FINITE FIELDS KEITH CONRAD

Transcription

1 FINITE FIELDS KEITH CONRAD This handout discusses finite fields: how to construct them, properties of elements in a finite field, and relations between different finite fields. We write Z/(p) and F p interchangeably for the field of size p. Here is an executive summary of the main results. Every finite field has prime power order. For every prime power, there is a finite field of that order. For a prime p and positive integer n, there is an irreducible π(x) of degree n in F p [x], and F p [x]/(π(x)) is a field of order p n. Any two finite fields of the same size are isomorphic (usually not in just one way). If [F p (α) : F p ] = d, the F p -conjugates of α are α, α p, α p,..., α pd 1. Every finite extension of F p is a Galois extension whose Galois group over F p is generated by the pth power map. 1. Construction Theorem 1.1. For a prime p and a monic irreducible π(x) in F p [x] of degree n, the ring F p [x]/(π(x)) is a field of order p n. Proof. The cosets mod π(x) are represented by remainders c 0 + c 1 x + + c n 1 x n 1, c i F p, and there are p n of these. Since the modulus π(x) is irreducible, the ring F p [x]/(π(x)) is a field using the same proof that Z/(m) is a field when m is prime. Example 1.. Two fields of order 8 are F [x]/(x + x + 1) and F [x]/(x + x + 1). Example 1.. Two fields of order 9 are F [x]/(x + 1) and F [x]/(x + x + ). Example 1.4. The polynomial x is irreducible in F 7 [x], so F 7 [x]/(x ) is a field of order 7 = 4. Warning. Do not try to create a field of order 8 as Z/(8). That is not a field. Similarly, Z/(9) is not a field. The ring Z/(m) is a field only when m is a prime number. In order to create fields of non-prime size we must do something other than look at Z/(m). We will see that every finite field is isomorphic to a field of the form F p [x]/(π(x)), so these polynomial constructions give us working models of any finite field. However, not every finite field is literally of the form F p [x]/(π(x)). For instance, Z[ ]/() is another field of size 9 (which is isomorphic to F [x]/(x ) = F [x]/(x + 1)). Theorem 1.5. Any finite field has prime power order. 1

2 KEITH CONRAD Proof. For every commutative ring R there is a unique ring homomorphism Z R, given by 1 } {{ + 1 }, if m 0, m times m ( }{{} ), if m < 0. m times We apply this to the case when R = F is a finite field. The kernel of Z F is nonzero since Z is infinite and F is finite. Write the kernel as (m) = mz for an integer m > 0, so Z/(m) embeds as a subring of F. Any subring of a field is a domain, so m has to be a prime number, say m = p. Therefore there is an embedding Z/(p) F. Viewing F as a vector space over Z/(p), it is finite-dimensional since F is finite. Letting n = dim Z/(p) (F ) and picking a basis {e 1,..., e n } for F over Z/(p), elements of F can be written uniquely as c 1 e c n e n, Each coefficient has p choices, so F = p n. c i Z/(p). Lemma 1.6. If F is a finite field, the group F is cyclic. Proof. Let q = F, so F = q 1. Let m be the maximal order of the elements of the group F, so m (q 1) by Lagrange s theorem. We will show m = q 1. It is a theorem from group theory (see the appendix) that in any finite abelian group, all orders of elements divide the maximal order of the elements 1, so every t in F satisfies t m = 1. Therefore all numbers in F are roots of the polynomial x m 1. The number of roots of a polynomial over a field is at most the degree of the polynomial, so q 1 m. Since m is the order of some element in F, we have m (q 1), so m q 1. Therefore m = q 1, so some element of F has order q 1. Example 1.7. In the field F [x]/(x +1), the nonzero numbers are a group of order 8. The powers of x are x, x = 1 =, x = x, x 4 = x = = 1, so x is not a generator. But x + 1 is a generator: its successive powers are in the table below. k x k x + 1 x x + 1 x + x x + 1 Example 1.8. For every prime p, the group (Z/(p)) is cyclic: there is an a 0 mod p such that {a, a, a,..., a p 1 mod p} = (Z/(p)). There is no constructive proof of this, and in fact there is no universally applicable algorithm that runs substantially faster than trying a =,,... until a generator is found. Remark 1.9. For a finite field F, the multiplicative group F is cyclic but the additive group of F is usually not cyclic. When F contains F p, since p = 0 in F p every nonzero element of F has additive order p, so F is not additively cyclic unless F is prime. Theorem Every finite field is isomorphic to F p [x]/(π(x)) for some prime p and some monic irreducible π(x) in F p [x]. 1 In a nonabelian finite group, all orders of elements don t have to divide the maximal order, e.g., in S the orders of elements are 1,, and.

3 FINITE FIELDS Proof. Let F be a finite field. By Theorem 1.5, F has order p n for some prime p and positive integer n, and there is a field embedding F p F. The group F is cyclic by Lemma 1.6. Let γ be a generator of F. Evaluation at γ, namely f(x) f(γ), is a ring homomorphism ev γ : F p [x] F that fixes F p. Since every number in F is 0 or a power of γ, ev γ is onto (0 = ev γ (0) and γ r = ev γ (x r ) for any r 0). Therefore F p [x]/ ker ev γ = F. The kernel of evγ is a maximal ideal in F p [x], so it must be (π(x)) for some monic irreducible π(x) in F p [x]. Fields of size 9 that are of the form F p [x]/(π(x)) need p = and deg π(x) =. The monic irreducible quadratics in F [x] are x + 1, x + x +, and x + x +. In F [x]/(x + 1), F [x]/(x + x + ), F [x]/(x + x + ), x is not a generator of the nonzero elements in the first field but is a generator of the nonzero elements in the second and third fields. So although F [x]/(x + 1) is the simplest choice among these three examples, it s not the one that would come out of the proof of Theorem 1.10 when we look for a model of fields of order 9 as F [x]/(π(x)). Theorem 1.10 does not assure us fields of all prime power orders exist. It only tells us that if a field of order p n exists then it is isomorphic to F p [x]/(π(x)) for some irreducible π(x) of degree n in F p [x]. Why is there an irreducible of each degree in F p [x]? In the next section we will show a field of any prime power order does exist and there is an irreducible in F p [x] of each positive degree.. Finite fields as splitting fields We can describe any finite field as a splitting field of a polynomial depending only on the size of the field. Lemma.1. A field of prime power order p n is a splitting field over F p of x pn x. Proof. Let F be a field of order p n. From the proof of Theorem 1.5, F contains a subfield isomorphic to Z/(p) = F p. Explicitly, the subring of F generated by 1 is a field of order p. Every t F satisfies t pn = t: if t 0 then t pn 1 = 1 since F = F {0} is a multiplicative group of order p n 1, and then multiplying through by t gives us t pn = t, which is also true when t = 0. The polynomial x pn x has every element of F as a root, so F is a splitting field of x pn x over the field F p. Theorem.. For every prime power p n, a field of order p n exists. Proof. Taking our cue from the statement of Lemma.1, let F be a field extension of F p over which x pn x splits completely. General theorems from field theory guarantee there is such a field. Inside F, the roots of x pn x form the set S = {t F : t pn = t}. This set has size p n since the polynomial x pn x is separable: (x pn x) = p n x pn 1 1 = 1 since p = 0 in F, so x pn x has no roots in common with its derivative. It splits completely over F and has degree p n, so it has p n roots in F. We will show S is a subfield of F. It contains 1 and is easily closed under multiplication and (for nonzero solutions) inversion. It remains to show S is an additive group. Since p = 0 in F, (a + b) p = a p + b p for all a and b in F (the intermediate terms in (a + b) p coming from the binomial theorem have integral coefficients ( p k), which are all multiples of p and thus vanish in F ). Therefore the pth power map t t p on F is additive. The map t t pn

4 4 KEITH CONRAD is also additive since it s the n-fold composite of t t p with itself and the composition of homomorphisms is a homomorphism. The fixed points of an additive map are a group under addition, so S is a group under addition. Therefore S is a field of order p n. Corollary.. For every prime p and positive integer n, there is a monic irreducible of degree n in F p [x], and moreover π(x) can be chosen so that every nonzero element of F p [x]/(π(x)) is congruent to a power of x. Proof. By Theorem., a field F of order p n exists. By Theorem 1.10, the existence of an abstract field of order p n implies the existence of a monic irreducible π(x) in F p [x] of degree n, and from the proof of Theorem 1.10 x mod π(x) generates the nonzero elements of F p [x]/(π(x)) since the isomorphism identifies x mod π(x) with a generator of F. It s worth appreciating the order in the logic behind Theorem. and its corollary: to show we can construct a field of order p n as F p [x]/(π(x)) where deg π(x) = n, the way we showed a π(x) of degree n exists is by first constructing an abstract field F of order p n (using the splitting field construction) and then proving F can be made isomorphic to an F p [x]/(π(x)). Remark.4. There is no simple formula for an irreducible of every degree in F p [x]. For example, binomial polynomials x n a are reducible when p n. Trinomials x n +ax k +b with a, b F p and 0 < k < n are often irreducible, but in some degrees there are no irreducible trinomials: none in F [x] of degree 8 or 1, in F [x] of degree 49 or 57, in F 5 [x] of degree 5 or 70, or in F 7 [x] of degree 14 or 16. Theorem.5. Any irreducible π(x) in F p [x] of degree n divides x pn x and is separable. Proof. The field F p [x]/(π(x)) has order p n, so t pn = t for all t in F p [x]/(π(x)) (see the proof of Lemma.1). In particular, x pn x mod π(x), so π(x) (x pn x) in F p [x]. We saw in the proof of Theorem. that x pn x is separable in F p [x], so its factor π(x) is separable. Example.6. In F [x], the irreducible factorization of x n x for n = 1,,, 4 is as follows. x x = x(x 1), x 4 x = x(x 1)(x + x + 1), x 8 x = x(x 1)(x + x + 1)(x + x + 1), x 16 x = x(x 1)(x + x + 1)(x 4 + x + 1)(x 4 + x + 1)(x 4 + x + x + x + 1). In each case the irreducibles of degree n appear in the factorization of x n x, which Theorem.5 guarantees must happen. That each factor occurs just once reflects the fact that x pn x is separable. There are irreducible factors of x pn x with degree less than n, if n > 1; the irreducible factors of x pn x in F p [x] turn out (Lemma. below) to be the irreducibles in F p [x] of degree dividing n and each such factor appears once. We write F p n for a finite field of order p n. Features to keep in mind are it contains a unique subfield isomorphic to F p (namely the subfield generated by 1), [F p n : F p ] = n by the proof of Theorem 1.5, it is a splitting field of x pn x over F p by the proof of Theorem.. Alternatively, additivity of t t p n follows from the binomial coefficients ( p n ) k being divisible by p for 1 k p n 1. In general b ( ) ( a b = a a 1 ) ( b 1 for 1 b a, so k p n) ( k = p n p n ) 1 k 1 when 1 k p n 1. Thus k ( p n ) k is divisible by p n and the first factor k is not divisible by p n, so ( p n ) k is divisible by p.

5 FINITE FIELDS 5 Although x pn x has degree p n, its splitting field over F p has degree n, not p n. That is not weird, because x pn x is reducible (see Example.6). The situation is similar to x m 1, which for m > 1 is reducible and its splitting field over Q has degree less than m. Theorem.7. Any finite fields of the same size are isomorphic. Proof. A finite field has prime power size, say p n, and by Lemma.1, it is a splitting field of x pn x over F p. Any two splitting fields of a fixed polynomial over F p are isomorphic, so any two fields of order p n are isomorphic: they are splitting fields of x pn x over F p. The analogous theorem for finite groups and finite rings is false: having the same size does not usually imply isomorphism. For instance, Z/(4) and Z/() Z/() both have order 4 and they are nonisomorphic as additive groups (one is cyclic and the other is not) and also as commutative rings (one has a nonzero element squaring to 0 and other does not). Theorem.8. A subfield of F p n has order p d where d n, and there is one such subfield for each d. Proof. Let F be a field with F p F F p n. Set d = [F : F p ], so d divides [F p n : F p ] = n. We will describe F in a way that only depends on F = p d. Since F has order p d 1, for any t F we have t pd 1 = 1, so t pd = t, and that holds even for t = 0. The polynomial x pd x has at most p d roots in F p n, and since F is a set of p d different roots of it, F = {t F p n : t pd = t}. This shows there is at most one subfield of order p d in F p n, since the right side is completely determined as a subset of F p n from knowing p d. To prove for each d dividing n there is a subfield of F p n with order p d, we turn things around and consider {t F p n : t pd = t}. It is a field by the same proof that S is a field in the proof of Theorem.. To show its size is p d we want to show x pd x has p d roots in F p n. We ll do this in two ways. First, d n (p d 1) (p n 1) x pd 1 1 x pn 1 1 x pd x x pn x, so since x pn x splits with distinct roots in F p n[x] so does its factor x pd x. Second, d n (p d 1) (p n 1) and F p n is cyclic of order pn 1, so it contains p d 1 solutions to t pd 1 = 1. Along with 0 we get p d solutions in F p n to t pd = t. Example.9. In the diagram below are the subfields of F p 8 and F p 1. F p 8 F p 1 F p 4 F p 4 F p 6 F p F p F p F p F p These resemble the lattice of divisors of 8 and divisors of 1. Even though p k divides p 1 for k 1, that does not mean F p k is a subfield of F p 1 for all k 1: the only possible

6 6 KEITH CONRAD F p k that can lie in F p 1 are those for which [F p k : F p ] divides [F p 1 : F p ], which means k divides 1. Theorem.8 guarantees they all occur as solutions to t pk = t in F p 1 when k is a factor of 1. Example.10. One field of order 16 = 4 is F [x]/(x 4 +x+1). All elements satisfy t 16 = t. The solutions to t = t are the subfield {0, 1} of order and the solutions to t 4 = t are the subfield {0, 1, x + x, x + x + 1} of order 4.. Describing F p -conjugates Two elements in a finite field are called F p -conjugate if they share the same minimal polynomial over F p. We will show, after some lemmas about polynomials over F p, that all F p -conjugates can be obtained from each other by successively taking pth powers. A precise statement is in Theorem.4. Lemma.1. For every f(x) F p [x], f(x) pm = f(x pm ) for m 0. Proof. The case m = 0 is obvious, and it suffices by induction to do the case m = 1. In any ring of characteristic p, the pth power map is additive. For a polynomial f(x) = c n x n + + c 1 x + c 0 in the ring F p [x], we have Every c F p satisfies c p = c, so f(x) p = (c n x n + + c 1 x + c 0 ) p = c p nx pn + + c p 1 xp + c p 0. f(x) p = c n x pn + + c 1 x p + c 0 = f(x p ). Example.. In F 5 [x], (x 4 + x + ) 5 = x 0 + x Lemma.. Let π(x) be irreducible of degree d in F p [x]. For n 0, π(x) (x pn x) d n. Proof. To prove ( =), write n = kd. Starting with x pd x mod π(x) (from Theorem.5) and applying the p d -th power to both sides k times, we obtain x x pd x pd x pkd mod π(x). Thus π(x) (x pn x). We will prove (= ) in two ways. For the first proof we will work in a field F p n of order p n. Since x pn x splits completely in F p n[x] and π(x) is a factor of x pn x, π(x) splits completely in F p n[x], so π(x) has a root in F p n, say α. Then F p n has the subfield F p (α), which has order p d. Since [F p (α) : F p ] divides [F p n : F p ], we get d n. The second proof uses congruences, not splitting fields. Our divisibility hypothesis says (.1) x pn x mod π(x) and we want to conclude d n. Write n = dq + r with 0 r < d. We will show r = 0. We have x pn = x pdq p r = (x pdq ) pr. By ( =), x pdq x mod π, so x pn x pr mod π. Thus, by (.1), (.) x pr x mod π(x).

7 FINITE FIELDS 7 This tells us that one particular element of F p [x]/(π(x)), the class of x, is equal to its own p r -th power. Let s extend this property to all elements of F p [x]/(π(x)). For every f(x) F p [x], f(x) pr = f(x pr ) by Lemma.1. Combining with (.), f(x) pr f(x) mod π(x). Therefore, in F p [x]/(π(x)), the class of f(x) is equal to its own p r -th power. As f(x) is a general polynomial in F p [x], we have proved every t F p [x]/(π(x)) satisfies t pr = t (in F p [x]/(π(x))). Recall r is the remainder when n is divided by d. Consider now the polynomial X pr X. When r > 0, this is a nonzero polynomial with degree p r. We have found p d different roots of this polynomial in the field F p [x]/(π(x)), namely every element. Therefore p d p r, so d r. But, recalling where r came from, r < d. This is a contradiction, so r = 0. That proves d n. Theorem.4. Let π(x) be irreducible in F p [x] with degree d and E F p be a field in which π(x) has a root, say α. Then π(x) has roots α, α p, α p,..., α pd 1. These d roots are distinct; more precisely, when i and j are nonnegative, α pi = α pj i j mod d. Proof. Since π(x) p = π(x p ) by Lemma.1, we see α p is also a root of π(x), and likewise α p, α p, and so on by iteration. Once we reach α pd we have cycled back to the start: α pd = α by Lemma.: x pd = x + π(x)g(x) for some g(x) F p [x], and substitute α for x. Now we will show α pi = α pj i j mod d, where i, j 0. We may suppose without loss of generality that i j, say j = i + k with k 0. Then α pi = α pj α pi = (α pk ) pi (α pk ) pi α pi = 0 (α pk α) pi = 0 α pk = α π(x) (x pk x) in F p [x] d k by Lemma. i j mod d. Thus the roots α, α p,..., α pd 1 are distinct. Since π(x) has at most d = deg π roots in any field, Theorem.4 tells us α, α p,..., α pd 1 are a complete set of roots of π(x). Example.5. The polynomial x + x + 1 is irreducible in F [x] since it s a cubic without a root in F. In the field F = F [y]/(y + y + 1), one root of x + x + 1 is y (we should write this as a coset, like y, but we ll use y). The other two roots in F are y and y 4. Let s write these in terms of the basis {1, y, y } of F over F. Since y + y + 1 = 0 in F, we have y = y + 1 (since 1 = 1), so y 4 = y + y = (y + 1) + y = y + y + 1. Therefore, the roots of x + x + 1 in F are y, y, and y + y + 1. Example.6. The polynomial x is irreducible in F 7 [x]. In the field F = F 7 [y]/(y ), the roots of x are y, y 7, and y 49. Let s simplify these powers using the condition y = in F. It implies y 7 = (y ) y = 4y and y 49 = (y 7 ) 7 = (4y) 7 = 4 7 y 7 = 4 4y = y. So the three roots of x in F are y, y, and 4y. This is similar to the formula for the roots of x in C:, ω, and ω. In characteristic 7, the numbers and 4 are nontrivial cube roots of unity, so they are like ω and ω in C (notice each is the square of the other).

8 8 KEITH CONRAD Theorem.4 says if π(x) F p [x] is irreducible and α is a root of π(x) then F p (α) is a splitting field of π(x) over F p. This is quite different over Q: Q( ) is not a splitting field of x over Q. Here is an even more striking contrast between Q and F p. Corollary.7. Let π 1 (x) and π (x) be irreducible of the same degree in F p [x] and α be a root of π 1 (x). Then F p (α) is a splitting field of π (x) over F p. Proof. Set F = F p (α) = F p [x]/(π 1 (x)), so F has order p n. The polynomial x pn x splits completely over F (Lemma.1), and π (x) (x pn x) in F p [x] (Theorem.5), so π (x) splits completely over F. Letting β be a root of π (x) in F, F p (β) has order p n so F = F p (β). Theorem.4 implies that F is a splitting field over π (x) over F p. Example.8. Both x and x + x + 6x + 5 are irreducible over F 7. Let α be a root of x over F 7. In F 7 (α), x +x +6x+5 must have roots. One root is α +α+ (found by searching). Using the relation α =, the other two roots are (α + α + ) 7 = α + 4α + and (α + α + ) 49 = 4α + α Galois groups Since F p n is the splitting field over F p of x pn x, which is separable, F p n/f p is Galois. It is a fundamental feature that the Galois group is cyclic, with a canonical generator. Theorem 4.1. The p-th power map ϕ p : t t p on F p n generates Gal(F p n/f p ). Proof. Any a F p satisfies a p = a, so the function ϕ p : F p n F p n fixes F p pointwise. Also ϕ p is a field homomorphism and it is injective (all field homomorphisms are injective), so ϕ p is surjective since F p n is finite. Therefore ϕ p Gal(F p n/f p ). The size of Gal(F p n/f p ) is [F p n : F p ] = n. We will show ϕ p has order n in this group, so it generates the Galois group. For r 1 and t F p n, ϕ r p(t) = t pr. If ϕ r p is the identity then t pr = t for all t F p n, which can be rewritten as t pr t = 0. The polynomial x pr x has degree p r (since r 1), so it has at most p r roots in F p n. Thus p n p r, so n r. Hence ϕ p has order at least n in Gal(F p n/f p ), a group of order n, so ϕ p generates the Galois group: every element of Gal(F p n/f p ) is an iterate of ϕ p. Galois theory makes Theorem.8 follow from Theorem 4.1: an extension with a cyclic Galois group has its lattice of intermediate fields resemble the lattice of subgroups of a cyclic group, with the unique subfield of degree d over F p corresponding to the unique subgroup of the Galois group with index d. In the diagram below are subfields of F p 1 on the left and corresponding subgroups of Gal(F p 1/F p ) = ϕ p = Z/(1) on the right. F p 1 ϕ 1 p F p 4 F p 6 ϕ 4 p ϕ 6 p F p F p ϕ p ϕ p F p ϕ p

9 FINITE FIELDS 9 Theorem.4 can be explained in a second, shorter, way as a corollary of Theorem 4.1 and we also get part of Theorem.5. Corollary 4.. If π(x) F p [x] is irreducible with degree d then it is separable and if α is one of its roots in some extension field of F p then its full set of roots is α, α p, α p,..., α pd 1. Proof. We have seen already that any finite field of p-power order is Galois over F p. The field F p (α) is finite, so it is Galois over F p and the roots of π(x) in F p (α) can be obtained from α by applying Gal(F p (α)/f p ) to this root. Since the Galois group is generated by the p-th power map, the roots of π(x) are α, α p, α p,.... Once we reach α pd we have cycled back to the start: α pd = α since F p (α) = F p [x]/(π(x)) has order p d and all elements in a field of order p d satisfy t pd = t. Therefore the list α, α p, α p,... of all possible roots of π(x) is α, α p,..., α pd 1. Why are they all distinct? Since F p (α)/f p is Galois and π(x) is irreducible over F p with a root α in F p (α), π(x) is separable over F p and splits completely over F p (α). Therefore π(x) has d different roots in F p (α), so the list α, α p,..., α pd 1 has to consist of distinct numbers. The p-th power map on F p n is called the Frobenius automorphism. This function, whose formula doesn t involve n, generates Gal(F p n/f p ) for all n 1. Let s compute some concrete Galois groups over F p. Example 4.. The polynomial x +x +1 is irreducible over F. If α is a root of it over F then F (α)/f is a cubic Galois extension and Gal(F (α)/f ) = {x x, x x, x x 4 }. The second element is the Frobenius automorphism ϕ and the third is ϕ. By Example.5 we have α 4 = α + α + 1, so we can make a table below describing each automorphism s effect on α in the F -basis {1, α, α }. σ id. ϕ ϕ σ(α) α α α + α + 1 Example 4.4. The polynomial x + 1 is irreducible over F. Let α be a root, so F (α)/f is a Galois extension of degree. Its Galois group is {x x, x x }. A basis of F (α) over F is {1, α} and the Frobenius automorphism ϕ on a typical element ϕ (a + bα) = (a + bα) = a + bα since a = a and b = b for a, b F. The two roots of x + 1 are α and α, but they are also α and α, so α = α. That can be seen by a direct calculation as well: α = (α )α = α. So we could also describe the Frobenius automorphism in Gal(F (α)/f ) by ϕ (a + bα) = a bα. Example 4.5. The polynomial x is irreducible over F 7. If α is a root of it then F 7 (α)/f 7 is a Galois extension and Gal(F 7 (α)/f 7 ) = {x x, x x 7, x x 49 }. From the work in Example.6, α 7 = 4α and α 49 = α. Therefore we can also describe the automorphisms in Gal(F 7 (α)/f 7 ) by their effect on α as in the table below. σ id. ϕ 7 ϕ 7 σ(α) α 4α α 5. General finite base fields In addition to working with finite fields as extensions of F p, we can fix a finite field F q of possibly nonprime size (e.g., q = 4 or 7) and look at finite extensions of F q. While every a F p satisfies a p = a, in F q every element a satisfies a q = a. This follows from the proof of Lemma.1, but we give the proof again since it s short: if a F q then a q 1 = 1

10 10 KEITH CONRAD by Lagrange s theorem, so a q = a, and this last equation is satisfied by 0 too. In a finite extension F/F q, the qth power map F F is an automorphism (it is an iterate of the pth power automorphism of F, where p is the prime that q is a power of) and the subset of F fixed by the qth power map is F q : the equation a q = a has at most q solutions in F and F q is a set of q solutions inside F. Watch out: when q is a power of the prime p then F q has characteristic p, not characteristic q (unless q = p). No field has a composite characteristic. Since p = 0 in F q, also q = 0 in F q, so that aspect looks the same; it s just that q is not the smallest positive integer vanishing in F q if q > p. Here are analogues over F q of results we proved over F p. Proofs are left to the reader. Theorem 5.1. For every positive integer n, there is a monic irreducible of degree n in F q [x], and all of them divide x qn x, which is separable. In particular, every irreducible in F q [x] is separable. Theorem 5.. Between F q and F q n every intermediate field has order q d where d n. Conversely, for each d dividing n there is a unique field between F q and F q n of order q d, which is {t F q n : t qd = t}. Lemma 5.. For every f(x) F q [x], f(x) qm = f(x qm ) for m 0. Lemma 5.4. Let π(x) be irreducible of degree d in F q [x]. For n 0, π(x) (x qn x) d n. Theorem 5.5. Let π(x) be irreducible in F q [x] with degree d and E F q be a field in which π(x) has a root, say α. Then π(x) has roots α, α q, α q,..., α qd 1. These d roots are distinct; more precisely, when i and j are nonnegative, α qi = α qj i j mod d. Theorem 5.6. For every integer n 1, F q n/f q is a Galois extension and Gal(F q n/f q ) is cyclic with generator the q-th power map ϕ q : t t q. 6. Applications Finite fields are important in both pure and applied math. Here are some examples. (1) Number theory. Many problems in Z are studied by reducing mod p, which puts us in the finite fields Z/(p). In every finite extension K of Q is a ring O K playing a role analogous to that of Z in Q. (For example, when K = Q( ), O K = Z[ ].) Problems in O K can often be reduced to working in the fields O K /m where m is a maximal ideal. Every O K /m is a finite field and often is not of prime order. () Group theory. Most nonabelian finite simple groups besides alternating groups A n (n 5) come from matrix groups over finite fields, and their construction is analogous to that of simple Lie groups over C. Galois himself created finite fields of nonprime order in order to describe primitive solvable permutation groups [1, Sect. 14.], [], [5, p. 44]. () Combinatorics. An important theme in combinatorics is q-analogues, which are algebraic expressions in a variable q that become classical objects when q = 1, or when q 1. For example, the q-binomial coefficient is ( n k ) q = (qn 1)(q n q) (q n q k 1 ) (q k 1)(q k q) (q k q k 1 ), which for n k is a polynomial in q with integer coefficients. When q 1 this has the value ( n k). While ( n k) counts the number of k-element subsets of a finite set, when

11 FINITE FIELDS 11 q is a prime power the number ( ) n k counts the number of k-dimensional subspaces q of F n q. Identities involving q-binomial coefficients can be proved by checking them when q runs through prime powers, using linear algebra over the fields F q. (4) Coding theory. This is the study of clear communication over noisy channels. Messages sent back to earth by NASA space probes, information engraved on a DVD, and signals allowing many mobile phone conversations on the same channel are created using codes where the code words are coefficients of a polynomial over a finite field. (5) Cryptography. This is the study of secret communication. The usual way information is stored securely on an ATM card involves elliptic curves over finite fields. The lesson from the last two examples is that even people who say math sucks are using finite fields every day without realizing it. 7. History Fields of prime order, namely Z/(p), were studied by many of the early number theorists such as Fermat, Euler, Lagrange, Legendre, and Gauss. The first mathematician to publish a paper on finite fields of non-prime order was Galois in 180. Gauss had developed the theory of finite fields earlier [], discovering such critical properties as Theorems.8 and Corollary 4., but this was discovered only after his death in 1855 and published in 186 without having much influence. Galois constructed finite fields as F p (α) where α is the root of an irreducible polynomial π(x) in F p [x] while Gauss worked with finite fields as F p [x]/(π(x)). Galois wrote that there is an irreducible in F p [x] of every degree but he did not give a proof. In 189, at the International Mathematical Congress in Chicago, E. H. Moore proved that any finite field is isomorphic to a field of the form F p [x]/(π(x)), a theorem which he described with the comment [6, p. 11] This interesting result I have not seen stated elsewhere. Moore was the first person to use the word field in its algebraic sense, although he treated it as a synonym for the German term endlicher Körper, which means finite field [6, p. 08]. So to Moore, a field means what we d call a finite field. He called any field constructed in the concrete form F p [x]/(π(x)) a Galois field, so for Moore a Galois field was a particular concrete model for finite fields. Nowadays in algebra the word field is not limited to finite fields, and the term Galois field is obsolete. However, the term Galois field lives on today among coding theorists in computer science and electrical engineering as a synonym for finite field and Moore s notation GF(q) is often used in place of F q. Appendix A. The maximal order in a finite abelian group In the proof that the nonzero elements in a finite field form a cyclic group (Lemma 1.6), we relied on the following property of finite abelian groups that we will prove here. Theorem A.1. If G is a finite abelian group and m is the maximal order of the elements of G then the order of every element of G divides m. The proof of Theorem A.1 is based on a corollary of the following basic property of elements in a finite abelian group having relatively prime order. Theorem A.. Let g 1 and g have respective orders n 1 and n in an abelian group. If (n 1, n ) = 1 then g 1 g has order n 1 n.

12 1 KEITH CONRAD Proof. Let n be the order of g 1 g. Since (g 1 g ) n 1n = g n 1n 1 g n 1n = (g n 1 1 )n (g n )n 1 = 1 1 = 1, we have n n 1 n. Since (g 1 g ) n = 1, by raising both sides to the n 1 power we get g nn 1 = 1. Therefore n nn 1, so from (n 1, n ) = 1 we conclude n n. Exchanging the roles of n 1 and n, we get in a similar way that n 1 n. Since n 1 n and n n and (n 1, n ) = 1, we get n 1 n n. We already showed n n 1 n (in the first paragraph), so n = n 1 n. Remark A.. Commutativity is used in the proof of Theorem A. to say (g 1 g ) r = g r 1 gr for any r 1. All we need is that g 1 and g commute, not that the whole group is abelian. Corollary A.4. In an abelian group, if there are elements of order n 1 and n then there is an element with order [n 1, n ]. More precisely, if g 1 and g have respective orders n 1 and n then there are k 1 and k in Z + such that g k 1 1 gk has order [n 1, n ]. Proof. The basic idea is to write [n 1, n ] as a product of two relatively prime factors and then find exponents k 1 and k such that g k 1 1 and g k have orders equal to those factors. Then the order of g k 1 1 gk is the product of the factors (Theorem A.), which is [n 1, n ]. Here are the details. Factor n 1 and n into primes: n 1 = p e 1 1 per r, n = p f 1 1 pfr r. We use the same list of (distinct) primes in these factorizations, and use an exponent 0 on a prime that is not a factor of one of the integers. The least common multiple is [n 1, n ] = p max(e 1,f 1 ) 1 p max(er,fr) r. Break this into a product of two factors, one being a product of the prime powers where e i f i and the other using prime powers where e i < f i. Call these two numbers l 1 and l : l 1 = l = p ei i, e i f i p fi i. e i <f i Then [n 1, n ] = l 1 l and (l 1, l ) = 1 (since l 1 and l have no common prime factors). By construction, l 1 n 1 and l n. Then g n 1/l 1 1 has order l 1 and g n /l has order l. Since these orders are relatively prime, g n 1/l 1 1 g n /l has order l 1 l = [n 1, n ]. Example A.5. If g 1 has order n 1 = 60 = 5 and g has order n = 60 = 5 7 then [n 1, n ] = 5 7 = ( 5) ( 7), where the first factor divides n 1, the second divides n, and the factors are relatively prime. Then g1 has order 5 and g 10 has order 7, which are relatively prime, so g1 g10 has order 5 7 = [n 1, n ]. We are ready to prove Theorem A.. Proof. Let n be the order of any element of G. Since m is also the order of an element in G, by Corollary A.4 some element in G has order [m, n]. By maximality of m as an order, m [m, n]. Obviously m [m, n] from the definition of [m, n], so [m, n] = m, and that implies n m.

13 FINITE FIELDS 1 References [1] D. A. Cox, Galois Theory, nd ed., Wiley, Hoboken, 01. [] D. A. Cox, Évariste Galois and Solvable Permutation Groups, dac/ lectures/bilbao.pdf. [] G. Frei, The Unpublished Section Eight: On the Way to Function Fields over a Finite Field, pp in The Shaping of Arithmetic after C. F. Gauss s Disquisitiones Arithmeticae, ed. C. Goldstein, N. Schappacher, J. Schwermer, Springer-Verlag, Berlin, 007. [4] E. Galois, Sur la théorie de nombres, Bulletin des Sciences Mathématiques de Férussac 1 (180), (Also Collected Works, 1897, pp. 15.) [5] H. Lüneberg, On the Early History of Galois Fields, pp of Finite Fields and Applications (Augsburg, 1999), Springer, Berlin, [6] E. H. Moore, A Doubly-Infinite System of Simple Groups, pp in Mathematical papers read at the International Mathematical Congress held in connection with the World s Columbian Exposition, Chicago, 189, Macmillan & Co., New York, Online at mathunion.org/icm/icm189/main/icm ocr.pdf.