# Finite Fields: An introduction through exercises Jonathan Buss Spring 2014

Size: px
Start display at page:

Transcription

1 Finite Fields: An introduction through exercises Jonathan Buss Spring 2014 A typical course in abstract algebra starts with groups, and then moves on to rings, vector spaces, fields, etc. This sequence may give the impression that fields form an advanced and arcane subject. In fact, however, fields are rather simpler than other structures, by virtue of being more constrained. This holds particularly for the case of finite fields, which arise in many areas of computer science. This sequence of exercises will take you through most of the mathematical theory one needs in order to use finite fields. 1 Although none of the steps is difficult by itself, we have quite a few details to go through. When you find yourself stuck, short of aha! moments, take a break and come back later. (Or phone a friend, or whatever.) Fields Roughly speaking, a field is a mathematical domain in which both addition and multiplication have the properties we expect from high-school mathematics. Specifically, a field has the following properties. Closure: If a and b are elements of the field, then a + b and a b are also elements of the field. When there is no danger of confusion, we sometimes write ab instead of a b. The -ivities : Addition and multiplication are associative, i.e., (a + b) + c = a + (b + c) and (a b) c = a (b c), and commutative a + b = b + a and a b = b a. Also, multiplication distributes over addition: a (b + c) = ab + ac. Identities: The two elements 0 and 1 are identities for addition and multiplication, respectively. Thus for any element a, a + 0 = 0 + a = a and a 1 = 1 a = a Inverses: Every element a has an additive inverse (denoted a), and every element except 0 has a multiplicative inverse (denoted a 1 or 1/a): a + ( a) = 0 and a a 1 = 1. Due to the presence of inverses, we can define subtraction and division: a b = def a + ( b) and a/b = def a b 1 (if b 0). 1 It does not (yet) discuss their implementation on a computer. A simple implementation is rather straightforward. The problem of finding the most efficient implementations proves difficult; some aspects remain open.

2 1. EXERCISE. Many other familiar algebraic properties follow from the requirements on a field. 1. Show that the cancellation laws hold: if a + b = a + c, then b = c; and if ab = ac, then either a = 0 or b = c. (Hint: if a + b = a + c, then a + (a + b) = a + (a + c). Proceed from there.) 2. Show that 0 a = 0 for every a in the field. (Hint: note that 0 a = (0 + 0) a = 0 a + 0 a. Then use a cancellation law.) 3. Show that a field has no zero-divisors ; that is, if two elements a and b satisfy a b = 0, then either a = 0 or b = 0. (Hint: if a is not 0, it has an inverse a 1.) 4. Select other rules from high-school arithmetic, and convince yourself that they hold in any field. Some possibilities: ( a) = a and (a 1 ) 1 = a (if a 0), (a + b) = ( a) + ( b) = a b and (a b) 1 = a 1 b 1, ( a)( b) = ab, etc. (Select purely algebraic rules. A rule like if a > 0 then a < 0, which refers to an ordering relation <, should not be expected to hold in an arbitrary field.) Since the field operations behave much like operations over the rationals (or integers, or reals), we need not normally distinguish exactly which operations we mean when we use symbols like 1, +, etc. even when we use several different domains at the same time. When we want to emphasize that the symbols refer to the ones of a specific domain F, we will write them with a subscript: + F, F, 0 F and 1 F. But normally context suffices. 2. EXERCISE ( just for fun ). The element 0 is special in that it does not have a multiplicative inverse. What happens if 0 1 exists? 3. DEFINITION. It may happen that a field F contains a smaller field G: that is, G F and G is closed under addition, multiplication and inverses. In this case, we call G a subfield of F and F an extension field of G. For example, the field of real numbers is an extension field of the field of rational numbers. 4. DEFINITION. We will use natural numbers as exponents for repeated multiplication. For a and n, the notation a n means the value of e(n, a), where e : is defined by induction (on ) as e(0, a) = 1 and e(i + 1, a) = a e(i, a). 2

3 Some basic finite fields The most familiar fields are infinite: the rationals, the reals, etc. But finite fields (that is, fields with only finitely many elements) also exist, as we now explore. For this section, let F denote an arbitrary finite field. F must contain 0 and 1, with 0 1 (why?). It must also contain a value of 1 + F EXERCISE. 1. Define = 0. Show that with this definition, the set {0, 1} is a field. 2. Within the set {0, 1}, the only other possibility is = 1. Show that defining + this way does not produce a field. (Hint: what is missing?) Thus there is exactly one field of size two. You can easily recognize it as the set of integers mod 2. If F has more than two elements, must be some other element, which we may denote by 2. And then we must have (i.e., 3), and then 4, 5, 6,.... In a finite field like F, of course, this infinite sequence must have only finitely many distinct elements in other words, some element(s) must appear repeatedly. 6. EXERCISE. Consider the sequence f 0 = 0 F, f 1 = 1 F, f 2 = 2 F,.... (That is, f i+1 = f i + F 1 F.) Fix k and d such that f k = f k+d, with d > Show that f n+d = f n for every n. (In other words, the sequence is a simple cycle, repeated infinitely often.) 2. In particular, we have 0 = f d for some d > 0. Show that the smallest such d is a prime number. (Hint: has no zero-divisors.) Thus any finite field contains (a subset isomorphic to) the set of integers modulo p, for some prime p. We shall denote this set by GF p DEFINITION. The characteristic of a field is the least positive integer such that the value of the sum (p copies of 1) is 0. (If no such p exists in which requires an infinite then we say that the field has characteristic 0. 3 ) We now show that GF p is always a field, whatever the prime p. 8. EXERCISE. 1. Convince yourself that the integers modulo p form a ring; that is, that they satisfy the properties required of a field except that some elements may lack multiplicative inverses. 2 The notation GF stands for Galois field, in honour of Evariste Galois. The standard notation is actually GF(p), but the parentheses can get confusing in complicated constructions. Computer scientists sometimes refer to the set of integers mod p as p. Algebraists, however, reserve that notation for the ring of p-adic integers, which is uncountably infinite, not a field, and has characteristic 0. They use /p as a generic notation for the integers mod p. More uses of this / notation appear later, along with an explanation. 3 Not infinity the infinite sum may exist, but it can t have value 0. The non-standard reals provide an example. 3

4 2. To show GF p is a field, we must show that every non-zero element a has an inverse a 1 such that aa 1 = 1. Consider the set of elements that we can obtain by multiplying by a; that is, let S a be the set S a = ab b GF p. Show that the set S a has p distinct elements. That is, if b 1 b 2 then ab 1 ab Conclude that a 1 exists in GF p, satisfying aa 1 = 1. It s high time for an example. 9. EXAMPLE. Fix p = 5, and consider the field GF 5 of integers mod 5. What are the values of 1/2 and 1/3 in this field? Over the rational numbers Q, we have = 1 6. Does this equation hold in GF 5? Why or why not? Having a non-zero characteristic yields relations that have no direct analogues in the familiar cases with characteristic EXERCISE. Recall the binomial theorem : for any natural number n and any a and b, (a + b) n = n i=0 n i a i b n i. This equation holds in any field. (Its proof is simple algebra, combined with the combinatorial definition of n i. You could have selected it in Exercise 4.) Fix an arbitrary field with characteristic p > Show that (a + b) p = a p + b p for every a and b in the field. (Hint: what is the value of p i mod p?) 2. Show that k i=0 a i p = k i=0 ap i, for all k > 0 and a i (1 i k). 3. Show that a p = a for each a GF p. In other words, every element of GF p is a root of the polynomial x p x. (Hint: write a as a sum.) We shall see below that x p x cannot have any other roots, whatever the field. Are there other finite fields? Thus far, we have identified infinitely many finite fields: GF p for each prime p. If some other field exists, it must contain GF p ; that is, it must be an extension of GF p. 11. EXAMPLE. We look first at an example choosing the smallest possible one. We start with GF 2 as the base field, and presume that we can add another element, while retaining the property of being a field. Call the new element α; we assume α 0 and α 1, and naturally require 0 + α = α and 1 α = α. 1. Show that α + α = 0. (Use the fact that = 0, together with the distributive law.) Thus α is its own additive inverse: α = α. 4

5 2. To satisfy closure, an element α + 1 must exist. Show that if α + 1 {0, 1, α}, then the resulting structure is not a field. (Each of the three cases yields a contradiction.) Thus α + 1 must be a fourth element of the field. 3. The value of α α (a.k.a. α 2 ) must also exist. If α 2 = 0, then α is a zero-divisor no good. Show that α 2 = 1 implies that (α + 1) (α + 1) = 0. ( Multiply it out using the distributive law.) Show that α 2 = α and α 0 imply α = 1, violating our assumption that α 1. (Hint: multiply both sides by α 1, which exists since α 0.) 4. Verify that defining α 2 = α+1 determines a field. You may want to write out the full addition and multiplication tables. (Four elements and two operations yields 32 entries. Not so many, really.) What happens in general, if we start with a field and adjoin another element? Can we always create a larger field? Perhaps several different fields? Extrapolating the previous example, adjoining a new element α requires other elements as well: sums (α+1, 2α = α+α,... ) and powers (α α = α 2, α 3,... ) in all combinations (e.g., 1 2α+9α 12 ). In order to analyze this situation, we briefly review polynomials. 12. DEFINITION. A polynomial in a variable x over a field is an expression of the form n a i x i i=0 where n and a i for 0 i n, with the condition that either a n 0 or n = 0. The case n = 0 and a 0 = 0 is called the zero polynomial. We denote the set of all polynomials in x over field by [x]. In the case n = 0, we consider the polynomial ax 0 equivalent to the field element a. Thus we essentially have [x]. We extend addition and multiplication in to polynomials by supposing that the variable x obeys the associative, commutative, and distributive laws. (E.g., ax + bx = (a + b)x, xa = ax, etc.) The degree of a non-zero polynomial is the value of n; the degree of the zero polynomial is 1. We denote the degree of a polynomial q by deg(q). A polynomial of degree n 1 is monic if its leading coefficient a n is 1. If q has a n = c, then q = c q where q = c 1 q is a monic polynomial of degree n. 13. EXERCISE. 1. Convince yourself that requiring the variable x to satisfy the associative, commutative, and distributive laws implies that all polynomials satisfies these laws. If deg(q 0 ) = n 0 and deg(q 1 ) = n 1, what can you say about the degrees of q 0 + q 1 and of q 0 q 1, in terms of n 0 and n 1? 2. [x] has additive inverses for each element, but not multiplicative inverses (e.g., x has no inverse). Show that [x] has no zero-divisors if s t = 0, then either s = 0 or t = 0. 5

6 14. DEFINITION. Let β be any object, in any domain, to which the operations + and can reasonably be extended, including satisfying associativity, commutativity, distributivity and the cancellation laws. For a polynomial q(x), the object q(β) is the value of the expression obtained from q(x) by substituting β for x; that is, the value n i=0 a iβ i. (Where this value lies depends on β. If β then also q(β) ; if β [x] then also q(β) [x]; we shall consider other possibilites below.) The set of all objects of the form q(β) for some q [x] is denoted (β); i.e., (β) = q(β) q [x]. We shall sometimes abuse nomenclature somewhat and refer to an element of (β) as a polynomial in β. The object β is a root of q if q(β) = 0. These definitions allow a succinct summary of adjoining an element to a field: if α and α / GF p, then GF p (α). In fact, if is any sub-field of and α, then (α). We examine this subset of. 15. EXERCISE. Let be a finite field of characteristic p and a sub-field of. Suppose that α, α. 1. Show that if β (α) and q [x], then q(β) (α). (That is, all of the values in this exercise are elements of. We can do arithmetic on them freely.) 2. Since is finite, we must have many instances of q 0 (α) = q 1 (α) for distinct polynomials q 0 (x) and q 1 (x). Letting r = q 0 q 1, we have r(α) = 0 i.e., α is a root of the polynomial r. Fix such a polynomial r of minimal degree n. Without loss of generality, we can take r to be monic. Why? 3. Show that for every polynomial q [x], there is a polynomial q [x] of degree deg(q ) < n such that q(α) = q (α). (Hint: we know r(α) = 0, where deg(r) = n. This gives an equation involving α n.) 4. Show that if deg(q) < n, deg(q ) < n, and q q, then q(α) q (α). (Hint: we chose n to be minimal.) 5. Show that the minimial polynomial r(x) must be irreducible it has no nontrivial factors. In other words, if r(x) = s(x) t(x) for monic polynomials s and t over, then either s = 1 or t = 1. (Here, irreducible means irreducible in [x]. If we expand our set of polynomials to (α)[x], then r(x) has the factor x α; see below.) To summarize the first three parts of the exercise, even though the set of polynomials [x] is infinite, the set (α) of values of these polynomials at α is finite: (α) = n 1 i=0 b iα i bi By part 4, (α) has k n distinct elements, where k is the size of. 6.

7 The definition of the set (α) makes no mention of inverses. Nevertheless, it contains an inverse of each of its non-zero elements. 16. EXERCISE. 1. Consider the equation α n 1 i=0 b iα i = 1, which asserts that the value of the sum is a multiplicative inverse of α. Show that this equation has a unique solution for values b i in the field and these values actually lie in (α). (Hint: manipulate the left-hand side into a polynomial of degree n 1 (or less). Then observe that 1 is actually a constant polynomial (of degree 0).) 2. Extend the above argument to show that each element of (α) has a multiplicative inverse in (α) in other words, (α) is a field. (In the exercise, we used the finiteness of only to justify the existence of the polynomial r. In general, the construction works in any field: if is any field and α is a root of an irreducible polynomial r(x) [x], then (α) is a field.) If the original field contains yet more elements, not in (α), we can select another one and repeat the construction with (α) as the field of coefficients, in place of. This process can continue as often as necessary and yields the following theorem. 17. THEOREM. For every finite field, there are a prime p and an integer d 1 such that the field has characteristic p and the field has p d distinct elements. To illustrate the construction, we give some examples over familiar fields. 18. EXAMPLE. 1. Over the field Q of rational numbers, the polynomial x 2 2 has no roots. The extension field, however, contains the root 2. Thus we can form Q( 2) comprising all elements of the form a + b 2 where a, b Q. Convince yourself that Q( 2) is a field. (Hint: What is 2 1, as an element of Q( 2)? What is (a + b 2) 1?) 2. Over field, x has no root. If we imagine one call it ι then we get a field (ι) that contains a square root of 1. What is the usual name of (ι)? 3. Over the field GF 2, the polynomial x 2 + x + 1 has no root. (Why?) Suppose that some α / GF 2 satisfies α 2 + α + 1 = 0. The above show that GF 2 (α) has 2 2 = 4 elements, which must be 0, 1, α and one other. What is the other, in terms of the first three? Write out the multiplication table for GF 2 (α), to confirm that it is a field. (Remember that it has characteristic 2.) If you find yourself worrying that the α of the last example may not exist, compare it to the first two examples. Did you worry whether 2 exists? Or ι? 7

8 Polynomials over a field The previous exercises showed the close relationship of finite fields to polynomials. In this part, we shall focus on polynomials. Armed with a few key results, we will then return to the question of classifying all finite fields. For this part, fix a field (finite or not); we shall use the term polynomial to mean a polynomial with variable x and co-efficients in (Definition 12). As we have seen, polynomials have addition, subtraction and multiplication. What about division? The ratio of two polynomials need not be a polynomial. But we can nevertheless use a division algorithm to get a meaningful result. 19. LEMMA (UNIQUENESS OF QUOTIENT AND REMAINDER). Let s and t be polynomials, with t not zero. There are unique polynomials q (their quotient ) and r (their remainder ) such that 20. EXERCISE. s(x) = q(x)t(x) + r(x) and deg(r) < deg(t). 1. We will prove the lemma by induction on the degree of s. If deg(s) = 0, then s is a constant; prove this case. (Consider two sub-cases separately: either deg(t) = 0 or deg(t) > 0.) 2. If deg(s) = n > 0, and deg(t) = m n, let s(x) = ax n + s (x) and t(x) = bx m + t (x), where deg(s ) < n and deg(t ) < m. Prove that any solution to the equation in the lemma must have q(x) = ab 1 x n m + q (x) where deg(q ) < n m. 3. Complete the proof by induction on n. Note that this implies an algorithm to compute q and r from s and t. (It uses O(n m) operations on elements of. Asymptotically faster algorithms exist, just as over the integers. But we won t consider that here.) A close analogy exists between this division of polynomials and division (with remainder) over the natural numbers. If we replace polynomial by natural number and deg(s) by s in the statement of the lemma, we get the following familiar statement. Let s and t be natural numbers, with t not zero. There are unique natural numbers q (their quotient ) and r (their remainder ) such that s = qt + r and r < t. For polynomials, as for integers, the most interesting cases of division are those that come out even i.e., give a zero remainder. 21. DEFINITION. A polynomial t is a factor, or divisor, of a polynomial s if there is a polynomial q such that s = q t. If deg(t) = 0 or deg(q) = 0, then t is a trivial factor of s; otherwise t is a non-trivial factor of s. If t is a factor of s (trivial or not), then we say that t divides s, and write t s. If all factors of s are trivial, and deg(s) > 0, then s is irreducible over the field. Note that irreducibility depends on the choice of field. A polynomial irreducible in [x] may factor nontrivially in [x] (where ). Roots of polynomials have a close connection to factors. 8

9 22. EXAMPLE. Suppose that α is a root of a polynomial s; i.e., s(α) = 0. Show that s(x) has x α as a factor; i.e., there is a polynomial t(x) such that s(x) = (x α) t(x). The degree of t is deg(s) 1. (Hint: write s(x) = q(x) (x α) + r(x). If s(α) = 0, what does that imply about r?) 23. DEFINITION. The multiplicity of a root α of a polynomial s is the largest integer k such that (x α) k is a factor of s. Over the natural numbers, we can compute the greatest common divisor of s and t by repeated division, a.k.a. Euclid s algorithm. We can do the same with polynomials. We first recall the definition of a g.c.d. 24. DEFINITION. Let s and t be polynomials, not both zero. A polynomial g is a greatest common divisor (g.c.d.) of s and t iff the following hold. g s and g t. if h s and h t, then h g. For polynomials (unlike the natural numbers), a g.c.d. is not unique. 25. EXERCISE. Let s [x] and t [x], not both 0. Show the following. 1. If g is a g.c.d. of s and t and c, c 0, then c g is also a g.c.d. of s and t. 2. If g 1 and g 2 are each a g.c.d. of s and t, then there is a c such that g 2 = c g 1. (Hint: consider g i as the h in the definition of g.c.d.) Thus any two g.c.d. s are multiples of one another almost as good as uniqueness DEFINITION. Euclid s algorithm takes two polynomials s and t as input, and produces a triple (g, a, b), as follows. Euclid(s, t): if t is zero, then return (s, 1, 0) else Let q and r be the quotient and remainder of dividing s by t (i.e., solve s = q t + r subject to deg(r) < deg(t)) (g, a, b) Euclid(t, r) return (g, b, a b q) 27. EXERCISE. Let s [x] and t [x], not both 0. Suppose that a call to Euclid(s, t) returns a triple (g, a, b). Show the following. (Use induction on the number of recursive invocations required or, equivalently, on the degrees of s and/or t.) 1. g [x], a [x] and b [x]. 4 A similar result holds over the integers: for example, both 2 and 2 are perfectly good g.c.d. s of 4 and 6. But we ignore this, since their ratio 2/( 2) = 1 exists in. Similarly, the ratio c appearing in Exercise 25 exists in [x]. 9

10 2. Both g s and g t. 3. For any h, if h s and h t, then h g. 4. g = a s + b t. (In other words, g is a linear combination of s and t.) The natural numbers have a unique factorization property: any non-zero natural number has a unique factorization into primes. Over the integers, we agree to ignore factors of 1; we consider 2 3 and ( 2)( 3) as the same factorization of 6. Over [x], we shall likewise ignore invertible elements (i.e., polynomials of degree 0). We may thus consider only monic polynomials. 28. THEOREM (UNIQUE FACTORIZATION). Let s 0 be a polynomial over a field. Suppose that s(x) = α k i=1 t i(x) = β l i=1 u i(x), where α, β and each polynomial t i and u i is monic and irreducible. Then α = β, k = l and there is a permutation π such that t π(i) = u i for each i. In other words, aside from the order of factors and the choice of leading coefficients, every polynomial factors uniquely into irreducible factors. 29. EXERCISE. To prove the theorem, we shall make use of Euclid s algorithm. First, we note that a simple case implies the entire result. 1. Show that the following claim implies unique factorization. Suppose that t 1 (x)t 2 (x) = u 1 (x)u 2 (x) for polynomials t 1, t 2, u 1 and u 2, and that t 1 is irreducible (i.e., has only trivial factors). Then either t 1 u 1 or t 1 u 2. Use induction on the number of factors of s(x). 2. Consider the computation Euclid(t 1, u 1 ) = (g, a, b). Why must g be a trivial factor of t 1? Prove the claim for each of the two cases: (1) g and (2) deg(g) = deg(t 1 ). Easy, eh? (Remark: although each polynomial has a unique factorization, and we have good algorithms to compute the division or g.c.d. of two polynomials, these do not imply a good algorithm to compute a factorization. Just as for integers....) 30. EXERCISE. Show that a non-zero polynomial of degree n has at most n roots over any field, counting according to multiplicity. Hint: if s has a root α of multiplicity k 1 and thus (x α) k t(x) = s(x), what can you say about the degree of t? If β α is another root of s, how does β relate to t? 31. THEOREM. Let have p d elements, for some d 1. Then contains exactly the roots of the polynomial x pd x. We prove the theorem by induction on d. The base case d = 1 we have already proved, in Exercise 3. 10

11 32. LEMMA. Let q be an irreducible polynomial of degree d over a finite field of characteristic p. Let γ be a root of q (in any suitable domain). Then the field (γ) contains all d roots of q. Further, if r is any irreducible polynomial over that has a root β (γ), then (γ) contains deg(r) roots of r. 33. EXERCISE. 1. Suppose that an element α of (γ) is a root of a polynomial r over. Show that α p is also a root of r. 2. By the previous part, each of the elements γ p2,..., γ pd 1 is a root of q. 3. Show that the elements γ, γ p, γ p2,..., γ pd 1 are d distinct roots of q. 34. COROLLARY. Let have p d elements, for p prime and d 1. Then contains all p d roots of the polynomial x pd x. 35. EXERCISE. The corollary is equivalent to the claim that every element α of satisfies α pd = α. 1. Show that γ pd = γ. 2. Show that α pd = α for every element α of. 36. COROLLARY. Let p be prime and d 1. Then there is (up to isomorphism) exactly one field of size p d : the set of p d distinct roots of the polynomial x pd x. 11

### ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

ALGEBRA CHRISTIAN REMLING 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers by Z = {..., 2, 1, 0, 1,...}. Given a, b Z, we write a b if b = ac for some

### Introduction to finite fields

Chapter 7 Introduction to finite fields This chapter provides an introduction to several kinds of abstract algebraic structures, particularly groups, fields, and polynomials. Our primary interest is in

### A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

Byte multiplication 1 Field arithmetic A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties: F is an abelian group under addition, meaning - F is closed under

### 1/30: Polynomials over Z/n.

1/30: Polynomials over Z/n. Last time to establish the existence of primitive roots we rely on the following key lemma: Lemma 6.1. Let s > 0 be an integer with s p 1, then we have #{α Z/pZ α s = 1} = s.

### Factorization in Polynomial Rings

Factorization in Polynomial Rings Throughout these notes, F denotes a field. 1 Long division with remainder We begin with some basic definitions. Definition 1.1. Let f, g F [x]. We say that f divides g,

### Rings. Chapter 1. Definition 1.2. A commutative ring R is a ring in which multiplication is commutative. That is, ab = ba for all a, b R.

Chapter 1 Rings We have spent the term studying groups. A group is a set with a binary operation that satisfies certain properties. But many algebraic structures such as R, Z, and Z n come with two binary

### Mathematical Foundations of Cryptography

Mathematical Foundations of Cryptography Cryptography is based on mathematics In this chapter we study finite fields, the basis of the Advanced Encryption Standard (AES) and elliptical curve cryptography

### 1. Algebra 1.5. Polynomial Rings

1. ALGEBRA 19 1. Algebra 1.5. Polynomial Rings Lemma 1.5.1 Let R and S be rings with identity element. If R > 1 and S > 1, then R S contains zero divisors. Proof. The two elements (1, 0) and (0, 1) are

### Chapter 4 Finite Fields

Chapter 4 Finite Fields Introduction will now introduce finite fields of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public Key concern operations on numbers what constitutes a number

### COMPUTER ARITHMETIC. 13/05/2010 cryptography - math background pp. 1 / 162

COMPUTER ARITHMETIC 13/05/2010 cryptography - math background pp. 1 / 162 RECALL OF COMPUTER ARITHMETIC computers implement some types of arithmetic for instance, addition, subtratction, multiplication

### Lecture 7: Polynomial rings

Lecture 7: Polynomial rings Rajat Mittal IIT Kanpur You have seen polynomials many a times till now. The purpose of this lecture is to give a formal treatment to constructing polynomials and the rules

### 8 Appendix: Polynomial Rings

8 Appendix: Polynomial Rings Throughout we suppose, unless otherwise specified, that R is a commutative ring. 8.1 (Largely) a reminder about polynomials A polynomial in the indeterminate X with coefficients

### LECTURE NOTES IN CRYPTOGRAPHY

1 LECTURE NOTES IN CRYPTOGRAPHY Thomas Johansson 2005/2006 c Thomas Johansson 2006 2 Chapter 1 Abstract algebra and Number theory Before we start the treatment of cryptography we need to review some basic

### Theorem 5.3. Let E/F, E = F (u), be a simple field extension. Then u is algebraic if and only if E/F is finite. In this case, [E : F ] = deg f u.

5. Fields 5.1. Field extensions. Let F E be a subfield of the field E. We also describe this situation by saying that E is an extension field of F, and we write E/F to express this fact. If E/F is a field

### The Integers. Peter J. Kahn

Math 3040: Spring 2009 The Integers Peter J. Kahn Contents 1. The Basic Construction 1 2. Adding integers 6 3. Ordering integers 16 4. Multiplying integers 18 Before we begin the mathematics of this section,

### Further linear algebra. Chapter II. Polynomials.

Further linear algebra. Chapter II. Polynomials. Andrei Yafaev 1 Definitions. In this chapter we consider a field k. Recall that examples of felds include Q, R, C, F p where p is prime. A polynomial is

### 18. Cyclotomic polynomials II

18. Cyclotomic polynomials II 18.1 Cyclotomic polynomials over Z 18.2 Worked examples Now that we have Gauss lemma in hand we can look at cyclotomic polynomials again, not as polynomials with coefficients

### NOTES ON FINITE FIELDS

NOTES ON FINITE FIELDS AARON LANDESMAN CONTENTS 1. Introduction to finite fields 2 2. Definition and constructions of fields 3 2.1. The definition of a field 3 2.2. Constructing field extensions by adjoining

### Finite Fields and Error-Correcting Codes

Lecture Notes in Mathematics Finite Fields and Error-Correcting Codes Karl-Gustav Andersson (Lund University) (version 1.013-16 September 2015) Translated from Swedish by Sigmundur Gudmundsson Contents

### A connection between number theory and linear algebra

A connection between number theory and linear algebra Mark Steinberger Contents 1. Some basics 1 2. Rational canonical form 2 3. Prime factorization in F[x] 4 4. Units and order 5 5. Finite fields 7 6.

### Basic Algebra. Final Version, August, 2006 For Publication by Birkhäuser Boston Along with a Companion Volume Advanced Algebra In the Series

Basic Algebra Final Version, August, 2006 For Publication by Birkhäuser Boston Along with a Companion Volume Advanced Algebra In the Series Cornerstones Selected Pages from Chapter I: pp. 1 15 Anthony

### Factorization in Integral Domains II

Factorization in Integral Domains II 1 Statement of the main theorem Throughout these notes, unless otherwise specified, R is a UFD with field of quotients F. The main examples will be R = Z, F = Q, and

### 9. Finite fields. 1. Uniqueness

9. Finite fields 9.1 Uniqueness 9.2 Frobenius automorphisms 9.3 Counting irreducibles 1. Uniqueness Among other things, the following result justifies speaking of the field with p n elements (for prime

### NOTES ON SIMPLE NUMBER THEORY

NOTES ON SIMPLE NUMBER THEORY DAMIEN PITMAN 1. Definitions & Theorems Definition: We say d divides m iff d is positive integer and m is an integer and there is an integer q such that m = dq. In this case,

### Definition For a set F, a polynomial over F with variable x is of the form

*6. Polynomials Definition For a set F, a polynomial over F with variable x is of the form a n x n + a n 1 x n 1 + a n 2 x n 2 +... + a 1 x + a 0, where a n, a n 1,..., a 1, a 0 F. The a i, 0 i n are the

### Commutative Rings and Fields

Commutative Rings and Fields 1-22-2017 Different algebraic systems are used in linear algebra. The most important are commutative rings with identity and fields. Definition. A ring is a set R with two

### CHAPTER 4: EXPLORING Z

CHAPTER 4: EXPLORING Z MATH 378, CSUSM. SPRING 2009. AITKEN 1. Introduction In this chapter we continue the study of the ring Z. We begin with absolute values. The absolute value function Z N is the identity

### CDM. Finite Fields. Klaus Sutner Carnegie Mellon University. Fall 2018

CDM Finite Fields Klaus Sutner Carnegie Mellon University Fall 2018 1 Ideals The Structure theorem Where Are We? 3 We know that every finite field carries two apparently separate structures: additive and

### Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

Page 1 Definitions Tuesday, May 8, 2018 12:23 AM Notations " " means "equals, by definition" the set of all real numbers the set of integers Denote a function from a set to a set by Denote the image of

### (Rgs) Rings Math 683L (Summer 2003)

(Rgs) Rings Math 683L (Summer 2003) We will first summarise the general results that we will need from the theory of rings. A unital ring, R, is a set equipped with two binary operations + and such that

### Finite Fields. Mike Reiter

1 Finite Fields Mike Reiter reiter@cs.unc.edu Based on Chapter 4 of: W. Stallings. Cryptography and Network Security, Principles and Practices. 3 rd Edition, 2003. Groups 2 A group G, is a set G of elements

### MODEL ANSWERS TO HWK #10

MODEL ANSWERS TO HWK #10 1. (i) As x + 4 has degree one, either it divides x 3 6x + 7 or these two polynomials are coprime. But if x + 4 divides x 3 6x + 7 then x = 4 is a root of x 3 6x + 7, which it

### The Integers. Math 3040: Spring Contents 1. The Basic Construction 1 2. Adding integers 4 3. Ordering integers Multiplying integers 12

Math 3040: Spring 2011 The Integers Contents 1. The Basic Construction 1 2. Adding integers 4 3. Ordering integers 11 4. Multiplying integers 12 Before we begin the mathematics of this section, it is worth

### 1. Factorization Divisibility in Z.

8 J. E. CREMONA 1.1. Divisibility in Z. 1. Factorization Definition 1.1.1. Let a, b Z. Then we say that a divides b and write a b if b = ac for some c Z: a b c Z : b = ac. Alternatively, we may say that

### Fast Polynomial Multiplication

Fast Polynomial Multiplication Marc Moreno Maza CS 9652, October 4, 2017 Plan Primitive roots of unity The discrete Fourier transform Convolution of polynomials The fast Fourier transform Fast convolution

### Chapter 14: Divisibility and factorization

Chapter 14: Divisibility and factorization Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4120, Summer I 2014 M. Macauley (Clemson) Chapter

### Rings. Chapter Definitions and Examples

Chapter 5 Rings Nothing proves more clearly that the mind seeks truth, and nothing reflects more glory upon it, than the delight it takes, sometimes in spite of itself, in the driest and thorniest researches

### Polynomials. Chapter 4

Chapter 4 Polynomials In this Chapter we shall see that everything we did with integers in the last Chapter we can also do with polynomials. Fix a field F (e.g. F = Q, R, C or Z/(p) for a prime p). Notation

### Solutions to Homework for M351 Algebra I

Hwk 42: Solutions to Homework for M351 Algebra I In the ring Z[i], find a greatest common divisor of a = 16 + 2i and b = 14 + 31i, using repeated division with remainder in analogy to Problem 25. (Note

### (January 14, 2009) q n 1 q d 1. D = q n = q + d

(January 14, 2009) [10.1] Prove that a finite division ring D (a not-necessarily commutative ring with 1 in which any non-zero element has a multiplicative inverse) is commutative. (This is due to Wedderburn.)

### Polynomial Rings. i=0

Polynomial Rings 4-15-2018 If R is a ring, the ring of polynomials in x with coefficients in R is denoted R[x]. It consists of all formal sums a i x i. Here a i = 0 for all but finitely many values of

### Homework 8 Solutions to Selected Problems

Homework 8 Solutions to Selected Problems June 7, 01 1 Chapter 17, Problem Let f(x D[x] and suppose f(x is reducible in D[x]. That is, there exist polynomials g(x and h(x in D[x] such that g(x and h(x

### CHAPTER 10: POLYNOMIALS (DRAFT)

CHAPTER 10: POLYNOMIALS (DRAFT) LECTURE NOTES FOR MATH 378 (CSUSM, SPRING 2009). WAYNE AITKEN The material in this chapter is fairly informal. Unlike earlier chapters, no attempt is made to rigorously

### Outline. MSRI-UP 2009 Coding Theory Seminar, Week 2. The definition. Link to polynomials

Outline MSRI-UP 2009 Coding Theory Seminar, Week 2 John B. Little Department of Mathematics and Computer Science College of the Holy Cross Cyclic Codes Polynomial Algebra More on cyclic codes Finite fields

### Math 121 Homework 2 Solutions

Math 121 Homework 2 Solutions Problem 13.2 #16. Let K/F be an algebraic extension and let R be a ring contained in K that contains F. Prove that R is a subfield of K containing F. We will give two proofs.

### TC10 / 3. Finite fields S. Xambó

TC10 / 3. Finite fields S. Xambó The ring Construction of finite fields The Frobenius automorphism Splitting field of a polynomial Structure of the multiplicative group of a finite field Structure of the

### 2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

2 Arithmetic This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}. (See [Houston, Chapters 27 & 28]) 2.1 Greatest common divisors Definition 2.16. If a, b are integers, we say

### MATH 3030, Abstract Algebra Winter 2012 Toby Kenney Sample Midterm Examination Model Solutions

MATH 3030, Abstract Algebra Winter 2012 Toby Kenney Sample Midterm Examination Model Solutions Basic Questions 1. Give an example of a prime ideal which is not maximal. In the ring Z Z, the ideal {(0,

### NONCOMMUTATIVE POLYNOMIAL EQUATIONS. Edward S. Letzter. Introduction

NONCOMMUTATIVE POLYNOMIAL EQUATIONS Edward S Letzter Introduction My aim in these notes is twofold: First, to briefly review some linear algebra Second, to provide you with some new tools and techniques

### Finite Fields. Sophie Huczynska. Semester 2, Academic Year

Finite Fields Sophie Huczynska Semester 2, Academic Year 2005-06 2 Chapter 1. Introduction Finite fields is a branch of mathematics which has come to the fore in the last 50 years due to its numerous applications,

### Polynomials, Ideals, and Gröbner Bases

Polynomials, Ideals, and Gröbner Bases Notes by Bernd Sturmfels for the lecture on April 10, 2018, in the IMPRS Ringvorlesung Introduction to Nonlinear Algebra We fix a field K. Some examples of fields

### GEOMETRIC CONSTRUCTIONS AND ALGEBRAIC FIELD EXTENSIONS

GEOMETRIC CONSTRUCTIONS AND ALGEBRAIC FIELD EXTENSIONS JENNY WANG Abstract. In this paper, we study field extensions obtained by polynomial rings and maximal ideals in order to determine whether solutions

### Fields in Cryptography. Çetin Kaya Koç Winter / 30

Fields in Cryptography http://koclab.org Çetin Kaya Koç Winter 2017 1 / 30 Field Axioms Fields in Cryptography A field F consists of a set S and two operations which we will call addition and multiplication,

### CONSTRUCTION OF THE REAL NUMBERS.

CONSTRUCTION OF THE REAL NUMBERS. IAN KIMING 1. Motivation. It will not come as a big surprise to anyone when I say that we need the real numbers in mathematics. More to the point, we need to be able to

### PUTNAM TRAINING NUMBER THEORY. Exercises 1. Show that the sum of two consecutive primes is never twice a prime.

PUTNAM TRAINING NUMBER THEORY (Last updated: December 11, 2017) Remark. This is a list of exercises on Number Theory. Miguel A. Lerma Exercises 1. Show that the sum of two consecutive primes is never twice

### THE GAUSSIAN INTEGERS

THE GAUSSIAN INTEGERS KEITH CONRAD Since the work of Gauss, number theorists have been interested in analogues of Z where concepts from arithmetic can also be developed. The example we will look at in

### ECEN 5022 Cryptography

Elementary Algebra and Number Theory University of Colorado Spring 2008 Divisibility, Primes Definition. N denotes the set {1, 2, 3,...} of natural numbers and Z denotes the set of integers {..., 2, 1,

### = 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

8. p-adic numbers 8.1. Motivation: Solving x 2 a (mod p n ). Take an odd prime p, and ( an) integer a coprime to p. Then, as we know, x 2 a (mod p) has a solution x Z iff = 1. In this case we can suppose

### Chinese Remainder Theorem

Chinese Remainder Theorem Theorem Let R be a Euclidean domain with m 1, m 2,..., m k R. If gcd(m i, m j ) = 1 for 1 i < j k then m = m 1 m 2 m k = lcm(m 1, m 2,..., m k ) and R/m = R/m 1 R/m 2 R/m k ;

### Lecture 2: Groups. Rajat Mittal. IIT Kanpur

Lecture 2: Groups Rajat Mittal IIT Kanpur These notes are about the first abstract mathematical structure we are going to study, groups. You are already familiar with set, which is just a collection of

### Algebra Review 2. 1 Fields. A field is an extension of the concept of a group.

Algebra Review 2 1 Fields A field is an extension of the concept of a group. Definition 1. A field (F, +,, 0 F, 1 F ) is a set F together with two binary operations (+, ) on F such that the following conditions

### MATH 431 PART 2: POLYNOMIAL RINGS AND FACTORIZATION

MATH 431 PART 2: POLYNOMIAL RINGS AND FACTORIZATION 1. Polynomial rings (review) Definition 1. A polynomial f(x) with coefficients in a ring R is n f(x) = a i x i = a 0 + a 1 x + a 2 x 2 + + a n x n i=0

### x 3 2x = (x 2) (x 2 2x + 1) + (x 2) x 2 2x + 1 = (x 4) (x + 2) + 9 (x + 2) = ( 1 9 x ) (9) + 0

1. (a) i. State and prove Wilson's Theorem. ii. Show that, if p is a prime number congruent to 1 modulo 4, then there exists a solution to the congruence x 2 1 mod p. (b) i. Let p(x), q(x) be polynomials

### * 8 Groups, with Appendix containing Rings and Fields.

* 8 Groups, with Appendix containing Rings and Fields Binary Operations Definition We say that is a binary operation on a set S if, and only if, a, b, a b S Implicit in this definition is the idea that

### Elementary Properties of the Integers

Elementary Properties of the Integers 1 1. Basis Representation Theorem (Thm 1-3) 2. Euclid s Division Lemma (Thm 2-1) 3. Greatest Common Divisor 4. Properties of Prime Numbers 5. Fundamental Theorem of

### MATH 361: NUMBER THEORY FOURTH LECTURE

MATH 361: NUMBER THEORY FOURTH LECTURE 1. Introduction Everybody knows that three hours after 10:00, the time is 1:00. That is, everybody is familiar with modular arithmetic, the usual arithmetic of the

### 32 Divisibility Theory in Integral Domains

3 Divisibility Theory in Integral Domains As we have already mentioned, the ring of integers is the prototype of integral domains. There is a divisibility relation on * : an integer b is said to be divisible

### 1. Introduction to commutative rings and fields

1. Introduction to commutative rings and fields Very informally speaking, a commutative ring is a set in which we can add, subtract and multiply elements so that the usual laws hold. A field is a commutative

### Chapter 11: Galois theory

Chapter 11: Galois theory Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 410, Spring 014 M. Macauley (Clemson) Chapter 11: Galois theory

### 4. Noether normalisation

4. Noether normalisation We shall say that a ring R is an affine ring (or affine k-algebra) if R is isomorphic to a polynomial ring over a field k with finitely many indeterminates modulo an ideal, i.e.,

### 1. multiplication is commutative and associative;

Chapter 4 The Arithmetic of Z In this chapter, we start by introducing the concept of congruences; these are used in our proof (going back to Gauss 1 ) that every integer has a unique prime factorization.

### Honors Algebra 4, MATH 371 Winter 2010 Assignment 3 Due Friday, February 5 at 08:35

Honors Algebra 4, MATH 371 Winter 2010 Assignment 3 Due Friday, February 5 at 08:35 1. Let R 0 be a commutative ring with 1 and let S R be the subset of nonzero elements which are not zero divisors. (a)

### Groups, Rings, and Finite Fields. Andreas Klappenecker. September 12, 2002

Background on Groups, Rings, and Finite Fields Andreas Klappenecker September 12, 2002 A thorough understanding of the Agrawal, Kayal, and Saxena primality test requires some tools from algebra and elementary

### φ(xy) = (xy) n = x n y n = φ(x)φ(y)

Groups 1. (Algebra Comp S03) Let A, B and C be normal subgroups of a group G with A B. If A C = B C and AC = BC then prove that A = B. Let b B. Since b = b1 BC = AC, there are a A and c C such that b =

### Rings. EE 387, Notes 7, Handout #10

Rings EE 387, Notes 7, Handout #10 Definition: A ring is a set R with binary operations, + and, that satisfy the following axioms: 1. (R, +) is a commutative group (five axioms) 2. Associative law for

### Computations/Applications

Computations/Applications 1. Find the inverse of x + 1 in the ring F 5 [x]/(x 3 1). Solution: We use the Euclidean Algorithm: x 3 1 (x + 1)(x + 4x + 1) + 3 (x + 1) 3(x + ) + 0. Thus 3 (x 3 1) + (x + 1)(4x

### Practical Algebra. A Step-by-step Approach. Brought to you by Softmath, producers of Algebrator Software

Practical Algebra A Step-by-step Approach Brought to you by Softmath, producers of Algebrator Software 2 Algebra e-book Table of Contents Chapter 1 Algebraic expressions 5 1 Collecting... like terms 5

### 2a 2 4ac), provided there is an element r in our

MTH 310002 Test II Review Spring 2012 Absractions versus examples The purpose of abstraction is to reduce ideas to their essentials, uncluttered by the details of a specific situation Our lectures built

### 6 Cosets & Factor Groups

6 Cosets & Factor Groups The course becomes markedly more abstract at this point. Our primary goal is to break apart a group into subsets such that the set of subsets inherits a natural group structure.

### COMMUTATIVE RINGS. Definition 3: A domain is a commutative ring R that satisfies the cancellation law for multiplication:

COMMUTATIVE RINGS Definition 1: A commutative ring R is a set with two operations, addition and multiplication, such that: (i) R is an abelian group under addition; (ii) ab = ba for all a, b R (commutative

### (1) A frac = b : a, b A, b 0. We can define addition and multiplication of fractions as we normally would. a b + c d

The Algebraic Method 0.1. Integral Domains. Emmy Noether and others quickly realized that the classical algebraic number theory of Dedekind could be abstracted completely. In particular, rings of integers

### Chapter 5. Number Theory. 5.1 Base b representations

Chapter 5 Number Theory The material in this chapter offers a small glimpse of why a lot of facts that you ve probably nown and used for a long time are true. It also offers some exposure to generalization,

### Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm April 11, 2010 1 Algebra We start by discussing algebraic structures and their properties. This is presented in more depth than what we

### Discrete Mathematics and Probability Theory Spring 2016 Rao and Walrand Discussion 6B Solution

CS 70 Discrete Mathematics and Probability Theory Spring 016 Rao and Walrand Discussion 6B Solution 1. GCD of Polynomials Let A(x) and B(x) be polynomials (with coefficients in R or GF(m)). We say that

### Math 511, Algebraic Systems, Fall 2017 July 20, 2017 Edition. Todd Cochrane

Math 511, Algebraic Systems, Fall 2017 July 20, 2017 Edition Todd Cochrane Department of Mathematics Kansas State University Contents Notation v Chapter 0. Axioms for the set of Integers Z. 1 Chapter 1.

### NUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:

NUMBER SYSTEMS Number theory is the study of the integers. We denote the set of integers by Z: Z = {..., 3, 2, 1, 0, 1, 2, 3,... }. The integers have two operations defined on them, addition and multiplication,

### be any ring homomorphism and let s S be any element of S. Then there is a unique ring homomorphism

21. Polynomial rings Let us now turn out attention to determining the prime elements of a polynomial ring, where the coefficient ring is a field. We already know that such a polynomial ring is a UFD. Therefore

### Lecture Notes Math 371: Algebra (Fall 2006) by Nathanael Leedom Ackerman

Lecture Notes Math 371: Algebra (Fall 2006) by Nathanael Leedom Ackerman October 31, 2006 TALK SLOWLY AND WRITE NEATLY!! 1 0.1 Symbolic Adjunction of Roots When dealing with subfields of C it is easy to

### Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

6 Prime Numbers Part VI of PJE 6.1 Fundamental Results Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively D (p) = { p 1 1 p}. Otherwise

### MATH 115, SUMMER 2012 LECTURE 12

MATH 115, SUMMER 2012 LECTURE 12 JAMES MCIVOR - last time - we used hensel s lemma to go from roots of polynomial equations mod p to roots mod p 2, mod p 3, etc. - from there we can use CRT to construct

### Algebra. Modular arithmetic can be handled mathematically by introducing a congruence relation on the integers described in the above example.

Coding Theory Massoud Malek Algebra Congruence Relation The definition of a congruence depends on the type of algebraic structure under consideration Particular definitions of congruence can be made for

### Lecture 8: Finite fields

Lecture 8: Finite fields Rajat Mittal IIT Kanpur We have learnt about groups, rings, integral domains and fields till now. Fields have the maximum required properties and hence many nice theorems can be

### ECEN 5682 Theory and Practice of Error Control Codes

ECEN 5682 Theory and Practice of Error Control Codes Introduction to Algebra University of Colorado Spring 2007 Motivation and For convolutional codes it was convenient to express the datawords and the

### MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology.

MATH 501 Discrete Mathematics Lecture 6: Number theory Prof. Dr. Slim Abdennadher, slim.abdennadher@guc.edu.eg German University Cairo, Department of Media Engineering and Technology 1 Number theory Number

### 2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Chapter 3: Theory of Modular Arithmetic 25 SECTION C Solving Linear Congruences By the end of this section you will be able to solve congruence equations determine the number of solutions find the multiplicative

### Chapter 8. P-adic numbers. 8.1 Absolute values

Chapter 8 P-adic numbers Literature: N. Koblitz, p-adic Numbers, p-adic Analysis, and Zeta-Functions, 2nd edition, Graduate Texts in Mathematics 58, Springer Verlag 1984, corrected 2nd printing 1996, Chap.

### a + bi by sending α = a + bi to a 2 + b 2. To see properties (1) and (2), it helps to think of complex numbers in polar coordinates:

5. Types of domains It turns out that in number theory the fact that certain rings have unique factorisation has very strong arithmetic consequences. We first write down some definitions. Definition 5.1.

### 1 2 3 style total. Circle the correct answer; no explanation is required. Each problem in this section counts 5 points.

1 2 3 style total Math 415 Examination 3 Please print your name: Answer Key 1 True/false Circle the correct answer; no explanation is required. Each problem in this section counts 5 points. 1. The rings