Hi!
I'm trying to compute the norm of an element by using the product of its conjugates. This works fine for extensions of prime fields, but seems to give me results different than expected for extension towers.
Example from BLS12-381 curve:
field_modulus = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787
Fp = GF(field_modulus)
R.<x> = Fp[]
Fp2.<u> = Fp.extension(x^2 + 1)
R2.<y> = Fp2[]
Fp6.<v> = Fp2.extension(y^3 - (u+1))
# This works for Fp2, which is an extension of a prime field
elem_fp2 = Fp2([1, 1])
fp2_norm_from_conjugates = elem_fp2 * elem_fp2 ^ field_modulus
elem_fp2.norm() == fp2_norm_from_conjugates
# But not for the towered extension Fp6
elem_fp6 = Fp6([1, 1, Fp2([2, 3])])
fp6_norm_from_conjugates = elem_fp6 * (elem_fp6 ^ field_modulus) * (elem_fp6 ^ (field_modulus^2))
elem_fp6.norm() == fp6_norm_from_conjugates
# False
What I am expecting from the above is that norm() maps an element from the extension field to an element in the base field, i.e. elem_fp2.norm() to return an element of Fp and elem_fp6.norm() an element of Fp2.
This is indeed true when I use the norm() method (which, under the hood uses matrix().determinant()), but fails when using the element's conjugates in the towered field.
(I'm using pages 57-58 of the [Finite Fields] (https ://archive.org/details/finitefields0000lidl_a8r3/) book as reference, which states that I should just be able to multiply the elements and all its conjugates to get the norm):
\alpha * \alpha^q * ... * \alpha^(q^m-1)
Am I doing something wrong?
