# Finite Fields 03: $\mathbb{F}_{2^4}$ over $\mathbb{F}_2$

In [56]:
# Constructing F16, the four extensions 
#
# Outline 

#   1. Minimal polynomial
#   2. order
#   3. Isomorphism
#   4. Extension


# Define Galois Field F2

F2 = GF(2)

# Define the polynomial ring over F2

R2.<x> = F2[]

def conjugates(t):
    r = []
    for i in [1,2,4,8,16]:
        t2 = t^i
        if t2 in r:
            continue
        r.append(t^i)
    return r

def ord(elem, card=None):
    K = elem.parent()
    if card == None:
        card = K.order()
    for i in range(1, card):
        if elem**i == 1:
            return i
    return "False"

def log(s, t):
    K = s.parent()
    for i in range(1, K.order()):
        if s^i == t:
            return i
    return "Failed"
    
def is_homomorphic(a, b, card=None):
    if card == None:
        card = a.parent().order()
    result = True
    for i in range(1, card):
        for j in range(1, card):
            aij = a^i + a^j
            bij = b^i + b^j
            r = log(a, aij) == log(b, bij)
            if not r:
                print("{},{}: ({}) + ({}) != ({}) + ({})".format(i,j,a^i, a^j,b^i, b^j))
                return
            result = result and r
    return result

def is_isomorphic(a, b):
    return (is_homomorphic(a, b) and is_homomorphic(b, a))
    
def search_roots(g, poly):
    K = g.parent()
    r = []
    for t in K:
        v = poly.subs(t)
        if v == 0:
            r.append(t)
    return r

In [2]:
# Define F16 as a quartic extension over F2

F16_a.<a> = F2.extension(x^4 + x + 1, 'a')
F16_a.list()

[0,
 a,
 a^2,
 a^3,
 a + 1,
 a^2 + a,
 a^3 + a^2,
 a^3 + a + 1,
 a^2 + 1,
 a^3 + a,
 a^2 + a + 1,
 a^3 + a^2 + a,
 a^3 + a^2 + a + 1,
 a^3 + a^2 + 1,
 a^3 + 1,
 1]

In [3]:
# List all elements with `a^i`

for i in range(1,16): print("{}: {}".format(i, a^i))

# We can conclude that `a` is a primitive element of F16

1: a
2: a^2
3: a^3
4: a + 1
5: a^2 + a
6: a^3 + a^2
7: a^3 + a + 1
8: a^2 + 1
9: a^3 + a
10: a^2 + a + 1
11: a^3 + a^2 + a
12: a^3 + a^2 + a + 1
13: a^3 + a^2 + 1
14: a^3 + 1
15: 1


In [4]:
# F16 is the splitting field of (x^16 - x), but which cannot be factorized completely over F2[x]

# Keep in mind that `x` is the indeterminate of F2[x] Ring.

(x^16 - x).factor()

# Output: 
#
# (x^16 - x) = 
#       x * (x + 1) * (x^2 + x + 1) 
#         * (x^4 + x + 1) * (x^4 + x^3 + 1) 
#         * (x^4 + x^3 + x^2 + x + 1)

x * (x + 1) * (x^2 + x + 1) * (x^4 + x + 1) * (x^4 + x^3 + 1) * (x^4 + x^3 + x^2 + x + 1)

In [5]:
# According to the factorization, all elements in F16_a 
#   can be partitioned into 5 sets:
#
#   [0, 1]                  // from F2
#   [?, ?]                  // 2 distinct roots from  `x^2 + x + 1`
#   [?, ?, ?, ?]            // 4 distinct roots from `x^4 + x + 1`
#   [?, ?, ?, ?]            // 4 distinct roots from `x^4 + x^3 + 1`
#   [?, ?, ?, ?]            // 4 distinct roots from `x^4 + x^3 + x^2 + x + 1`

# List the orders of all elements:

for i in range(1,16): print("{:3}, ord={}, \t {}".format(i, ord(a^i), a^i))

  1, ord=15, 	 a
  2, ord=15, 	 a^2
  3, ord=5, 	 a^3
  4, ord=15, 	 a + 1
  5, ord=3, 	 a^2 + a
  6, ord=5, 	 a^3 + a^2
  7, ord=15, 	 a^3 + a + 1
  8, ord=15, 	 a^2 + 1
  9, ord=5, 	 a^3 + a
 10, ord=3, 	 a^2 + a + 1
 11, ord=15, 	 a^3 + a^2 + a
 12, ord=5, 	 a^3 + a^2 + a + 1
 13, ord=15, 	 a^3 + a^2 + 1
 14, ord=15, 	 a^3 + 1
 15, ord=1, 	 1


In [6]:
# According to the factorization, all elements in F16_a 
#   can be partitioned into 5 sets:
#
#   [0, 1]  // from F2
#   [a^2 + a, a^2 + a + 1]     // 2 roots from  `x^2 + x + 1`,  ord(.) = 3
#   [?, ?, ?, ?]               // 4 roots from  `x^4 + x + 1`,  
#   [?, ?, ?, ?]               // 4 roots from `x^4 + x^3 + 1`
#   [?, ?, ?, ?]               // 4 roots from `x^4 + x^3 + x^2 + x + 1`

conjugates(a)

# Output: 
#  [a, a^2, a + 1, a^2 + 1]

[a, a^2, a + 1, a^2 + 1]

In [7]:
# According to the factorization, all elements in F16_a 
#   can be partitioned into 5 sets:
#
#   [0, 1]  // from F2
#   [a^2 + a, a^2 + a + 1]     // 2 roots from  `x^2 + x + 1`,  ord(.) = 3
#   [a, a^2, a + 1, a^2 + 1]   // 4 roots from  `x^4 + x + 1`,  ord(.) = 15
#   [?, ?, ?, ?]               // 4 roots from `x^4 + x^3 + 1`
#   [?, ?, ?, ?]               // 4 roots from `x^4 + x^3 + x^2 + x + 1`

# Find some element whose order is 15 but not in `conjugates(a)`

conjugates(a^3 + 1)

# Output: 
#  [a^3 + 1, a^3 + a^2 + 1, a^3 + a^2 + a, a^3 + a + 1]

[a^3 + 1, a^3 + a^2 + 1, a^3 + a^2 + a, a^3 + a + 1]

In [8]:
# According to the factorization, all elements in F16_a 
#   can be partitioned into 5 sets:
#
#   [0, 1]  // from F2
#   [a^2 + a, a^2 + a + 1]                                  // 2 roots from  `x^2 + x + 1`,  ord(.) = 3
#   [a, a^2, a + 1, a^2 + 1]                                // 4 roots from  `x^4 + x + 1`,  ord(.) = 15
#   [a^3 + 1, a^3 + a^2 + 1, a^3 + a^2 + a, a^3 + a + 1]    // 4 roots from `x^4 + x^3 + 1`  ord(.) = 15
#   [?, ?, ?, ?]                                            // 4 roots from `x^4 + x^3 + x^2 + x + 1`

# The remain elements are with order 5, and they are conjugates

conjugates(a^3), ord(a^3)

# Output: 
#  [a^3, a^3 + a^2, a^3 + a^2 + a + 1, a^3 + a], 5

([a^3, a^3 + a^2, a^3 + a^2 + a + 1, a^3 + a], 5)

In [9]:
# All elements in F16_a can be partitioned into 5 sets:
#
#   [0, 1]  // from F2
#   [a^2 + a, a^2 + a + 1]                                  // 2 roots from  `x^2 + x + 1`,  ord(.) = 3
#   [a, a^2, a + 1, a^2 + 1]                                // 4 roots from  `x^4 + x + 1`,  ord(.) = 15
#   [a^3 + 1, a^3 + a^2 + 1, a^3 + a^2 + a, a^3 + a + 1]    // 4 roots from `x^4 + x^3 + 1`  ord(.) = 15
#   [a^3, a^3 + a^2, a^3 + a^2 + a + 1, a^3 + a]            // 4 roots from `x^4 + x^3 + x^2 + x + 1`  ord(.) = 5

def ff_splitting_polynomial(F):
    poly = 1
    for t in F:
        poly = poly * (x - t)    
    return poly 

ff_splitting_polynomial(F16_a) == x^16 - x

# Output: 
#  [a^3, a^3 + a^2, a^3 + a^2 + a + 1, a^3 + a], 5

True

In [10]:
# Minimal Polynomial

# The minimal polynomial f(x) of `t` over K is the monic polynomial in K[x] of least 
# degree having `f(t) = 0`

# One simple way of computing minial polynomial is to compute the vanishing polynomial of conjugate roots

def minimal_poly(t, X):
    roots = conjugates(t)
    poly = 1
    for r in roots:
        poly = poly * (X+r)
    return poly

# Compute minimal polynomial of a^3 over F2, since `x` is the indeterminate of F2[x]

minimal_poly(a^3, x)

x^4 + x^3 + x^2 + x + 1

In [11]:
# Show the minimal polynomial over F2 for each elements from F16^*

for i in range(1,16):
    print("{:2}, ord={}, \t mini-poly={}, \t\t {}".format(i, ord(a^i), minimal_poly(a^i, x), a^i))

 1, ord=15, 	 mini-poly=x^4 + x + 1, 		 a
 2, ord=15, 	 mini-poly=x^4 + x + 1, 		 a^2
 3, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 a^3
 4, ord=15, 	 mini-poly=x^4 + x + 1, 		 a + 1
 5, ord=3, 	 mini-poly=x^2 + x + 1, 		 a^2 + a
 6, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 a^3 + a^2
 7, ord=15, 	 mini-poly=x^4 + x^3 + 1, 		 a^3 + a + 1
 8, ord=15, 	 mini-poly=x^4 + x + 1, 		 a^2 + 1
 9, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 a^3 + a
10, ord=3, 	 mini-poly=x^2 + x + 1, 		 a^2 + a + 1
11, ord=15, 	 mini-poly=x^4 + x^3 + 1, 		 a^3 + a^2 + a
12, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 a^3 + a^2 + a + 1
13, ord=15, 	 mini-poly=x^4 + x^3 + 1, 		 a^3 + a^2 + 1
14, ord=15, 	 mini-poly=x^4 + x^3 + 1, 		 a^3 + 1
15, ord=1, 	 mini-poly=x + 1, 		 1


In [12]:
# There are three irreducible polynomials
#
#  (x^4 + x + 1), (x^4 + x^3 + 1) and (x^4 + x^3 + x^2 + x + 1) 

# So we have two more different approaches to construct F16 by using 
#   (x^4 + x^3 + 1) and (x^4 + x^3 + x^2 + x + 1)

# The second definition of F16, 4-degree extension over F2

F16_b.<b> = F2.extension(x^4 + x^3 + 1, 'b')
F16_b

Finite Field in b of size 2^4

In [13]:
minimal_poly(b, x)

x^4 + x^3 + 1

In [14]:
minimal_poly(b+1, x)

x^4 + x^3 + x^2 + x + 1

In [15]:
minimal_poly(b^2+b, x)

x^4 + x + 1

In [16]:
conjugates(b), conjugates(b+1)

([b, b^2, b^3 + 1, b^3 + b^2 + b], [b + 1, b^2 + 1, b^3, b^3 + b^2 + b + 1])

In [17]:
conjugates(b^2+b)

[b^2 + b, b^3 + b^2 + 1, b^2 + b + 1, b^3 + b^2]

In [18]:
# Partition of F16_b:
#
#   [0, 1]  // from F2
#   [b^3 + b, b^3 + b + 1]                           // from  `x^2 + x + 1`
#   [b^2 + b, b^3 + b^2 + 1, b^2 + b + 1, b^3 + b^2] // from `x^4 + x + 1`
#   [b, b^2, b^3 + 1, b^3 + b^2 + b]                 // from `x^4 + x^3 + 1`
#   [b + 1, b^2 + 1, b^3, b^3 + b^2 + b + 1]         // from `x^4 + x^3 + x^2 + x + 1`

for i in range(1,16):
    print("{:2}, ord={}, \t mini-poly={}, \t\t {}".format(i, ord(b^i), minimal_poly(b^i, x), b^i))

 1, ord=15, 	 mini-poly=x^4 + x^3 + 1, 		 b
 2, ord=15, 	 mini-poly=x^4 + x^3 + 1, 		 b^2
 3, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 b^3
 4, ord=15, 	 mini-poly=x^4 + x^3 + 1, 		 b^3 + 1
 5, ord=3, 	 mini-poly=x^2 + x + 1, 		 b^3 + b + 1
 6, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 b^3 + b^2 + b + 1
 7, ord=15, 	 mini-poly=x^4 + x + 1, 		 b^2 + b + 1
 8, ord=15, 	 mini-poly=x^4 + x^3 + 1, 		 b^3 + b^2 + b
 9, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 b^2 + 1
10, ord=3, 	 mini-poly=x^2 + x + 1, 		 b^3 + b
11, ord=15, 	 mini-poly=x^4 + x + 1, 		 b^3 + b^2 + 1
12, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 b + 1
13, ord=15, 	 mini-poly=x^4 + x + 1, 		 b^2 + b
14, ord=15, 	 mini-poly=x^4 + x + 1, 		 b^3 + b^2
15, ord=1, 	 mini-poly=x + 1, 		 1


In [19]:
# The third approach of constructing F16

F16_c.<c> = F2.extension(x^4 + x^3 + x^2 + x + 1, 'c')
F16_c

Finite Field in c of size 2^4

In [20]:
minimal_poly(c, x)

x^4 + x^3 + x^2 + x + 1

In [21]:
minimal_poly(c+1, x)

x^4 + x^3 + 1

In [22]:
minimal_poly(c^2 + c, x)

x^4 + x + 1

In [23]:
# F16_c Partition

for i in range(1,16):
    print("{:2}, ord={}, \t mini-poly={}, \t\t {}".format(i, ord(c^i), minimal_poly(c^i, x), c^i))

# Ooops, `c` is not a primitive element of F16_c
#
# Why??

 1, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c
 2, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c^2
 3, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c^3
 4, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c^3 + c^2 + c + 1
 5, ord=1, 	 mini-poly=x + 1, 		 1
 6, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c
 7, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c^2
 8, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c^3
 9, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c^3 + c^2 + c + 1
10, ord=1, 	 mini-poly=x + 1, 		 1
11, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c
12, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c^2
13, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c^3
14, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c^3 + c^2 + c + 1
15, ord=1, 	 mini-poly=x + 1, 		 1


In [24]:
# Find a primitive element whose order is `15`

ord(c+1)

15

In [25]:
# F16_c Partition
#
#   [0, 1]                                              // from F2
#   [c^3 + c^2, c^3 + c^2 + 1]                          // from  `x^2 + x + 1`
#   [c^2 + c + 1, c^3 + c, c^2 + c, c^3 + c + 1]        // from `x^4 + x + 1`
#   [c + 1, c^2 + 1, c^3 + c^2 + c, c^3 + 1]            // from `x^4 + x^3 + 1`
#   [c, c^2, c^3 + c^2 + c + 1, c^3]                    // from `x^4 + x^3 + x^2 + x + 1`

for i in range(1,16):
    print("{:2}, ord={}, \t mini-poly={}, \t\t {}".format(i, ord((c+1)^i), minimal_poly((c+1)^i, x), (c+1)^i))

 1, ord=15, 	 mini-poly=x^4 + x^3 + 1, 		 c + 1
 2, ord=15, 	 mini-poly=x^4 + x^3 + 1, 		 c^2 + 1
 3, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c^3 + c^2 + c + 1
 4, ord=15, 	 mini-poly=x^4 + x^3 + 1, 		 c^3 + c^2 + c
 5, ord=3, 	 mini-poly=x^2 + x + 1, 		 c^3 + c^2 + 1
 6, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c^3
 7, ord=15, 	 mini-poly=x^4 + x + 1, 		 c^2 + c + 1
 8, ord=15, 	 mini-poly=x^4 + x^3 + 1, 		 c^3 + 1
 9, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c^2
10, ord=3, 	 mini-poly=x^2 + x + 1, 		 c^3 + c^2
11, ord=15, 	 mini-poly=x^4 + x + 1, 		 c^3 + c + 1
12, ord=5, 	 mini-poly=x^4 + x^3 + x^2 + x + 1, 		 c
13, ord=15, 	 mini-poly=x^4 + x + 1, 		 c^2 + c
14, ord=15, 	 mini-poly=x^4 + x + 1, 		 c^3 + c
15, ord=1, 	 mini-poly=x + 1, 		 1


In [26]:
# We can see that (x^4 + x^3 + x^2 + x + 1) is different from the other two irreducible polynomials
#
# because the order of any of its root is `5` rather than `15`

# We introduce a new concept: Order of Polynomial
#
# Assume f \in F_p[x], and deg(f) = m, 
#
#  ord_poly(f) = the order of any root of f in F_{p^m}^* (multiplicative group)

def ord_poly(f, F):
    prim = F.primitive_element()
    root = search_roots(prim, f)[0]
    return ord(root)

ord_poly(x^4 + x^3 + x^2 + x + 1, F16_c)

# For any irreducible polynomial m-degree f in F_q,  
# 
#   ord_poly(f, F_{p^m}) divides `q^m - 1`

5

In [27]:
# The minimal polynomial of a primitive element of F_{p^m} is called
#
#  Primitive Polynomial

# Clearly, (x^4 + x^3 + x^2 + x + 1) is not a primitive polynomial,
# but (x^4 + x + 1) and (x^4 + x^3 + 1) are primitive polynomials.

# Their orders are equal to (p^m - 1)

ord_poly(x^4 + x^3 + 1, F16_c), ord_poly(x^4 + x + 1, F16_c)

# Output: 
#   (15, 15)

(15, 15)

In [28]:
# ISOMORPHISM
#
# F16_a ~= F16_b ~= F16_c

minimal_poly(a, x), minimal_poly(b^2+b, x)

# `a` and `b^2 + b` have same minimal polynomial over F2

(x^4 + x + 1, x^4 + x + 1)

In [29]:
# ISOMORPHISM
#
# F16_a ~= F16_b ~= F16_c

minimal_poly(b^2+b, x), minimal_poly(c^2 + c, x)

# `a`, `b^2+b` and `c^2 + c` have same minimal polynomial over F2

(x^4 + x + 1, x^4 + x + 1)

In [30]:
# Therefore, the map
#
#    g:  F16_b   --> F16_c
#     :  b^2 + b|--> c^2 + c
#
# is isomorphic

is_isomorphic(c^2 + c, b^2+b)

True

In [31]:
# The fourth approach of constructing F16

# F4 is subfield of F16 and F16 is a 2-degree extension over F4
#
# Construct F4 by using `x^2 + x + 1`, one of whose root is denoted by `u`

F4.<u> = F2.extension(x^2 + x + 1, 'u')

# Let's use a new symbol `y` to denote the indeterminate of polynomials over F4
# 
#   f(y): F4[y]

R4.<y> = F4[]

# Then we plan to construct a new F16 over F4 by using a 2-degree irreducible polynomial.
#
# Find one!

(y^2 + y + 1).factor()

# Output:
#    (y + u) * (y + u + 1)
#
# Clearly, (y^2 + y + 1) is reducible.

(y + u) * (y + u + 1)

In [32]:
# Quiz: let's add a primitive element to the efficients of f(y)

(y^2 + 1).factor()

# Output:
#    (y + u + 1)^2
#
# Failed
#
# (y^2 + u + 1) = (y + u)^2 

(y + 1)^2

In [33]:
# Try (y^2 + y + u),

(y^2 + y + u).factor()

# Output:
#    y^2 + y + u
#
# Made it!
#
# And try `(y^2 + uy + 1)` or `(y^2 + u*y + u)` 

y^2 + y + u

In [34]:
# Finally, construct F16 over F4 by `y^2 + y + u`

F16_d.<d> = F4.extension(y^2 + y + u, 'd')

# `d` denotes one root of `y^2 + y + u`

# Find other roots of `y^2 + y + u`

conjugates(d)

[d, d + u, d + 1, d + u + 1]

In [35]:
# `d` is the primitive element of F16_d

ord(d)

# Output:
#   15

15

In [36]:
for i in range(1,16): 
    print("{:3}, ord={:3},  {}".format(i, ord(d^i), d^i, ))

  1, ord= 15,  d
  2, ord= 15,  d + u
  3, ord=  5,  (u + 1)*d + u
  4, ord= 15,  d + 1
  5, ord=  3,  u
  6, ord=  5,  u*d
  7, ord= 15,  u*d + u + 1
  8, ord= 15,  d + u + 1
  9, ord=  5,  u*d + u
 10, ord=  3,  u + 1
 11, ord= 15,  (u + 1)*d
 12, ord=  5,  (u + 1)*d + 1
 13, ord= 15,  u*d + 1
 14, ord= 15,  (u + 1)*d + u + 1
 15, ord=  1,  1


In [37]:
# Compute minimal polynomial of `d` over F2

R16.<z> = F16_d[]
R16

minimal_poly(d, z) == z^4 + z + 1

True

In [38]:
# Because the minimal polynomial of `d` over F2 is equal to `a` (F16_a),
# We can easily define an isomorphic map from F16_a to F16_d
#
#  f: F16_a  |--> F16_d
#   :     a   --> d

is_isomorphic(a, d)

True

In [39]:
# F16_d = F4(d) = F2(u)(d) Partition
#
#   [0, 1]                                                // from F2
#   [u, u + 1]                                            // from  `x^2 + x + 1`
#   [d, d + u, d + 1, d + u + 1]                          // from `x^4 + x + 1`
#   [(u + 1)*d, u*d + u + 1, (u + 1)*d + u + 1, u*d + 1]  // from `x^4 + x^3 + 1`
#   [u*d + u, (u + 1)*d + u, u*d, (u + 1)*d + 1]          // from `x^4 + x^3 + x^2 + x + 1`

conjugates(u*d+1), conjugates(u*d)

# Output:
# ([u*d + 1, (u + 1)*d, u*d + u + 1, (u + 1)*d + u + 1],
#    [u*d, (u + 1)*d + 1, u*d + u, (u + 1)*d + u])

([u*d + 1, (u + 1)*d, u*d + u + 1, (u + 1)*d + u + 1],
 [u*d, (u + 1)*d + 1, u*d + u, (u + 1)*d + u])

In [40]:
(z^16 -z).factor()

z * (z + 1) * (z + u) * (z + u + 1) * (z + d) * (z + d + 1) * (z + d + u) * (z + d + u + 1) * (z + u*d) * (z + u*d + 1) * (z + u*d + u) * (z + u*d + u + 1) * (z + (u + 1)*d) * (z + (u + 1)*d + 1) * (z + (u + 1)*d + u) * (z + (u + 1)*d + u + 1)

In [41]:
minimal_poly_1 = (z-(d+u)) * (z -d) * (z - (d+1)) * (z - (d+u+1))
minimal_poly_1

z^4 + z + 1

In [42]:
# Field Embedding
#
# F4 is a subfield of F16
# 
# Find a homomorphic map: 
#
#  e : F4  --> F16_a
#   
#  such that (t + t') |--> e(t) + e(t')
#            (t * t') |--> e(t) * e(t')
# 

# Since `u^4 = 1`,  e(u^4) = e(u)^4 = 1
# we can have:
#
#   ord(e(u)) = 3

for i in range(1,16):
    print("{:2}, ord={}, \t\t {}".format(i, ord(a^i), a^i))

 1, ord=15, 		 a
 2, ord=15, 		 a^2
 3, ord=5, 		 a^3
 4, ord=15, 		 a + 1
 5, ord=3, 		 a^2 + a
 6, ord=5, 		 a^3 + a^2
 7, ord=15, 		 a^3 + a + 1
 8, ord=15, 		 a^2 + 1
 9, ord=5, 		 a^3 + a
10, ord=3, 		 a^2 + a + 1
11, ord=15, 		 a^3 + a^2 + a
12, ord=5, 		 a^3 + a^2 + a + 1
13, ord=15, 		 a^3 + a^2 + 1
14, ord=15, 		 a^3 + 1
15, ord=1, 		 1


In [57]:
# There are only two elements with order 3
#  (a^2 + a) and (a^2 + a + 1)

# let e : u |--> a^2 + a

is_homomorphic(u, a^2 + a)

#   u   |--> a^2 + a
#   u+1 |--> a^2 + a + 1
#   1   |--> 1
#   0   |--> 0

True

In [44]:
# Question: Can we find another 2-degree irreducible polynomial g(y) by which we extend F4 to F16_b (directly)?
#  It will imply that `b` is exactly the root of g(y) and induce an embedding map:
#    
#    e:  F4 --> F16_b
#        u |--> b^3 + b + 1  (ord(b^3 + b + 1) = 3)

ord(b^3 + b + 1)

3

In [45]:
# Double check, the minimal polynomial of `(b^3 + b + 1)` over F2 is:

minimal_poly((b^3 + b + 1), x) == x^2 + x + 1

True

In [46]:
# Recall the partition of F16_b:
#
#   [0, 1]  // from F2
#   [b^3 + b, b^3 + b + 1]                           // from  `x^2 + x + 1`
#   [b^2 + b, b^3 + b^2 + 1, b^2 + b + 1, b^3 + b^2] // from `x^4 + x + 1`
#   [b, b^2, b^3 + 1, b^3 + b^2 + b]                 // from `x^4 + x^3 + 1`
#   [b + 1, b^2 + 1, b^3, b^3 + b^2 + b + 1]         // from `x^4 + x^3 + x^2 + x + 1`

# The roots of `x^4 + x^3 + 1` are [b, b^2, b^3 + 1, b^3 + b^2 + b]
# 
# The galois group of F16_b over F2 is:  Gal(F16/F2) = (ɩ, σ(), σ(σ()), σ(σ(σ())))
# It has a subgroup:  Gal(F16/F4) = (ɩ, σ(σ())) ⊂  Gal(F16/F2)
#
# Thus, (b, b^4 = b^3 + 1) are the roots of some 2-degree irreducible polynormial over F4

(x + b) * (x + b^3 + 1)

x^2 + (b^3 + b + 1)*x + b^3 + b + 1

In [47]:
# While, `(b^3 + b + 1)` is the root of `x^2 + x + 1`, as seen in the partition of F16_b
# It has a name we are familiar with, `u`, which was used to construct F4 = F2(u). 
# 
# Therefore, `(b, b^4=b^3 + 1)` are two roots of `(y^2 + u * x + u)`:
# 
#     u    = b, 
#    u + 1 = b^3 + 1
#
# Recall that `(y^2 + u * x + u)` is indeed irreducible over F4. It is what we are looking for.
#
# Construct F16_e = F4(e) by `(y^2 + u * x + u)`

F16_e.<e> = F4.extension(y^2 + u*y + u, 'e')
F16_e

Univariate Quotient Polynomial Ring in e over Finite Field in u of size 2^2 with modulus e^2 + u*e + u

In [48]:
# Check if the following map is isomorphic:
#
#   f:  F16_e   --> F16_b
#   f:      e  |--> b

is_isomorphic(e, b)

True

In [49]:
# In the partition table of F16_b, [b, b^2, b^3 + 1, b^3 + b^2 + b]
#  the 1st and 3rd elements are roots of (y^2 + u * x + u),
# What about 2nd and 4th elements, (b^2, (b^2)^4=b^3 + b^2 + b)

(x + b^2) * (x + (b^2)^4)

# Output:
#   x^2 + (b^3 + b)*x + b^3 + b
#
# (b^3 + b) has an alternative name, (u+1).
#   and is one root of (y^2 + (u+1)*y + (u+1))

x^2 + (b^3 + b)*x + b^3 + b

In [50]:
# Check if `(y^2 + (u+1)*y + (u+1))` is irreducible

(y^2 + (u+1)*y + (u+1)).factor()

# Output:
#   y^2 + (u + 1)*y + u + 1

y^2 + (u + 1)*y + u + 1