Finite Fields

Introduction to Finite Fields

Finite fields are the general starting point for the constructions of many combinatorial structures. It will be important to know the fundamentals concerning these fields in order to investigate combinatorial structures and related areas of combinatorial interest. Unfortunately, the area of field theory is rather large and it would be impossible for us to cover it in detail and still have time to work with the results. In the interest of conserving time, we will present the elements of general field theory without proofs and only prove statements when we turn our attention specifically to finite fields. The material that we will gloss over is usually covered in a graduate (or good undergraduate) course in abstract algebra. Some texts that you may consult to fill in the gaps are (in order of difficulty):

Fraleigh, A First Course in Abstract Algebra, Addison-Wesley, Reading, 1976.
Herstein, Topics in Algebra, Xerox, Lexington, 1975.
Lang, Algebra, Addison-Wesley, Reading, 1971.

It will be assumed that you are familiar with the definition of a field, the definition and basic properties of vector spaces and the fact that the integers modulo a prime p form a field (a finite one), which we will denote by GF(p) (standing for the Galois Field of order p).

II.1 GENERAL FIELD THEORY

Let L be a field containing a subset K, which is itself a field under the operations inherited from L. Then L is called an extension of K, and K a subfield of L. Every field has a smallest subfield, called the prime subfield, which is isomorphic to either the field of rationals Q, in which case we say that it has characteristic zero, or to a GF(p) for some prime p, in which case we say that it has characteristic p. We shall denote the characteristic of an arbitrary field K by char K.

If L is an extension of K (denoted L > K), and þ is an element of L but not an element of K, then the smallest field containing both K and þ will be denoted by K(þ) and is a subfield of L. Similarly, the smallest field containing K and the elements þ₁,þ₂, ... ,þ_n in L > K will be written as K(þ₁,þ₂, ... ,þ_n). Any extension field L of K can be viewed as a vector space over K and the dimension of this vector space is called the degree of L over K, and is denoted by [L:K]. If the vector space is finite dimensional we say that L is a finite extension of K. If L is a finite extension of K and M is a finite extension of L, then [M:K] = [M:L][L:K].

Denote by K[x] the ring of polynomials over K in the variable x. K[x] is a principal ideal domain (an ideal is a subring that is closed under multiplication, a principal ideal is an ideal generated by a single element, and a principal ideal domain is a commutative ring with unity all of whose ideals are principal). A polynomial in K[x] is said to be monic if the coefficient of the highest power in x is unity. It is irreducible if it is not the product of two nonscalar polynomials in K[x]. If f(x) is an irreducible polynomial in K[x], then any zero (i.e., root) of f(x) is not in K and so there is a smallest extension field L of K that contains it. Furthermore, L is isomorphic to the quotient field K[x]/<f(x)>, where <f(x)> denotes the principal ideal of K[x] generated by f(x). If the irreducible polynomial f(x) is of degree n, then [L:K] = n. Furthermore, if þ is the zero of f(x) in question, then L = K(þ) and the elements 1,þ,þ²,..., þ^n-1 form a basis of L over K.

Before we continue, let us illustrate these ideas with a well-known example. The field C of complex numbers is usually described in one of two ways, either as the set of numbers {a + bi} where a and b are real numbers and i = sqrt(-1), or if you prefer not to mention the imaginary number i, C can be described as the set of all pairs (a,b) of real numbers where addition of two pairs is the usual componentwise addition and multiplication of two pairs is defined by (a,b)(c,d) = (ac - bd, ad + bc). The second version is of course viewing C as a vector space of dimension 2 over the real numbers R. Let us see how we would construct C starting with the subfield R. Now K = R and K[x] is the ring of all polynomials with real coefficients. The polynomial x2 + 1 is monic since the coefficient of x2 is 1 and it is irreducible over R since it cannot be factored into polynomials with only real coefficients. The principal ideal <x²+1> consists of all polynomials that have x²+1 as a factor. The quotient field structure, R[x]/<x²+1> is obtained by taking each polynomial in R[x] and dividing it by x²+1. The polynomials that have the same remainder after division form equivalence classes, which are the elements of the quotient field. The different possible remainders are the polynomials a + bx, where a,b in R, and we identify the equivalence classes with these remainders. The association a + bx iff a + bi clearly shows that the quotient field and C are isomorphic. Now, let þ be a zero of x² + 1, i.e. þ² + 1 = 0 , so þ = sqrt(-1) = i which is not an element of R. {1,i} forms a basis for C over R since every element of C can be written as a(1) + b(i) with a,b in R and 1 and i are easily seen to be linearly independent. Using this basis, we can identify the elements of C with their coefficient vectors, i.e. a + bi iff (a,b) to get the second representation as a vector space of dimension 2 (notice the highest power of x in the irreducible polynomial).

Let f(x) be in K[x], then the smallest field containing K and all the zeros of f(x) is called the splitting field of f(x) over K. We may call it "the" splitting field due to the following theorem:

Theorem II.1.1 - Let f(x) be an irreducible polynomial in K[x], then a splitting field for f(x) over K exists and any two such splitting fields are isomorphic.

If f(x) is a polynomial in K[x] of degree n, then its splitting field over K is at most of degree n! and this bound may or may not be obtained, depending on the polynomial and the field. We now consider some elementary properties of polynomials over a field. If f(x) in K[x] is given by
f(x) = ß_n xⁿ + ß_n-1 x^n-1 + ... + ß₁ x + ß₀ , where ß_i in K
then the formal derivative of f(x), denoted by f'(x) is the polynomial
f'(x) = nß_n x^n-1 + (n-1)ß_n-1 x^n-2 + ... + ß₁
which is a polynomial of degree at most n - 1. Note that the formal derivative of a polynomial may be zero even though the polynomial is not a constant, for example if K = GF(3), where 3 = 0, the polynomial f(x) = x³ + 2 has a zero formal derivative. A polynomial f(x) in K[x] is said to have a zero þ of multiplicity m in some extension field L of K if m is the largest positive integer for which

(x-þ)^m | f(x)

in L[x], where the vertical bar indicates division with no remainder. The zeros of an irreducible polynomial f(x) in K[x] in the splitting field for f(x) over K are called conjugates. Let f(x), g(x) in K[x] be two polynomials such that deg f > deg g. By the Euclidean algorithm there exist two polynomials q(x) and r(x) such that

f(x) = q(x)g(x) + r(x), where deg r < deg g.

By repeated application of the algorithm, the greatest common divisor (or gcd) d(x) of f(x) and g(x) (denoted by (f(x), g(x)) ) can be expressed as
d(x) = (f(x),g(x)) = a(x)f(x) + b(x)g(x), for some a(x),b(x) in K[x].

For further reference we collect some elementary properties of polynomials in the following theorem.

Theorem II.1.2 - Let f(x), g(x) in K[x] and let L be any extension of K. Then:
(i) if (f(x), g(x)) = d(x) in K[x] then (f(x), g(x)) = d(x) in L[x].
(ii) f(x) | g(x) in K[x] iff f(x) | g(x) in L[x].
(iii) f(x) has a multiple zero iff (f(x), f'(x)) is not 1.

It is significant that two polynomials have a common root in some extension field if they have a common divisor over the original field. The question of multiplicities of roots of irreducible polynomials can be settled precisely. If f(x) in K[x], char K = 0 and f(x) is irreducible, then f(x) cannot have multiple zeros. If char K = p, then an irreducible polynomial f(x) having multiple zeros must be of the form f(x) = g(x^p ) for some polynomial g(x) in K[x]. In this case each zero of f(x) has the same multiplicity. It can be shown that if f(x) is an irreducible polynomial over a finite field, then it has only simple (multiplicity one) zeros.

Theorem II.1.3 - A polynomial f(x) in K[x] of degree n has at most n zeros in any extension of K.

We consider now the concept of field isomorphism, which will be useful in the investigation of finite fields. An isomorphism of the field K₁ onto the field K₂ is a one-to-one onto map that preserves both field operations, i.e.,
µ(þ + ß) = µ(þ) + µ(ß), µ(þß) = µ(þ)µ(ß) for all þ,ß in K1 .

An automorphism of K is an isomorphism of K onto itself. The set of all automorphisms of a field forms a group under composition. If µ₁,µ₂,...,µ_n are distinct isomorphisms of K₁onto K₂, then these isomorphisms are linearly independent over K₂ in the sense that if
Sum a_i µ_i (b) = 0 with a_i in K₂
for all b in K₁ , then all the a_i must = 0. In particular, distinct automorphisms of a field are linearly independent.

A field automorphism leaves the elements of the prime subfield fixed. The automorphism may leave a larger subfield fixed. More generally, if

K' = { a in K | µ_i (a) = a, i = 1,...,n }

then K' is a subfield of K, called the fixed field of K with respect to the automorphisms µ_i. It can be shown that [K:K'] >= n. We will be interested in subgroups of the group of all automorphisms that fix certain subfields. We denote the group of all automorphisms of a field L by G(L) and the subgroup of G(L) that fixes all elements of the subfield K of L by G(L/K). It is important to note that the fixed field of G(L/K) may properly contain K. It is easily shown that G(L/K) is a subgroup of G(L), conversely, if H is any subgroup of G(L), then the set of elements of L fixed by H is a subfield of L.

II.2 - FUNDAMENTAL PROPERTIES OF FINITE FIELDS

We now restrict our attention to finite fields, i.e., fields with a finite number of elements. A finite field, since it cannot contain Q, must have a prime subfield of the form GF(p) for some prime p, also:

Theorem II.2.1 - Any finite field with characteristic p has pⁿ elements for some positive integer n.

Proof: Let L be the finite field and K the prime subfield of L. The vector space of L over K is of some finite dimension, say n, and there exists a basis þ₁,þ₂, ... ,þ_n of L over K. Since every element of L can be expressed uniquely as a linear combination of the þ_i over K, i.e., every a in L can be written as, a = Sum ß_i þ_i , with ß_i in K, and since K has p elements, L must have pⁿ elements. ¶

This theorem, while it does restrict the size of a finite field, does not say that one will exist for a particular power of a prime, nor does it specify how many finite fields can exist of a particular order. The answers to these questions can be deduced from the following theorem.

Theorem II.2.2 - Let L be a field with characteristic p and prime subfield K. Then L is the splitting field for $[f(x) = x^{p^n} - x ]$ iff L has pⁿ elements.

Proof: Suppose that L is the splitting field for $[f(x) = x^{p^n} - x ]$ over K. Since (f(x), f'(x)) = 1, the roots of f(x) are distinct and so L has at least pⁿ elements. Consider the subset

E = { þ in L | þ^pⁿ = þ }

of L. Clearly E contains pⁿ elements since it consists of the roots of f(x). Suppose that þ,ß in E; then (þß)^pⁿ = (þ)^pⁿ (ß)^pⁿ = þß and hence, þß in E. Also,

$[(a+b)^{p^n} = a + b]$

since p | C(pⁿ, i) for 0 < i < pⁿ , and hence, (þ + ß ) in E. The existence of additive and multiplicative inverses is easy to show, so E is a subfield of L and also a splitting field for f(x). Thus by Thm II.1.1 E = L and L contains pⁿ elements.

Suppose now that L contains pⁿ elements. The multiplicative group of L, which we will denote by L*, forms a group of order pⁿ - 1 and hence the order of any element of L* divides pⁿ - 1. Thus þ^pⁿ = þ for all þ in L* and the relation is trivially true for þ = 0. Thus f(x) splits in L. ¶

Now for some important corollaries.

Corollary II.2.3 - There is a unique (up to isomorphism) field of order pⁿ.

Proof: Since f(x) splits over any field with this many elements and by Thm II.1.1 splitting fields are unique, this result follows. ¶

Corollary II.2.4 - GF(pⁿ) is the splitting field for $[f(x) = x^{p^n} - x ]$ over GF(p).

Proof: This is just a restatement of Thm II.2.2 and Cor II.2.3. ¶

Corollary II.2.5 - For any prime p and integer n, GF(pⁿ) exists.

Proof: By Thm II.1.1 the splitting field exists and by Cor II.2.4 it is GF(pⁿ). ¶

The following important theorem is useful in establishing the subfield structure of the Galois Fields among other things.

Theorem II.2.6 - GF(pⁿ)* is cyclic.

Proof: The multiplicative group GF(pⁿ)* is, by definition, abelian and of order pⁿ - 1. If [p^n - 1 written as a product of primes] , then, factoring GF(pⁿ)* into a direct product of its Sylow subgroups, we have
GF(pⁿ)* = S(p₁ ) × ... × S(p_k)

where S(p_i ) is the Sylow subgroup of order (p_i)^e_i . The order of every element in S(p_i) is a power of p_i and let a_i in S(p_i ) have the maximal order, say (p_i)^e'_i, e'_i <= e_i ,for i = 1,...,k. Since (p_i, p_j) = 1, i not equal j, the element a = a₁a₂ ... a_k has maximal order m = (p₁)^e'-1 ...(p_k)^e'_k in GF(pⁿ)*. Furthermore every element of GF(pⁿ)* satisfies the polynomial x^m -1, implying that m >= pⁿ -1. Since a in GF(pⁿ)* has order m, m divides pⁿ -1 and so, m = pⁿ -1. Thus the element a is a generator and GF(pⁿ)* is cyclic. ¶

A generator of GF(pⁿ)* is called a primitive element of GF(pⁿ).

The following theorem has some useful consequences.

Theorem II.2.7 - Over any field K, (x^m - 1) | (xⁿ - 1 ) iff m | n.

Proof: If n = qm + r, with r < m, then by direct computation

[x^n - 1 = (x^m -1)Q(x) + (x^r - 1)]

It follows that (x^m - 1) | (xⁿ - 1) iff x^r - 1 = 0, i.e., r = 0. ¶

Corollary II.2.8 - For any prime integer p, (p^m - 1) | (pⁿ - 1) iff m | n.

Proof: Basically the same as that of the theorem, do for homework.***********

Theorem II.2.9 - GF(p^m ) is a subfield of GF(pⁿ ) iff m | n.

Proof: Suppose GF(p^m ) is a subfield of GF(pⁿ ); then GF(pⁿ ) may be interpreted as a vector space over GF(p^m ) with dimension, say, k. Hence, pⁿ = p^km and m | n.

Now suppose m | n, which from the previous theorem and its corollary implies that (x^{p^m - 1} - 1) | (x^{pⁿ - 1} - 1). Thus every zero of x^{p^m} - x that is in GF(p^m) is also a zero of x^pⁿ - x and hence in GF(pⁿ). It follows that GF(p^m ) is contained in GF(pⁿ). Notice that there is precisely one subfield of GF(pⁿ) of order p^m, otherwise x^{p^m} - x would have more than p^m roots. ¶

Although we will not prove it, the automorphism group of a finite field is cyclic. The standard generator of this group is the so-called Frobenius automorphism defined for a finite field of characteristic p as the map x --> x^p for all x in GF(pⁿ ).

(Homework: Prove that this map is a field automorphism)**************

II.3 - CONSTRUCTING FINITE FIELDS

We will illustrate the above material by actually constructing some finite fields. The first will be of characteristic 3 and the second of characteristic 2.

II.3.1 - GF(9)

Since 9 = 3², the prime field must be GF(3) whose elements we will represent by 0,1 and 2, and where addition and multiplication are done modulo 3. We seek an extension of degree 2 over the prime field, so our first task is to find a monic irreducible polynomial of degree 2 in GF(3)[x]. For large field this can be a difficult assignment, but for small fields it is not too bad. While there are some theorems that may help, the brute force procedure is effective if the prime field is small. We can in fact easily list all of the monic quadratics in this ring, they are:

x²
x² + 1
x² + 2
x² + x
x² + x + 1
x² + x + 2
x² + 2x
x² + 2x + 1
x² + 2x + 2

Now the problem is to find the irreducible ones in this list. Clearly, any polynomial without a constant term is factorable (x is a factor), so the first, fourth and seventh can immediately be crossed out. For the remaining six polynomials, we may opt for one of two procedures. We could take each in turn and substitute all the field elements for x, if none of these substitutions evaluates to zero, the polynomial is irreducible (i.e., it has no root in the field). So, for example, substituting in x² + 2 gives the values 0² + 2 = 2, 1² + 2 = 0 and 2² + 2 = 0, thus x² + 2 factors, in fact x² + 2 = (x + 1)(x + 2). On the other hand, the same procedure for x² + 1 gives 0² + 1 = 1, 1² + 1 = 2 and 2² + 1 = 2 and so x² + 1 is irreducible. The second possible procedure is to take all the linear factors (in this case, because we want quadratic products) and multiply them in all possible pairs to get a list of all the factorable quadratics, removing these from our list leaves all the irreducible quadratics. So,

(x + 1)(x + 1) = x² + 2x + 1
(x + 1)(x + 2) = x² + 2
(x + 2)(x + 2) = x² + x + 1

implying that
x² + 1 , x² + x + 2 and x² + 2x + 2 are the only irreducible monic quadratic polynomials in GF(3)[x]. We could now choose any one of these letting þ be a zero of the chosen polynomial and write out the elements of GF(9) in its vector form representation using the basis {1, þ}. This however does not give us the most useful representation of the field. Rather, we will use the fact that the multiplicative group of the field is cyclic, so if we can find a primitive element (i.e., a generator of the cyclic group) we will have a handy representation of the elements. Now the primitive elements are to be found among the roots of the irreducible polynomials (they cannot be elements of the prime field). The cyclic group we are after has order 8, so not every root need be primitive. For example, letting þ be a root of x² + 1, i.e., þ² + 1 = 0, so þ² = 2, we can write out the powers of þ.
þ¹ = þ , þ² = 2, þ³ = 2þ, þ⁴ = 2þ(þ) = 2þ² = 2(2) = 1
and so þ has order 4 and does not generate the cyclic group of order 8, i.e., þ is not a primitive element. On the other hand, consider µ a root of the polynomial x² + x + 2, so that µ² + µ + 2 = 0 or µ² = 2µ + 1. Now the powers of µ give us:

µ¹ = µ
µ² = 2µ + 1
µ³ = µ(2µ + 1) = 2µ² + µ = 2(2µ + 1) + µ = 2µ + 2
µ⁴ = 2µ² + 2µ = µ + 2 + 2µ = 2
µ⁵ = 2µ
µ⁶ = 2µ² = µ + 2
µ⁷ = µ² + 2µ = 2µ + 1 + 2µ = µ + 1
µ⁸ = µ² + µ = 2µ + 1 + µ = 1

So µ is a primitive element and so we have represented the elements of GF(9) as the 8 powers of µ together with 0. Notice also that the bolded terms on the right are all the possible terms that can be written as linear combinations of the basis {1,µ} over GF(3). When working with finite fields it is convenient to have both of the above representations, since the terms on the left are easy to multiply and the terms on the right are easy to add. So for instance, if we wanted to calculate (2µ+2)³ + µ + 2, we would do so in this way, (2µ+2)³ = (µ³)³ = µ⁹ = µ and so (2µ+2)³ + µ + 2 = µ + µ + 2 = 2µ + 2 = µ³.

II.3.2 - GF(8)

Since 8 = 2³, the prime field is GF(2) and we need to find a monic irreducible cubic polynomial over that field. Since the coefficients can only be 0 and 1, the list of irreducible candidates is easily obtained.

x³ + 1
x³ + x + 1
x³ + x² + 1
x³ + x² + x + 1

Now substituting 0 gives 1 in all cases, and substituting 1 will give 0 only if there are an odd number of x terms, so the irreducible cubics are just x³ + x + 1 and x³ + x² + 1. Now the multiplicative group of this field is a cyclic group of order 7 and so every nonidentity element is a generator. Letting µ be a root of the first polynomial, we have µ³ + µ + 1 = 0, or µ³ = µ + 1, so the powers of µ are:

µ¹ = µ
µ² = µ²
µ³ = µ + 1
µ⁴ = µ² + µ
µ⁵ = µ² + µ + 1
µ⁶ = µ² + 1
µ⁷ = 1

Now suppose we had chosen a root of the second polynomial, say , þ. We would then have þ³ = þ² + 1 and the representation would be given by

þ¹ = þ
þ² = þ²
þ³ = þ² + 1
þ⁴ = þ² + þ + 1
þ⁵ = þ + 1
þ⁶ = þ² + þ
þ⁷ = 1

We know that these two representations must be isomorphic, show that the isomorphism is induced by µ --> þ⁶. ******************************

REFERENCES

The original granddaddy in the area is:
Dickson, Linear Groups (with an Exposition of the Galois Field Theory), Dover, 1958.

This is a reprint of what had been the only source on finite fields. It is fairly difficult reading now since the notation and style are very old (the original book was written in 1900), but it deserves to be mentioned for its significance in the development of modern algebra. Only the first half of the book deals with finite fields per se, the rest is devoted to the automorphism groups of these fields.

Another place to look for finite fields is in any book on algebraic coding theory, since this theory builds on vector spaces over finite fields these books usually devote some time to them.

Berlekamp, Algebraic Coding Theory, McGraw-Hill, New York 1968.

Blake & Mullin, An Introduction to Algebraic and Combinatorial Coding Theory, Academic Press, 1976.

Pless, Introduction to the Theory of Error-Correcting Codes, Wiley, 1982.

A recent tome is devoted to finite fields; it tends to be encyclopedic but is a good source.
Lidl & Niederreiter, Finite Fields, Vol. 20 in the Encyclopedia of Mathematics and its Applications, Addison-Wesley, 1983. [Reprinted by Cambridge University Press, 1987]

The same authors have also published a book on applications of finite fields which is more of a text than the above cited volume.
Lidl & Niederreiter, Introduction to Finite Fields and their Applications, Cambridge University Press, 1986.

A very readable account of the theory of finite fields is contained in
McEliece, Finite Fields for Computer Scientists and Engineers, Kluwer Academic Publishers, 1987.