ECEN 5682 Theory and Practice of Error Control Codes Introduction - - PowerPoint PPT Presentation

Introduction to Finite Fields

ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Peter Mathys

University of Colorado

Spring 2007

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Integer Rings

The set of integers, denoted by Z, forms a ring under usual addition and multiplication. This ring is called integer ring. Definition: The integer n is divisible by the integer d, denoted by d | n (i.e., d divides n) if a · d = n for some integer a. Example: 3 | 9 but 2 | 9. Definition: A positive integer p, p > 1, is called a prime if it is divisible only by ±p and ±1. Any integer greater than 1 which is not a prime is called a composite. Definition: The greatest common divisor of two integers n1 and n2, denoted gcd(n1, n2), is the largest positive integer that divides both n1 and n2.

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Definition: If gcd(n1, n2) = 1, then n1 and n2 are said to be relatively prime. Theorem: Division Algorithm. Given a pair of integers, c and d = 0, there is a unique pair of integers q and r, called quotient and remainder, such that c = q · d + r , 0 ≤ r < |d| . Proof: Assume that there are two solutions, i.e., c = q1 · d + r1 = q2 · d + r2, with 0 ≤ r1 < |d| and 0 ≤ r2 < |d|. Then (q1 − q2) · d = r2 − r1 and −|d| < r2 − r1 < |d|. But this implies that r2 − r1 = 0 and q1 − q2 = 0, which means that q and r are unique. QED Example: Let c = 26, d = 7. Then 26 = 3 × 7 + 5, i.e., q = 3 and r = 5.

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Definition: The notation r = Rd(c) , is used to denote the remainder of c when divided by d. Note: Another notation that is often used in connection with remainders is r ≡ c (mod d) . This means that “r is congruent to c modulo d”. Note, however, that 0 ≤ r < |d| is not guaranteed in this case since, for example, 9 ≡ 16 (mod 7). Theorem: Computations with remainders satisfy (i) Rd(a + b) = Rd

• Rd(a) + Rd(b)
• ,

(ii) Rd(a · b) = Rd

• Rd(a) · Rd(b)
• .

Proof: Left as an exercise.

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Finite Fields from Integer Rings

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Polynomial Rings

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Finite Fields from Polynomial Rings

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

The Structure of Finite Fields

Any prime polynomial p(x) over GF(q) with deg p(x) = m can be used to construct GF(qm) by using polynomial addition and multiplication modulo p(x). However, it is much easier to use a primitive element α, defined as one of the roots of a primitive polynomial of degree m, to construct all non-zero elements of GF(qm) by repeated multiplication as α, α2, α3, . . .. But before using this construction method in general, one must show that the multiplicative subgroup of GF(qm) is cyclic and that at least one primitive polynomial over GF(q) of degree m always exists if q is a prime or a prime power. In what follows, the order of an element always refers to the multiplicative order, unless otherwise stated. Theorem: If ord(β) = c, then βs = 1 iff c | s (or, equivalently, iff s is an integer multiple of c).

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Proof: If c | s then s = a c and thus βs = βa c = (βc)a = 1. This proves the ‘if’ part. Now suppose c | s. Then s can be written as s = q c + r, 0 ≤ r < c, and 1 = βs = βq c βr = (βc)q βr. This contradicts ord(β) = c unless r = 0, which implies that c | s. QED Theorem: Let β be an element of GF(q) and assume ord(β) = c. Then ord(βi) = c/ gcd(c, i). Proof: Suppose that ord(βi) = h. Clearly, (βi)c/ gcd(c,i) = βi c/ gcd(c,i) = (βc)i/ gcd(c,i) = 1i/ gcd(c,i) = 1 , which implies that h | (c/ gcd(c, i)) by the previous theorem. Similarly, βi h = 1, which means that c | (i h). Since h gcd(c, i) = a c h + b i h for some integers a, b, it follows that c | (h gcd(c, i)) and thus (c/ gcd(c, i) | h. Together with h | (c/ gcd(c, i)) this establishes ord(βi) = h = c/ gcd(c, i). QED

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Example: Let α = 2 ∈ GF (11). Then α1 = 2, α2 = 4, α3 = 8, α4 = 5, α5 = 10, α6 = 9, α7 = 7, α8 = 3, α9 = 6, α10 = 1, and thus ord(2) = 10, i.e., α = 2 is a primitive element in GF (11). Note that the powers of the primitive element α generate all the nonzero elements of GF (11). The possible orders of these elements are the divisors of q − 1 = 10, i.e., 1, 2, 5, 10. For example, since gcd(6, 10) = 2, α6 = 9 has order 10/2 = 5, which is easily verified as follows 91 = 9 , 92 = 4 , 93 = 3 , 94 = 5 , 95 = 1 . But, since 9 and 10 are relatively prime, α9 = 6 has order 10 and is therefore a primitive element in GF(11).

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Definition: Euler’s Totient Function φ(n), for integers n ≥ 1, is the number of integers in {0, 1, 2, . . . , n − 1} that are relatively prime to n. By definition, φ(1) = 1. Euler’s totient function can be computed as follows. Assume that n = pe1

1 pe2 2 · · · pem m is the factorization of n into distinct prime

• powers. Then

φ(n) = |{0 ≤ k < n| gcd(k, n) = 1}| = n

m

• i=1

(1 − 1 pi ) =

m

• i=1

pei−1

i

(pi − 1) . Note that if gcd(n1, n2) = 1, then φ(n1 n2) = φ(n1) φ(n2), and thus φ(n) = φ(pe1

1 ) φ(pe2 2 ) · · · φ(pem m ) ,

where φ(pei

i ) = pei−1 i

(pi − 1). Note that this also implies that φ(n) ≥ 1.

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Theorem: Suppose β ∈ GF(q) has order n. Then xn − 1 = (x − β0) (x − β1) · · · (x − βn−1) . Proof: Clearly, (βi)n = (βn)i = 1i = 1 for any integer i ≥ 0, and thus βi is a root of xn − 1. Since β0, β1, . . . , βn−1 are all distinct and xn − 1 has degree n, these are all the roots that xn − 1 can have. QED Theorem: If n | (q − 1), then there are φ(n) elements of order n in GF(q). Proof: Suppose β ∈ GF(q) has order n. According to the previous theorem, the set {β0, β1, . . . , βn−1} is the set of solutions of the equation xn − 1 = 0. But βi has order n iff gcd(i, n) = 1. Thus, by the definition of Euler’s totient function, the set of solutions to xn − 1 = 0 contains exactly φ(n) elements of order n. QED

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Corollary: In every finite field GF(q) there are exactly φ(q − 1) primitive elements. Proof: Follows immediately from the above theorem. Corollary: The group of nonzero elements of GF(q) under multiplication is a cyclic group. Proof: Follows from the above corollary and the fact that φ(n) ≥ 1 for any positive integer n.

Example: Let α ∈ GF(24) be a primitive element of GF (24). The divisors of q − 1 = 15 are c = 1, 3, 5, 15 and thus: Order c φ(c) GF(24) Elements of order c 1 1 α0 3 2 α5, α10 5 4 α3, α6, α9, α12 15 8 α1, α2, α4, α7, α8, α11, α13, α14 There are φ(15) = 8 primitive elements, each of which can be used to generate all nonzero elements of GF (24).

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Definition: The characteristic of a field F is the smallest positive integer λ such that λ

i=1 1 = 0 in F.

Theorem: The characteristic of a Galois field GF(q) is always a prime integer. Proof: Consider the set G = {0, 1, 1 + 1, 1 + 1 + 1, . . .}, which will be denoted by G = {0, 1, 2, 3, . . .}. This is a cyclic (sub)group under addition of the elements of GF(q) and, since there is only a finite number of elements, the first element, 0, must eventually

• repeat. Suppose that m = 0 for some composite m and thus

λ = m = a d (using usual multiplication) for two integers a, d. In GF(q) this implies that a d = 0, but because GF(q) is a field, this means that either a or d must be equal to zero in GF(q). Since (over the integers) 0 < a, d < m this leads to a contradiction of the minimality of the characteristic λ = m of the field GF(q) and thus m cannot be composite. QED

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Definition: Let F ⊆ E and assume β ∈ E. Then the prime polynomial f (x) of smallest degree over F which has β as a root is called the minimal polynomial of β over F. Definition: Let F ⊆ E. Two elements βi, βj ∈ E which have the same minimal polynomial over F are called conjugates with respect to F. Example: Over GF (2), the polynomial x3 + 1 factors into the product of prime polynomials (x + 1)(x2 + x + 1). Let α ∈ GF (22) be a zero of p(x) = x2 + x + 1, i.e., 0 = p(α) = α2 + α + 1 = ⇒ α2 = α + 1 . The elements of GF (22) can thus be expressed as {0, α0 = 1, α1 = α, α2 = 1 + α} .

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Example (contd.): Note that α3 = α α2 = α(α + 1) = α2 + α = (α + 1) + α = 1 = α0 , which means that α is primitive in GF (22), and which is consistent with the fact that the largest (multiplicative) order which an element in GF (22) can have is 3. The minimal polynomial over GF (2) of the element 0 is x, the minimal polynomial over GF (2) of α0 is x + 1, and the minimal polynomial

• ver GF (2) of α1 is x2 + x + 1 (this is how α was defined).

Evaluating p(x) = x2 + x + 1 at x = α2, yields p(α2) = α4 + α2 + 1 = (α3 α) + α2 + 1 = α + α2 + 1 = 0 , and thus the minimal polynomial over GF (2) of α2 is x2 + x + 1, and α and α2 are conjugates with respect to GF (2).

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes

Introduction to Finite Fields Integer Rings/Fields Polynomial Rings/Fields

Primitive Polynomials of Degree m over GF (2) m p(x) m p(x) 3 x3 + x + 1 14 x14 + x10 + x6 + x + 1 4 x4 + x + 1 15 x15 + x + 1 5 x5 + x2 + 1 16 x16 + x12 + x3 + x + 1 6 x6 + x + 1 17 x17 + x3 + 1 7 x7 + x3 + 1 18 x18 + x7 + 1 8 x8 + x4 + x3 + x2 + 1 19 x19 + x5 + x2 + x + 1 9 x9 + x4 + 1 20 x20 + x3 + 1 10 x10 + x3 + 1 21 x21 + x2 + 1 11 x11 + x2 + 1 22 x22 + x + 1 12 x12 + x6 + x4 + x + 1 23 x23 + x5 + 1 13 x13 + x4 + x3 + x + 1 24 x24 + x7 + x2 + x + 1

Peter Mathys ECEN 5682 Theory and Practice of Error Control Codes