101184181000COMBINACIONES DE REFRIGERADOR Y CONGELAD12.2125.1648.74085365010INTERRUPTORES PARA UNA TENSION INFERIOR24.55112.621 11

Let_{η = |F}R| and let

Ip(j) = 1 j X d|j µ(d)pj/d (7.1)

be the number of monic irreducible polynomials inFp[t] of degree j, where µ is

the mobius function. This then determines a unique_{m ∈ N such that}

m X j=1 Ip(j) ≤ η < m+1 X j=1 Ip(j)

so that while we have all irreducible polynomials inFp[t] of degrees ≤ m in our

factor base, we are also free to select a fractionα of primes of degree m + 1, with

α = (η −

j=1

Ip(j))/Ip(m + 1).

Such a proportionα is used in some implementations of the FFS, and in the fol-

lowing we investigate the practical implications of such a parameter. We assume that the additional degreem + 1 members of the factor base have been chosen at

random, before sieving begins. In an implementation these would probably be se- lected dynamically, as the sieve progressed, though we do not believe this would

Estimates for Discrete Logarithm Computations in Finite Fields of Small Characteristic

affect these estimates significantly.

Definition 7.1. Let ρp,α(k, m) be the probability that a given monic polynomial

inFp[t] of degree k has all of its irreducible factors of degrees ≤ m + 1, and that

those of degreem + 1 are contained in a proportion α of preselected irreducible

polynomials of degreem + 1.

We implicitly assume throughout, as do all authors on this subject, that elements ofFp[t] behave like independent random variables with respect to the prop-

erty of being smooth. Provided we have a process to generate elements uniformly, this is reasonable. Note that the casep = 2, α = 0 is the definition of ρ(k, m)

in [113], which can be computed using the counting function we introduce in Def- inition 7.2, and with which we derive an exact expression for ρp,α(k, m). When

a given polynomial factors within this extended factor base we say it is(m, α)-

smooth.

Definition 7.2. LetNp(k, m) be the number of monic polynomials e(t) ∈ Fp[t] of

degree_{k such that e(t) has all of its irreducible factors of degrees ≤ m, i.e.,}

e(t) =Y

ei(t)βi, deg(ei(t)) ≤ m.

For exactness we further defineNp(k, 0) = 0 for k > 0, Np(k, m) = pkifk ≤ m,

andNp(k, m) = 0 if k < 0 and m ≥ 0.

We are now ready to state

Theorem 7.1. i. Np(k, m) = m X n=1 X r≥1 Np(k − nr, n − 1)r + Ip(n) − 1 r , ii. ρp,α(k, m) = X r≥0 Np(k − r(m + 1), m) pk r + Ip(m + 1) − 1 r αr.

Proof. The proof of (i) is virtually identical to the derivation of ρ2,0(k, m) in

7.3 Methodology of our Analysis

monic polynomial in Fp[t] of degree k, all of whose irreducible factors are of

degrees_{≤ m + 1. Such a polynomial can be written uniquely as}

e(t) = g(t)Y

u(t)

u(t)βu(t)_,

where theu(t) are monic and of degree m + 1, P βu(t)= r for some r ∈ N, and

g(t) is a monic polynomial of degree k − r(m + 1), all of whose prime factors are

of degrees_{≤ m. Given m + 1 and r, there are N}p(k − r(m + 1), m) such g(t), and

the number of suchQ u(t)βu(t)_{is the number of}I

p(m + 1)-tuples of non-negative

integers which sum tor (since we have Ip(m + 1) possibilities for the u(t)), which

is just

r + Ip(m + 1) − 1

So for a given_{r, the probability that a monic polynomial e(t) ∈ F}p[t] of degree

exactly_{k has all its irreducible factors of degrees ≤ m + 1, exactly r of its irre-} ducible factors having degreem + 1, and that these are in the preselected factor

base is then Np(k − r(m + 1), m) pk r + Ip(m + 1) − 1 r αr,

since there arepk_{monic polynomials of degree}_{k. Hence the total probability that}

e(t) has all its irreducible factors in the chosen factor base is X r≥0 Np(k − r(m + 1), m) pk r + Ip(m + 1) − 1 r αr,

which is our theorem.

Remark. We have noted already that forα = 0, we obtain ρp(k, m) (assuming

00 _{= 1; while for α = 1, we obtain}

ρp(k, m) + X r≥1 Np(k − r(m + 1), m) pk r + Ip(m + 1) − 1 r , 108

Estimates for Discrete Logarithm Computations in Finite Fields of Small Characteristic

which, by the recurrence (i) is equal to

ρp(k, m) +

pk{Np(k, m + 1) − Np(k, m)} = ρp(k, m + 1),

verifying our calculation.

We will also need the following simple theorem in the next section.

Theorem 7.2. LetaR,S be the number of coprime pairs of polynomials(r, s) of

degrees_{0 ≤ R ≤ S with r monic. Then}

aR,S =

(p − 1)2_pR+S−1 _{R, S > 0}

(p − 1)pS _otherwise_. (7.2)

Proof. Considering first just monic polynomials, let_{0 ≤ R ≤ S. Since there}

arepR _{monic polynomials of degree} _{R, and p}S _{monic polynomials of degree} _S,

there arepR+S _{pairs of monic polynomials in this range. Let}_a_ˆ

R,S be the number

of monic polynomial pairs(r, s) with degrees R and S such that gcd(r, s) = 1,

and for each pair_{(r, s), let h = gcd(r, s) where 0 ≤ k = δ(h) ≤ R. There are p}k possible such monich. Furthermore since gcd(r/h, s/h) = 1, there are ˆaR−k,S−k

possibilities for the pair(r/h, s/h). Summing these possibilities over k we obtain

the recurrence relation

pR+S = R X k=0 ˆ aR−k,S−kpk.

Noting thataˆ0,S−R= pS−Rwe see this has the solution

ˆ aR,S =

(p − 1)pR+S−1 _{0 < R ≤ S}

pS _{R = 0}

If we allows to be non-monic then we simply multiply ˆaR,S by|F×p|, giving the

stated result.

7.3 Methodology of our Analysis

In document Publicación editada por el Departamento Publicaciones de la Gerencia de División Estudios del Banco Central de Chile (página 146-154)