Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Finite fields / Galois Fields
Document related concepts
Eisenstein's criterion wikipedia , lookup
Évariste Galois wikipedia , lookup
Birkhoff's representation theorem wikipedia , lookup
Group (mathematics) wikipedia , lookup
Fundamental theorem of algebra wikipedia , lookup
Factorization of polynomials over finite fields wikipedia , lookup
Field (mathematics) wikipedia , lookup
Transcript
Facts
•
gcd ( i, t ) = the greatest common divisor of i and t = the largest positive integer m
such that m i and m t .
•
b ax ⇒
b
x
gcd ( a, b )
Proof. b ax ⇒
ax
∈
b
. Let a = k1 gcd ( a, b ) , and b = k2 gcd ( a, b ) , with
gcd ( k1 , k2 ) = 1 . Then,
ax k1 gcd ( a, b ) x k1 x
=
=
∈
b
k2
k2 gcd ( a, b )
. But
gcd ( k1 , k2 ) = 1 ; hence, k2 x .
•
( q − 1) ( q m − 1) .
•
Let p be a prime. Then gcd ( p k1 , p k2 − 1) = 1 . Also, if a p k2 − 1 , gcd ( p k1 , p k2 − 1) = 1 .
p k2 − 1
1
= p k 2 − k0 − k0
Proof. Having p implies gcd = p , k0 ≤ k1 , k2 . To have
k0
p
p
∈ , k0 has to be 0.
k1
k0
(Remark: To see that k0 ≤ k2 , note that p k2 ≥ p k2 − 1 ≥ p k0 .)
•
a b , a cd , gcd ( b, c ) = 1 ⇒ a d .
Proof. Let x ≠ 1 be any factor of a. Then x a . This implies x b . Now, if x c ,
then x is a common divisor of b and c, which contradicts gcd ( b, c ) = 1 . So,
not factor of a is in c. To have a cd , we must have all factors of a in d.
Proof. gcd ( a, b ) = 1 ⇒ ∃ s, t ∈ D sa + tb = 1 . a ( bc ) ⇒ bc = aq for some
q ∈ D . sa + tb = 1 ⇒ sac + tbc = c ⇒ sac + taq = c ⇒ a ( sc + tq ) = c .
•
⎛ p⎞
p ⎜ ⎟ for all k ∈ {1, 2,3,…, p − 1} and for all prime integers p.
⎝k⎠
⎛ p ⎞ p ( p − 1)( p − 2 ) ( p − k + 1)
Proof. ⎜ ⎟ =
is always an integer. Since p is
k ( k − 1)( k − 2 ) ( 2 )(1)
⎝k⎠
⎛ p⎞
prime, none of the integers k , ( k − 1) ,…,3, 2 are divisors of p. ⎜ ⎟ is thus
⎝k⎠
a multiple of p.
Finite fields / Galois Fields
•
Finite fields were discovered by Evariste Galois and are thus known as Galois fields.
•
•
The Galois field of order q is usually denoted GF(q).
GF(q) is a field. Hence
1. GF(q) forms a commutative group under +.
The additive identity element is labeled “0“.
2. GF ( q ) \ {0} forms a commutative group under ⋅ .
The multiplicative identity element is labeled “1”.
3. The operation “+” and “ ⋅ ” distribute: a ⋅ ( b + c ) = ( a ⋅ b ) + ( a ⋅ c ) .
•
A finite field of order q is unique up to isomorphism.
• Two finite fields of the same size are always identical up to the labeling of their
elements.
• The order of Galois field completely specifies the field.
•
The integers {0, 1, 2, …, p-1}, where p is a prime, form the field GF(p) under modulo
p addition and multiplication.
•
•
The order q of a Galois field GF(q) must be a power of a prime.
Finite fields of order pm where p is a prime can be constructed as vector spaces over
the prime order field GF(p).
•
It is possible to represent GF ( q m ) as an m-dimensional subspace over GF ( q ) , where
GF ( q ) is a subfield of GF ( q m ) of prime power order.
•
Because GF ( p m ) contains the prime-order field GF ( p ) and can be viewed as
construction over GF ( p ) , we call GF ( p m ) an extension of the field of order p.
•
•
Fields of order 2m can be referred to as a binary extension field.
∀β ∈ GF ( q ) , at some point the sequence 1, β , β 2 , β 3 ,… begins to repeat values
found earlier in the sequence. The first element to repeat must be 1.
Proof. (1) GF(q) has only a finite number of elements; hence, the sequence must
repeat. (2) Assume β x = β y ≠ 1 x > y > 0 is the first sequence to repeat.
Then, because β y β x − y = β x = β y , multiply both sides by ( β y )
−1
to get
β x − y = 1 . So, 1 is repeated before ( 0 < x − y < x ) the sequence reaches
β x . Contradiction.
Order and characteristic
•
The order of a Galois Field Element:
Let β ∈ GF ( q ) . ord ( β ) = the order of β = min {m : β m = 1}
m∈
•
∀β ∈ GF ( q ) , nonzero
•
{
S = β , β 2 , β 3 ,… , β
ord ( β )
=1
} = {β :1 ≤ i ≤ t}
i
•
Forms a subgroup of the GF ( q ) \ {0} under multiplication
•
Contains all of the solutions to the expression x ord ( β ) = 1 .
•
ord ( β ) ( q − 1)
•
β s = 1 ⇔ ord ( β ) s
•
β q −1 = 1 , i.e., β q = β .
•
Let α , β ∈ GF ( q ) such that β = α i . Then, ord ( β ) =
•
The order of a Galois Field Element:
ord (α )
gcd ( i,ord (α ) )
.
Let β ∈ GF ( q ) . ord ( β ) = the order of β = min {m : β m = 1}
m∈
•
•
Order is defined using the multiplicative operation and not additive operation.
∀β ∈ GF ( q ) , nonzero
•
{
S = β , β 2 , β 3 ,… , β
ord ( β )
=1
} = {β :1 ≤ i ≤ t}
i
•
Consists of ord ( β ) distinct elements.
•
Forms a subgroup of the GF ( q ) \ {0} under multiplication.
Proof. Let t = ord ( β ) . Then β m = β m mod t . Let β x , β y ∈ S . Then
(β ) = β .
β (β ) = β β
y −1
t−y
y −1
x
x
t−y
= β t + x − y = β ( t + x − y ) mod t = β ( x − y ) mod t . Because
0 ≤ ( x − y ) mod t < t , we have β x ( β y ) ∈ S .
−1
Contains all of the solutions to the expression x ord ( β ) = 1 .
•
•
ord ( β ) ( q − 1) .
{
}
Proof. Because β , β 2 , β 3 ,…, β ord ( β ) is a subgroup of GF ( q ) \ {0} , by
{
=1
Lagrange’s theorem, β , β 2 , β 3 ,…, β ord ( β )
=1
} divides GF( q ) \ {0} .
Hence, t ( q − 1) .
•
•
This determines the possible orders a finite field element can display.
β = 1 ⇔ ord ( β ) s .
s
Proof. “⇐” ord ( β ) s ⇒ s = k ord ( β ) , k ∈
(
β s = β ord ( β )
)
k
∪ {0} ⇒
= 1k = 1 .
“⇒” (1) If s = 0, then ord ( β ) 0 trivially. (2) If s > 0 , then we can
write s =
q ord ( β ) +
∈ ∪{0}
r
∈{0,…,ord ( β )}
, i.e., r = s mod ord ( β ) . Note that
1
⎛
⎞
r
r
s
ord β q
⎟ . So, β s = β r = 1 . From β r = 1 , we
=
β = β ⎜ β = (β
β
β
)
⎜
⎟
⎝
⎠
know that r must then be 0; otherwise, contradict the minimality of the
order of β .
s
•
r
β q −1 = 1 , i.e., β q = β .
Proof. ord ( β ) ( q − 1) .
•
Let α , β ∈ GF ( q ) such that β = α i . Then, ord ( β ) =
gcd ( i,ord (α ) )
Proof. Let ord (α ) = t , and ord ( β ) = x . Note that
β
t
gcd ( i , t )
ord ( β )
= (α
t
i gcd ( i , t )
)
t
gcd ( i, t )
= (α
t
, i.e., x
)
i
gcd ( i , t )
t
i
gcd ( i , t )
=1
•
t
gcd ( i, t )
and
i
gcd ( i, t ) gcd ( i, t )
∈
= 1 . This implies
x . Hence, x =
t
x . Because we have
gcd ( i, t )
t
gcd ( i, t )
.
ord (α )
gcd ( i,ord (α ) )
.
An element with order (q-1) in GF ( q ) is called a primitive element in GF ( q ) .
Every field GF ( q ) contains exactly φ ( q − 1) ≥ 1 primitive elements.
•
; hence
ord (α i ) = ord (α ) iff gcd ( i,ord (α ) ) = 1.
Proof. ord (α i ) =
•
gcd ( i, t )
,
x
gcd ( i, t )
t
t
.
. Similarly, since 1 = β ord ( β ) = (α i ) , we
have ord (α ) ix , i.e., t ix which implies
x
ord (α )
{
}
The Euler φ function: φ ( t ) = 1 ≤ i < t gcd ( i, t ) = 1 = t
⎛
1⎞
⎜1 − ⎟
p⎠
prime number p ⎝
∏
1< p < t
pt
•
•
1
2
)
pnan = p1a1 −1 ( p1 − 1) p2a2 −1 ( p2 − 1)
pnan −1 ( pn − 1)
An element with order (q-1) in GF ( q ) is called a primitive element in GF ( q ) .
•
•
φ ( p1a p2a
Every field GF ( q ) contains exactly φ ( q − 1) ≥ 1 primitive elements.
The Euler φ function (Euler totient function) evaluated at an integer t = φ ( t )
= the number of integers in the set {1,…, t − 1} that are relatively prime to t (i.e.,
share no common divisors other than one.)
=
{1 ≤ i < t gcd ( i, t ) = 1}
=
t
⎛
1⎞
⎜1 − ⎟ ; φ (1) = 1 .
p⎠
prime number p ⎝
∏
1< p < t
pt
•
•
•
•
> 0 for positive t.
If p is a prime, then
•
φ ( p) = p −1 .
•
φ ( p m ) = p m −1 ( p − 1)
If p1 and p2 are distinct prime, then
•
φ ( p1 ⋅ p2 ) = φ ( p1 )φ ( p2 ) = ( p1 − 1)( p2 − 1)
•
φ ( p1m p2n ) = p1m −1 p2n −1 ( p1 − 1)( p2 − 1)
φ ( p1a p2a
1
2
)
⎛
1 ⎞⎛
1 ⎞ ⎛
1 ⎞
pnan ⎜1 − ⎟⎜1 − ⎟ ⎜1 − ⎟
p1 ⎠⎝
p2 ⎠ ⎝
pn ⎠
⎝
an −1
a1 −1
a2 −1
= p1 ( p1 − 1) p2 ( p2 − 1) pn ( pn − 1)
pnan = p1a1 p2a2
•
Given that the integer t divides (q-1), then the number of elements of order t in
GF ( q ) is φ ( t ) .
•
The multiplicative structure of Galois Fields.
Consider the Galois field GF ( q )
(1) If t does not divide (q-1), then there are no elements of order t in GF ( q ) .
(2) If t ( q − 1) , then there are φ ( t ) elements of order t in GF ( q ) .
Proof. (2) If t = ord (α ) , then the set {α ,α 2 ,…,α t } contains t distinct solutions
of xt = 1 , and hence the set contains all the solutions. Therefore, all
element of order t must contain in this set. To find which one has order t,
we know that ord (α i ) = ord (α ) iff gcd ( i,ord (α ) ) = 1. Hence, we the
{
}
number of element with order t is 1 ≤ i < t gcd ( i, t ) = 1 = φ ( t ) by
definition.
•
t ( q − 1) iff ∃β ∈ GF ( q ) such that ord ( β ) = t .
•
In every field GF ( q ) , there are exactly φ ( q − 1) primitive elements.
•
GF ( q ) can be represented using 0 and (q-1) consecutive powers of a primitive field
element α ∈ GF ( q ) .
•
All nonzero elements in GF ( q ) can be represented as (q-1) consecutive powers
⎧
⎫
of a primitive element α.. Ex. ⎨α ,α 2 ,…,α q −1 ⎬ or {1,α 2 ,…,α q − 2 } .
1 ⎭
⎩
•
For β1 , β 2 ∈ GF ( q ) \ {0} , ∃i1 , i2 such that β1 = α i1 and β 2 = α i2 ; hence,
β1 ⋅ β 2 = α i ⋅ α i = α i + i = α i + i
1
•
2
1
1
2
2
modulo ( q -1)
ord (α )
.
q −1
.
gcd ( i, q − 1)
•
Note also that ord (α i ) =
•
Multiplication in a Galois field of nonprime order can be performed by
representing the elements as powers of the primitive field element α and adding
their exponents modulo (q-1).
gcd ( i,ord (α ) )
=
Let m(1) refer to the summation of m ones, i.e., 1 ⊕ 1 ⊕
⊕1.
m 1's
•
Consider the sequence ( n (1) )n = 0 = 0,1,1 ⊕ 1,1 ⊕ 1 ⊕ 1,… . Then, 0 is the first repeated
∞
elements.
•
If a, b ∈ GF ( q ) , a ⋅ b = 0 , then either a or b must equal zero. Otherwise, GF ( q ) − {0}
cannot form a commutative group under “ ⋅ ” because it has no 0.
•
The characteristic of a Galois field GF ( q ) is the smallest positive integer m such
that m (1) = 1 ⊕ 1 ⊕
⊕1 = 0 .
m 1's
•
GF ( p m ) has characteristic p, where p is a prime number.
•
If p , then α + α +
+α = 0.
times
•
The characteristic of a Galois field GF ( q ) is the smallest positive integer m such
that m (1) = 1 ⊕ 1 ⊕
⊕1 = 0 .
m 1's
•
Consider sequence 0, 1 ,1 + 1,1 + 1 + 1,1 + 1 + 1 + 1,… .
1(1)
2 (1)
3(1)
4 (1)
This sequence must begin to repeat and the first element to repeat is 0.
Proof. Since the field is finite, this sequence must begin to repeat at some
point. If j (1) is the first repeated element, being equal to k (1) for
0 ≤ k < j , it follows that k must be zero; otherwise ( j − k ) (1) = 0 is an
earlier repetition than j (1) .
•
m1 (1) ⋅ m2 (1) = ( m1m2 )(1)
•
Always a prime integer.
Proof. Suppose not. Consider the sequence 0, 1, 2(1), 3(1), …, k(1),
(k+1)(1),… Suppose that the first repeated element is k(1) = 0 where k
is not a prime. Then ∃ m, n > 1 such that mn = k . It follows that
m (1) ⋅ n (1) = k (1) . So we have m (1) ⋅ n (1) = 0 , which implies
m (1) = 0 or n (1) = 0 . Since 0 < m, n < k , this contradicts the
minimality of the characteristic of the field.
•
Notational caution: we may write k (α ) or kα where k ∈
α +α +
to denote
+ α . Note that k is irrelevant to the field GF ( q ) which contains α.. Think
k times
of k as k (1) . Don’t confuse this with αβ or α ⋅ β where both α , β ∈ GF ( q ) .
•
For a field GF ( q ) with characteristic p, let α ∈ GF ( q ) . Then
Proof. α + α +
p times
•
⎛
⎞
+ α = ⎜ 1 + 1 + + 1⎟ ⋅ α = 0 ⋅ α = 0 .
⎜
⎟
p times
⎝
⎠
If p , then α + α +
+α = 0.
times
•
Let GF(q) be a (any) field of characteristic p, then it contains a prime-order subfield
GF(p) = Z p = {0,1, 2 (1) ,3 (1) ,…, ( p − 1)(1)} .
Proof. The set Z p = {0,1, 2 (1) ,3 (1) ,…, ( p − 1)(1)} contains p distinct elements
because p is the characteristic of GF(q) and 0 have to be the first element
to repeat. The identities 0,1 ∈ Z p . Z p is closed under both GF(q) addition
and multiplication because the sum or product of sums of ones is still a
sum of ones and m (1) = ( m mod p )(1) . The additive inverse of j (1) ∈ Z p
is clearly ( p − j )(1) ∈ Z p . The multiplicative inverse of j (1) (j ≠ 0 or a
multiple of p) is simply k (1) , where j ⋅ k ≡ 1mod p . k exists because we
{
}
know that 1 ∈ Z p and the set j ⋅ x x ∈ Z p = Z p by multiplicative closure
and that for a ≠ 0 , b1 ≠ b2 ⇒ a ⋅ b1 ≠ a ⋅ b2 . The rest of the field
requirements (Associativity, Distributivity, etc.) are satisfied by noting
that Zp is embedded in the field GF(q). Z p ⊂ GF ( q ) and it is a field.
•
•
Zp is a subfield of all fields GF(q) of characteristic p.
Because the field of order p is unique up to isomorphisms,
Zp must be the field of integers under modulo p addition and multiplication.
•
GF ( p m ) is an m-dimensional vector space over a field GF ( p ) .
•
Let GF(q) be a (any) field of characteristic p, then it contains a prime-order subfield
GF(p) = Z p = {0,1, 2 (1) ,3 (1) ,…, ( p − 1)(1)} .
•
GF ( p m ) , where p is a prime number.
•
•
is an m-dimensional vector space over a field GF ( p ) .
•
contains all Galois fields of order p b where b m .
•
has characteristic p
The order q of GF ( q ) must be a power of a prime.
Proof. Let β1 be a nonzero element in GF(q). There are p distinct elements of the
form α1β1 ∈ GF ( q ) , where α1 ranges over all p of the elements in
GF ( p ) .
(Recall, that ac = bc , c ≠ 0 ⇒ ( a − b ) c = 0 ⇒ a − b = 0 ⇒ a = b )
If the field GF ( q ) contains no other elements, then the proof is complete.
If there is an element β 2 that is not of the form α1β1 , α1 ∈ GF ( p ) , then
there are p2 distinct elements in GF ( q ) of the form α1β1 + α 2 β 2 ∈ GF ( q ) ,
where α1 ,α 2 ∈ GF ( p ) .
This process continues until all elements in GF ( q ) can be represented in
+ α m β m ∈ GF ( q ) .
the form α1β1 + α 2 β 2 +
•
Each combination of coefficients (α1 ,α 2 ,…,α m ) ∈ ( GF ( p ) ) corresponds by
m
construction to a distinct element in GF ( q ) .
Proof. Assume α1β1 + α 2 β 2 +
we have γ 1β1 + γ 2 β 2 +
+ α m β m = α1′β1 + α 2′ β 2 + + α m′ β m , then
+ γ m β m = 0 where γ i = α i − α i′ , not all
zero. Let k = max {i : γ i ≠ 0} . Then we have
i
β k = ( −γ k−1γ 1 ) β1 + ( −γ k−1γ 2 ) β 2 +
+ ( −γ k−1γ k −1 ) β k −1 .
Also, ∀i −γ k−1γ i ∈ GF ( p ) . This contradict the definition of β k (by
construction) because β k should not be of the form
β k = α1β1 + α 2 β 2 +
+ α k −1β k −1 where α i ∈ GF ( p ) .
•
GF ( p m ) contains all Galois fields of order p b where b m .
GF ( 26 )
GF ( 23 )
GF ( 22 )
GF ( 21 )
•
•
Need to be able to express p m = ( p b ) .
•
GF ( 4 ) ⊄ GF ( 32 )
An element β in GF ( q m ) lies in the subfield GF ( q ) if and only if β q = β .
Proof. “⇒” Let β ∈ GF ( q ) ⊂ GF ( q m ) . Then, ord ( β ) ( q − 1) by the
multiplicative structure of GF. So, β q −1 = 1 , which implies β q = β . “⇐”
Let β q = β . Then β is a root of x q − x = 0 . The q elements of GF ( q )
comprise all q roots of x q − x = 0 and the result follow.
•
For nonzero elements β in GF ( q m ) , the following are equivalent:
(1) β ∈ GF ( q )
(2) β q −1 = 1
(3) ord ( β ) ( q − 1)
Proof. “(1) ⇒ (3) ⇒ (2)” by the multiplicative structure of Galois fields. “(2) ⇒
(3)” because in any GF ( q′ ) we have β q −1 = 1 ⇒ ord ( β ) ( q − 1) . Finally,
(2) ⇒ (1) by theorem above.
•
β lies in the subfield GF ( q ) if and only if β q = β . For nonzero β , this is
equivalent to ord ( β ) ( q − 1) .
•
Let α be a primitive element in GF ( q m ) . Then, all nonzero elements in GF ( q m ) can
be represented as α j for some integer j. An element α j is in the subfield GF ( q ) if
and only if j ⋅ q ≡ j modulo ( q m − 1) .
Proof. α j ∈ GF ( q ) iff (α j ) = α j . In GF ( q m ) , we have (α j ) = α
q
we want jq mod ( q m − 1) = j .
•
Remark:
•
0 ∈ GF ( q ) .
q
(
)
jq mod q m −1
. So,
•
1 = α 0 ∈ GF ( q ) because 0 ⋅ q ≡ 0 modulo ( q m − 1) .
•
This is equivalent to j ( q − 1) ≡ 0 mod ( q m − 1)
•
⎛ qm − 1 ⎞
It is also equivalent to j = k ⎜
⎟ for k ∈ I , 0 ≤ k < q − 1 .
−
1
q
⎝
⎠
Proof. j ( q − 1) ≡ 0 mod ( q m − 1) means that j ( q − 1) = ( q m − 1) k . Now,
(
0 ≤ j < qm − 1 . α j
0 ( q − 1)
qm − 1
•
(q
≤k<
m
j = q m −1
− 1) ( q − 1)
qm − 1
)
= 1 = α 0 . This implies
. So, 0 ≤ k < q − 1 .
Subfield: GF ( p m ) , where p is a prime number contains all Galois fields of order p b
where b m .
•
An element β in GF ( q m ) lies in the subfield GF ( q ) if and only if β q = β . For
nonzero β , this is equivalent to ord ( β ) ( q − 1) .
•
Let α be a primitive element in GF ( q m ) . Then, all nonzero elements in GF ( q m ) can
be represented as α j for some integer j. An element α j is in the subfield GF ( q ) if
⎛ qm − 1 ⎞
and only if j ⋅ q ≡ j modulo ( q m − 1) which is equivalent to j = k ⎜
⎟ for k ∈ I ,
⎝ q −1 ⎠
0 ≤ k < q − 1.
•
•
0,1 ∈ GF ( q )
•
Let
=
qm − 1
. Then GF ( q ) = 0, α 0 ,α ,α 2 ,α 3 ,…,α ( q − 2) .
q −1
{
}
It is possible to represent GF ( q m ) as an m-dimensional subspace over GF ( q ) , where
GF ( q ) is a subfield of GF ( q m ) of prime power order.
•
Let α , β be elements in the field GF ( p m ) . Then (α + β )
pr
= α p + β p for r = 1, 2,
r
r
3, …
Proof. We will prove the statement by induction on r.
⎛ p⎞
⎛ p⎞
⎛ p⎞
p
(α + β ) = α p + ⎜ ⎟α p −1β + ⎜ ⎟α p − 2 β 2 + + β p . Because p ⎜ ⎟ for
⎝1⎠
⎝2⎠
⎝k⎠
⎛
⎞
⎜
⎟
⎛ p⎞ ⎛ p⎞
k ∈ {1, 2,3,…, p − 1} , we know that ⎜ ⎟ = ⎜ ⎟ (1) = ⎜ 1 + 1 + + 1⎟ = 0 for
⎝k⎠ ⎝k⎠
⎜⎜ ⎛ p ⎞ times ⎟⎟
⎜ ⎟
⎝ ⎝k⎠
⎠
k ∈ {1, 2,3,…, p − 1} . Hence, (α + β ) = α p + β p . So, the statement is true
p
for r = 1. Now, let the statement true for r = . Then,
(α + β )
p
= α p + β p . We then have
(α + β )
p
+1
(
= (α + β )
p
+1
=αp + β p
•
) (
p
= αp +βp
) = (α ) + ( β )
p
p
p
p
p
+1
Let α1 ,α 2 ,…,α t be elements in the field GF ( p m ) , then
( α1 + α 2 +
+ αt )
pr
= α1p + α 2p +
r
r
+ α tp for r = 1, 2, 3, …
r
Proof. We will prove by induction on t. Note that the statement is true for t = 2.
Now let it be true for t = . Them we have
(α1 + α 2 +
+α
+1 )
pr
= ( ( α1 + α 2 +
+α )+α
= ( α1 + α 2 +
)
= α1p + α 2p +
r
r
+α
pr
+1
)
+ α p+1
r
+ α p + α p+1
r
r
pr
