17 Galois Fields Introduction Primitive Elements Roots of Polynomials... 8

Transcription

1 Contents 17 Galois Fields Introduction Irreducible Polynomials, Construction of GF(q m ) Primitive Elements Roots of Polynomials

2 2 17 GALOIS FIELDS 17 Galois Fields 17.1 Introduction In out introduction to abstract algebra, we saw that the integers, under addition and multiplication formed a (innite) ring. From this ring we constructed nite rings by using modulo-p arithmetic. Furthermore, we saw that if p was a prime number, that the resulting ring was actually a nite eld, meaning that every nonzero element in the ring had a multiplicative inverse. The elds obtained in this way were the Galois elds, GF(p). We did see however one example of a Galois eld where the order of the eld was not prime (GF(4)). In this case however, the eld was not dened by modulo-4 arithmetic, but seemed plucked out of the air. It is now time to reveal the technique whereby Galois elds of certain non-prime orders may be constructed, namely the elds GF(p m ), where p is prime, and m is an integer. Instead of the ring of integers, our starting point shall be the ring of polynomials with coecients from GF(p), p prime. Theorem 17.1 The set of polynomials in an unknown x, with coecients from GF(p), where p is a prime number, form a ring under regular polynomial addition and multiplication. this ring is denoted GF(p)[x] Just as we did for the integers, we can construct a ring with a nite number of elements, this time by considering addition and multiplication, modulo a polynomial, p(x). Denition 17.1 (Modulo p(x) operations) We consider two polynomials equivalent modulo p(x), if they have the same remainder after division by p(x). This is denoted a(x) b(x) mod p(x): Theorem 17.2 Let p(x) be a degree m polynomial with coecients from GF(q). Then the set of polynomials of degree m,1 or less under addition and multiplication modulo p(x) is a ring. This ring is denoted GF(q)[x]=p(x), and has order q m. Each polynomial of order m, 1 or less can be represented uniquely by a vector of its coecients.

3 17.2 Irreducible Polynomials, Construction of GF(q m ) Irreducible Polynomials, Construction of GF(q m ) Recall how for integers, we turned a nite ring into a nite eld by using a prime modulus. We can use the same trick for polynomials. First we need to dene what we mean by a \prime" polynomial. Denition 17.2 (Irreducible Polynomial) A polynomial (x) 2 GF(q)[x] is irreducible over GF(q) if and only if it has no roots in GF(q), i.e. there is no 2 GF(q) such that () =0. An irreducible polynomial (like a prime number) cannot be factored (reduced) into non-trivial parts. When we talk about irreducible polynomials, we must always specify which eld it is irreducible over. Example 17.1 The polynomial p(x) =x 2 +x+1 is irreducible over GF(2), but not over GF(3). InGF(3), wehave the factorisation p(x) =(x+2) 2. Theorem 17.3 GF(q)[x]=(x) is a eld if and only if (x) is irreducible over GF(q). Proof: We just need to prove that every non-zero polynomial a(x) in the ring hasamultiplicative inverse, i.e. there exists some b(x) such that a(x)b(x) = 1. Consider the products a(x)b(x) mod (x), where (x) is irreducible and we allow a(x) to range over all polynomials of degree m, 1 or less. We shall rst show that these products must all be distinct. If this was not the case, there would be two polynomials a 1 (x) and a 2 (x), each of degree m, 1 or less such that a 1 (x)b(x) a 2 (x)b(x) mod (x). This would mean that (a 1 (x), a 2 (x))b(x) 0 mod (x), implying that since (x) has no factors, either (x) j (a 1 (x), a 2 (x)) or (x) j b(x). But a 1 (x), a 2 (x) has degree m, 1 or less, as does b(x), and hence (x) can be a factor of neither polynomial. This proves that the products are all unique. Hence one of the products a(x)b(x) 1 mod (x). It can be shown that structurally, there is only one nite eld of each order, and form now on, rather than talking about GF(q)[x]=(x), we shall refer to GF(q m ), generated by (x). The eld GF(q m ) is an extension eld of GF(q), since it contains the (constant) polynomials 0; 1;:::;q,1. The elements of GF(q m ) can be represented by GF(q) m-tuples, representing the coecients of the polynomials. The extension eld GF(q m )isavector space over GF(q).

4 4 17 GALOIS FIELDS Example 17.2 (GF(4)) Let (x) =x 2 +x+1, which is an irreducible polynomial over GF(2). Table 1 shows the elements of GF(4), using dierent representations for the elements. Polynomial representation is what we have been discussing so far. Each eld element is represented by a degree 1 polynomial. The next column shows the vector representation, where each element is represented by the coecients of each power of x. Next is the integer representation, which is just the vector form, interpreted as a binary number. The nal column is the exponential form. This representation is straightforward, until we see the x 2 term, which has degree greater than 1. This is however valid, since x 2 x +1 mod x 2 + x +1. In fact, each eld element can be represented by any polynomial that is equivalent modulo (x). Note that the polynomial form is most suited to addition operations, whereas the exponential form is suited to multiplication. Table 17.2 and 17.2 show the addition and multiplication tables for GF (4). Polynomial Vector Integer Exponential x 0 x 10 2 x 1 x x 2 Table 1: Representations of elements from GF(4) x 1+x x 1+x x x x x 1+x x 1+x x 1 0 (a) Addition table 0 1 x 1+x x 1+x x 0 x 1+x 1 1+x 0 1+x 1 x (b) Multiplication table Table 2: GF(4) Arithmetic.

5 17.2 Irreducible Polynomials, Construction of GF(q m ) 5 We have just seen that the elements of GF(4) could be represented using a power notation. This is true for arbitrary elds GF(q m ). In particular, the multiplicative group structure within the eld is cyclic. Denition 17.3 (Cyclic Group) A multiplicative group < G;> of order n is cyclic, if there exists an element, such that G = f1;; 2 ;:::; n,1 g, and n =1. The element is called a generator of the group. The following theorem, which we shall give without proof, shows the multiplicative structure of the Galois elds. Theorem 17.4 Let G be the set of q m, 1 non-zero elements from GF(q)[x]=(x), where (x) is a degree m irreducible polynomial. Then G is a cyclic multiplicative group of order q m, 1 (under polynomial multiplication modulo (x)). Another important theorem concerning the structure of nite elds is Fermat's theorem (not his last one!). This theorem is a corollary of the cyclic structure of G. Theorem 17.5 (Fermat) Every element 2 GF(q m ) is a root of the equation x qm, x =0. Equivalently, x qm, x = Y 2GF(q m ) (x, ): We have approached the construction of GF(q) m from the point of view of obtaining a nite eld from the ring of polynomials by using a prime modulus. There is another interesting way of looking at this construction. Recall that the equation (x) = 0 has no solution in GF(q) for (x) irreducible over GF(q). The extension eld GF (q)[x]=(x) however is formed by considering the modulo operation (x) 0. Thus the equation does have a solution in the extension eld, namely the element 2 GF(q m ), which is represented by the polynomial x. Wehave in fact formed the extension eld by adjoining to GF(q) a zero of (x). You have already come across this notion for innite elds. The equation p x+1 = 0 has no solution in the reals, hence p(x) = p x+ 1 is an irreducible polynomial over R. The complex eld however is an extension eld of R, and contains a root of p(x), namely the \imaginary" number i. Note that there is also another root, the complex conjugate,i. We shall see that this notion of conjugacy extends to nite elds.

6 6 17 GALOIS FIELDS 17.3 Primitive Elements Denition 17.4 (Primitive Element) In a eld of order p m, an element is called primitive, if the smallest integer n for which n = is n = p m. A primitive element has the property that every eld element can be expressed as a power of the primitive element. A primitive element is just a generator of the cyclic multiplicative group G discussed in Theorem Hence every nite eld has a primitive element, namely a generator of G. Example 17.3 In GF(4), generated by (x) =x 2 +x+1 (see example above), the element x is a primitive element. It is of course very convenienttohavexas a primitive element of GF(q m ), since multiplication can be carried out using addition of exponents, where the eld elements are represented using exponents of x. In order to ensure this, we can construct GF(q m ) using a special kind of irreducible polynomial. Denition 17.5 (Primitive Polynomial) A primitive polynomial p(x) over GF(q) is an irreducible polynomial over GF(q) that has as a root a primitive element of GF(q)[x]=p(x). Of course we are most interested in primitive polynomials, where the root is x itself. Such primitive polynomials are hard to spot. As a check, we have the following theorem. Theorem 17.6 A binary irreducible polynomial p(x) of degree m is primitive if and only if the smallest integer n for which p(x) divides x n, 1, isn=2 m,1. Example 17.4 The polynomial p(x) =x 3 +x+1 divides into 1+x 7, but not into 1+x 6,1+x 5 etc., and is irreducible, hence it is primitive. Example 17.5 The polynomial p(x) =1+x+x 2 +x 3 +x 4 is irreducible. But x 5 +1=(1+x)(1 + x + x 2 + x 3 + x 4 ).Thus p(x) is not primitive. It can also be shown that any degree m irreducible polynomial is a factor of x qm,1,1.

7 17.3 Primitive Elements 7 Theorem 17.6 shows that every binary primitive polynomial p(x) of degree m is a factor of x n, 1, where n =2 m,1. Hence such a primitive polynomial can be used as a generator for a (2 m, 1; 2 m, m, 1) cyclic code. Sound familar? Denition 17.6 (Hamming Code) Let p(x) be a degree m primitive polynomial. Then p(x) generates a cyclic (2 m, 1; 2 m, m, 1) Hamming code. Most coding textbooks have lists of primitive polynomials. Shown in Table 3 are primitive polynomials over GF(2) up to degree 10. x 2 + x +1 x 3 +x+1 x 4 +x+1 x 5 +x 2 +1 x 6 +x+1 x 7 +x 3 +1 x 8 +x 4 +x 3 +x 2 +1 x 9 +x 4 +1 x 10 + x 3 +1 Table 3: Primitive polynomials over GF(2). Example 17.6 Table 4 shows GF(2 3 ) generated by the primitive polynomial (x) = 1+x+x 3, where is a zero of (x) in GF(2 3 ).Ifwewanted to multiply two elements, Exponential Polynomial Table 4: GF(2 3 ) generated by 1+x+x 3.

8 8 17 GALOIS FIELDS say ( 2 +)( 2 ++1), we simply nd the corresponding power representations, and add the exponents (i.e. we take logs, add and then exponentiate). Powers greater than 6 can be reduced since is a primitive element which by denition means that 7 =1. Hence ( 2 + )( )= 4 5 = 9 = 2. Addition is best performed using the polynomial representation. For example, ( 2 + )+( 2 ++1)=1. Example 17.7 Just to show how dierent primitive polynomials generate dierent forms of GF(q m ),Table 5 shows GF(2 3 ) generated by the primitive polynomial (x) =1+x 2 +x 3 where is a zero of (x) in GF(2 3 ). Exponential Polynomial Table 5: GF(2 3 ) generated by 1+x 2 +x Roots of Polynomials Polynomials with real coecients may have roots in the complex eld, which is an extension of the real eld. Such roots always come in complex-conjugate pairs. The same kind of thing happens for polynomials over nite elds. The following theorem is proved in Wicker, Section 3.2. Theorem 17.7 (Conjugate Roots) If 2 GF(q m ) is a root of p(x), a polynomial over GF(q), then for any integer l>0, the element ql is also a root of p(x). The elements ql are called conjugates of. Let us now consider polynomials that have a specied root.

9 17.4 Roots of Polynomials 9 Denition 17.7 (Minimal Polynomial) The minimal polynomial over GF(q) of is the lowest degree monic polynomial M (x) with coecients from GF(q) such that M () =0: The minimal polynomial always exists, and is unique (see Wicker Theorem 3.2). Minimal polynomials have the following additional properties. Theorem 17.8 (Properties of Minimal Polynomials) Let M (x) be the minimal polynomial of. 1. deg(m ) m. 2. If for some other polynomial f() =0, then f(x) isamultiple of M (x). 3. M (x) is irreducible. 4. If f(x) is irreducible, and f() =0, then f(x) =M (x). 5. The roots of M (x) are exactly all the conjugates of, i.e. M (x) = e,1 Y l=0 (x, ql ); where e is the smallest integer for which qe =. Example 17.8 Consider GF(2 3 ), as generated by (x) =1+x+x 3 (Table 4), where the primitive element is a zero of (x). Let = 3. Then the conjugates of are 2 = 6 and 4 = 12 5 (note 8 = 24 3 = ). From property 5of minimal polynomials, we see that M (x) =(x,)(x, 2 )(x, 4 ) =(x, 3 )(x, 6 )(x, 5 ) = x 3 +( )x 2 +(+ 8 )x+ 7 =x 3 +x 2 +1: Table 6 shows the minimal polynomials for all eld elements.

10 10 17 GALOIS FIELDS Element Minimal Polynomial 0 x 1 1+x ; 2 ; 4 1+x+x 3 3 ; 5 ; 6 1+x 2 +x 3 Table 6: Minimal polynomials for GF(2 3 ), as generated by (x) =1+x+x 3. Fermat's theorem states that every element of GF(q m ) is a zero of x qm,1,1. Hence x qm,1, 1= Y 2GF(q m M (x) is a factorisation of x qm,1, 1into irreducible polynomials. Thus minimal polynomials are of interest as candidates for generator polynomials for cyclic codes. See Wicker Section 3.3.