Enumerating hyperelliptic curves
over finite fields in quasilinear time

Everett W. Howe Independent mathematician, San Diego, CA 92104, USA [email protected] http://ewhowe.com

(Date: 20 June 2024)

Abstract.

We present an algorithm that, for every fixed genus $g$ , will enumerate all hyperelliptic curves of genus $g$ over a finite field $k$ of odd characteristic in quasilinear time; that is, the time required for the algorithm is $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{2g-1})$ , where $q=\#k$ . Such an algorithm already exists in the case $g=2$ , thanks to work of Mestre and Cardona and Quer, and in the case $g=3$ , thanks to work of Lercier and Ritzenthaler. Experimentally, it appears that our new algorithm is about two orders of magnitude faster in practice than ones based on their work.

Key words and phrases:

Hyperelliptic curve, finite field

1991 Mathematics Subject Classification:

Primary 11G20; Secondary 11Y16, 14G15, 14H10, 14H25

1. Introduction

There are many circumstances in which one may want to enumerate all hyperelliptic curves of a given genus over a given finite field. One may wish to determine whether a hyperelliptic curve with certain special properties exists — for instance, with a certain number of points [14, p. 393], or a certain zeta function, or a certain $a$ -number [7, §4], or some other property of interest — and explicit enumeration allows for a direct search. Or perhaps one may wish to gather data about all hyperelliptic curves of a given genus over a given finite field — for example, in order to compute the distribution of the number of points on such curves, as in [1], or to determine experimental results [18] that can inspire future theorems [11].

In this paper we present, for every fixed genus $g>1$ , an algorithm to calculate a list of all hyperelliptic curves of genus $g$ over a given finite field of odd characteristic.¹¹1Hyperelliptic curves in characteristic $2$ are different from those in other characteristics in some basic ways, and, as we discuss later, there already exists an efficient algorithm for enumerating them.

Theorem 1.1.

Fix an integer $g>1.$ Together, the algorithms we present in Section 7 provide a method for computing a complete list of hyperelliptic curves of genus $g$ over ${\mathbf{F}}_{q}$ for odd prime powers $q$ , with each curve appearing exactly once up to isomorphism. The algorithms take time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{2g-1})$ and space $O(q^{2g-1})$ .

From [3, Proposition 7.1] and from the fact that a generic hyperelliptic curve has automorphism group of order $2$ , we see that there are roughly $2q^{2g-1}$ hyperelliptic curves of genus $g$ over ${\mathbf{F}}_{q}$ , so our algorithm runs in quasilinear time.

We also present an apparently new explicit enumeration of all monic irreducible homogeneous bivariate quartics over a finite field $k$ of odd characteristic, up to the natural action of $\operatorname{PGL}_{2}(k)$ (see Section 2), which may be of independent interest.

Theorem 1.2.

Given an odd prime power $q$ , let $\gamma$ be a nonzero element of ${\mathbf{F}}_{q^{4}}$ whose multiplicative order is $2(q^{2}-1)$ and let $\rho$ be an element of ${\mathbf{F}}_{q^{2}}\setminus{\mathbf{F}}_{q}$ with $\rho^{2}\in{\mathbf{F}}_{q}$ . Let $S_{4}$ be the union of the two sets

\bigl{\{}(\gamma^{i}-1)/(\gamma^{i}+1)\ |\ \text{$i$ odd},\ 1\leq i\leq(q+1)/2\bigr{\}}

and

\bigl{\{}\rho(\gamma^{i}-1)/(\gamma^{i}+1)\ |\ \text{$i$ odd},\ 1\leq i\leq(q-1)/2\bigr{\}}\,.

Then the homogenized minimal polynomials of the elements of $S_{4}$ provide a complete set of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on the monic irreducible homogeneous bivariate quartics over ${\mathbf{F}}_{q}$ .

We prove this in Section 3. Also, here and elsewhere, when we say we have a “complete set of unique representatives” for an action of a group on a set, we mean that we have a set of orbit representatives that contains exactly one member from each orbit.

Briefly, there are two main ideas behind the algorithms that give us Theorem 1.1. The first is that there is an easy way to tell whether two irreducible homogeneous polynomials in ${\mathbf{F}}_{q}[x,y]$ lie in the same orbit under the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ — see Theorem 4.2. We use this fact to reduce the problem of getting a list of all hyperelliptic curves without duplicates in quasilinear time to the problem of getting a list of hyperelliptic curves with a bounded number of duplicates in quasilinear time. The second is that if one understands the cosets of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ in $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ , and if one has a list of orbit representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ acting on irreducible homogenous polynomials of degree $n$ in ${\mathbf{F}}_{q^{2}}[x,y]$ , then one can get a list of orbit representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on irreducible homogenous polynomials of degree $2n$ in ${\mathbf{F}}_{q}[x,y]$ — see Section 7.4. The point of this observation is that the number of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ orbits of irreducible degree- $n$ polynomials over ${\mathbf{F}}_{q^{2}}$ is on the order of $q^{2n-6}$ , while the number of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbits of degree- $2n$ polynomials over ${\mathbf{F}}_{q}$ is roughly $q^{2n-3}$ , so the former is easier to compute than the latter.

The algorithm for enumerating hyperelliptic curves that we present is designed for simplicity of argument, rather than for efficiency of computation. In Section 8 we describe modifications that will make the algorithm more efficient, and in Section 9 we present even more details and timings for the case of genus $2$ and genus $3$ .

An obvious issue with our algorithm, as we present it here, is that it requires $O(q^{2g-1})$ space. This is because our initial computations often produce some duplicate entries, and we eliminate these duplicates by collecting all the output, computing some invariants, and then discarding entries whose invariants have already been seen. In a followup paper [9], we show how it is possible to modify the techniques presented here in order to get a quasilinear time algorithm for computing genus- $g$ hyperelliptic curves over ${\mathbf{F}}_{q}$ that only requires $O(\log q)$ space. Our implementation of the genus- $2$ case of the algorithm from the present paper uses a basic version of the ideas from [9], and it would not be hard to modify the genus- $2$ code we provide in [10] so that it requires only $O(q)$ space.

We start by considering various reductions, special cases, and lemmas. In Section 2 we show that enumerating hyperelliptic curves of genus $g$ over a finite field $k$ of odd characteristic can be reduced to enumerating Galois-stable sets of $2g+2$ elements of ${\mathbf{P}}^{1}(\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}})$ up to the natural action of $\operatorname{PGL}_{2}(k)$ . The rest of the paper is therefore concerned mostly with the latter problem, which we solve for all finite fields, not just those of odd characteristic. In Section 3 we prove Theorem 1.2, as well as similar results for quartics with one or two irreducible quadratic factors and generalizations to characteristic $2$ . In Section 4 we introduce an invariant for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbits of monic irreducible homogeneous bivariate polynomials of degree $n\geq 4$ over ${\mathbf{F}}_{q}$ , and we use it to provide a very straightforward algorithm for giving a complete set of unique representatives for these orbits in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-2})$ . In Sections 5 and 6 we give an explicit enumeration of a complete set of unique representatives for the cosets of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ in $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{p}})$ for primes $p$ . The case $p=2$ is the key result needed for the most difficult case of our algorithm to enumerate hyperelliptic curves. In Section 7 we use the results of the earlier sections to present a collection of algorithms that, together, give a complete set of unique representatives for the $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbits of Galois stable sets of ${2g+2}$ elements of ${\mathbf{P}}^{1}(\overline{{\mathbf{F}}}_{q})$ . We close with Sections 8 and 9, described above.

For many of our algorithms we require an easily computable total ordering of the elements of ${\mathbf{F}}_{q}$ or of polynomials in ${\mathbf{F}}_{q}[x]$ or in ${\mathbf{F}}_{q}[x,y]$ . We will always denote such an ordering by “ $<$ ” and we leave the reader to choose their favorite one. Also, if the proof of a proposition is clear, we indicate that the proof will be skipped by including an end-of-proof mark in the statement of the result.

Acknowledgements

I am grateful to the referees for ANTS, who provided helpful feedback that improved this paper.

2. Hyperelliptic curves and Weierstrass points

We begin by setting some general notation. Given a finite field $k$ , let $R$ be the graded polynomial ring $k[x,y]$ , with the grading given by the degree. For each $n$ let $R_{n}$ be the set of homogeneous polynomials in $R$ of degree $n$ and let $R_{\textup{hom}}$ be the union of the $R_{n}$ . We say that $f\in R_{\textup{hom}}$ is monic if $f(x,1)$ is monic as a univariate polynomial, and we say that $f$ is separable if in $\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}}[x,y]$ it can be written as a constant times a product of distinct monic linear factors. We say that $\alpha\in\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}}$ is a root of $f$ if $f(\alpha,1)=0$ , and that ${[\alpha\,{:}\,\beta]}\in{\mathbf{P}}^{1}(\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}})$ is a zero of $f$ if $f(\alpha,\beta)=0$ .

We also define a left action of $\operatorname{PGL}_{2}(k)$ on $R_{\textup{hom}}/k^{\times}$ as follows. If $\Gamma$ is an element of $\operatorname{PGL}_{2}(k)$ represented by a matrix $M\colonequals\bigl{[}\begin{smallmatrix}a&b\\ c&d\end{smallmatrix}\bigr{]}$ and if $f$ lies in $R_{\textup{hom}}$ , we define $\Gamma(f\bmod k^{\times})$ to be the class in $R_{\textup{hom}}/k^{\times}$ of $f(dx-by,-cx+ay)$ .

Every class of $R_{\textup{hom}}/k^{\times}$ contains a unique monic element, and we define an action of $\operatorname{PGL}_{2}(k)$ on the monic elements of $R_{\textup{hom}}$ by writing $\Gamma(f)=g$ when $g$ is the monic element of $\Gamma(f\bmod k^{\times})$ . If $\Gamma$ is represented by a matrix $M\colonequals\bigl{[}\begin{smallmatrix}a&b\\ c&d\end{smallmatrix}\bigr{]}$ and if $\Gamma(f)=g$ , then $f(dx-by,-cx+ay)=eg(x,y)$ for some $e\in k^{\times}$ , and if we choose a different matrix to represent $\Gamma$ , then the constant $e$ will be multiplied by an $n$ th power. When $n$ is even, the class of $e$ in $k^{\times}/k^{\times 2}$ therefore depends only on $\Gamma$ , and we denote this square class by $s_{\Gamma,f}$ .

Given a separable polynomial $f\in R_{\textup{hom}}$ , we let $\operatorname{Zeros}(f)$ denote the set of zeros of $f$ in ${\mathbf{P}}^{1}(\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}})$ , so that $\operatorname{Zeros}(f)$ consists of the roots of $f$ under the usual inclusion $\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}}\subset{\mathbf{P}}^{1}(\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}})$ given by $\alpha\mapsto{[\alpha\,{:}\,1]}$ , together with $\infty\colonequals{[1\,{:}\,0]}\in{\mathbf{P}}^{1}(\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}})$ if $f$ is divisible by $y$ . For every integer $n\geq 0$ we let $\operatorname{Sym}^{n}(k)$ denote the set of all Galois-stable sets of $n$ distinct points in ${\mathbf{P}}^{1}(\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}})$ , so that the natural action of $\operatorname{PGL}_{2}(k)$ on ${\mathbf{P}}^{1}(\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}})$ leads to an action of $\operatorname{PGL}_{2}(k)$ on $\operatorname{Sym}^{n}(k)$ . We see that $\operatorname{Zeros}$ gives us a bijection between the set of monic separable polynomials in $R_{n}$ and the set $\operatorname{Sym}^{n}(k)$ , and we check that $\operatorname{Zeros}(\Gamma(f))=\Gamma(\operatorname{Zeros}(f))$ for all $f\in R_{\textup{hom}}$ .

Our goal in this paper is to produce an algorithm to enumerate hyperelliptic curves of a given genus $g$ over finite fields $k$ of odd characteristic. As a first step, we reduce this problem to the problem of computing representatives for all $\operatorname{PGL}_{2}(k)$ orbits of $\operatorname{Sym}^{n}(k)$ , where $n=2g+2$ .

Let $k$ be a finite field of odd characteristic and let $C$ be a hyperelliptic curve over $k$ , that is, a curve of genus $g>1$ with a degree- $2$ map to a curve of genus $0$ . Every genus- $0$ curve over a finite field is isomorphic to ${\mathbf{P}}^{1}$ , and since our $k$ has odd characteristic $C$ can be written in the form $z^{2}=\tilde{f}$ , where $\tilde{f}\in k[x]$ is a separable polynomial of degree $2g+1$ or $2g+2$ . We can rewrite this as a model $z^{2}=f(x,y)$ in weighted projective space by homogenizing $\tilde{f}$ into a polynomial $f\in R_{2g+2}$ ; here we give the coordinates $x$ and $y$ weight $1$ and the coordinate $z$ weight $g+1$ . Then the map ${[x\,{:}\,y\,{:}\,z]}\mapsto{[x\,{:}\,y]}$ gives the double cover $C\to{\mathbf{P}}^{1}$ , and the points of ${\mathbf{P}}^{1}$ that ramify in this map are exactly the elements of $\operatorname{Zeros}(f)$ . If $C_{1}$ and $C_{2}$ are two hyperelliptic curves, given by equations $z^{2}=f_{1}$ and $z^{2}=f_{2}$ , then every isomorphism from $C_{1}$ to $C_{2}$ can be written in the form

{[x\,{:}\,y\,{:}\,z]}\mapsto{[ax+by\,{:}\,{cx+dy}\,{:}\,ez]}\,,

where $ad-bc$ and $e$ are nonzero, and where

(1)

e^{2}f_{1}(x,y)=f_{2}(ax+by,cx+dy)\,;

see [17, Corollary 7.4.33]. Then $e^{2}f_{1}(dx-by,-cx+ay)=(ad-bc)^{2g+2}f_{2}(x,y)$ , so we see that $f_{2}\bmod k^{\times}=\Gamma(f_{1}\bmod k^{\times})$ , where $\Gamma\in\operatorname{PGL}_{2}(k)$ is the element represented by the matrix $M\colonequals\bigl{[}\begin{smallmatrix}a&b\\ c&d\end{smallmatrix}\bigr{]}$ . Thus, if $C_{1}$ and $C_{2}$ are isomorphic, the element $\Gamma$ of $\operatorname{PGL}_{2}(k)$ takes the ramification points of $C_{1}\to{\mathbf{P}}^{1}$ to the ramification points of $C_{2}\to{\mathbf{P}}^{1}$ . Conversely, if $\bigl{[}\begin{smallmatrix}a&b\\ c&d\end{smallmatrix}\bigr{]}\in\operatorname{PGL}_{2}(k)$ takes the ramification points of $C_{1}\to{\mathbf{P}}^{1}$ to the ramification points of $C_{2}\to{\mathbf{P}}^{1}$ , then there is an $e\in\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}}$ , with $e^{2}\in k$ , that makes (1) hold. If $e$ lies in $k$ , we have an isomorphism between $C_{1}$ and $C_{2}$ ; if $e$ does not lie in $k$ , we have an isomorphism between $C_{1}$ and the quadratic twist of $C_{2}$ , that is, the curve $y^{2}=\nu f_{2}$ , where $\nu$ is a nonsquare in $k$ . (In general, a twist of a curve $C$ over a finite field $k$ is another curve over $k$ that becomes isomorphic to $C$ when the base field is extended to an algebraic closure of $k$ . Twists of $C$ correspond to elements of the cohomology set $H^{1}(\operatorname{Gal}(\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}}/k),\operatorname{Aut}_{\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}}}C)$ — see [21, §III.1.3] — and by “the quadratic twist” of a hyperelliptic curve we mean the twist corresponding to the cocycle that sends the Frobenius element of $\operatorname{Gal}(\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}}/k)$ to the hyperelliptic involution. Note that sometimes the quadratic twist may in fact be the trivial twist.)

Thus, we have a map from the set of isomorphism classes of genus- $g$ hyperelliptic curves over $k$ to the set of $\operatorname{PGL}_{2}(k)$ orbits of $\operatorname{Sym}^{n}(k)$ , where $n=2g+2$ . This map is clearly surjective, and the $\operatorname{PGL}_{2}(k)$ orbit of an element $A$ of $\operatorname{Sym}^{n}(k)$ has at most two preimages in the set of isomorphism classes of hyperelliptic curves: the isomorphism classes of $y^{2}=f$ and of $y^{2}=\nu f$ , where $f$ is the unique monic polynomial with $\operatorname{Zeros}(f)=A$ and where $\nu$ is a nonsquare in $k$ . (We say “at most two” preimages because, as we noted above, these two curves may be isomorphic to one another.)

Whether an element $A$ of $\operatorname{Sym}^{n}(k)$ has one or two preimages is easy to determine: Let $f\in R_{n}$ be the unique monic polynomial with $\operatorname{Zeros}(f)=A$ . Compute all elements $\Gamma$ of $\operatorname{PGL}_{2}(k)$ that take the set $A$ to itself; at worst this takes time ${O(n(n-1)(n-2))}$ , and since $n$ is fixed in our context, this is $O(1)$ operations. For each such $\Gamma$ compute the element $s_{\Gamma,f}$ of $k^{\times}/k^{\times 2}$ . If any of these elements is nontrivial, then the curve $y^{2}=f$ is isomorphic to its twist $y^{2}=\nu f$ . (Compare to [20, Lemma 1.2].)

This shows that if we can compute a complete set of unique representatives for the orbits of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on $\operatorname{Sym}^{2g+2}({\mathbf{F}}_{q})$ in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{2g-1})$ , we can also compute a complete set of unique representatives for the hyperelliptic curves of genus $g$ over ${\mathbf{F}}_{q}$ in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{2g-1})$ . Thus, for the rest of this paper we focus on enumerating the $\operatorname{PGL}_{2}(k)$ orbits of $\operatorname{Sym}^{n}(k)$ , for $n=2g+2$ . In particular, for our application to enumerating hyperelliptic curves we only need to consider even $n$ that are at least $6$ . The algorithms that we present for the latter problem work for all finite fields, not just those of odd characteristic.

Remark 2.1.

Over a finite field ${\mathbf{F}}_{q}$ of characteristic $2$ there are still roughly $2q^{2g-1}$ hyperelliptic curves of genus $g$ , but it is much easier to enumerate them in quasilinear time than it is in odd characteristic, because the ramification divisor of the hyperelliptic structure map $C\to{\mathbf{P}}^{1}$ is supported on at most $g+1$ points. Enumerating the possible ramification divisors up to the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{2g-1})$ is therefore much simpler than in odd characteristic, and enumerating the curves with a given ramification divisor is relatively straightforward. The algorithm of Xarles [24] follows this outline; it has been implemented by him in genus $4$ , by Dragutinović [6] in genus $5$ , and by Huang, Kedlaya, and Lau [12] in genus $6$ .

3. Results for quartic polynomials

In this section we prove Theorem 1.2. We also prove similar results that give complete sets of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on monic homogeneous quartics that have one or two irreducible quadratic factors, and we state generalizations to finite fields of characteristic $2$ . We begin with an elementary lemma.

Lemma 3.1.

Let $k$ be a field and let $a$ , $b$ , $c$ , and $d$ be distinct elements of ${\mathbf{P}}^{1}(k)$ . Then there is a unique element of $\operatorname{PGL}_{2}(k)$ that swaps $a$ with $b$ and $c$ with $d$ , and this element is an involution.

Proof.

An element of $\operatorname{PGL}_{2}(k)$ is determined by where it sends three distinct elements of ${\mathbf{P}}^{1}(k)$ , so the uniqueness is automatic, and we need only prove existence. By using the action of $\operatorname{PGL}_{2}(k)$ , we see that it suffices to prove the lemma in the case where $a=\infty$ , $b=0$ , and $c=1$ . Then the element $\bigl{[}\begin{smallmatrix}0&d\\ 1&0\end{smallmatrix}\bigr{]}$ of $\operatorname{PGL}_{2}(k)$ is an involution that swaps $a$ with $b$ and $c$ with $d$ . ∎

Corollary 3.2.

Let $q$ be a prime power and let $\alpha$ , $\beta$ , $\gamma$ , and $\delta$ be distinct elements of $\overline{{\mathbf{F}}}_{q}$ such that $\{\{\alpha,\beta\},\{\gamma,\delta\}\}=\{\{\alpha^{q},\beta^{q}\},\{\gamma^{q},\delta^{q}\}\}\,.$ Then there is a unique element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that swaps $\alpha$ with $\beta$ and $\gamma$ with $\delta$ , and this element is an involution.

Proof.

Let $\Gamma\in\operatorname{PGL}_{2}(\overline{{\mathbf{F}}}_{q})$ be the involution that swaps $\alpha$ with $\beta$ and $\gamma$ with $\delta$ . Then $\Gamma^{(q)}$ , by which we mean the element of $\operatorname{PGL}_{2}(\overline{{\mathbf{F}}}_{q})$ obtained by taking a representative matrix for $\Gamma$ and replacing all of its entries by their $q$ th powers, is also an involution that swaps $\alpha$ with $\beta$ and $\gamma$ with $\delta$ , because of the equality of sets in our hypothesis. By the uniqueness property in Lemma 3.1, it follows that $\Gamma^{(q)}=\Gamma$ in $\operatorname{PGL}_{2}(\overline{{\mathbf{F}}}_{q})$ , from which we see that $\Gamma$ actually lies in $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ . ∎

Proof of Theorem 1.2.

First we show that every monic irreducible quartic in ${\mathbf{F}}_{q}[x]$ can be transformed into one of the quartics in the statement of the theorem; this is equivalent to showing that every irreducible quartic has a root in ${\mathbf{F}}_{q^{4}}$ that can be moved by $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ to an element of the set $S_{4}$ from the theorem.

In the statement of the theorem we chose an element $\rho$ of ${\mathbf{F}}_{q^{2}}\setminus{\mathbf{F}}_{q}$ with $\rho^{2}\in{\mathbf{F}}_{q}$ . Let $\nu=\rho^{2}$ , so that $\nu$ is a nonsquare in ${\mathbf{F}}_{q}$ .

Let $f$ be an irreducible quartic in ${\mathbf{F}}_{q}[x]$ , let $\alpha$ be a root of $f$ in ${\mathbf{F}}_{q^{4}}$ , and set $\alpha_{1}\colonequals\alpha$ , $\alpha_{2}\colonequals\alpha_{1}^{q}$ , $\alpha_{3}\colonequals\alpha_{2}^{q}$ , and $\alpha_{4}\colonequals\alpha_{3}^{q}$ . By Corollary 3.2 there is a unique involution $\Gamma$ in $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that swaps $\alpha_{1}$ with $\alpha_{3}$ and $\alpha_{2}$ with $\alpha_{4}$ . We refer to this as the involution associated to $f$ .

Let $\Phi$ be an element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ . Then the involution associated to $\Phi(f)$ is $\Phi\Gamma\Phi^{-1}$ . Since every involution in $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ is conjugate either to $\bigl{[}\begin{smallmatrix}0&1\\ 1&0\end{smallmatrix}\bigr{]}$ or $\bigl{[}\begin{smallmatrix}0&\nu\\ 1&0\end{smallmatrix}\bigr{]}$ , we can choose $\Phi$ so that $\Phi\Gamma\Phi^{-1}$ is one of these two standard involutions. Now we replace $f$ with $\Phi(f)$ , $\alpha$ with $\Phi(\alpha)$ , and $\Gamma$ with $\Phi\Gamma\Phi^{-1}$ .

Suppose $\Gamma=\bigl{[}\begin{smallmatrix}0&1\\ 1&0\end{smallmatrix}\bigr{]}$ . The subgroup of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that stabilizes $\Gamma$ under conjugation is

H_{1}\colonequals\Biggl{\{}\begin{bmatrix}a&b\\ b&a\end{bmatrix}\ \bigg{|}\ a^{2}\neq b^{2}\Biggr{\}}\cup\Biggl{\{}\begin{bmatrix}-a&-b\\ \phantom{-}b&\phantom{-}a\end{bmatrix}\ \bigg{|}\ a^{2}\neq b^{2}\Biggr{\}}\,.

We would like to apply an element of $H_{1}$ to $\alpha$ , and if necessary replace $\alpha$ with one of its conjugates, to put $\alpha$ into a standard form. We accomplish this by considering the function ${\mathbf{P}}^{1}({\mathbf{F}}_{q^{4}})\to{\mathbf{P}}^{1}({\mathbf{F}}_{q^{4}})$ given by applying the element $\Psi\colonequals\bigl{[}\begin{smallmatrix}\phantom{-}1&1\\ -1&1\end{smallmatrix}\bigr{]}$ of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ . Since $\Psi$ conjugates $\Gamma$ to the involution $\bigl{[}\begin{smallmatrix}-1&0\\ \phantom{-}0&1\end{smallmatrix}\bigr{]}$ , we see that ${\Psi(\alpha)^{q^{2}}=-\Psi(\alpha)}$ . This shows that $\Psi(\alpha)^{q^{2}-1}=-1$ , so the multiplicative order of $\Psi(\alpha)$ is even and divides $2(q^{2}-1)$ . It follows that we may write $\Psi(\alpha)=\gamma^{i}$ for some odd integer $i$ with $0<i<2(q^{2}-1)$ .

Let

H_{1}^{\prime}\colonequals\Psi H_{1}\Psi^{-1}=\Biggl{\{}\begin{bmatrix}a&0\\ 0&1\end{bmatrix}\ \bigg{|}\ a\in{\mathbf{F}}_{q}^{\times}\Biggr{\}}\cup\Biggl{\{}\begin{bmatrix}0&a\\ 1&0\end{bmatrix}\ \bigg{|}\ a\in{\mathbf{F}}_{q}^{\times}\Biggr{\}}\,.

Then applying an element of $H_{1}$ to $\alpha$ corresponds to applying an element of $H_{1}^{\prime}$ to $\Psi(\alpha)$ , and the elements of $H_{1}^{\prime}$ either multiply $\Psi(\alpha)$ by an element of ${\mathbf{F}}_{q}^{\times}$ or replace $\Psi(\alpha)$ with its inverse times an element of ${\mathbf{F}}_{q}^{\times}$ . Since the elements of ${\mathbf{F}}_{q}^{\times}$ are the powers of $\gamma^{2(q+1)}$ , these two actions show that there is a $\Phi^{\prime}\in H_{1}^{\prime}$ such that $\Phi^{\prime}(\Psi(\alpha))=\gamma^{i}$ for an odd integer $i$ with $0<i<q+1$ . If we let $\Phi=\Psi^{-1}\Phi^{\prime}\Psi\in H_{1}$ and replace $\alpha$ with $\Phi(\alpha)$ , we find that $\Psi(\alpha)=\gamma^{i}$ for this $i$ .

Finally, replacing $\alpha$ with $\alpha^{q}$ has the effect of replacing $i$ with $iq$ . If we write $i=2h+1$ we see that

iq\equiv 2hq+q\equiv-2h+q\equiv-(2h+1)+(q+1)\equiv q+1-i\bmod 2(q+1)\,,

so by replacing $\alpha$ with its conjugate $\alpha^{q}$ , if necessary, and then modifying the new $\alpha$ by an element of $H_{1}$ , we find that we may assume that $0<i\leq(q+1)/2$ .

We see that every irreducible quartic whose associated involution is $\bigl{[}\begin{smallmatrix}0&1\\ 1&0\end{smallmatrix}\bigr{]}$ has a root in the $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit of $\Psi^{-1}(\gamma^{i})=(\gamma^{i}-1)/(\gamma^{i}+1)$ , for some odd $i$ with $0<i\leq(q+1)/2$ . Moreover, from our analysis it is clear that different values of $i$ in this range produce quartics in distinct $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbits.

Next, suppose the involution associated with a quartic $f$ is $\Gamma=\bigl{[}\begin{smallmatrix}0&\nu\\ 1&0\end{smallmatrix}\bigr{]}$ . The subgroup of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that stabilizes $\Gamma$ under conjugation is

H_{\nu}\colonequals\Biggl{\{}\begin{bmatrix}a&b\nu\\ b&a\end{bmatrix}\ \bigg{|}\ a^{2}\neq\nu b^{2}\Biggr{\}}\cup\Biggl{\{}\begin{bmatrix}-a&-b\nu\\ \phantom{-}b&\phantom{-}a\end{bmatrix}\ \bigg{|}\ a^{2}\neq\nu b^{2}\Biggr{\}}\,.

As before, we would like to apply an element of $H_{\nu}$ to $\alpha$ , and if necessary replace $\alpha$ with one of its conjugates, to put $\alpha$ into a standard form. This time we consider the function ${\mathbf{P}}^{1}({\mathbf{F}}_{q^{4}})\to{\mathbf{P}}^{1}({\mathbf{F}}_{q^{4}})$ given by applying the element $\Psi\colonequals\bigl{[}\begin{smallmatrix}\phantom{-}1&\rho\\ -1&\rho\end{smallmatrix}\bigr{]}$ of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ , where $\rho$ is the element of ${\mathbf{F}}_{q^{2}}$ chosen in the statement of the theorem and $\nu=\rho^{2}$ . Then $\Psi$ conjugates $\Gamma$ to the involution $\bigl{[}\begin{smallmatrix}-1&0\\ \phantom{-}0&1\end{smallmatrix}\bigr{]}$ , and once again we have $\Psi(\alpha)^{q^{2}}=-\Psi(\alpha)$ . As before, we see that $\Psi(\alpha)^{q^{2}-1}=-1$ , so $\Psi(\alpha)$ has multiplicative order dividing $2(q^{2}-1)$ . Once again we may write $\Psi(\alpha)=\gamma^{i}$ for some odd integer $i$ with $0<i<2(q^{2}-1)$ .

Let $H_{\nu}^{\prime}\colonequals\Psi H_{\nu}\Psi^{-1}$ and let $N$ be the kernel of the norm map from ${\mathbf{F}}_{q^{2}}^{\times}$ to ${\mathbf{F}}_{q}^{\times}$ . We check that

H_{\nu}^{\prime}=\Biggl{\{}\begin{bmatrix}a&0\\ 0&1\end{bmatrix}\ \bigg{|}\ a\in N\Biggr{\}}\cup\Biggl{\{}\begin{bmatrix}0&a\\ 1&0\end{bmatrix}\ \bigg{|}\ a\in N\Biggr{\}}\,.

Then applying an element of $H_{\nu}$ to $\alpha$ corresponds to applying an element of $H_{\nu}^{\prime}$ to $\Psi(\alpha)$ , and the elements of $H_{\nu}^{\prime}$ either multiply $\Psi(\alpha)$ by an element of $N$ or replace $\Psi(\alpha)$ with its inverse times an element of $N$ .

The elements of $N$ are the powers of $\gamma^{2(q-1)}$ , so arguing as before we find that we may replace $\alpha$ with $\Phi(\alpha)$ for some $\Phi\in H_{\nu}$ so that $\Psi(\alpha)=\gamma^{i}$ for an odd $i$ with $0<i<q-1$ . We check that $\Psi(\alpha^{q})=1/\Psi(\alpha)^{q}$ , so replacing $\alpha$ with $\alpha^{q}$ has the effect of replacing $i$ with $-iq$ . If we write $i=2h-1$ we see that

-iq\equiv-2hq+q\equiv-2h+q\equiv(-2h+1)+(q-1)\equiv q-1-i\bmod 2(q-1)\,,

so by replacing $\alpha$ with its conjugate $\alpha^{q}$ , if necessary, we find that we may assume that $0<i\leq(q-1)/2$ .

We see that every irreducible quartic whose associated involution is $\bigl{[}\begin{smallmatrix}0&\nu\\ 1&0\end{smallmatrix}\bigr{]}$ has a root in the $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit of $\Psi^{-1}(\gamma^{i})=\rho(\gamma^{i}-1)/(\gamma^{i}+1)$ , for some odd $i$ with $0<i\leq(q-1)/2$ , and different values of $i$ in this range give irreducible quartics that are not equivalent to one another under the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ . ∎

Remark 3.3.

For a separable quartic $f=x^{4}+ax^{3}y+bx^{2}y^{2}+cxy^{3}+dy^{4}$ , we let $j(f)$ denote the $j$ -invariant of the Jacobian of the genus- $0$ curve $z^{2}=f$ . One can show that $j(f)=256(b^{2}-3ac+12d)^{3}/\Delta$ , where $\Delta$ is the discriminant of $f$ , and clearly $j(\Gamma(f))=j(f)$ for all $\Gamma\in\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ , because the curve $z^{2}=\Gamma(f)$ is geometrically isomorphic to $z^{2}=f$ . Using arguments from [8, §3], one can show that $j$ takes different values on irreducible quartics that are not in the same $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit.

For products of two distinct irreducible quadratics, we have a similar result.

Theorem 3.4.

Given an odd prime power $q$ , let $\zeta$ be a generator of ${\mathbf{F}}_{q^{2}}^{\times}$ , let $\rho$ be an element of ${\mathbf{F}}_{q^{2}}\setminus{\mathbf{F}}_{q}$ with $\rho^{2}\in{\mathbf{F}}_{q}$ , and let $\nu=\rho^{2}$ . Let

S_{22}=\{\rho(\zeta^{i}-1)/(\zeta^{i}+1)\ |\ 0<i\leq(q-1)/2\}

and let $T_{22}$ be the set of homogenized minimal polynomials of the elements of $S_{22}$ . Then the set $\{(x^{2}-\nu y^{2})g\ |\ g\in T_{22}\}$ is a complete set of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on the homogeneous quartics that factor into a product of two distinct monic irreducible quadratics.

Proof.

Let $f$ be a homogeneous quartic that factors into a product of two monic irreducible quadratics, so that the roots of $f$ are $\alpha$ , $\mathchoice{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\alpha}}$}}$ , $\beta$ , and $\mathchoice{\beta\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\beta}}$}}$ , for two elements $\alpha$ and $\beta$ in ${\mathbf{F}}_{q^{2}}$ with conjugates $\mathchoice{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\alpha}}$}}$ and $\mathchoice{\beta\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\beta}}$}}$ . We will show that there is a unique element $\sigma$ in $S_{22}$ such that the set $\{\alpha,\mathchoice{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\alpha}}$}},\beta,\mathchoice{\beta\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\beta}}$}}\}$ can be sent to $\{\rho,\mathchoice{\rho\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\rho}}$}}{\rho\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\rho}}$}}{\rho\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\rho}}$}}{\rho\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\rho}}$}},\sigma,\mathchoice{\sigma\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\sigma}}$}}{\sigma\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\sigma}}$}}{\sigma\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\sigma}}$}}{\sigma\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\sigma}}$}}\}$ by an element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ . This will be enough to prove the theorem.

By replacing $f$ with its image under an element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ we may assume that $\alpha=\rho$ . The subgroup of $\operatorname{PGL}_{q}({\mathbf{F}}_{q})$ that fixes the set $\{\rho,\mathchoice{\rho\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\rho}}$}}{\rho\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\rho}}$}}{\rho\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\rho}}$}}{\rho\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\rho}}$}}\}$ is the group $H_{\nu}$ from the proof of Theorem 1.2. Let $\Psi\colonequals\bigl{[}\begin{smallmatrix}\phantom{-}1&\rho\\ -1&\rho\end{smallmatrix}\bigr{]}$ . Arguing as in the proof of Theorem 1.2 we find that there is a unique element $\Gamma$ of $H_{\nu}$ so that we can write $\Psi(\Gamma(\beta))$ as $\zeta^{i}$ for an integer $i$ with $0<i\leq(q-1)/2$ .

Since by Corollary 3.2 there is an element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that swaps $\alpha$ and $\mathchoice{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\alpha}}$}}$ with $\beta$ and $\mathchoice{\beta\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\beta}}$}}$ , we would have gotten the same value of $i$ if we had normalized $\beta$ and $\mathchoice{\beta\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\beta}}$}}{\beta\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\beta}}$}}$ to be $\rho$ and $\mathchoice{\rho\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\rho}}$}}{\rho\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\rho}}$}}{\rho\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\rho}}$}}{\rho\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\rho}}$}}$ at the beginning of our argument, instead of $\alpha$ and $\mathchoice{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm\alpha}}$}}{\alpha\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm\alpha}}$}}$ . Thus the value of $i$ we obtain truly depends only on the $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit of $f$ .

This shows that we may assume that $\beta=\Psi^{-1}(\zeta^{i})$ is an element of $S_{2}$ , and different elements of $S_{2}$ correspond to different $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbits. The theorem follows. ∎

Remark 3.5.

If $f$ is a homogeneous quartic in ${\mathbf{F}}_{q}[x,y]$ that can be factored into the product of two monic irreducible quadratics $x^{2}+sxy+ty^{2}$ and $x^{2}+uxy+vy^{2}$ , we define

\mu(f)\colonequals\frac{(su-2t-2v)^{2}}{(s^{2}-4t)(u^{2}-4v)}\,,

and we check that $j(f)=64(\mu(f)+3)^{3}/(\mu(f)-1)^{2}$ , where $j(f)$ is as in Remark 3.3. Note that $\mu(f)$ is a square, because the two factors in the denominator are the discriminants of the irreducible factors of $f$ .

We leave it to the reader to check that for $f$ of this form we have $\mu(\Gamma(f))=\mu(f)$ for every $\Gamma\in\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ , so $\mu$ is an invariant of the $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbits of such quartics. Given any square $d$ in ${\mathbf{F}}_{q}$ other than $1$ , we check that a quartic $f\colonequals(x^{2}-\nu y^{2})(x^{2}+uxy+vy^{2})$ satisfies $\mu(f)=d$ if and only if $(u,v)$ lies on a certain nonsingular conic. Nonsingular conics over finite fields have rational points not on the line at infinity, so there are values of $u$ and $v$ that give a quartic for which $\mu$ attains the value $d$ . Since $\mu$ attains $(q-1)/2$ different values, $\mu$ must take different values on the $(q-1)/2$ orbits of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on products of irreducible quadratics.

One can show that $\mu$ is derived from a modular function that parametrizes pairs $(E,P)$ , where $E$ is an elliptic curve and $P$ is a point of order $2$ . For products $f_{1}f_{2}$ of two irreducible quadratics, the elliptic curve is the Jacobian of the curve $C\colon z^{2}=f_{1}f_{2}$ , and the point of order $2$ is represented by the degree- $0$ divisor on $C$ whose double is the divisor of $f_{1}/f_{2}$ .

We also have a similar result for quartics with exactly one irreducible quadratic factor, which works in all characteristics.

Theorem 3.6.

Given a prime power $q$ , let $\zeta$ be a generator of ${\mathbf{F}}_{q^{2}}^{\times}$ . Let

S_{211}=\{\zeta^{i}\ |\ 0<i\leq(q+1)/2\}

and let $T_{211}$ be the set of homogenized minimal polynomials of the elements of $S_{211}$ . Then the set $\{xyg\ |\ g\in T_{211}\}$ is a complete set of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on the monic separable homogeneous quartics that have exactly one irreducible quadratic factor.

Proof.

The proof follows the same lines as that of Theorem 3.4, but is much simpler. We move the two rational roots of $f$ to $0$ and $\infty$ , and then show that up to scaling and inversion, every element of ${\mathbf{F}}_{q^{2}}\setminus{\mathbf{F}}_{q}$ has a unique representative in $S_{211}$ . We leave the details to the reader. ∎

Remark 3.7.

The function $\mu$ defined in Remark 3.5 can be extended to monic separable quartics with exactly one irreducible quadratic factor; when the two zeros of $f$ in ${\mathbf{P}}^{1}({\mathbf{F}}_{q})$ are finite we can use the same formula as before, and when $f=y(x-by)(x^{2}+ux+v)$ we can define $\mu(f)=(u+2b)^{2}/(u^{2}-4v)$ . Once again, $\mu$ depends only on the $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit of its argument. On quartics of this type, the set of values attained by $\mu$ is the set of nonsquares in ${\mathbf{F}}_{q}$ together with $0$ . Thus, $\mu$ distinguishes $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbits of such quartics from one another.

Theorem 3.6 applies to all finite fields, while Theorems 1.2 and 3.4 require the characteristic to be odd. The following theorem generalizes the latter two results to characteristic $2$ . The proof is analogous to those of the earlier theorems, but is made much simpler by the fact that in this case every involution in $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ is conjugate to $\bigl{[}\begin{smallmatrix}1&1\\ 0&1\end{smallmatrix}\bigr{]}$ . We leave the details to the reader.

Theorem 3.8.

Let $q$ be a power of $2$ , let $A$ be the set of elements of ${\mathbf{F}}_{q}$ of absolute trace $1$ , and let $\nu$ be an element of $A$ . Then the set

\bigl{\{}(x^{4}+x^{2}y^{2})+a(x^{2}y^{2}+xy^{3})+a^{2}\nu y^{4}\ |\ a\in A\bigr{\}}

is a complete set of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on the monic irreducible homogeneous quartics over ${\mathbf{F}}_{q}$ , and the set

\bigl{\{}(x^{2}+xy+\nu y^{2})(x^{2}+xy+ay^{2})\ |\ a\in A,a\neq\nu\bigr{\}}

is a complete set of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on the homogeneous quartics over ${\mathbf{F}}_{q}$ that can be written as the product of two distinct monic irreducible quadratics.∎

Remark 3.9.

Theorems 1.2, 3.4, 3.6, and 3.8 lead to quasilinear-time algorithms to give complete sets of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on the various types of quartics discussed in the theorems. The only difficulty is obtaining a primitive element $\zeta$ for ${\mathbf{F}}_{q^{2}}$ in Theorems 3.4 and 3.6 and an element $\gamma$ of order $2(q^{2}-1)$ in ${\mathbf{F}}_{q^{4}}$ for Theorem 1.2. But primitive elements for ${\mathbf{F}}_{q^{2}}$ can be determined deterministically in time $O(q^{1/2+\varepsilon})$ for every $\varepsilon>0$ (see [23]), and the $\gamma$ required for Theorem 1.2 can be obtained by taking the square root in ${\mathbf{F}}_{q^{4}}$ of a primitive element for ${\mathbf{F}}_{q^{2}}$ .

In quasilinear time we can also create a table of size $O(q)$ that we can use to invert the function $\mu$ , which gives us a way to compute the orbit representatives of quartics with one or two irreducible quadratic factors. The function $\mu$ does not reduce well modulo $2$ , but the function $(\mu-1)/4$ does; the corresponding function takes a product $(x^{2}+sxy+ty^{2})(x^{2}+uxy+vy^{2})$ in characteristic $2$ to $((t+v)^{2}+(s+u)(sv+tu))/(su)^{2}$ .

4. An invariant for irreducible polynomials over finite fields

In this section we define an easily computable invariant²²2Classically, an invariant on the set $R_{n}\subset k[x,y]$ of homogeneous bivariate polynomials of degree $n$ is a function $R_{n}\to k$ that is constant on $\operatorname{PGL}_{2}(k)$ orbits. We use the term more generally here, and simply mean a function from $R_{n}$ to any set that is constant on $\operatorname{PGL}_{2}(k)$ orbits. for monic irreducible homogeneous bivariate polynomials of arbitrary degree $n\geq 4$ over a finite field ${\mathbf{F}}_{q}$ under the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ mentioned in Section 2. The invariant is based on the classical cross ratio, which is the function that assigns to an ordered quadruple $(P_{1},P_{2},P_{3},P_{4})$ of distinct elements of ${\mathbf{P}}^{1}(\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}})$ the element $\alpha\in\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}}$ for which ${\Gamma(P_{4})={[\alpha\,{:}\,1]}}$ , where $\Gamma$ is the unique element of $\operatorname{PGL}_{2}(\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}})$ that sends $P_{1}$ to $\infty$ , $P_{2}$ to $0$ , and $P_{3}$ to $1$ . It follows that the cross ratio is constant on the orbits of the diagonal action of $\operatorname{PGL}_{2}(\mathchoice{k\hbox to0.0pt{\hss$\overline{\phantom{\displaystyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\textstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptstyle\rm k}}$}}{k\hbox to0.0pt{\hss$\overline{\phantom{\scriptscriptstyle\rm k}}$}})$ on such quadruples, and takes distinct values on distinct orbits. (Compare to [5, Definition III.3.7] and the propositions following it.)

Definition 4.1.

Let $q$ be a prime power and let $f$ be a monic irreducible homogeneous bivariate polynomial of degree $n\geq 4$ over ${\mathbf{F}}_{q}$ . We define the cross polynomial $\operatorname{Cross}(f)$ of $f$ as follows: Let $\alpha\in{\mathbf{F}}_{q^{n}}$ be a root of $f$ , and let $\chi\in{\mathbf{F}}_{q^{n}}$ be the cross ratio of $\alpha$ , $\alpha^{q}$ , $\alpha^{q^{2}}$ , and $\alpha^{q^{3}}$ ; that is,

\chi\colonequals\frac{(\alpha^{q^{3}}-\alpha^{q})(\alpha^{q^{2}}-\alpha)}{(\alpha^{q^{3}}-\alpha)(\alpha^{q^{2}}-\alpha^{q})}\,.

Then set $\operatorname{Cross}(f)$ to be the characteristic polynomial of $\chi$ over ${\mathbf{F}}_{q}$ .

Note that the denominator of $\chi$ is nonzero, because the powers of $\alpha$ involved are four of the $n$ distinct conjugates of $\alpha$ . Also, replacing $\alpha$ with one of its conjugates results in replacing $\chi$ with a conjugate, so the characteristic polynomial remains unchanged. Thus we see that $\operatorname{Cross}(f)$ is well-defined.

Theorem 4.2.

Let $q$ be a prime power. Two monic irreducible homogenous polynomials in ${\mathbf{F}}_{q}[x,y]$ of degree at least $4$ lie in the same orbit under the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ if and only if they have the same cross polynomial.

Proof.

Suppose $f$ and $g$ are irreducible homogenous polynomials in ${\mathbf{F}}_{q}[x,y]$ of degree at least $4$ . Suppose $f$ and $g$ lie in the same $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit, say $g=\Gamma(f)$ for some $\Gamma\in\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ . Then $f$ and $g$ have the same degree, which we denote by $n$ . Let $\alpha$ be a root of $f$ in ${\mathbf{F}}_{q^{n}}$ and let $\beta=\Gamma(\alpha)$ . Then $\beta$ is a root of $g$ , and for every $i\geq 0$ we have $\beta^{q^{i}}=\Gamma(\alpha^{q^{i}})$ . In particular, the cross ratio of $\alpha$ , $\alpha^{q}$ , $\alpha^{q^{2}}$ , and $\alpha^{q^{3}}$ is equal to the cross ratio of $\beta$ , $\beta^{q}$ , $\beta^{q^{2}}$ , and $\beta^{q^{3}}$ , so $\operatorname{Cross}(f)=\operatorname{Cross}(g)$ .

Conversely, suppose $f$ and $g$ are two monic irreducible polynomials of degree at least $4$ with $\operatorname{Cross}(f)=\operatorname{Cross}(g)$ . Since a polynomial has the same degree as its cross polynomial, $f$ and $g$ have the same degree, say $n$ . Since the cross polynomials are equal, there are roots $\alpha$ of $f$ and $\beta$ of $g$ in ${\mathbf{F}}_{q^{n}}$ such that $\alpha$ , $\alpha^{q}$ , $\alpha^{q^{2}}$ , and $\alpha^{q^{3}}$ have the same cross ratio as $\beta$ , $\beta^{q}$ , $\beta^{q^{2}}$ , and $\beta^{q^{3}}$ . It follows that there is an element $\Gamma$ of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{n}})$ with $\Gamma(\alpha^{q^{i}})=\beta^{q^{i}}$ for $0\leq i\leq 3$ . In particular, we have $\Gamma(x^{q})=\Gamma(x)^{q}$ for three distinct values of $x$ , namely $\alpha$ , $\alpha^{q}$ , and $\alpha^{q^{2}}$ , so $\Gamma$ is fixed by Frobenius and therefore lies in $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ . Thus, $\Gamma$ takes every root of $f$ to a root of $g$ , so $\Gamma(f)=g$ . ∎

As an application of this invariant, we give an algorithm for creating a table of orbit representatives for irreducible polynomials of degree $n\geq 4$ in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-2})$ .

Algorithm 4.3.

Inverting the cross polynomial function.

Input:

A prime power $q$ and an integer $n\geq 4$ .
Output:

A table, indexed by the values of the cross polynomials for irreducible polynomials of degree $n$ , giving for each cross polynomial $g$ an irreducible homogeneous $f\in{\mathbf{F}}_{q}[x,y]$ of degree $n$ with $\operatorname{Cross}f=g$ .
1.

Construct a copy of ${\mathbf{F}}_{q^{n}}$ with an ${\mathbf{F}}_{q}$ -basis $(\beta_{1},\ldots,\beta_{n})$ such that $\beta_{1}$ appears with nonzero coefficient in the representation of $1$ .
2.

Set $L$ to be the empty list.
3.
For every $\alpha\in{\mathbf{F}}_{q^{n}}$ that does not lie in a proper subfield, and whose representation $(a_{1},\ldots,a_{n})$ on the given basis has $a_{1}=0$ and has $a_{i}=1$ for the first $i$ with $a_{i}\neq 0$ , do:
- (ad)
  
  Compute the homogenization $f$ of the minimal polynomial of $\alpha$ .
- (bd)
  
  Compute $\operatorname{Cross}f$ .
- (cd)
  
  Append the pair $(\operatorname{Cross}f,f)$ to $L$ .
4.

Sort $L$ .
5.

Delete every entry $(\operatorname{Cross}f,f)$ of $L$ for which the value of $\operatorname{Cross}f$ appears earlier in the list.
6.

Return $L$ .

Proposition 4.4.

Algorithm 4.3 produces correct output and runs in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-2})$ , measured in arithmetic operations in ${\mathbf{F}}_{q}$ .

Proof.

First we note that every $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit contains an $\alpha$ as in step (3). We can see this because starting with an arbitrary $\alpha\in{\mathbf{F}}_{q^{n}}$ , we can subtract an element of ${\mathbf{F}}_{q}$ to zero out the coefficient of $\beta_{1}$ , and then we can scale by an element of ${\mathbf{F}}_{q}^{\times}$ so that the first nonzero coefficient is $1$ . It follows that every orbit will have a representative included in the output, and step (5) ensures that there is only one representative given for each orbit. Thus the output is correct. Now we analyze the timing.

For fixed $n$ , Shoup’s algorithm [22] can construct a finite field ${\mathbf{F}}_{q^{n}}$ in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(\sqrt{q})$ , and in polynomial time [15] we can find an embedding of our given ${\mathbf{F}}_{q}$ into this copy of ${\mathbf{F}}_{q^{n}}$ , so step (1) can be done within the stated time bound. Because $n$ is fixed, for each $\alpha$ the values of $f$ and $\operatorname{Cross}f$ can be computed in time $O(1)$ , so creating the list $L$ takes time $O(q^{n-2})$ . Finally, sorting a list of length $O(q^{n-2})$ takes time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-2})$ (see [13, §5.2.3]). ∎

As we will see, for composite values of $n$ there is an algorithm for producing a complete set of unique representatives for the $\operatorname{PGL}_{2}(k)$ orbits of irreducible homogeneous polynomials of degree $n$ that runs in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ ; see Section 8.3. An algorithm of this time complexity that works for all $n$ is given in [9].

5. Explicit coset representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ in $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$

As part of our algorithm, we will need to have a complete set of unique representatives for the right cosets of the subgroup $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ . In this section we give an explicit set of such representatives.

Throughout this section, $q$ is a prime power, $\omega$ is an element of ${{\mathbf{F}}_{q^{2}}\setminus{\mathbf{F}}_{q}}$ , and $\gamma$ is a generator of the multiplicative group of ${\mathbf{F}}_{q^{2}}$ .

An element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ is determined by where it sends $\infty$ , $0$ , and $1$ , and given any three distinct elements of ${\mathbf{P}}^{1}({\mathbf{F}}_{q^{2}})$ , there is an element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ that sends $\infty$ , $0$ , and $1$ to those three elements. Thus, we may represent elements of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ by triples $(\zeta,\eta,\theta)$ of pairwise distinct elements of ${\mathbf{P}}^{1}({\mathbf{F}}_{q^{2}})$ , indicating the images of $\infty$ , $0$ , and $1$ . If $\Gamma$ is an element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ , then $\Gamma$ sends the element $(\zeta,\eta,\theta)$ of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ to $(\Gamma(\zeta),\Gamma(\eta),\Gamma(\theta))$ .

Proposition 5.1.

Let $B$ be the set $\{(\omega\gamma^{i}+\omega^{q})/(\gamma^{i}+1)\ |\ 0\leq i<q-1\bigr{\}}.$ The following elements give a complete set of unique coset representatives for the left action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ :

(1)

$(\infty,0,1)$ ;
(2)

$\bigl{\{}(\infty,0,\omega+a)\ |\ a\in{\mathbf{F}}_{q}\bigr{\}}$ ;
(3)

$\bigl{\{}(\infty,\omega,\theta)\ |\ \theta\in{\mathbf{F}}_{q^{2}}\text{\ with\ }\theta\neq\omega\bigr{\}}$ ;
(4)

$\bigl{\{}(\omega,\omega^{q},\theta)\ |\ \theta\in B\bigr{\}}$ ;
(5)

$\bigl{\{}(\omega,\eta,\theta)\ |\ \eta\in B,\theta\in{\mathbf{P}}^{1}({\mathbf{F}}_{q^{2}})\text{\ with\ }\theta\neq\omega\text{\ and\ }\theta\neq\eta\bigr{\}}$ .

To prove this proposition, we need the following lemma.

Lemma 5.2.

With notation as above, let $G$ be the subgroup of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that fixes the element $\omega$ . Then the set $B$ from Proposition 5.1 is a complete set of unique representatives for the left action of $G$ on ${{\mathbf{P}}^{1}({\mathbf{F}}_{q^{2}})\setminus\{\omega,\omega^{q}\}}$ .

Proof.

Let $r\colonequals\omega+\omega^{q}$ and let $s\colonequals\omega^{q+1}$ . We check that the group $G$ is equal to

G=\Biggl{\{}\begin{bmatrix}a&\phantom{a}-sb\\ b&a-rb\end{bmatrix}\ \bigg{|}\ {[a\,{:}\,b]}\in{\mathbf{P}}^{1}({\mathbf{F}}_{q})\Biggr{\}}\,.

Let $\Phi\colonequals\bigl{[}\begin{smallmatrix}-1&\phantom{-}\omega^{q}\\ \phantom{-}1&-\omega\phantom{{}^{q}}\end{smallmatrix}\bigr{]},$ so that $\Phi$ sends $\omega$ to $\infty$ and $\omega^{q}$ to $0$ . We compute that

	$\displaystyle\Phi G\Phi^{-1}$	$\displaystyle=\Biggl{\{}\begin{bmatrix}a-b\omega^{q}&0\\ 0&a-b\omega\end{bmatrix}\ \bigg{\|}\ {[a\,{:}\,b]}\in{\mathbf{P}}^{1}({\mathbf{F}}_{q})\Biggr{\}}$
		$\displaystyle=\Biggl{\{}\begin{bmatrix}(a-b\omega^{q})/(a-b\omega)&0\\ 0&1\end{bmatrix}\ \bigg{\|}\ {[a\,{:}\,b]}\in{\mathbf{P}}^{1}({\mathbf{F}}_{q})\Biggr{\}}\,.$

By Hilbert $90$ , the set of values attained by $(a-b\omega^{q})/(a-b\omega)$ is equal to the set of elements of ${\mathbf{F}}_{q^{2}}$ whose norms to ${\mathbf{F}}_{q}$ are equal to $1$ , and these elements are precisely the powers of $\gamma^{q-1}$ . Thus, the action of $\Phi G\Phi^{-1}$ on ${\mathbf{P}}^{1}({\mathbf{F}}_{q^{2}})\setminus\{\infty,0\}$ is generated by multiplication by $\gamma^{q-1}$ , and it is easy to see that the values $1,\gamma,\ldots,\gamma^{q-2}$ are orbit representatives for this action. Applying $\Phi^{-1}$ to these orbit representatives will give us orbit representatives for the action of $G$ on ${{\mathbf{P}}^{1}({\mathbf{F}}_{q^{2}})\setminus\{\omega,\omega^{q}\}}$ , and we see that $\Phi^{-1}(\gamma^{i})=(\omega\gamma^{i}+\omega^{q})/(\gamma^{i}+1)$ . ∎

Proof of Proposition 5.1.

Suppose we are given an element $(\zeta,\eta,\theta)$ of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ . We will show how to modify it by elements of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ to put it into one of the forms listed in the proposition. In the course of this demonstration, it will become clear that the elements listed in the proposition do indeed lie in different $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbits, because they are fixed by the following procedure.

Recall that $\omega$ is an element of ${\mathbf{F}}_{q^{2}}\setminus{\mathbf{F}}_{q}$ . Given a triple $\Gamma\colonequals(\zeta,\eta,\theta)$ representing an element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ , we do the following:

(1)
If $\zeta$ lies in ${\mathbf{P}}^{1}({\mathbf{F}}_{q})$ : In this case, we can apply an element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that moves $\zeta$ to $\infty$ . Our element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ can now be written $(\infty,\eta,\theta)$ , for some new values of $\eta$ and $\theta$ . We can now only apply elements of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that fix $\infty$ ; that is, we are limited to the so-called $ax+b$ group.
1. (a)
  If $\eta$ lies in ${\mathbf{F}}_{q}$ : In this case, we can use the $ax+b$ group to move $\eta$ to $0$ . Our element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ can now be written $(\infty,0,\theta)$ , for some new value $\theta$ . Now we can only apply elements of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that fix $\infty$ and $0$ ; that is, we are limited to scalar multiplication.
  1. (i)
    
    If $\theta$ lies in ${\mathbf{F}}_{q}$ : In this case, we can scale $\theta$ so that it is equal to $1$ . We obtain the element $(\infty,0,1)$ listed in part (1) of the proposition, and no further action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ is possible.
  2. (ii)
    
    If $\theta$ does not lie in ${\mathbf{F}}_{q}$ : We can write $\theta=u\omega+v$ for elements $u,v$ of ${\mathbf{F}}_{q}$ , with $u$ nonzero. There is a unique scaling that will put $\theta$ into the form $\omega+a$ . We obtain an element from part (2) of the proposition.
2. (b)
  
  If $\eta$ does not lie in ${\mathbf{F}}_{q}$ : Using the $ax+b$ group, we can move $\eta$ to $\omega$ . There is no further action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that fixes $\infty$ and $\omega$ , so $\theta$ can be any element of ${\mathbf{F}}_{q^{2}}$ other than $\omega$ . This gives us an element from part (3) of the proposition.
(2)
If $\zeta$ does not lie in ${\mathbf{P}}^{1}({\mathbf{F}}_{q})$ : In this case, $\zeta$ is an element of ${\mathbf{F}}_{q^{2}}\setminus{\mathbf{F}}_{q}$ , and we can use the $ax+b$ subgroup of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ to move $\zeta$ to $\omega$ . The only elements of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that we can apply once we have fixed $\zeta=\omega$ are the elements of the group $G$ from Lemma 5.2.
1. (a)
  
  If $\eta$ is equal to $\omega^{q}$ : If $\eta=\omega^{q}$ then the action of $G$ fixes $\eta$ . We know that $\theta$ is different from both $\omega$ and $\omega^{q}$ , so by Lemma 5.2 we can use $G$ to move $\theta$ to a unique element of the set $B$ . This gives us an element from part (4) of the proposition.
2. (b)
  
  If $\eta$ is not equal to $\omega^{q}$ : We can use $G$ to move $\eta$ to a unique element of $B$ . Once we have normalized $\eta$ in this way, there is no further action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that fixes $\omega$ and $\eta$ , so $\theta$ can be any element of ${\mathbf{P}}^{1}({\mathbf{F}}_{q^{2}})$ other than $\omega$ and $\eta$ . This gives us an element from part (5) of the proposition.

These cases enumerate all of the possibilities for our element $(\zeta,\eta,\theta)$ , so the proposition is proved. ∎

6. Explicit coset representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ in $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{p}})$

It is not necessary for proving our main theorem, but there is a result analogous to Proposition 5.1 for the cosets of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ in $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{p}})$ , where $p$ is an odd prime. As before, we represent elements of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{p}})$ as triples $(\zeta,\eta,\theta)$ of distinct elements of ${\mathbf{P}}^{1}({\mathbf{F}}_{q^{p}})$ , indicating where the given element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{p}})$ sends $\infty$ , $0$ , and $1$ .

Proposition 6.1.

Let $q$ be a prime power and let $p$ be an odd prime. Let $C$ be a set of orbit representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on ${\mathbf{F}}_{q^{p}}\setminus{\mathbf{F}}_{q}$ , let $C_{\infty}$ be a set of orbit representatives for the action of the $ax+b$ subgroup of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on ${\mathbf{F}}_{q^{p}}\setminus{\mathbf{F}}_{q}$ , and let $C_{\infty,0}$ be a set of orbit representatives for the multiplicative action of ${\mathbf{F}}_{q}^{\times}$ on ${\mathbf{F}}_{q^{p}}\setminus{\mathbf{F}}_{q}$ .

The following elements give a complete set of unique coset representatives for the left action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{p}})$ :

(1)

$(\infty,0,1)$ ;
(2)

$\bigl{\{}(\infty,0,\theta)\ |\ \theta\in C_{\infty,0}\bigr{\}}$ ;
(3)

$\bigl{\{}(\infty,\eta,\theta)\ |\ \eta\in C_{\infty},\ \theta\in{\mathbf{F}}_{q^{p}}\text{\ with\ }\theta\neq\eta\bigr{\}}$ ;
(4)

$\bigl{\{}(\zeta,\eta,\theta)\ |\ \zeta\in C,\ \eta,\theta\in{\mathbf{P}}^{1}({\mathbf{F}}_{q^{p}})\text{\ with\ }\eta\neq\zeta\text{\ and\ }\theta\neq\zeta\text{\ and\ }\theta\neq\eta\bigr{\}}$ .

Proof.

The proof is much like that of Proposition 5.1, but simpler. Suppose we are given an arbitrary $(\zeta,\eta,\theta)$ in $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{p}})$ . If $\zeta$ and $\eta$ both lie in ${\mathbf{P}}^{1}({\mathbf{F}}_{q})$ , we can move them to $\infty$ and $0$ , and then we can only modify $\theta$ by scaling by elements of ${\mathbf{F}}_{q}^{\times}$ . If $\theta$ lies in ${\mathbf{F}}_{q}$ we get case (1), and if not we get case (2).

If $\zeta$ lies in ${\mathbf{P}}^{1}({\mathbf{F}}_{q})$ but $\eta$ does not, we move $\zeta$ to $\infty$ using $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ . Then the only action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ we have left to us is the $ax+b$ subgroup. Since $\eta$ lies in ${\mathbf{F}}_{q^{p}}\setminus{\mathbf{F}}_{q}$ , we can use this subgroup to move $\eta$ to an element of $C_{\infty}$ . Then $\theta$ can be arbitrary, as long as it is different from $\infty$ and from $\eta$ . This gives us case (3).

If $\zeta$ does not lie in ${\mathbf{P}}^{1}({\mathbf{F}}_{q})$ then we can move $\zeta$ using $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ so that it lies in $C$ , and there is no further action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ left available to us, because the only elements of ${\mathbf{P}}^{1}(\overline{{\mathbf{F}}}_{q})$ with nontrivial $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ stabilizers lie in ${\mathbf{P}}^{1}({\mathbf{F}}_{q^{2}})$ . This gives us case (4). ∎

This result is useful because we can compute the sets of representatives we need.

Algorithm 6.2.

Orbit representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the elements of ${\mathbf{F}}_{q^{n}}$ that do not lie in proper subfields.

Input:

A prime power $q$ and an integer $n\geq 3$ .
Output:

A complete set of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on the the elements of ${\mathbf{F}}_{q^{n}}$ that do not lie in proper subfields.
1.

Set $L$ and $M$ to be empty lists.
2.

Construct a copy of ${\mathbf{F}}_{q^{n}}$ with an ${\mathbf{F}}_{q}$ -basis $(\beta_{1},\ldots,\beta_{n})$ such that $\beta_{1}$ appears with nonzero coefficient in the representation of $1$ .
3.

If $n=3$ return a list containing the single element $\beta_{2}$ , and stop.
4.
For every $\alpha\in{\mathbf{F}}_{q^{n}}$ that does not lie in a proper subfield, and whose representation $(a_{1},\ldots,a_{n})$ on the given basis has $a_{1}=0$ and has $a_{i}=1$ for the first $i$ with $a_{i}\neq 0$ , do:
- (ad)
  
  Compute $\alpha^{q^{i}}$ for $i=1,\ldots,n-1$ . If any of these conjugates is smaller than or equal to $\alpha$ under a fixed ordering $<$ , continue on to the next value of $\alpha$ .
- (bd)
  
  Compute the minimal polynomial $f$ of $\alpha$ .
- (cd)
  
  Find the (unique) irreducible factor $g$ of $\operatorname{Cross}(f)$ .
- (dd)
  
  Append the pair $(g,\alpha)$ to $L$ .
5.

Sort $L$ .
6.

Delete every element $(g,\alpha)$ of $L$ such that $g$ appears as a first entry of an element earlier in the list.
7.
For every $(g,\alpha)$ in $L$ , do:
- (ad)
  
  For $i=0,\ldots,\deg g-1$ , append the element $\alpha^{q^{i}}$ to $M$ .
8.

Return $M$ .

Proposition 6.3.

Algorithm 6.2 produces a complete list of unique representatives for the orbits of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the elements of ${\mathbf{F}}_{q^{n}}$ that lie in no proper subfield. It runs in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-2})$ .

Proof.

When $n=3$ , the group $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acts transitively on ${\mathbf{P}}_{q^{3}}\setminus{\mathbf{F}}_{q}$ , so step (3) gives correct output. For $n>3$ , Algorithm 6.2 is a variation on Algorithm 4.3. The only additional fact we must note is that there is an element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that takes $\alpha$ to one of its nontrivial conjugates if and only if the cross polynomial of $f$ is not irreducible, and that the order of each such element of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ is equal to the exponent $e$ such that $\operatorname{Cross}(f)=g^{e}$ . Thus, the Galois orbit of $\alpha$ contains representatives of exactly $\deg g$ $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbits. ∎

Algorithm 6.2 gives us a method to calculate the set $C$ from Proposition 6.1. The sets $C_{\infty}$ and $C_{\infty,0}$ can be computed in similar (but simpler) ways; we leave the details to the reader.

7. Enumerating $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit representatives for $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$

In this section we present our algorithm for enumerating orbit representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ , for $n$ fixed and $q$ varying. The algorithm consists of a number of different algorithms, each addressing a subset of elements of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ . The problem is trivial when $n\leq 3$ , so we will always assume that $n\geq 4$ , and for one case we will also demand that $n$ be even. This is sufficient for our application to enumerating hyperelliptic curves of genus $g$ , where $n=2g+2$ is even and at least $6$ . (See [9] for an algorithm that works for all $n$ .)

Recall that an element of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ is a set $A=\{\alpha_{1},\ldots,\alpha_{n}\}$ of $n$ distinct elements of ${\mathbf{P}}^{1}(\overline{{\mathbf{F}}}_{q})$ that is stable under the action of the Galois group of $\overline{{\mathbf{F}}}_{q}$ over ${\mathbf{F}}_{q}$ . An element of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ is primitive if the degree of each extension ${\mathbf{F}}_{q}(\alpha_{i})$ over ${\mathbf{F}}_{q}$ is equal to $n$ . Every element $A$ of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ can be written in a unique way (up to order) as the union of a collection $\{A_{i}\}$ of primitive elements $A_{i}$ of $\operatorname{Sym}^{m_{i}}({\mathbf{F}}_{q})$ , for some sequence of integers $m_{i}$ with $\sum m_{i}=n$ . The sequence $(m_{i})_{i}$ , listed in non-increasing order, is the Galois type of $A$ . If $f$ is the monic homogeneous polynomial whose zero set is $A$ , then $(m_{i})_{i}$ is also the list of the degrees of the irreducible factors of $f$ , and we also refer to this sequence as the Galois type of $f$ . We will enumerate the $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbits of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ by enumerating each Galois type separately.

Let $M\colonequals(m_{1},m_{2},\ldots,m_{r})$ be a Galois type for $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ , so that $m_{1}\geq m_{2}\geq\cdots\geq m_{r}>0$ and $n=m_{1}+\cdots+m_{r}$ . In the following subsections we show how to enumerate the $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbits of the elements of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ of this Galois type, based on the value of $m_{1}$ .

7.1. The case $m_{1}=1$

Every element $A$ of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ of this Galois type is simply a collection of $n$ distinct elements of ${\mathbf{P}}^{1}({\mathbf{F}}_{q})$ . We can specify a standard form for such elements $A$ by considering all possible choices of three distinct points $a_{i}$ , $a_{j}$ , and $a_{k}$ in $A$ , and using an element $\Gamma$ of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ to move those three points to $\infty$ , $0$ , and $1$ , respectively. To this choice we associate the polynomial $f$ of degree $n-1$ defined by

f\colonequals y\prod_{\ell\neq i}(x-\Gamma(a_{\ell})y)\,.

Our standard form for $A$ is the smallest polynomial $f$ obtained in this way, under an arbitrary total ordering $<$ of the monic homogeneous polynomials of degree $n$ .

Our algorithm for enumerating orbit representatives of this Galois type is as follows.

Algorithm 7.1.

Orbit representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the elements of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ of Galois type $(1,1,\ldots,1)$ .

Input:

A prime power $q$ and an integer $n\geq 4$ .
Output:

A complete set of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on the monic homogenous polynomials of degree $n$ and Galois type $(1,1,\ldots,1)$ .
1.

Set $L$ to be the empty list, and set $a_{1}\colonequals\infty$ , $a_{2}\colonequals 0$ , and $a_{3}\colonequals 1$ .
2.
For every set $\{a_{4},\ldots,a_{n}\}$ of distinct elements of ${\mathbf{F}}_{q}\setminus\{0,1\}$ do:
- (ad)
  
  Set $f\colonequals y\prod_{i=2}^{n}(x-a_{i}y)$ .
- (bd)
  
  Set $F\colonequals\{\Gamma(f)\}$ , where $\Gamma$ ranges over the elements of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that send three elements of $\{a_{i}\}$ to $\infty$ , $0$ , and $1$ .
- (cd)
  
  If $f$ is the smallest element of $F$ under the ordering $<$ , append $f$ to $L$ .
3.

Return $L$ .

Proposition 7.2.

Algorithm 7.1 produces a complete set of unique representatives for the orbits of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the monic homogeneous degree- $n$ polynomials of Galois type $(1,1,\ldots,1)$ . It runs in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ , measured in arithmetic operations in ${\mathbf{F}}_{q}$ . ∎

7.2. The case $m_{1}=2$

When $m_{1}=2$ the possible Galois types $(m_{1},\ldots,m_{r})$ consist of $s$ values of $2$ and $t$ values of $1$ , where $2s+t=n$ and $s>0$ . We present two algorithms, one that applies when $t\geq 3$ and one that applies when $s\geq 2$ . Since we are assuming throughout that $n\geq 4$ , the only remaining case is when $s=1$ and $t=2$ , but that situation is handled by Theorem 3.6.

Algorithm 7.3.

Orbit representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the elements of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ of Galois type of the form $(2,2,\ldots,2,1,\ldots,1)$ , with $s$ entries of $2$ and $t$ entries of $1$ , where $t\geq 3$ .

Input:

A prime power $q$ , an integer $n\geq 4$ , and integers $s$ and $t$ with $2s+t=n$ and $t\geq 3$ .
Output:

A complete set of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on the monic homogenous polynomials of degree $n$ with the given Galois type.
1.

Set $L$ to be the empty list, and set $a_{1}\colonequals\infty$ , $a_{2}\colonequals 0$ , and $a_{3}\colonequals 1$ .
2.

Create a list $I_{2}$ of the monic irreducible homogeneous quadratics over ${\mathbf{F}}_{q}$ .
3.
For every set $\{a_{4},\ldots,a_{t}\}$ of distinct elements of ${\mathbf{F}}_{q}\setminus\{0,1\}$ and every set $\{g_{1},\ldots,g_{s}\}$ of distinct elements of $I_{2}$ do:
- (ad)
  
  Set $f\colonequals y\prod_{i=2}^{t}(x-a_{i}y)\cdot\prod_{i=1}^{s}g_{i}$ .
- (bd)
  
  Set $F\colonequals\{\Gamma(f)\}$ , where $\Gamma$ ranges over the elements of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that send three elements of $\{a_{i}\}$ to $\infty$ , $0$ , and $1$ .
- (cd)
  
  If $f$ is the smallest element of $F$ under the ordering $<$ , append $f$ to $L$ .
4.

Return $L$ .

Proposition 7.4.

Algorithm 7.3 produces a complete set of unique representatives for the orbits of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the monic homogeneous degree- $n$ polynomials of Galois type $(2,2,\ldots,2,1,\ldots,1)$ , with $s$ entries of $2$ and $t\geq 3$ entries of $1$ . It runs in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ , measured in arithmetic operations in ${\mathbf{F}}_{q}$ . ∎

Algorithm 7.5.

Input:

A prime power $q$ , an integer $n\geq 4$ , and integers $s$ and $t$ with $2s+t=n$ and $s\geq 2$ .
Output:

A complete set of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on the monic homogenous polynomials of degree $n$ with the given Galois type.
1.

Set $L$ to be the empty list.
2.

Let $I_{1}$ be the set of polynomials $\{y\}\cup\{x-ay\,:\,a\in{\mathbf{F}}_{q}\}$ .
3.

Create a list $I_{2}$ of the monic irreducible homogeneous quadratics over ${\mathbf{F}}_{q}$ .
4.
For every pair $(f_{1},f_{2})$ of irreducible quadratic factors obtained from Theorem 3.4 or Theorem 3.8, for every set $\{f_{3},\ldots,f_{s}\}$ of elements of $I_{2}$ such that the quadratics $f_{1},\ldots,f_{s}$ are distinct, and for every set $\{g_{1},\ldots,g_{t}\}$ of distinct elements of $I_{1}$ , do:
- (ad)
  
  Set $f\colonequals\prod_{i=1}^{s}f_{i}\cdot\prod_{i=1}^{t}g_{i}$ .
- (bd)
  
  Set $F\colonequals\{\Gamma(f)\}$ , where $\Gamma$ ranges over the elements of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that send a pair of elements of $\{f_{i}\}$ to the representative of their $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit, calculated using the table mentioned at the end of Remark 3.9.
- (cd)
  
  If $f$ is the smallest element of $F$ under the ordering $<$ , append $f$ to $L$ .
5.

Return $L$ .

Remark 7.6.

The most direct way of implementing step (4)(b) involves computing the roots of various irreducible quadratics in a fixed copy of ${\mathbf{F}}_{q^{2}}$ . From [15, Theorem 1.2], we know that this can be done in time polynomial in $\log q$ .

Proposition 7.7.

Algorithm 7.5 produces a complete set of unique representatives for the orbits of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the monic homogeneous degree- $n$ polynomials of Galois type $(2,2,\ldots,2,1,\ldots,1)$ , with $s\geq 2$ entries of $2$ and $t$ entries of $1$ . It runs in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ , measured in arithmetic operations in ${\mathbf{F}}_{q}$ . ∎

7.3. The case $3\leq m_{1}\leq n-1$

Let $(m_{1},\ldots,m_{r})$ be a Galois type with $3\leq m_{1}\leq n-1$ . When $m_{1}>3$ we will make use of the list of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit representatives of irreducible polynomials of degree $m_{1}$ provided by Algorithm 4.3, which will not exceed our claimed time bound of $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ because $m_{1}-2\leq n-3$ . When $m_{1}=3$ we will use the fact that there is exactly one $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit of irreducible degree- $3$ polynomials, so we can take our favorite irreducible polynomial of degree $3$ as the sole orbit representative.

Algorithm 7.8.

Orbit representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the elements of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ of Galois type $(m_{1},\ldots,m_{r})$ , with $3\leq m_{1}\leq n-1$ .

Input:

A prime power $q$ , an integer $n\geq 4$ , and a Galois type with $3\leq m_{1}\leq n-1$ .
Output:

A complete set of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on the monic homogenous polynomials of degree $n$ with the given Galois type.
1.

Set $L$ to be the empty list.
2.

For each value of $m_{i}$ in the set $\{m_{2},\ldots,m_{r}\}$ , create a list $I_{m_{i}}$ of the monic irreducible homogeneous polynomials of degree $m_{i}$ .
3.

If $m_{1}>3$ , let $L_{1}$ be the output of Algorithm 4.3 associated to the inputs $q$ and $m_{1}$ and let $S$ be the list of orbit representatives of irreducible polynomials of degree $m_{1}$ obtained as the second elements of each pair on the list $L_{1}$ .
4.

If $m_{1}=3$ let $S$ be the single-element list consisting of an arbitrary irreducible polynomial of degree $3$ .
5.
For every element $f_{1}$ of $S$ and every set of distinct polynomials $\{f_{2},\ldots,f_{r}\}$ with $f_{i}\in I_{m_{i}}$ do:
- (ad)
  
  Set $f\colonequals\prod_{i=1}^{r}f_{i}.$
- (bd)
  
  Let $M_{1}$ be the set of $f_{i}$ of degree $m_{1}$ and set $F\colonequals\{\Gamma(f)\}$ , where $\Gamma$ ranges over the elements of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ that send an element of $M$ to its associated orbit representative, obtained by computing its cross polynomial and using the lookup table $L_{1}$ if $m_{1}>3$ and by direct calculation if $m_{1}=3$ .
- (cd)
  
  If $f$ is the smallest element of $F$ under the ordering $<$ , append $f$ to $L$ .
6.

Return $L$ .

Remark 7.9.

As in the similar situation in Algorithm 7.5, we can accomplish step (5)(b) by computing the roots of various irreducible polynomials of degree $m$ in a fixed copy of ${\mathbf{F}}_{q^{m}}$ , and [15, Theorem 1.2] shows that we can do this in time polynomial in $\log q$ .

Proposition 7.10.

Algorithm 7.8 produces a complete set of unique representatives for the orbits of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the monic homogeneous degree- $n$ polynomials of the given Galois type. It runs in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ , measured in arithmetic operations in ${\mathbf{F}}_{q}$ .

Proof.

The correctness of the algorithm is clear, because every $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit of the given Galois type has a representative considered by the algorithm, and duplicates are prevented by steps (5)(b) and (5)(c).

For each $m_{i}$ in step (2), the time required to compute the list $I_{m_{i}}$ is $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{m_{i}})$ , and since $m_{i}\leq n-m_{1}\leq n-3$ this is $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ . The time required for step (3) is $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{m_{1}-2})$ , and since $m_{1}-2\leq n-3$ , this is also $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ . And in step (5), we consider $O(q^{n-3})$ tuples $(f_{1},\ldots,f_{r})$ , and each takes time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(1)$ to process. Thus, the total time required is as claimed. ∎

7.4. The case $m_{1}=n$

This is the first and only case in which we will require $n$ to be even. The case $n=4$ is covered by Theorems 1.2 and 3.8, so we may assume that $n\geq 6$ . Note that we cannot just apply Algorithm 4.3, because that takes time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-2})$ , and we want an algorithm that takes time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ .

Algorithm 7.11.

Orbit representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the elements of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ of Galois type $(n)$ , where $n\geq 6$ is even.

Input:

A prime power $q$ and an even integer $n\geq 6$ .
Output:

A complete set of unique representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on the monic irreducible homogenous polynomials of degree $n$ .
1.

If $n=6$ , let $M$ be the list consisting of a single monic irreducible cubic homogeneous polynomial in ${\mathbf{F}}_{q^{2}}[x,y]$ .
2.

If $n=8$ , let $M$ be the list consisting of the monic irreducible quartic homogeneous polynomials in ${\mathbf{F}}_{q^{2}}[x,y]$ given by Theorem 1.2 or Theorem 3.8 applied to the field ${\mathbf{F}}_{q^{2}}$ .
3.

If $n\geq 10$ , use Algorithm 4.3 to create a list $M$ of orbit representatives for the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ acting on the monic irreducible homogeneous polynomials of degree $n/2$ in ${\mathbf{F}}_{q^{2}}[x,y]$ .
4.

Let $G$ be the list of coset representative for the left action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ on $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ from Proposition 5.1.
5.

Let $N$ be the list consisting of $\Gamma(f)$ , for all $\Gamma\in G$ and $f$ in $M$ .
6.

Let $L$ be the list of all products $gg^{(q)}$ for $g\in N$ , where the superscript $(q)$ means to raise each coefficient of a polynomial to the $q$ th power.
7.

Let $L^{\prime}$ be the list of all pairs $(\operatorname{Cross}f,f)$ for $f\in L$ .
8.

Sort $L^{\prime}$ , and then delete every entry $(\operatorname{Cross}f,f)$ where $\operatorname{Cross}f$ appears as the first element of an earlier entry in $L^{\prime}$ .
9.

Let $L^{\prime\prime}$ be the list of second elements of the entries in $L^{\prime}$ .
10.

Return $L^{\prime\prime}$ .

Proposition 7.12.

Algorithm 7.11 produces a complete set of unique representatives for the orbits of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the monic irreducible homogeneous polynomials of degree $n$ . It runs in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ , measured in arithmetic operations in ${\mathbf{F}}_{q}$ .

Proof.

To prove correctness, we must show that the list $L^{\prime\prime}$ consists of unique representatives for each $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit of irreducible polynomials of degree $n$ over ${\mathbf{F}}_{q}$ . First we show that it contains at least one representative from each orbit.

We know that every monic irreducible homogeneous polynomial $f$ of degree $n$ in ${\mathbf{F}}_{q}[x,y]$ can be written $gg^{(q)}$ for a monic irreducible homogeneous polynomial $g$ in ${\mathbf{F}}_{q^{2}}[x,y]$ of degree $n/2$ , and $g$ is unique up to $g\leftrightarrow g^{(q)}$ . If we can show that the list $N$ contains an element in every orbit of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the left on the set $S$ of monic irreducible homogeneous polynomials of degree $n/2$ in ${\mathbf{F}}_{q^{2}}[x,y]$ , then that will show that $L$ contains at least one element in every orbit of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the monic irreducible homogeneous polynomials of degree $n$ in ${\mathbf{F}}_{q}[x,y]$ . But since $M$ is a list of representative for the orbits of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ acting on $S$ , and since $G$ consists of coset representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ , this is clear. Thus, $L$ contains a representative from each orbit of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the set of monic irreducible homogeneous polynomials of degree $n$ in ${\mathbf{F}}_{q}[x,y]$ . In fact, $L$ contains at most two such representatives for each orbit, because of the uniqueness of $g$ up to $g\leftrightarrow g^{(q)}$ .

By construction (and by Theorem 4.2), the list $L^{\prime\prime}$ contains at most one representative from each orbit of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the irreducible polynomials. But we already saw that it contains at least one such representative. Therefore, it is a complete list of unique representatives.

The only thing left to check is that the algorithm runs in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ . Steps (1) through (3) take time at most $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}((q^{2})^{(n/2-2)})=\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-4})$ . Step (4) takes time $O(q^{3})$ , and step (5) takes time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ because there are $O(q^{3})$ elements of $G$ and $O(q^{n-6})$ elements of $M$ . Steps (6) through (9) also take time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ , because the lists $N$ , $L$ , and $L^{\prime}$ contain $O(q^{n-3})$ elements. ∎

8. Additional efficiencies

In this section we mention a few ways that the algorithms in Section 7 can be improved. The asymptotic complexity of the revised algorithms is still $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ , but the speedups in this section improve the algorithms by constant factors.

8.1. Avoiding repeated orbits

Several of our algorithms include a step to deal with elements of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ that can be normalized (in the manner of the particular algorithm) in several ways. This happens in steps (2)(b) and (c) of Algorithm 7.1, in steps (3)(b) and (c) of Algorithm 7.3, in steps (4)(b) and (c) of Algorithm 7.5, and in steps (5)(b) and (c) of Algorithm 7.8. In Algorithm 7.8, for example, this is needed when there is more than one occurrence of the number $m_{1}$ in the Galois type. The algorithm normalizes elements of $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$ of the given Galois type (represented by monic homogeneous polynomials of degree $n$ ) by absorbing all of the action of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ into one factor of degree $m_{1}$ . If there is more than one such factor, there is more than one normalization of the same polynomial, and the algorithm has to identify the resulting repeated orbits and return only one of them. (There is also more than one normalization if a factor of degree $m_{1}$ has nontrivial $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ stabilizer, but that is rare.)

The most straightforward way to avoid this situation is to handle Galois types with $m_{1}$ occurring more than once in a different way. For instance, if we are working with the Galois type $(4,4,3,1)$ , instead of normalizing on the factors of degree $4$ (for which there are two choices), we can instead normalize on the factor of degree $3$ . This technique can be used to handle every Galois type that includes at least one value of $m$ that is at least $3$ and that occurs just once in the type. Similarly, if the value $2$ occurs in a type exactly twice, we can normalize the product of two irreducible quadratics.

If we have a Galois type with $m_{1}\geq 3$ where this is impossible — for example, $(4,4,3,3)$ — we have another option. We use a modified version of Algorithm 4.3 where we skip step (5); this gives us a list of all monic irreducible polynomials of degree $m_{1}$ , grouped by their cross polynomials. Then, in Algorithm 7.8, in step (5) we do not consider all sets of distinct polynomials $\{f_{2},\ldots,f_{r}\}$ ; instead, we demand that the cross polynomial of every $f_{i}$ whose degree is equal to $m_{1}$ not appear earlier on the sorted list that that of $f_{1}$ . If in fact all of the additional cross polynomials are different from the cross polynomial of $f_{1}$ , the orbit representative we obtain will not be repeated unless the $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ stabilizer of $f_{1}$ is nontrivial, which is unusual (and easy to check). If some of the additional cross polynomials are the same as that of $f_{1}$ , then we keep track of this orbit on a separate list, and deduplicate this (much smaller) list separately.

8.2. Treating the Galois types $(n-1,1)$ and $(n-2,1,1)$ more efficiently

Consider the Galois type $(n-1,1)$ , corresponding to a product of a linear homogeneous polynomial with an irreducible homogeneous polynomial of degree $n-1$ . Instead of absorbing all the $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ action into the choice of the irreducible polynomial of degree $n-1$ , we can instead demand that the linear polynomial have its zero at $\infty$ . Then we have to find representatives for irreducible homogeneous polynomials of degree $n-1$ up to the $ax+b$ group. We can accomplish this by modifying the technique of Algorithm 4.3: We construct a copy of ${\mathbf{F}}_{q^{n-1}}$ , we choose a basis $(\beta_{1},\ldots,\beta_{n-1})$ such that $\beta_{1}$ appears with a nonzero coefficient in the representation of $1$ , and then we simply list the minimal polynomials of elements whose representation on the given basis begins $(0,\ldots,0,1,\ldots)$ , with at least one $0$ at the beginning and with the first nonzero element being $1$ . We can also take care to produce only one element from each Galois orbit at this stage, in order to avoid using cross polynomials to deduplicate the list later.

For the Galois type $(n-2,1,1)$ , we look for orbit representatives of the form $xyf$ for irreducible homogeneous $f$ of degree $n-2$ . We can modify $f$ only by replacing $(x,y)$ with $(cx,y)$ or $(cy,x)$ , so we can construct a copy of ${\mathbf{F}}_{q^{n-2}}$ with basis $(\beta_{1},\ldots,\beta_{n-2})$ , list the minimal polynomials of the elements whose representations on the given basis have their first nonzero element equal to $1$ , and then deduplicate as usual.

8.3. More efficient computations of $\operatorname{PGL}_{2}$ orbits of irreducibles

In step (3) of Algorithm 7.8, we obtain a list of orbit representatives for irreducible polynomials of a given degree $m$ by using Algorithm 4.3. If $m$ is composite, we can use a more efficient algorithm based on the idea of Algorithm 7.11. Namely, if $m=pm^{\prime}$ , we can compute orbit representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{p}})$ acting on irreducible polynomials in ${\mathbf{F}}_{q^{p}}[x]$ of degree $m^{\prime}$ , and then use Proposition 5.1 or Proposition 6.1 to list coset representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ in $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{p}})$ . As in Algorithm 7.11, we can combine these two lists to get a complete list of unique orbit representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on irreducible polynomials of degree $n$ .

In fact, what we have just shown is that if $n$ is composite, we can compute a complete set of unique representatives for the orbits of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ acting on the monic irreducible homogeneous polynomials of degree $n$ in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ . This leaves open the case when $n$ is prime. In a followup paper [9], we explain a completely different technique that will produce these orbit representatives for prime $n$ — indeed, for odd $n$ — in time $\mathchoice{\accentset{\displaystyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\textstyle\text{\smash{\raisebox{-6.02773pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptstyle\text{\smash{\raisebox{-4.2194pt}{$\widetildesym$}}}}{O}}{\accentset{\scriptscriptstyle\text{\smash{\raisebox{-3.01385pt}{$\widetildesym$}}}}{O}}(q^{n-3})$ , but no longer deterministically, because the method relies on factoring polynomials of bounded degree in polynomial time.

9. Implementations for genus $2$ and genus $3$

We have implemented our algorithm for hyperelliptic curves of genus $2$ and genus $3$ in Magma [2]. Magma files with the implementations can be found in several places: in the ancillary files attached the the arXiv version of this paper, on the author’s web page, and in the GitHub repository associated to this paper [10]. In addition to the improvements described in Section 8 and others of a similar nature, our code for the genus- $2$ case includes an improvement for the Galois type $(6)$ that allows us to skip the deduplication step in Algorithm 7.11. The basic idea is to choose the irreducible cubic polynomial in step (1) of Algorithm 7.11 so that it lies in ${\mathbf{F}}_{q}[x,y]$ and so that its zeros are permuted by the order- $3$ element $\bigl{[}\begin{smallmatrix}0&-1\\ 1&-1\end{smallmatrix}\bigr{]}$ of $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ , so that it is easier to keep track of which elements of $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$ in $G$ give rise to homogeneous sextic polynomials $f\in{\mathbf{F}}_{q}[x,y]$ that lie in the same $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit. The details are too lengthy to include here, but are spelled out in the comments in the code, as well as in the followup paper [9]. Other improvements are described in the comments as well.

For our genus- $3$ implementation, we did not spend as much time optimizing, and there are very likely improvements that can be made.

Table 1. Sample timings (in seconds) to compute all hyperelliptic curves of genus

2

and

3

over

{\mathbf{F}}_{q}

. The second column gives timings for Magma’s built-in routines for genus

2

. The third through fifth columns give timings for the techniques of this paper: the third for computing

\operatorname{PGL}_{2}({\mathbf{F}}_{q})

orbit representatives of

\operatorname{Sym}^{6}({\mathbf{F}}_{q})

, the fourth for computing genus-

2

curves from these representatives, and the fifth for the total time for both. Similarly, the sixth through ninth columns give timings for computing genus-

3

curves. Timings marked with an asterisk are estimates.

$q$	Magma	$\operatorname{Sym}^{6}$	Curves	Total	Magma	$\operatorname{Sym}^{8}$	Curves	Total
	Genus 2				Genus 3
		This paper				This paper
$17$	$7.9$	$0.16$	$0.02$	$0.18$	$5274$	$\phantom{0}\phantom{0}20$	$\phantom{0}\phantom{0}1$	$\phantom{0}\phantom{0}21$
$31$	$52.7$	$0.77$	$0.06$	$0.83$	$99463\hbox to0.0pt{${}^{*}$\hss}$	$\phantom{0}304$	$\phantom{0}14$	$\phantom{0}318$
$59$	$327.1$	$3.85$	$0.25$	$4.10$	$2408665\hbox to0.0pt{${}^{*}$\hss}$	$5932$	$479$	$6411$
$127$	$3308\phantom{.0}$	$36\phantom{.00}$	$2\phantom{.00}$	$38\phantom{.00}$
$257$	$27448\hbox to0.0pt{${}^{*}$\hss}\phantom{.0}$	$290\phantom{.00}$	$10\phantom{.00}$	$300\phantom{.00}$
$509$	$211655\hbox to0.0pt{${}^{*}$\hss}\phantom{.0}$	$2307\phantom{.00}$	$76\phantom{.00}$	$2384\phantom{.00}$

We ran some timing experiments to compare our Magma code to the built-in Magma functions that implement the algorithms of Mestre [19] and Cardona and Quer [4] for genus- $2$ curves, and the algorithms of Lercier and Ritzenthaler [16] for genus- $3$ curves. We give some sample timings in Table 1, taken by running Magma (V2.28-8) on one core of an Apple M1 Max processor with 64GB RAM. For our algorithm, we divide our timings into two steps: computation of the $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit representatives of $\operatorname{Sym}^{2g+2}({\mathbf{F}}_{q})$ and computation of the isomorphism classes of curves. Our algorithm includes a computation of the automorphism groups of the curves, which gives us a consistency check, since the sum over all hyperelliptic curves of genus $g$ over ${\mathbf{F}}_{q}$ of $1$ over the size of the automorphism group is equal to $q^{2g-1}$ [3, Proposition 7.1].

We compare our genus- $2$ timings to those of applying the Magma command

Twists(HyperellipticCurveFromG2Invariants([a,b,c]))

to all triples $(a,b,c)$ of elements of ${\mathbf{F}}_{q}$ and then retrieving the polynomials that define the resulting curves. For $q>127$ we estimate the time for the Magma builtin functions by running the above command on $10{,}000$ random triples $(a,b,c)$ and multiplying the time taken by $q^{3}/10^{4}$ ; these estimates are indicated with asterisks. We see that our genus- $2$ code is running approximately $90$ times faster than Magma’s internals.

We compare our genus- $3$ timings to those of applying the Magma command

TwistedHyperellipticPolynomialsFromShiodaInvariants(S)

to all Shioda invariants with nonzero discriminants, obtained by applying

ShiodaAlgebraicInvariants(V : ratsolve := true)

to every element $V$ of the $5$ -dimensional weighted projective space over ${\mathbf{F}}_{q}$ with weights $[2,3,4,5,6,7]$ and discarding those with discriminant $0$ . For $q=31$ and $q=59$ we estimate Magma’s times as before. It appears that our genus- $3$ code is running several hundred times faster than Magma’s internals.

For genus- $2$ curves over ${\mathbf{F}}_{509}$ , our code spent $42.46\%$ of the time on Galois type $(6)$ , $16.06\%$ on type $(3,3)$ , and $12.55\%$ on type $(5,1)$ , with the remaining $29\%$ of the time divided among the remaining eight types. For genus- $3$ curves over ${\mathbf{F}}_{59}$ , our code spent $26.49\%$ of the time on Galois type $(7,1)$ , $25.77\%$ on type $(8)$ , $19.45\%$ on type $(2,2,2,2)$ , and $7.87\%$ on type $(4,4)$ , with the remaining $20\%$ of the time divided among the remaining eighteen types.

We note that memory handling issues may have slowed the genus- $3$ computation for $q=59$ , which reemphasizes the point, made in the introduction, that it would be good to have a version of our algorithm for higher genera that requires less space. We have not yet implemented the low-memory algorithm from [9] to see whether that will help improve our timings for larger $q$ .

References

[1] Jonas Bergström, Everett W. Howe, Elisa Lorenzo García, and Christophe Ritzenthaler, Refinements of Katz–Sarnak theory for the number of points on curves over finite fields, Canad. J. Math. (2024), online, not yet assigned an issue.
[2] Wieb Bosma, John Cannon, and Catherine Playoust, The Magma algebra system. I. The user language, J. Symbolic Comput. 24 (1997), no. 3-4, 235–265, Computational algebra and number theory (London, 1993). Software available at http://magma.maths.usyd.edu.au/. MR 1484478
[3] Bradley W. Brock and Andrew Granville, More points than expected on curves over finite field extensions, Finite Fields Appl. 7 (2001), no. 1, 70–91. MR 1803936
[4] Gabriel Cardona and Jordi Quer, Field of moduli and field of definition for curves of genus 2, Computational aspects of algebraic curves, Lecture Notes Ser. Comput., vol. 13, World Scientific Publishing, Hackensack, NJ, 2005, pp. 71–83. MR 2181874
[5] John B. Conway, Functions of one complex variable, second ed., Graduate Texts in Mathematics, vol. 11, Springer-Verlag, New York–Berlin, 1978, Available for digital loan. MR 503901
[6] Dušan Dragutinović, Computing binary curves of genus five, J. Pure Appl. Algebra 228 (2024), no. 4, Paper No. 107522, 19. MR 4642980
[7] Sarah Frei, The $a$ -number of hyperelliptic curves, Women in numbers Europe II, Assoc. Women Math. Ser., vol. 11, Springer, Cham, 2018, pp. 107–116. MR 3882708
[8] Everett W. Howe, Curves of medium genus with many points, Finite Fields Appl. 47 (2017), 145–160. MR 3681085
[9] by same author, Enumerating places of ${\mathbf{P}}^{1}$ up to automorphisms of ${\mathbf{P}}^{1}$ in quasilinear time, 2024, in preparation.
[10] by same author, everetthowe/hyperelliptic, 2024, online GitHub repository, accessed March 2024.
[11] Everett W. Howe, Enric Nart, and Christophe Ritzenthaler, Jacobians in isogeny classes of abelian surfaces over finite fields, Ann. Inst. Fourier (Grenoble) 59 (2009), no. 1, 239–289. MR 2514865
[12] Yongyuan Huang, Kiran S. Kedlaya, and Jun Bo Lau, A census of genus $6$ curves over $\mathbf{F}_{2}$ , 2024. arXiv:2402.00716 [math.AG]
[13] Donald E. Knuth, The art of computer programming. Vol. 3: Sorting and searching, second ed., Addison-Wesley, Reading, MA, 1998. MR 3077154
[14] Tetsuo Kodama, Jaap Top, and Tadashi Washio, Maximal hyperelliptic curves of genus three, Finite Fields Appl. 15 (2009), no. 3, 392–403. MR 2516433
[15] Hendrik W. Lenstra, Jr., Finding isomorphisms between finite fields, Math. Comp. 56 (1991), no. 193, 329–347. MR 1052099
[16] Reynald Lercier and Christophe Ritzenthaler, Hyperelliptic curves and their invariants: geometric, arithmetic and algorithmic aspects, J. Algebra 372 (2012), 595–636. MR 2990029
[17] Qing Liu, Algebraic geometry and arithmetic curves, Oxford Graduate Texts in Mathematics, vol. 6, Oxford University Press, Oxford, 2002, Translated from the French by Reinie Erné, Available for digital loan. MR 1917232
[18] Daniel Maisner and Enric Nart, Abelian surfaces over finite fields as Jacobians, Experiment. Math. 11 (2002), no. 3, 321–337, With an appendix by Everett W. Howe. MR 1959745
[19] Jean-François Mestre, Construction de courbes de genre $2$ à partir de leurs modules, Effective methods in algebraic geometry (Castiglioncello, 1990), Progr. Math., vol. 94, Birkhäuser Boston, Boston, MA, 1991, pp. 313–334. MR 1106431 (92g:14022)
[20] Enric Nart, Counting hyperelliptic curves, Adv. Math. 221 (2009), no. 3, 774–787. MR 2511037
[21] Jean-Pierre Serre, Cohomologie galoisienne, fifth ed., Lecture Notes in Mathematics, vol. 5, Springer-Verlag, Berlin, 1994. MR 1324577
[22] Victor Shoup, New algorithms for finding irreducible polynomials over finite fields, Math. Comp. 54 (1990), no. 189, 435–447. MR 993933
[23] Igor Shparlinski, On finding primitive roots in finite fields, Theoret. Comput. Sci. 157 (1996), no. 2, 273–275. MR 1389773
[24] Xavier Xarles, A census of all genus $4$ curves over the field with $2$ elements, 2020. arXiv:2007.07822 [math.AG]

Enumerating hyperelliptic curves over finite fields in quasilinear time

Abstract.

Key words and phrases:

1991 Mathematics Subject Classification:

1. Introduction

Theorem 1.1.

Theorem 1.2.

Acknowledgements

2. Hyperelliptic curves and Weierstrass points

Remark 2.1.

3. Results for quartic polynomials

Lemma 3.1.

Proof.

Corollary 3.2.

Proof.

Proof of Theorem 1.2.

Remark 3.3.

Theorem 3.4.

Proof.

Remark 3.5.

Theorem 3.6.

Proof.

Remark 3.7.

Theorem 3.8.

Remark 3.9.

4. An invariant for irreducible polynomials over finite fields

Definition 4.1.

Theorem 4.2.

Proof.

Algorithm 4.3.

Proposition 4.4.

Proof.

5. Explicit coset representatives for PGL2⁡(𝐅q)\operatorname{PGL}_{2}({\mathbf{F}}_{q}) in PGL2⁡(𝐅q2)\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})

Proposition 5.1.

Lemma 5.2.

Proof.

Proof of Proposition 5.1.

6. Explicit coset representatives for PGL2⁡(𝐅q)\operatorname{PGL}_{2}({\mathbf{F}}_{q}) in PGL2⁡(𝐅qp)\operatorname{PGL}_{2}({\mathbf{F}}_{q^{p}})

Proposition 6.1.

Proof.

Algorithm 6.2.

Proposition 6.3.

Proof.

7. Enumerating PGL2⁡(𝐅q)\operatorname{PGL}_{2}({\mathbf{F}}_{q}) orbit representatives for Symn⁡(𝐅q)\operatorname{Sym}^{n}({\mathbf{F}}_{q})

7.1. The case m1=1m_{1}=1

Algorithm 7.1.

Proposition 7.2.

7.2. The case m1=2m_{1}=2

Algorithm 7.3.

Proposition 7.4.

Algorithm 7.5.

Remark 7.6.

Proposition 7.7.

7.3. The case 3≤m1≤n−13\leq m_{1}\leq n-1

Algorithm 7.8.

Remark 7.9.

Proposition 7.10.

Proof.

7.4. The case m1=nm_{1}=n

Algorithm 7.11.

Proposition 7.12.

Proof.

8. Additional efficiencies

8.1. Avoiding repeated orbits

8.2. Treating the Galois types (n−1,1)(n-1,1) and (n−2,1,1)(n-2,1,1) more efficiently

8.3. More efficient computations of PGL2\operatorname{PGL}_{2} orbits of irreducibles

9. Implementations for genus 22 and genus 33

References

Enumerating hyperelliptic curves
over finite fields in quasilinear time

5. Explicit coset representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ in $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{2}})$

6. Explicit coset representatives for $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ in $\operatorname{PGL}_{2}({\mathbf{F}}_{q^{p}})$

7. Enumerating $\operatorname{PGL}_{2}({\mathbf{F}}_{q})$ orbit representatives for $\operatorname{Sym}^{n}({\mathbf{F}}_{q})$

7.1. The case $m_{1}=1$

7.2. The case $m_{1}=2$

7.3. The case $3\leq m_{1}\leq n-1$

7.4. The case $m_{1}=n$

8.2. Treating the Galois types $(n-1,1)$ and $(n-2,1,1)$ more efficiently

8.3. More efficient computations of $\operatorname{PGL}_{2}$ orbits of irreducibles

9. Implementations for genus $2$ and genus $3$