An introduction to the theory of finite fields Michel Waldschmidt

Updated: 30/10/2020

An introduction to the theory of finite fields Michel Waldschmidt

http://www.imj-prg.fr/~michel.waldschmidt//pdf/FiniteFields.pdf

Contents

1 Background: Arithmetic 2

1.1 Cyclic groups . . . 2

1.2 Residue classes modulon . . . 2

1.3 The ringZ[X]. . . 3

1.4 M¨obius inversion formula . . . 5

2 The theory of finite fields 7 2.1 Gauss fields . . . 7

2.2 Cyclotomic polynomials . . . 15

2.2.1 Cyclotomic polynomials overC[X] . . . 16

2.2.2 Cyclotomic Polynomials over a finite field . . . 22

2.3 Decomposition of cyclotomic polynomials over a finite field . . . 25

2.4 Trace and Norm . . . 33

2.5 Infinite Galois theory. . . 34

3 Error correcting codes 35 3.1 Some historical dates. . . 35

3.2 Hamming distance . . . 36

3.3 Codes . . . 37

3.4 First examples . . . 37

3.5 Cyclic codes. . . 41

3.6 Detection, correction and minimal distance . . . 43

3.7 Hamming codes . . . 45

3.8 Generator matrix and check matrix. . . 48

3.9 Further examples . . . 48

3.9.1 The binary Golay [23,12] code . . . 48

3.9.2 The ternary Golay [11,6] code . . . 49

3.9.3 BCH (Bose–Chaudhuri–Hocquenghem) codes . . . 49

3.9.4 Reed–Solomon code . . . 49

3.10 Minimum distance of a code. . . 50

4 Further exercises 51

5 Solutions of some Exercises 56

1 Background: Arithmetic

1.1 Cyclic groups

IfGis a finite multiplicative group andxan element ofG, the order ofxis the least positive integern such thatxⁿ= 1. Forxof ordernand form∈Z, the conditionx^m= 1 is equivalent to ndividesm; in other words,nis the positive generator of the ideal ofZwhich consists of themsuch thatx^m= 1.

Ifxhas ordern, fork∈Zthe order ofx^k is n/gcd(n, k).

The order of a finite group is the number of elements of this group. A cyclic group is a finite group generated by one element. Two cyclic groups of the same order are isomorphic. Forn≥2, an exemple of a cyclic additive group of order nis the additive groupZ/nZof integers modulon. An example of a cyclic multiplicative group of ordernis the groupµnof complex numberszwhich satisfyzⁿ = 1, namely

{1, e^2iπ/n, e^4iπ/n, . . . , e^{2(n−1)iπ/n}},

the roots of unity of order dividingn. The subgroups and quotients of a cyclic group are cyclic. For any cyclic group of order n and for any divisordof n, there is a unique subgroup ofG of orderd; ifζ is a generator of the multiplicative cyclic groupGof ordernand ifddividesn, thenζ^n/dhas orderd, hence, is a generator of the unique subgroup ofGof orderd.

In a cyclic group, the order of which is a multiple of d, there are exactly d elements whose orders are divisors of dand these are the elements of the subgroup of order d. In a cyclic groupG of order a multiple ofd, the set of elements {x^d | x∈G} is the unique subgroup ofGof index d.

The Cartesian product G₁×G₂ of two groups is cyclic if and only if G₁ and G₂ are cyclic with relatively prime orders.

The number of generators of a cyclic group of ordernisϕ(n), whereϕis Euler’s function (see§1.2).

1.2 Residue classes modulo n

The subgroups of the additive groupZarenZwithn≥0. We denote bys_n:Z→Z/nZthe canonical map, which is a morphism of groups with kernelnZ

Given positive integersa and b, there exists a morphism of groups ϕ_a,b : Z/aZ → Z/bZsuch that ϕa,b◦sa =sb if and only if aZ⊂bZ, which means if and only if b divides a. If ϕa,b exists, then ϕa,b

is unique and surjective. Its kernel isbZ/aZ, the unique subgroup ofZ/aZof ordera/b, which is cyclic and isomorphic toZ/(a/b)Z.

Thegreatest common divisorgcd(a, b) ofaandbis the positive generator ofaZ+bZ, theleast common multiple lcm(a, b) ofaandb is the positive generator ofaZ∩bZ.

Forn≥2,Z/nZis a ring andsnis a morphism of rings. The order of the multiplicative group (Z/nZ)^× of the ringZ/nZis the numberϕ(n) of integerskin the interval 1≤k≤nsatisfying gcd(n, k) = 1. The map ϕ:Z>0 →Z, withϕ(1) = 1, isEuler’s function already mentioned in§1.1. If gcd(a, b) =d, then a/d and b/dare relatively prime. Hence, the partition of the set of integers in 1≤k≤naccording to the value of gcd(k, n) yields:

Lemma 1. For any positive integer n,

n=X

d|n

ϕ(d).

(Compare with (34)).

Exercise 2.

(1) LetGbe a finite group of ordernand letkbe a positive integer with gcd(n, k) = 1. Prove that the only solutionx∈Gof the equationx^k = 1 isx= 1.

(2) Let Gbe a cyclic group of ordernand let kbe a positive integer. Prove that the number of x∈G such thatx^k= 1 is gcd(n, k).

(3) LetGbe a finite group of ordern. Prove that the following conditions are equivalent:

(i)Gis cyclic

(ii) For each divisordofn, the number ofx∈Gsuch thatx^d = 1 is≤d.

(iii) For each divisordofn, the number ofx∈Gsuch thatx^d= 1 isd.

Anarithmetic function is a map f : Z>0 → Z. A multiplicative function is an arithmetic function such that f(mn) = f(m)f(n) when m and n are relatively prime. For instance, Euler’s ϕ function is multiplicative: this follows from the ring isomorphim between the ring product (Z/mZ)×(Z/nZ) and the ringZ/mnZwhenmandnare relatively prime (Chinese remainder Theorem). Also,ϕ(p^a) =p^a−1(p−1) forpprime anda≥1. Hence, the value ofϕ(n), for nwritten as a product of powers of distinct prime numbers, is

ϕ(p^a₁¹· · ·p^a_r^r) =p^a₁¹⁻¹(p₁−1)· · ·p^a_r^r−1(p_r−1).

Whenpis a prime number, aprimitive root modulopis a generator of the cyclic group (Z/pZ)^×. There are exactlyϕ(p−1) of them in (Z/pZ)^×. From the definition, it follows that an elementg∈(Z/pZ)^×is a primitive root modulopif and only if

g^(p−1)/q6≡1 modp for all prime divisorsqofp−1.

Ifaandn are relatively prime integers, theorder of amodulo n is the order of the class ofain the multiplicative group (Z/nZ)^×. In other terms, it is the smallest integer`such thata<sup>`</sup> is congruent to 1 modulon.

Exercise 3. Forn a positive integer, check that the multiplicative group (Z/nZ)^× is cyclic if and only ifnis either 2, 4,p^sor 2p^s, withpan odd prime ands≥1.

Remark: For s≥2, (Z/2^sZ)^× is the product of a cyclic group of order2 by a cyclic group of order 2^s−2, hence, for s≥3 it is not cyclic.

1.3 The ring Z[X]

WhenF is a field, the ring F[X] of polynomials in one variable over F is an Euclidean domain, hence, a principal domain and, therefore, a factorial ring. The ringZ[X] is not an Euclidean ring: one cannot divideX by 2 inZ[X] for instance. But ifAandB are inZ[X] and B is monic, then both the quotient Qand the remainderR of the Euclidean division inQ[X] ofAbyB

A=BQ+R are in Z[X].

The gcd of the coefficients of a non–zero polynomialf ∈Z[X] is called thecontentof f. We denote it byc(f). A non–zero polynomial with content 1 is calledprimitive. Any non–zero polynomial inZ[X]

can be written in a unique way asf =c(f)g withg∈Z[X] primitive.

For any non–zero polynomial f ∈ Q[X], there is a unique positive rational numberr such that rf belongs toZ[X] and is primitive.

Lemma 4(Gauss’s Lemma). Forf andg non–zero polynomials inZ[X], we have c(f g) =c(f)c(g).

Proof. It suffices to check that the product of two primitive polynomials is primitive. More generally, let pbe a prime number andf,gtwo polynomials whose contents are not divisible byp. We check that the content off g is not divisible byp.

We use the surjective morphism of rings

Ψ_p:Z[X]→F_p[X], (5)

which mapsX toX and ZontoFpby reduction modulopof the coefficients. Its kernel is the principal ideal pZ[X] = (p) of Z[X] generated byp: it is the set of polynomials whose content is divisible by p.

The assumption is Ψp(f)6= 0 and Ψp(g)6= 0. Sincepis prime, the ringFp[X] has no zero divisor, hence, Ψp(f g) = Ψp(f)Ψp(g)6= 0, which shows thatf g is not in the kernel of Ψp.

The ring Z is an Euclidean domain, hence, a principal domain and, therefore, a factorial ring. It follows that the ringZ[X] is factorial. The units ofZ[X] are{+1,−1}. The irreducible elements inZ[X]

are

– the prime numbers{2,3,5,7,11, . . .},

– the irreducible polynomials inQ[X] with coefficients in Zand content 1 – and, of course, the product of one of these elements by−1.

From Gauss’s Lemma4, one deduces that iff andg are two monic polynomials inQ[X] such that f g∈Z[X], then f andg are in Z[X].

A monic polynomial inZ[X] is a product, in a unique way, of irreducible monic polynomials inZ[X].

Exercise 6. Given two rings B1, B2, a subring A1 of B1, a subring A2 of B2, a morphism of ring f :A1→A2,

B1 B2

∪ ∪

A1 −−−−−→

f A2

elements x1, . . . , xn of B1 and elements y1, . . . , yn of B2, a necessary and sufficient condition for the existence of a morphism F : A1[x1, . . . , xn] → A2[y1, . . . , yn] such that F(a) = f(a) for a ∈ A1 and F(xi) =yi for 1≤i≤nis the following:

For any polynomial P ∈ A1[X1, . . . , Xn] such that P(x1, . . . , xn) = 0,

the polynomial Q∈A2[X1, . . . , Xn], image ofP by the extension of f toA₁[X₁, . . . , X_n]→A₂[X₁, . . . , X_n], satisfies

Q(y₁, . . . , y_n) = 0.

1.4 M¨ obius inversion formula

Letf be a map defined on the set of positive integers with values in an additive group. Define another mapg by

g(n) =X

d|n

f(d).

It is easy to check by induction that f is completely determined by g. Indeed, the formula for n= 1 producesf(1) =g(1) and forn≥2, once f(d) is known for alld|n withd6=n, one obtainsf(n) from the formula

f(n) =g(n)−X

d|n d6=n

f(d).

We wish to write this formula in a close form. Ifpis a prime, the formula becomesf(p) =g(p)−g(1).

Next,f(p²) =g(p²)−g(p). More generally, forpprime and m≥1, f(p^m) =g(p^m)−g(p^m−1).

It is convenient to write this formula as f(p^m) =

m

X

h=0

µ(p^m−h)g(p^h),

where µ(1) = 1, µ(p) = −1, µ(p^m) = 0 for m ≥ 2. In order to extend this formula for writing f(n) in terms of g(d) for d | n, one needs to extend the function µ and it is easily seen by means of the convolution product (see Exercise 7) that the right thing to do is to require thatµ be a multiplicative function, namely thatµ(ab) =µ(a)µ(b) ifaandbare relatively prime.

TheM¨obius functionµ(see, for instance, [8]§2.6) is the map from the positive integers to{0,1,−1}

defined by the properties µ(1) = 1, µ(p) = −1 for p prime, µ(p^m) = 0 for p prime and m ≥ 2 and µ(ab) =µ(a)µ(b) if a and b are relatively prime. Hence,µ(a) = 0 if and only if ahas a square factor, while for a squarefree numbera, which is a product ofsdistinct primes we haveµ(a) = (−1)^s:

µ(p1· · ·ps) = (−1)^s.

One of the many variants of theM¨obius inversion formula states that, forf andg two maps defined on the set of positive integers with values in an additive group, the two following properties are equivalent:

(i)For any integern≥1,

g(n) =X

d|n

f(d).

(ii)For any integern≥1,

f(n) =X

d|n

µ(n/d)g(d).

For instance, Lemma1is equivalent to ϕ(n) =X

d|n

µ(n/d)d for alln≥1.

An equivalent statement of the M¨obius inversion formula is the following multiplicative version, which deals with two mapsf,gfrom the positive integers into an abelian multiplicative group. The two following properties are equivalent:

(i)For any integern≥1,

g(n) =Y

d|n

f(d).

(ii)For any integern≥1,

f(n) =Y

d|n

g(d)^µ(n/d).

A third form of the M¨obius inversion formula (which we will not use here) deals with two functions F andGfrom [1,+∞) toC. The two following properties are equivalent:

(i)For any real numberx≥1,

G(x) =X

n≤x

F(x/n).

(ii)For any real numberx≥1,

F(x) =X

n≤x

µ(n)G(x/n).

As an illustration, takeF(x) = 1 andG(x) = [x] for allx∈[1,+∞). Then X

n≤x

µ(n)[x/n] = 1

Exercise 7. LetAbe a (commutative) ring and letRdenote the set ofarithmetic functions, namely the set of applications from the positive integers into A. Forf andg inR, define the convolution product

f ? g(m) = X

ab=m

f(a)g(b).

(a) Check that R, with the usual addition and with this convolution product, becomes a commutative ring.

Hint:

f ? g ? h(m) = X

abc=m

f(a)g(b)h(c).

Check that the unity isδ∈Rdefined by δ(a) =

(1 fora= 1, 0 fora >1.

(b) Check that iff andg are multiplicative, then so isf ? g.

(c) Define1∈Rby1(x) = 1 for allx≥1. Check thatµand1are inverse each other inR:

µ ?1=δ.

(d) Check that the formula

µ ?1? f =f for allf ∈R

is equivalent to M¨obius inversion formula.

(e) Definej byj(n) =nand, fork≥0,σk(n) =P

d|nd^k. Check µ ? j=ϕ, j^k?1=σ_k.

2 The theory of finite fields

References:

M. Demazure [2], Chap. 8.

D.S. Dummit & R.M. Foote [3],§14.3.

S. Lang [5], Chap. 5§5.

R. Lidl & H. Niederreiter [6].

V. Shoup [8], Chap. 20.

2.1 Gauss fields

A field with finitely many elements is also called a Gauss Field. For instance, given a prime numberp, the quotientZ/pZis a Gauss field. Given two fieldsF andF⁰ withpelements,pprime, there is a unique isomorphism F→F⁰. Hence, we denote by Fp the unique field withpelements.

Thecharacteristicof a finite fieldF is a prime numberp, hence, its prime field isFp. Moreover,F is a finite vector space overFp; if the dimension of this space iss, which means thatF is a finite extension ofFp of degree [F :Fp] =s, then F hasp^selements. Therefore, the number of elements of a finite field is always a power of a prime numberpand this prime number is the characteristic ofF.

The multiplicative groupF^× of a field with qelements has orderq−1, hence,x^q−1= 1 for all xin F^× andx^q =xfor allxin F. Therefore,F^× is the set of roots of the polynomial X^q−1−1, whileF is the set of roots of the polynomialX^q−X:

X^q−1−1 = Y

x∈F^×

(X−x), X^q−X = Y

x∈F

(X−x). (8)

Exercise 9. (a) LetF be a finite field withqelements. Denote byC the set of non–zero squares in F, which is the image of the endomorphismx7→x² of the multiplicative group F^×:

C={x² | x∈F^×}.

Assume qis even; checkC=F^×, henceX^q−1−1 =Q

x∈C(X−x).

Assume qis odd; check

X^(q−1)/2−1 = Y

x∈C

(X−x) and X^(q−1)/2+ 1 = Y

x∈F^×\C

(X−x)

(b) Letpbe an odd prime. ForainFp, denote by

a p

the Legendre symbol:

a p

=







0 ifa= 0

1 ifais a non–zero square inF_p

−1 ifais not a square inFp.

Check

X^(p−1)/2−1 = Y

a∈Fp,(^ap)⁼¹

(X−a) and

X^(p−1)/2+ 1 = Y

a∈Fp,(^a_p)=−1

(X−a).

Deduce that forain F_p,

a p

=a^(p−1)/2.

Exercise 10. Prove that in a finite field, any element is a sum of two squares.

Exercise 11. LetF be a finite field, q the number of its elements,k a positive integer. Denote byCk

the image of the endomorphismx7→x^k of the multiplicative groupF^×: C_k ={x^k | x∈F^×}.

How many elements are there in Ck?

Exercise 12. Find the irreducible polynomial of√ 2 +√

3 overZand prove that it is reducible modulo pfor all primesp.

Exercise 13. Prove that ifF is a finite field with qelements, then the polynomial X^q −X+ 1 has no root in F. Deduce thatF is not algebraically closed.

Proposition 14. Any finite subgroup G of the multiplicative group of a field K is cyclic. If n is the order ofG, thenGis the set of roots of the polynomial Xⁿ−1 inK.

Proof. Let e be the exponent of G. By Lagrange’s theorem, e divides n. Any xin G is a root of the polynomialX^e−1. SinceGhas ordern, we getnroots in the fieldKof this polynomialX^e−1 of degree e≤n. Hencee=n. We conclude by using the fact that there exists inGat least one element of order e, hence,Gis cyclic.

The last part of the statement is easy: any elementxof Gsatisfies xⁿ = 1 by Lagrange’s theorem, hence the polynomialXⁿ−1, which has degreen, hasnroots inK, namely the elements inG. SinceK is a field, we deduce

Xⁿ−1 = Y

x∈G

(X−x), which means thatGis the set of roots of the polynomialXⁿ−1 inK.

Second proof of Proposition14. The following alternative proof of Proposition14does not use the expo- nent. LetK be a field andGa finite subgroup ofK^×of ordern. For eachd|n, the number of elements xin Ksatisfyingx^d= 1 is at mostd(the polynomialX^d−1 has at most droots inK). The result now follows from exercise2(3).

Recall that whenF =Fp, a rational integerais called aprimitive root modulo pifais not divisible bypand if the class ofamodulopis a generator of the cyclic group (Z/pZ)^×. More generally, whenFq

is a finite field withqelements, a generator of the cyclic groupF^×_q is called aprimitive rootor aprimitive

elementinFq. A nonzero elementαinFq is a primitive root inFq if and only ifαis a primitive (q−1)th root of unity. There areϕ(q−1) primitive roots inFq. Programs giving primitive roots inFqare available online¹.

The discrete logarithm. Let Fq be a finite field and α a primitive root in Fq, so that F^×_q = {1, α, α², . . . , α^q−2}. Any γ ∈ F^×_q can be written in a unique way as α^m for some 0 ≤ m ≤ q−2.

This integer m, or the class of m moduloq−1, is the discrete logarithm in Fq of γ with respect to α (also called theindex ofγ or themultiplicative order ofγwith respect toα). We denote it by Indαγ:

Indα(αⁿ) =n, α^Indαγ=γ.

Forαa primitive root inFq andγ, γ1, γ2 inF^×_q, we have

Indα(γ1γ2)≡Indα(γ1) + Indα(γ2) mod (q−1), Indα(γ⁻¹)≡ −Indα(γ) mod (q−1).

Ifαandβ are primitive roots inFq, then

Ind_α(β)Ind_β(α)≡1 mod (q−1).

Example 15 (The discrete logarithm in F₄). The field F₄ is a quadratic extension of F₂ (see Example 25). Let x be a root of the polynomial X²+X + 1 ∈ F₂[X], so that F₄ = F₂(x) and F^×₄ ={1, x, x²}. The tables of exponentials in F^×₄ are

αⁿ :

n= 1 2

α=x x x²

α=x² x² x hence the tables of discrete logarithms inF₄ are

Ind_αγ:

γ= x x²

α=x 1 2

α=x² 2 1

Exercise 16. For each prime p≤13 and also for p= 31, list the valuesα ∈F^×_p which are primitive roots inFp. Next, for eachαand forn= 0,1,2, . . . , p−2, computeαⁿ. Deduce a table of the discrete logarithm inFpwith respect to the primitive root α.

The theorem of the primitive element for finite fields is:

Proposition 17. Let F be a finite field andK a finite extension ofF. Then there existα∈K such that K=F(α).

Proof. Let q = p^s be the number of elements in K, where p is the characteristic of F and K; the multiplicative groupK^× is cyclic (Proposition14); letαbe a generator. Then

K=

0,1, α, α², . . . , α^q−2 =Fp(α), and, therefore,K=F(α).

1One of them (in French) is

http://jean-paul.davalan.pagesperso-orange.fr/mots/comb/gfields/index.html Computation on finite fields can be done also with Pari GP; see

http://wims.unice.fr/~wims/

Hence the field K is isomorphic to the quotient Fp[X]/(P) where P ∈ Fp[X] is some irreducible polynomial over Fp of degrees. We prove below (cf. Theorem19) that Kis isomorphic to the quotient Fp[X]/(P) whereP∈Fp[X] is any irreducible polynomial overFp of degrees.

Lemma 18. LetK be a field of characteristic p. Forxandy inK, we have (x+y)^p=x^p+y^p. Proof. Whenpis a prime number andnan integer in the range 1≤n < p, the binomial coefficient

p n

= p!

n!(p−n)!

is divisible by p.

We now prove that for any prime numberpand any integer s≥1, there exists a finite field with p^s elements.

Theorem 19. Letpbe a prime number andsa positive integer. Setq=p^s. Then there exists a field with q elements. Two finite fields with the same number of elements are isomorphic. If Ωis an algebraically closed field of characteristicp, thenΩcontains one and only one subfield with qelements.

Proof. LetF be a splitting field over Fp of the polynomial X^q −X. Since the derivative ofX^q−X is

−1, there is no multiple root, henceX^q−X hasq distinct roots inF. From Lemma 18it follows that the set of these roots is a field. Hence this set isF andF hasqelements.

IfF⁰ is a field withqelements, thenF⁰ is the set of roots of the polynomialX^q−X, hence,F⁰ is the splitting field of this polynomial over its prime field and, therefore, is isomorphic to F.

If Ω is an algebraically closed field of characteristicp, then the unique subfield of Ω withqelements is the set of roots of the polynomialX^q−X.

According to (8), ifFq is a finite field withqelements andF an extension ofFq, then fora∈F, the relationa^q =aholds if and only if a∈Fq. We will use the following more general fact:

Lemma 20. Let Fq be a finite field with qelements, F an extension of Fq andf ∈F[X]a polynomial with coefficients inF. Thenf belongs to Fq[X]if and only if f(X^q) =f(X)^q.

Proof. Sinceqis a power of the characteristicpofF, if we write f(X) =a0+a1X+· · ·+anXⁿ, then, by Lemma18,

f(X)^p=a^p₀+a^p₁X^p+· · ·+a^p_nX^np and by induction

f(X)^q =a^q₀+a^q₁X^q+· · ·+a^q_nX^nq. Therefore,f(X)^q =f(X^q) if and only ifa^q_i =ai for alli= 0,1, . . . , n.

From Lemma18, we deduce:

Proposition 21. Let F be a field of characteristic p.

(a) The map

Frob_p: F → F x 7→ x^p is an endomorphism ofF.

(b) If F is finite, or if F is algebraically closed, thenFrobp is surjective, hence is an automorphism of the fieldF.

Remark. An example of a field of characteristic pfor which the endomorphism Frob_p is not surjective is the fieldF_p(X) of rational fractions in one variable over the prime fieldF_p.

Proof. Indeed, this map is a morphism of fields since, by Lemma18, forxandy inF, Frobp(x+y) = Frobp(x) + Frobp(y)

and

Frobp(xy) = Frobp(x)Frobp(y).

It is injective since it is a morphism of fields. IfF is finite, it is surjective because it is injective. If F is algebraically closed, any element inF is ap–th power.

This endomorphism ofF is called theFrobeniusofF overFp. It extends to an automorphism of the algebraic closure ofF.

Ifsis a non–negative integer, we denote by Frob^s_p or by Frob_ps the iterated automorphism Frob⁰_p = 1, Frobp^s= Frob_ps−1◦Frobp (s≥1),

so that, forx∈F,

Frob⁰_p(x) =x, Frobp(x) =x^p, Frob_p2(x) =x^p2, . . . , Frobp^s(x) =x^ps (s≥0).

IfF hasp^selements, then the automorphism Frob^s_p= Frobp^s ofF is the identity.

IfF is a finite field withqelements and K a finite extension ofF, then Frobq is aF–automorphism ofK called theFrobenius of K overF.

Let F be a finite field of characteristic pwith q = p^r elements. According to Proposition 14, the multiplicative groupF^×ofF is cyclic of orderq−1. Letαbe a generator ofF^×, that means an element of orderq−1. For 1≤` < r, we have 1≤p<sup>`</sup>−1< p^r−1 =q−1, hence,α^{p`−1</sup>6= 1 and Frob<sup>`}_p(α)6=α.

Since Frob^r_p is the identity onF, it follows that Frobp has orderrin the group of automorphisms ofF. Recall that a finite extensionL/K is calleda Galois extension if the group GofK–automorphisms of L has order [L : K] and in this case the group G is the Galois group of the extension, denoted by Gal(L/K). It follows that the extensionF/Fp is Galois, with Galois group Gal(F/Fp) = Aut(F) the cyclic group of ordersgenerated by Frobp.

We extend this result to the more general case where the ground field F_p is replaced by any finite field.

Theorem 22. [Galois theory for finite fields]

Let F be a finite field with q ele- ments and K a finite extension of F of degrees. Then the extensionK/F is Galois with Galois groupGal(K/F) = AutF(K) the cyclic group generated by the Frobenius Frob_q. Define G = Gal(K/F).

K s/d

| E d

| F

! s

There is a bijection between (i)the divisorsdof s.

(ii)the subfieldsE ofK containingF (iii) the subgroupsH ofG.

• IfE is a subfield ofK containingF, then the degreed= [K:E]of E overK divides s, the number of elements inE isq^d, the extensionK/F is Galois with Galois group the unique subgroupH of Gof order d, which is the subgroup generated by Frob_qd; furthermore,H is the subgroup ofG which consists of the elements σ∈Gsuch that σ(x) =xfor allx∈E.

• Conversely, ifddivides s, thenK has a unique subfieldE withq^d elements, which is the fixed field by Frob_qd:

E={α∈K | Frob_qd(α) =α},

this field E containsF and the Galois group ofK overE is the unique subgroupH of Gof orderd.

Proof. Since G is cyclic generated by Frob_q, there is a bijection between the divisors d of s and the subgroupsH ofG: ford|s, the unique subgroup ofGof orders/d(which means of indexd) is the cyclic subgroup generated by Frob_qd. The fixed field ofH, which is by definition the set of xin K satisfying σ(x) =xfor allσ∈H, is the fixed field of Frob_qd, hence it is the unique subfield ofE withq^d elements;

the degree ofK overE is therefored. If Eis the subfield of Kwith q^d elements, then the Galois group ofK/E is the cyclic group generated by Frob_qd.

Under the hypotheses of Theorem22, the Galois group ofEoverFis the quotient Gal(K/F)/Gal(K/E).

Exercise 23.

LetF be a field,mandntwo positive integers.

(a) Letr be the remainder of the Euclidean division of nby m in Z. Prove that the remainder of the Euclidean division of Xⁿ−1 byX^m−1 inF[X] isX^r−1.

(b) Check

gcd(Xⁿ−1, X^m−1) =X^gcd(m,n)−1.

(c) Let furtheraandb be two integers≥2. Prove that the following conditions are equivalent.

(i)ndividesm.

(ii) InF[X], the polynomialXⁿ−1 dividesX^m−1.

(iii)aⁿ−1 dividesa^m−1.

(ii’) InF[X], the polynomialX^an−X divides X^am−X.

(iii’)b^an−bdividesb^am−b.

LetF be a finite field with q^melements and letn≥1. ThenF contains a subfield withnelements if and only ifndividesm. In this case, such a subfield is unique.

Fix an algebraic closureFp of Fp. For each s≥1, denote by Fp^s the unique subfield of Ω with p^s elements. Fornandmpositive integers, we have the following equivalence:

Fpⁿ⊂Fp^m ⇐⇒ ndividesm. (24)

If these conditions are satisfied, then F_pm/F_pn is cyclic, with Galois group of orderm/n generated by Frob_pn.

LetF ⊂F_p be a finite field of characteristic pwithq elements and letxbe an element in F_p. The conjugates ofxoverF are the roots inF_pof the irreducible polynomial ofxoverF and these are exactly the images ofxby the iterated Frobenius Frob_qi,i≥0.

Two fields withp^s elements are isomorphic (cf. Theorem19), but ifs≥2, there is no unicity of such an isomorphic, because the set of automorphisms of Fp^s has more than one element (indeed, it has s elements).

Remarks.

•The additive group (F,+) of a finite field F with qelements is cyclic if and only ifqis a prime number.

• The multiplicative group (F^×,×) of a finite fieldF with qelements is cyclic, hence, is isomorphic to the additive groupZ/(q−1)Z.

• A finite fieldF withq elements is isomorphic to the ringZ/qZif and only if qis a prime number (which is equivalent to saying that Z/qZhas no zero divisor).

Example 25(Simplest example of a finite field which is not a prime field). A fieldFwith 4 elements has two elements besides 0 and 1. These two elements play exactly the same role: the map which permutes them and sends 0 to 0 and 1 to 1 is an automorphism ofF: this automorphism is nothing else than Frob2. Select one of these two elements, call it j. Thenj is a generator of the multiplicative group F^×, which means thatF^×={1, j, j²} andF={0,1, j, j²}.

Here are the addition and multiplication tables of this fieldF: (F,+) 0 1 j j²

0 0 1 j j²

1 1 0 j² j

j j j² 0 1

j² j² j 1 0

(F,×) 0 1 j j²

0 0 0 0 0

1 0 1 j j²

j 0 j j² 1

j² 0 j² 1 j

There are 4 polynomials of degree 2 overF₂, three which split inF₂, namelyX²,X²+ 1 = (X+ 1)²and X²+X=X(X+ 1) and just one which is irreducible,X²+X+ 1, the roots of which are the elements ofF other than 0 and 1.

Example 26 (The field F5). .

Denote by i and −i the two roots of X² + 1; one of them is 2, the other is 3. We have F5 = {0,1,−1, i,−i}. If we do not specify our choice, we cannot tell what isi+ 1 for instance: it is−iif we selecti= 2 and it is−1 if we selecti= 3. Notice that there is no automorphism ofF5mappingito −i.

Exercise 27. Check the following isomorphisms and give a generator of the multiplicative group of non–zero elements in the field.

(a)F4=F2[X]/(X²+X+ 1).

(b)F8=F2[X]/(X³+X+ 1).

(c)F16=F2[X]/(X⁴+X+ 1).

(d)F₁₆=F₂[X, Y]/(Y²+Y + 1, X²+X+Y).

Exercise 28. (a) Give the list of all irreducible polynomials of degree≤5 overF2. (b) Give the list of all monic irreducible polynomials of degree≤2 overF₄.

Recall (Theorem22) that any finite extension of a finite field is Galois. Hence, in a finite fieldF, any irreducible polynomial is separable: finite fields are perfect.

Theorem 29 (Normal basis theorem). Given a finite extension L ⊃K of finite fields, there exists an element αin L^× such that the conjugates of αoverK form a basis of the vector spaceL overK.

With such a basis, the Frobenius map Frob_q, where q is the number of elements in K, becomes a shift operator on the coordinates.

Remark. The normal basis Theorem holds for any finite Galois extension L/K: given any finite Galois extensionL/K, there existsα∈Lsuch that the conjugates of αgive a basis of theK vector spaceL.

Proof of Theorem 29.

Let σ be a generator of G. The elements of G are distinct characters of L^×, namely homomorphisms of multiplicative groups L^× → L^× and therefore they are linearly independent by Dedekind Theorem (theorem of linear independence of characters). We now considerσas an endomorphism of theK–vector spaceL: since 1, σ, . . . , σ^d−1 are linearly independent overK, withd= [L:K], the minimal polynomial of the endomorphismσ isX^d−1, which is also the characteristic polynomial of this endomorphism. It follows that there is a cyclic vector, which is an elementαinLsolution of our problem.

For such a basisα, α^q, α^q2, . . . , α^qd−1, an elementγ inLhas coordinates a₀, a₁, . . . , a_d−1 with γ=a0α+a1α^q+a2α^q2+· · ·+a_d−1α^qd−1,

and the image ofγ under the Frobenius map Frobq is

γ^q =ad−1+a0α^q+a1α^q2+· · ·+ad−2α^qd−1,

the coordinates of which area_d−1, a₀, a₁, . . . , a_d−2. Hence the Frobenius is a shift operator on the coor- dinates.

Remark. Forα∈L, a necessary and sufficient condition for the conjugates ofαto give a basis ofLover K is

det τ⁻¹σ(α)

τ,σ∈G 6= 0.

Exercise 30.

(a) LetGbe a group,N be a normal subgroup of finite index inGandH a subgroup ofG. Show that the index ofH∩N inH is finite and divides the index ofN inG. Deduce that ifH∩N ={1}, thenH is finite and its order divides the index ofN in G.

(b) LetL/K be a finite abelian extension andE1, E2two subfields ofL containingK. Assume that the compositum of E1andE2 isL. Show that [L:E1] divides [E2:K].

(c) Let F be a finite field,E an extension ofF and α, β two elements inE which are algebraic over F of degree respectivelyaandb. Assumeaandbare relatively prime. Prove that

F(α, β) =F(α+β).

One of the main results of the theory of finite fields is the following:

Theorem 31. LetF be a finite field with qelements,αan element in an algebraic closure of F. There exist integers `≥1such that α<sup>q`</sup> =α. Denote byn the smallest:

n= min{`≥1 | Frob<sup>`</sup>_q(α) =α}.

Then the field F(α) has qⁿ elements, which means that the degree of α over F is n and the minimal polynomial of αoverF is

n−1

Y

`=0

X−Frob^`_q(α)

=

n−1

Y

`=0

X−α^q`

. (32)

Proof. Define s = [F(α) :F]. By Theorem 22, the extension F(α)/F is Galois with Galois group the cyclic group of order s generated by Frobq. The conjugates of α over F are the elements Frobⁱ_q(α), 0≤i≤s−1. Hences=n.

2.2 Cyclotomic polynomials

Letnbe a positive integer. An–th root of unityin a fieldK is an element ofK^× which satifiesxⁿ= 1.

This means that it is a torsion element of order dividingn.

Aprimitiven–th root of unity is an element ofK^× of ordern: forkin Z, the equalityx^k = 1 holds if and only ifndivides k.

For each positive integer n, the n–th roots of unity in F form a finite subgroup of F_tors^× having at most n elements. The union of all these subgroups of F_tors^× is just the torsion group F_tors^× itself. This group contains 1 and−1, but it could have just one element, like forF2=Z/2ZorF2(X) for instance.

The torsion subgroup ofR^× is{±1}, the torsion subgroup ofC^× is infinite.

LetK be a field of finite characteristicpand letnbe a positive integer. Writen=p^rm withr≥0 and gcd(p, m) = 1. InK[X], we have

Xⁿ−1 = (X^m−1)^pr.

Ifx∈K satisfiesxⁿ= 1, then x^m= 1. Therefore, the order of a finite subgroup ofK^× is prime top.

It also follows that the study ofXⁿ−1 reduces to the study ofX^m−1 withmprime top.

Letnbe a positive integer and Ω be an algebraically closed field of characteristic either 0 or a prime number not dividing n. Then the number of primitive n-th roots of unity in Ω is ϕ(n). These ϕ(n) elements are the generators of the unique cyclic subgroupCn of ordernof Ω^×, which is the group ofn-th roots of unity in Ω:

Cn={x∈Ω | xⁿ = 1}.

2.2.1 Cyclotomic polynomials over C[X]

The mapC→C^× defined byz7→e^2iπz/nis a morphism from the additive groupCto the multiplicative group C^×; this morphism has kernel nZ. Hence, it factors to an injective morphism from the group C/nZto C^×: we denote it also byz 7→e^2iπz/n. In particular e^2iπz/n makes sense forz ∈Z/nZ. The unique subgroup of orderninC/nZisZ/nZ, its image underz7→e^2iπz/n isµ_n⊂C^×.

Forna positive integer, we define a polynomial Φn(X)∈C[X] by Φn(X) = Y

k∈(Z/nZ)^×

(X−e^2iπk/n). (33)

This polynomial is called the cyclotomic polynomial of indexn; it is monic and has degree ϕ(n). Since Xⁿ−1 =

n−1

Y

k=0

(X−e^2iπk/n),

the partition of the set of roots of unity according to their order shows that Xⁿ−1 = Y

1≤d≤n d|n

Φd(X). (34)

The degree ofXⁿ−1 is nand the degree of Φd(X) isϕ(d), hence, Lemma1 follows also from (34).

The namecyclotomycomes from the Greek and meansdivide the circle. The complex roots ofXⁿ−1 are the vertices of a regular polygon with nsides.

From (34), it follows that an equivalent definition of the polynomials Φ₁,Φ₂, . . .inZ[X] is by induction onn:

Φ₁(X) =X−1, Φ_n(X) = Xⁿ−1 Y

d6=n d|n

Φ_d(X)

· (35)

This is the most convenient way to compute the cyclotomic polynomials Φn for small values ofn.

M¨obius inversion formula (see the second form in§1.4withGthe multiplicative groupQ(X)^×) yields Φn(X) =Y

d|n

(X^d−1)^µ(n/d).

Notice that for m≥3, the polynomial Φm has real coefficients (in fact integer coefficients) and no real root, hence its degreeϕ(m) is even.

First examples. One has

Φ2(X) =X²−1

X−1 =X+ 1, Φ3(X) =X³−1

X−1 =X²+X+ 1, and more generally, forpprime

Φp(X) =X^p−1

X−1 =X^p−1+X^p−2+· · ·+X+ 1.

The next cyclotomic polynomials are

Φ₄(X) = X⁴−1

X²−1 =X²+ 1 = Φ₂(X²), Φ6(X) = X⁶−1

(X³−1)(X+ 1) = X³+ 1

X+ 1 =X²−X+ 1 = Φ3(−X).

The next page is reproduced from

https://en.wikipedia.org/wiki/Cyclotomic_polynomial

Φ1(x) =x−1 Φ₂(x) =x+ 1 Φ3(x) =x²+x+ 1 Φ4(x) =x²+ 1

Φ₅(x) =x⁴+x³+x²+x+ 1 Φ6(x) =x²−x+ 1

Φ7(x) =x⁶+x⁵+x⁴+x³+x²+x+ 1 Φ8(x) =x⁴+ 1

Φ₉(x) =x⁶+x³+ 1

Φ10(x) =x⁴−x³+x²−x+ 1

Φ11(x) =x¹⁰+x⁹+x⁸+x⁷+x⁶+x⁵+x⁴+x³+x²+x+ 1 Φ12(x) =x⁴−x²+ 1

Φ₁₃(x) =x¹²+x¹¹+x¹⁰+x⁹+x⁸+x⁷+x⁶+x⁵+x⁴+x³+x²+x+ 1 Φ14(x) =x⁶−x⁵+x⁴−x³+x²−x+ 1

Φ15(x) =x⁸−x⁷+x⁵−x⁴+x³−x+ 1 Φ₁₆(x) =x⁸+ 1

Φ₁₇(x) =x¹⁶+x¹⁵+x¹⁴+x¹³+x¹²+x¹¹+x¹⁰+x⁹+x⁸+x⁷+x⁶+x⁵+x⁴+x³+x²+x+ 1 Φ18(x) =x⁶−x³+ 1

Φ19(x) =x¹⁸+x¹⁷+x¹⁶+x¹⁵+x¹⁴+x¹³+x¹²+x¹¹+x¹⁰+x⁹+x⁸+x⁷+x⁶+x⁵+x⁴+x³+x²+x+ 1 Φ₂₀(x) =x⁸−x⁶+x⁴−x²+ 1

Φ21(x) =x¹²−x¹¹+x⁹−x⁸+x⁶−x⁴+x³−x+ 1

Φ22(x) =x¹⁰−x⁹+x⁸−x⁷+x⁶−x⁵+x⁴−x³+x²−x+ 1

Φ23(x) =x²²+x²¹+x²⁰+x¹⁹+x¹⁸+x¹⁷+x¹⁶+x¹⁵+x¹⁴+x¹³+x¹²+x¹¹ +x¹⁰+x⁹+x⁸+x⁷+x⁶+x⁵+x⁴+x³+x²+x+ 1

Φ24(x) =x⁸−x⁴+ 1

Φ25(x) =x²⁰+x¹⁵+x¹⁰+x⁵+ 1

Φ₂₆(x) =x¹²−x¹¹+x¹⁰−x⁹+x⁸−x⁷+x⁶−x⁵+x⁴−x³+x²−x+ 1 Φ₂₇(x) =x¹⁸+x⁹+ 1

Φ28(x) =x¹²−x¹⁰+x⁸−x⁶+x⁴−x²+ 1

Φ29(x) =x²⁸+x²⁷+x²⁶+x²⁵+x²⁴+x²³+x²²+x²¹+x²⁰+x¹⁹+x¹⁸+x¹⁷+x¹⁶+x¹⁵+x¹⁴ +x¹³+x¹²+x¹¹+x¹⁰+x⁹+x⁸+x⁷+x⁶+x⁵+x⁴+x³+x²+x+ 1

Φ30(x) =x⁸+x⁷−x⁵−x⁴−x³+x+ 1.

It is known that ifnhas at most two odd prime divisors, then the coefficients of Φn are 0, 1 or−1.

The least integer that has three distinct odd prime divisors is 105. In the polynomial Φ105, the coefficients ofx⁷andx⁴¹ are−2:

Φ105(x) =x⁴⁸+x⁴⁷+x⁴⁶−x⁴³−x⁴²−2x⁴¹−x⁴⁰−x³⁹+x³⁶+x³⁵+x³⁴+x³³+x³²+x³¹−x²⁸−x²⁶

−x²⁴−x²²−x²⁰+x¹⁷+x¹⁶+x¹⁵+x¹⁴+x¹³+x¹²−x⁹−x⁸−2x⁷−x⁶−x⁵+x²+x+ 1.

Exercise 36.

(a) Let n ≥ 2 be an integer. Denote byR the radical (maximal square free factor) of n, namely the product of the prime factors ofn. Check

φ_n(X) =φ_R(X^n/R). (37)

(b) Letpbe a prime number and let m1a positive integer prime top. Setm=pm1. Prove Φm₁(X^p) = Φm(X)Φm₁(X).

(c) Letpbe a prime number andma positive integer multiple ofp. Writem=p^rm₁with gcd(p, m₁) = 1 andr≥1. Deduce from (a) and (b)

Φ_m1(X^pr) = Φ_m(X)Φ_m1(X^pr−1).

(d) Forr≥0,pprime andm a multiple ofp, check

Φp^rm(X) = Φm(X^pr) andϕ(p^rm) =p^rϕ(m).

Deduce

Φ_pr(X) =X^{pr−1(p−1)}+X^{pr−1(p−2)}+· · ·+X^pr−1+ 1 = Φ_p(X^pr−1) whenpis a prime andr≥1 (also a consequence of (37)).

(e) Letnbe a positive integer. Prove ϕ(2n) =

(ϕ(n) ifnis odd, 2ϕ(n) ifnis even,

Φ_2n(X) =







−Φ₁(−X) ifn= 1,

Φn(−X) ifnis odd and≥3, Φ_n(X²) ifnis even.

Deduce, for`≥1 and for modd≥3,

Φ₂`(X) =X<sup>2`−1</sup>+ 1 Φ₂`m(X) = Φm(−X<sup>2`−1</sup>), Φ_m(X)Φ_m(−X) = Φ_m(X²).

(f) Check, forn≥1,

Φn(1) =







0 forn= 1,

p ifn=p^r withpprime and r≥1;

1 otherwise.

(g) Check, forn≥1,

Φn(−1) =







−2 forn= 1, 1 ifnis odd≥3;

Φ_n/2(1) ifnis even.

In other terms, for n≥3, Φ_n(−1) =

(p ifn= 2p^r withpa prime andr≥1;

1 ifnis odd or ifn= 2mwheremhas at least two distinct prime divisors.

Theorem 38. For any positive integer n, the polynomial Φn(X) has its coefficients in Z. Moreover, Φn(X) is irreducible inZ[X].

Proof of the first part of Theorem 38. We check Φ_n(X)∈Z[X] by induction onn. The results holds for n= 1, since Φ₁(X) =X−1. Assume Φ_m(X)∈Z[X] for allm < n. From the induction hypothesis, it follows that

h(X) = Y

d|n d6=n

Φd(X)

is monic with coefficients in Z. We divide Xⁿ−1 by h in Z[X]: let Q ∈ Z[X] be the quotient and R∈Z[X] the remainder:

Xⁿ−1 =h(X)Q(X) +R(X).

We also haveXⁿ−1 = h(X)Φn(X) in C[X], as shown by (34). From the unicity of the quotient and remainder in the Euclidean division inC[X], we deduceQ= Φ_n andR= 0, hence, Φ_n∈Z[X].

We now show that Φn is irreducible in Z[X]. Since it is monic, its content is 1. It remains to check that it is irreducible inQ[X].

Here is a proof of the irreducibility of the cyclotomic polynomial in the special case where the index is a prime numberp. It rests on Eisenstein’s Criterion:

Proposition 39 (Eisenstein criterion). Let

C(X) =c0X^d+· · ·+cd∈Z[X]

and let p be a prime number. Assume C to be product of two polynomials in Z[X] of positive degrees.

Assume also thatpdivides ci for1≤i≤dbut that pdoes not divide c0. Then p² divides cd. Proof. Let

A(X) =a₀Xⁿ+· · ·+a_n and B(X) =b₀X^m+· · ·+b_m

be two polynomials in Z[X] of degrees m and n such that C = AB. Hence, d = m+n, c0 = a0b0, cd = anbm. We use the morphism (5) of reduction modulo p, namely Ψp : Z[X] −→ Fp[X]. Write A˜= Ψ_p(A), ˜B= Ψ_p(B), ˜C= Ψ_p(C),

A(X) = ˜˜ a0Xⁿ+· · ·+ ˜an, B(X) = ˜˜ b0X^m+· · ·+ ˜bm

and

C(X) = ˜˜ c0X^d+· · ·+ ˜cd.

By assumption ˜c₀6= 0, ˜c₁=· · ·= ˜c_d = 0, hence, ˜C(X) = ˜c₀X^d = ˜A(X) ˜B(X) with ˜c₀= ˜a₀˜b₀6= 0. Now A˜and ˜B have positive degreesnandm, hence, ˜a_n= ˜b_m= 0, which means thatpdividesa_n andb_mand, therefore,p²divides c_d=a_nb_m.

Proof of the irreducibility ofΦp overZin Theorem 38forpprime. We setX−1 =Y, so that Φ_p(Y + 1) =(Y + 1)^p−1

Y =Y^p−1+ p

1

Y^p−2+· · ·+ p

2

Y +p∈Z[Y].

We observe that p divides all coefficients – but the leading one – of the monic polynomial Φp(Y + 1) and that p² does not divide the constant term. We conclude by using Eisenstein’s Criterion Proposition 39.

We now complete the proof of Theorem38.

Proof of the irreducibility ofΦ_n overZin Theorem 38for alln. Let f ∈ Z[X] be an irreducible factor of Φn with a positive leading coefficient and let g∈Z[X] satisfy f g= Φn. Our goal is to provef = Φn

andg= 1.

Since Φnis monic, the same is true forf andg. Letζbe a root off inCand letpbe a prime number which does not divide n. Sinceζ^p is a primitiven-th root of unity, it is a zero of Φn.

The first and main step of the proof is to check thatf(ζ^p) = 0. If ζ^p is not a root off, then it is a root ofg. We assumeg(ζ^p) = 0 and we will reach a contradiction.

Sincef is irreducible,f is the minimal polynomial ofζ, hence, fromg(ζ^p) = 0, we infer that f(X) divides g(X^p). Write g(X^p) =f(X)h(X) and consider the morphism Ψp of reduction modulopalready introduced in (5). Denote by F, G, H the images of f, g, h. Recall that f g = Φn in Z[X], hence, F(X)G(X) dividesXⁿ−1 inFp[X]. The assumption thatpdoes not dividenimplies thatXⁿ−1 has no square factor inF_p[X].

LetP ∈Z[X] be an irreducible factor ofF. FromG(X^p) =F(X)H(X), it follows thatP(X) divides G(X^p). ButG∈F_p[X], hence (see Lemma20),G(X^p) =G(X)^p and, therefore,P divides G(X). Now P²divides the product F G, which is a contradiction.

We have checked that for any rootζoff inCand any prime numberpwhich does not dividen, the numberζ^pis again a root off. By induction on the number of prime factors ofm, it follows that for any integer m with gcd(m, n) = 1 the number ζ^m is a root of f. Nowf vanishes at all the primitive n–th roots of unity, hence,f = Φn andg= 1.

Letnbe a positive integer. Thecyclotomic field of level noverQ is R_n=Q

e^2iπk/n | k∈(Z/nZ)^× ⊂C.

This is the splitting field of Φn overQ. Ifζ∈Cis any primitiven–th root of unity, thenRn=Q(ζ) and {1, ζ, . . . , ζ^ϕ(n)−1}is a basis ofRn as aQ–vector space.

For example we have

R₁=R₂=Q, R₃=R₆=Q(j), R₄=Q(i),

where j is a root of the polynomial X²+X+ 1. It is easy to check that forn ≥1 we have ϕ(n) = 1 if and only if n∈ {1,2}, ϕ(n) = 2 if and only ifn∈ {3,4,6} and ϕ(n) is even and≥4 for n≥5 with n6= 6. That ϕ(n), the degree ofRn, tends to infinity withncan be checked in an elementary way.

Exercise 40. Check

n≤2.685ϕ(n)^1.161 for alln≥1.

Proposition 41. There is a canonical isomorphism between Gal(R_n/Q) and the multiplicative group (Z/nZ)^×.

Proof. Letζ_n be a primitiven-th root of unity and letµ_n be the group ofn-th roots of unity, which is the subgroup ofC^× generated byζ_n. The mapZ−→µ_n which mapsmtoζ_n^mis a group homomorphism of kernel nZ. When c is a class modulo n, we denote by ζ^c the image of c under the isomorphism Z/nZ−→^∼ µn.

Forσ∈Gal(Rn/Q), defineθ(σ)∈(Z/nZ)^× by

σ(ζn) =ζ_n^θ(σ).

Thenθ is well defined and is a group isomorphism from Gal(Rn/Q) onto (Z/nZ)^×.

Example 42. The element τ in Gal(Rn/Q) such thatθ(τ) =−1 satisfiesτ(ζn) =ζ_n⁻¹. Butζ_n⁻¹ is the complex conjugate ofζn, since|ζn|= 1. Henceτ is the (restriction toRn of the) complex conjugation.

Assumen≥3. The subfield ofRn fixed by the subgroupθ⁻¹({1,−1}) of Gal(Rn/Q) is the maximal real subfield ofR_n:

R_n⁺=Q(ζ_n+ζ_n⁻¹) =Q cos(2π/n)

=R_n∩R with [R_n:R⁺_n] = 2.

2.2.2 Cyclotomic Polynomials over a finite field

Since Φn has coefficients in Z, for any field K, we can view Φn(X) as an element in K[X]: in zero characteristic, this is plain sinceK containsQ; in finite characteristicp, one considers the image of Φn

under the morphism Ψp introduced in (5): we denote again this image by Φn.

Proposition 43. Let K be a field and let n be a positive integer. Assume that K has characteristic either 0 or else a prime number pprime to n. Then the polynomialΦ_n(X)is separable over K and its roots in K are exactly the primitiven–th roots of unity which belong toK.

Proof. The derivative of the polynomialXⁿ−1 isnXⁿ⁻¹. InK, we haven6= 0 sincepdoes not divide n, hence, Xⁿ−1 is separable overK. Since Φ_n(X) is a factor of Xⁿ−1, it is also separable over K.

The roots inK of Xⁿ−1 are precisely the n–th roots of unity contained in K. An-th root of unity is primitive if and only if it is not a root of Φd whend|n,d6=n. From (35), this means that it is a root of Φn.

Recall that whenn=p^rmwithr≥0 andm≥1, in characteristicpwe have Xⁿ−1 = (X^m−1)^pr.

Therefore, ifpdivides n, there is no primitiven–th root of unity in a field of characteristicp.