Mike Klaas
B00128792
MATH 3030Y/Dr. J
12/4/2
a brief romp through
Finite Fields
Introduction
The theory of finite fields has existed since the 17th and 18th centuries, developed as a
natural consequence of general field theory. However, finite fields were not considered of much
importance in that era, and not much attention was directed to them. In fact, it is only in the past
two decades that finite fields have grown in acceptance in the mathematical community for being
of mathematical importance. They are widely useful in several disciplines, including other
branches of mathematics, and of course, computer science. Applications include combinatorics,
algebraic coding theory, number theory and discrete mathematics, as well as cryptography. The
intent of this essay is to provide a brief overview of the properties of finite fields and some
examples of applications.
Definition - Finite Field
A field is a triple (F, +, ) where F is a set of elements, (F, +) is an abelian group and
(F\{0}, ) is an abelian group, and multiplication distributes over addition. A finite field is a
field of finite order. We often refer to the field simply as F, and the multiplicative group of F
(ie. (F\{0}, )) as F*.
The easiest example of finite fields are the fields of the form Z/pZ, where p is prime.
This is the familiar residue class ring over Z modulo p, so it is obviously an abelian group w.r.t.
addition, since it is cyclic. p is prime, so (p) = p - 1. Consequently, Z/pZ has no zero divisors
and all elements except 0 have multiplicative inverses. From this follows that (Z/pZ)\{0} is
closed under multiplication. That multiplication is commutative and distributes over addition is
obvious as the operations are the natural multiplication and addition of integers. So Z/pZ is a
finite field, and there are at least as many finite fields as there are primes (infinitely many).
Definition - Characteristic of a field
A field F has characteristic n + if
nf 0, f F , where nf f f f .
n
If such a positive integer n does not exist, the field is said to have characteristic zero.
Additionally, n is the smallest positive integer for which this is true.
Theorem - A non-trivial finite field has prime characteristic.
It is first necessary to prove that a finite field has positive characteristic. Consider the
multiples of the multiplicative identity e, 2e, 3e, ... in the finite field F. Since F is finite, there
exist some k, m, 1 k < m such that ke = me. But then (m - k)e = 0, and thus F has characteristic
m - k. Assume that F has positive characteristic n. If n were composite, then n = kl, for some
integers k, l. nf = 0 for all f in F, and so in particular, (kl)e = 0 = (ke)(le). However, since F is a
field it contains no zero-divisors, so ke = 0 or le = 0. Assume w.l.o.g. that ke = 0, then kf = k(ef)
= (ke)f = 0f = 0, for all f in F, implying that k is the characteristic of F. However, k < n, a
contradiction. Therefore, n is prime.
It is easy to see that a finite field of prime order p has characteristic p. The characteristic
clearly cannot be greater than the order, but could it be smaller? Let F be a finite field, |F| = p.
If char(F) = q < p, then in particular qe = 0. But there is only one group of any given prime order
p, ie. the cyclic group Z/pZ. So the additive group of F is isomorphic to Z/pZ, and e is a
generator, so pe = 0. Since q is the characteristic of F, p = kq, for some k , but this cannot be
since p and q are distinct primes. Thus, char(F) = p. Similar reasoning shows that finite fields
of prime order cannot contain non-trivial proper subfields. And such field would necessarily
contain the additive and multiplicative identities, and thus all elements of F, since the subfield
must be closed under addition.
Definition - Prime Field
Fields containing no non-trivial proper subfields are called prime. Obviously finite fields
of prime order are themselves prime, but are not the only instances of prime fields. Q is an
infinite field which is prime. However, finite prime fields must be of prime order. Note: finite
fields of a given order are unique up to isomorphism. This theorem is left unproven in this essay.
However, from this uniqueness comes a specific notation for the finite field of order p, namely
Fp.
Finite Fields of Non-Prime Order
If the only finite fields that existed were of prime order, the study of finite fields would
be significantly less interesting. Being fields, however, it is likely that field extensions can be
constructed on top of them. As an example, consider F = Z/2Z. If we wish to find an extension
of degree 3 over this field, we must find an irreducible polynomial of degree three. There are
only a small number of candidates in (Z/2Z)[x], one being f = x3 + x + 1. Since the degree 3, it
is sufficient to show that no linear factors exist. f(0) = 1, and f(1) = 1, so f is irreducible. E =
F[x]/(f) is a field extension of degree 3 over F. Let F be a root of f in E. E can be viewed as a
vector space over F, having as basis {1, , 2 }. Every element of E can be expressed as a + b
+ c2, a,b,c F. Since |F| = 2, each of a, b, and c have two possible values, and |E| = 23 = 8, and
E is a finite field of non-prime order. But what are the elements of E? They are the residue
classes of F[x] modulo x3 + x + 1. But F[x]/(f) F[] as seen above, so the elements are all
polynomials in of degree 2. To help multiplication, note that 3 + + 1 = 0, or 3 = - - 1 = +
1. Using this we can determine the powers of .
0 1 1 2 2 3 1 4 3 2
5 4 3 2 2 1 6 ( 3 ) 2 2 1 7 6 3 1
Theorem - Every finite field is of order pn
The argument above is not limited to that specific case - it can be applied generally to all
finite fields. Let E be a finite field. If E has no proper subfields than it has prime order p1, and
we are done. Otherwise, E contains a proper subfield. Since E is finite, its characteristic is
prime p, as noted in the previous page. Thus it must contain the prime field of order p, Fp. E is a
finite extension of Fp, since it is itself finite, so it is a finite-dimensional vector space over Fp of
order [E:Fp] = n. Let { 1, 2, ..., n } be a basis for E over Fp, the f E, f = 11 + 22 + ... +
nn
with i Fp. Since there are p possible values for each i, a total of n i’s, and all the i are
linearly independent, |E| = pn. The unique finite field of order pn is often denoted GF( pn ).
You may have noticed in the example above that the order of in F[] is seven since
7 = 1, meaning F[]* = <>, that is, generates the multiplicative group in F[]. Interestingly
enough, the multiplicative group of a finite field F is always cyclic. This theorem, first proven
by Gauss, can be approached in several ways, but the one presented is the most interesting in the
other results it uses.
Theorem - The multiplicative group F* of any finite field F is cyclic.
F * Zd1 Zd2 Zdr , where di are powers of primes since F* is a finite abelian
group. Let m = lcm(d1, d2, ..., dr). Clearly, m d1 d2...dr. For any a F*, am = 1, because di | m
for all i, meaning that a is a zero of xm - 1. |F*| = d1 d2...dr, but there can be at most m roots of xm
- 1 in F*, so m d1 d2...dr. But this means that m = d1 d2....dr , so gcd(d1, d2, ..., dr) = 1, so
Zd1 Zd2 Zdr Zd1d2 dr Zm
. Zm is cyclic, so F* is.
This fact is surprisingly useful. Consider F E, E and F both finite fields with E an
extension of F. E* must have at least one generator since it is cyclic (in fact it has (|E| - 1)
generators) and this generator cannot be in F, since F would then not be closed under
multiplication. Let be one such generator (these are also called primitive elements of E).
Clearly, F() E. But F() contains 0 and E*, since is a generator of E*, so F() E, thus E =
F(). Since E is finite, it is an algebraic extension, so is algebraic. Further, E is a simple
algebraic extension of F because E = F(). Since any finite field of order pn contains a prime
subfield Fp, all finite fields are simple algebraic extensions of a prime field.
Since is algebraic, there is a unique irreducible polynomial in Fp such that is a zero of
that polynomial. If we assume the existence of a finite field of order pn, call it K, then K = Fp()
for some K. Since K = Fp() is an extension of degree n, irr(, Fp) is of degree n. This means
that Fp[x] contains at least one irreducible polynomial of degree n for every positive integer n.
Existence of K is true but is left unproven in this essay.
This leads to an intuitive way of constructing a finite field of any prime power order pn.
Start with the finite field of order p, namely Z/pZ = Fp. The above conjecture shows that there
exists an irreducible polynomial in Fp[x] of degree n. Let f(x) be one. Fp[x]/(f) is then an
algebraic extension of Fp of degree n, and contains pn elements, and this is GF(pn).
Note that polynomials f such that f = irr(, Fp) for some primitive element are called
primitive polynomials.
Finite Fields and Pseudo-Random Number Generation
For the remainder of the essay I will demonstrate a sequence of results that show how
finite fields can be used in the generation of pseudo-random numbers. Some results will be
stated unproven for the sake of brevity.
Definition - Order of a polynomial.
The order of a polynomial f Fq[x], f(0) 0, is the least positive integer e for which f
divides xe - 1, denoted ord(f). If f(0) = 0, then f(x) = xng(x), and ord(f) = ord(g). As an example,
let f be a primitive polynomial of degree m in Fq[x] with primitive root Fn where n = qm. n-1
= 1, since is a generator of Fn*, which means is a root of g = xn-1 - 1, and n is the least
integer for which this is true. But f() = g() = 0, and f is irreducible, so f divides g, and ord(f) =
qm - 1.
Definition - Linear Recurring Sequence
Let F be a finite field of order q, k +, n , c, ai F, then
sn k ak 1sn k 1 ak 2 sn k 2 a0 sn c is a linear recurrence relation in F.
The
sequence s0, s1, ... is a linear recurring sequence. It is a homogeneous relation/sequence if c = 0,
inhomogeneous otherwise. The row vector sn = (sn, sn+1, ..., sn+k-1) is called the nth state vector.
k is the order of the sequence.
Given an initial state vector (s0), a linear recurrence relation generates a unique infinite
sequence of members of Fp. To generate a pseudo-random bit string, linear recurring sequences
over Z/2Z are used. Unfortunately, all linear recurring sequences over finite fields are ultimately
periodic (that is, n0 0 s.t. n > n0, sn+r = sn for some r > 0). This isn’t too large a
disadvantage, however, as sequences can be generated with arbitrary least period, and since the
number of bits needed is usually known beforehand, these sequences are ideal for that purpose.
To show that these sequences are ultimately periodic, it suffices to notice that in the infinite list
of state vectors s0, s1, s2... each state contains a list of k elements of Fq so there are only qk
possible distinct state vectors. Obviously, the period must also be less than qk. Homogeneous
sequences must have a least period less than qk - 1.
Definition - Characteristic polynomial of a linear recurring sequence.
Let
sn k a k 1 sn k 1 a k 2 sn k 2 a 0 sn be a homogeneous linear recurrence relation over
Fq. Then
f x k a k a x k 1 a k 2 x k 2 a 0 Fq [ x ] is the characteristic polynomial of the
sequence.
It turns out that the characteristic polynomial of a sequence is of vast importance.
If f is irreducible and f(0) 0, then corresponding sequence has least period ord(f). But
what if f is a primitive polynomial, with (f) = k? Then ord(f) = qk -1. Since f is irreducible, the
homogeneous sequence corresponding to f has least period qk - 1, assuming f(0) 0. Linear
recurring sequences having characteristic polynomials of this type and s0 0 are called maximal
period sequences in Fq.
So, to generate a pseudo-random bit string of length n, we consider sequences of order m
over F2 where q = 2m > n. Since Fq exists and is an extension of degree m of F2, it contains
primitive elements, let be one. Since is algebraic, irr(, F2) exists and is of degree m. This
primitive polynomial is the characteristic polynomial of a mth-order linear recurring sequence
which is a maximal period sequence. The least period is then 2m - 1, which means the periodicity
will not come into play for the n bits used. The initial state vector s0 is the seed.
As an example, assume 24 bits of random data are needed. 25 - 1 = 31 > 24, so m = 5. x5
- x2 - 1 is a primitive polynomial in F2[x]. The corresponding sequence is sn+5 = sn+2 + sn. Using
the initial state vector s0 = (1,0,1,0,1), the generated sequence has period of 31, and these bits
are:
1 0 1 0 1 0 0 0 0 1 0 0 1 0 1 1 0 0 1 1 1 1 1 0 0 0 1 1 0 1 1. Though beyond the scope of this
document, such pseudo-random sequences pass “randomness” tests well. These include bit
frequency, block frequency, and correlation (how well it matches when shifted).
References
Escofier, Jean-Pierre. Galois Theory. Springer-Verlag New York, Inc., New York, 2001.
Fraleigh, John B. A First Course in Abstract Algebra. Addison-Wesley Publishing Company,
Inc., Reading, 1999
Garling, D.J.H. A Course in Galois Theory. Cambridge University Press, Cambridge, 1986.
Lidl, Rudolf and Niederreiter, Harald. Introduction to Finite Fields and Their Applications.
Cambridge University Press, Cambridge, 1986.
Cherowitzo, Bill. “Introduction to Finite Fields” on http://wwwmath.cudenver.edu/~wcherowi/courses/finflds.html
Mullen, Gary L. “Finite fields, by Rudolf Lidl and Harald Niederreiter, Second edition,
Cambridge” (a review) on
http://www.ams.org/bull/1999-36-01/S0273-0979-99-00768-5/S0273-0979-99-00768-5.pdf
0
