What I told you on F rida y

CIMPASchoolofNumberTheoryinCryptographyandItsApplicationsSchoolofScience,KathmanduUniversity,Dhulikhel,NepalJuly19th-July31th,2010

Finite fields

Michel W alds chmidt

25/88

What I told you on F rida y

ExamplesoffinitefieldsarethefieldsFp=Z/pZwithpelements.

TheringZ/nZhascharacteristicn:thatmeansthatadding1lessthanntimesproducesanon–zeroelementofthering,butaddingitntimesproduces0:

1+1+···+1=0.

Ontheotherhand,thecharacteristicofafieldisaprimenumber.HenceZ/nZisafieldifandonlyifnisaprimenumber.

Alsoifniscomposite,sayn=abwitha>1andb>1,thentheclassofaisazerodivisorinZ/nZ,hencethisringisnotafield.

26/88

What I told you on F rida y (continued)

F4={0,1,α,α 2} withα 2=α+1.

27

What I told you on F rida y (continued)

GivenafinitefieldFqwithqelementsandanelementαwhichisalgebraicoverFqofdegreen,theirreduciblepolynomialofαoverFqsplitscompletelyinthefieldFq(α)into

(X−α)(X−α q)···(X−α qn−1). Hencenisthesmallestintegersuchthatα qn=α.Fori≥0wewriteFrobqi(α)=α qi.

NowthegoalistofindtheirreduciblepolynomialsoverFq.WeshallseethattheyaretheirreduciblefactorsofX m−X,wheremapowerofq.ThisisareasontostudythepolynomialsX m−1−1wherem−1andqarerelativelyprime.WefirstfactorthemoverZ,andafterthatoverFq.

28

Cyclotomic P olynomials

Letnbeapositiveinteger.An–throotofunityinafieldKisanelementofK ×whichsatifiesx n=1.Thismeansthatitisatorsionelementoforderdividingn.Aprimitiven–throotofunityisanelementofK ×ofordern:forkinZ,theequalityxk=1holdsifandonlyifndividesk.Foreachpositiveintegern,then–throotsofunityinKformafinitesubgroupofK ×torshavingatmostnelements.TheunionofallthesesubgroupsofK ×torsisjustthetorsiongroupK ×torsitself.Thisgroupcontains1and−1,butitcouldhavejustoneelement,likeforF2=Z/2ZorF2(X)forinstance.ThetorsionsubgroupofR ×is{±1},thetorsionsubgroupofC ×isinfinite.

29/88

X

− 1 with m multiple of p

LetKbeafieldoffinitecharacteristicpandletnbeapositiveinteger.Writen=p rmwithr≥0andpgcd(p,m)=1.InK[X],wehave

X n−1=(X m−1) pr. Ifx∈Ksatisfiesxn=1,thenxm=1.Therefore,theorderofafinitesubgroupofK ×isprimetop.

ItalsofollowsthatthestudyofX n−1reducestothestudyofX m−1withmprimetop.

30/88

Cyclotomic p ol ynomi als and ro ots of unit y

LetnbeapositiveintegerandΩbeanalgebraicallyclosedfieldofcharacteristiceither0oraprimenumbernotdividingn.Thenthenumberofprimitiven-throotsofunityinΩisϕ(n).Theseϕ(n)elementsarethegeneratorsoftheuniquecyclicsubgroupCnofordernofΩ ×,whichisthegroupofn-throotsofunityinΩ:

Cn={x∈Ω;x n=1}.

31

Cyclotomic p ol ynomi als over C [ X ]

ThemapC→C ×definedbyz%→e 2iπz/nisamorphismfromtheadditivegroupCtothemultiplicativegroupC ×;thismorphismisperiodicwithperiodn.Hence,itfactorstoamorphismfromthegroupC/nZtoC ×:wedenoteitalsobyz%→e 2iπz/n.Themultiplicativegroup(Z/nZ) ×oftheringZ/nZisthesetofclassesofintegersprimeton.Itsorderisϕ(n),whereϕisEuler’sfunction.

Theϕ(n)complexnumbers

e 2iπk/n,k∈(Z/nZ) ×,

aretheprimitiverootsofunityinC.

32

Cyclotomic p ol ynomi al of index n

k∈(Z/nZ)× (X−e 2iπk/n).

Thispolynomialiscalledthecyclotomicpolynomialofindexn;itismonicandhasdegreeϕ(n).Since

X n−1= n−1!

k=0 (X−e 2iπk/n),

thepartitionofthesetofrootsofunityaccordingtotheirordershowsthat

(17)X n−1= !

1≤d≤nd|n Φd(X).

33/88

A lemma of Euler

ThedegreeofX n−1isn,andthedegreeofΦd(X)isϕ(d),hence,from(17)onededuces:Lemma18.Foranypositiveintegern,

n= "

d|n ϕ(d).

34/88

Cyclotomy

ThenamecyclotomycomesfromtheGreekandmeansdividethecircle.ThecomplexrootsofX n−1aretheverticesofaregularpolygonwithnsides.From(17),itfollowsthatanequivalentdefinitionofthepolynomialsΦ1,Φ2,...inZ[X]isbyinductiononn:

(19)Φ1(X)=X−1,Φn(X)= X n−1!

d$=nd|n Φd(X) ·

ThisisthemostconvenientwaytocomputethecyclotomicpolynomialsΦnforsmallvaluesofn.

35

M¨ obius function

TheM¨obiusfunctionµ(see,forinstance,[3]§2.9)isthemapfromthepositiveintegersto{0,1,−1}definedbythepropertiesµ(1)=1,µ(p)=−1forpprime,µ(p m)=0forpprimeandm≥2,andµ(ab)=µ(a)µ(b)ifaandbarerelativelyprime.Hence,µ(a)=0ifandonlyifahasasquarefactor,whileforasquarefreenumberawhichisaproductofsdistinctprimeswehaveµ(a)=(−1) s:

µ(p1···ps)=(−1) s.

36

M¨ obius inversion fo rmula

g(n)= "

d|n f(d).

(ii)Foranyintegern≥1,

f(n)= "

d|n µ(n/d)g(d).

37/88

M¨ obius inversion fo rmula

Forinstance,Lemma18"

d|n ϕ(d)=nforalln≥1

isequivalentto

ϕ(n)= "

d|n µ(n/d)dforalln≥1.

38/88

M¨ obius inversion fo rmula (again)

n f(d).

(ii)Foranyintegern≥1,

f(n)= !

d|n g(d) µ(n/d). Forinstance,whenGisthemultiplicativegroupQ(X) ×,wehaveΦn(X)= !

d|n (X d−1) µ(n/d).

39

First examples

Onehas

Φ2(X)= X 2−1X−1 =X+1,Φ3(X)= X 3−1X−1 =X 2+X+1,

andmoregenerally,forpprime

Φp(X)= X p−1X−1 =X p−1+X p−2+···+X+1.

Thenextcyclotomicpolynomialsare

Φ4(X)= X 4−1X2−1 =X 2+1=Φ2(X 2), Φ6(X)= X 6−1(X3−1)(X+1) = X 3+1X+1 =X 2−X+1=Φ3(−X).

40

Exercise

Exercise21.a)Letnbeapositiveinteger.Prove

ϕ(2n)= #ϕ(n)ifnisodd,

2ϕ(n)ifniseven,

Φ2n(X)= #(−1) nΦn(−X)ifnisodd,

Φn(X 2)ifniseven. Hint:Forageometricproof,cutthecirclein2npiecesinplaceofn.ComparethepositionsontheunitcircleoftherootsofthetwodegreenpolynomialsX n−1andX n+1.

41/88

Exercise (continued)

Φ8(X)=X 4+1,Φ12(X)=X 4−X 2+1 andΦ2!(X)=X2!−1+1for#≥1.c)Letpbeaprimeandm≥1.Provethatifp|m,then

Φm(X p)=Φpm(X)andϕ(pm)=pϕ(m)

whileifgcd(p,m)=1,then

Φm(X p)=Φpm(X)Φm(X)andϕ(pm)=(p−1)ϕ(m).

d)Provethat

Φpr(X)=X pr−1(p−1)+X pr−1(p−2)+···+X pr−1+1

whenpisaprimeandr≥1.

42/88

The cyclotomic p olynomial over Z

Theorem22.Foranypositiveintegern,thepolynomialΦn(X)hasitscoefficientsinZ.Moreover,Φn(X)isirreducibleinZ[X].

43

Φ

( X ) ∈ Z [ X ]

h(X)= !

d|nd$=n Φd(X) ismonicwithcoefficientsinZ.WedivideX n−1byhinZ[X]:letQ∈Z[X]bethequotientandR∈Z[X]theremainder:X n−1=h(X)Q(X)+R(X).

WealsohaveX n−1=h(X)Φn(X)inC[X],asshownby(17).FromtheunicityofthequotientandremainderintheEuclideandivisioninC[X],wededuceQ=ΦnandR=0,hence,Φn∈Z[X].44

Irreducibilit y of Φ

over Z

WenowshowthatΦnisirreducibleinZ[X].Sinceitismonic,itscontentis1.ItremainstocheckthatitisirreducibleinQ[X].Hereisaproofoftheirreducibilityofthecyclotomicpolynomialinthespecialcasewheretheindexisaprimenumberp.ItrestsonEisenstein’sCriterion:Proposition23(Eisensteincriterion).LetC(X)=c0X d+···+cd∈Z[X]

andletpbeaprimenumber.AssumeCtobeproductoftwopolynomialsinZ[X]ofpositivedegrees.Assumealsothatpdividescifor1≤i≤dbutthatpdoesnotdividec0.Thenp 2dividescd.

45/88

Pro of of Eisenstein criterion

WedenotebyΨpthesurjectivemorphismofrings(reductionmodulop):

(24)Ψp:Z[X]→Fp[X], whichmapsXtoXandZontoFpbyreductionmodulopofthecoefficients.ItskernelistheprincipalidealpZ[X]=(p)ofZ[X]generatedbyp.Let

A(X)=a0X n+···+anandB(X)=b0X m+···+bm

betwopolynomialsinZ[X]ofdegreesmandnsuchthatC=AB.Hence,d=m+n,c0=a0b0,cd=anbm.

46/88

Pro of of Eisenstein criterion (continued)

Write˜A=Ψp(A),˜B=Ψp(B),˜C=Ψp(C),

˜A(X)=˜a0X n+···+˜an,˜B(X)=˜b0X m+···+˜bm

and˜C(X)=˜c0X d+···+˜cd. Byassumption˜c0'=0,˜c1=···=˜cd=0,hence,˜C(X)=˜c0X d=˜A(X)˜B(X)with˜c0=˜a0 ˜b0'=0.Now˜Aand˜Bhavepositivedegreesnandm,hence,˜an=˜bm=0,whichmeansthatpdividesanandbm,and,therefore,p 2dividescd=anbm.

47

Irreducibilit y of Φ

over Z

ProofoftheirreducibilityofΦpoverZ.WesetX−1=Y,sothat,inZ[X], Φp(Y+1)= (Y+1) p−1Y =Y p−1+ $p1 %Y p−2+···+ $p2 %Y+p.

Weobservethatpdividesallcoefficients–buttheleadingone–ofthemonicpolynomialΦp(Y+1)andthatp 2doesnotdividetheconstantterm.WeconcludebyusingEisenstein’sCriterionProposition23.

48

Pro of of the irreducibilit y of Φ

over Z

Wenowconsiderthegeneralcase.Letf∈Z[X]beanirreduciblefactorofΦnwithapositiveleadingcoefficientandletg∈Z[X]satisfyfg=Φn.Ourgoalistoprovef=Φnandg=1.SinceΦnismonic,thesameistrueforfandg.LetζbearootoffinCandletpbeaprimenumberwhichdoesnotdividen.Sinceζ pisaprimitiven-throotofunity,itisazeroofΦn.Thefirstandmainstepoftheproofistocheckthatf(ζ p)=0.Ifζ pisnotarootoff,thenitisarootofg.Weassumeg(ζ p)=0andweshallreachacontradiction.

49/88

Pro of of the irreducibilit y of Φ

over Z (continued)

Sincefisirreducible,fistheminimalpolynomialofζ,hence,fromg(ζ p)=0,weinferthatf(X)dividesg(X p).Writeg(X p)=f(X)h(X)andconsiderthemorphismΨpofreductionmodulopalreadyintroducedin(24).DenotebyF,G,Htheimagesoff,g,h.Recallthatfg=ΦninZ[X],hence,F(X)G(X)dividesX n−1inFp[X].TheassumptionthatpdoesnotdividenimpliesthatX n−1hasnosquarefactorinFp[X].

50/88

Pro of of the irreducibilit y of Φ

over Z (continued)

LetP∈Z[X]beanirreduciblefactorofF.FromG(X p)=F(X)H(X),itfollowsthatP(X)dividesG(X p).ButG∈Fp[X],hence(seeLemma5),G(X p)=G(X) pand,therefore,PdividesG(X).NowP 2dividestheproductFG,whichisacontradiction.WehavecheckedthatforanyrootζoffinCandanyprimenumberpwhichdoesnotdividen,thenumberζ pisagainarootoff.Byinductiononthenumberofprimefactorsofm,itfollowsthatforanyintegermwithgcd(m,n)=1thenumberζ misarootoff.Nowfvanishesatalltheprimitiverootsofunity,hence,f=Φnandg=1.

51

Second pro of of Prop os ition 3

Thefollowingalternativeproof(notusingtheexponent)ofProposition3isinstructive,sinceitinvolvescyclotomicpolynomials.

LetKbeafieldandGafinitesubgroupofK ×ofordern.Foranydivisordofn,denotebyNG(d)thenumberofelementsinGoforderd.ByLagrange’sTheorem (25)n= "

d|n NG(d).

52