The Great Trinomial Hunt an Update
Richard P BrentMSI ANU and
CARMA Newcastle
joint work withPaul Zimmermann
INRIA Nancy
8 April 2016
Richard Brent Paul Zimmermann
Introduction
In 2011 we1 published The Great Trinomial Hunt In this talk Iwill bring you up to date with recent results of the ldquohuntrdquoQuestions about the integers often suggest analogous (but inmany cases easier) questions about polynomials over finitefieldsFor example the unique prime factorisation theorem for positiveintegers corresponds to unique factorisation of polynomials intoirreducible polynomials (modulo multiplication by units)There is a polynomial-time factorisation algorithm forpolynomials over finite fields but no such polynomial-timefactorisation algorithm is known for the integers
1Brent amp Zimmermann Notices of the AMS 58 (2011) 233ndash239Richard Brent Introduction
Polynomials over finite fields
We consider univariate polynomials P(x) over a finite field F The algorithms apply with minor changes for any smallpositive characteristic but in this talk we assume that thecharacteristic is 2 and F = Z2Z = GF(2)
P(x) is irreducible if it has no nontrivial factors If P(x) isirreducible of degree r then [Gauss]
x2r= x mod P(x)
Thus P(x) divides the polynomial Pr (x) = x2r minus x In factPr (x) is the product of all irreducible polynomials of degree d where d runs over the divisors of r
Richard Brent Introduction
Counting irreducible polynomialsLet N(d) be the number of irreducible polynomials of degree d Thus sum
d |r
dN(d) = deg(Pr ) = 2r
By Moumlbius inversion we see that
rN(r) =sumd |r
micro(d)2rd
Thus the number of irreducible polynomials of degree r is
N(r) =2r
r+ O
(2r2
r
)
Since there are 2r polynomials of degree r the probability thata randomly selected polynomial is irreducible is sim 1r rarr 0 asr rarr +infin Almost all polynomials over (fixed) finite fields arereducible (unlike polynomials over the integers)
Richard Brent Counting irreducible polynomials
Analogy
Irreducible polynomials are analogous to primesPolynomials of degree r are analogous to integers of r digitsBy the prime number theorem the number of r -digit primes inbase 2 is about int 2r
2rminus1
dtln t
The Riemann Hypothesis implies an error term O(r2r2) asr rarr +infin [von Koch]On the other hand we saw on the previous slide aneasily-proved error term O(rminus12r2) in the polynomial case
Richard Brent Counting primes and irreducible polynomials
Representing finite fields and primitive polynomials
Irreducible polynomials over finite fields are useful in severalapplications As one example observe that if P(x) is anirreducible polynomial of degree r over GF(2) then
GF(2)[x ]P(x) sim= GF(2r )
In other words the ring of polynomials mod P(x) gives arepresentation of the finite field with 2r elementsIf in addition x is a generator of the multiplicative group that isif every nonzero element of GF(2)[x ]P(x) can be representedas a power of x then P(x) is said to be primitiveWarning there are several different meanings of ldquoprimitiverdquo inthe literature In the context of polynomials over GF(2) thismeaning seems to be standard
Richard Brent Primitive polynomials
Primitive polynomials and shift registers
Primitive polynomials can be used to obtain linear feedbackshift registers (LFSRs) with maximal period 2r minus 1 where r isthe degree of the polynomial These have applications tostream ciphers and pseudo-random number generators
Testing primitivity can be difficult because we need to know theprime factorisation of 2r minus 1 Of course this is trivial if 2r minus 1 isprime (a Mersenne prime)
The number of primitive polynomials of degree r over GF(2) is
φ(2r minus 1)
rle N(r) le 2r minus 2
r
with equality when 2r minus 1 is prime
Richard Brent Shift registers
Sparsity
In applications we usually want P(x) to be sparse that is tohave only a small number of nonzero coefficients for reasonsof efficiency The binomial case is usually trivial so in mostcases we want P(x) to be a trinomial
x r + xs + 1 r gt s gt 0
In stating computational results we always assume thats le r2 since for any trinomial T (x) = x r + xs + 1 there is aldquoreciprocalrdquo trinomial x r T (1x) = x r + x rminuss + 1 with the samereducibilityprimitivity properties as T (x)
Richard Brent Trinomials
Mersenne primes
A Mersenne prime is a prime of the form 2n minus 1 for example37311278191
There are conjectured to be infinitely many Mersenne primesand the number for n le N is conjectured to be of order log N
The GIMPS project is searching systematically for Mersenneprimes So far 49 Mersenne primes are known the largestbeing
274207281 minus 1
If 2n minus 1 is prime we say that n is a Mersenne exponent AMersenne exponent is necessarily prime but not conversely(eg 211 minus 1 = 23times 89 so 11 is not a Mersenne exponent)
Richard Brent Mersenne primes and exponents
Trinomials whose degree is a Mersenne exponent
In the following we consider mainly trinomials
T (x) = x r + xs + 1
where r gt s gt 0 and r is a Mersenne exponent (so 2r minus 1 isprime) If T (x) is irreducible it is necessarily primitivePrimitive trinomials are analogous to primes of a special formVarious properties can be conjectured using probabilisticmodels but nontrivial properties that can currently be provedare rareA useful and nontrivial result on trinomials is Swanrsquos theoremHistorical note Swan (1962) rediscovered results ofPellet (1878) and Stickelberger (1897) so the name of thetheorem depends on your nationality
Richard Brent Trinomials of special degree Swanrsquos theorem
Theorem 1 [Swan]
Let r gt s gt 0 and assume r + s is odd ThenTr s(x) = x r + xs + 1 has an even number of irreducible factorsover GF(2) in the following casesa) r even r 6= 2s rs2 = 0 or 1 mod 4b) r odd s not a divisor of 2r r = plusmn3 mod 8c) r odd s a divisor of 2r r = plusmn1 mod 8In all other cases x r + xs + 1 has an odd number of irreduciblefactors
RemarkIf both r and s are even then Tr s is a square If both r and sare odd we can apply the theorem to Tr rminuss Thus Theorem 1tells us the parity of the number of irreducible factors of anytrinomial over GF(2)
Richard Brent Swanrsquos theorem
Application of Swanrsquos theorem
For r an odd prime and excluding the easily-checked casess = 2 or r minus 2 case (b) of Swanrsquos theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8Thus we only need to consider those Mersenne exponents rwith r = plusmn1 mod 8Of the 48 known Mersenne exponents other than 2 there are29 with r = plusmn1 mod 8 and 19 with r = plusmn3 mod 8
Richard Brent Swanrsquos theorem
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Introduction
In 2011 we1 published The Great Trinomial Hunt In this talk Iwill bring you up to date with recent results of the ldquohuntrdquoQuestions about the integers often suggest analogous (but inmany cases easier) questions about polynomials over finitefieldsFor example the unique prime factorisation theorem for positiveintegers corresponds to unique factorisation of polynomials intoirreducible polynomials (modulo multiplication by units)There is a polynomial-time factorisation algorithm forpolynomials over finite fields but no such polynomial-timefactorisation algorithm is known for the integers
1Brent amp Zimmermann Notices of the AMS 58 (2011) 233ndash239Richard Brent Introduction
Polynomials over finite fields
We consider univariate polynomials P(x) over a finite field F The algorithms apply with minor changes for any smallpositive characteristic but in this talk we assume that thecharacteristic is 2 and F = Z2Z = GF(2)
P(x) is irreducible if it has no nontrivial factors If P(x) isirreducible of degree r then [Gauss]
x2r= x mod P(x)
Thus P(x) divides the polynomial Pr (x) = x2r minus x In factPr (x) is the product of all irreducible polynomials of degree d where d runs over the divisors of r
Richard Brent Introduction
Counting irreducible polynomialsLet N(d) be the number of irreducible polynomials of degree d Thus sum
d |r
dN(d) = deg(Pr ) = 2r
By Moumlbius inversion we see that
rN(r) =sumd |r
micro(d)2rd
Thus the number of irreducible polynomials of degree r is
N(r) =2r
r+ O
(2r2
r
)
Since there are 2r polynomials of degree r the probability thata randomly selected polynomial is irreducible is sim 1r rarr 0 asr rarr +infin Almost all polynomials over (fixed) finite fields arereducible (unlike polynomials over the integers)
Richard Brent Counting irreducible polynomials
Analogy
Irreducible polynomials are analogous to primesPolynomials of degree r are analogous to integers of r digitsBy the prime number theorem the number of r -digit primes inbase 2 is about int 2r
2rminus1
dtln t
The Riemann Hypothesis implies an error term O(r2r2) asr rarr +infin [von Koch]On the other hand we saw on the previous slide aneasily-proved error term O(rminus12r2) in the polynomial case
Richard Brent Counting primes and irreducible polynomials
Representing finite fields and primitive polynomials
Irreducible polynomials over finite fields are useful in severalapplications As one example observe that if P(x) is anirreducible polynomial of degree r over GF(2) then
GF(2)[x ]P(x) sim= GF(2r )
In other words the ring of polynomials mod P(x) gives arepresentation of the finite field with 2r elementsIf in addition x is a generator of the multiplicative group that isif every nonzero element of GF(2)[x ]P(x) can be representedas a power of x then P(x) is said to be primitiveWarning there are several different meanings of ldquoprimitiverdquo inthe literature In the context of polynomials over GF(2) thismeaning seems to be standard
Richard Brent Primitive polynomials
Primitive polynomials and shift registers
Primitive polynomials can be used to obtain linear feedbackshift registers (LFSRs) with maximal period 2r minus 1 where r isthe degree of the polynomial These have applications tostream ciphers and pseudo-random number generators
Testing primitivity can be difficult because we need to know theprime factorisation of 2r minus 1 Of course this is trivial if 2r minus 1 isprime (a Mersenne prime)
The number of primitive polynomials of degree r over GF(2) is
φ(2r minus 1)
rle N(r) le 2r minus 2
r
with equality when 2r minus 1 is prime
Richard Brent Shift registers
Sparsity
In applications we usually want P(x) to be sparse that is tohave only a small number of nonzero coefficients for reasonsof efficiency The binomial case is usually trivial so in mostcases we want P(x) to be a trinomial
x r + xs + 1 r gt s gt 0
In stating computational results we always assume thats le r2 since for any trinomial T (x) = x r + xs + 1 there is aldquoreciprocalrdquo trinomial x r T (1x) = x r + x rminuss + 1 with the samereducibilityprimitivity properties as T (x)
Richard Brent Trinomials
Mersenne primes
A Mersenne prime is a prime of the form 2n minus 1 for example37311278191
There are conjectured to be infinitely many Mersenne primesand the number for n le N is conjectured to be of order log N
The GIMPS project is searching systematically for Mersenneprimes So far 49 Mersenne primes are known the largestbeing
274207281 minus 1
If 2n minus 1 is prime we say that n is a Mersenne exponent AMersenne exponent is necessarily prime but not conversely(eg 211 minus 1 = 23times 89 so 11 is not a Mersenne exponent)
Richard Brent Mersenne primes and exponents
Trinomials whose degree is a Mersenne exponent
In the following we consider mainly trinomials
T (x) = x r + xs + 1
where r gt s gt 0 and r is a Mersenne exponent (so 2r minus 1 isprime) If T (x) is irreducible it is necessarily primitivePrimitive trinomials are analogous to primes of a special formVarious properties can be conjectured using probabilisticmodels but nontrivial properties that can currently be provedare rareA useful and nontrivial result on trinomials is Swanrsquos theoremHistorical note Swan (1962) rediscovered results ofPellet (1878) and Stickelberger (1897) so the name of thetheorem depends on your nationality
Richard Brent Trinomials of special degree Swanrsquos theorem
Theorem 1 [Swan]
Let r gt s gt 0 and assume r + s is odd ThenTr s(x) = x r + xs + 1 has an even number of irreducible factorsover GF(2) in the following casesa) r even r 6= 2s rs2 = 0 or 1 mod 4b) r odd s not a divisor of 2r r = plusmn3 mod 8c) r odd s a divisor of 2r r = plusmn1 mod 8In all other cases x r + xs + 1 has an odd number of irreduciblefactors
RemarkIf both r and s are even then Tr s is a square If both r and sare odd we can apply the theorem to Tr rminuss Thus Theorem 1tells us the parity of the number of irreducible factors of anytrinomial over GF(2)
Richard Brent Swanrsquos theorem
Application of Swanrsquos theorem
For r an odd prime and excluding the easily-checked casess = 2 or r minus 2 case (b) of Swanrsquos theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8Thus we only need to consider those Mersenne exponents rwith r = plusmn1 mod 8Of the 48 known Mersenne exponents other than 2 there are29 with r = plusmn1 mod 8 and 19 with r = plusmn3 mod 8
Richard Brent Swanrsquos theorem
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Polynomials over finite fields
We consider univariate polynomials P(x) over a finite field F The algorithms apply with minor changes for any smallpositive characteristic but in this talk we assume that thecharacteristic is 2 and F = Z2Z = GF(2)
P(x) is irreducible if it has no nontrivial factors If P(x) isirreducible of degree r then [Gauss]
x2r= x mod P(x)
Thus P(x) divides the polynomial Pr (x) = x2r minus x In factPr (x) is the product of all irreducible polynomials of degree d where d runs over the divisors of r
Richard Brent Introduction
Counting irreducible polynomialsLet N(d) be the number of irreducible polynomials of degree d Thus sum
d |r
dN(d) = deg(Pr ) = 2r
By Moumlbius inversion we see that
rN(r) =sumd |r
micro(d)2rd
Thus the number of irreducible polynomials of degree r is
N(r) =2r
r+ O
(2r2
r
)
Since there are 2r polynomials of degree r the probability thata randomly selected polynomial is irreducible is sim 1r rarr 0 asr rarr +infin Almost all polynomials over (fixed) finite fields arereducible (unlike polynomials over the integers)
Richard Brent Counting irreducible polynomials
Analogy
Irreducible polynomials are analogous to primesPolynomials of degree r are analogous to integers of r digitsBy the prime number theorem the number of r -digit primes inbase 2 is about int 2r
2rminus1
dtln t
The Riemann Hypothesis implies an error term O(r2r2) asr rarr +infin [von Koch]On the other hand we saw on the previous slide aneasily-proved error term O(rminus12r2) in the polynomial case
Richard Brent Counting primes and irreducible polynomials
Representing finite fields and primitive polynomials
Irreducible polynomials over finite fields are useful in severalapplications As one example observe that if P(x) is anirreducible polynomial of degree r over GF(2) then
GF(2)[x ]P(x) sim= GF(2r )
In other words the ring of polynomials mod P(x) gives arepresentation of the finite field with 2r elementsIf in addition x is a generator of the multiplicative group that isif every nonzero element of GF(2)[x ]P(x) can be representedas a power of x then P(x) is said to be primitiveWarning there are several different meanings of ldquoprimitiverdquo inthe literature In the context of polynomials over GF(2) thismeaning seems to be standard
Richard Brent Primitive polynomials
Primitive polynomials and shift registers
Primitive polynomials can be used to obtain linear feedbackshift registers (LFSRs) with maximal period 2r minus 1 where r isthe degree of the polynomial These have applications tostream ciphers and pseudo-random number generators
Testing primitivity can be difficult because we need to know theprime factorisation of 2r minus 1 Of course this is trivial if 2r minus 1 isprime (a Mersenne prime)
The number of primitive polynomials of degree r over GF(2) is
φ(2r minus 1)
rle N(r) le 2r minus 2
r
with equality when 2r minus 1 is prime
Richard Brent Shift registers
Sparsity
In applications we usually want P(x) to be sparse that is tohave only a small number of nonzero coefficients for reasonsof efficiency The binomial case is usually trivial so in mostcases we want P(x) to be a trinomial
x r + xs + 1 r gt s gt 0
In stating computational results we always assume thats le r2 since for any trinomial T (x) = x r + xs + 1 there is aldquoreciprocalrdquo trinomial x r T (1x) = x r + x rminuss + 1 with the samereducibilityprimitivity properties as T (x)
Richard Brent Trinomials
Mersenne primes
A Mersenne prime is a prime of the form 2n minus 1 for example37311278191
There are conjectured to be infinitely many Mersenne primesand the number for n le N is conjectured to be of order log N
The GIMPS project is searching systematically for Mersenneprimes So far 49 Mersenne primes are known the largestbeing
274207281 minus 1
If 2n minus 1 is prime we say that n is a Mersenne exponent AMersenne exponent is necessarily prime but not conversely(eg 211 minus 1 = 23times 89 so 11 is not a Mersenne exponent)
Richard Brent Mersenne primes and exponents
Trinomials whose degree is a Mersenne exponent
In the following we consider mainly trinomials
T (x) = x r + xs + 1
where r gt s gt 0 and r is a Mersenne exponent (so 2r minus 1 isprime) If T (x) is irreducible it is necessarily primitivePrimitive trinomials are analogous to primes of a special formVarious properties can be conjectured using probabilisticmodels but nontrivial properties that can currently be provedare rareA useful and nontrivial result on trinomials is Swanrsquos theoremHistorical note Swan (1962) rediscovered results ofPellet (1878) and Stickelberger (1897) so the name of thetheorem depends on your nationality
Richard Brent Trinomials of special degree Swanrsquos theorem
Theorem 1 [Swan]
Let r gt s gt 0 and assume r + s is odd ThenTr s(x) = x r + xs + 1 has an even number of irreducible factorsover GF(2) in the following casesa) r even r 6= 2s rs2 = 0 or 1 mod 4b) r odd s not a divisor of 2r r = plusmn3 mod 8c) r odd s a divisor of 2r r = plusmn1 mod 8In all other cases x r + xs + 1 has an odd number of irreduciblefactors
RemarkIf both r and s are even then Tr s is a square If both r and sare odd we can apply the theorem to Tr rminuss Thus Theorem 1tells us the parity of the number of irreducible factors of anytrinomial over GF(2)
Richard Brent Swanrsquos theorem
Application of Swanrsquos theorem
For r an odd prime and excluding the easily-checked casess = 2 or r minus 2 case (b) of Swanrsquos theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8Thus we only need to consider those Mersenne exponents rwith r = plusmn1 mod 8Of the 48 known Mersenne exponents other than 2 there are29 with r = plusmn1 mod 8 and 19 with r = plusmn3 mod 8
Richard Brent Swanrsquos theorem
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Counting irreducible polynomialsLet N(d) be the number of irreducible polynomials of degree d Thus sum
d |r
dN(d) = deg(Pr ) = 2r
By Moumlbius inversion we see that
rN(r) =sumd |r
micro(d)2rd
Thus the number of irreducible polynomials of degree r is
N(r) =2r
r+ O
(2r2
r
)
Since there are 2r polynomials of degree r the probability thata randomly selected polynomial is irreducible is sim 1r rarr 0 asr rarr +infin Almost all polynomials over (fixed) finite fields arereducible (unlike polynomials over the integers)
Richard Brent Counting irreducible polynomials
Analogy
Irreducible polynomials are analogous to primesPolynomials of degree r are analogous to integers of r digitsBy the prime number theorem the number of r -digit primes inbase 2 is about int 2r
2rminus1
dtln t
The Riemann Hypothesis implies an error term O(r2r2) asr rarr +infin [von Koch]On the other hand we saw on the previous slide aneasily-proved error term O(rminus12r2) in the polynomial case
Richard Brent Counting primes and irreducible polynomials
Representing finite fields and primitive polynomials
Irreducible polynomials over finite fields are useful in severalapplications As one example observe that if P(x) is anirreducible polynomial of degree r over GF(2) then
GF(2)[x ]P(x) sim= GF(2r )
In other words the ring of polynomials mod P(x) gives arepresentation of the finite field with 2r elementsIf in addition x is a generator of the multiplicative group that isif every nonzero element of GF(2)[x ]P(x) can be representedas a power of x then P(x) is said to be primitiveWarning there are several different meanings of ldquoprimitiverdquo inthe literature In the context of polynomials over GF(2) thismeaning seems to be standard
Richard Brent Primitive polynomials
Primitive polynomials and shift registers
Primitive polynomials can be used to obtain linear feedbackshift registers (LFSRs) with maximal period 2r minus 1 where r isthe degree of the polynomial These have applications tostream ciphers and pseudo-random number generators
Testing primitivity can be difficult because we need to know theprime factorisation of 2r minus 1 Of course this is trivial if 2r minus 1 isprime (a Mersenne prime)
The number of primitive polynomials of degree r over GF(2) is
φ(2r minus 1)
rle N(r) le 2r minus 2
r
with equality when 2r minus 1 is prime
Richard Brent Shift registers
Sparsity
In applications we usually want P(x) to be sparse that is tohave only a small number of nonzero coefficients for reasonsof efficiency The binomial case is usually trivial so in mostcases we want P(x) to be a trinomial
x r + xs + 1 r gt s gt 0
In stating computational results we always assume thats le r2 since for any trinomial T (x) = x r + xs + 1 there is aldquoreciprocalrdquo trinomial x r T (1x) = x r + x rminuss + 1 with the samereducibilityprimitivity properties as T (x)
Richard Brent Trinomials
Mersenne primes
A Mersenne prime is a prime of the form 2n minus 1 for example37311278191
There are conjectured to be infinitely many Mersenne primesand the number for n le N is conjectured to be of order log N
The GIMPS project is searching systematically for Mersenneprimes So far 49 Mersenne primes are known the largestbeing
274207281 minus 1
If 2n minus 1 is prime we say that n is a Mersenne exponent AMersenne exponent is necessarily prime but not conversely(eg 211 minus 1 = 23times 89 so 11 is not a Mersenne exponent)
Richard Brent Mersenne primes and exponents
Trinomials whose degree is a Mersenne exponent
In the following we consider mainly trinomials
T (x) = x r + xs + 1
where r gt s gt 0 and r is a Mersenne exponent (so 2r minus 1 isprime) If T (x) is irreducible it is necessarily primitivePrimitive trinomials are analogous to primes of a special formVarious properties can be conjectured using probabilisticmodels but nontrivial properties that can currently be provedare rareA useful and nontrivial result on trinomials is Swanrsquos theoremHistorical note Swan (1962) rediscovered results ofPellet (1878) and Stickelberger (1897) so the name of thetheorem depends on your nationality
Richard Brent Trinomials of special degree Swanrsquos theorem
Theorem 1 [Swan]
Let r gt s gt 0 and assume r + s is odd ThenTr s(x) = x r + xs + 1 has an even number of irreducible factorsover GF(2) in the following casesa) r even r 6= 2s rs2 = 0 or 1 mod 4b) r odd s not a divisor of 2r r = plusmn3 mod 8c) r odd s a divisor of 2r r = plusmn1 mod 8In all other cases x r + xs + 1 has an odd number of irreduciblefactors
RemarkIf both r and s are even then Tr s is a square If both r and sare odd we can apply the theorem to Tr rminuss Thus Theorem 1tells us the parity of the number of irreducible factors of anytrinomial over GF(2)
Richard Brent Swanrsquos theorem
Application of Swanrsquos theorem
For r an odd prime and excluding the easily-checked casess = 2 or r minus 2 case (b) of Swanrsquos theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8Thus we only need to consider those Mersenne exponents rwith r = plusmn1 mod 8Of the 48 known Mersenne exponents other than 2 there are29 with r = plusmn1 mod 8 and 19 with r = plusmn3 mod 8
Richard Brent Swanrsquos theorem
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Analogy
Irreducible polynomials are analogous to primesPolynomials of degree r are analogous to integers of r digitsBy the prime number theorem the number of r -digit primes inbase 2 is about int 2r
2rminus1
dtln t
The Riemann Hypothesis implies an error term O(r2r2) asr rarr +infin [von Koch]On the other hand we saw on the previous slide aneasily-proved error term O(rminus12r2) in the polynomial case
Richard Brent Counting primes and irreducible polynomials
Representing finite fields and primitive polynomials
Irreducible polynomials over finite fields are useful in severalapplications As one example observe that if P(x) is anirreducible polynomial of degree r over GF(2) then
GF(2)[x ]P(x) sim= GF(2r )
In other words the ring of polynomials mod P(x) gives arepresentation of the finite field with 2r elementsIf in addition x is a generator of the multiplicative group that isif every nonzero element of GF(2)[x ]P(x) can be representedas a power of x then P(x) is said to be primitiveWarning there are several different meanings of ldquoprimitiverdquo inthe literature In the context of polynomials over GF(2) thismeaning seems to be standard
Richard Brent Primitive polynomials
Primitive polynomials and shift registers
Primitive polynomials can be used to obtain linear feedbackshift registers (LFSRs) with maximal period 2r minus 1 where r isthe degree of the polynomial These have applications tostream ciphers and pseudo-random number generators
Testing primitivity can be difficult because we need to know theprime factorisation of 2r minus 1 Of course this is trivial if 2r minus 1 isprime (a Mersenne prime)
The number of primitive polynomials of degree r over GF(2) is
φ(2r minus 1)
rle N(r) le 2r minus 2
r
with equality when 2r minus 1 is prime
Richard Brent Shift registers
Sparsity
In applications we usually want P(x) to be sparse that is tohave only a small number of nonzero coefficients for reasonsof efficiency The binomial case is usually trivial so in mostcases we want P(x) to be a trinomial
x r + xs + 1 r gt s gt 0
In stating computational results we always assume thats le r2 since for any trinomial T (x) = x r + xs + 1 there is aldquoreciprocalrdquo trinomial x r T (1x) = x r + x rminuss + 1 with the samereducibilityprimitivity properties as T (x)
Richard Brent Trinomials
Mersenne primes
A Mersenne prime is a prime of the form 2n minus 1 for example37311278191
There are conjectured to be infinitely many Mersenne primesand the number for n le N is conjectured to be of order log N
The GIMPS project is searching systematically for Mersenneprimes So far 49 Mersenne primes are known the largestbeing
274207281 minus 1
If 2n minus 1 is prime we say that n is a Mersenne exponent AMersenne exponent is necessarily prime but not conversely(eg 211 minus 1 = 23times 89 so 11 is not a Mersenne exponent)
Richard Brent Mersenne primes and exponents
Trinomials whose degree is a Mersenne exponent
In the following we consider mainly trinomials
T (x) = x r + xs + 1
where r gt s gt 0 and r is a Mersenne exponent (so 2r minus 1 isprime) If T (x) is irreducible it is necessarily primitivePrimitive trinomials are analogous to primes of a special formVarious properties can be conjectured using probabilisticmodels but nontrivial properties that can currently be provedare rareA useful and nontrivial result on trinomials is Swanrsquos theoremHistorical note Swan (1962) rediscovered results ofPellet (1878) and Stickelberger (1897) so the name of thetheorem depends on your nationality
Richard Brent Trinomials of special degree Swanrsquos theorem
Theorem 1 [Swan]
Let r gt s gt 0 and assume r + s is odd ThenTr s(x) = x r + xs + 1 has an even number of irreducible factorsover GF(2) in the following casesa) r even r 6= 2s rs2 = 0 or 1 mod 4b) r odd s not a divisor of 2r r = plusmn3 mod 8c) r odd s a divisor of 2r r = plusmn1 mod 8In all other cases x r + xs + 1 has an odd number of irreduciblefactors
RemarkIf both r and s are even then Tr s is a square If both r and sare odd we can apply the theorem to Tr rminuss Thus Theorem 1tells us the parity of the number of irreducible factors of anytrinomial over GF(2)
Richard Brent Swanrsquos theorem
Application of Swanrsquos theorem
For r an odd prime and excluding the easily-checked casess = 2 or r minus 2 case (b) of Swanrsquos theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8Thus we only need to consider those Mersenne exponents rwith r = plusmn1 mod 8Of the 48 known Mersenne exponents other than 2 there are29 with r = plusmn1 mod 8 and 19 with r = plusmn3 mod 8
Richard Brent Swanrsquos theorem
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Representing finite fields and primitive polynomials
Irreducible polynomials over finite fields are useful in severalapplications As one example observe that if P(x) is anirreducible polynomial of degree r over GF(2) then
GF(2)[x ]P(x) sim= GF(2r )
In other words the ring of polynomials mod P(x) gives arepresentation of the finite field with 2r elementsIf in addition x is a generator of the multiplicative group that isif every nonzero element of GF(2)[x ]P(x) can be representedas a power of x then P(x) is said to be primitiveWarning there are several different meanings of ldquoprimitiverdquo inthe literature In the context of polynomials over GF(2) thismeaning seems to be standard
Richard Brent Primitive polynomials
Primitive polynomials and shift registers
Primitive polynomials can be used to obtain linear feedbackshift registers (LFSRs) with maximal period 2r minus 1 where r isthe degree of the polynomial These have applications tostream ciphers and pseudo-random number generators
Testing primitivity can be difficult because we need to know theprime factorisation of 2r minus 1 Of course this is trivial if 2r minus 1 isprime (a Mersenne prime)
The number of primitive polynomials of degree r over GF(2) is
φ(2r minus 1)
rle N(r) le 2r minus 2
r
with equality when 2r minus 1 is prime
Richard Brent Shift registers
Sparsity
In applications we usually want P(x) to be sparse that is tohave only a small number of nonzero coefficients for reasonsof efficiency The binomial case is usually trivial so in mostcases we want P(x) to be a trinomial
x r + xs + 1 r gt s gt 0
In stating computational results we always assume thats le r2 since for any trinomial T (x) = x r + xs + 1 there is aldquoreciprocalrdquo trinomial x r T (1x) = x r + x rminuss + 1 with the samereducibilityprimitivity properties as T (x)
Richard Brent Trinomials
Mersenne primes
A Mersenne prime is a prime of the form 2n minus 1 for example37311278191
There are conjectured to be infinitely many Mersenne primesand the number for n le N is conjectured to be of order log N
The GIMPS project is searching systematically for Mersenneprimes So far 49 Mersenne primes are known the largestbeing
274207281 minus 1
If 2n minus 1 is prime we say that n is a Mersenne exponent AMersenne exponent is necessarily prime but not conversely(eg 211 minus 1 = 23times 89 so 11 is not a Mersenne exponent)
Richard Brent Mersenne primes and exponents
Trinomials whose degree is a Mersenne exponent
In the following we consider mainly trinomials
T (x) = x r + xs + 1
where r gt s gt 0 and r is a Mersenne exponent (so 2r minus 1 isprime) If T (x) is irreducible it is necessarily primitivePrimitive trinomials are analogous to primes of a special formVarious properties can be conjectured using probabilisticmodels but nontrivial properties that can currently be provedare rareA useful and nontrivial result on trinomials is Swanrsquos theoremHistorical note Swan (1962) rediscovered results ofPellet (1878) and Stickelberger (1897) so the name of thetheorem depends on your nationality
Richard Brent Trinomials of special degree Swanrsquos theorem
Theorem 1 [Swan]
Let r gt s gt 0 and assume r + s is odd ThenTr s(x) = x r + xs + 1 has an even number of irreducible factorsover GF(2) in the following casesa) r even r 6= 2s rs2 = 0 or 1 mod 4b) r odd s not a divisor of 2r r = plusmn3 mod 8c) r odd s a divisor of 2r r = plusmn1 mod 8In all other cases x r + xs + 1 has an odd number of irreduciblefactors
RemarkIf both r and s are even then Tr s is a square If both r and sare odd we can apply the theorem to Tr rminuss Thus Theorem 1tells us the parity of the number of irreducible factors of anytrinomial over GF(2)
Richard Brent Swanrsquos theorem
Application of Swanrsquos theorem
For r an odd prime and excluding the easily-checked casess = 2 or r minus 2 case (b) of Swanrsquos theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8Thus we only need to consider those Mersenne exponents rwith r = plusmn1 mod 8Of the 48 known Mersenne exponents other than 2 there are29 with r = plusmn1 mod 8 and 19 with r = plusmn3 mod 8
Richard Brent Swanrsquos theorem
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Primitive polynomials and shift registers
Primitive polynomials can be used to obtain linear feedbackshift registers (LFSRs) with maximal period 2r minus 1 where r isthe degree of the polynomial These have applications tostream ciphers and pseudo-random number generators
Testing primitivity can be difficult because we need to know theprime factorisation of 2r minus 1 Of course this is trivial if 2r minus 1 isprime (a Mersenne prime)
The number of primitive polynomials of degree r over GF(2) is
φ(2r minus 1)
rle N(r) le 2r minus 2
r
with equality when 2r minus 1 is prime
Richard Brent Shift registers
Sparsity
In applications we usually want P(x) to be sparse that is tohave only a small number of nonzero coefficients for reasonsof efficiency The binomial case is usually trivial so in mostcases we want P(x) to be a trinomial
x r + xs + 1 r gt s gt 0
In stating computational results we always assume thats le r2 since for any trinomial T (x) = x r + xs + 1 there is aldquoreciprocalrdquo trinomial x r T (1x) = x r + x rminuss + 1 with the samereducibilityprimitivity properties as T (x)
Richard Brent Trinomials
Mersenne primes
A Mersenne prime is a prime of the form 2n minus 1 for example37311278191
There are conjectured to be infinitely many Mersenne primesand the number for n le N is conjectured to be of order log N
The GIMPS project is searching systematically for Mersenneprimes So far 49 Mersenne primes are known the largestbeing
274207281 minus 1
If 2n minus 1 is prime we say that n is a Mersenne exponent AMersenne exponent is necessarily prime but not conversely(eg 211 minus 1 = 23times 89 so 11 is not a Mersenne exponent)
Richard Brent Mersenne primes and exponents
Trinomials whose degree is a Mersenne exponent
In the following we consider mainly trinomials
T (x) = x r + xs + 1
where r gt s gt 0 and r is a Mersenne exponent (so 2r minus 1 isprime) If T (x) is irreducible it is necessarily primitivePrimitive trinomials are analogous to primes of a special formVarious properties can be conjectured using probabilisticmodels but nontrivial properties that can currently be provedare rareA useful and nontrivial result on trinomials is Swanrsquos theoremHistorical note Swan (1962) rediscovered results ofPellet (1878) and Stickelberger (1897) so the name of thetheorem depends on your nationality
Richard Brent Trinomials of special degree Swanrsquos theorem
Theorem 1 [Swan]
Let r gt s gt 0 and assume r + s is odd ThenTr s(x) = x r + xs + 1 has an even number of irreducible factorsover GF(2) in the following casesa) r even r 6= 2s rs2 = 0 or 1 mod 4b) r odd s not a divisor of 2r r = plusmn3 mod 8c) r odd s a divisor of 2r r = plusmn1 mod 8In all other cases x r + xs + 1 has an odd number of irreduciblefactors
RemarkIf both r and s are even then Tr s is a square If both r and sare odd we can apply the theorem to Tr rminuss Thus Theorem 1tells us the parity of the number of irreducible factors of anytrinomial over GF(2)
Richard Brent Swanrsquos theorem
Application of Swanrsquos theorem
For r an odd prime and excluding the easily-checked casess = 2 or r minus 2 case (b) of Swanrsquos theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8Thus we only need to consider those Mersenne exponents rwith r = plusmn1 mod 8Of the 48 known Mersenne exponents other than 2 there are29 with r = plusmn1 mod 8 and 19 with r = plusmn3 mod 8
Richard Brent Swanrsquos theorem
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Sparsity
In applications we usually want P(x) to be sparse that is tohave only a small number of nonzero coefficients for reasonsof efficiency The binomial case is usually trivial so in mostcases we want P(x) to be a trinomial
x r + xs + 1 r gt s gt 0
In stating computational results we always assume thats le r2 since for any trinomial T (x) = x r + xs + 1 there is aldquoreciprocalrdquo trinomial x r T (1x) = x r + x rminuss + 1 with the samereducibilityprimitivity properties as T (x)
Richard Brent Trinomials
Mersenne primes
A Mersenne prime is a prime of the form 2n minus 1 for example37311278191
There are conjectured to be infinitely many Mersenne primesand the number for n le N is conjectured to be of order log N
The GIMPS project is searching systematically for Mersenneprimes So far 49 Mersenne primes are known the largestbeing
274207281 minus 1
If 2n minus 1 is prime we say that n is a Mersenne exponent AMersenne exponent is necessarily prime but not conversely(eg 211 minus 1 = 23times 89 so 11 is not a Mersenne exponent)
Richard Brent Mersenne primes and exponents
Trinomials whose degree is a Mersenne exponent
In the following we consider mainly trinomials
T (x) = x r + xs + 1
where r gt s gt 0 and r is a Mersenne exponent (so 2r minus 1 isprime) If T (x) is irreducible it is necessarily primitivePrimitive trinomials are analogous to primes of a special formVarious properties can be conjectured using probabilisticmodels but nontrivial properties that can currently be provedare rareA useful and nontrivial result on trinomials is Swanrsquos theoremHistorical note Swan (1962) rediscovered results ofPellet (1878) and Stickelberger (1897) so the name of thetheorem depends on your nationality
Richard Brent Trinomials of special degree Swanrsquos theorem
Theorem 1 [Swan]
Let r gt s gt 0 and assume r + s is odd ThenTr s(x) = x r + xs + 1 has an even number of irreducible factorsover GF(2) in the following casesa) r even r 6= 2s rs2 = 0 or 1 mod 4b) r odd s not a divisor of 2r r = plusmn3 mod 8c) r odd s a divisor of 2r r = plusmn1 mod 8In all other cases x r + xs + 1 has an odd number of irreduciblefactors
RemarkIf both r and s are even then Tr s is a square If both r and sare odd we can apply the theorem to Tr rminuss Thus Theorem 1tells us the parity of the number of irreducible factors of anytrinomial over GF(2)
Richard Brent Swanrsquos theorem
Application of Swanrsquos theorem
For r an odd prime and excluding the easily-checked casess = 2 or r minus 2 case (b) of Swanrsquos theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8Thus we only need to consider those Mersenne exponents rwith r = plusmn1 mod 8Of the 48 known Mersenne exponents other than 2 there are29 with r = plusmn1 mod 8 and 19 with r = plusmn3 mod 8
Richard Brent Swanrsquos theorem
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Mersenne primes
A Mersenne prime is a prime of the form 2n minus 1 for example37311278191
There are conjectured to be infinitely many Mersenne primesand the number for n le N is conjectured to be of order log N
The GIMPS project is searching systematically for Mersenneprimes So far 49 Mersenne primes are known the largestbeing
274207281 minus 1
If 2n minus 1 is prime we say that n is a Mersenne exponent AMersenne exponent is necessarily prime but not conversely(eg 211 minus 1 = 23times 89 so 11 is not a Mersenne exponent)
Richard Brent Mersenne primes and exponents
Trinomials whose degree is a Mersenne exponent
In the following we consider mainly trinomials
T (x) = x r + xs + 1
where r gt s gt 0 and r is a Mersenne exponent (so 2r minus 1 isprime) If T (x) is irreducible it is necessarily primitivePrimitive trinomials are analogous to primes of a special formVarious properties can be conjectured using probabilisticmodels but nontrivial properties that can currently be provedare rareA useful and nontrivial result on trinomials is Swanrsquos theoremHistorical note Swan (1962) rediscovered results ofPellet (1878) and Stickelberger (1897) so the name of thetheorem depends on your nationality
Richard Brent Trinomials of special degree Swanrsquos theorem
Theorem 1 [Swan]
Let r gt s gt 0 and assume r + s is odd ThenTr s(x) = x r + xs + 1 has an even number of irreducible factorsover GF(2) in the following casesa) r even r 6= 2s rs2 = 0 or 1 mod 4b) r odd s not a divisor of 2r r = plusmn3 mod 8c) r odd s a divisor of 2r r = plusmn1 mod 8In all other cases x r + xs + 1 has an odd number of irreduciblefactors
RemarkIf both r and s are even then Tr s is a square If both r and sare odd we can apply the theorem to Tr rminuss Thus Theorem 1tells us the parity of the number of irreducible factors of anytrinomial over GF(2)
Richard Brent Swanrsquos theorem
Application of Swanrsquos theorem
For r an odd prime and excluding the easily-checked casess = 2 or r minus 2 case (b) of Swanrsquos theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8Thus we only need to consider those Mersenne exponents rwith r = plusmn1 mod 8Of the 48 known Mersenne exponents other than 2 there are29 with r = plusmn1 mod 8 and 19 with r = plusmn3 mod 8
Richard Brent Swanrsquos theorem
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Trinomials whose degree is a Mersenne exponent
In the following we consider mainly trinomials
T (x) = x r + xs + 1
where r gt s gt 0 and r is a Mersenne exponent (so 2r minus 1 isprime) If T (x) is irreducible it is necessarily primitivePrimitive trinomials are analogous to primes of a special formVarious properties can be conjectured using probabilisticmodels but nontrivial properties that can currently be provedare rareA useful and nontrivial result on trinomials is Swanrsquos theoremHistorical note Swan (1962) rediscovered results ofPellet (1878) and Stickelberger (1897) so the name of thetheorem depends on your nationality
Richard Brent Trinomials of special degree Swanrsquos theorem
Theorem 1 [Swan]
Let r gt s gt 0 and assume r + s is odd ThenTr s(x) = x r + xs + 1 has an even number of irreducible factorsover GF(2) in the following casesa) r even r 6= 2s rs2 = 0 or 1 mod 4b) r odd s not a divisor of 2r r = plusmn3 mod 8c) r odd s a divisor of 2r r = plusmn1 mod 8In all other cases x r + xs + 1 has an odd number of irreduciblefactors
RemarkIf both r and s are even then Tr s is a square If both r and sare odd we can apply the theorem to Tr rminuss Thus Theorem 1tells us the parity of the number of irreducible factors of anytrinomial over GF(2)
Richard Brent Swanrsquos theorem
Application of Swanrsquos theorem
For r an odd prime and excluding the easily-checked casess = 2 or r minus 2 case (b) of Swanrsquos theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8Thus we only need to consider those Mersenne exponents rwith r = plusmn1 mod 8Of the 48 known Mersenne exponents other than 2 there are29 with r = plusmn1 mod 8 and 19 with r = plusmn3 mod 8
Richard Brent Swanrsquos theorem
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Theorem 1 [Swan]
Let r gt s gt 0 and assume r + s is odd ThenTr s(x) = x r + xs + 1 has an even number of irreducible factorsover GF(2) in the following casesa) r even r 6= 2s rs2 = 0 or 1 mod 4b) r odd s not a divisor of 2r r = plusmn3 mod 8c) r odd s a divisor of 2r r = plusmn1 mod 8In all other cases x r + xs + 1 has an odd number of irreduciblefactors
RemarkIf both r and s are even then Tr s is a square If both r and sare odd we can apply the theorem to Tr rminuss Thus Theorem 1tells us the parity of the number of irreducible factors of anytrinomial over GF(2)
Richard Brent Swanrsquos theorem
Application of Swanrsquos theorem
For r an odd prime and excluding the easily-checked casess = 2 or r minus 2 case (b) of Swanrsquos theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8Thus we only need to consider those Mersenne exponents rwith r = plusmn1 mod 8Of the 48 known Mersenne exponents other than 2 there are29 with r = plusmn1 mod 8 and 19 with r = plusmn3 mod 8
Richard Brent Swanrsquos theorem
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Application of Swanrsquos theorem
For r an odd prime and excluding the easily-checked casess = 2 or r minus 2 case (b) of Swanrsquos theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8Thus we only need to consider those Mersenne exponents rwith r = plusmn1 mod 8Of the 48 known Mersenne exponents other than 2 there are29 with r = plusmn1 mod 8 and 19 with r = plusmn3 mod 8
Richard Brent Swanrsquos theorem
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
A condition for irreducibility
P(x) of degree r gt 1 is irreducible iff
x2r= x mod P(x)
and for all prime divisors d of r we have
GCD(
x2rd minus x P(x))
= 1
The second condition is required to rule out the possibility thatP(x) is a product of irreducible factors of some degree(s)k = rd where d gt 1 and d |r In our examples r is a Mersenne exponent hence prime so thesecond condition can be omitted and P(x) is irreducible iff
x2r= x mod P(x)
Richard Brent Testing irreducibility
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
A brief comment on algorithms
Unfortunately there is no time to discuss algorithms for testingirreducibility and factoring (reducible) polynomials over GF(2)If you are interested in such algorithms see the bibliography atthe end of this talk and the slides related to ldquoThe GreatTrinomial Huntrdquo on my website httpmaths-peopleanueduau~brenttalkshtmlCARMA1
Our algorithms do not depend on the assumption that thedegree r is a Mersenne exponent This assumption is onlyrequired to deduce that an irreducible factor is primititive
Richard Brent Algorithms
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Irreducible and primitive trinomialsWe have given formulas for the number of irreducible orprimitive polynomials of degree r over GF(2) but there is noknown formula for the number of irreducible or primitivetrinomials
Since the number of irreducible polynomials N(r) asymp 2rr theprobability that a randomly chosen polynomial of degree r willbe irreducible is about 1r
It is plausible to assume that the same applies to trinomialsThere are r minus 1 trinomials of degree r so we might expect O(1)of them to be irreducible More precisely we might expect aPoisson distribution with some constant mean micro
This plausible argument is too simplistic as shown by Swanrsquostheorem However we might expect a Poisson distribution inthe cases that are not ruled out by Swanrsquos theorem (ie thecases r = plusmn1 mod 8)
Richard Brent Irreducible trinomials
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Implications of Swanrsquos Theorem
For r an odd prime case (b) of Swanrsquos Theorem says that thetrinomial has an even number of irreducible factors and hencemust be reducible if r = plusmn3 mod 8 provided we exclude thespecial cases s = 2 and r minus s = 2
For prime r = plusmn1 mod 8 the heuristic Poisson distributionseems to apply [based on computations for prime r lt 1000]with mean micro asymp 3 Similarly for primitive trinomials with acorrection factor φ(2r minus 1)(2r minus 2)
Richard Brent Irreducible trinomials
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Recent computational results
The history of the search for primitive trinomials is described inour 2011 AMS Notices paper Here we give new results for thetwo Mersenne exponents found by GIMPS in 2013 and 2016
r s date57 885 161 none 251-34201374 207 281 9 156 813 9 999 621 30 684 570 281-2332016
Table Three new primitive trinomials x r + xs + 1 s le r2
Note that 57885161 equiv 1 mod 8 so this exponent is not ruled outby Swanrsquos theorem This is the only known Mersenne exponentfor which Swanrsquos theorem permits a primitive trinomial but noneexists This should not have been a surprise because thephenomenon occurs for other prime exponents eg 311
Richard Brent Recent computational results
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Reproducibility mdash aka quality assurance
How can we be sure that we have found all the primitivetrinomials of a given degree r In particular how can we besure that there are no primitive trinomals of degree 57885161Our programs produce an easily-verified ldquocertificaterdquo for eachreducible trinomial T (x) = x r + xs + 1 The certificate is just anencoding of a smallest nontrivial factor of T (x) To ensureuniqueness (which is useful for program debugging) thelexicographically least such factor is given if there are severalfactors of equal smallest degreeThe certificates can be verified (much faster than the originalcomputation) using an independent NTL or Magma programWe remark that earlier authors did not go to the trouble ofproducing certificates of reducibility and in at least one case aprimitive trinomial was missed because of a software error
Richard Brent Quality assurance
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
The number of primitive trinomials of given degreeThe table gives the precise number of primitive trinomialsx r + xs + 1 for given (Mersenne exponent) r and s le r2The known Mersenne exponents r gt 3times 106 are listed
degree r number notes3 021 377 26 972 593 1
13 466 917 0 Swanrsquos thm20 996 011 0 Swanrsquos thm24 036 583 225 964 951 430 402 457 132 582 657 337 156 667 0 Swanrsquos thm42 643 801 543 112 609 457 885 161 0 exceptional74 207 281 3
Table Counts of primitive trinomials of degree rRichard Brent Counting primitive trinomials
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Distribution of degrees of factors
In order to predict the expected behaviour of our algorithms weneed to know the expected distribution of degrees of irreduciblefactors Our complexity estimates are based on the assumptionthat trinomials of degree r behave like the set of all polynomialsof the same degree up to a constant factor
Assumption 1 Over all trinomials x r + xs + 1 of degree r overGF(2) the probability πd that a trinomial has no nontrivial factorof degree le d is at most cd where c is a constant and1 lt d le r ln r
This assumption is plausible and in agreement withexperiments though not provenSome empirical evidence for Assumption 1 in the caser = 6 972 593 is given on the next slide Results for other largeMersenne exponents are similar
Richard Brent Degree distribution
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Statistics for r = 6972593
d dπd
2 1333 1434 1525 1546 1607 1608 1679 164
10 165100 177
1000 17610000 188100000 162226887 208 (max)
r minus 1 200
Richard Brent Degree distribution
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Analogies
The following have similar distributions in the limit as nrarrinfin
1 Degree of smallest irreducible factor of a random monicpolynomial of degree n over a finite field (say GF(2))
2 Size of smallest cycle in a random permutation of nobjects
3 Size (in base-b digits) of smallest prime factor in a randominteger of n digits
Richard Brent Similar distributions
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Analogies mdash more details
More precisely let Pd be the limiting probability that thesmallest irreducible factor has degree gt d that the smallestcycle has length gt d or that the smallest prime factor has gt ddigits in cases 1ndash3 respectively Then
Pd sim cd as d rarrinfin
(the constant c is different in each case)
For example in case 3 let x = bd then
Pd =prod
prime pltx
(1minus 1
p
)sim eminusγ
ln x=
(eminusγ
ln b
)1d
by the theorem of Mertens
Richard Brent Similar distributions
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Remarks on complexity
Using Assumption 1 we can show that the search for primitivetrinomials of Mersenne exponent degree r takes time
O(r2)
where the tilde indicates that logarithmic factors are neglectedThis is the same complexity (up to logarithmic factors) as theverification of a single Mersenne exponent r Thus GIMPS hasa harder task than we do Whenever GIMPS finds a newMersenne exponent we should be able to find the primitivetrinomials of that degree within a few monthsWe remark that the correctness of our algorithms isindependent of Assumption 1 The assumption only affects theexpected running time of the algorithms
Richard Brent Complexity of the search
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
The largest smallest factor
For each of the 37 103 637 reducible trinomials of degreer = 74 207 281 we know a smallest factor and these factorshave been verified using MagmaThe largest smallest factor F is a factor of degreed = 19 865 299 of the trinomial T = x r + xs + 1 withs = 9 788 851We can not display F explicitly since it is a dense polynomial ofdegree d Since 5d gt r it follows from Swanrsquos theorem that T hasprecisely three irreducible factors We are currently searchingfor the second-largest factor which will suffice to give thecomplete factorisation of T
Richard Brent Large factors
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
Acknowledgements
Thanks to the gf2x team for helping to speed up our softwareand to Allan Steel for verifying many of our primitive trinomialsusing MagmaINRIA and the Australian National University providedcomputing facilities for the new results reported hereWe thank the ARC for support under grant DP140101417
Richard Brent Acknowledgements
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
BibliographyW Bosma and J Cannon Handbook of Magma FunctionsSchool of Mathematics and Statistics University of Sydney1995 httpmagmamathsusydeduau
R P Brent P Gaudry E Thomeacute and P Zimmermann Fastermultiplication in GF (2)[x ] Proc ANTS VIII 2008 Lecture Notesin Computer Science 5011 153ndash166
R P Brent S Larvala and P Zimmermann A fast algorithm fortesting reducibility of trinomials mod 2 and some new primitivetrinomials of degree 3021377 Math Comp 72 (2003)1443ndash1452
R P Brent S Larvala and P Zimmermann A primitive trinomialof degree 6972593 Math Comp 74 (2005) 1001ndash1002
R P Brent and P Zimmermann A multi-level blockingdistinct-degree factorization algorithm Finite Fields andApplications Contemporary Mathematics 461 (2008) 47ndash58
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
R P Brent and P Zimmermann Ten new primitive binarytrinomials Math Comp 78 (2009) 1197ndash1199
R P Brent and P Zimmermann The great trinomial huntNotices of the AMS 58 (2011) 233ndash239
J von zur Gathen and V Shoup Computing Frobenius mapsand factoring polynomials Computational Complexity 2 (1992)187ndash224
T Kumada H Leeb Y Kurita and M Matsumoto New primitivet-nomials (t = 3 5) over GF(2) whose degree is a Mersenneexponent Math Comp 69 (2000) 811ndash814 (They missedx859433 + x170340 + 1) Corrigenda ibid 71 (2002) 1337ndash1338
A-E Pellet Sur la deacutecomposition drsquoune fonction entiegravere enfacteurs irreacuteductibles suivant un module premier p ComptesRendus de lrsquoAcadeacutemie des Sciences Paris 86 (1878)1071ndash1072
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography
A Schoumlnhage Schnelle Multiplikation von Polynomen uumlberKoumlrpern der Charakteristik 2 Acta Informatica 7 (1977)395ndash398
V Shoup NTL A library for doing number theoryhttpwwwshoupnetntl
L Stickelberger Uumlber eine neue Eigenschaft derDiskriminanten algebraischer Zahlkoumlrper Verhandlungen desersten Internationalen Mathematiker-Kongresses Zuumlrich 1897182ndash193
R G Swan Factorization of polynomials over finite fieldsPacific J Math 12 (1962) 1099ndash1106
S Wagstaff Jr The Cunningham Projecthttphomesceriaspurdueedu~sswcun
G Woltman et al GIMPS The Great Internet Mersenne PrimeSearch httpwwwmersenneorg
Richard Brent Bibliography