Information and Coding Theory Finite fields. Juris Viksna, 2015

Information and Information and Coding TheoryCoding Theory

Finite fields.Finite fields.

Juris Viksna, 2015

Groups

Fields

How to construct finite fields?

Zn (integers modulo n ) is a group with respect to “+”

Is Zn also a field?

We need:

- identity element with respect to “” - OK- inverse elements with respect to “”. Do they exist?

GCD and Euclid’s algorithm

gcd(a,b) - the greatest common divisor of integers a and b

Euclid(a, b) if b = 0 then return aelse return Euclid(b, a mod b)

Extended Euclid’s algorithm

d = gcd(a,b) - the greatest common divisor of integers a and b

ExtendedEuclid(a, b) if b = 0 then return (a,1,0)(d’,x’,y’) ExtendedEuclid(b, a mod b)(d,x,y) (d’,y’,x’ – a/b y’)return (d,x,y)

There exist integers x and y such that d = ax + by

Extended Euclid’s algorithm - Example

ExtendedEuclid(a, b) if b = 0 then return (a,1,0)(d’,x’,y’) ExtendedEuclid(b, a mod b)(d,x,y) (d’,y’,x’ – a/b y’)return (d,x,y)

[Adapted from T.Cormen, C.Leiserson, R. Rivest]

Modular operations

Multiplication:

For given a and b find x such that ab mod n = x

Division:

For given a and b find x such that bx mod n = a

Not always such x exists - we should have gcd(b,n) | a

Extended Euclid's algorithm: finds x and y such that gcd(s,t) = su + tv

Take b = s and t = n and set x = ua/gcd(b,n)

How to construct finite fields?

Zn (integers modulo n )is a group with respect to “+”

Is Zn also a field?

We need:

- identity element with respect to “” - OK- inverse elements with respect to “”. Do they exist?

Thus Zn is a field if and only if n is a prime.

Could we have different (and/or non-isomorphic) fields with n elements?

Finite fields GF(p)

Every field contains element “1”

1+ will be isomorphic with Zp for some p (obvious with respect to addition, multiplication can be interpreted as addition of squares of “1”)

Thus all fields with p elements are isomorphic.

Our attempt to correct multiple errors

Assume we have errors in positions i and j, we want to recoverthese positions from

[i]+[j] and f([i])+f([j]).

Basically we would like something like fields whose elementsresemble vectors... could we try polynomials?

[Adapted from V.Pless]

“Arithmetic” of polynomialsAddition, subtraction and multiplication is obvious. However, alsoa division is possible.


Polynomials - definition

Polynomials - divisibility

Extensions of Euclid's algorithm

The Euclidean algorithm can be applied to some rings, not just the integers. The most general context in which the algorithm terminates with the greatest common divisor is in a Euclidean domain. For instance, the Gaussian integers and polynomial rings over a field are both Euclidean domains.

As an example, consider the ring of polynomials with rational coefficients. In this ring, division with remainder is carried out using long division, also known as synthetic division. The resulting polynomials are then made monic by factoring out the leading coefficient.

Euclid's algorithm for polynomials - example

[Adapted from www.wikipedia.org]

Polynomials - divisibilityProposition 1p(x),g(x) - non-zero polynomials over F. Then there exist polynomialsa(x) and b(x), such that p(x) = a(x)g(x)+b(x) and deg(b(x)) < deg(g(x)).

ProofGenerally follows from polynomial division algorithm - the algorithm terminates iff degree of reminder b(x) becomes less that degree of g(x).

Polynomials - divisibilityProposition 2Each monic polynomial over F can be uniquely expressed asproduct of monic irreducible polynomials f1(x),..., fk(x).

ProofIf we assume that there are two alternative expressions,then for some polynomial q(x) we will have:

q(x) = f1(x),..., fm(x) and q(x) = g1(x),..., gn(x),

and, in addition, for all i and j we will have fi(x) ≠ gj(x).

This implies the existence of p(x), s(x) and t(x), such that p(x) is irreducible and divides s(x)t(x), but doesn't divide either s(x) or t(x).Consider polynomial r(x)=gcd(p(x),s(x))t(x).

Polynomials - divisibilityProposition 2Each monic polynomial over F can be uniquely expressed asproduct of monic irreducible polynomials f1(x),..., fk(x).

ProofThis implies the existence of p(x), s(x) and t(x), such that p(x) divides s(x)t(x) and, but doesn't divide either s(x) or t(x).Consider polynomial r(x)=gcd(p(x),s(x))t(x).

Is r(x) divisible by p(x)?

Since gcd(p(x),s(x))=1 and p(x) doesn't divide t(x), the answer is no.But we also have r(x) = gcd(p(x)t(x),s(x)t(x)), implying that p(x) doesdivide r(x).

This contradicts the existence of p(x), s(x) and t(x).

Polynomials - roots

Chinese reminder theoremProposition 3 (Chinese reminder theorem)p(x),g(x) - non-zero polynomials over F. Then there exist polynomialsa(x) and b(x), such that gcd(p(x),g(x)) = a(x)p(x)+b(x)g(x).

ProofFollows from the fact that extended Eucild's algorithm terminates, producing the required polynomials a(x) and b(x).

Polynomials - rootsProposition 4 f(x) - polynomial over F. Then F is a root of f(x) if and only iff(x) = (x–) g(x).

ProofClearly, if f(x) = (x–) g(x) then f() = 0.

For any we have f(x) = (x–)b(x) + r(x) (by Proposition 2), wheredeg(r(x)) < 1. Hence r(x) is a constant and should be 0, since r() = 0.

Corollary 1f(x) - a polynomial over F with deg(f(x)) = n. Then f(x) has no more than n root in field F.

ProofObvious (otherwise we obtain deg(f(x)) > n).

Attempt to use polynomials to construct afield

Lets try to represent vectors with polynomials. For addition and multiplication to be defined we need to take values mod some polynomial p(x). To have also multiplicative inverses it could be agood idea to require that p(x) is irreducible.

We can try to consider p(x)=x4+x3+1 (with coefficients from Z2)


Attempt to use polynomials to construct afield

Assume “there” is an element that is a root of p(x)=x4+x3+1[Adapted from V.Pless]

Finite fields - where do we stand now?

Zp is a field if and only if p is prime and all fields with p elements areisomorphic.

We can construct a field with pm elements, if there exist an irreduciblepolynomial over GF(p).

- do such polynomials always exist?- are all fields with pm elements isomorphic?- are there other finite fields?

In GF(16) we just constructed an element with order 161 (degrees of cover all non-zero elements). We could call it “primitive” element of a field. - do primitive elements always exist (even for GF(p))?

Freshmen ruleFreshmen ruleF - field with characteristic p > 0. Then for all a,bF and mN we have (a+b)pm= apm + bpm.

ProofFirst, assume this is the case for m=1. Then (a+b)pm= apm + bpm will hold by induction, since (a+b)pm= ((a+b)pm–1)p= (apm–1 + bpm–1)p = apm + bpm.

For m=1 expand (a+b)p. All factors will be divisible by p (and hence,equal to 0) except ap and bp (we use the fact that if p is field characteristic, then adding any element p times with itself the resultis 0).


Assume we have errors in positions i and j, we want to recoverthese positions from

[i]+[j] and f([i])+f([j]).

Suppose matrix elements now are from GF(16) we just constructed.Do we have a good choice for f?


Our attempt to correct multiple errorsAssume we have errors in positions i and j, we want to recoverthese positions from

[i]+[j] and f([i])+f([j]).

Lets try:

f(i) = [i]? Obviously won’t do...f(i) = [i]2? [i]2 + [i]2 = ([i]+[j])2 = [i]+[j].f(i) = [i]3?

Our attempt to correct multiple errorsAssume we have errors in positions i and j, we want to recoverthese positions from

[i]+[j] and f([i])+f([j]).

f(i) = [i]3? We have: y1 = [i]+[j], y2 = [i]3 + [i]3

[i]3 + [i]3 = ([i]+[j])([i] 2+[i][j]+[j] 2)

From here:

y2 /y1 = [i] 2+[i][j]+[j] 2 = y12 + [i][j]

and [i]+[j] = y1, [i][j]= (y2 /y1 ) y12

We can express parity check matrix as:


Parity check matrix in binary form:

This is a specific instance of BCH code.


Decoding procedure


Finding square roots?Unfortunately we have some problems if field characteristic is 2 :(

Finding square roots?

Solutions to x2+x+c=0


Solutions to x2+x+c=0x x2 x2+x c

0000 0000 0000 00000001 0001 0000 00000010 0100 0110 01100011 0101 0110 01100100 1001 1101 11010101 1000 1101 11010110 1101 1011 10110111 1100 1011 10111000 1111 0111 01111001 1110 0111 01111010 1011 0001 00011011 1010 0001 00011100 0110 1010 10101101 0111 1010 10101110 0010 1100 11001111 0011 1100 1100

Fields - primitive elements

Basic idea - consider element with highest possible multiplicative order r. Assume r < q1. Then there exists , which is not a degree of and has degree s r.

Then degree of is lcm(r,s)=r. Thus every field element is a root ofxr 1, i.e. we should have r = q 1.

Existence of primitive elementsTheorem 4 Every finite field has a primitive element.

[Adapted from K.Brown]

Existence of primitive elementsTheorem 4 Every finite field has a primitive element.

[Adapted from K.Brown]

We have q1 =1 for a primitive element . So we should have q1 =1 for any = k.

Note that this gives us Little Fermat’s Theorem for GF(p)!

Divisibility of xq11Theorem 5 If F is a field with q elements {0, a1, ..., aq–1} then all non-zero elements of F are roots of polynomial xq11 , i.e. xq11 = (xa1)...(xaq–1).

ProofIt is sufficient to show that ai

q11 = 0 for all ai.

Every field has a primitive element , thus, if ai = then we have aiq11

= 0 by definition of primitive element.

Otherwise ai = k for some k. Then aiq11 = k(q1)1 = 1k1 = 0.

Fields as vector spacesPropositionGF(pr) can regarded as r dimensional vector space over GF(p).

Let be a primitive element and let m be the smallest number such thatm is a linear combination of 1,,2,...,m1. Then all field elementscan be expressed as linear combinations (with coefficients from GF(p)!)of 1,,2,...,m1. m = a11+a2+a32+...+am

m1.

m+1 = (m) = a1 +a2 2 +a32+...+am1 m1+ am(a11+a2+a32+...+am

m1).

In the same fashion we can express m+2, m+3 etc. The number of such combinations is pm, thus we have r = m.

Uniqueness of fields with pr elementsPropositionAll fields with pr elements are isomorphic (thus notation GF(pr) is welldefined).

We know that all fields with p elements are isomorphic.

Consider two fields F1 and F2 with pr elements. Let a primitive element

of F1. There is an irreducible factor of p(x) of xpr 1, such that is a root of p(x). Let a primitive element of F2. Then for some k we have that k is a root of p(x). We can define isomorphism by mapping i ki.

Obviously i+j= i j ki kj = k(i+j) .Do we have also s= i + j ki + kj = ks?It turns out to be the case, since computation of both s and ks is based on reduction of polynomial degrees mod the same polynomial p(x).

Hierarchy of finite fields - example

GF(21)

GF(224)

GF(23)

GF(22)

GF(24)

GF(26)

GF(28)

GF(212)

Fields - minimal and primitive polynomials

Assuming F=GF(p) and G=GF(pr):

3. the degree of minimal polynomial is r;4. if a is primitive, the degree of m(a) is r.

Minimal polynomialsTheorem 6 F - a field F < G, aG. Then:

1. there exists a minimal polynomial m(x) for a and it is unique.2. if g(x) is a polynomial over F and g(a) = 0 then m(x) | g(x).

Proof1.The existence of a monic polynomial having a root a is obvious - lets take the irreducible polynomial defining G. If it wasn't unique, we will have two different monic polynomials having a as root and by subtraction obtain a polynomial with smaller degree and root a, contradicting minimality.

2.g(x) = a(x)m(x) + r(x) with deg r(x) < deg m(x). Since r(a) = 0we have to conclude that deg r(x) = 0., i.e. m(x) | g(x).

Minimal polynomialsTheorem 6 F - a field F < G, aG. p(x) - minimal polynomial of a. Assuming F=GF(p) and G=GF(pr):

Proof3&4. Vectors 1,a,a2,...,ar must be linearly dependent, since G is a r-dimensional vector space, thus they satisfy equation of degree less than r. Thus, there is a polynomial of degree r having a as root. If a is primitive, 1,a,a2,...,ar1 is a basis of G, so we should have deg(p)=r.

Reciprocal polynomials

[Adapted from W.Cherowitzo]

Reciprocal polynomials

[Adapted from W.Cherowitzo]

Useful lemmaLemmaxm1 divides xn1 if and only if m divides n.

xn1 = (xm1)(xnm + xn2m +...+ xnkm)+(xnkm1),where k is the largest multiple of m with km n.

Thus xm1 divides xn1 if and only if km = n.

Cyclotomic cosets


Cyclotomic cosets


Cyclotomic cosets and factoring

[Adapted from B.Cherowitzo]

Cyclotomic cosets


Cyclotomic cosets for GF(64).

Some factors of xn-1

Documents

Information and Coding Theory Finite fields. Juris Viksna, 2015