Finite Fields: Part II

Cunsheng Ding

HKUST, Hong Kong

1 The Group

(GF(

pm

)

∗

, ·)

of the Finite Field

GF

₍

_pm

₎

2 _{Extensions and Subfields of Finite Fields}

Our objective

Study the structure of the finite fields

GF

₍

_pm

₎

_.

Deal with extensions and subfields of

GF

₍

_pm

₎

_.

Throughout this lecture, let q

=

pm, where p is any prime and m is any positive

Our first task is to prove that the group

(GF(

q

)

∗

, ·)

is cyclic. To this end, we need to prove a number of auxiliary results.

Proposition 1

For any a

∈ GF(

q

)

∗, there exists a positive integer

ℓ

such that aℓ

=

1.

Proof.

Consider the following sequence of elements in

GF

₍

_q

₎

∗_:

a0

,

a1

,

a2

, · · · .

Since the group

GF

₍

_q

₎

∗_{has order q}

₋

_{1, there exist two distinct 0}

_≤

_h

_<

_k

such that ah

=

ak. Hence, ah

(

ak−h

−

1

) =

0 and ak−h

=

1. The desired conclusion then follows.

The Group

(GF(

q

)

, ·)

of the Finite Field

(

q

)

Definition 2

The order of a

∈ GF(

q

)

∗, denoted by

ord

₍

_a

₎

_{, is the least positive integer}

_ℓ

_such

that aℓ

=

1.

The following theorem was proved in the previous lecture about groups and rings.

Proposition 3 (Lagrange’s Theorem)

For any a

∈ GF(

q

)

∗_,

_ord

₍

_a

₎

_{divides q}

₋

_1.

The following conclusion follows from Proposition 3.

Proposition 4

The proof of the following proposition is left as an exercise.

Proposition 5

The Group

(GF(

q

)

, ·)

of the Finite Field

(

q

)

Proposition 6

For any a

∈ GF(

q

)

∗_{and b}

_{∈ GF(}

_q

₎

∗_{, we have}

ord

₍

_ab

_{) = ord(}

_a

_)ord(

_b

₎

_if

gcd

(ord(

a

), ord(

b

)) =

1.

Proof.

Let

ℓ

be a positive integer such that

(

ab

)

ℓ

₌

_{1. Then a}ℓ

₌

_b−ℓ_{. Hence,}

aℓord(b)

= (

bord(b)

)

−ℓ

=

1. It then follows that

ord

₍

_a

_{) | ℓord(}

_b

₎

_{. Since}

gcd

(ord(

a

), ord(

b

)) =

1,

ord

₍

_a

₎

_divides

_ℓ

_{. By symmetry,}

ord

₍

_b

₎

_divides

_ℓ

_.

Consequently,

lcm

_(ord(

_a

_{), ord(}

_b

₎₎

_{must divide}

_ℓ

_{. But}

lcm

_(ord(

_a

_{), ord(}

_b

_{)) = ord(}

_a

_)ord(

_b

₎

_{, as gcd}

_(ord(

_a

_{), ord(}

_b

_{)) =}

_1.

On the other hand, it is obvious that

(

ab

)

ord₍a)ord(b)

₌

_{1. The desired} conclusion then follows.

Proposition 7

If g

(

x

_{) ∈ F[}

x

]

has degree n, then the equation g

(

x

) =

0 has at most n

solutions in

F

, where

F

is any field.

Proof.

The proof is by induction on n. If n

=

1, the equation is of the form ax

+

b

=

0,

which obviously has only the solution x

= −

b

/

a. If n

≥

2 and g

(

x

) =

0 has no

solution, then we are done. Otherwise, g

(α) =

0 for some

_{α ∈ F}

, and apply the

Division Algorithm to divide g

(

x

)

by x

− α

. Then we have

g

(

x

) =

q

(

x

)(

x

− α) +

g

(α) =

q

(

x

)(

x

− α).

Now deg

(

q

(

x

)) =

n

−

1. By induction, q

(

x

) =

0 has at most n

−

1 solutions.

The Group

(GF(

q

)

, ·)

of the Finite Field

(

q

)

Theorem 8

The multiplicative group

GF

₍

_q

₎

∗_{is cyclic.}

Proof.

We assume that q

≥

3. Let h

:=

q

−

1

=

pr1

1p r2

2

· · ·

p rn

n be the canonical

factorization of q

−

1. For every i with 1

≤

i

≤

n, by Proposition 7, the

polynomial xh/pi

₋

_{1 has at most h}

_/

_p

i roots in

GF

(

q

)

. Since h

/

pi

<

h, it follows

that there are nonzero elements in

GF

₍

_q

₎

_{that are not roots of this polynomial.}

Let ai be such an element, and set bi

=

a

h/pri_i i . By Proposition 3, bp ri i i

=

a h i

=

a q−1

i

=

1. Hence,

ord

(

bi

) =

psii, where

0

≤

si

≤

ri. On the other hand, b pri −1_i i

=

a

h/pi

i

6=

1. It follows that

ord

(

bi

) =

prii.

By Proposition 6, we have

Definition 9

Any element in

GF

₍

_q

₎

∗_{with order q}

₋

_{1 is called a generator of}

GF

₍

_q

₎

∗_{and a}

primitive element of

GF

₍

_q

₎

_.

Theorem 10

GF

₍

_q

₎

_has

_φ(

_q

₋

₁

₎

_{primitive elements.}

Proof.

By Theorem 8,

GF

₍

_q

₎

_{has a primitive element}

_α

_{. Hence, every element}

β ∈ GF(

q

)

∗_{can be expressed as}

_{β = α}

k _{for some k . By Proposition 5,}

_β

_{is a}

primitive element if and only if gcd

(

k

,

q

−

1

) =

1. The desired conclusion then

The Group

(GF(

q

)

, ·)

of the Finite Field

(

q

)

Remark

Let p be any prime. Then a primitive element of

GF

₍

_p

₎

_{is called the primitive}

root of p or modulo p.

Example 11

It is easily verified that 3 is a primitive element of

GF

₍

₇

₎

_{. Note that}

_φ(

₆

_{) =}

_2.

Definition 12

Two fields

_F

1and

F

2are said to be isomorphic if there is a bijection

σ

from

F

1

to

_F2

satisfying the following:

1

σ(

_a

+

_b

) = σ(

_a

) + σ(

_b

)

_{for all a}

,

_b

∈ F1

_. 2

σ(

_ab

) = σ(

_a

)σ(

_b

)

_{for all a}

,

_b

∈ F1

_. 3

σ(

₁

F1

) =

1F2, where 1F1 and 1F2 are the identities of

F1

and

F2

, respectively.

Remarks

Two isomorphic fields have the same properties, and thus can be viewed as identical.

In an assignment problem, you will be asked to prove that two finite fields are isomorphic.

The following theorem can be found in Chapter 2 of Lidl and Niederreiter.

Theorem 13

Any finite field with pmelements is isomorphic to

GF

₍

_pm

₎

_{, constructd with a}

fixed monic irreducible polynomial

π(

x

) ∈ GF(

p

)[

x

]

with degree m.

Remark

Due to this theorem, we do not need to specify the monic irreducible

Definition 14

Let

_F

be a field. A subset

_K

of

_F

that is itself a field under the operations of

_F

will be called a subfield of

_F

. In this context,

_F

is called an extension field of

_K

. If

_{K 6= F}

, we say that

_K

is a proper subfield of

_F

.

A field containing no proper subfields is called a prime field. Examples of prime fields are

GF

₍

_p

₎

_{, where p is any prime.}

Example 15

Theorem 16

If

GF

₍

_pk

₎

_{is a subfield of}

GF

₍

_pm

₎

_{, then k}

_|

_m.

Proof.

Every b

∈ GF(

pm

)

must be a root of xpm

=

x . Every a

∈ GF(

pk

)

must be a root

of xpk

=

x . Since

GF

₍

_pk

_{) ⊆ GF(}

_pm

₎

_{, every a}

_{∈ GF(}

_pk

₎

_{is also a root of}

xpm

=

x . Thus,

(

xpk

−

x

) | (

xpm

−

x

)

, and

(

xpk−1

−

1

) | (

xpm−1

−

1

)

. It then follows that

xpk−1

−

1

=

gcd

(

xpk−1

−

1

,

xpm−1

−

1

).

But, we have

gcd

(

xpk−1

−

1

,

xpm−1

−

1

) =

xgcd(pk−1,pm−1)

−

1

=

xpgcd(k, m)−1

−

1

.

(1)

Theorem 17

Let k

|

m. Then

GF

₍

_pm

₎

_{has a subfield with p}k _elements.

Proof.

Since k

|

m, it follows from (1) that

(

xpk

−

x

) | (

xpm

−

x

)

. Note that all the

elements of

GF

₍

_pm

₎

_{are the roots of x}pm

₋

_x

₌

_{0. It then follows that the set}

K = {

a

∈ GF(

pm

) |

apk

=

a

}

has cardinality pk. Let a

,

b

_{∈ K}

. Then

(

a

+

b

)

pk

=

apk

+

bpk

=

a

+

b

, (

ab

)

pk

=

apkbpk

=

ab

, (

a−1

)

pk

= (

apk

)

−1

₌

a−1

.

Theorem 18

Let k

|

m and let

GF

₍

_pk

₎

_{denote the subfield of}

GF

₍

_pm

₎

_{. Let}

_α

_{be a generator}

of

GF

₍

_pm

₎

∗_{, and let}

_{β = α}

(pm−1)/(pk−1)_{. Then}

_β

_{is a generator of}

_GF

₍

_pk

₎

∗_.

Proof.

By definition,

β

pk

= β

. It then follows from the proof of heorem 17 that

β ∈ GF(

pk

)

. By Proposition 5,

ord

_{(β) =}

ord

(α)

gcd



ord

_(α),

pm−1 pk₋₁

 =

pm

−

1 gcd



pm

₋

₁

_,

pm₋₁ pk₋₁

 =

p k

₋

1

.

Let r be a power of p in the following.

Definition 19

Let

ℓ ≥

1 be an integer. For any a

∈ GF(

rℓ

)

∗, the monic polynomial

Pa(x

) ∈ GF(

r

)[

x

]

with the least degree such that Pa(a

) =

0 is called the

minimal polynomial over

GF

₍

_r

₎

_{of a.}

Remarks

The existence of the minimal polynomial is guaranteed by Proposition 4 (i.e., arℓ−1

−

1

=

0).

By definition, Pa(x

)

is irreducible over

GF

₍

_r

₎

_.

Minimal Polynomials over

(

r

)

of Elements in

(

r

)

Proposition 20

Let a

∈ GF(

rℓ

)

∗_{. Then the minimal polynomial Pa(x}

₎

_{of a over}

GF

₍

_r

₎

_has

degree at most

ℓ

.

Proof.

Note that arℓ

=

a for any a

∈ GF(

rℓ

)

∗. The set

{

ari

:

i

=

0

,

1

,

2

, ℓ −

1

}

has at

most

ℓ

elements. Let e be the smallest positive integer such that are

=

a. Then

e

≤ ℓ

. Define g

(

x

) =

e−1

∏

i=0

(

x

−

ari

).

Since g

(

x

)

r

₌

_g

₍

_xr

₎

_{, g is a polynomial over}

_GF

₍

_r

₎

_{. On the other hand,}

Proposition 21

If

α

is a generator of

GF

₍

_rℓ

₎

∗_{, the minimal polynomial Pα}

₍

_x

₎

_{has degree}

_ℓ

_.

Proof.

Let

α

is a generator of

GF

₍

_rℓ

₎

∗_{. Suppose that the minimal polynomial Pα}

₍

_x

₎

has degree e

< ℓ

. Let

Pα

(

x

) =

xe

+

ae−1xe−1

+

ae−2xe−2

+ · · · +

e1x

+

e0.

Then each

α

i _{can be expressed as}

∑

ek−=10bk

α

k, where all bi

∈ GF(

r

)

. Then we

have

|{

0

, α

0

, α

1

, α

2

, · · · , α

rℓ−2

}| ≤

re

<

rℓ

.

This is contrary to the assumption that

α

is a generator of

GF

₍

_rℓ

₎

∗_{. The}

The Finite Field

(

2

)

Example 22

Let

α

be a generator of

GF

₍

₂3

₎

∗_{with minimal polynomial P}

α

(

x

) =

x3

+

x

+

1.

Then the minimal polynomials of all the elements over

GF

₍

₂

₎

_are:

0 x

,

α

0 x

−

1

,

α

1 _x3

₊

_x

₊

₁

_,

α

2 _x3

₊

_x

₊

₁

_,

α

3 x3

+

x2

+

1

,

α

4 _x3

₊

_x

₊

₁

_,

α

5 _x3

₊

_x2

₊

₁

_,

α

6 x3

+

x2

+

1

.

Note that the canonical factorization of x23−1

−

1 over

GF

₍

₂

₎

_{is given by}