Sie sind auf Seite 1von 16

EE 387, John Gill, Stanford University Notes #4, October 20, Handout #13

Finite fields: motivation


Algebraic block codes treat each channel symbol as an element of a finite field.
A linear encoder multiplies symbols by constants and accumulates the products to
generate each codeword symbol.
Syndrome computations also use multiply-accumulates.
The only knowledge about fields needed for error detection is that elements can be
multiplied and added.
We need to learn more about the structure of fields in order to
• design good codes
• build efficient implementations of field arithmetic units
• develop decoders for codes based on polynomials (cyclic codes)
In the following notes we dissect finite fields.

EE 387 Notes #4, Page 1

Finite fields: executive summary


• A finite field with q elements is called GF(q).1
• If p is a prime number, then GF(p) = integers with arithmetic modulo p.
• Every finite field is the vector space GF(q) = GF(pm) of m-tuples over GF(p).
◦ Addition is componentwise addition modulo p.
◦ Multiplication is polynomial multiplication modulo a prime polynomial.
• Every nonzero element of GF(q) has multiplicative order that divides q − 1.
• The multiplicative group of GF(q) is cyclic: every nonzero element is αi, where
α is a primitive element and 0 ≤ i ≤ q − 2 .
• Multiplication and division can be done by adding or subtracting logarithms.
Y Y
q−1
• x −1= (x − β) = fβ (x) where fβ (x) are prime polynomials
β∈GF(q)−{0}
whose degrees are divisors of m, the dimension of GF(q).

1
“GF” = “Galois field.” Evariste Galois (1811–1832) was a much better mathematician than marksman.
EE 387 Notes #4, Page 2
Field characteristic
The characteristic of a field is the least positive number of 1s that adds to 0.2
Theorem: The characteristic of a finite field is a prime number.
Proof : By contradiction. Let the rs be smallest positive number of ones that adds
to zero where r > 1 and s > 1. By associative law for addition,
1 · · + 1} = |1 + ·{z
| + ·{z · · + 1} + |1 + ·{z · · + 1} = r| + ·{z
· · + 1} + · · · + |1 + ·{z · · + r}
rs r r r s
| {z }
s
where r denotes the sum of r ones. Now use the distributive law:
· · + r} = r(1
rs = r| + ·{z | + ·{z
· · + 1}) = 0 .
s s
But r 6= 0, so rs = 0 implies that s = 0, i.e.,
1| + ·{z
· · + 1} = s = 0 .
s
In other words, a sum of s ones equals zero, which contradicts assumption that rs
is smallest sum of ones that equals 0.
2
If no sum of ones is zero, the field is said to have characteristic 0.
EE 387 Notes #4, Page 3

Field integers
In any field, the additive subgroup generated by 1 is called the field integers.
In a finite field F of characteristic p, the field integers are
{ 0, 1, 1 + 1, 1 + 1 + 1, . . . , 1| + ·{z
· · + 1} }
p−1

Arithmetic is the same as the integer arithmetic modulo p, since any sum of a
multiple of p ones is 0. The field integers are also closed under division, since every
nonzero field integer has a reciprocal modulo p.
Therefore the field integers are a subfield of F . They form the smallest subfield
because every field must contain 1 and all of its sums and products.
Every field F is a vector space over the subfield GF(p) of its field integers.
Thus if m is the dimension of F over GF(p), then F has pm elements.
Theorem: A finite field of characteristic p has pm elements.

A field of characteristic zero is infinite. Its field integers behave like normal integers, and rational numbers — ratios of
field integers — are the smallest subfield.

EE 387 Notes #4, Page 4


Finite field arithmetic
Let F be a finite field of characteristic p. Then F is a vector space over GF(p).
Elements of F have coordinate representations as m-tuples over GF(p). Choose an
arbitrary basis.
Addition is easy. If a = (a0, . . . , am−1) and b = (b0, . . . , bm−1) then the sum
a + b = (a0 + b0, . . . , am−1 + bm−1) .
just adds components in GF(p). Multiplication is harder. For example,
(1, 0, . . . , 0) · (1, 0, . . . , 0) = (m00 00 00
0 , m1 , . . . , mm−1 )

where m00
i is the i-th coordinate of product of first unit vector with itself.

A complete description of multiplication might require m3 scalar components, mjk


i ,
jk
where mi is the i-th cooordinate of the product of unit vectors ej and ek .
A good basis for F over GF(p) greatly simplifies multiplication:
basis = {1, α, . . . , αm−1} ⇒ αi · αj = αi+j (0 ≤ i, j ≤ m − 1)
The first 2m − 1 powers 1, α, α2, . . . , α2m−2 determine multiplication in F .
EE 387 Notes #4, Page 5

Finite field: GF(4)


Let GF(4) = {0, 1, β, δ}, where 0, 1 are additive and multiplicative identities.
The field axioms allow only these operation tables:
+ 0 1 β δ × 0 1 β δ
0 0 1 β δ 0 0 0 0 0
1 1 0 δ β 1 0 1 β δ
β β δ 0 1 β 0 β δ 1
δ δ β 1 0 δ 0 δ 1 β
Every nonzero element in the additive group has order 2, i.e., is its own inverse.
The multiplicative group of size 3 must be cyclic because 3 is prime.
Both β and δ are generators.
Note: β and δ are indistinguishable; exchanging these two elements yields exactly
the same operation tables.
It is not obvious that the distributive law is satisfied by these operations.
To understand operation tables, we need a different interpretation.

EE 387 Notes #4, Page 6


GF(4) (continued)
A better way to define GF(4): the (binary) polynomials over GF(2) modulo some
prime polynomial over GF(2) of degree 2.
The only prime polynomial of degree 2 over GF(2) is x2 + x + 1.
x2 = x · x , x2 + x = x(x + 1) , x2 + 1 = (x + 1)2
Therefore GF(4) = {0, 1, x, x+1} with arithmetic modulo x2 + x + 1.
Operation tables for GF(4) using this polynomial representation:
+ 0 1 x x+1 × 0 1 x x+1
0 0 1 x x+1 0 0 0 0 0
1 1 0 x+1 x 1 0 1 x x+1
x x x+1 0 1 x 0 x x+1 1
x+1 x+1 x 1 0 x+1 0 x+1 1 x

Substituting x → β, x + 1 → δ, we obtain the operation tables of last page.

EE 387 Notes #4, Page 7

GF(4) (continued)
Arithmetic modulo x2 + x + 1 is equivalent to replacing all occurrences
of x2 + x + 1 by 0. In particular, over GF(2)
x2 + x + 1 = 0 ⇔ x2 = x + 1 .
Thus x2 and all higher powers of x modulo x2 + x + 1 can be replaced by a
polynomial of degree ≤ 1. Every nonzero element of GF(4) is a power of x :
GF(4) = {0, 1, x, x2 = x + 1} .
In other words, x is a primitive element.
Definition: A primitive element of a finite field is any α that is a generator of the
mulitiplicative group of the field.
It is easier to understand GF(4) if we replace the indeterminant x by α. Then
every element in GF(4) is a linear combination of the basis vectors, 1 and α:
GF(4) = {0, 1, α, α + 1} .
Therefore multiplication in GF(4) is determined by the products of 1 and α.

EE 387 Notes #4, Page 8


GF(4) (concluded)
Products of the basis vectors define multiplication (a bilinear function):
× 0 1 α α+1
× 1 α 0 0 0 0 0
1 1 α ⇒ 1 0 1 α α+1
α α α+1 α 0 α α+1 1
α+1 0 α+1 1 α
Binary polynomials in α of degree < 2 (i.e., ≤ 1) can be represented by bit vectors
(lsb first):
a0 + a1α = (a0, a1)
Multiplication table for GF(4) in binary (lsb first) and 4-ary:
× 00 10 01 11 × 0 1 2 3
00 00 00 00 00 0 0 0 0 0
10 00 10 01 11 ≡ 1 0 1 2 3
01 00 01 11 10 2 0 2 3 1
11 00 11 10 01 3 0 3 1 2
Note: in above tables, 2 ≡ β and 3 ≡ δ .
EE 387 Notes #4, Page 9

Finite field arithmetic: GF(8)


To define GF(8) we need a prime polynomial f (x) over GF(2) of degree 3.
• Constant coefficient f0 must be 1, otherwise f (x) is divisible by x.
• Parity of coefficients must be odd; otherwise x − 1 is a factor, since
(x − 1) | f (x) ⇔ f (1) = 0 ⇔ f0 ⊕ f1 ⊕ f2 ⊕ f3 = 0 .

Of the 8 monic polynomials of degree 3, two satisfy the above requirements:


x3 + x + 1 and x3 + x2 + 1
Both are prime because they have no factors of degree 1 (i.e., x or x + 1).
Either can be used to define arithmetic in GF(8). Arithmetic tables are slightly
simpler if we use x3 + x + 1.
When GF(8) = binary polynomials modulo x3 + x + 1, the key equation is
α3 + α + 1 = 0 ⇒ α3 = α + 1 ,
where the element α is the polynomial x.

EE 387 Notes #4, Page 10


Powers in GF(8)
Powers of α can be computed using the equation
α3 + α + 1 = 0 ⇒ α3 = α + 1
In table below, 3-bit representations of field elements have the lsb first.
i αi
0 100 1 1
1 010 2 α
2 001 4 α2
3 110 3 α3 = α + 1
4 011 6 α2 + α
5 111 7 α3 + α2 = α2 + α + 1
6 101 5 α3 + α2 + α = α2 + 1
7 100 1 α3 + α = 1
Every nonzero element of GF(8) is a power of α; i.e., α is a primitive element.
Every element of GF(8) is a binary linear combination of {1, α, α2}.

EE 387 Notes #4, Page 11

Basis for GF(8)


GF(8) can be represented as binary linear combinations of {1, α, α2}.
The set {1, α, α2} is linearly independent over GF(2) because any linear
dependence
f0 · 1 + f1 · α + f2 · α2 = 0
would correspondend to a quadratic polynomial f (x) over GF(2) such that
f (α) = 0. But the minimal polynomial of α is x3 + x + 1.
GF(8) consists of the 8 linear combinations of these basis vectors.
The multiplication table is determined by the products of the basis vectors:
αi · αj = αi+j (0 ≤ i, j ≤ 2) or αi (i = 0, . . . , 4)
Multiplication is associative and distributes over addition because it is derived from
polynomial multiplication modulo x3 + x + 1
Multiplication is invertible because the defining polynomial x3 + x + 1 is prime.
Reciprocals can be found from the table of powers of α, since α−i = α7−i.

EE 387 Notes #4, Page 12


GF(8) operation tables
Elements of GF(8) can be represented by octal digits 0, . . . , 7:
1 = 100 = 1, α = 010 = 2, α2 = 001 = 4, α3 = 110 = 3, . . . (lsb first)
Operation tables for GF(8):

+ 0 1 2 3 4 5 6 7 × 0 1 2 3 4 5 6 7
0 0 1 2 3 4 5 6 7 0 0 0 0 0 0 0 0 0
1 1 0 3 2 5 4 7 6 1 0 1 2 3 4 5 6 7
2 2 3 0 1 6 7 4 5 2 0 2 4 6 3 1 7 5
3 3 2 1 0 7 6 5 4 3 0 3 6 5 7 4 1 2
4 4 5 6 7 0 1 2 3 4 0 4 3 7 6 2 5 1
5 5 4 7 6 1 0 3 2 5 0 5 1 4 2 7 3 6
6 6 7 4 5 2 3 0 1 6 0 6 7 1 5 3 2 4
7 7 6 5 4 3 2 1 0 7 0 7 5 2 1 6 4 3

Multiplication is determined by 2 · 4 = 3 ⇔ α · α2 = α3 = α + 1.
Important: the symbols 0, 1, . . . , 7 for elements of GF(8) are just abbreviations for
the 3-bit vector representations. Elements of GF(8) do not behave like integers.

EE 387 Notes #4, Page 13

Finite field arithmetic: GF(9)


The smallest nonbinary field of dimension > 1 is GF(32) = GF(9).
GF(9) can be defined by any quadratic prime polynomial over GF(3).
There are three prime quadratic polynomials over GF(3):
x2 + 1 , x2 + x + 2 , x2 + 2x + 2
These are prime because 0, 1, 2 are not zeroes, hence no linear factors.
GF(9) could be defined using x2 + 1.
If α2 + 1 = 0 then α is a square root of −1, an “imaginary” element with
properties similar to i in the complex numbers.
But α is not primitive since α4 = (α2)2 = (−1)2 = 1 .
The other two polynomials are primitive polynomials. Their zeroes are primitive
elements, whose powers generate the nonzero elements of GF(9).

EE 387 Notes #4, Page 14


Powers in GF(9)
Let α be a zero of x2 + 2x + 2. Then
α2 + 2α + 2 = 0 ⇒ α2 = −2α − 2 ⇒ α2 = α + 1 .
(Same equation was used for GF(4), but here scalar arithmetic is modulo 3.)
Powers of α computed using defining equation:
i αi
0 10 1
1 01 α
2 11 α2 = α + 1
3 12 α2 + α = 2α + 1
4 20 2α2 + α = 3α + 2 = 2
5 02 2α
6 22 2α2 = 2α + 2
7 12 2α2 + 2α = 4α + 2 = α + 2
8 10 α2 + 2α = 3α + 1 = 1

As expected, α8 = 1. The (multiplicative) order of α is 8.


EE 387 Notes #4, Page 15

GF(9) multiplication and division


Product of elements a = a0 + a1α and b = b0 + b1α of GF(9):
(a0 + a1α)(b0 + b1α) = a0b0 + (a0b1 + a1b0)α + a1b1α2
= a0b0 + (a0b1 + a1b0)α + (α1b1α + a1b1)
= (a0b0 + a1b1) + (a0b1 + a1b0 + a1b1) α
(Same equations as GF(4), but multiplications and additions are modulo 3.)
(a0, a1) · (b0, b1) = (a0b0 + a1b1 , a0b1 + a1b0 + a1b1)

Exercise: find formula for reciprocal (a0 + a1α)−1 = (b0 + b1α).


Hint: one of several approaches is to solve
a0b0 + a1b1 = 1
a1b0 + (a0 + a1)b1 = 0
for the coefficients (b0, b1) of the reciprocal of (a0, a1).

EE 387 Notes #4, Page 16


Finite field arithmetic: GF(16)
There are three prime polynomials over GF(2) of degree 4:
x4 + x + 1 , x4 + x3 + 1 , x4 + x3 + x2 + x + 1
Simplest is x4 + x + 1. Let α satisfy α4 + α + 1 = 0 ⇒ α4 = α + 1
Powers of α can be used as columns of a systematic parity-check matrix.
 
1 0 0 0 1 0 0 1 1 0 1 0 1 1 1
0 1 0 0 1 1 0 1 0 1 1 1 1 0 0
H =  0

0 1 0 0 1 1 0 1 0 1 1 1 1 0
0 0 0 1 0 0 1 1 0 1 0 1 1 1 1

GF(16): Using α4 = α + 1, the components of y = a · b are:


y0 = a0b0 + a1b3 + a2b2 + a3b1
y1 = a0b1 + a1b0 + a1b3 + a2b2 + a3b1 + a2b3 + a3b2
y2 = a0b2 + a1b1 + a2b0 + a2b3 + a3b2 + a3b3
y3 = a0b3 + a1b2 + a2b1 + a3b0 + a3b3

EE 387 Notes #4, Page 17

Fundamental Theorem of Algebra


Lemma: Let f (x) be a polynomial over GF(q) ⊆ GF(Q). An element β of GF(Q)
is a zero of f (x) if and only if x − β is a divisor of f (x) over GF(Q).
Proof : By the division algorithm,
f (x) = q(x)(x − β) + r(x) , where deg r(x) < deg(x − β) = 1
Thus deg r(x) ≤ 0, so r(x) is a constant polynomial, r(x) = r0. Therefore
r0 = r(β) = f (β) − q(β)(β − β) = f (β) ,
hence f (x) is a multiple of x − β if and only if f (β) = 0.
Lemma: Every polynomial f (x) of degree n over a field has at most n zeroes.
Proof : Each zero of f (x) corresponds to a linear factor of f (x). Because
deg f (x) = n, there are at most n linear factors, hence at most n distinct zeroes.

Blahut (Theorem 4.3.9) calls this the Fundamental Theorem of Algebra. Gauss’s FTA: every polynomial equation with
complex coefficients and degree ≥ 1 has at least one complex root.

EE 387 Notes #4, Page 18


Examples of factors and zeroes
Example: Polynomials of degree 2 over GF(2):
x2 = x · x , x2 + 1 = (x + 1)(x + 1) , x2 + x = x(x + 1) , x2 + x + 1
The only prime polynomial over GF(2) of degree 2 has zeroes in GF(4) = {0, 1, β, δ}.
(x + β)(x + δ) = x2 + (β + δ)x + βδ = x2 + x + 1 .

Whether a polynomial is prime depends on what coefficients are allowed in factors.


Example: GF(24) can be represented as polynomials in α of degree < 4, where α
is a zero of the prime (over GF(2)) polynomial x4 + x + 1.
Therefore x + α is a factor of x4 + x + 1 over GF(24).
Another zero is a2:

x4 + x + 1 α2 = (α2)4 + α2 + 1 = (α4 + α + 1)2 = 02 = 0 .
Similarly, α4 = (α2)2 and α8 = (α4)2 are zeroes. Over GF(16) we can factor
x4 + x + 1 = (x + α)(x + α2)(x + α4)(x + α8) .

EE 387 Notes #4, Page 19

GF(Q) consists of zeroes of xQ − x


The order of the multiplicative group of GF(Q) is Q − 1.
Let e be the order of β of GF(Q). By Lagrange’s theorem, e | (Q − 1), so
β Q−1 = β e·(Q−1)/e = (β e)(Q−1)/e = 1(Q−1)/e = 1 .
This shows that every nonzero element of GF(Q) is a zero of xQ−1 − 1.
The special case of 0 requires one more factor, x − 0, which yields
x(xQ−1 − 1) = xQ − x .
This polynomial has at most Q zeroes. Therefore GF(Q) = zeroes of xQ − x.
Similarly, for any subfield, GF(q) = zeroes of xq − x. We obtain factorizations
over GF(Q).
Y Y
xQ − x = (x − β) , xq − x = (x − β)
β∈GF(Q) β∈GF(q)

xQ − x = x(xQ−1 − 1) = x(xq−1 − 1)(xQ−1−(q−1) + · · · + xq−1 + 1)

The last equation holds because (q − 1) | (Q − 1).


EE 387 Notes #4, Page 20
Primitive elements
Fact: The multiplicative group of the finite field GF(q) is cyclic of order q − 1.
The proof uses a lemma about groups: if for every divisor d of the order of a group
there are at most d elements of order dividing d, then the group is cyclic.
Definition: A primitive element of GF(q) is a generator of the multiplicative group.

• Let α be a primitive element of GF(q). All primitive elements are αi where


gcd(i, q − 1) = 1.
◦ 1 = ai + b(q − 1) ⇒ α = αai+b(q−1) = αai = (αi)a.
◦ Conversely, if gcd(i, q − 1) = d > 1 then the order of αi is (q − 1)/d < q − 1 .
• If q − 1 is prime then there are q − 2 primitive elements. (This is possible only
for q = 3 and for q = 2m with m odd.)
• GF(4), GF(8), GF(16), GF(32) have respectively 2, 6, 8, 30 primitive elements
• In general, GF(q) has φ(q − 1) primitive elements.

EE 387 Notes #4, Page 21

Euler phi function: review


The Euler phi function φ(n) is the number of integers between 0 and n that are
relatively prime to n.
We can find a formula for φ(n) in terms of its factorization n = pe11 pe22 · · · pet t :
• if p is prime then φ(p) = p − 1 (1, 2, . . . , p − 1 are coprime to p)
• if p is prime then φ(pe) = pe − pe−1 (only multiples of p are not coprime).
• φ(n) is a multiplicative function; i.e., if gcd(r, s) = 1 then φ(rs) = φ(r)φ(s).
Combining these facts, we obtain the final formula:



 p−1 if n = p is a prime

  1

 e−1
(p−1)p = 1− pe if n = pe is power of prime
φ(n) = p

 Y t

 e1 e2 et
φ(p1 p2 . . . pt ) =

 (pi −1)pei i−1 in general
i=1

EE 387 Notes #4, Page 22


Minimal polynomials (1)
Let β ∈ GF(Q) and GF(q) ⊆ GF(Q).
Definition: The minimal polynomial over GF(q) of β is the monic polynomial f (x)
over GF(q) of smallest degree such that f (β) = 0.
Example: GF(4) = {0, 1, β, δ}. Minimal polynomials over GF(2):
0 → x, 1 → x + 1, β, δ → x2 + x + 1

Theorem: Suppose GF(q) ⊆ GF(Q) where Q = q m.


1. Every β in GF(Q) has a minimal polynomial over GF(q) of degree ≤ m.
2. The minimal polynomial is unique.
3. The minimal polynomial is prime over GF(q) .
4. If g(x) is any polynomial over GF(q) such that g(β) = 0 then f (x) | g(x).

Every β in GF(Q) is a zero of xQ − x, whose coefficients (1, 0, −1) belong to GF(q).


So the minimal polynomial exists and has degree ≤ Q.
EE 387 Notes #4, Page 23

Minimal polynomials (2)


Proof :
1. GF(Q) is a vector space over GF(q) of dimension m.
Therefore any set of m + 1 elements is linearly dependent over GF(q).
In particular, consider the first m + 1 powers of β: {1, β, β 2, . . . , β m}.
There exist m + 1 scalars f0, f1, . . . , fm in GF(q), not all 0, such that
f0 · 1 + f1 · β + · · · + fm · β m = 0 = f (β) .
In other words, β is a zero of
f (x) = f0 + f1x + · · · + fmxm ,
a nonzero polynomial over GF(q) of degree ≤ m.
Therefore the minimal polynomial of β has degree ≤ m.

EE 387 Notes #4, Page 24


Minimal polynomials (3)
2. If f1(x) and f2(x) are distinct minimal polynomials of the same degree, then
f (x) = f1(x) − f2(x)
would be a nonzero polynomial of smaller degree. Since f (β) = 0, we would
have a contradiction.
3. If f (x) = f1(x)f2(x) has proper divisors, then
f (β) = f1(β)f2(β) = 0 ⇒ f1(β) = 0 or f2(β) = 0 ,
contradicting the minimality of f (x).
4. By the division algorithm,
g(x) = q(x)f (x) + r(x) , where deg r(x) < deg f (x) .
If g(β) = 0 then
r(β) = g(β) − q(β)f (β) = 0 .
If r(x) 6= 0 then f (x) is not minimal. Thus r(x) = 0 ⇒ f (x) | g(x).

Part 4 means that minimal polynomials are minimal in a stronger sense than smallest degree.
Note that part 2 follows from part 4.
EE 387 Notes #4, Page 25

Primitive elements and polynomials


Let α be a primitive element of GF(Q), and let GF(q) be a subfield of GF(Q).
Let f (x) be the minimal polynomial over GF(q) of α, and let m = deg f (x).
• Every nonzero element of GF(Q) is a power of α:
GF(Q) = {1, α, α2, . . . , αQ−2}
• Every element of GF(Q) is a polynomial in α of degree ≤ m − 1:
β = b0 + b1α + b2α2 + · · · + bm−1αm−1
• Multiplication of a polynomial in α by α uses the equation f (α) = 0:
α(b0 + b1α + · · · + bm−1 αm−1) =
b0α + b1α2 + · · · + bm−2αm−1 − bm−1(f0 + · · · + fm−1 αm−1)
• A primitive polynomial is the minimal polynomial of a primitive element.
• An equivalent definition: f (x) over GF(q) of degree m is primitive if the order
of f (x) is q m − 1; i.e., the smallest n such that xn = 1 mod f (x) is n = q m − 1.

EE 387 Notes #4, Page 26


Conjugates
Definition: The conjugates over GF(q) of β are the zeroes of the minimal
polynomial over GF(q) of β (including β itself).
Example: GF(4) = {0, 1, β, δ}. Then β and δ = β + 1 are conjugates since
(x + β)(x + δ) = x2 + (β + δ)x + βδ = x2 + x + 1 .

Example: GF(8) = {0, 1, α, α+1, α2, . . . , 1+α+α2}, where α3 = α + 1.


The minimal polynomial of α is f (x) = x3 + x + 1. Another zero of f (x) is α2:
f (α2) = (α2)3 + α2 + 1 = (α3 + α + 1)2 = 0
So α2 and α4 = α + α2 are conjugates of α, which gives the factorization:
2 3 2 3 2 3
0 0 0
3 2 4
x + x + 1 = (x + α)(x + α )(x + α ) = (x + 1 )(x + 0 )(x + 1 5)
4 5 4 5 4
0 1 1

(The 3-tuple representations of αi have lsb in the first row.)

Conjugates are algebraically indistinguishable. E.g., the complex number +i has coordinates (0, 1) only by convention.
EE 387 Notes #4, Page 27

Binomial coefficients and prime numbers


“p”
Lemma: If p is prime and 0 < k < p then p is a divisor of .
  k
p p(p−1)(p−2) · · · (p−k+1) (p−1)(p−2) · · · (p−k+1)
Proof : = =p·
k k! k!
Denominator k! divides p · ((p−1) · · · (p−k+1)) and is relatively prime to p.
“p”
Therefore k! divides ((p−1) · · · (p−k+1)). Therefore is a multiple of p.
k
Lemma: In GF(pm), (a + b)p = ap + bp.
Proof : By the binomial theorem,
p−1  
X p
(a + b)p = ap + ap−k bk + bp = ap + bp ,
k
k=1
“p”
since is multiple of p for 0 < k < p, and in GF(pm) multiples of p are 0.
k
Corollary: In GF(2m) , (a + b)2 = a2 + b2. In other words, squaring is linear.
m m m
Corollary: In GF(q) with q = pm then (a + b)q = (a + b)p = ap + bp = aq + bq .

EE 387 Notes #4, Page 28


Conjugates of β (1)

Theorem: The conjugates of β over GF(q) are


2 r−1
β, β q , β q , . . . , β q
r
where r is the least positive integer such that β q = β.
m
Note: β q = β Q = β, so r ≤ m. In fact, we will see that r | m.
i
Proof : First we show that β q are conjugates. For any f (x) over GF(q)
f (β)q = (f0 + f1β + f2β 2 + · · · )q
= f0q + f1q β q + f2q β 2q + · · · = f0 + f1β q + f2β 2q + · · · = f (β q ) ,
since fiq = fi for coefficients in GF(q). Let f (x) be the minimal polynomial of β,
f (β q ) = f (β)q = 0q = 0 .
Therefore β q is a zero of the minimal polynomial and so is a conjugate of β.

EE 387 Notes #4, Page 29

Conjugates of β (2)
i
Next we show that all conjugates of β are in {β q }. Consider the product
2 r−1
f (x) = (x − β)(x − β q )(x − β q ) · · · (x − β q )
i
of linear factors for all the distinct conjugates of β of the form β q :
2 r
f (x)q = (xq − β q )(xq − β q ) · · · (xq − β q )
2
= (xq − β q )(xq − β q ) · · · (xq − β) = f (xq )
r
since β q = β. Therefore
r r
f0q + f1q xq + · · · + frq xq = f0 + f1xq + · · · + fr xq
Since fiq = fi, all the coefficients of f (x) are in GF(q).
Obviously, β is a zero of f (x). Any other polynomial over GF(q) that has β as
zero must have the same r linear factors. Therefore f (x) is a divisor of every such
polynomial, hence f (x) is minimal.

EE 387 Notes #4, Page 30


Conjugates: summary
The conjugates of β are the zeroes of the minimal polynomial of β.
2 r−1
The conjugates of β over GF(q) are β, β q , β q , . . . , β q .
The minimal polynomial of β is prime over GF(q) but factors over any
field GF(Q) that contains β (and hence its conjugates):
2 r−1
f (x) = (x − β)(x − β q )(x − β q ) · · · (x − β q )

If β ∈ GF(q m) then β has at most m conjugates (including itself).


If β has r conjugates, then the linear subspace of GF(q m) spanned by
{1, β, β 2, . . . , β r−1}
is a field with q r elements. Reciprocals exist because f (x) is prime.
If r < m then β belongs to GF(q r ) , a proper subfield of GF(q m) .
Since GF(q m) is a vector space over GF(q r ) , we conclude that r | m .

EE 387 Notes #4, Page 31

Das könnte Ihnen auch gefallen