Trac #31686: Speed up factoring finite field multiplicative order

Initially asked at - [https://ask.sagemath.org/question/56710 Ask Sage question 56710: Computing the factored multiplicative order of an extension field tries to solve an unnecessarily hard factoring problem] There seems to be a unnecessary performance problem with constructing large extension fields: {{{#!python sage: p = Integer('0x24000000000024000130e0000d7f70e4a803ca76f439266f443f9a5' ....: 'cda8a6c7be4a7a5fe8fadffd6a2a7e8c30006b9459ffffcd300000001') sage: GF(p^2) }}} This hangs trying to factor the 891-bit integer p^2^ - 1, which is longer than the longest solved RSA Challenge number. (As it happens, the hard part of this factorization is a 675-bit integer which is still impractical.) It is not unreasonable that constructing the extension field requires knowing the factorization of the multiplicative order. (You can get around this by constructing it with a specific modulus, but then many operations, e.g. taking roots, require this factorization anyway.) However, we know that p^2^ - 1 splits as (p-1)(p+1), and factoring those may be much more feasible: {{{#!python sage: factor(p - 1) 2^32 * 3^4 * 17 * 67 * 293 * 349 * 1997 * 19556633 * 44179799701097 * 1461985442088199434216480729118540833655826472878315075486478169293801 719414121837587283877 sage: factor(p + 1) 2 * 313 * 751 * 2003 * 2671 * 738231097 * 5504769645733556158018036486137846684061426030350742600986660629322596 3076275651294902969015038913167956483928299 }}} (this takes less than a second on my desktop). In general, computing the multiplicative order of an extension field should take advantage of the factorization of p^k^ - 1 as a polynomial. There might also be other cases where we know the factorization by construction, and should be able to provide it. URL: https://trac.sagemath.org/31686 Reported by: gh-daira Ticket author(s): Daira Hopwood, Samuel Lelièvre Reviewer(s): Vincent Delecroix
sagemath · Jun 6, 2021 · e30645c · e30645c
2 parents 490c3dd + 8704bb9
commit e30645c
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/src/sage/rings/finite_rings/finite_field_base.pyx b/src/sage/rings/finite_rings/finite_field_base.pyx
@@ -873,8 +873,25 @@ cdef class FiniteField(Field):
 
             sage: GF(7^2,'a').factored_unit_order()
             (2^4 * 3,)
+
+        TESTS:
+
+        Check that :trac:`31686` is fixed::
+
+            sage: p = 1100585370631
+            sage: F = GF(p^24, 'a')
+            sage: F.factored_unit_order()
+            (2^6 * 3^2 * 5 * 7 * 11 * 13 * 17 * 53 * 97 * 229 * 337 * 421
+             * 3929 * 215417 * 249737 * 262519 * 397897 * 59825761 * 692192057
+             * 12506651939 * 37553789761 * 46950147799 * 172462808473 * 434045140817
+             * 81866093016401 * 617237859576697 * 659156729361017707
+             * 268083135725348991493995910983015600019336657
+             * 90433843562394341719266736354746485652016132372842876085423636587989263202299569913,)
         """
-        F = (self.order() - 1).factor()
+        from sage.structure.factorization import Factorization
+        from sage.rings.polynomial.cyclotomic import cyclotomic_value as cv
+        p, d = self.characteristic(), self.degree()
+        F = Factorization(f for n in d.divisors() for f in cv(n, p).factor())
         return (F,)
 
     def cardinality(self):