Cyclotomic fast Fourier transform

The cyclotomic fast Fourier transform is a type of fast Fourier transform algorithm over finite fields.^[1] This algorithm first decomposes a DFT into several circular convolutions, and then derives the DFT results from the circular convolution results. When applied to a DFT over ${\displaystyle GF(2^m)}$, this algorithm has a very low multiplicative complexity. In practice, since there usually exist efficient algorithms for circular convolutions with specific lengths, this algorithm is very efficient.^[2]

The discrete Fourier transform over finite fields finds widespread application in the decoding of error-correcting codes such as BCH codes and Reed–Solomon codes. Generalized from the complex field, a discrete Fourier transform of a sequence ${\displaystyle \{f_i{\}}_0^{N-1}}$ over a finite field GF(p^m) is defined as

${\displaystyle F_j={\displaystyle \sum _{i=0}^{N-1}}{f}_i{\alpha }^{ij},0\le j\le N-1,}$

where ${\displaystyle \alpha }$ is the N-th primitive root of 1 in GF(p^m). If we define the polynomial representation of ${\displaystyle \{f_i{\}}_0^{N-1}}$ as

${\displaystyle f(x)=f_0+f_{1}x+f_2{x}^2+\cdots +f_{N-1}{x}^{N-1}={\displaystyle \sum _0^{N-1}}{f}_i{x}^i,}$

it is easy to see that ${\displaystyle F_j}$ is simply ${\displaystyle f({\alpha }^j)}$. That is, the discrete Fourier transform of a sequence converts it to a polynomial evaluation problem.

Written in matrix format,

${\displaystyle 𝐅=\left[\begin{array}{c}{F}_0\\ F_1\\ ⋮\\ F_{N-1}\end{array}\right]=\left[\begin{array}{cccc}{\alpha }^0& {\alpha }^0& \cdots & {\alpha }^0\\ {\alpha }^0& {\alpha }^1& \cdots & {\alpha }^{N-1}\\ ⋮& ⋮& \ddots & ⋮\\ {\alpha }^0& {\alpha }^{N-1}& \cdots & {\alpha }^{(N-1)(N-1)}\end{array}\right]\left[\begin{array}{c}{f}_0\\ f_1\\ ⋮\\ f_{N-1}\end{array}\right]=ℱ𝐟.}$

Direct evaluation of DFT has an ${\displaystyle O(N^2)}$ complexity. Fast Fourier transforms are just efficient algorithms evaluating the above matrix-vector product.

First, we define a linearized polynomial over GF(p^m) as

${\displaystyle L(x)=\sum _i{l}_i{x}^{p^i},l_i\in \mathrm{G}\mathrm{F}(p^m).}$

${\displaystyle L(x)}$ is called linearized because ${\displaystyle L(x_1+x_2)=L(x_1)+L(x_2)}$, which comes from the fact that for elements ${\displaystyle x_1,x_2\in \mathrm{G}\mathrm{F}(p^m),}$${\displaystyle (x_1+x_2{)}^p=x_1^p+x_2^p.}$

Notice that ${\displaystyle p}$ is invertible modulo ${\displaystyle N}$ because ${\displaystyle N}$ must divide the order ${\displaystyle p^m-1}$ of the multiplicative group of the field ${\displaystyle \mathrm{G}\mathrm{F}(p^m)}$. So, the elements ${\displaystyle \{0,1,2,\dots ,N-1\}}$ can be partitioned into ${\displaystyle l+1}$ cyclotomic cosets modulo ${\displaystyle N}$:

${\displaystyle \{0\},}$

${\displaystyle \{k_1,p{k}_1,p^2{k}_1,\dots ,p^{m_1-1}{k}_1\},}$

${\displaystyle \dots ,}$

${\displaystyle \{k_l,p{k}_l,p^2{k}_l,\dots ,p^{m_l-1}{k}_l\},}$

where ${\displaystyle k_i=p^{m_i}{k}_i(\mathrm{mod}N)}$. Therefore, the input to the Fourier transform can be rewritten as

${\displaystyle f(x)={\displaystyle \sum _{i=0}^l}{L}_i(x^{k_i}),L_i(y)={\displaystyle \sum _{t=0}^{m_i-1}}{y}^{p^t}{f}_{p^t{k}_{i}modN}.}$

In this way, the polynomial representation is decomposed into a sum of linear polynomials, and hence ${\displaystyle F_j}$ is given by

${\displaystyle F_j=f({\alpha }^j)={\displaystyle \sum _{i=0}^l}{L}_i({\alpha }^{j{k}_i})}$.

Expanding ${\displaystyle {\alpha }^{j{k}_i}\in \mathrm{G}\mathrm{F}(p^{m_i})}$ with the proper basis ${\displaystyle \{{\beta }_{i,0},{\beta }_{i,1},\dots ,{\beta }_{i,m_i-1}\}}$, we have ${\displaystyle {\alpha }^{j{k}_i}={\displaystyle \sum _{s=0}^{m_i-1}}{a}_{ijs}{\beta }_{i,s}}$ where ${\displaystyle a_{ijs}\in \mathrm{G}\mathrm{F}(p)}$, and by the property of the linearized polynomial ${\displaystyle L_i(x)}$, we have

${\displaystyle F_j={\displaystyle \sum _{i=0}^l}{\displaystyle \sum _{s=0}^{m_i-1}}{a}_{ijs}\left({\displaystyle \sum _{t=0}^{m_i-1}}{\beta }_{i,s}^{p^t}{f}_{p^t{k}_{i}modN}\right)}$

This equation can be rewritten in matrix form as ${\displaystyle 𝐅=𝐀𝐋\mathrm{\Pi }𝐟}$, where ${\displaystyle 𝐀}$ is an ${\displaystyle N\times N}$ matrix over GF(p) that contains the elements ${\displaystyle a_{ijs}}$, ${\displaystyle 𝐋}$ is a block diagonal matrix, and ${\displaystyle \mathrm{\Pi }}$ is a permutation matrix regrouping the elements in ${\displaystyle 𝐟}$ according to the cyclotomic coset index.

Note that if the normal basis ${\displaystyle \{{\gamma }_i^{p^0},{\gamma }_i^{p^1},\cdots ,{\gamma }_i^{p^{m_i-1}}\}}$ is used to expand the field elements of ${\displaystyle \mathrm{G}\mathrm{F}(p^{m_i})}$, the i-th block of ${\displaystyle 𝐋}$ is given by:

${\displaystyle {𝐋}_i=\left[\begin{array}{cccc}{\gamma }_i^{p^0}& {\gamma }_i^{p^1}& \cdots & {\gamma }_i^{p^{m_i-1}}\\ {\gamma }_i^{p^1}& {\gamma }_i^{p^2}& \cdots & {\gamma }_i^{p^0}\\ ⋮& ⋮& \ddots & ⋮\\ {\gamma }_i^{p^{m_i-1}}& {\gamma }_i^{p^0}& \cdots & {\gamma }_i^{p^{m_i-2}}\end{array}\right]}$

which is a circulant matrix. It is well known that a circulant matrix-vector product can be efficiently computed by convolutions. Hence we successfully reduce the discrete Fourier transform into short convolutions.

When applied to a characteristic-2 field GF(2^m), the matrix ${\displaystyle 𝐀}$ is just a binary matrix. Only addition is used when calculating the matrix-vector product of ${\displaystyle \mathrm{A}}$ and ${\displaystyle \mathrm{L}\mathrm{\Pi }\mathrm{f}}$. It has been shown that the multiplicative complexity of the cyclotomic algorithm is given by ${\displaystyle O(n({\log }_{2}n{)}^{{\log }_2\frac{3}{2}})}$, and the additive complexity is given by ${\displaystyle O(n^2/({\log }_{2}n{)}^{{\log }_2\frac{8}{3}})}$.^[2]

Template:Reflist