# Information and Coding Theory Finite fields. Juris Viksna, 2015.

## Presentation on theme: "Information and Coding Theory Finite fields. Juris Viksna, 2015."— Presentation transcript:

Information and Coding Theory Finite fields. Juris Viksna, 2015

Groups

Fields

How to construct finite fields? Z n (integers modulo n ) is a group with respect to “+” Is Z n also a field? We need: - identity element with respect to “  ” - OK - inverse elements with respect to “  ”. Do they exist?

GCD and Euclid’s algorithm gcd(a,b)- the greatest common divisor of integers a and b Euclid(a, b) if b = 0 then return a else return Euclid(b, a mod b)

Extended Euclid’s algorithm d = gcd(a,b)- the greatest common divisor of integers a and b ExtendedEuclid(a, b) if b = 0 then return (a,1,0) (d’,x’,y’)  ExtendedEuclid(b, a mod b) (d,x,y)  (d’,y’,x’ –  a/b  y’) return (d,x,y) There exist integers x and y such that d = ax + by

Extended Euclid’s algorithm - Example ExtendedEuclid(a, b) if b = 0 then return (a,1,0) (d’,x’,y’)  ExtendedEuclid(b, a mod b) (d,x,y)  (d’,y’,x’ –  a/b  y’) return (d,x,y) [Adapted from T.Cormen, C.Leiserson, R. Rivest]

Modular operations Multiplication: For given a and b find x such that ab mod n = x Division: For given a and b find x such that bx mod n = a Not always such x exists - we should have gcd(b,n) | a Extended Euclid's algorithm: finds x and y such that gcd(s,t) = su + tv Take b = s and t = n and set x = ua/gcd(b,n)

How to construct finite fields? Z n (integers modulo n )is a group with respect to “+” Is Z n also a field? We need: - identity element with respect to “  ” - OK - inverse elements with respect to “  ”. Do they exist? Thus Z n is a field if and only if n is a prime. Could we have different (and/or non-isomorphic) fields with n elements?

Finite fields GF(p) Every field contains element “1”  1  + will be isomorphic with Z p for some p (obvious with respect to addition, multiplication can be interpreted as addition of squares of “1”) Thus all fields with p elements are isomorphic.

Our attempt to correct multiple errors Assume we have errors in positions i and j, we want to recover these positions from [i]+[j] and f([i])+f([j]). Basically we would like something like fields whose elements resemble vectors... could we try polynomials? [Adapted from V.Pless]

“Arithmetic” of polynomials Addition, subtraction and multiplication is obvious. However, also a division is possible. [Adapted from V.Pless]

Polynomials - definition

Polynomials - divisibility

Extensions of Euclid's algorithm The Euclidean algorithm can be applied to some rings, not just the integers. The most general context in which the algorithm terminates with the greatest common divisor is in a Euclidean domain. For instance, the Gaussian integers and polynomial rings over a field are both Euclidean domains. As an example, consider the ring of polynomials with rational coefficients. In this ring, division with remainder is carried out using long division, also known as synthetic division. The resulting polynomials are then made monic by factoring out the leading coefficient.

Euclid's algorithm for polynomials - example [Adapted from www.wikipedia.org]

Polynomials - divisibility Proposition 1 p(x),g(x) - non-zero polynomials over F. Then there exist polynomials a(x) and b(x), such that p(x) = a(x)g(x)+b(x) and deg(b(x)) < deg(g(x)). Proof Generally follows from polynomial division algorithm - the algorithm terminates iff degree of reminder b(x) becomes less that degree of g(x).

Polynomials - divisibility Proposition 2 Each monic polynomial over F can be uniquely expressed as product of monic irreducible polynomials f 1 (x),..., f k (x). Proof If we assume that there are two alternative expressions, then for some polynomial q(x) we will have: q(x) = f 1 (x),..., f m (x) and q(x) = g 1 (x),..., g n (x), and, in addition, for all i and j we will have f i (x) ≠ g j (x). This implies the existence of p(x), s(x) and t(x), such that p(x) is irreducible and divides s(x)t(x), but doesn't divide either s(x) or t(x). Consider polynomial r(x)=gcd(p(x),s(x))t(x).

Polynomials - divisibility Proposition 2 Each monic polynomial over F can be uniquely expressed as product of monic irreducible polynomials f 1 (x),..., f k (x). Proof This implies the existence of p(x), s(x) and t(x), such that p(x) divides s(x)t(x) and, but doesn't divide either s(x) or t(x). Consider polynomial r(x)=gcd(p(x),s(x))t(x). Is r(x) divisible by p(x)? Since gcd(p(x),s(x))=1 and p(x) doesn't divide t(x), the answer is no. But we also have r(x) = gcd(p(x)t(x),s(x)t(x)), implying that p(x) does divide r(x). This contradicts the existence of p(x), s(x) and t(x).

Polynomials - roots

Chinese reminder theorem Proposition 3 (Chinese reminder theorem) p(x),g(x) - non-zero polynomials over F. Then there exist polynomials a(x) and b(x), such that gcd(p(x),g(x)) = a(x)p(x)+b(x)g(x). Proof Follows from the fact that extended Eucild's algorithm terminates, producing the required polynomials a(x) and b(x).

Polynomials - roots Proposition 4 f(x) - polynomial over F. Then  F is a root of f(x) if and only if f(x) = (x–  ) g(x). Proof Clearly, if f(x) = (x–  ) g(x) then f(  ) = 0. For any  we have f(x) = (x–  )b(x) + r(x) (by Proposition 2), where deg(r(x)) < 1. Hence r(x) is a constant and should be 0, since r(  ) = 0. Corollary 1 f(x) - a polynomial over F with deg(f(x)) = n. Then f(x) has no more than n root in field F. Proof Obvious (otherwise we obtain deg(f(x)) > n).

Attempt to use polynomials to construct a field Lets try to represent vectors with polynomials. For addition and multiplication to be defined we need to take values mod some polynomial p(x). To have also multiplicative inverses it could be a good idea to require that p(x) is irreducible. We can try to consider p(x)=x 4 +x 3 +1 (with coefficients from Z 2 ) [Adapted from V.Pless]

Attempt to use polynomials to construct a field Assume “there” is an element  that is a root of p(x)=x 4 +x 3 +1 [Adapted from V.Pless]

Finite fields - where do we stand now? Z p is a field if and only if p is prime and all fields with p elements are isomorphic. We can construct a field with p m elements, if there exist an irreducible polynomial over GF(p). - do such polynomials always exist? - are all fields with p m elements isomorphic? - are there other finite fields? In GF(16) we just constructed an element  with order 16  1 (degrees of  cover all non-zero elements). We could call it “primitive” element of a field. - do primitive elements always exist (even for GF(p))?

Freshmen rule F - field with characteristic p > 0. Then for all a,b  F and m  N we have (a+b) p m = a p m + b p m. Proof First, assume this is the case for m=1. Then (a+b) p m = a p m + b p m will hold by induction, since (a+b) p m = ((a+b) p m–1 ) p = (a p m–1 + b p m–1 ) p = a p m + b p m. For m=1 expand (a+b) p. All factors will be divisible by p (and hence, equal to 0) except a p and b p (we use the fact that if p is field characteristic, then adding any element p times with itself the result is 0).

Our attempt to correct multiple errors Assume we have errors in positions i and j, we want to recover these positions from [i]+[j] and f([i])+f([j]). Suppose matrix elements now are from GF(16) we just constructed. Do we have a good choice for f? [Adapted from V.Pless]

Our attempt to correct multiple errors Assume we have errors in positions i and j, we want to recover these positions from [i]+[j] and f([i])+f([j]). Lets try: f(i) = [i]?Obviously won’t do... f(i) = [i] 2 ? [i] 2 + [i] 2 = ([i]+[j]) 2 = [i]+[j]. f(i) = [i] 3 ?

Our attempt to correct multiple errors Assume we have errors in positions i and j, we want to recover these positions from [i]+[j] and f([i])+f([j]). f(i) = [i] 3 ? We have: y 1 = [i]+[j], y 2 = [i] 3 + [i] 3 [i] 3 + [i] 3 = ([i]+[j])([i] 2 +[i][j]+[j] 2 ) From here: y 2 /y 1 = [i] 2 +[i][j]+[j] 2 = y 1 2 + [i][j] and [i]+[j] = y 1, [i][j]= (y 2 /y 1 )  y 1 2 We can express parity check matrix as:

Our attempt to correct multiple errors Parity check matrix in binary form: This is a specific instance of BCH code. [Adapted from V.Pless]

Finding square roots? Unfortunately we have some problems if field characteristic is 2 :(

Finding square roots?

Solutions to x 2 +x+c=0 [Adapted from V.Pless]

Solutions to x 2 +x+c=0 xx 2 x 2 +xc 0000000000000000 0001000100000000 0010010001100110 0011010101100110 0100100111011101 0101 100011011101 0110110110111011 0111110010111011 1000111101110111 1001111001110111 1010101100010001 1011101000010001 1100011010101010 1101011110101010 1110001011001100 1111001111001100

Fields - primitive elements Basic idea - consider element  with highest possible multiplicative order r. Assume r < q  1. Then there exists , which is not a degree of  and has degree s  r. Then degree of  is lcm(r,s)=r. Thus every field element is a root of x r  1, i.e. we should have r = q  1.

Existence of primitive elements Theorem 4 Every finite field has a primitive element. [Adapted from K.Brown]

Existence of primitive elements Theorem 4 Every finite field has a primitive element. [Adapted from K.Brown] We have  q  1 =1 for a primitive element . So we should have  q  1 =1 for any  =  k. Note that this gives us Little Fermat’s Theorem for GF(p)!

Divisibility of x q  1  1 Theorem 5 If F is a field with q elements {0, a 1,..., a q–1 } then all non-zero elements of F are roots of polynomial x q  1  1, i.e. x q  1  1 = (x  a 1 )...(x  a q–1 ). Proof It is sufficient to show that a i q  1  1 = 0 for all a i. Every field has a primitive element , thus, if a i =  then we have a i q  1  1 = 0 by definition of primitive element. Otherwise a i =  k for some k. Then a i q  1  1 =  k(q  1)  1 = 1 k  1 = 0.

Fields as vector spaces Proposition GF(p r ) can regarded as r dimensional vector space over GF(p). Let  be a primitive element and let m be the smallest number such that  m is a linear combination of 1, ,  2,...,  m  1. Then all field elements can be expressed as linear combinations (with coefficients from GF(p)!) of 1, ,  2,...,  m  1.  m = a 1 1+a 2  +a 3  2 +...+a m  m  1.  m+1 =  (  m ) = a 1  +a 2  2 +a 3  2 +...+a m  1  m  1 + a m (a 1 1+a 2  +a 3  2 +...+a m  m  1 ). In the same fashion we can express  m+2,  m+3 etc. The number of such combinations is p m, thus we have r = m.

Uniqueness of fields with p r elements Proposition All fields with p r elements are isomorphic (thus notation GF(p r ) is well defined). We know that all fields with p elements are isomorphic. Consider two fields F 1 and F 2 with p r elements. Let  a primitive element of F 1. There is an irreducible factor of p(x) of x p r  1, such that  is a root of p(x). Let  a primitive element of F 2. Then for some k we have that  k is a root of p(x). We can define isomorphism by mapping  i   ki. Obviously  i+j =  i  j   ki  kj =  k(i+j). Do we have also  s =  i +  j   ki +  kj =  ks ? It turns out to be the case, since computation of both  s and  ks is based on reduction of polynomial degrees mod the same polynomial p(x).

Hierarchy of finite fields - example GF(2 1 ) GF(2 24 ) GF(2 3 ) GF(2 2 ) GF(2 4 ) GF(2 6 ) GF(2 8 ) GF(2 12 )

Fields - minimal and primitive polynomials Assuming F=GF(p) and G=GF(p r ): 3. the degree of minimal polynomial is  r; 4. if a is primitive, the degree of m(a) is r.

Minimal polynomials Theorem 6 F - a field F < G, a  G. Then: 1. there exists a minimal polynomial m(x) for a and it is unique. 2. if g(x) is a polynomial over F and g(a) = 0 then m(x) | g(x). Proof 1.The existence of a monic polynomial having a root a is obvious - lets take the irreducible polynomial defining G. If it wasn't unique, we will have two different monic polynomials having a as root and by subtraction obtain a polynomial with smaller degree and root a, contradicting minimality. 2.g(x) = a(x)m(x) + r(x) with deg r(x) < deg m(x). Since r(a) = 0 we have to conclude that deg r(x) = 0., i.e. m(x) | g(x).

Minimal polynomials Theorem 6 F - a field F < G, a  G. p(x) - minimal polynomial of a. Assuming F=GF(p) and G=GF(p r ): Proof 3&4. Vectors 1,a,a 2,...,a r must be linearly dependent, since G is a r- dimensional vector space, thus they satisfy equation of degree less than r. Thus, there is a polynomial of degree  r having a as root. If a is primitive, 1,a,a 2,...,a r  1 is a basis of G, so we should have deg(p)=r.

Useful lemma Lemma x m  1 divides x n  1 if and only if m divides n. x n  1 = (x m  1)(x n  m + x n  2m +...+ x n  km )+(x n  km  1), where k is the largest multiple of m with km  n. Thus x m  1 divides x n  1 if and only if km = n.

Cyclotomic cosets and factoring [Adapted from B.Cherowitzo]

Cyclotomic cosets [Adapted from V.Pless] Cyclotomic cosets for GF(64).

Some factors of x n -1