Find a normal basis for $\Bbb F_2[\omega]$ over $\Bbb F_2$.

Question

How could we find a normal basis for $\Bbb F_2[\omega]$ over $\Bbb F_2$, where $\omega$ is a primitive $7^{th}$ root of unity over $\Bbb F_2$?

One could show that the minimal polynomial of $\omega$ over $\Bbb F_2$ is $x^3+x+1=(x-\omega)(x-\omega^2)(x-\omega^4)$, and thus by comparing the second degree coefficient, $\omega+\omega^2+\omega^4=0$. So $\omega$ cannot give a normal basis.

To find a normal basis, it is sufficient to find an element $z\in\Bbb F_2[\omega]$ such that $z,z^2,z^4$ generates $\Bbb F_2[\omega]$ over $\Bbb F_2$ as the degree $$\left[\Bbb F_2[\omega]:\Bbb F_2\right]=\left|\operatorname{Gal}(\Bbb F_2[\omega]/\Bbb F_2)\right|=\left|\left<\sigma_2\right>\right|=3.$$

Here is a relevant question that might help.

---

I am really asking for if the normal basis for $\Bbb F_q[\omega]/\Bbb F_q$ has a general form that one could compute. As $\left|\Bbb F_2[\omega]\right|=2^3=8$ so that $$\Bbb F_2[\omega]=\{0,1,\omega,\omega^2,...,\omega^6\}$$ so this is a relatively simple case to begin with.

Answer 1

I don't know of a good way of finding an element $\omega$ that generates a normal basis. But I will describe the elements to avoid. In some cases that gives a nice recipe, but general results constructions are more complicated.

I will use the language and result of this old answer of mine. So let $K=\Bbb{F}_q$ and $L=\Bbb{F}_{q^n}$. The idea is to view $L$ as a module over the polynomial ring $K[\tau]$, where $K$ acts on $L$ by scalar multiplication, and the indeterminate $\tau$ acts via Frobenius: $$\tau\cdot x=x^q$$ for all $x\in L$.

The linked answer then explains why $L\simeq K[\tau]/\langle \tau^n-1\rangle$ as $K[\tau]$-modules. In other words, $L$ is a cyclic $K[\tau]$-module. The relevance of this to the search for an element $\omega$ yielding a normal basis comes from the fact $\omega$ works if and only if $L=\langle\omega\rangle$ as a $K[\tau]$-module. This is because $\tau^i\cdot\omega=\omega^{q^i}$ for all $i$, and as all of $L$ is annihilated by $\tau^n-1$, we always have that $\langle\omega\rangle$ is spanned (over $K$) by the conjugates $\omega^{q^i}$, $i=0,1,\ldots,n-1$.

So $\omega$ works unless it is annihilated by a proper factor of $\tau^n-1$.

Thus it suffices to exclude out of the reckoning tee elements $x\in L$ annihilated by a maximal (proper) factor of $\tau^n-1$. Even over $\Bbb{Z}$ this polynomial factors as a product of the cyclotomic polynomials $$ \tau^n-1=\prod_{d\mid n}\Phi_d(\tau). $$ Furthermore, the cyclotomic polynomials often factor further over $K$. See another old answer of mine as well as other threads discussing the same result.

---

I want to describe a recurring special case. An obvious factor of $\tau^n-1$ is the polynomial $$T(\tau):=\tau^{n-1}+\tau^{n-2}+\tau^{n-3}+\cdots+\tau+1.$$ We see that $$ T(\tau)\cdot\omega=\omega^{q^{n-1}}+\omega^{q^{n-2}}+\cdots+\omega^q+\omega=tr_{L/K}(\omega) $$ is equal to the (relative) trace of $\omega$. The conclusion is that an element $\omega$ is annihilated by $T(\tau)$ if and only if the trace $tr_{L/K}(\omega)$ vanishes. The seventh root of unity with minimal polynomial $x^3+x+1$ over $\Bbb{F}_2$ is a case in point, because the trace of an element generating $L$ as a field extension is equal to the negative of the coefficient of $x^{n-1}$ in its minimal polynomial.

One particular case is, when $n$ is a power of $q$. In that case $\tau^n-1=(\tau-1)^n$, and $(\tau-1)^{n-1}=T(\tau)$ is the only maximal factor of $\tau^n-1$. In this case we can say that $\omega$ gives rise to a normal basis *if and only if $tr_{L/K}(\omega)\neq0$. An example of this is $n=4$, $q=2$. Over $K=\Bbb{F}_2$ we have $x^4-1=(x+1)^4$, $(x+1)^3=x^3+x^2+x+1$ is the only maximal proper factor, and we only need to check that the trace does not vanish. So the zeros of either $x^4+x^3+x^2+x+1$ or $x^4+x^3+1$ yield normal bases, but the zeros of $x^4+x+1$ do not (look at the cubic terms).

Another particular case, still with $q=2$, is when $n$ is a prime number such that $2$ generates the group $\Bbb{Z}_n^*$. In that case the cyclotomic polynomial $$ \Phi_m(\tau)=\tau^{n-1}+\tau^{n-2}+\cdots+\tau+1 $$ is irreducible. The only other maximal factor of $\tau^n-1$ being $\tau-1$, we can again conclude that any element $\notin K$ with non-zero trace gives rise to a normal basis. This applies for example in the case of $\Bbb{F}_{32}/\Bbb{F}_2$.

Another very similar case is that of optimal normal bases (desirable in implementations of large finite fiels of characteristic two). I describe one such construction here.