# Wiedemann Tower: Recursive Construction

## References

- [1] Wiedemann, Doug. "An iterated quadratic extension of GF (2)." Fibonacci Quart 26.4 (1988): 290-295.

In [2]:
F2 = GF(2)
F2

# Define the polynomial ring F2[X]

F2_PolyR.<X0> = F2[]; F2_PolyR

Univariate Polynomial Ring in X0 over Finite Field of size 2 (using GF2X)

In [3]:
# Define F4: the degree-2 extension over F2

F4.<a> = F2.extension(X0^2 + X0 + 1, 'a'); F4

Finite Field in a of size 2^2

In [4]:
# Define the polynomial ring F4[X]

F4_PolyR.<X1> = F4[]; F4_PolyR

Univariate Polynomial Ring in X1 over Finite Field in a of size 2^2

In [5]:
# Define F16: the degree-2 extension over F4

F16.<b> = F4.extension(X1^2 + a * X1 + 1, 'b'); F16

Univariate Quotient Polynomial Ring in b over Finite Field in a of size 2^2 with modulus b^2 + a*b + 1

In [6]:
# Define F16[X]

F16_PolyR.<X2> = F16[]

In [7]:
# Define F256: the degree-2 extension over F16

F256.<c> = F16.extension(X2^2 + b * X2 + 1, 'c'); F256

Univariate Quotient Polynomial Ring in c over Univariate Quotient Polynomial Ring in b over Finite Field in a of size 2^2 with modulus b^2 + a*b + 1 with modulus c^2 + b*c + 1

In [8]:
# Define F256[X]

F256_PolyR.<X3> = F256[]; F256_PolyR

Univariate Polynomial Ring in X3 over Univariate Quotient Polynomial Ring in c over Univariate Quotient Polynomial Ring in b over Finite Field in a of size 2^2 with modulus b^2 + a*b + 1 with modulus c^2 + b*c + 1

In [9]:
# Define F65536: the degree-2 extension over F256

F65536.<d> = F256.extension(X3^2 + c * X3 + 1, 'd'); F65536

Univariate Quotient Polynomial Ring in d over Univariate Quotient Polynomial Ring in c over Univariate Quotient Polynomial Ring in b over Finite Field in a of size 2^2 with modulus b^2 + a*b + 1 with modulus c^2 + b*c + 1 with modulus d^2 + c*d + 1

In [10]:
# def intFromF4(t):
#     if t == 0:
#         return '00'
#     elif t == 1:
#         return '01'
#     elif t == a:
#         return '10'
#     else: 
#         return '11'

# def intFromF16(t):
#     t0=t.list()[0]
#     t1=t.list()[1]
#     return intFromF4(t1)+":"+intFromF4(t0)

def log(s, t):
    for i in range(1,16):
        if t^i == s:
            return i

def conjugates(t):
    r = []
    for i in [1,2,4,8,16,32,64,128,256]:
        t2 = t^i
        if t2 in r:
            continue
        r.append(t^i)
    return r

def ord(t):
    card = t.parent().order()
    
    for i in range(1,card):
        if t**i == 1:
            return i
    return "False"
    
def logtable(prim_elem):
    for i in range(1, 16):  # Iterate from 0 to p-1
        elem = prim_elem**i
        print("{:3},ord={:3} t={}".format(i, ord(elem), elem))

In [11]:
logtable(b+1)

  1,ord= 15 t=b + 1
  2,ord= 15 t=a*b
  3,ord=  5 t=b + a
  4,ord= 15 t=b + a + 1
  5,ord=  3 t=a
  6,ord=  5 t=a*b + a
  7,ord= 15 t=(a + 1)*b
  8,ord= 15 t=a*b + a + 1
  9,ord=  5 t=a*b + 1
 10,ord=  3 t=a + 1
 11,ord= 15 t=(a + 1)*b + a + 1
 12,ord=  5 t=b
 13,ord= 15 t=(a + 1)*b + 1
 14,ord= 15 t=(a + 1)*b + a
 15,ord=  1 t=1


In [12]:
# Vitalik's Puzzle

# 2 + 2 = 0

(a + 1) + (a + 1) == 0

True

In [13]:
# Vitalik's Puzzle
# Basis is [1, a, b, a * b]

# 2 * 6 ?= 11
#
#
# 2 = (0010), |--> < (0, 0, 1, 0), (`a*b`, `b`, `a`, `1`) > = (a)
# 6 = (0110), |--> < (0, 1, 1, 0), (`a*b`, `b`, `a`, `1`) > = (a + b)
# 11= (1011), |--> < (1, 0, 1, 1), (`a*b`, `b`, `a`, `1`) > = a*b + a + 1
#

(a) * (a + b) == (a*b + a + 1)

True

In [14]:
# Vitalik's Puzzle
#
# Basis is [1, a, b, a * b]

# 3 / 5 ?= 9  ===> 5 * 9 ?= 3
#
#
# 5 = (0101), |--> < (0, 1, 0, 1), (`a*b`, `b`, `a`, `1`) > = (b + 1)
# 9 = (1001), |--> < (1, 0, 0, 1), (`a*b`, `b`, `a`, `1`) > = (a*b + 1)
# 3 = (0011), |--> < (0, 0, 1, 1), (`a*b`, `b`, `a`, `1`) > = (a + 1)
#

(a*b + 1) * (b + 1) == (a + 1)

True

In [15]:
# Vitalik's Puzzle
#
# Basis is [1, a, b, a * b]

# 3^2 + 8^2 ?= 11^2
#
# 3 = (0011), |--> < (0, 0, 1, 1), (`a*b`, `b`, `a`, `1`) > = (a + 1)
# 8 = (1000), |--> < (1, 0, 0, 0), (`a*b`, `b`, `a`, `1`) > = (a*b)
# 11= (1011), |--> < (1, 0, 1, 1), (`a*b`, `b`, `a`, `1`) > = a*b + a + 1


(a + 1)^2 + (a * b)^2 == (a*b + a + 1)^2

True

In [16]:
# Fun Fact: The relations between (a, b, c, d)
#
#   x_{i+1} + x_{i+1}^{-1} == x_i
#

a + 1/a == 1, b + 1/b == a, c + 1/c == b, d + 1/d == c

(True, True, True, True)

In [17]:
# Check the orders of the roots
#

ord(a), ord(b), ord(c), ord(d)

# Output:
#   (3, 5, 17, 257)
# 
# Clearly, `b` is in order 5, not a primitive element of F16
# Neither `c` nor `d` is primitive in F256 or F65536

(3, 5, 17, 257)

In [18]:
# `3, 5, 17, 257` are so called Fermat Numbers FN0, FN1, FN2, FN3, 
#
#        FNk = 2^{2^k} + 1
#
# Fact: FN0, FN1, FN2, FN3, FN4 are prime 
#   However, FN5 is composite, FN5 = 2^{32} + 1 = 4,294,967,297 = 641 * 6,700,417
#   (see more: https://en.wikipedia.org/wiki/Fermat_number)

In [19]:
# Unproven Fact: a primitive element of F_{2^{2^{n+1}}} is `x0 * x1 * ... * xn`
#
#  F4   : x0              = `a`
#  F16  : x1 * x0         = `b * a`
#  F256 : x2 * x1 * x0    = `c * b * a`

ord(a) == (2^(2^1) - 1), ord(b*a) == (2^4 - 1), ord(c*b*a) == (2^8 - 1)

(True, True, True)

In [20]:
# How to compute the minimal polynomial of `xi` over F2? 
#
#    f0(a) = 0,  f0 = X0^2 + X0 + 1 is the minimal polynomial of `a` over F2

f0 = X0^2 + X0 + 1 
f0.subs(X0=a)

0

In [21]:
#   f1(b) = 0  ==> f1 = X1^2 + a * X1 + 1 is the minimal polynomial of `b` over F4
#   f0(a) = f0(b + 1/b) = 0
#
# Therefore, 
#
#     b^2 + b^(-2) + b + b^(-1) + 1 = 0
# 
# Multiply (b^2) to the both sides:
#
#     b^4 + 1 + b^3 + b + b^2 = 0
#
f1 = X0^4 + X0^3 + X0^2 + X0 + 1; f1.subs(X0 = b) == 0

True

In [22]:
# The alternative way: compute the minimal polynomial of `b` from conjugates

conjugates(b)

[b, a*b + 1, b + a, a*b + a]

In [23]:
# The result will be (X - b) * (X - (a*b +1)) * (X - (b+a)) * (X - (a*b + a))
# All terms in F16\F2 will be canceled out, and the coefficients of the polynomial are all in F2
#
Mb = ((X2 - b) * (X2 - a*b - 1) * (X2 - b - a) * (X2 - a*b -a)).change_variable_name(var('X')); Mb

# Output: 
#   X^4 + X^3 + X^2 + X + 1

X^4 + X^3 + X^2 + X + 1

In [24]:
# An iterated alg to compute the minimal polynomial of 'xi' over F2 
#
#  A0 = 1 + X^2,  B0 = X
#  A{k+1} = Ak^2 + Bk^2,  B{k+1} = An*Bn
#  
#  minimal_poly(xn) = An + Bn
#

def minimal_poly_iter(i):
    A = 1 + X0^2
    B = X0
    for i in range(0,i-1):
        Ak = A^2 + B^2
        Bk = A * B
        A  = Ak
        B  = Bk
    return (A + B).change_variable_name(var('X'))


In [25]:
# Compute minimal_poly(b)

minimal_poly_iter(2) == Mb

True

In [26]:
# Compute minimal_poly(c)

Mc = minimal_poly_iter(3); Mc

X^8 + X^7 + X^6 + X^4 + X^2 + X + 1

In [27]:
Mc.subs(X=c) == 0

True

In [28]:
# Double check Mc: the minimal polynomial of `c` over F2

conjugates(c)

[c,
 b*c + 1,
 (a*b + a)*c + a*b,
 (a*b + 1)*c + a + 1,
 c + b,
 b*c + a*b,
 (a*b + a)*c + (a + 1)*b + a,
 (a*b + 1)*c + a*b + 1]

In [29]:
Mc_alt = F256.one()
for t in conjugates(c): Mc_alt = Mc_alt * (X3 + t)
Mc_alt = Mc_alt.change_variable_name(var('X'))

In [30]:
Mc_alt == Mc

True

## TODO: trace and basis