DOCSLIB.ORG

Introduction to Finite Fields II

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Introduction to Finite Fields II Spring 2019 Chris Christensen MAT/CSC 483 Introduction to finite fields To understand AES and some other modern cryptosystems, it is necessary to understand a bit about finite fields. A field is an algebraic object. The elements of a field can be added, subtracted, multiplied, and divided (except by 0). Often in undergraduate mathematics courses the numbers that are used come from a field. The rational numbers (i.e., the fractions of integers) form a field, the real numbers form a field, and the complex numbers form a field. Number theory studies the integers . The integers do not form a field. Integers can be added, subtracted, and multiplied; but integers cannot always be divided. 6 divided by 3 5 is 2, but 5 divided by 2 is not an integer; is a rational number. The integers form an 2 algebraic object called a ring. The ring of integers modulo 26 Recall that when we explored affine ciphers we noted that the integers mod 26 do not form a field. The integers modulo 26 can be added, subtracted, and multiplied (so they do form a ring). But, recall that only 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, and 25 have multiplicative inverses mod 26. We can determine the inverse of integers that are relatively prime to the modulus by using the extended Euclidean algorithm. Finite field of p elements If we mod the integers and the modulus is a prime, say p, then each positive integer that is less p is relatively prime to p and, therefore, has a multiplicative inverse modulo p. So, when we mod by a prime p we construct a finite field of p elements; the integers mod p is a finite field. Here are three examples. 5 The integers modulo 5 is a field of 5 elements {0, 1, 2, 3, 4}. Here are the addition and multiplication tables: + 01234 × 1234 001234 11234 112340 22413 223401 33142 334012 44321 440123 number additive inverse number multiplicative inverse 00 1 1 14 2 3 23 3 2 32 4 4 41 The identity for addition is 0, and the identity for multiplication is 1. This is a field. We denote the field of 5 elements by5 3 The integers modulo 3 is a field of 5 elements 3 . + 01 2 × 12 0 01 2 112 1120 221 2 201 2 The integers modulo 2 is a field of 2 elements 2 . + 01 × 1 001 11 110 Viewing 0 and 1 as bits, + is just XORing bits, and multiplication is … well, multiplication is not very interesting. (Addition is essentially logical exclusive OR, and multiplication is essentially logical AND.) So, for each prime p, the integers modulo p is a finite field of p elements. It is also possible to construct fields for which the number of elements is a power of a prime p. Rings of polynomials and the field of rational functions Like the integers, the polynomials with integer coefficients form a ring. We can add and subtract polynomials with integer coefficients, and the result will be a polynomial with integer coefficients. We can multiply polynomials with integer coefficients, and the result will be a polynomial with integer coefficients. But, we cannot always divide X 2 − 4 XX3 +−2 polynomials with integer coefficients: =X + 2 , but is not a X − 2 X 2 + 7 polynomial – it is a rational function. The polynomials with integer coefficients do not form a field, they form a ring. Algebraically, the ring of polynomials with integer coefficients is like the ring of integers. The ring of integers modulo a prime p is a field of p elements. It is possible to mimic that construction by taking a ring of polynomials modulo a “prime polynomial” to construct fields of pn elements. Finite field of pn elements 4 Because we will be working with strings of 0s and 1s, it would be useful for us to construct fields having elements that are strings of 0s and 1s. If we are working with strings of length n, such a field would have 2n elements. Let’s construct a field of 4 elements; we will mimic the construction of the integers modulo a prime p. We begin with the polynomials having coefficients from 2 ; i.e., each of the coefficients of our polynomials is either 0 or 1. Select a polynomial of degree 2 that is irreducible over 2 (i.e., it does not factor into polynomials of smaller degree having coefficients 0 and 1). This irreducible polynomial corresponds to the prime integer p. 2 ++ For example, XX1 is irreducible over 2 . By polynomial long division, divide each polynomial having coefficients 0 and 1 by XX2 ++1 and take the remainder. What does the remainder look like? After division, the remainder is of degree less than 2; so, the remainder will look like x + where each coefficient is either 0 or 1. So, there are 4 possible remainders: 0x += 00, 0x += 11, 10xx+=, and 11xx+= + 1. These 4 elements form a field. Sometimes polynomials model “real world” situations, and X is treated as an unknown for which we want to solve. We will look at polynomials in a slightly different way. We do not care about solving for the “value of X;” we only care about the polynomial itself. Thinking this way, a polynomial is determined by its coefficients; the powers of X are just used to separate the coefficients. We could just as well think of a polynomial as a vector where the components are the coefficients; e.g., the four remainders that we obtained above could be written as (0, 0), (0, 1), (1, 0), and (1, 1). We could use these vectors as the elements of our field of 4 elements rather than the corresponding polynomials (but we will have to remember from time to time that they “really are polynomials” to make sense of multiplication). Or, because we will be working with strings of bits with strings, we might replace the 4 polynomials by the 2-bit strings 00, 01, 10, 11. We have the following correspondences: polynomial vector bit string 0X + 0 (0, 0) 00 0X + 1 (0, 1) 01 1X + 0 (1, 0) 10 1X + 1 (1, 1) 11 We will be thinking about bit strings. We have always been able to add (XOR) strings of bits, but we want to come up with a way to multiply strings of bits. Then we can apply some of the mathematical ideas that we used with the classical ciphers to strings of bits. Addition There are three ways to think of addition. For example, to add (1, 0) and (1, 1), we can think of adding the corresponding polynomials mod 2: X + 0 X +1 01X + Or, we could just add the vectors mod 2: (1, 0) (1, 1) (0, 1) Or, we could XOR the two-bit strings: 10 11 01 . Here is the addition table for our field of 4 elements: + (0, 0) (0, 1) (1, 0) (1, 1) (0, 0) (0, 0) (0, 1) (1, 0) (1, 1) (0, 1) (0, 1) (0, 0) (1, 1) (1, 0) (1, 0) (1, 0) (1, 1) (0, 0) (0, 1) (1, 1) (1, 1) (1, 0) (0, 1) (0, 0) Multiplication To multiply, we must recall the polynomial origins of our operations. To multiply (1, 0)× (1, 1) , we must multiply XX×( += 1) X2 + X and then go mod XX2 ++1. By polynomial long division mod 2, we obtain XX22+ =1( XX + ++ 11) Mod XX2 ++1, this becomes (the remainder) 1. So, (1, 0)× (1, 1) = (0, 1) . Here is the multiplication table for our field of 4 elements. × (0, 1) (1, 0) (1, 1) (0, 1) (0, 1) (1, 0) (1, 1) (1, 0) (1, 0) (1, 1) (0, 1) (1, 1) (1, 1) (0, 1) (1, 0) 8 To construct a field of 82= 3 elements, we would need to mod out by an irreducible polynomial of degree 3; the remainders would look like XX2 ++ where each coefficient is either 0 or 1. To construct a field of 16= 24 elements, we would need to mod out by an irreducible polynomial of degree 4; the remainders would look like XXX32+ ++. To construct a field of bytes, we would need to mod out by an irreducible polynomial of degree 8. Let’s construct a field of 8 elements. We will use the polynomial XX32++1, which is irreducible over . 2 32 2 The remainders after division by XX++1 look like {ax++ bx c:,, a b c ∈2}; i.e., the remainders look like 3-dimensional vectors where each component is 0 or 1. Or, we could think of the remainders as being 3-bit strings. Addition is XORing bits. Addition (0,0,0) (0,0,1) (0,1,0) (1,0,0) (1,0,1) (1,1,1) (0,1,1) (1,1, 0) (0,0,0) (0,0,0) (0,0,1) (0,1,0) (1,0,0) (1,0,1) (1,1,1) (0,1,1) (1,1, 0) (0,0,1) (0,0,1) (0,0,0) (0,1,1) (1,0,1) (1,0,0) (1,1, 0) (0,1, 0) (1,1,1) (0,1,0) (0,1,0) (0,1,1) (0,0,0) (1,1,0) (1,1,1) (1,0,1) (0,0,1) (1,0,0) (1,0,0) (1,0,0) (1,0,1) (1,1,0) (0,0,0) (0,0,1) (0,1,1) (1,1,1) (0,1,0) (1,0,1) (1,0,1) (1,0,0) (1,1,1) (0,0,1) (0,0,0) (0,1, 0) (1,1, 0) (0,1,1) (1,1,1) (1,1,1) (1,1, 0) (1, 0,1) (0,1,1) (0,1,0) (0,0,0) (1,0,0) (0,0,1) (0,1,1) (0,1,1) (0,1,0) (0,0,1) (1,1,1) (1,1,0) (1,0,0) (0,0,0) (1,0,1) (1,1, 0) (1,1, 0) (1,1,1) (1, 0, 0) (0,1, 0) (0,1,1) (0,0,1) (1,0,1) (0,0,0) Multiplication is polynomial multiplication modulo XX32++1.
Load more

Recommended publications
  • APPLICATIONS of GALOIS THEORY 1. Finite Fields Let F Be a Finite Field
    CHAPTER IX APPLICATIONS OF GALOIS THEORY 1. Finite Fields Let F be a finite field. It is necessarily of nonzero characteristic p and its prime field is the field with p r elements Fp.SinceFis a vector space over Fp,itmusthaveq=p elements where r =[F :Fp]. More generally, if E ⊇ F are both finite, then E has qd elements where d =[E:F]. As we mentioned earlier, the multiplicative group F ∗ of F is cyclic (because it is a finite subgroup of the multiplicative group of a field), and clearly its order is q − 1. Hence each non-zero element of F is a root of the polynomial Xq−1 − 1. Since 0 is the only root of the polynomial X, it follows that the q elements of F are roots of the polynomial Xq − X = X(Xq−1 − 1). Hence, that polynomial is separable and F consists of the set of its roots. (You can also see that it must be separable by finding its derivative which is −1.) We q may now conclude that the finite field F is the splitting field over Fp of the separable polynomial X − X where q = |F |. In particular, it is unique up to isomorphism. We have proved the first part of the following result. Proposition. Let p be a prime. For each q = pr, there is a unique (up to isomorphism) finite field F with |F | = q. Proof. We have already proved the uniqueness. Suppose q = pr, and consider the polynomial Xq − X ∈ Fp[X]. As mentioned above Df(X)=−1sof(X) cannot have any repeated roots in any extension, i.e.
    [Show full text]
  • A Note on Presentation of General Linear Groups Over a Finite Field
    Southeast Asian Bulletin of Mathematics (2019) 43: 217–224 Southeast Asian Bulletin of Mathematics c SEAMS. 2019 A Note on Presentation of General Linear Groups over a Finite Field Swati Maheshwari and R. K. Sharma Department of Mathematics, Indian Institute of Technology Delhi, New Delhi, India Email: [email protected]; [email protected] Received 22 September 2016 Accepted 20 June 2018 Communicated by J.M.P. Balmaceda AMS Mathematics Subject Classification(2000): 20F05, 16U60, 20H25 Abstract. In this article we have given Lie regular generators of linear group GL(2, Fq), n where Fq is a finite field with q = p elements. Using these generators we have obtained presentations of the linear groups GL(2, F2n ) and GL(2, Fpn ) for each positive integer n. Keywords: Lie regular units; General linear group; Presentation of a group; Finite field. 1. Introduction Suppose F is a finite field and GL(n, F) is the general linear the group of n × n invertible matrices and SL(n, F) is special linear group of n × n matrices with determinant 1. We know that GL(n, F) can be written as a semidirect product, GL(n, F)= SL(n, F) oF∗, where F∗ denotes the multiplicative group of F. Let H and K be two groups having presentations H = hX | Ri and K = hY | Si, then a presentation of semidirect product of H and K is given by, −1 H oη K = hX, Y | R,S,xyx = η(y)(x) ∀x ∈ X,y ∈ Y i, where η : K → Aut(H) is a group homomorphism. Now we summarize some literature survey related to the presentation of groups.
    [Show full text]
  • The General Linear Group
    18.704 Gabe Cunningham 2/18/05 [email protected] The General Linear Group Definition: Let F be a field. Then the general linear group GLn(F ) is the group of invert- ible n × n matrices with entries in F under matrix multiplication. It is easy to see that GLn(F ) is, in fact, a group: matrix multiplication is associative; the identity element is In, the n × n matrix with 1’s along the main diagonal and 0’s everywhere else; and the matrices are invertible by choice. It’s not immediately clear whether GLn(F ) has infinitely many elements when F does. However, such is the case. Let a ∈ F , a 6= 0. −1 Then a · In is an invertible n × n matrix with inverse a · In. In fact, the set of all such × matrices forms a subgroup of GLn(F ) that is isomorphic to F = F \{0}. It is clear that if F is a finite field, then GLn(F ) has only finitely many elements. An interesting question to ask is how many elements it has. Before addressing that question fully, let’s look at some examples. ∼ × Example 1: Let n = 1. Then GLn(Fq) = Fq , which has q − 1 elements. a b Example 2: Let n = 2; let M = ( c d ). Then for M to be invertible, it is necessary and sufficient that ad 6= bc. If a, b, c, and d are all nonzero, then we can fix a, b, and c arbitrarily, and d can be anything but a−1bc. This gives us (q − 1)3(q − 2) matrices.
    [Show full text]
  • On the Discrete Logarithm Problem in Finite Fields of Fixed Characteristic
    On the discrete logarithm problem in finite fields of fixed characteristic Robert Granger1⋆, Thorsten Kleinjung2⋆⋆, and Jens Zumbr¨agel1⋆ ⋆ ⋆ 1 Laboratory for Cryptologic Algorithms School of Computer and Communication Sciences Ecole´ polytechnique f´ed´erale de Lausanne, Switzerland 2 Institute of Mathematics, Universit¨at Leipzig, Germany {robert.granger,thorsten.kleinjung,jens.zumbragel}@epfl.ch Abstract. × For q a prime power, the discrete logarithm problem (DLP) in Fq consists in finding, for × x any g ∈ Fq and h ∈hgi, an integer x such that g = h. For each prime p we exhibit infinitely many n × extension fields Fp for which the DLP in Fpn can be solved in expected quasi-polynomial time. 1 Introduction In this paper we prove the following result. Theorem 1. For every prime p there exist infinitely many explicit extension fields Fpn for which × the DLP in Fpn can be solved in expected quasi-polynomial time exp (1/ log2+ o(1))(log n)2 . (1) Theorem 1 is an easy corollary of the following much stronger result, which we prove by presenting a randomised algorithm for solving any such DLP. Theorem 2. Given a prime power q > 61 that is not a power of 4, an integer k ≥ 18, polyno- q mials h0, h1 ∈ Fqk [X] of degree at most two and an irreducible degree l factor I of h1X − h0, × ∼ the DLP in Fqkl where Fqkl = Fqk [X]/(I) can be solved in expected time qlog2 l+O(k). (2) To deduce Theorem 1 from Theorem 2, note that thanks to Kummer theory, when l = q − 1 q−1 such h0, h1 are known to exist; indeed, for all k there exists an a ∈ Fqk such that I = X −a ∈ q i Fqk [X] is irreducible and therefore I | X − aX.
    [Show full text]
  • A Second Course in Algebraic Number Theory
    A second course in Algebraic Number Theory Vlad Dockchitser Prerequisites: • Galois Theory • Representation Theory Overview: ∗ 1. Number Fields (Review, K; OK ; O ; ClK ; etc) 2. Decomposition of primes (how primes behave in eld extensions and what does Galois's do) 3. L-series (Dirichlet's Theorem on primes in arithmetic progression, Artin L-functions, Cheboterev's density theorem) 1 Number Fields 1.1 Rings of integers Denition 1.1. A number eld is a nite extension of Q Denition 1.2. An algebraic integer α is an algebraic number that satises a monic polynomial with integer coecients Denition 1.3. Let K be a number eld. It's ring of integer OK consists of the elements of K which are algebraic integers Proposition 1.4. 1. OK is a (Noetherian) Ring 2. , i.e., ∼ [K:Q] as an abelian group rkZ OK = [K : Q] OK = Z 3. Each can be written as with and α 2 K α = β=n β 2 OK n 2 Z Example. K OK Q Z ( p p [ a] a ≡ 2; 3 mod 4 ( , square free) Z p Q( a) a 2 Z n f0; 1g a 1+ a Z[ 2 ] a ≡ 1 mod 4 where is a primitive th root of unity Q(ζn) ζn n Z[ζn] Proposition 1.5. 1. OK is the maximal subring of K which is nitely generated as an abelian group 2. O`K is integrally closed - if f 2 OK [x] is monic and f(α) = 0 for some α 2 K, then α 2 OK . Example (Of Factorisation).
    [Show full text]
  • Factoring Polynomials Over Finite Fields
    Factoring Polynomials over Finite Fields More precisely: Factoring and testing irreduciblity of sparse polynomials over small finite fields Richard P. Brent MSI, ANU joint work with Paul Zimmermann INRIA, Nancy 27 August 2009 Richard Brent (ANU) Factoring Polynomials over Finite Fields 27 August 2009 1 / 64 Outline Introduction I Polynomials over finite fields I Irreducible and primitive polynomials I Mersenne primes Part 1: Testing irreducibility I Irreducibility criteria I Modular composition I Three algorithms I Comparison of the algorithms I The “best” algorithm I Some computational results Part 2: Factoring polynomials I Distinct degree factorization I Avoiding GCDs, blocking I Another level of blocking I Average-case complexity I New primitive trinomials Richard Brent (ANU) Factoring Polynomials over Finite Fields 27 August 2009 2 / 64 Polynomials over finite fields We consider univariate polynomials P(x) over a finite field F. The algorithms apply, with minor changes, for any small positive characteristic, but since time is limited we assume that the characteristic is two, and F = Z=2Z = GF(2). P(x) is irreducible if it has no nontrivial factors. If P(x) is irreducible of degree r, then [Gauss] r x2 = x mod P(x): 2r Thus P(x) divides the polynomial Pr (x) = x − x. In fact, Pr (x) is the product of all irreducible polynomials of degree d, where d runs over the divisors of r. Richard Brent (ANU) Factoring Polynomials over Finite Fields 27 August 2009 3 / 64 Counting irreducible polynomials Let N(d) be the number of irreducible polynomials of degree d. Thus X r dN(d) = deg(Pr ) = 2 : djr By Möbius inversion we see that X rN(r) = µ(d)2r=d : djr Thus, the number of irreducible polynomials of degree r is ! 2r 2r=2 N(r) = + O : r r Since there are 2r polynomials of degree r, the probability that a randomly selected polynomial is irreducible is ∼ 1=r ! 0 as r ! +1.
    [Show full text]
  • Ring (Mathematics) 1 Ring (Mathematics)
    Ring (mathematics) 1 Ring (mathematics) In mathematics, a ring is an algebraic structure consisting of a set together with two binary operations usually called addition and multiplication, where the set is an abelian group under addition (called the additive group of the ring) and a monoid under multiplication such that multiplication distributes over addition.a[›] In other words the ring axioms require that addition is commutative, addition and multiplication are associative, multiplication distributes over addition, each element in the set has an additive inverse, and there exists an additive identity. One of the most common examples of a ring is the set of integers endowed with its natural operations of addition and multiplication. Certain variations of the definition of a ring are sometimes employed, and these are outlined later in the article. Polynomials, represented here by curves, form a ring under addition The branch of mathematics that studies rings is known and multiplication. as ring theory. Ring theorists study properties common to both familiar mathematical structures such as integers and polynomials, and to the many less well-known mathematical structures that also satisfy the axioms of ring theory. The ubiquity of rings makes them a central organizing principle of contemporary mathematics.[1] Ring theory may be used to understand fundamental physical laws, such as those underlying special relativity and symmetry phenomena in molecular chemistry. The concept of a ring first arose from attempts to prove Fermat's last theorem, starting with Richard Dedekind in the 1880s. After contributions from other fields, mainly number theory, the ring notion was generalized and firmly established during the 1920s by Emmy Noether and Wolfgang Krull.[2] Modern ring theory—a very active mathematical discipline—studies rings in their own right.
    [Show full text]
  • Finite Fields: Further Properties
    Chapter 4 Finite fields: further properties 8 Roots of unity in finite fields In this section, we will generalize the concept of roots of unity (well-known for complex numbers) to the finite field setting, by considering the splitting field of the polynomial xn − 1. This has links with irreducible polynomials, and provides an effective way of obtaining primitive elements and hence representing finite fields. Definition 8.1 Let n ∈ N. The splitting field of xn − 1 over a field K is called the nth cyclotomic field over K and denoted by K(n). The roots of xn − 1 in K(n) are called the nth roots of unity over K and the set of all these roots is denoted by E(n). The following result, concerning the properties of E(n), holds for an arbitrary (not just a finite!) field K. Theorem 8.2 Let n ∈ N and K a field of characteristic p (where p may take the value 0 in this theorem). Then (i) If p ∤ n, then E(n) is a cyclic group of order n with respect to multiplication in K(n). (ii) If p | n, write n = mpe with positive integers m and e and p ∤ m. Then K(n) = K(m), E(n) = E(m) and the roots of xn − 1 are the m elements of E(m), each occurring with multiplicity pe. Proof. (i) The n = 1 case is trivial. For n ≥ 2, observe that xn − 1 and its derivative nxn−1 have no common roots; thus xn −1 cannot have multiple roots and hence E(n) has n elements.
    [Show full text]
  • 11.6 Discrete Logarithms Over Finite Fields
    Algorithms 61 11.6 Discrete logarithms over finite fields Andrew Odlyzko, University of Minnesota Surveys and detailed expositions with proofs can be found in [7, 25, 26, 28, 33, 34, 47]. 11.6.1 Basic definitions 11.6.1 Remark Discrete exponentiation in a finite field is a direct analog of ordinary exponentiation. The exponent can only be an integer, say n, but for w in a field F , wn is defined except when w = 0 and n ≤ 0, and satisfies the usual properties, in particular wm+n = wmwn and (for u and v in F )(uv)m = umvm. The discrete logarithm is the inverse function, in analogy with the ordinary logarithm for real numbers. If F is a finite field, then it has at least one primitive element g; i.e., all nonzero elements of F are expressible as powers of g, see Chapter ??. 11.6.2 Definition Given a finite field F , a primitive element g of F , and a nonzero element w of F , the discrete logarithm of w to base g, written as logg(w), is the least non-negative integer n such that w = gn. 11.6.3 Remark The value logg(w) is unique modulo q − 1, and 0 ≤ logg(w) ≤ q − 2. It is often convenient to allow it to be represented by any integer n such that w = gn. 11.6.4 Remark The discrete logarithm of w to base g is often called the index of w with respect to the base g. More generally, we can define discrete logarithms in groups.
    [Show full text]
  • Algorithms for Discrete Logarithms in Finite Fields and Elliptic Curves
    Algorithms for discrete logarithms in finite fields and elliptic curves ECC “Summer” school 2015 E. Thomé /* */ C,A, /* */ R,a, /* */ M,E, CARAMEL L,i= 5,e, d[5],Q[999 ]={0};main(N ){for (;i--;e=scanf("%" "d",d+i));for(A =*d; ++i<A ;++Q[ i*i% A],R= i[Q]? R:i); for(;i --;) for(M =A;M --;N +=!M*Q [E%A ],e+= Q[(A +E*E- R*L* L%A) %A]) for( E=i,L=M,a=4;a;C= i*E+R*M*L,L=(M*E +i*L) %A,E=C%A+a --[d]);printf ("%d" "\n", (e+N* N)/2 /* cc caramel.c; echo f3 f2 f1 f0 p | ./a.out */ -A);} Sep. 23rd-25th, 2015 Algorithms for discrete logarithms in finite fields and elliptic curves 1/122 Part 1 Context and old algorithms Context, motivations Exponential algorithms L(1/2) algorithms Plan Context, motivations Exponential algorithms L(1/2) algorithms Plan Context, motivations Definition What is hardness? Good and bad families – should we care only about EC? Cost per logarithm The discrete logarithm problem In a cyclic group, written multiplicatively (g, x) → g x is easy: polynomial complexity; (g, g x ) → x is (often) hard: discrete logarithm problem. For an elliptic curve E, written additively: (P, k) → [k]P is easy; (P, Q = [k]P) → x is hard. Cryptographic applications rely on the hardness of the discrete logarithm problem (DLP). Algorithms for discrete logarithms in finite fields and elliptic curves3 Another view on the DLP In case the group we are working on is not itself cyclic, DLP is defined in a cyclic sub-group (say of order n).
    [Show full text]
  • Cyclotomic Extensions
    CYCLOTOMIC EXTENSIONS KEITH CONRAD 1. Introduction For a positive integer n, an nth root of unity in a field is a solution to zn = 1, or equivalently is a root of T n − 1. There are at most n different nth roots of unity in a field since T n − 1 has at most n roots in a field. A root of unity is an nth root of unity for some n. The only roots of unity in R are ±1, while in C there are n different nth roots of unity for each n, namely e2πik=n for 0 ≤ k ≤ n − 1 and they form a group of order n. In characteristic p there is no pth root of unity besides 1: if xp = 1 in characteristic p then 0 = xp − 1 = (x − 1)p, so x = 1. That is strange, but it is a key feature of characteristic p, e.g., it makes the pth power map x 7! xp on fields of characteristic p injective. For a field K, an extension of the form K(ζ), where ζ is a root of unity, is called a cyclotomic extension of K. The term cyclotomic means \circle-dividing," which comes from the fact that the nth roots of unity in C divide a circle into n arcs of equal length, as in Figure 1 when n = 7. The important algebraic fact we will explore is that cyclotomic extensions of every field have an abelian Galois group; we will look especially at cyclotomic extensions of Q and finite fields. There are not many general methods known for constructing abelian extensions (that is, Galois extensions with abelian Galois group); cyclotomic extensions are essentially the only construction that works over all fields.
    [Show full text]
  • A Casual Primer on Finite Fields
    A very brief introduction to finite fields Olivia Di Matteo December 10, 2015 1 What are they and how do I make one? Definition 1 (Finite fields). Let p be a prime number, and n ≥ 1 an integer. A finite field n n n of order p , denoted by Fpn or GF(p ), is a collection of p objects and two binary operations, addition and multiplication, such that the following properties hold: 1. The elements are closed under addition modulo p, 2. The elements are closed under multiplication modulo p, 3. For all non-zero elements, there exists a multiplicative inverse. 1.1 Prime dimensions Nothing much to see here. In prime dimension p, the finite field Fp is very simple: Fp = Zp = f0; 1; : : : ; p − 1g: (1) 1.2 Power of prime dimensions and field extensions Fields of prime-power dimension are constructed by extending a field of smaller order using a primitive polynomial. See section 2.1.2 in [1]. 1.2.1 Primitive polynomials Definition 2. Consider a polynomial n q(x) = a0 + a1x + ··· + anx ; (2) having degree n and coefficients ai 2 Fq. Such a polynomial is called monic if an = 1. Definition 3. A polynomial n q(x) = a0 + a1x + ··· + anx ; ai 2 Fq (3) is called irreducible if q(x) has positive degree, and q(x) = u(x)v(x); (4) 1 and either u(x) or v(x) a constant polynomial. In other words, the equation n q(x) = a0 + a1x + ··· + anx = 0 (5) has no solutions in the field Fq. Example 1 (Irreducible polynomial).
    [Show full text]