial()
    Ab = PolynomialQuotientRing(GF(p^N)["x"], Pb.change_ring(GF(p^N)))
    Aa = PolynomialQuotientRing(GF(p^l)["x"], Pa.change_ring(GF(p^l)))
    
    hl = solve_h90bis(Aa, Aa.gen()^((p^a-1)//l), True)
    hN = solve_h90bis(Ab, Ab.gen()^((p^b-1)//N), True)
        
    CN = k.extension(Pb, 'z')
    za = CN.gen()^((p^b-1)//(p^a-1))
    al = Ab(R((hl^l).list()).subs(za))
    
    HL = allombert(hl, hN)
    
    t = (al^c)^-1 * (norm_r(hN, a, b))^e
    
    return Aa, Ab, t, HL, hl, hN

In [None]:
def test_same_r(p, l, m):
    k = GF(p)
    R = k['z']
    a = cyclo_deg(k, l)
    Fpa = GF(p^a)
    za = Fpa.multiplicative_generator()
    Pa = za.minimal_polynomial()

    Am = PolynomialQuotientRing(GF(p^m)["x"], Pa.change_ring(GF(p^m)))
    Al = PolynomialQuotientRing(GF(p^l)["x"], Pa.change_ring(GF(p^l)))
    
    
    hl = solve_h90bis(Am, Am.gen()^((p^a-1)//l), True, l)
    hm = solve_h90bis(Am, Am.gen()^((p^a-1)//m), True)
    
    C = k.extension(Pa, 'z')
    al = hl^l # Am(R((hl^l).list()).subs(C.gen()))
    am = hm^m
    
    u = hl/(hm^(m//l))
    r = nth_root_r(u, m//l)
    
    t = r * hm
    
    return hl, t

In [190]:
def test_triplet(p, l, m, n):

    k = GF(p)
    R = k['z']
    a, b, c = cyclo_deg(k, l), cyclo_deg(k, m), cyclo_deg(k, n)
    
    Fpc = GF(p^c)
    zc = Fpc.multiplicative_generator()
    Pc = zc.minimal_polynomial()
    Pb = (zc^((p^c-1)//(p^b-1))).minimal_polynomial()
    Pa = (zc^((p^c-1)//(p^a-1))).minimal_polynomial()
    
    Nb, eb, cb = height(p, l, m)
    Nc, ec, cc = height(p, m, n)
    Nbc, ebc, cbc = height(p, l, n)
    
    Ac = PolynomialQuotientRing(GF(p^Nc)["x"], Pc.change_ring(GF(p^Nc)))
    Ab = PolynomialQuotientRing(GF(p^Nb)["x"], Pb.change_ring(GF(p^Nb)))
    Aa = PolynomialQuotientRing(GF(p^l)["x"], Pa.change_ring(GF(p^l)))
    
    hl = solve_h90bis(Aa, Aa.gen()^((p^a-1)//l), True)
    hNb = solve_h90bis(Ab, Ab.gen()^((p^b-1)//Nb), True)
    hNc = solve_h90bis(Ac, Ac.gen()^((p^c-1)//Nc), True)
    
    CNb = k.extension(Pb, 'z')
    za = CNb.gen()^((p^b-1)//(p^a-1))
    al = Ab(R((hl^l).list()).subs(za))
    
    CNc = k.extension(Pc, 'z')
    ZA = CNc.gen()^((p^c-1)//(p^a-1))
    AL = Ac(R((hl^l).list()).subs(ZA))
    ZB = CNc.gen()^((p^c-1)//(p^b-1))
    AM = Ac(R((hNb^m).list()).subs(ZB))
    
    HLb = (al^cb)^-1 * norm_r(hNb, a, b)^eb
    HLc = (AL^cbc)^-1 * norm_r(hNc, a, c)^ebc
    HM = (AM^cc)^-1 * norm_r(hNc, b, c)^ec
    
    f = compute_emb(hl, HLb)
    g = compute_emb(hNb, HM)
    h = compute_emb(hl, HLc)
     
    return f, g, h

In [186]:
p, l, m, n = 5, 3, 9, 27

In [187]:
height(p, l, m), height(p, m, n), height(p, l, n)

((9, 1, 0), (27, 1, 12152), (27, 1, 0))

In [188]:
f, g, h = test_triplet(p, l, m, n)
K = GF(p^l)
x = K.gen()

In [189]:
g(f(x)) == h(x)

True