From fd2459ecef770faa3974543d4953609bfd99e9c4 Mon Sep 17 00:00:00 2001
From: darkfi <darkfi>
Date: Thu, 15 May 2025 15:17:00 +0200
Subject: [PATCH] research/fft: alternative to finding extension fields
 containing root of unity

---
 script/research/zk/fft/fft2.sage | 16 ++++++++++++++--
 script/research/zk/fft/fft3.sage |  3 ++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/script/research/zk/fft/fft2.sage b/script/research/zk/fft/fft2.sage
index 97b79a9c4..6bf72bee7 100644
--- a/script/research/zk/fft/fft2.sage
+++ b/script/research/zk/fft/fft2.sage
@@ -26,6 +26,20 @@ def find_ext_order(p, n):
 
         N += 1
 
+# Alternative to the above fn. Technically we still need to loop since
+# discrete_log() is a bruteforce algo.
+def find_ext_order_alt(p, n):
+    # We have that n | p^N - 1 for some n. This is the same as wrtiting:
+    #   p^N - 1 = ns for some s
+    #   => p^N - 1 ≡ 0 (mod n)
+    #   p · p^(N - 1) ≡ 1 (mod n)
+    # But recall that p^(N - 1) ≡ p^-1
+    # So we just take p (mod n), find its inverse then compute N - 1
+    R = Integers(n)
+    p = R(p)
+    N_minus_1 = discrete_log(p^-1, p)
+    return N_minus_1 + 1
+
 def find_nth_root_unity(K, n):
     # It cannot be a quadratic residue if n is odd
     #assert n % 2 == 1
@@ -47,8 +61,6 @@ K.<a> = GF(p^N, repr="int")
 
 L.<X> = K[]
 
-f = 3*X^4 + 7*X^3 + X^2 + 4
-g = 2*X^4 + 2*X^2 + 110
 f = X^2 + 2*X + 4
 g = 2*X^2 + 110
 assert f.degree() < n/2
diff --git a/script/research/zk/fft/fft3.sage b/script/research/zk/fft/fft3.sage
index fe3feb41c..7cd45cd57 100644
--- a/script/research/zk/fft/fft3.sage
+++ b/script/research/zk/fft/fft3.sage
@@ -40,7 +40,8 @@ print()
 L.<X> = K[]
 
 f = 10*X + 110
-assert f.degree() < n/2
+f = X^3 + 10*X + 110
+#assert f.degree() < n/2
 print(f"f = {f}")
 print()