1. Information and Coding Theory
Finite fields.
Juris Viksna, 2017

2. Groups

3. Fields

4. How to construct finite fields?
Zn (integers modulo n ) is a group with respect to “+”
Is Zn also a field?
We need:
- identity element with respect to “” - OK
- inverse elements with respect to “”. Do they exist?

5. GCD and Euclid’s algorithm
gcd(a,b) - the greatest common divisor of integers
a and b
Euclid(a, b)
if b = 0 then return a
else return Euclid(b, a mod b)

6. Extended Euclid’s algorithm
d = gcd(a,b) - the greatest common divisor of integers
a and b
There exist integers x and y such that d = ax + by
ExtendedEuclid(a, b)
if b = 0 then return (a,1,0)
(d’,x’,y’)  ExtendedEuclid(b, a mod b)
(d,x,y)  (d’,y’,x’ – a/b y’)
return (d,x,y)

7. Extended Euclid’s algorithm - Example
ExtendedEuclid(a, b)
if b = 0 then return (a,1,0)
(d’,x’,y’)  ExtendedEuclid(b, a mod b)
(d,x,y)  (d’,y’,x’ – a/b y’)
return (d,x,y)
[Adapted from T.Cormen, C.Leiserson, R. Rivest]

8. Modular operations Multiplication:
For given a and b find x such that ab mod n = x
Division:
For given a and b find x such that bx mod n = a
Not always such x exists - we should have gcd(b,n) | a
Extended Euclid's algorithm:
finds x and y such that gcd(s,t) = su + tv
Take b = s and t = n and set x = ua/gcd(b,n)

9. How to construct finite fields?
Zn (integers modulo n )is a group with respect to “+”
Is Zn also a field?
We need:
- identity element with respect to “” - OK
inverse elements with respect to “”. Do they exist?
Thus Zn is a field if and only if n is a prime.
Could we have different (and/or non-isomorphic) fields with n elements?

10. Finite fields GF(p) Every field contains element “1”
1+ will be isomorphic with Zp for some p (obvious with respect to addition, multiplication can be interpreted as addition of squares of “1”)
Thus all fields with p elements are isomorphic.

11. Our attempt to correct multiple errors
Assume we have errors in positions i and j, we want to recover
these positions from
[i]+[j] and f([i])+f([j]).
Basically we would like something like fields whose elements
resemble vectors... could we try polynomials?
[Adapted from V.Pless]

12. “Arithmetic” of polynomials
Addition, subtraction and multiplication is obvious. However, also
a division is possible.
[Adapted from V.Pless]

13. Polynomials - definition

14. Polynomials - divisibility

15. Extensions of Euclid's algorithm
The Euclidean algorithm can be applied to some rings, not just
the integers. The most general context in which the algorithm
terminates with the greatest common divisor is in a Euclidean
domain. For instance, the Gaussian integers and polynomial rings
over a field are both Euclidean domains.
As an example, consider the ring of polynomials with rational
coefficients. In this ring, division with remainder is carried out
using long division, also known as synthetic division. The
resulting polynomials are then made monic by factoring out
the leading coefficient.

16. Euclid's algorithm for polynomials - example
[Adapted from

17. Polynomials - divisibility
Proposition 1
p(x),g(x) - non-zero polynomials over F. Then there exist polynomials
a(x) and b(x), such that p(x) = a(x)g(x)+b(x) and
deg(b(x)) < deg(g(x)).
Proof
Generally follows from polynomial division algorithm - the algorithm terminates iff degree of reminder b(x) becomes less that degree of g(x).

18. Polynomials - divisibility
Proposition 2
Each monic polynomial over F can be uniquely expressed as
product of monic irreducible polynomials f1(x),..., fk(x).
Proof
If we assume that there are two alternative expressions,
then for some polynomial q(x) we will have:
q(x) = f1(x),..., fm(x) and q(x) = g1(x),..., gn(x),
and, in addition, for all i and j we will have fi(x) ≠ gj(x).
This implies the existence of p(x), s(x) and t(x), such that p(x) is irreducible and divides s(x)t(x), but doesn't divide either s(x) or t(x).
Consider polynomial r(x)=gcd(p(x),s(x))t(x).

19. Polynomials - divisibility
Proposition 2
Each monic polynomial over F can be uniquely expressed as
product of monic irreducible polynomials f1(x),..., fk(x).
Proof
This implies the existence of p(x), s(x) and t(x), such that p(x) divides s(x)t(x) and, but doesn't divide either s(x) or t(x).
Consider polynomial r(x)=gcd(p(x),s(x))t(x).
Is r(x) divisible by p(x)?
Since gcd(p(x),s(x))=1 and p(x) doesn't divide t(x), the answer is no.
But we also have r(x) = gcd(p(x)t(x),s(x)t(x)), implying that p(x) does
divide r(x).
This contradicts the existence of p(x), s(x) and t(x).

20. Polynomials - roots

21. Chinese reminder theorem
Proposition 3 (Chinese reminder theorem)
p(x),g(x) - non-zero polynomials over F. Then there exist polynomials
a(x) and b(x), such that gcd(p(x),g(x)) = a(x)p(x)+b(x)g(x).
Proof
Follows from the fact that extended Eucild's algorithm terminates, producing the required polynomials a(x) and b(x).

22. Polynomials - roots Proposition 4
f(x) - polynomial over F. Then aF is a root of f(x) if and only if
f(x) = (x–a) g(x).
Proof
Clearly, if f(x) = (x–a) g(x) then f(a) = 0.
For any a we have f(x) = (x–a)b(x) + r(x) (by Proposition 2), where
deg(r(x)) < 1. Hence r(x) is a constant and should be 0, since r(a) = 0.
Corollary 1
f(x) - a polynomial over F with deg(f(x)) = n. Then f(x) has no more than n root in field F.
Obvious (otherwise we obtain deg(f(x)) > n).

23. Attempt to use polynomials to construct a field
Lets try to represent vectors with polynomials. For addition and multiplication to be defined we need to take values mod some polynomial p(x). To have also multiplicative inverses it could be a
good idea to require that p(x) is irreducible.
We can try to consider p(x)=x4+x3+1 (with coefficients from Z2)
[Adapted from V.Pless]

24. Attempt to use polynomials to construct a field
Assume “there” is an element  that is a root of p(x)=x4+x3+1
[Adapted from V.Pless]

25. Finite fields - where do we stand now?
Zp is a field if and only if p is prime and all fields with p elements are
isomorphic.
We can construct a field with pm elements, if there exist an irreducible
polynomial over GF(p).
do such polynomials always exist?
are all fields with pm elements isomorphic?
are there other finite fields?
In GF(16) we just constructed an element  with order 161 (degrees of  cover all non-zero elements). We could call it “primitive” element of a field.
- do primitive elements always exist (even for GF(p))?

26. Freshmen rule Freshmen rule
F - field with characteristic p > 0. Then for all a,bF and mN we have (a+b)pm= apm + bpm.
Proof
First, assume this is the case for m=1. Then (a+b)pm= apm + bpm will hold by induction, since
(a+b)pm= ((a+b)pm–1)p= (apm–1 + bpm–1)p = apm + bpm.
For m=1 expand (a+b)p. All factors will be divisible by p (and hence,
equal to 0) except ap and bp (we use the fact that if p is field characteristic, then adding any element p times with itself the result
is 0).

27. Our attempt to correct multiple errors
Assume we have errors in positions i and j, we want to recover
these positions from
[i]+[j] and f([i])+f([j]).
Suppose matrix elements now are from GF(16) we just constructed.
Do we have a good choice for f?
[Adapted from V.Pless]

28. Our attempt to correct multiple errors
Assume we have errors in positions i and j, we want to recover
these positions from
[i]+[j] and f([i])+f([j]).
Lets try:
f(i) = [i]? Obviously won’t do...
f(i) = [i]2? [i]2 + [i]2 = ([i]+[j])2 = [i]+[j].
f(i) = [i]3?

29. Our attempt to correct multiple errors
Assume we have errors in positions i and j, we want to recover
these positions from
[i]+[j] and f([i])+f([j]).
f(i) = [i]3? We have: y1 = [i]+[j], y2 = [i]3 + [i]3
[i]3 + [i]3 = ([i]+[j])([i] 2+[i][j]+[j] 2)
From here:
y2 /y1 = [i] 2+[i][j]+[j] 2 = y12 + [i][j]
and [i]+[j] = y1, [i][j]= (y2 /y1 )  y12
We can express parity check matrix as:

30. Our attempt to correct multiple errors
Parity check matrix in binary form:
This is a specific instance of BCH code.
[Adapted from V.Pless]

31. Decoding procedure
[Adapted from V.Pless]

32. Finding square roots?
Unfortunately we have some problems if field characteristic is 2 :(

33. Finding square roots?

34. Solutions to x2+x+c=0
[Adapted from V.Pless]

35. Solutions to x2+x+c=0 x x2 x2+x c 0000 0000 0000 0000

36. Fields - primitive elements
Basic idea - consider element  with highest possible multiplicative order r. Assume r < q1. Then there exists , which is not a degree of 
and has degree s r.
Then degree of  is lcm(r,s)=r. Thus every field element is a root of
xr  1, i.e. we should have r = q  1.

37. Existence of primitive elements
Theorem 4
Every finite field has a primitive element.
[Adapted from K.Brown]

38. Existence of primitive elements
Theorem 4
Every finite field has a primitive element.
We have q1 =1 for a primitive element . So we should have q1 =1 for any  = k.
Note that this gives us Little Fermat’s Theorem for GF(p)!
[Adapted from K.Brown]

39. Divisibility of xq11 Theorem 5
If F is a field with q elements {0, a1, ..., aq–1} then all non-zero elements of F are roots of polynomial xq11 , i.e. xq11 = (xa1)...(xaq–1).
Proof
It is sufficient to show that aiq11 = 0 for all ai.
Every field has a primitive element a, thus, if ai = a then we have aiq11 = 0 by definition of primitive element.
Otherwise ai = ak for some k. Then aiq11 = ak(q1)1 = 1k1 = 0.

40. Fields as vector spaces
Proposition
GF(pr) can regarded as r dimensional vector space over GF(p).
Let  be a primitive element and let m be the smallest number such that
m is a linear combination of 1,,2,...,m1. Then all field elements
can be expressed as linear combinations (with coefficients from GF(p)!)
of 1,,2,...,m1.
m = a11+a2+a32+...+am m1.
m+1 = (m) = a1 +a2 2 +a32+...+am1 m1+ am(a11+a2+a32+...+am m1).
In the same fashion we can express m+2, m+3 etc.
The number of such combinations is pm, thus we have r = m.

41. Uniqueness of fields with pr elements
Proposition
All fields with pr elements are isomorphic (thus notation GF(pr) is well
defined).
We know that all fields with p elements are isomorphic.
Consider two fields F1 and F2 with pr elements. Let  a primitive element of F1. There is an irreducible factor of p(x) of xpr  1, such that  is a root of p(x). Let  a primitive element of F2. Then for some k we have that k is a root of p(x).
We can define isomorphism by mapping  i   ki.
Obviously  i+j= i  j   ki  kj =  k(i+j) .
Do we have also  s= i + j   ki + kj =  ks?
It turns out to be the case, since computation of both  s and  ks is based
on reduction of polynomial degrees mod the same polynomial p(x).

42. Hierarchy of finite fields - example
GF(21)
GF(224)
GF(23)
GF(22)
GF(24)
GF(26)
GF(28)
GF(212)

43. Fields - minimal and primitive polynomials
Assuming F=GF(p) and G=GF(pr):
3. the degree of minimal polynomial is r;
4. if a is primitive, the degree of m(a) is r.

44. Minimal polynomials Theorem 6 F - a field F < G, aG. Then:
there exists a minimal polynomial m(x) for a and it is unique.
if g(x) is a polynomial over F and g(a) = 0 then m(x) | g(x).
Proof
The existence of a monic polynomial having a root a is obvious - lets take the irreducible polynomial defining G. If it wasn't unique, we will have two different monic polynomials having a as root and by subtraction obtain a polynomial with smaller degree and root a, contradicting minimality.
g(x) = a(x)m(x) + r(x) with deg r(x) < deg m(x). Since r(a) = 0
we have to conclude that deg r(x) = 0., i.e. m(x) | g(x).

45. Minimal polynomials Theorem 6
F - a field F < G, aG. p(x) - minimal polynomial of a. Assuming F=GF(p) and G=GF(pr):
Proof
3&4. Vectors 1,a,a2,...,ar must be linearly dependent, since G is a r-dimensional vector space, thus they satisfy equation of degree less than r. Thus, there is a polynomial of degree r having a as root. If a is primitive, 1,a,a2,...,ar1 is a basis of G, so we should have deg(p)=r.

46. Reciprocal polynomials
[Adapted from W.Cherowitzo]

47. Reciprocal polynomials
[Adapted from W.Cherowitzo]

48. Useful lemma Lemma xm1 divides xn1 if and only if m divides n.
xn1 = (xm1)(xnm + xn2m xnkm)+(xnkm1),
where k is the largest multiple of m with km  n.
Thus xm1 divides xn1 if and only if km = n.

49. Cyclotomic cosets
[Adapted from V.Pless]

50. Cyclotomic cosets
[Adapted from V.Pless]

51. Cyclotomic cosets and factoring
[Adapted from B.Cherowitzo]

52. Cyclotomic cosets
Cyclotomic cosets for GF(64).
[Adapted from V.Pless]

53. Some factors of xn-1