2.10 Finite fields
In this section, we will delve into the study of finite fields, which play a key role in cryptography.
Proposition 2.10.1: The characteristic of finite field
∢ F ∈ F ∣ F ∣ < ∞ char F = p p ∈ P \begin{align*}
&\sphericalangle \\
&F \in \mathcal F \\
&|F| < \infty\\
&\text{char }F = p
\\
\hline
\\
&p \in \mathfrak P
\end{align*} ∢ F ∈ F ∣ F ∣ < ∞ char F = p p ∈ P Proof
Remember that by ( 2.4.5 ) (2.4.5) ( 2.4.5 ) p ∈ P p \in \mathfrak P p ∈ P
□ \square □
Proposition 2.10.2: The order of finite field
∢ F ∈ F ∣ F ∣ < ∞ char F = p ∃ F ′ ⊆ F : F ′ ≅ F F p ∣ F ∣ = p n , n ∈ N \begin{align*}
&\sphericalangle \\
&F \in \mathcal F \\
&|F| < \infty\\
&\text{char }F = p
\\
\hline
\\
&\begin{align*}
&\exists F' \subseteq F: F' \cong_F \mathbb F_p \hspace{0.5cm} \tag{a}\\
&|F|=p^n, n \in \N \hspace{0.5cm} \tag{b}\\
\end{align*}
&
\end{align*} ∢ F ∈ F ∣ F ∣ < ∞ char F = p ∃ F ′ ⊆ F : F ′ ≅ F F p ∣ F ∣ = p n , n ∈ N ( a ) ( b ) Proof
a., b.
Define ϕ : Z ⇝ R F , n ↦ 1 + 1 + … + 1 ⏟ n times \phi: \Z \rightsquigarrow_R F, n \mapsto \underbrace{1 + 1 + \ldots + 1}_{n\text{ times}} ϕ : Z ⇝ R F , n ↦ n times 1 + 1 + … + 1 ker ϕ = p Z \ker \phi = p\Z ker ϕ = p Z ( 2.3.9 ) (2.3.9) ( 2.3.9 ) F p = Z / p Z ≅ R ϕ ( Z ) ⊆ F \mathbb F_p=\Z/p\Z \cong_R \phi(\Z) \subseteq F F p = Z / p Z ≅ R ϕ ( Z ) ⊆ F ϕ ( 1 ) = 1 \phi(1)=1 ϕ ( 1 ) = 1 F ′ : = ϕ ( Z ) F':=\phi(\Z) F ′ := ϕ ( Z ) F F F [ F : F ′ ] = n < ∞ [F:F'] = n < \infty [ F : F ′ ] = n < ∞ n n n F F F F ′ F' F ′ p n p^n p n
□ \square □
def: Frobenius endomorphism
∢ F ∈ F char F = p ρ k : F → F , x ↦ x p k ρ k − Frobenius endomorphism \begin{align*}
&\sphericalangle \\
&F \in \mathcal F \\
&\text{char } F= p \\
&\rho^k: F \to F, x \mapsto x^{p^k} \\
\hline
\\
&\rho^k - \text{Frobenius endomorphism} \\
\end{align*} ∢ F ∈ F char F = p ρ k : F → F , x ↦ x p k ρ k − Frobenius endomorphism It's easy to see that ρ m + n = ρ m ρ n \rho^{m+n}=\rho^{m}\rho^{n} ρ m + n = ρ m ρ n
We'll prove that this is indeed a homomorphism below
Proposition 2.10.3: Frobenius action on polynomials
∢ F ∈ F char F = p p ( x 1 , … , x n ) ∈ F [ x 1 , … , x n ] ρ k ( p ( a 1 , … , a n ) ) = p ρ k ( ρ k ( a 1 ) , … , ρ k ( a n ) ) , a i ∈ F \begin{align*}
&\sphericalangle \\
&F \in \mathcal F \\
&\text{char } F= p \\
&p(x_1, \ldots, x_n) \in F[x_1, \ldots, x_n] \\
\hline
\\
&\rho^k(p(a_1, \ldots, a_n))=p^{\rho^k}(\rho^k(a_1), \ldots, \rho^k(a_n)), a_i \in F
\end{align*} ∢ F ∈ F char F = p p ( x 1 , … , x n ) ∈ F [ x 1 , … , x n ] ρ k ( p ( a 1 , … , a n )) = p ρ k ( ρ k ( a 1 ) , … , ρ k ( a n )) , a i ∈ F Proof
Notice that in ρ k ( p ( a 1 , … , a n ) ) = ( ∑ i b i a 1 d 1 , i ⋅ … ⋅ a k i d k i , i ) p k \rho^k(p(a_1, \ldots, a_n))=(\sum_i b_i a_1^{d_{1, i}} \cdot \ldots \cdot a_{k_i}^{d_{k_i, i}})^{p^k} ρ k ( p ( a 1 , … , a n )) = ( ∑ i b i a 1 d 1 , i ⋅ … ⋅ a k i d k i , i ) p k p k p^k p k char F = p \text{char }F = p char F = p p k = 0 p^k=0 p k = 0 F F F 0 0 0
□ \square □
Proposition 2.10.5: Finite field as extension of F p \mathbb F_p F p
∢ F ∈ F ∣ F ∣ = p n F ≅ F p ( ∥ x p n − x ) F / Gal F p Gal ( F / F p ) = ⟨ ρ ⟩ G ∣ Gal ( F / F p ) ∣ = n \begin{align*}
&\sphericalangle \\
&F \in \mathcal F \\
&|F| = p^n \\
\hline
\\
&\begin{align*}
&F \cong \mathbb F_p(\parallel x^{p^n}-x) \hspace{0.5cm} \tag{a}\\
&F/_{\text{Gal}} \mathbb F_p \hspace{0.5cm} \tag{b}\\
& \text{Gal}(F/\mathbb F_p) = \lang \rho \rang_G \hspace{0.5cm} \tag{c}\\
& |\text{Gal}(F/\mathbb F_p)| = n \hspace{0.5cm} \tag{d}\\
\end{align*}
\end{align*} ∢ F ∈ F ∣ F ∣ = p n F ≅ F p ( ∥ x p n − x ) F / Gal F p Gal ( F / F p ) = ⟨ ρ ⟩ G ∣ Gal ( F / F p ) ∣ = n ( a ) ( b ) ( c ) ( d ) Proof
a.
Consider ∣ F ∗ ∣ = p n − 1 |F^*|=p^n-1 ∣ F ∗ ∣ = p n − 1 a ∈ F ∗ a \in F^* a ∈ F ∗ ∣ ⟨ a ⟩ ( G , ⋅ ) ∣ ∣ ∣ F ∗ ∣ = p n − 1 |\lang a \rang_{(G, \cdot)}| \mid |F^*|= p^n-1 ∣ ⟨ a ⟩ ( G , ⋅ ) ∣ ∣ ∣ F ∗ ∣ = p n − 1 a p n − 1 = 1 a^{p^n-1}=1 a p n − 1 = 1 a p n = a a^{p^n}=a a p n = a a = 0 a=0 a = 0 p ( x ) = x p n − x p(x)=x^{p^n}-x p ( x ) = x p n − x p n p^n p n F F F
By ( 2.4.5 ) (2.4.5) ( 2.4.5 ) 0 0 0 0 0 0 1 1 1 p n p^n p n char F = p \text{char } F = p char F = p ( 2.10.2. a ) (2.10.2.a) ( 2.10.2. a ) F ′ ⊆ F , F ′ ≅ F p F' \subseteq F, F' \cong \mathbb F_p F ′ ⊆ F , F ′ ≅ F p
Finally using theorem ( 2.8.11 ) (2.8.11) ( 2.8.11 ) F 1 = F p , F 2 = F ′ , p = x p n − x F_1=\mathbb F_p, F_2=F', p = x^{p^n}-x F 1 = F p , F 2 = F ′ , p = x p n − x
b.
F = F p ( ∥ x p n − x ) F=\mathbb F_p(\parallel x^{p^n}-x) F = F p ( ∥ x p n − x ) F / ⊲ F p F/_\lhd \mathbb F_p F / ⊲ F p ( a ) (a) ( a ) F / ⊟ F p F/_\boxminus \mathbb F_p F / ⊟ F p ( 2.9.15 ) (2.9.15) ( 2.9.15 ) F / Gal F p F/_{\text{Gal}} \mathbb F_p F / Gal F p
c.
To prove that ρ ∈ End F ( F ) \rho \in \text{End}_F(F) ρ ∈ End F ( F ) p 1 ( x , y ) = x + y p_1(x,y)=x+y p 1 ( x , y ) = x + y p 2 ( x , y ) = x y p_2(x,y)=xy p 2 ( x , y ) = x y ( 2.10.3 ) (2.10.3) ( 2.10.3 ) ρ ( 1 ) = 1 \rho(1)=1 ρ ( 1 ) = 1
By Fermat's little theorem ( 2.2.10 ) (2.2.10) ( 2.2.10 ) ∀ a ∈ F p : ρ ( a ) = a \forall a \in \mathbb F_p: \rho(a)=a ∀ a ∈ F p : ρ ( a ) = a ( 2.4.20. c ) (2.4.20.c) ( 2.4.20. c ) ρ \rho ρ ∣ F ∣ < ∞ |F| < \infty ∣ F ∣ < ∞ ρ ∈ Gal ( F / F p ) \rho \in \text{Gal}(F/\mathbb F_p) ρ ∈ Gal ( F / F p )
Denote p ( x ) = x p − x p(x)=x^p-x p ( x ) = x p − x { a ∈ F : p ( a ) = 0 } = Fix ρ ( F ) ⊇ F p \{a \in F: p(a)=0\} = \text{Fix}_\rho(F) \supseteq \mathbb F_p { a ∈ F : p ( a ) = 0 } = Fix ρ ( F ) ⊇ F p p ( x ) p(x) p ( x ) p p p Fix ρ ( F ) = F p \text{Fix}_\rho(F) = \mathbb F_p Fix ρ ( F ) = F p ρ \rho ρ F p \mathbb F_p F p Fix ⟨ ρ ⟩ G ( F ) = F p \text{Fix}_{\lang \rho \rang_G}(F)=\mathbb F_p Fix ⟨ ρ ⟩ G ( F ) = F p ( 2.9.16 ) (2.9.16) ( 2.9.16 ) ⟨ ρ ⟩ G = Gal ( F / F p ) \lang \rho \rang_G = \text{Gal}(F/\mathbb F_p) ⟨ ρ ⟩ G = Gal ( F / F p )
d.
( 2.9.16 ) ⟹ n = [ F : F p ] = ∣ Gal ( F / F p ) ∣ (2.9.16) \implies n=[F:\mathbb F_p] = |\text{Gal}(F/\mathbb F_p)| ( 2.9.16 ) ⟹ n = [ F : F p ] = ∣ Gal ( F / F p ) ∣
□ \square □
Proposition 2.10.6: Finite field of a certain order is unique
∢ F 1 , F 2 ∈ F ∣ F 1 ∣ = ∣ F 2 ∣ = p n F 1 ≅ F 2 \begin{align*}
&\sphericalangle \\
&F_1, F_2 \in \mathcal F \\
&|F_1|=|F_2|=p^n
\\
\hline
\\
&F_1 \cong F_2
\end{align*} ∢ F 1 , F 2 ∈ F ∣ F 1 ∣ = ��∣ F 2 ∣ = p n F 1 ≅ F 2 Proof
By ( 2.10.5 ) (2.10.5) ( 2.10.5 ) F 1 ≅ F p ( ∥ x p n − x ) ≅ F 2 F_1 \cong \mathbb F_p(\parallel x^{p^n}-x) \cong F_2 F 1 ≅ F p ( ∥ x p n − x ) ≅ F 2
□ \square □
We'll denote the finite field of order p n p^n p n F p n \mathbb F_{p^n} F p n
Corrolary 2.10.7: Finite field is perfect
∢ F ∈ F ∣ F ∣ = p n F ∈ F P \begin{align*}
&\sphericalangle \\
&F \in \mathcal F \\
&|F|=p^n
\\
\hline
\\
&F \in \mathcal F^{\mathcal P}
\end{align*} ∢ F ∈ F ∣ F ∣ = p n F ∈ F P Proof
Since ρ ∈ Gal ( F / F p ) \rho \in \text{Gal}(F/\mathbb F_p) ρ ∈ Gal ( F / F p ) F p = F F^p=F F p = F ∀ x ∈ F : ρ ( x ) = x \forall x \in F: \rho(x)=x ∀ x ∈ F : ρ ( x ) = x ( 2.9.12 ) (2.9.12) ( 2.9.12 )
□ \square □
Proposition 2.10.8: Finite subfield order
∢ F , E ∈ F ∣ F ∣ = p m �∣ E ∣ = p n E / F ⟺ m ∣ n \begin{align*}
&\sphericalangle \\
&F, E \in \mathcal F \\
&|F| = p^m \\
&|E| = p^n \\
\hline
\\
&E/F \iff m \mid n
\end{align*} ∢ F , E ∈ F ∣ F ∣ = p m ∣ E ∣ = p n E / F ⟺ m ∣ n Proof
⟹ \implies ⟹
We have E / F / F p E/F/\mathbb F_p E / F / F p [ E : F p ] = [ E : F ] [ F : F p ] ⟹ n = [ E : F ] m ⟹ m ∣ n [E:\mathbb F_p]=[E: F][F:\mathbb F_p] \implies n=[E:F]m \implies m \mid n [ E : F p ] = [ E : F ] [ F : F p ] ⟹ n = [ E : F ] m ⟹ m ∣ n
⟸ \impliedby ⟸
m ∣ n ⟹ p n − 1 = ( p m ) k − 1 = ( p m − 1 ) ( ( p m ) k − 1 + … + 1 ) ⟹ p m − 1 ∣ p n − 1 ⟹ take y = x p m − 1 x p m − 1 − 1 ∣ x p n − 1 − 1 ⟹ x p m − x ∣ x p n − x m \mid n \implies p^n-1=(p^m)^k-1=(p^m-1)((p^m)^{k-1}+\ldots+1) \implies p^m-1 \mid p^n-1 \overset{\text{take }y=x^{p^m-1}}\implies x^{p^m-1}-1 \mid x^{p^n-1}-1 \implies x^{p^m}-x \mid x^{p^n}-x m ∣ n ⟹ p n − 1 = ( p m ) k − 1 = ( p m − 1 ) (( p m ) k − 1 + … + 1 ) ⟹ p m − 1 ∣ p n − 1 ⟹ take y = x p m − 1 x p m − 1 − 1 ∣ x p n − 1 − 1 ⟹ x p m − x ∣ x p n − x
So we have E = F p ( ∥ P 1 ) , F = F p ( ∥ P 2 ) , P 1 ⊇ P 2 ⟹ E / F E=\mathbb F_p(\parallel P_1), F=\mathbb F_p(\parallel P_2), P_1 \supseteq P_2 \implies E/F E = F p ( ∥ P 1 ) , F = F p ( ∥ P 2 ) , P 1 ⊇ P 2 ⟹ E / F
□ \square □
Proposition 2.10.9: Subgroup of multiplicative group is cyclic
∢ F ∈ F G ⊆ G F ∗ G ∈ G ↺ \begin{align*}
&\sphericalangle \\
&F \in \mathcal F \\
&G \subseteq_G F^*
\\
\hline
\\
&G \in \mathcal G^{\circlearrowleft}
\end{align*} ∢ F ∈ F G ⊆ G F ∗ G ∈ G ↺ Proof
By ( 2.2.38 ) (2.2.38) ( 2.2.38 )
G ≅ Z p 1 α 1 × … × Z p k α k G \cong \Z_{p_{1}^{\alpha_1}} \times \ldots \times \Z_{p_{k}^{\alpha_k}} G ≅ Z p 1 α 1 × … × Z p k α k Where p i p_i p i Z p i α i \Z_{p_i^{\alpha_i}} Z p i α i a i a_i a i a = ( a 1 , … , a n ) a=(a_1, \ldots, a_n) a = ( a 1 , … , a n ) m : = LCM ( p 1 α 1 , … , p k α k ) m:=\text{LCM}(p_1^{\alpha_1}, \ldots, p_k^{\alpha_k}) m := LCM ( p 1 α 1 , … , p k α k ) m ≤ ∣ G ∣ m \le |G| m ≤ ∣ G ∣ p 1 α 1 ∣ ∣ G ∣ p_1^{\alpha_1} \mid |G| p 1 α 1 ∣ ∣ G ∣ g = ( g 1 , … , g n ) ∈ G g=(g_1, \ldots, g_n) \in G g = ( g 1 , … , g n ) ∈ G g r − 1 = 0 , r ∣ m g^r - 1 = 0, r \mid m g r − 1 = 0 , r ∣ m LCM ( ord g 1 , … , ord g n ) = LCM ( p 1 α 1 − β 1 , … , p n α n − β n ) \text{LCM}(\text{ord }g_1, \ldots, \text{ord }g_n)=\text{LCM}(p_1^{\alpha_1-\beta_1}, \ldots, p_n^{\alpha_n-\beta_n}) LCM ( ord g 1 , … , ord g n ) = LCM ( p 1 α 1 − β 1 , … , p n α n − β n ) g ∈ G g \in G g ∈ G x m − 1 = 0 x^m-1=0 x m − 1 = 0 m m m ∣ G ∣ ≤ m |G|\leq m ∣ G ∣ ≤ m
So we have ∣ G ∣ = m |G|=m ∣ G ∣ = m ⟨ a ⟩ G = G \lang a \rang_G=G ⟨ a ��⟩ G = G
□ \square □