Introduction to finite fields

Fieldsare abstractions of familiar number systems (such as the rational numbersQ, the real numbersR, and the complex numbersC) and their essential properties. They con-sist of a setFtogether with two operations, addition (denoted by+) and multiplication (denoted by·), that satisfy the usual arithmetic properties:

(i) (F,+)is an abelian group with (additive) identity denoted by 0.

(ii) (F\ {0},·)is an abelian group with (multiplicative) identity denoted by 1.

(iii) The distributive law holds:(a+b)·c=a·c+b·cfor alla,b,c∈F. If the setFis finite, then the field is said to befinite.

This section presents basic facts about finite fields. Other properties will be presented throughout the book as needed.

Field operations

A fieldFis equipped with two operations, addition and multiplication.Subtractionof field elements is defined in terms of addition: fora,b∈F,a−b=a+(−b)where

−bis the unique element inFsuch thatb+(−b)=0 (−bis called thenegativeofb).

Similarly,divisionof field elements is defined in terms of multiplication: fora,b∈F withb =0,a/b=a·b⁻¹whereb⁻¹is the unique element inFsuch thatb·b⁻¹=1.

(b⁻¹is called theinverseofb.) Existence and uniqueness

Theorder of a finite field is the number of elements in the field. There exists a finite fieldFof orderq if and only ifq is a prime power, i.e.,q= p^m where pis a prime number called thecharacteristicofF, andm is a positive integer. Ifm=1, thenFis called aprime field. Ifm≥2, thenFis called anextension field. For any prime power q, there is essentially only one finite field of orderq; informally, this means that any two finite fields of orderq are structurally the same except that the labeling used to represent the field elements may be different (cf. Example 2.3). We say that any two finite fields of orderqareisomorphicand denote such a field byFq.

Prime fields

Let p be a prime number. The integers modulo p, consisting of the integers {0,1,2,...,p−1} with addition and multiplication performed modulo p, is a finite field of order p. We shall denote this field byFpand call pthemodulusofFp. For any integera,amod pshall denote the unique integer remainderr, 0≤r≤p−1, obtained upon dividingaby p; this operation is calledreduction modulo p.

Example 2.1(prime fieldF29) The elements ofF29are{0,1,2,...,28}. The following are some examples of arithmetic operations inF29.

(i) Addition: 17+20=8 since 37 mod 29=8.

(ii) Subtraction: 17−20=26 since−3 mod 29=26.

(iii) Multiplication: 17·20=21 since 340 mod 29=21.

(iv) Inversion: 17⁻¹=12 since 17·12 mod 29=1.

Binary fields

Finite fields of order 2^mare calledbinary fieldsorcharacteristic-two finite fields. One way to constructF2^m is to use apolynomial basis representation. Here, the elements of F2^m are the binary polynomials (polynomials whose coefficients are in the field F2= {0,1}) of degree at mostm−1:

F2^m = {a_m−1z^m−1+a_m−2z^m−2+ ··· +a₂z²+a₁z+a₀ : a_i ∈ {0,1}}.

An irreducible binary polynomial f(z)of degreemis chosen (such a polynomial exists for anym and can be efficiently found; see §A.1). Irreducibility of f(z)means that f(z)cannot be factored as a product of binary polynomials each of degree less than m. Addition of field elements is the usual addition of polynomials, with coefficient arithmetic performed modulo 2. Multiplication of field elements is performed modulo thereduction polynomial f(z). For any binary polynomiala(z),a(z)mod f(z)shall denote the unique remainder polynomialr(z)of degree less thanmobtained upon long division ofa(z)by f(z); this operation is calledreduction modulo f(z).

Example 2.2(binary fieldF2⁴) The elements ofF2⁴are the 16 binary polynomials of degree at most 3:

0 z² z³ z³+z²

1 z²+1 z³+1 z³+z²+1

z z²+z z³+z z³+z²+z z+1 z²+z+1 z³+z+1 z³+z²+z+1.

The following are some examples of arithmetic operations in F₂⁴ with reduction polynomial f(z)=z⁴+z+1.

(i) Addition:(z³+z²+1)+(z²+z+1)=z³+z.

(ii) Subtraction:(z³+z²+1)−(z²+z+1)=z³+z. (Note that since−1=1 inF2, we have−a=afor alla∈F2^m.)

(iii) Multiplication:(z³+z²+1)·(z²+z+1)=z²+1 since (z³+z²+1)·(z²+z+1)=z⁵+z+1 and

(z⁵+z+1)mod(z⁴+z+1)=z²+1.

(iv) Inversion:(z³+z²+1)⁻¹=z²since(z³+z²+1)·z²mod(z⁴+z+1)=1.

Example 2.3(isomorphic fields) There are three irreducible binary polynomials of de-gree 4, namely f₁(z)=z⁴+z+1, f₂(z)=z⁴+z³+1 and f₃(z)=z⁴+z³+z²+z+1.

Each of these reduction polynomials can be used to construct the fieldF₂⁴; let’s call the resulting fieldsK₁,K₂andK₃. The field elements ofK₁,K₂andK₃are the same 16 binary polynomials of degree at most 3. Superficially, these fields appear to be dif-ferent, e.g.,z³·z=z+1 in K₁,z³·z=z³+1 in K₂, and z³·z=z³+z²+z+1 in K₃. However, all fields of a given order are isomorphic—that is, the differences are only in the labeling of the elements. An isomorphism betweenK₁andK₂may be con-structed by findingc∈K₂ such that f₁(c)≡0 (mod f₂)and then extending z→c to an isomorphismϕ:K₁→K₂; the choices forcarez²+z,z²+z+1,z³+z², and z³+z²+1.

Extension fields

The polynomial basis representation for binary fields can be generalized to all exten-sion fields as follows. Let p be a prime andm ≥2. Let Fp[z]denote the set of all polynomials in the variablezwith coefficients fromFp. Let f(z), thereduction poly-nomial, be an irreducible polynomial of degreeminFp[z]—such a polynomial exists for any pandmand can be efficiently found (see §A.1). Irreducibility of f(z)means that f(z)cannot be factored as a product of polynomials inFp[z]each of degree less thanm. The elements ofFp^m are the polynomials inFp[z]of degree at mostm−1:

Fp^m = {a_m−1z^m−1+a_m−2z^m−2+ ··· +a₂z²+a₁z+a₀ : a_i ∈Fp}.

Addition of field elements is the usual addition of polynomials, with coefficient arith-metic performed in Fp. Multiplication of field elements is performed modulo the polynomial f(z).

Example 2.4(an extension field) Letp=251 andm=5. The polynomial f(z)=z⁵+ z⁴+12z³+9z²+7 is irreducible inF251[z]and thus can serve as reduction polynomial for the construction ofF₂₅₁⁵, the finite field of order 251⁵. The elements ofF₂₅₁⁵ are the polynomials inF251[z]of degree at most 4.

The following are some examples of arithmetic operations inF₂₅₁5. Leta=123z⁴+ 76z²+7z+4 andb=196z⁴+12z³+225z²+76.

(i) Addition:a+b=68z⁴+12z³+50z²+7z+80.

(ii) Subtraction:a−b=178z⁴+239z³+102z²+7z+179.

(iii) Multiplication:a·b=117z⁴+151z³+117z²+182z+217.

(iv) Inversion:a⁻¹=109z⁴+111z³+250z²+98z+85.

Subfields of a finite field

A subset k of a field K is a subfield of K if k is itself a field with respect to the operations of K. In this instance, K is said to be anextension fieldofk. The subfields of a finite field can be easily characterized. A finite fieldFp^mhas precisely one subfield of orderp^lfor each positive divisorlofm; the elements of this subfield are the elements a∈Fp^m satisfyinga^pl =a. Conversely, every subfield ofFp^m has order p^l for some positive divisorlofm.

Bases of a finite field

The finite fieldFqⁿ can be viewed as a vector space over its subfieldFq. Here, vectors are elements ofFqⁿ, scalars are elements ofFq, vector addition is the addition operation inFqⁿ, and scalar multiplication is the multiplication inFqⁿ ofFq-elements withFqⁿ -elements. The vector space has dimensionnand has many bases.

IfB= {b₁,b₂,...,b_n}is a basis, thena∈Fqⁿcan be uniquely represented by an n-tuple(a₁,a₂,...,a_n)ofFq-elements wherea=a₁b₁+a₂b₂+···+a_nb_n. For example, in the polynomial basis representation of the fieldFp^m described above,Fp^m is an m-dimensional vector space overFpand{z^m−1,z^m−2,...,z²,z,1}is a basis forFp^m over Fp.

Multiplicative group of a finite field

The nonzero elements of a finite field Fq, denoted F^∗_q, form a cyclic group under multiplication. Hence there exist elementsb∈F^∗q calledgeneratorssuch that

F^∗_q= {bⁱ:0≤i≤q−2}.

Theorder ofa∈F^∗q is the smallest positive integert such that a^t =1. Since F^∗q is a cyclic group, it follows thatt is a divisor ofq−1.