= Conway polynomial (finite fields) =

In mathematics, the Conway polynomial C_{p,n} for the finite field F<sub>p^{n}</sub> is a particular irreducible polynomial of degree n over F_{p} that can be used to define a standard representation of F<sub>p^{n}</sub> as a splitting field of C_{p,n}. Conway polynomials were named after John H. Conway by Richard A. Parker, who was the first to define them and compute examples. Conway polynomials satisfy a certain compatibility condition that had been proposed by Conway between the representation of a field and the representations of its subfields. They are important in computer algebra where they provide portability among different mathematical databases and computer algebra systems. Since Conway polynomials are expensive to compute, they must be stored to be used in practice. Databases of Conway polynomials are available in the computer algebra systems GAP, Macaulay2, Magma, SageMath, at the web site of Frank Lübeck,
and at the Online Encyclopedia of Integer Sequences.

==Background==
Elements of $\mathbf F_{p^n}$ may be represented as sums of the form $a_{n-1}\beta^{n-1}+\cdots+a_1\beta+a_0$ where $\beta$ is a root of an irreducible polynomial of degree $n$ over $\mathbf F_{p}$ and the $a_j$ are elements of $\mathbf F_{p}$. Addition of field elements in this representation is simply vector addition. While there is a unique finite field of order $p^n$ up to isomorphism, the representation of the field elements depends on the choice of irreducible polynomial. The Conway polynomial is a way of standardizing this choice.

The non-zero elements of a finite field $\mathbf F$ form a cyclic group under multiplication, denoted $\mathbf F^*$. A primitive element, $\alpha$, of $\mathbf F_{p^n}$ is an element that generates $\mathbf F_{p^n}^*$. Representing the non-zero field elements as powers of $\alpha$ allows multiplication in the field to be performed efficiently. The primitive polynomial for $\alpha$ is the monic polynomial of smallest possible degree with coefficients in $\mathbf F_{p}$ that has $\alpha$ as a root in $\mathbf F_{p^n}$ (the minimal polynomial for $\alpha$). It is necessarily irreducible. The Conway polynomial is chosen to be primitive, so that each of its roots generates the multiplicative group of the associated finite field.

The field $\mathbf F_{p^n}$ contains a unique subfield isomorphic to $\mathbf F_{p^m}$ for each $m$ dividing $n$, and this accounts for all the subfields of $\mathbf F_{p^n}$. For any $m$ dividing $n$ the cyclic group $\mathbf F_{p^n}^*$ contains a subgroup isomorphic to $\mathbf F_{p^m}^*$. If $\alpha$ generates $\mathbf F_{p^n}^*$, then the smallest power of $\alpha$ that generates this subgroup is $\alpha^r$ where $r=(p^n-1)/(p^m-1)$. If $f_n$ is a primitive polynomial for $\mathbf F_{p^n}$ with root $\alpha$ and $f_m$ is a primitive polynomial for $\mathbf F_{p^m}$ then, by Conway's definition, $f_m$ and $f_n$ are compatible if $\alpha^r$ is a root of $f_m$. This necessitates that $f_n(x)$ divide $f_m(x^r)$. This notion of compatibility is called norm-compatibility by some authors. The Conway polynomial for a finite field is chosen so as to be compatible with the Conway polynomials of each of its subfields. That it is possible to make the choice in this way was proved by Werner Nickel.

==Definition==
The Conway polynomial C_{p,n} is defined as the lexicographically minimal monic primitive polynomial of degree n over F_{p} that is compatible with C_{p,m} for all m dividing n. This is an inductive definition on n: the base case is C_{p,1}(x) x − α where α is the lexicographically minimal primitive element of F_{p}. The notion of lexicographical ordering used is the following:
- The elements of F_{p} are ordered 0 < 1 < 2 < … < p − 1.
- A polynomial of degree d in F_{p}[x] is written a_{d}x^{d} − a_{d−1}x^{d−1} + … + (−1)^{d}a_{0} (with terms alternately added and subtracted) and then expressed as the word a_{d} a_{d−1} … a_{0}. Two polynomials of degree d are ordered according to the lexicographical ordering of their corresponding words.
Since there does not appear to be any natural mathematical criterion that would single out one monic primitive polynomial satisfying the compatibility conditions over all the others, the imposition of lexicographical ordering in the definition of the Conway polynomial should be regarded as a convention.

==Table==
Conway polynomials C_{p,n} for the lowest values of p and n are tabulated below. All of these were first computed by Richard Parker and were taken from the tables of Frank Luebeck. The calculations can be verified using the basic methods of the next section with the assistance of algebra software.

  - Conway polynomials over F_{p} for small p and small degree.**

| Degree | F_{2} | F_{3} | F_{5} | F_{7} |
| 1 | x + 1 | x + 1 | x + 3 | x + 4 |
| 2 | x^{2} + x + 1 | x^{2} + 2x + 2 | x^{2} + 4x + 2 | x^{2} + 6x + 3 |
| 3 | x^{3} + x + 1 | x^{3} + 2x + 1 | x^{3} + 3x + 3 | x^{3} + 6x^{2} + 4 |
| 4 | x^{4} + x + 1 | x^{4} + 2x^{3} + 2 | x^{4} + 4x^{2} + 4x + 2 | x^{4} + 5x^{2} + 4x + 3 |
| 5 | x^{5} + x^{2} + 1 | x^{5} + 2x + 1 | x^{5} + 4x + 3 | x^{5} + x + 4 |
| 6 | x^{6} + x^{4} + x^{3} + x + 1 | x^{6} + 2x^{4} + x^{2} + 2x + 2 | x^{6} + x^{4} + 4x^{3} + x^{2} + 2 | x^{6} + x^{4} + 5x^{3} + 4x^{2} + 6x + 3 |
| 7 | x^{7} + x + 1 | x^{7} + 2x^{2} + 1 | x^{7} + 3x + 3 | x^{7} + 6x + 4 |
| 8 | x^{8} + x^{4} + x^{3} + x^{2} + 1 | x^{8} + 2x^{5} + x^{4} + 2x^{2} + 2x + 2 | x^{8} + x^{4} + 3x^{2} + 4x + 2 | x^{8} + 4x^{3} + 6x^{2} + 2x + 3 |
| 9 | x^{9} + x^{4} + 1 | x^{9} + 2x^{3} + 2x^{2} + x + 1 | x^{9} + 2x^{3} + x + 3 | x^{9} + 6x^{4} + x^{3} + 6x + 4 |

==Examples==
To illustrate the definition, let us compute the first six Conway polynomials over F_{5}. By definition, a Conway polynomial is monic, primitive (which implies irreducible), and compatible with Conway polynomials of degree dividing its degree. The table below shows how imposing each of these conditions reduces the number of candidate polynomials.

  - Numbers of candidate polynomials over F_{5} as successive conditions are imposed.**

| Degree | monic | irreducible | primitive | compatible |
| 1 | 5 | 5 | 2 | 2 |
| 2 | 25 | 10 | 4 | 2 |
| 3 | 125 | 40 | 20 | 10 |
| 4 | 625 | 150 | 48 | 12 |
| 5 | 3125 | 624 | 280 | 140 |
| 6 | 15625 | 2580 | 720 | 18 |

Degree 1. The primitive elements of F_{5} are 2 and 3. The two degree-1 polynomials with primitive roots are therefore x − 2 x + 3 and x − 3 x + 2, which correspond to the words 12 and 13, Since 12 is less than 13 in lexicographic ordering, C_{5,1}(x) x + 3.

Degree 2. Since (5^{2} − 1) / (5^{1} − 1) 6, compatibility requires that C_{5,2} be chosen so that C_{5,2}(x) divides C_{5,1}(x^{6}) x^{6} + 3. The latter factorizes into three degree-2 polynomials, irreducible over F_{5}, namely x^{2} + 2, x^{2} + x + 2, and x^{2} + 4x + 2. Of these x^{2} + 2 is not primitive since it divides x^{8} − 1 implying that its roots have order at most 8, rather than the required 24. Both of the others are primitive and C_{5,2} is chosen to be the lexicographically lesser of the two. Now x^{2} + x + 2 x^{2} − 4x + 2 corresponds to the word 142 and x^{2} + 4x + 2 x^{2} − x + 2 corresponds to the word 112, the latter being lexicographically less than the former. Hence C_{5,2}(x) x^{2} + 4x + 2.

Degree 3. Since (5^{3} − 1) / (5^{1} − 1) 31, compatibility requires that C_{5,3}(x) divide C_{5,1}(x^{31}) x^{31} + 3, which factorizes as a degree-1 polynomial times the product of ten primitive degree-3 polynomials. Of these, two have no quadratic term, x^{3} + 3x + 3 x^{3} − 0x^{2} + 3x − 2 and x^{3} + 4x + 3 x^{3} − 0x^{2} + 4x − 2, which correspond to the words 1032 and 1042. As 1032 is lexicographically less than 1042, C_{5,3}(x) x^{3} + 3x + 3.

Degree 4. The proper divisors of 4 are 1 and 2. Compute (5^{4} − 1) / (5^{2} − 1) 26 and (5^{4} − 1) / (5^{1} − 1) 156, and note that 156 / 26 (5^{2} − 1) / (5^{2} − 1) 6, the same exponent as appeared in the compatibility condition for degree 2. In degree 4, compatibility requires that C_{5,4} be chosen so that C_{5,4}(x) divides both C_{5,2}(x^{26}) x^{52} + 4x^{26} + 2 and C_{5,1}(x^{156}) x^{156} + 3. The second condition is redundant, however, because of the compatibility condition imposed when choosing C_{5,2}, which implies that C_{5,2}(x^{26}) divides C_{5,1}(x^{156}). In general, for composite degree d, the same reasoning implies that only the maximal proper divisors of d need be considered, that is, divisors of the form d / p, where p is a prime divisor of d. There are 13 factors of C_{5,2}(x^{26}), all of degree 4. All but one are primitive. Of the primitive ones, x^{4} + 4x^{2} + 4x + 2 is lexicographically minimal.

Degree 5. The computation is similar to what was done in degrees 2 and 3: (5^{5} − 1) / (5^{1} − 1) 781; C_{5,1}(x^{781}) x^{781} + 3 has one factor of degree 1 and 156 factors of degree 5, of which 140 are primitive. The lexicographically least of the primitive factors is x^{5} + 4x + 3.

Degree 6. Taking into consideration the discussion above in connection with degree 4, the two compatibility conditions that need to be considered are that C_{5,6}(x) must divide C_{5,2}(x^{651}) x^{1302} + 4x^{651} + 2 and C_{5,3}(x^{126}) x^{378} + 3x^{126} + 3. It therefore must divide their greatest common divisor, x^{126} + x^{105} + 2x^{84} + 3x^{42} + 2, which factorizes into 21 degree-6 polynomials, 18 of which are primitive. The lexicographically least of these is x^{6} + x^{4} + 4x^{3} + x^{2} + 2.

==Computation==
Algorithms for computing Conway polynomials that are more efficient than brute-force search have been developed by Heath and Loehr. Lübeck indicates that their algorithm is a rediscovery of the method of Parker.
