use PARI's fflog() for binary finite fields

[yyyyx4]

Currently, FiniteField_ntl_gf2eElement calls generic-group discrete_log() to compute logarithms.

The patch instead calls PARI's fflog(), which uses an index-calculus algorithm and is dramatically faster in some cases.

Sage 9.4:

sage: F.<a> = GF(2^67)
sage: %timeit F.random_element().log(a)
2.78 s ± 270 ms per loop (mean ± std. dev. of 7 runs, 1 loop each)

This patch:

sage: F.<a> = GF(2^67)
sage: %timeit F.random_element().log(a)
359 ms ± 71.8 ms per loop (mean ± std. dev. of 7 runs, 1 loop each)

Examples with highly non-smooth 2^k-1, such as k=61, showcase even larger differences. Examples with very smooth 2^k-1 are occasionally a little bit faster using the naïve code, but after playing around with this for a while I concluded that figuring out which algorithm to use ahead of time is no less costly than just letting PARI deal with it.

The patch does make sure to pass the (at this point, already cached) factorization of 2^k-1 to PARI so we don't factor again.

CC: @tscrim @edgarcosta

Component: number theory

Author: Lorenz Panny

Branch/Commit: 9ba60e7

Reviewer: Edgar Costa, Travis Scrimshaw

Issue created by migration from https://trac.sagemath.org/ticket/32842

[yyyyx4]

Author: Lorenz Panny

[yyyyx4]

Branch: public/use_pari_fflog_for_binary_finite_fields

[yyyyx4]

Commit: f5bdb91

[yyyyx4]

New commits:

f5bdb91

use PARI's fflog for binary finite fields

[edgarcosta]

comment:3

The code looks good to me.
However, I find it odd the comment

Big instances used to take very long before :trac:`32842`::

in the examples block quite odd.

Travis, what do you think?

[tscrim]

comment:4

Are you referring to the English or the example itself? The English is a bit strange to me, and I would phrase it as

Big instances used to take a very long time before :trac:`32842`::

[edgarcosta]

comment:5

The example, as I usually only see trac tickets mentioned under tests referring to a bug that has been fixed.
This is only a minor thing, and if you think it's alright, we can give it a positive review.

[tscrim]

comment:6

I think the example is fine, although it could be made better by having something that takes a really long time (>10s, even better >30s) prior but finishes within 1 second now.

[sagetrac-git]

Branch pushed to git repo; I updated commit sha1. New commits:

9ba60e7

slightly rephrase docstring

[sagetrac-git]

Changed commit from f5bdb91 to 9ba60e7

[yyyyx4]

comment:8

Replying to @tscrim:

I think the example is fine, although it could be made better by having something that takes a really long time (>10s, even better >30s) prior but finishes within 1 second now.

It does: The 2^61 example is a worst-case input for the generic algorithm (because the unit group order 2^61-1 is prime). On my laptop, it eats all my RAM and dies after a couple of minutes. With the patch, it finishes successfully within a few hundred milliseconds.

[edgarcosta]

Reviewer: Edgar Costa, Travis Scrimshaw

[edgarcosta]

comment:9

The patch bot was green before :)

[yyyyx4]

comment:10

Thank you!

[vbraun]

Changed branch from public/use_pari_fflog_for_binary_finite_fields to 9ba60e7