Subfields, conjugates, and idempotents

The field F has a Fourier transform of blocklength n if F contains an element ω of order n. If F contains no element of order n, then no Fourier transform exists of blocklength n over F. If the extension field E contains an elementω of order n, then there is a Fourier transform of blocklength n in E, which has the same form as before:

V_j =

n−1

i=0

ω^ijvi j= 0, . . . , n − 1.

Now, however, the vector V has components in the extension field E even if v has components only in the field F. We wish to describe the nature of any vector V in the vector space Eⁿthat is the Fourier transform of a vector v in the vector space Fⁿ. Theorem 1.9.1 The vector V over the complex field C is the Fourier transform of a vector v over the real field R if and only if, for all j,

V_j^∗= Vn−j.

The vector V over the finite field GF(q^m) is the Fourier transform of a vector v over GF(q) if and only if, for all j,

V_j^q= V_((qj)).

Proof: The first statement is well known and straightforward to prove. The second statement is proved by evaluating the following expression:

V_j^q=

n
−1

i=0

ω^ijvi

q

.

In any field of characteristic p,

p^s

= p^s!/(( p^s−
)!
!) = 0 (mod p) for 0 <
< p^s. This implies that in GF(q^m), (a + b)^q= a^q+ b^qif q is a power of p, because all other terms are of the form_q

a^q−
b
, and so are equal to zero modulo p because_q

is a multiple of p. From this we can write

V_j^q=

n−1

i=0

ω^qijv_i^q.

35 1.9 Subfields, conjugates, and idempotents

Then we use the fact that a^q= a for all a in GF(q) to write

V_j^q=

n−1

i=0

ω^iqjvi= V_((qj)).

This completes the proof.

The conjugacy constraint, given by V_j^q= V_((qj)),

leads us to a special relationship between an extension field GF(q^m) and a subfield GF(q); this is the relationship of conjugacy. In the finite field GF(q^m), the qⁱth powers of an elementβ, for i = 1, . . . , r − 1, are called the q-ary conjugates of β (with r the smallest positive integer for whichβ^qr = β). The set

{β, β^q,β^q2,. . . , β^qr−1}

is called the set of q-ary conjugates ofβ (or the Galois orbit of β). If γ is a conjugate of β, then β is a conjugate of γ . In general, an element has more than one q-ary conjugate. If an element of GF(q^m) has r q-ary conjugates (including itself), it is an element of the subfield GF(q^r) ⊂ GF(q^m), so r divides m. Thus, under conjugacy, the field decomposes into disjoint subsets called conjugacy classes. The term might also be used to refer to the set of exponents on a primitive element of the members of a set of q-ary conjugates.

In the binary field GF(2^m), all binary powers of an element β are called the binary conjugates ofβ. The binary conjugacy classes in the field GF(16), for example, are {α⁰}, {α¹,α²,α⁴,α⁸}, {α³,α⁶,α¹²,α⁹}, {α⁵,α¹⁰}, and {α⁷,α¹⁴,α¹³,α¹¹}. The con-jugacy classes might also be identified with the exponents of α as {0}, {1, 2, 4, 8}, {3, 6, 12, 9}, {5, 10}, and {7, 14, 13, 11}. These sets can be represented by the four-bit binary representation of the leading term as 0000, 0001, 0011, 0101, and 0111. The cyclic shifts of each of these four-bit numbers then give the binary representation of the other elements of that conjugacy class.

The q-ary conjugacy classes of size 1 form the subfield GF(q) within GF(q^m).

To recognize the elements of the subfield, note that every element of GF(q) satisfies β^q = β, and x^q− x can have only q zeros in GF(q^m), so these are the elements in the q-ary conjugacy classes of size 1. For example, the four elements of GF(64) that satisfyβ⁴= β are the four elements of the subfield GF(4).

The sum of all elements of a q-ary conjugacy class of GF(q^m), β + β^q+ β^q2+ · · · + β^qr−1,

is called the trace, or the q-ary trace, ofβ and is denoted tr(β). The q-ary trace is an element of GF(q) because

(tr(β))^q= (β + β^q+ β^q2+ · · · + β^qr−1)^q

= β^q+ β^q2+ · · · + β^qr−1+ β

= tr(β).

In the binary field GF(2^m), the sum of all binary conjugates of β is called the binary trace ofβ. Elements in the same conjugacy class have the same binary trace. In the field GF(16), the binary traces of elements in the conjugacy classes of α⁰,α¹,α³,α⁵, andα⁷are 1, 0, 1, 1, and 1, respectively.

A binary idempotent polynomial (or idempotent) is a polynomialw(x) over GF(2) whose transform has components W_j that only take values 0 and 1. Because W_j² = W_j, the convolution theorem asserts that an idempotent polynomial satisfiesw(x)²= w(x)(mod xⁿ− 1). The conjugacy constraint W_j² = W_((2j))implies that ifw(x) is an idempotent polynomial, then W_j takes the same value, either 0 or 1, on every j for whichα^jis in the same conjugacy class.

For example, the binary conjugacy classes of GF(8) are {α⁰}, {α¹,α²,α⁴}, and {α³,α⁶,α⁵}. Because there are three conjugacy classes and 2³ ways of taking unions of these, there are 2³ idempotent polynomials. Of these, two are trivial.

The spectra of the nontrivial idempotent polynomials are W = (1, 0, 0, 0, 0, 0, 0), (0, 1, 1, 0, 1, 0, 0), (0, 0, 0, 1, 0, 1, 1), and all pairwise componentwise sums of these three spectra. There are six such nontrivial spectra. These correspond to idempotent polynomialsw(x) = x⁶+ x⁵+ x⁴+ x³ + x²+ x + 1, x⁴+ x²+ x, x⁶+ x⁵+ x³, and all pairwise sums of these polynomials. Each idempotent polynomial satisfies the equation

w(x)²=w(x) (mod x⁷− 1).

There are exactly six nontrivial solutions to this equation, and we have found all of them.

A sequence V_j, j= 0, . . . , n − 1, in the field GF(q^m) that arises by evaluating a poly-nomialv(x) with coefficients in the field GF(q) must obey the conjugacy constraints.

What can one say about the connection polynomial of such a sequence? The minimum linear recursion of a sequence always respects conjugacy relationships when they exist.

Seemingly mysterious coincidences occur, which are described by Theorems1.9.2 and1.9.3.

37 1.9 Subfields, conjugates, and idempotents

Proof: By assumption, V_2r = V_r². The proof consists of giving two expressions for the same term. First, using 1+ 1 = 0 in a field of characteristic 2, we have that

V_r²=

By symmetry, every term with i= k appears twice, and, in fields of characteristic 2, these two terms add to 0. Hence only the diagonal terms (with i= k) contribute. Thus

V_2r= −

Because this agrees with the earlier expression for V_r²and V_r² = V2r, the theorem is

proved.

One consequence of the theorem is that if the sequence V₀, V₁,. . . , Vn−1 is the Fourier transform of a binary-valued vector, then to test whether((x), L) produces the sequence, only values produced by the recursion for odd values of j need to be verified. For even values of j, the theorem tells us that the recursion is automatically satisfied if it is satisfied for all prior values of j.

Now that we have seen how to prove this theorem for finite fields of characteristic 2, we can understand more readily the proof of the theorem generalized to a finite field of arbitrary characteristic.

Theorem 1.9.3 For any sequence satisfying V_j^q = V_((qj)) in the field GF(q^m) of characteristic p, and if the linear recursion

V_j = −

L i=1

iV_j−i

holds for j= L, . . . , qr − 1, then it also holds for j = qr.

Proof: We shall give two expressions for the same term. By assumption, V_j^q= V_((qj)). The first expression is given by

V_r^q=

To derive the second expression, embed the linear recursion into itself to obtain

V_qr = −

The final step of the proof is to collapse the sum on the right, because, unless k₁ = k₂ = k3 = · · · = kq, each term will recur in multiples of the field characteristic p, and each group of p identical terms adds to zero modulo p. To continue, regard the multiple index(k1, k₂, k₃,. . . , kq) as a q-ary n-tuple. The sum is over all such n-tuples.

Two distinct n-tuples that are related by a permutation give the same contribution to the sum. The right side is invariant under permutations of the indices(k1, k₂,. . . , kq).

In particular, the right side of the equation is invariant under cyclic shifts. Given any set of indices, consider the set of all of its cyclic shifts, denoted{(k1, k₂,. . . , km)}. The number of elements in this set must divide q and so is a power of p, possibly the zero power. If two or more terms are related by a permutation, then there are p such equal terms, and they add to zero modulo p. Therefore the expression collapses to

V_qr = −

Consequently, because two terms equal to the same thing are equal to each other, we have that

39 1.10 Semifast algorithms based on conjugacy