ds Introduction to finite fiel and their applications RU D O LF L1 DL , /iubart, AWilraliu Unirersil)' (If Tasmania
RE IT FR IIA RA LD N fE D I:R oI ScijJ1Ju's. Vie llna , All.'it/"ia Aus tria /1 Aca dem y
= -= =
~",,;:;,,;~;Z;~~;,~, ImlI II I "a, III I :::::=:::====.. =tJ .
10
p"m end sell
/It'nr f VII!
~f
l ' ""
! '. ;"
;t, 1 p"~l
i
onJ phb".'/>(.J c&",;n~O'l$l
"nrr /."\4.
ER SI TY PR ES S CA M BR ID G E UN IV Cambridge NeH' Rochelle Lo nd on Ne w York Melhourne !>:vdnss Cara/oRillg in Publication Data Lidl, Rudolf. Introduction to finite fields and their applications. Bihliography: p. lndudes index. 1. Finite fields (Algebra) 1. Niederrciter, Harald, 1944 Il. Title. QA247.3.L54 19R5 512'.3 85-9704 ISBN 0-521-30706-6
Contents
vii
Preface Chapter I
AI~ebraic
Foundations
I Groups
2 Rings and Fields 3 Polynomials 4 Field Extensions Exercises Chapter 2 Structure of Finite Fields I Characterization of Finite Fields 2 Roots of Irreducible Polynomials 3 Traces, Norms, and Bases 4 Roots of Cnity and Cyclotomic Polynomials 5 Representation of Elements of Finite Fields 6 Wedderburn's Theorem Exercises Chapter 3 Polynomials over Finite Fields I Order of Polynomials and Primitive Polynomials 2 Irreducible Polynomials
I
2
" 18
30 37 43
44 47 50 59 62 65 69 74
75 R2
Contents
3 Construction of Irreducible Polynomials 4 Linearized Polynomials 5 Binomials and Trinomials Exercises Chapter 4 I 2 3
Factorization of Polynomials Factorization over Small Finite Fields Factorization over Large Finite Fields Calculation of Roots of Polynomials Exercises
87 98 115 122 129 130 J 39 150 J 59
Chapter 5 Exponential Sums I Characters 2 Gaussian Sums Exercises
162 163 168 181
Chapter 6 I 2 3 4 5 6 7
Linear Recurring Sequences Feedback Shift Registers. Periodicity Properties Impulse Response Sequences. Characteristic Polynomial Generating Functions The Minimal Polynomial Families of Linear Recurring Sequences Characterization of Linear Recurring Sequences Distribution Properties of Linear Recurring Sequences Exercises
185 186 193 202 210 215 228 235 245
Chapter 7 I 2 3 4
Theoretical Applications of Finite Fields
251 252 262 271 281 294
Chapter 8 I 2 3
Algebraic Coding Theory Linear Codes Cyclic Codes Goppa Codes
Finite Geometries Combinatories Linear Modular Systems Pseudorandom Sequences Exercises
Exercises Chapter 9 Cryptology I Background
299 300 311 325 3:12
338 339
v
Contents
2 Stream Ciphers 3 Discrete Logarithms 4 Further Cryptosystcms Exercises Chapter 10 Tables I Computation in Finite Fields 2 Taoles of Irreducible Polynomials
342 346 360 363 367 367 377
Biblio2raphy
392
List of Symbols
397
Index
401
To Pamela and Gcrlindc
Preface
This book is designed as a textbook edition of our monograph Finite Fields which appeared in 1983 as Volume 20 ofthe Encyclopedia ofMathematics and Its Application.,. Several changes have been made in order to tailor the book to the needs of the student. The historical and bibliographical notes at the end of each chapter and the long bibliography have been omitted as they arc mainly of interest to researchers. The reader who desires this type of information may consult the original edition. There are also changes in the text proper, with the present book having an even stronger emphasis on applications. The increasingly important role of finite fields in cryptology is reneeted by a new chapter on this topic. There is now a separate chapter on algebraic coding tbeory containing material from tbe original edition togetber with a new section on Goppa codes. New material on pseudorandom sequences bas also been added. On the other hand, topics in tbe original edition that are mainly of theoretical interest have been omitted. Thus, a large part of the material on exponential sums and tbe ebapters on equations over finite fields and on permutation polynomials cannot be found in the present volume. The tbeory offinite fields is a branch of modern algebra that has come to the fore in the last 50 years because of its diverse applications in eombinatories, coding theory, cryptology, and the mathematical study of switching circuits, among others. The origins of the subject reach back into the 17th and 18th centuries, with such eminent mathematicians as Pierre de Fermat (1601-1665), Leonhard Euler(1707 1783), Joseph-Louis Lagrange (1736-1813), and Adrien-Marie Legendre (1752 1833) contributing to the structure theory of special finite fields --namely, the so-called finite prime fields. The eeneral theorv of finite fields mav be said to begin with the work of
Preface
viii
Carl Friedrich Gauss (1777-1855) and Evariste Galois (1811 1832). hut it only became of interest for applied mathematicians in recent decades with the emergence of discrete muthematic~ as a serious discipline. In this hook wc have aimed at presenting hoth the dassical and the applications-oriented aspects of the suhject. Thus, in addition to what has to bc eonsidcrcd the essential core of the theory, the reader will find results and techniques that arc ofimportancc mainly heeause of their usc in applications. fleeause of the vastness of the suhjeet, limitations had to be imposed on the choice of material. In trying to make the book as self-contained as possible, we have refrained from discussing results or methods that helong properly to algebraic geometry or to the theory ofalgebruic fum.:tion fields. Applications are described to the extent to which this can he done without too much digression. The only noteworthy prerequisite for the book is a haekground in linear algehra, on the level of a first course on this topic. 1\ rudimentary knowledge of analysis is needed in a few passages. Prior exposure to ahstraet algebra is cenainly hdpful, although all the necessary information is summarized in Chapter I. Chapter 2 is basic for the rest of the hook as it contains the general structure theory of finite ficids as well as the discussion of concepts that arc used throughout the book. Chapter 3 on the theory of polynomials and Chapter 4 on faetori/ation algorithms for polynomials arc dosely linked and should hest be studied together. Chapter 5 on exponential sums uses only the dementary structure theory of finite fields. Chapter (> on linear recurring sequences depends mostly on Chapters 2 and 3. Chapters 7. 8, and 9 are devoted to applications and draw on various material in the previous chapters. Chapter 10 supplements parts of Chapters 2, 3, and 9. Each chapter starts with a hrief description of its contents, hence it should not he necessary to give a synopsis of the hook here. In order to enhance the attractiveness of this hook as a text hook, we have inserted worked-out examples at appropriate points in the text and inciuded lists of exercises for Chapters I -9. These exercises range from routine problems to alternative proofs of key theorems, but contain also material going beyond what is covered in the text. With regard to cros~-rcferences, we have numbered all items in the main text consecutively by chapters, regardless of whether they are definitions. theorems, examples, and so on. Thus, "Definition 2.41" refers to item 41 in Chapter 2 (which happens to be a definition) and "Remark 6.23" refers to item 23 in Chapter 6 (which happens to he a remark). In the same vein, "Exercise 5.21" refers to the list of exercises in Chapter 5. We gratefully acknowledge the help of Mrs. Melanic Barton and Mrs. Retty Golding who typed the manuscript with great care and efficiency. R. LIDL
H.
r-;tEllI'RRI'.ITI.R
Chapter I
Algebraic Foundations
Thi' introductory chapter contains a survey of some basic algebraic concept' that will be employed throughout the hook. Elementary algebra uses the operations of arithmetic ,uch a, addition and multiplication, hut replaces particular numbers hy symbol, and thereby ohtains formulas that, by suhstitution, provide solutions to specific numerical problems. In modern algebra the level of abstraction is raised further: instead of dealing with the familiar operations on real numhers, one treats general operations
-processes of t:omhining two or more clements to yield another element·- in general sets. The aim is to study the common properties of all systems consisting of sets on which are defined a fixed number of operations interrelated in some definite way-for instance, sets with two binary
operations behaving like + and· for the real numbers. Only the most fundamental definitions and properties of algehraic systems- that is. of sets together with one or more operations on the
set will be introduced, and the theory will be discussed only to the extent needed for our ,pecial purposes in the study of finite fields later on. We state some standard results without proof. With regard to sets we adopt the naive standpoint. We use the following sets of numbers: the set I'\J of natural numbers, the set 7L of integers, the set Q of rati,mal numhers, the ,et IR of real numbers, and the set C of complex numhers.
2
I.
Algehraic Foundation.,
GROUPS
In the set of all integers the two operations addition and multiplication arc well known. We can generalize the concept of operation to arbitrary sets. Let S be a set and let S X S denote the set of all ordered pairs (s, I) with s E S, IE S. Then a mapping from S X S into S will be called a (billa~v) operalioll on S. Under this definition we require that the image of (5, t) E S X S must be inS; this is the closure property of an operation. By an alf{ehraic structure or algehraic system we mean a set S together with one or more operations on S. In elementary arithmetic we are provided with two operations.
addition and multiplication, that have associativity as one of their most important properties. Of the various possible algebraic systems having a single associative operation, the type known as a group has been by far the most extcnsively studied and developed. The theory of groups is one of the oldest parts of abstract algcbra as well as onc particularly rich in applications.
1.1.
Definition. A group is a set G together with a binary operation
0
on
G sueb that the following three properties hold;
1.
* is associative; that is. for any a, h, c E
(j,
ao(boc)~ (aob)oc.
2.
3.
There is an identity (or unity) elemelll e in G such that for all aEG, For each a E
a*e=e*a=a. G, there cxists an inverse element a- J E G such that
If the group also satisfies 4. Foralla.hEG, a*h=b*a,
then the group is called abelian (or commutative). It is easily shown tbat the identity element e and lhe inverse clement a J of a given element a E G are uniquely determined by the properties above. Furthermore, (a 0 b) J ~ b- J 0 a J for all a. bEG. For simplicity, we shall frequently use the notation of ordinary multiplication to designate the operation in the group. wriling simply ah instead of a 0 h. But it must be emphasized that by doing so we do not assume that the operation actually is ordinary multiplication. Sometimes it is also convenient to write a + h instead of a 0 hand - a instead of a J. bUI this additive notation is usually reserved for abelian groups.
I.
(jroup~
3
The associative law guarantees that expressions such as a 1Q 2' •• an with aj E G, I ~ j ~ n, are unambiguous, since no matter how we insert parenthcses, the expression will always represcnt the same clement of G. To indicate the n-fold composite of an element a E G with itself, where n E I'll, we shall write an=aa"'a
(nfactorsa)
if using multiplicative notation, and we call an the nth power of a. If using additive notation for the operation' on G, we write na=a+a+'" +a
(nsummandsa).
Following customary notation, we have the following rules:
Multiplicative Notation
Additive Notation
a-n=(a- I )" a lla m = an t m (a")m=a"m
(-n)a=n(-a) na + ma = (n + m)a m(na)~(mn)a
For n = 0 E Z, one adopts the convention aO ~ e in the multiplicative notation and Oa = 0 in the additive notation, where the last "zero" represents the identity element of G. 1.2.
Examples (i)
Let G be the set of integers with the operation of addition. The ordinary sum of two integers is a unique integer and the associativity is a familiar fact. The identity element is 0 (zero), and the inverse of an integer a is the integer - a. We denote this group by Z. (ii) The set consisting of a single element e, with the operation' defined bye' e ~ e, forms a group. (iii) Let G be the set of remainders of all the integers on division by 6-that is, G ~ CO, 1,2,3,4, 5}-and let a • b he the remainder on division by 6 of the ordinary sum of a and b. The existence of an identity element and of inverses is again obvious. In this case, it requires some computation to establish the associativity of '. This group can be readily generalized by replacing the 0 integer 6 hy any positive integer n. These examples lead to an interesting class of groups in which every element is a power of some fixed clement of the group. If the group operation is written as addition, we refer to "multiple" instead of "power" of an element. 1.3. Definition. A multiplicative group G is said to be cyclic if there is an clement a E G such that for any bE (j there is some integer j with b = a i .
Algchrail.: roundation:;
4
Such an dement a is called a gel1eralOr of the cyclic group, and we write G = (a). It follows at once from the definition that every cyclic group is commutative. We also note that a cyclic group may very well have more than one dement that is a generator of the group. For instance, in the additive group il. both I and - I arc generators. With regard to the "additive" group of remainders of the integers on division hy 11, the generalil.ation of Example 1.2(iii). we find that the type of operation used there leads to an equivalence relation on the set of integers. In general, a subset R of S X S is called an equivalel1ce relaliol1 on a set S if it has the following three properties:
(a) (', s) E R for all s E S (reflexiGitv). (b) U (s, I) E R, then (c, s) E R (symmelry). (c) U(S,I), (c.u)E R, then (s.u)E= R (cral1siliviZv). The most ohvious example of an equivalence relation is that of equality. It is an important fact that an equivalence relation R on a set S induces a partition of S -that is, a representation of S as the union of nonempty, mutually disjoint subsets of S. If we collect all clements of 5 equivalent to a fixed S E S. we obtain the equiwlel1ce class of s. denoted by [sl~ (I E S:(S.I) E= R}.
The collection of all distinct equivalence classes forms then the desired partition of S. We note that [s J = [I J precisely if (s. r) E= R. Example 1.2(iii) suggests the following concept.
1.4. Definition. For arbitrary integers a. h and a positive integer 11, we say that a is cOl1gruent to h modulo n, and write a'" hmod 11. if the differcnce a - h is a multiple of n -that is, if a ~ h + kn for some integer k. It is easily verified that I'congruence modulo Jl" is an equivalence relation on the set il. of integers. The relation is ohviously rel1exive and symmetric. The transitivity also follows easily: if a ~ h + kl1 and h = c + In for some integers k and I. then a = c +(k 0 1)11, so that a'" hmod 11 and b '" c mod n together imply a '" C mod 11. Consider now the equivalence classes into which the rclation of congruence modulo n partitions the sct il.. These will bc tic scts
[0]
= {
[i]=(
-211, - n.D.I1,2n .... }. -2n+I,-n~I,I.n-I,211,I .... },
[11 - 1] = { .... - n - I. . I. 11 - I. 211 - I. 3n - I, ... }. We may definc on the set ([D].[I]..... [I1-IJ) of equivalence classes a binary
5
operation (which we shall again write as ordinary addition) by
+, although it is eenainly not
[al+[b]~[a th],
( 1.1)
where a and h are any clements of the respective sets [aj and [b] and the sum a I h on the right is the ordinary sum of a and b. In order 10 show that we have actually defined an operation-that is, that this operation is wcll defined- we must verify that the image element of the pair ([aj,[h]) is uniquely determined by raj and [b] alone and does not depend in any way on the representatives a and h. We leave thi1:i proof as an exercise. Associativity of the operation in (1.1) follows from the aS1-.ociativity of ordinary addition. The identity clement is [0] and the inverse of [a] is [- oj. Thus the elements of the set ([OJ,ll]..... [n· Ij) form a group. 1.5. Uefinition, The group formed by the set ([OJ,[lj.... ,[n -I]) of equivalence clas.ses modulo n with the operation (1.l) is called the group of illlexers modulo n and denoted hy 1'.".
71" is actually a cyclic group with the equivalence class [I J as a generator, and it is a group of order n according to the following definition. 1.6, Definition, A group is called finite (resp. illfinile) if it contains finitely (resp. infinitely) many elements. The number of elements in a finite group is called its order. We shall write: CI for the order of the finite group C. Th~rc is a convenient way of presenting a finite group. i\ table displaying the group operation, nowadays referred to as a Cayler IOhle, is constructed hy indexing the rows and the columns of the tahle hy the group clements. The element appearing in the row indexed hy a and the column indexed hy h is then taken to he ah.
1.7.
Example,
The Cayley tahle for the group 1'., is:
~[OJ
[Il
[0]
[II [21
[0]
[II [Il
[21 [2]
[3]
[3] [4] [5] [3] [4] [5] [4] [5] [0] [5] [0] [ I]
[3] [4] [3 J [3] [41 [5] [0] [4] [4] [5] [0] [Il [5] [5] [0] [ I ] [2] [21 . [2]
[I] [21
[2]
[3] [3] [4]
u
A group (j ~ontains certain suhsets that form groups in their own rig,ht under the "peration of G. for instance, the subset ([OJ, [2j, [4j} of 1'., is easil:v :,een to have thi:-. property.
Alg,chra:c
roundation~
1.8. Uefinition. II subset fI of the group G is a subgroup of G if 1I is itself a group with re:-.pect to the operation of G. Subgroups of G other than the frivinlsuhgroup.\ {e} and G ihclf are called nontrivial suhgroups of G. One verifie' at once that for any fixed a in a group G. the set of all powe", of a is a subgroup of G. 1.9. Definition. The subgroup of G consisting of all powers of the clement a of G is called the subgroup generated hy a and is denoted by (a). This subgroup is necessarily cyclic. If (a) is finite. then its order is called the order of the clement a. Otherwise. 11 is called an dement of infillite order. Thus. a is of finite order k if k is the least positive integer such that e. Any other integer m with am = e is then a multiple of k. If S is a nonempty subset of a group G. then the suhgroup /I of G consisting of all finite products of powers of clements of S is called the subgroup genCfaled hy S. denoted by /1- (5). If (S) ~ G. we say that S generate., G. or that G is generated hv S. for a positive element n of the additive group 71. of integers. the subgroup (n) is elo~ely associated with the notion of congruence modulo n, since a '" hmod n if and only if a - b'" (II). Thu, the subgroup (n) defines an equivalence relation on 71... This situation can be generalized as follows.
(lA
.
1./0. Theorem. If H is a subgroup of G. thell the re/otioll R II on G defilled hy (a. h) E R II if and only if a ~ "h for sO/lle h r 1I. is WI equimlellee relaTion.
The proof is immediate. The equivalence relation R If i' called left congruence modulo II. I.ike any equivalence rehnion, it induces a partition of G into nonempty. mutually disjoint suhsets. These subsets ( - equivalence classes) are called the left coselS of G modulo /I and they arc denoted hy all
~
{ah: h
C
H}
(or (/ -'- H·· (a - h: h'" H) if G is written additively). where a is a fixed clement of G. Similarly, there i:-. a decompositilm of G in\{) right coset5 modulo /I, which have the form I/a .. (ha: h E /I). If G is abelian. then the di:-.tinction between left and right cosclS modulo II is unnecessary. 1.11. Example. Let G ~ 71." and let 1I be the subgroup {IO].13j.[6].[9]}. Then the distinct (left) coset; of G modulo 1I arc given by:
[0]1 H·· ([01.[3J.[6].[9]). [i]+ /I ([il.[4].[7j.[IO]). [2J-II" ([2].[S].{KJ.lJ I]). 1./2. Theorem. If /I is a fillile suhgroup of (;. then ,,"err (I"ft or risht) ('oset of G moduln H has the same number of dements as H.
1.
(jroup~
7
1.13. Definition. If the subgroup I/ of G only yields finitely many distinct left eosets of (; modulo I/. then the number of sucb cosets is called the index of fl in G. Since the kft eosets of G modulo I/ form a partition of G, Theorem 1.12 implies the following important result. 1.14. Theorem. The order of afinire group G is equal TO rhe producr of rhe order of any subgroup I/ and rhe index of H in G. In parricular, rhe order of H dieides rhe order of G and rhe order of any e1emenr a E G divides rhe order of G.
The subgroups and the orders of elements arc easy to describe for
cyclic groups. We summarize the rdcvant facts in the suhsequent theorem. 1.15.
Theorem
Every suhgroup of a ()'Clic group is ,:rdic. /n a finire cvdic group (a) of order m. rhe elemenr a k generares a suhgroup of order m/ged(k. m), where ged(k, m) denores rhe greatesT common dil:isor of k and m. (iii) If d is a posiriee dieisor of rhe order m of a finire ,ydic group (a). rhen (a) conrain; one and on!r one suhgroup of index d. For any posirive didsor f of m. (a) conrains precisely one subgroup of order f. (iv) Ler f he a posiriee dieisor of rhe order-of a finire cvclic group (a). Then (a) conrains ( elemenrs of order f. Here 9(/) is Euler's function and indicaTes the number of integers n with l.:s;;; n .:s; ; f rhar are relarively prime TO f. (v) A finire cyclic group (a) of order m conrains ( m] generarors-rhar is. e1emenrs a' such rhar (a') = (a). The generarors are rhe powers a' wirh gcd( r, m) = 1. (i)
(ii)
n
Proof (i) Let I/ be a subgroup of the cyclic group (a) with 1/ (e). If a" E H. then a "E I/: hence I/ contains at least one power of a with a positive exponent. Let d be the least positive exponent such that a d ,= H. and let a' E H. Dividing s by d gives s = qd + r, 0", r < d. and q. r E 71.. Thus a'(a-d)q = a' E H. which contradicts the minimality of d, unless r = O. Therefore the exponents of all powers of a that belong to Hare divisible by d. and so I/ = (ad). (ii) Put d = gcd( k, m). The order of (a k ) is the least positive integer n such that a'" = e. The laner identity holds if and only if m divides kn, or equivalently. if and only if mid divides n. The least positive n with this property is n = mid. (iii) If d is given, then (a J ) is a subgroup of order mid. and so of index d. because of (ii). If (a') is another subgroup of index d, then its
=
order is m / d, and so d ~ ged( k, m) by (ii). In particular, d divides k, so that a' E (ad) and (a') is a suhgroup of (ad). But since hoth groups have the same order, they are identical. The second part follows immediately because the subgroups of order I arc precisely the subgroups of index m / f. (iv) Let I(a) I ~ m and m ~ df. By (iii, an clement a' is of order I if and only if ged(k, m) = d. Hence, the numher of clements of order lis equal to the numher of integers k with I,;; k,;; m and ged(k, m) = d. We may write k ~ dh with I,;; h,;; I, the condition ged(k, m) ~ d heing now equivalent to ged(h,j) ~ I. The numher of these h is equal to $(/). (v) The generators of (a) are precisely the elements of order m, so 0 that the first part is implied by (iv). The second purt follows from (ii). When comparing the structures of two groups, mappings hetween the groups that preserve the operations play an important role. 1.16, Definition. A mapping/: (i ~ II of the group (i into the group 1/ is culled a homomorphism of G into 1/ if I preserves the operation of G. That b. if * and· arc the operations of G and 1/, respectively. then I preserves the operation of G if for all a.hEG we huve l(a*h)~/(a)·/(h). If. in adctition, I is onto 1/, then I is called an epimorphism (or homomorphism "onto") and 1/ is a homomorphic image of G. A homomorphism of G into G is called an endomorphism. If I is a one-to-one homomorphism of G onto 1/. then/is called an isomorphism und we say that G und 1/ arc isomorphic. An isomorphism of G onto (j is called an tlUlomorphism.
Consider. for instance, the mapping I of the additive group 1L of the integers onto the group 1L" of the integers modulo n, defined hy I(a I ~ ra]. Then I(a+h) ~ ra+hl~laJ+lhl~/(a)I I(h)
fora,hElL,
and I is a homomorphism. If I: G -. II is a homomorphism and e is the identity clement in G, then ee ~ e implies I( e )J( e) ~ I( e), so that I( e) ~ e'. the identity clement in II. fromaa-'=eweget/(a ')~(/(a))-' forallac(i. The automorphisms of a group G are often of particular interest, partly heeause they themselves form a group with respect to the usual composition of mappings, as can he easily verified. Important examples of automorphisms are the iflller llUlomorphisms. For fixed t1 c- (j, define Ju hy fo(h) ~ aba I for beG. Then la is an automorphi.sm of G of the indicated type, and ",e get all inner automorphisms of G by letting a run through all clements of G. The elements hand aba I arc said to he ('(JIIjugat", and for a nonempty subset S of G the set aSa I ~ (asa -, : .\ C S) is called a conjugale of S. Thus, the conjugates of S arc just the images of S under the ,arious inner automorphisms of G.
9
(jf()L1P~
1.17. Definition. The kernel of the homomorphismf: G G into the group /I is the set kerf~
~
II of the group
(a'=G:f(a) . e'},
where e' is the identity clement in JI. 1,18. Fxampl S preserves both operations + and . of R and induces a homomorphism of the additive group of R into the additive group of S. The set ker'f - {a
E
R ; 'f ( a ) ~ 0 (= S}
is called the kernel of 'f. Other concepts, such as that of an isomorphism, are analogous to those in Definition 1.16. The homomorphism theorem for rings, similar to Theorem 1.23 for groups, runs as follows. 1.40.
Iheorem (Homomorphism Theorem for Rings). .'
01
..
l. __ ..
:_
,. •.
;.J __ "
n~
If 'P is a D
~.~.I
C' ;"
2. Ring.:. and
Fi~'ld~
;-:>/(C' U
.'
>.:-
\ ':.
l~
.~'.
k
i,omorphic 10 Ihe faclor ring /ker 2 and nonzero polynomials I" one first computes gcd(j,./,), then gcd(gcd(jl./' )./3)' and so on, hy the Euelidean algorithm. 1.56.
Example.
The Euclidean algorithm applied to
l(x)~2x6+x'+x'+2 is always an imeger.
4.
FIELD EXTENSIONS
.. Let F be a field. A subset K of F that is itself a field under the operations of F will be called a .,uhfield of F. In this context. F is called an ex/ension (field) of K. If K ~ F, we say that K is a proper subfield of F. If K is a subfield of the finite field IF p' p prime, then K must contain the elements 0 and I, and so all other elements of IF p by the elosure of K under addition. It follows that IF p contains no proper subfields. We arc thus led to the following concept. 1.77. field.
Definition,
A field containing no proper subfields is called a prime
By the above argument, any finite field of order p, p prime, is a prime field. Another example of a prime field is the field (I of rational numhers.
The intersection of any nonempty collection of subfields of a given field F is again a subfield of F. If we form the intersection of all subfields of F. we obtain tbe prime suhfield of F. It is obviously a prime field. 1.78, Theorem. The prime suhfield of a field F is isomorphic to either IF l' or Q. according as [he characterislic of F is a prime p or O.
1.79. Definition. Let K be a subfield of the field F and M any subset of F. Then the field K( M) is defined as the intersection of all subfields of F containing both K and M and is called the extension (field) of K obtained by adjoining the clements in M. For finite M = (0" ... ,On} we write K (M) ~ K(O" ... ,On)' If M consists of a single clement E F, then L ~ K(O) is said to be a simple ex/elISion of K and is called a defil/ing element of I. over K.
°
°
4. Field Extcn!'.ions
31
Obviously, K( M) is the smallest subfield of F containing both K and M. We define now an important type of extension. 1.80. Definition. Let K be a subfield of F and 0 E F. If 0 satisfies a nontrivial polynomial equation with coefficients in K, that is, if anon + ... + 0 10 + 0 0 ~ 0 with a, E K not all being 0, then 0 is said to be algebraic over K. An extension L of K is called algebraic over K (or an algehraic extension of K) if every element of L is algebraic over K. Suppose 0 E F is algebraic over K, and consider the set J = K[x): f(O) ~ 0). It is easily checked that J is an ideal of K[x]. and we have J". (0) since 0 is algebraic over K. It follows then from Theorem 1.54 that there exists a uniquely determined monic polynomial g E K[x] such that J is equal to the principal ideal (g). It is important to note that Ir is irreducible in K[x]. For, in the first place, g is of positive degree since it has' the root 0; and if g ~ h,h, in K[x] with I", deg(h;l < deg(g) (i ~ 1,2), then ~ g(O) ~ h,(O)h,(O) implies that either hi or h, is in J and so divisible by
(j
E
o
g, which is impossible.
1.81. Definition. If 0 E F is algebraic over K, then the uniquely de· termined monic polynomial I( E K [x] generating the ideal J ~ (j E K[x): f( 0) ~ 0) of K I x) is called the minimal polynomial (or defining polynomial, or irreducible polynomial) of 0 over K. By the degree of 0 over K we mean the degree of g. 1.82. Theorem. If 0 E F is algehraic over K. rhen its minimal po(vnomial g ocer K has the following proper/ies:
g is irreducible in K[x). For fE K[x] wehavef(O)~O ifandonlv ifgdividesf. (iii) I( is lhe monic polynomial in K[x] of leasl degree hacing 0 as a (i) (ii)
rool.
Proof Property (i) was already noted and (ii) follows from the definition of g. As to (iii). it suffices to note that any monic polynomial in K [x 1having 0 as a rool must be a multiple of g. and so it is either equal to g or its degree is larger than that of g. D
We note that both the minimal polynomial and the degree of an algebraic element 0 depend on the field K over which it is considered. so that one must be careful not to speak of the minimal polynomial or the degree of 0 without specifying K, unless the latter is amply clear from the context. If L is an extension field of K, then I. may be viewed as a vector space over K. For the elements of L ( ~ .. vectors") form, first of all, an ahelian group under addition. Moreover. each "vector" a E t. can be multiplied hy a .. scalar" r E K so that ra is again in L (here ra is simply the
32
Algebrail.:
foundation~
product of the field elements r and a of L) and the laws for multiplication by scalars arc satisfied: r( a -'- {3) = ra + r{3, (r +,)a = ra + sa, (rs)a = r(sa), and la = a, where r, s E K and a, {3 E L. " 1.83. Definition. Let L bc an extension field of K. If L, considered as a vector space over K, is finite-dimensional. then L is called a finiTe e:.aension of K. The dimension of the vector space I. over K is then called the degree of I. over K. in symbols l J.: K]. 1.84. Theorem. If J. is a finile eXlension of K and M i, a finile eXTension of /., [hen M is a finite eXlension of K wilh
[M:K]=[M:L][L:K]. Proof PUlrM:Ll=m,II.:Kl~n.andlet{a,.... ,a",}beabasis of M over I. and ({3, .... ,{3,) a basis of I. over K. Then every aC' M is a linear combination a = YIO':I; ••. - YmCt m with y, E:: I. for I.:;:;: i:::;; »1, and writing each Yi in terms of the basb clements 13, we get m
n,
!
m
11
1J
I: Y,a, = I: II:, r,A In, = I: I: r, ,Il,a,
a~ I
I
,.- I \ J - ,
1-1 / -
I
I
with coefficients rlt E K. If we can show that the: n1n clements f3J D.,. I ~ i ~ m. I ~ j s:;; n, arc linearly independent over K, then we are done. So suppose we bave m
,
I: I: I
witb coefficients s'J
E
s,,{3,a,
=0
-= I / -!
K. Then
and from the linear independence of the a, over I. we infer
L s,/l, -- 0
for I ~ i ~
In.
1·1
But since the {I, arc linearly independent over K. Wl.: concluul.: that all
SII
Q 1.85.
Iheurem,
are 0
LGcry finile cXlensioll of K is algehraic IiDer K.
Proof Let l. be a finite extension of K and put 1/.: K J = m. For 0("" L. the m + I clement> I, 0, .. .,0"' must then be linearly dependent over K, and so we get a relation a o I il 1(J •..• + ilfYI()m =-= 0 with a i C K not all being O. Thi,just says that 0 is algebraic over K. CJ
4. Field
r..xtension~
33
For the study of the structure of a simple extension K(O) of K obtained hy adjoining an algebraic element. let F he an extension of K and let 0 E F he algebraic over K. It turns out that K(O) is a finite (and therefore an algehraic) extension of K. 1.86. Theorem 1RI 0 E F he algebraic o[ degree n ocer K and leI g he Ihe minimal polvnomial o[ 0 over K. Then: (i)
(ii) (iii)
K(O) is i.wmorphic 10 K[x]j(g). [K(O):K]~nand{I,O, .... On ') is a basis o[K(O) over K. t'cer} a E K (0) is algebraic neer K and its degree over K is a dicisor o[ n.
Proof (i) Consider the mapping T: K[xJ ~ K(O), defined hy T(j) for [E K[x], which is easily seen to he a ring homomorphism. We have kerT ~ {j E K[x]: [(0) = O}~ (g) by the definition of the minimal polynomial. Let S be the image of T: that is, S is the set of polynomial expre"ions in 0 with coefficients in K. Then the homomorphism theorem for rings (see Theorem lAO) yields that S is isomorphic to K [x]j( g). But K[x]j(g) is a field by Theorems 1.61 and 1.82(i), and so S is a field. Since K >; S >; K(O) and 0 E S, it follows from the definition of K(O) that S ~ K(O), and (i) is thus shown. (ii) Since S = K(O), any given a E K(O) can he written in the form a ~ [(0) for some [E K[x]. By the division algorithm, [~qg -i- r with q,rEK[x] and deg(r)<deg(g)~n. Then a~[(O)=q(O)g(O)Tr(O)~ r( 0), and so a is a linear combination of 1,0, .... 0' 'with coefficients in K. On the other hand, if a o + a,O + ... + an ,0'-' ~ 0 for certain a, E K, then the polynomial h(x) ~ a o + a,x + ... + an ,Xn 'E K[x] has 0 as a root and is thus a multiple of g by Theorem 1.82(ii). Since deg(h) < n ~ deg(g), this is only possible if h = O-that is, if all a, ~ O. Therefore, the elements 1,0.... ,0'-' arc linearly independent over K and (ii) follows. (iii) K(O) is a finite extension of K by (ii), and so a E K(O) is algehraic over K hy Theorem 1.85. Furthermore, K(a) is a subfield of K(O). If d is the degree of a over K. then (ii) and Theorem 1.84 imply that n=[K(O):K]~[K(O):K(a)][K(a):K]=[K(O):K(a)]d.hence d di= [(0)
vides n.
LJ
The clements of the simple algehraic extension K(O) of K are therefore polynomial expressions in O. Any element of K(O) can be uniquely represented in the form a o + 0 1 + ... + an Ion 1 with a/ E K for 0 ~ i ~ n-1. It should he pointed Out that Theorem 1.86 operates under the asoumption that hoth K and 0 are emhedded in a larger field F. This is necessary in order that algebraic expressions involving make sense. We
°
°
now want to construct a simpk algehraic extension ah oeo
that is, without
34
Algebraic roundations
reference to a previously given larger fidd. The clue to this is contained in part (i) of Theorem I.R6. 1.87. Theorem. l.et f E K[x] be irreducible ""er the field K. Then Ihere exisls a .,imple algebraic extension of K wirh a roOi of f as a defining element. Proof Consider the residue class ring 1. = K[xl/(/), which is a field hy Theorem 1.61. The clements of L are the residue dasses [h] = h + (/) with hE K [x 1. For any a E K we can form the residue class ra] determined by the constant polynomial a, and if a, h E K arc distinct, then [aj'" [h]' since f has positive degree. The mapping a""""" [a] gives an isomorphism from K onto a subfield K' of L, so that K' may be identified with K. In other words, we can view 1. as an extension of K. For every h(x) = au + a,x + ... + amx m E K[x] we have [h]= [aD + a,x + ... + amx m]= [au]+[aJ![x]+ ... +[am][x]m = aD + a,[x]+ ... + am[x]m hy the rules for operating with residue classes and the identification [a,] = a,. Thus, every clement of L can he written as a polynomial expression in [x] with coefficients in K. Since any field containing both K and [x] must contain these polynomial expressions, 1. is a simple extension of K obtained hy adjoining [x]. If f(x)=bu+b,x+'" +hnx n. then f([x])=bo+b,lx] + ... + bn[x)" = [bo + h,x + ... + hnx n ] = [f] = [0], so thatfx] is a root of f and L is a simple algehraie extension of K. 0
1.88. Example. As an example of the formal process of root adjunction in Theorem 1.87, consider the prime field IF, and the polynomial f(x) = x' + x + 2 E 1F,[x], which is irreducible over IF,. Let 6 be a "root" of f; that is, 6 is the residue class x + (/) in I. = 1F.,[x 1/(/). The other root of fin L is then 26 +2. since f(26 +2) = (26 +2)' +(20 +2)+2 = 6' + 6 +2 = O. By Theorem 1.86(ii), or by the known structure of a residue class field. the simple algebraic extension I. = 1F,(6) consists of the nine dements 0,1.2.6,6+1.6+2,26,26+1,26+2. The operation tables for 1. can he constructed as in Example 1.62. 0 We observe that in the above example we may adjoin either the root 6 or the root 26 + 2 of f and we would still obtain the same field. This situation is covered hy the following result, which is easily established. 1.89. Theorem. Ler a and f3 he fWO rools of the polynomial f E K l x] Ihat is irreducible over K. Then K(a) and K(f3) are isomorphic under an isomorphism mapping a 10 f3 and keeping the elemellls of K fixed.
We are now asking for an extension field to which all roots of a given polynomial helong. 1.90. Definition. Let f E Klx] he of positive degree and F an extension field of K. Then f is said to splil in F if f can be written as a product of
4 field
LXIl·m.ion~
35
linear factors in Flx] that
that is, if there exist elements "" "" ... ,". E F such
/(x)~a(x- "I)(X
- ",) ... (x-".),
where a is the leading cocfficicnt of f. The field F is a splilling /ield of / over Kif / splits in F and if, morcovcr, F= K("I' "" ... ,,,.). It is clear that a splitting field F of / over K is in the following sense the smallest field containing all the roots of /: no proper suhfield of F that is an extcnsion of K contains all thc roots of f. By repeatcdly applying the process used in Theorem 1.87, onc obtains the first part of the subsequent result. Thc second part is an extcnsion of Thcorem 1.89. 1.91. Theorem (Existcncc and Uniqueness of Splitting Field). 1/ K is a /ield and / any polynomial 0/ posilive degree in K rx], lhen lhere exisls a splilling /ield 0/ / over K. Any IWD splilling /ields 0/ / oeer K are isomorphic
under an isomorphism which keeps lhe elemenrs into each other.
0/ K fixed and maps roOlS all
Sincc isomorphic ficlds may he identified, we can speak of lhe splitting field of / over K. It is obtained from K hy adjoining finitely many algehraic elements over K, and therefore one can show on the basis of Theorems 1.84 and 1.86(ii) that the splitting field of / over K is a finite extension of K. As an illustration of the usefulness of splitting ficlds, we consider the question of deciding whether a given polynomial has a multiple root (compare with Definition 1.65).
1.92. Definition. Let / E K [x J be a polynomial of degree n;, 2 and suppose that/(x)~au(x-"I)"'(x-".) with ", ..... ". in the splitting field of / over K. Then the discriminanr D(/) of / is defined by D(f) ~
a6·'
n (", - "y. 1 .... 1
< , .... n
It is obvious from the definition of D(/) that/has a multiple root if and only if D(/) = O. Although D(/) is defined in terms of elements of an extension of K. it is actually an clement of K itself. For smalln this can he seen hy direct calculation. For instance. if n ~ 2 and /(x) ~ ax' + bx + c = a(x-"I)(x-a,). then D(/)~a'(al-a,)'~a'«a,+a,)'-4a,a,)= a'(b'a-' -4ca- I ), hence
D(ax' + hx + c) ~ h' -4ac. a well-known expression from the theory of quadratic equations. If n ~ 3 and /(x)~ak'+bx'-rcx+d~a(x-a,)(x-a,)(x-- a,). then D(/)= a 4("1 - "')'("1- ",)'(a 2 - a,)". and a more involved computation yields
D(ax'
-r
hx' ~ ex
f
d) ~ h'(" -4b'd -4ac' - 27a'd' + 18ahcd. (1.9)
Algehraic
roundation~
In the general case, consider first the polynomial s E K[x" ... ,x"] given by 2n' S ( X1'''·'X n ) --a O
n (
X/-X;
1 ,;;
I . Then F has characteristic p by Theorem 2,2 and so contain.;,lF p a~ a ...uhfield. It follows from Lemma 2.4 that F is a splitting field of \"" -.' o,er ~ p' Thu, the desired result is a consequence of the uniquene~." (up !l) isomorphisms) of splitting fields, which was noted in Theorem 1.91. .1
The uniquene.:ss part of Theorem 2.5 provides the ju~tification for speaking of rhe finite field (or rh" Galois field) with q element;. M of I!I" finite field (or rhe Galois field) of order q. We shall denote thi, field hy If". where.: it i~ of course understood that q is a power of the prime characterisl it' p of Fa' The notation (iF(q) is abo used by many authors. q
=
2.6. Theorem (Subfield Criterion). Ler} q I", Ihe fill ire field wah pI/ elen/ems. Then el;ery suhjhdd of IF" has order p'''. where m is a fO'ii{in'
divi'ior of 11. Convene/)'. if m is a fosiffl:e diuSOf of 11. {hen (here is eXl1l'fl)' one wl>field of F" wirh p'" elemellls.
Proof. It is dear that a subfidd K of IF q has order pm for some positive integer m :;;; II. Lemma 2.1 shows that q ,- pll must be a pow~r of pn,. and so In is neces~arily a divisor of n. Conversely. if In b a positive divisor of fl, then pm - 1 divides pi' - I.
and ~() Xf'~1 1 -I dividct' x p "' 1 I in iF-vrx]. Consequently. x P "'.- x divides x P " - x "x" - x in IF{,lx J. Thu~. every root of ),./,." - x is a root of Xii - x and so hehmgs to ~ q' It follows that '-" must contain as a subficld a splitting field of x p " x over IF p' and as wc have seen in the proof of Theorem 2.5. such a splitting field has order p"'. If there were two distinct suhfields of order pm in IF q' they would together contain more than pm fools of X p'~ - X in IF -+cj(a) is a linear transformation from F into K, and thus, according to Theorem 2.24, there exists a f3j E F such that c,f a) ~ Tr'IK Wja) for all a E F. Putting a ~ a" I ~ i ~ m, we sec that Tr'!K (f3la,) = 0 for i'" ) and 1 for i ~). Furthermore, (13" ... ,13m) is again a basis of F over K, for if d,f3,+'" +dmf3m~O withd,E K for I~i~m.
then by multiplying by a fixed a, and applying the trace function Tr FIK . one shows that d, ~ O. 2.30. Definition. Let K be a finite field and F a finite extension of K. Then two bases (a, ... .,a",) and (13" ... ,13m) of F over K are said to be dual (or complementary) bases if for I ~ i,) ~ m we bave
fori"'), fori=). In the discussion above we have shown tbat for any basis (a, .... ,a"') of F over K there exists a dual basis {f3" ... ,f3m}. The dual basis is, in fact, uniquely determined since its definition implies that the coefficients c,fa), I~)~m. in (2.4) arc given by ("i(a)~TrFIK(f3ia) for all aEF. and by Theorem 2.24 the element f3i E F is uniquely determined by the linear transformation ci . 2.31.
Example.
Let a E IF, be a root of the irreducible polynomial
+ x' + I in 1F,[x]. Then (a. a'. I + a + a') is a basis of IF, over IF,. One checks easily that its uniquely determined dual basis is again {a, a'. I + a + x'
a'}. Such a basis that is its own dual basis is called a self-dual hasis. The element as E IF Il can he uniquely represented in the form as = cia + Czet:! ......
3. Tran's, ;"'0rms. and
55
Ib~c:-
J
c,(
1 , a -t a·~) with
('I'
('~. c., E=!F ~. and the coefficients are given hy
'" =Tr,)a·a') (' 2 .. Tr r ~ (a"a') c, = so that a'· a' , (I
O. ~
1.
1r,.((1- a+ a.')a')
~ 1.
+ a + a').
0
The number of distinct hases of F over K is rather large (see Exercise 2.37). but there are two special types of bases of particular importance. The first is a polynomial 1)Q.}i.r. {I. U. u 2 •••. , urn I}, made:: up of the powers of a defining clement" elf Faver K. The clement a is often taken to be a primitive clement of F (compare wi)h Theorem 2.10). Another type of basis s a ormal basis defined by a suitahle element of F.
.g
. . Definition. • Let K .. IF q and F ~ IF q"' Then a basis of F over K of the form Ct.ex 4 ••.. ,a 4 }. consisting of a suitabk clement aE F and its conjugates with respect to K, is called a normal hasis of F over K. The basis (a. a.'. I + a - a'} of IF, over IF, discussed in Example 2.31 is a normal basis of!F g over!F~ since I t- ex + a 2 = a 4 . We shall show that a normal hasi."i exists in the general case as well. The proof depends on two lemmas. one on a kind of linear independence property of certain group homomorphisms and one on linear operators. 2.33. Lemma (Artin Lemma). I.el J/.;1 ..... ~>1/ be dislincr homomorphi.wls from a group G infO the mulliplicalice group F* of (In arhilrary field F. and leI a I' .... am he elemenl.'! of F lhal are not all O. Then for some g E G we hace
a,,,,,(g)
1 ••. +am';'m(g)~O.
Proof We proceed by induction on m. The case m ~ I being trivial. we a~~ume that m > 1 and that the statement b shown for any m - I distinct homomorphisms. I'\ow, take ~I, .... J/.;m and a 1..... £J m as in the lemma. If a, ~ O. the induction hypothesis immediately yields the desired result. Thus let a, ~ O. Suppose we had
a,"',(g)+ .. ·• Since
am';'»,(g)~O
forallgEG.
(2.5)
Y. = Ym' there exists h E C with';' ,( h) '" ';'m(h). Then. replacing g hy
hg in (2.5). we get a,y,(h)';',(g)+·'" A fter multiplication hy
ym( h)
amYm(h)';'n,(g)··O
forallgEC.
'we obtain
h,';',(g)+ ... +bm ''''m_,(g)+amYm(g)~O forallgEC. where bl .::..: aiJ/.;i{h)~f'1(h) I for I ~ i ~ m -I. By suhtracting this identity
S6
Slructure of Finite Fit'lds
from (2.5), we arrivc at
where c = a b , for 1 ~ i ~ m 1. But ('I"':' u l - Ul~l(h)o/m(h)-1 we have a contradiction to the induction hypothcsi,. j
j
-
=1=
0, and 0
We recall a few concepts and facts from linear algebra. If T is a linear operator on the finite-dimensional vector space V over the (arbitrary) field K, thcn a polynomial f(x) ~ a,x" ~ ... + a,x + a o C K [xl is said to annihilate T if an Tn + ... -+- Q l T -{ G o 1 = 0, where 1 is the identity operator and 0 the zero operator on V. The uniquely determined monic polynomial of least positivc degree with tbis property is called the millimal polYllomial for T. It divides any other polynomial in K[x] annihilating T. In particular, the minimal polynomial for T divides the characleristic pO(Yllomial x(x) for l' (Cayley-Hamilton theorem), which is given by g(x) ~ det(xl- T) and is a monic polynomial of degree equal to the di mension of V. A vector a E V is callcd a cyclic veClOr for T if the vectors T'a, k ~ 0, I, ... , span V. The following is a standard result from linear algebra.
2.34. I.emma. Let T be a lillear operaTOr all Ihe finile-dimellsiollal vector space V. Then r has a ,yclic veCTOr if and ollly if the characterisric and minimal polynomials for l' are idemical. 2.35. Theorem (:-.Iormal Basis Thcorcm). For any finite field K and any/iniTe eXTension F of K, There exisTs a normal hasis of F over K,
Proof Let K ~ !', and F ~ !'" wi th m ;> 2. hom Theorem 2.21 and the remarks following it, we know that tbe distinct automorphisms of F over K arc given by La. a',. . .,a m '. where e is the identity mapping on F, a( a) - a' for a Eo F. and a power a I refers to the j-fold composition of a with itself. Because of o(a t /3l ~ a(a)+ a(/3) and a(ca) = a(c)a(a) ~ car a) for a, /3 F F and CEo K, the mapping a may also be considered as a linear operator on the vector sptlce F over K. Since am = E, the polynomial x m - I c= K [xl annihilates a. Lemma 2.33, applied to e, a, a 2,. .. , am 'viewed as endomorphisms of P. shows that no nonzero polynomial in K[x] of degree less than m annihilates 0. Consequently, xf'l - I is the minimal polynomial for the linear operator a. Since the characteristic polynomial for a is a monic polynomial of degree m that is divisible by the minimal polynomial for a, it follows that the characteristic polynomial for a is also given by x m - 1. Lemma 2.34 implies thcn the existence of an element a E F such that a.a(a),a'(:..
and b\ applying the trace function we get ('~Trr;K(Ct:IOi)..;... ...
+ CmTr,../K(a*1O':j) =0
forl~j~m.
Rut since the row vector:, of the determinant defining Ll OK (ol ..... a*1) are (I ~ . . . ~ c' n ~ O. Therefore. a l ... .. a .., C
linearly independent. it folio",' that ar~ linearly independent over K.
There:.: is another determinant of order m that :-.erve:, the same purpose as the discriminant ,j,flK(Ct:I ..... Ct: m ). The e:.:ntries of this determinant arc. however. elements of the extension field F. For Ct:l ..... o m E F. let
5~
Structuft' (If !:'nill' hl..'lds
A he the m x In matrix. whose entry in the ith row and jth column i~ af-I, where q is the number of elements of K. If AT denotes the transpose of A. then a simple calculation shows that A 'A ~ R. where B is the m x m matrix whose entry in the ith row and jth column is TrF/K(aia J ). By taking determinants. we ohtain
:>J/K(IX, ..... a n ,) ~ det(A)'.
The following result is now implied by Theorem 2.37.
Fq"'
2.38. Corollary. Let a, ....."m Fq if and only if
E
Fq.... Then {a, ..... a m} i, u hu,i, of
Ol,",
a,
a,
al
(Xi
am a mq I
;
J. "low let a E D and define Nu = {h co D: ab = hal· Then N u is a division ring and N u contains L. Thus N{/ has qr clements, where I ~ r ~ n. We wish to show that r divides n. Since N: is a suhgroup of D*, w~ know that q' - I divides q" 1. If 11 =' rm 1 t with 0" t < r, then qn. I· q'"'q' -I ~ q'(q'''' -I)+(q' -I). "low q'-I divides q" .. I and also q'''' - I, thus it follows that q' - I divides q' - I. But q'. I < q' - I. and so we must have t - O. This implies that r divides n. We consider now the class equation for the group D* (see Theorem 1.27). The center of D* is L*. which has order q - I. For a E D*, the normali/'er of a in D* is exactly N{/*. Therefore, a conjugacy class in D* containing more than one memher has (q" . 1V( q' - I) elements, where r is a divisor of n with I ~ r the same degree over L. We state this result in the following equivalent form. 1.58.
Lemma.
All maximal suh/ield, a/ D hal'
Let F be a finite extension of the finite field K and a E F. The mapping L: fJ E F>-+ afJ E F is a linear transformation of F. considered as a vector space over K. Prove that the characteristic polynomial g( x) of a over K is equal to the characteristic polynomial of the linear transformation L; that is. g(x) = det(xl- L). where 1 is the identity transformation. 2.26. Consider the same situation as in Exercise 2.25. Prove that Trf/x(a) is equal to the trace of the linear transformation L and that NF/K(a) ~ det( I.). 2.27. Prove properties (i) and (ii) of Theorem 2.23 by using the interpretation of Trf/K(a) obtained in Exercise 2.26. 2.28. Prove properties (i) and (iii) of Theorem 2.28 by using the interpretation of NF/K(a) obtained in Exercise 2.26. 2.29. l.et F be a finite extension of the finite field K of characteristic p. Prove that Tr F/. (a P") = (Tr F/.f a»P' for all a E F and 11 EN. 2.30. Give an alternative proof of Theorem 2.25 by viewing F as a vector space over K and showing by dimension arguments that the kernel of the linear transformation Tr F/ K is equal to the range of the linear operator L on F defined by I. f fJ ) ~ fJq - fJ for fJ E F. 2.31. Give an alternative proof of the necessity of the condition in Theorem 2.25 by showing that if aE F with Trfl.(a) = O. y E F with TrflKfY) = - I. and 8, ~ a + a q + ... + a q ' '. then
2.25.
IF: KI
L o,Y"' ,
fJ~ r
satisfies
fJ" - fJ ~ a.
1
2.32. 2.33. 2.34. 2.35.
Let F be a finite extension of K ~ IF q and a = {3q - {3 for some {3 E F. Prove that a ~ yq - y with y E F if and only if {3 - y E K. Let F be a finite extension of K ~ IF q' Prove that for a E F we have ~F/K(a)~l ifandonlyifa~{3q 'forsome{3EF*. Ptove '[7-o'x q ' - c ~ x - a) for all c E K ~ IF q' where the product is extended overall aE F~lFq"' with TrF/K(a)~c. Prove
m
x q "'
..
x
~
n (' mL:' x ,"E-i
2 36,
2.37,
q
q' -
(')'
j=-O
for any m EO N. Consider IF q"' as a vector space over IF q and prove that for every linear operator L on IF q"' there exists a uniquely determined m-tuple ( a", a" " "a m ,) of elements of IF q"' such that
Prove that if the order of basis elements is taken into account, then the number of different bases of IF q"' over IF q is
(qm _ J)(qm- q)(qm _ q').,. (qm _ qm-'), 2.38. 2.39. 2.40.
Prove: if (a"".,a m ) is a basis of F~lFq", over K ~lFq' then Trr/K(a/)=t=O for at least one i, l~i~m.. .., I Prove that there exists a normal basis (a, a q ,,,,, a q ) of F ~ IF q"' over K ~ IF q with TrF/K(a) ~ I. Let K he a finite field, I"~ K(a) u finite simple extension of degree n, and f C K Ix I the minimal polynomial of a over K. Let
f(x)
x-a
2.41.
2.42. 2.43.
~fl0 -{3x+'" +fl 1
II
I
x" 'cF[x]
and
y~f'(a).
Prove that the dual basis of {La"",a" '} is {{joY ',{3,y ' ..... {3" - ,-I . , }. Show that there is a self-dual normal hasis of 1F 4 over IF" hut no self-dual normal basis of ff'16 over IF, (see Example 2.31 for the definition of a self-dual hasis). Construct a self-dual hasis of IF 16 over IF, (see Example 2.31 for the definition of a self-dual hasis). Prove that the dual hasis of a normal hasis of IF q"' over IF q is again a normal hasis of IF qn. over IF/I"
2.44.
Let F he an extension of the finite field K with basis {a" .... a m } over K. Let {3, .. ",{3mEFwith {3,·-"ij_lh,jaj for I«i«m and b,jEK. Let B be the m x m matrix whose U, j) entry is h,j' Prove that !:!. '/K W,,,, "flm) ~ det( 8 )'!J. TIK( a, .. " ,am)'
Structure of I"initl' Fidd"
2.45.
~
Let K
IF q and F ~ IF q"" Prove that for a E F we have A UfiK
(I • a ..... a m
')
n
~
0"
2.46.
2.47. 2.48. 2.49. 2.50.
2.51.
2.53.
2.54.
2.55. 2.56. 2.57.
J ,; m
(.. .
~ I(
""q')' ~
1
Prove that for a F F = IF q" with m " 2 and K ~ IF '/ the diseriminant 6. 1/ K (1. a, .... am - 1) is equal to the discriminant of the characteristic polynomial of a over K. Determine the primitive 4th and Xth roots of unity in IF". Determine the primitive 9th root, of unity in IF ,,,. Let I' bc an nth root of unity over a field K. Prove that 1+ K I 1" f ... + K' ,~O or n according", 1'" I or I' I. For 2 let 1', ..... 1', be all thc (not necessarily distinct) nth roots of unity over an arbitrary field K. Prove that I'f + . " . K;, ~ II for k ." and I'f + ... - 1',; ~ II for k ~ I. 2..... n - I. For an arbitrary field K and an odd positive integer n. show that
n"
°
K(2n)
2.52.
I
n =: 1mod e. and the numher of sW..·h factors i:-. givl:n hy $({')/m. For nl = e.:... 1. we also have 10 take into account the monic irreduejhle polynomial ((.x.) ~ x. U Value, of ord( j) arc availahlc in tahulated form. at least for irreducihle polyn"mials f (sec Chapter 10. Section 2). Since any polynon,ial of positi\'~ degree can he written as a product of irreducible polynomials. the computation of orders of polynomials can he achieved if one kn()\.I;s how to det~rmine the order ()f a power of an irreducihle polynomial anu the order of the product of pairv.'i:-.e relatively prime polynomials. The suhsequent discus~ion i~ devoted to these queqions.
3.6 f
C
I.emma.
I.el
C
he
If- q[ x J "'itll frO) * 0 dit'idel' ., '
(1
positive if1ll!.f!,t'f. Theil the polyll()JlIial I if alld linh' I[ ord( [ ) di"ides "-
If e = ord( [ ) divides "- then f( X) divides x e - I and x" divides XC - I. so that f( x) divides .,' I. Conversely. if f( x) divides x" we have c ~ e. so thut we can write (' . ,., me _. r with 111 L Nand O:S.( r < Since XC 1.= (x me -1)/· (x' - I). it follows that {(x) divide, x' which i, only possihle for r . O. Therefore. e di,ide., (.
Prolif
I
J. (',
I. ~
I Ohkr (If
l)ol~m()mial.' and
Primitivt'
P()l~n()mi..ll"
77
3.7. Corollary. If £'1 alld e:: are posiTi!:e iJ1l('gers. Then The greaTesT common divisor of X"I I and x"·' - 1 in IF qr x 1 is x J - I. where d is The grealeST common dioisor of e] and e:>. Proof I.et f(x) he the (monic) greatest common divisor of x" - I and xt'; - 1. Since x d - I is a common divisor of xt'o - 1, i .:. ;. L 2, it follows that x"" I divides f(x), On the other hand, f(x) is a common divisor of x", I. i ~ 1.2, and so Lemma 3.6 implies that ord(j) divides c, and e,.. Consequently, ord(j) divides d, and hence fIx) divides x" - I by Lemma 3.6. Altogether, we have shown thatf(x) ~ x" I. D Since powers of x arc factored out in advance when determining the order of a polynomial. we need not consider powers of the irreducible polynomials I(x) with g(O) ~ O.
".Ix]
],8. Theorem. rei g . 3./6. Theorem. A polynomial I c= IFqlxl 01 degree m IS a primilive fl0lrnomwl ore< IF" if and on/r il I is mOl/i I, we set em = cm_ 1 = ... = cm-~+2 = 0 and cm_$~ 1 = 1.
3.42. Example. Let 0 E IF64 be a root of the irreducible polynomial x' + x + I in 1F,[x]. For 13 = 0' + O· we have f3o~
1
13 ' ~
0'+0·
f3'~ I +0 + 0'+ 0' f3'~ 0+0'+0'
13·= 13'=1
0 + 0'
+0· +0'+0· f3'~1+0+02 +0·
Therefore, the matrix
B is given by
0 0 0 0 0 I I 0 I I 0 0 B= I I 0 0 1 0 I 0 0 I I 0 I 0 1 o; and its rank is r = 3. Hence., ~ m + I - r = 4, so that we set c, = c, = c. ~ 0, c, = l. The remaining coefficients arc determined from (3.10), and this yields c, ~ I, c, = O. Co = I. Consequently, the minimal polynomial of 13 over I 0 1 0 0 I I
1F2isg(x)~x'+x'+l.
0 0 I I I 0 I
D
Still another method of determininK minimal polynomials is based on Theorem 3.33(v). If we wish to find the minimal polynomial g of 13 E IF qm
95
over IF,. we eakulate the power" {3. fl'. {3". ... until we find the least po,ilJve integer d for which {3'" ". {3. Thi, integer d is the degree of g, and g it'elf i, given by g(x)~(x-{3)(x-{3')",(x-{3q'
'j.
1 he clements {3. fl",· .. ,fJ"" , are the distinct conjugates of {3 with respect to ~ q' anJ g is the minimal polynomial ovcr IF q of all these elements. 3.43. Example. We compute thc minimal polynomials over IF, of all elements of IF ",' Let 0 f' IF 16 he a root of the primitive polynomial x 4 + x + I over !F 2' so that every nonzero clement of IF 16 can be written as a power of O. We have the following index table for IF 16:
0'
0'
o
I
I
0 0' 0' 1+0 0 + 0'
8 9
2 3 4 5 6
0' + 0 3
7
1-0+0 3
1+0' 0 - 03 10 i 1+0 + 0' 110+0',0' 12 I-O~O'+O' 13 1+0'+0 3 14 1+ 0 3
The minimal polynomiab of the clements
{I
(I
fl
~
f3
of IF It> over IF;! are:
0: I:
g,(x)~x.
0:
the Jistinet conjugates of 0 with respect to IF, are 0,0',0 4 ,0'. and the minimal polynomial is
g,(x)~x+1.
g,(x)=(x-O)(x-0')(x-0 4 )(x-0')
= x4 +
fl
~ 0':
+ 1. The di'tinct conjugates of 0' with re'pect to IF, are 0'.0'.0 1',0 240 0'. anJ the minimal polynomial is X
g4(X) = (x - O')(x - 06)(X - 8')(x - 8 1' )
= x4 + X 1
{3
~
8':
x 2 -:- x + 1. Since fJ4 ~ {3. the Jistinct conjugates of this clemcnt with respect to IF, arc 0'. 8 10 • and the minimal polynomial is -
g, (x) ~ (x - 8')( x - 8 10 ) ~ x' + x + I.
/i
0':
The distinct conjugates of 8 7 with respect to IF, arc 0",0'4, 0" ~ 0\.'. 8" ~ 8 11 , and the minimal polynomial is
g, ( , )
(x -
0 7 )(.\ l
=x 4 _x· +l.
-
8 '1 )( X
-
8 13 )( X
-
8 14 )
Polynomial~ over
96
Finite
hcld~
These elements, together with their conjugates with respect to IF ,. exhaust LJ
iF ](>.
I\n important problem is that of the rJelermil1alion of primitive polynomials. Onc approach is hased on the fact that the product of all primitive polynomials over IF q of degree m is equal to the cyclotomic polynomial Q, with e ~ qm - I (sec Theorem 2.47(ii) and Excreise 3.42). Thcrcfore. all primitive polynomials over IF q of dcgree m can he determined by applying one of the factorization algorithms in Chapter 4 to the cyclotomic polynomial Q,. Another method dcpends on constructing a primitive clement of IF q" and then determining the minimal polynomial of this clement ovcr IF q by the mcthods described above. To find a primitive element of IF q_' one sturts from the order qm - I of such an element in thc group IF:., and factors it in the form qm -I ~ h, ... h" where the positive integers h, .... ,h, arc pairwise relatively prime. If for each i. I ~ i ~ k. one can find an element £XI E IF;~. of order hi' then the product 0: 1'" a" has order qm -1 and is thus a primitive element of IF I has the nontrivial factor x. By using l.emma 3.59, one shows immediately that the q-polynomial L(x) is symholically irreducible over Fq if and only if its conventional q-a'Sociate I(x) is irreducible over Fq' hery q-polynomial L(x) over F q of degree> I has a symbolic !aclorizalion into symholically irreducible polynomials over F q and this factorization is essentially unique, in the sense that all other symholic factorilations arc obtained by rearranging factors and by multiplying fac-
tors by nonzero clements of IF q" Using the:
corrcspond~nce
between lin-
earized polynomials and their conventional q-associatcs. DOl: sees that the symholic factorization of I.(x) is obtained by writing down the canonical factorization in !' "Ix J of its conventional q-associate I( x) and then turning to
lineari7.ed q-associatcs.
3.64. Example. Consider the 2-polynomial L(x) ~ x"" x' • x' + x over !F:. Its of I.(x). then
L(x)~
n
fi (-
(x-/3)'"
,'vi
for some nonnegative integer k. Since M I.(x)" ."
II fir
11
(x'-!3")"' ~
~
(/I": /I to
n f1~'Af
M). we ohtain
(x'-IJ}'I' ~ I,(x"),
110
Polynomials over hnit(' Fields
If n
L(x) ~
L
a,xq'.
1=0
then n
L
n
L
aixq'·'~l.(x)q~L(xq)~
i=O
so that for 0 ~ i:E; n we have a? = q-polynomial over I' q'
(Xl
and thus
(XI
a,x q" 0
I
E:
IF q" Therefore, /J(x) is a D
Any q-polynomial over I' q of degree q is symholieally irreducible over I' q' for q-polynomials of degree > q, the notion of q-modulus can be used to characterize symbolically irreducible polynomials.
3.66. Theorem. The q-polynomial L (x) over I' q of def!,Yee > q is symholically irreducible over I' q if and only if I. (x) has simple roots and the q-modulus M consisting of the roots of L(x) contains no q-modulus olher than (OJ and M itself. Proof Suppose l.(x) is symbolically irreducible over ff'q. If L(x) had multiple roots, Ihen Theorem 3.65 would imply that we could write l.(x)~ L,(x)q with a q-polynomial L,(x) over ff'q of degree> I. But then l.(x) . xq®L,(x). a contradiction to the symbolic irreducibility of l.(x). Thus l.(x) has only simple roots. Furthermore, if N is a q-modulus contained in M, then Theorem 3.65 shows that 1.,(x)~II#, N(X-f3) is a q-polynomial over ~ q' Since l.,.(x) divides L(x) in the ordinary sense, it symbolically divides L(x) by Theorem 3.62. But L(x) is symbolically irreducible over I'q' and so deg( L,( x» must be either I or deg( L(x)); that is, N is either (OJ or M. To prove the sufficiency of the condition. suppose that L(x) = L,(x) ®I.,(x) is a symbolic decomposition with q-polynomials L,(x). L,(x) over ~ q' Then l.,(x) symholically divides L(x). and so it divides l.(x) in the ordinary sense by Theorem 3.62. It follows that L,(x) has simple roots and that the q-modulus N consisting of the roots of L,(x) is contained in M. Consequently, N is either (OJ or M. and so deg(l.,(x) is either I or deg(L(x)). Thus, either l.,(x) or l.,(x) is of degree I. which means that L(x) is symbolically irreducible over ff'q. D .~.67. Definition. Let L( x) be a nonzero q-polynomial over I' q"' A root l of L(x) is tailed a q-primi(ir~e root over IF t(" if it is not a root of any noo7cro q-polynomial over i'" of lower degree.
Tbis concept may also be viewed as follows. Let g(x) be the minimal polynomial of Z; ovcr 1'." Then Z; is a q-primitive root of l.(x) over ff'q_ if
4. I ,incaril.cd Polynomiab
III
and only if g(x) divides L(x) and g(x) docs not divide any nonzero q-polynomial over I' q. of lower degree. Given an elementl' of a finite extension field of I' q"" one can always find a nonzero q-polynomial over I' q. for which l' is a q-primitive root over I'q"" To sce this. we procced as in the construction of an affine multiple. Lct g(x) bc the minimal polynomial of l' over I'q •• let n be the degree of g(x). and calculate for i ~ O.I ..... n the unique polynomial r,(x) of degree ~ n-I with x q ' = r,(x) mod g(x). Then determine elements a, E I' q.' not all O. such that [7-0 a,r,(x) ~ O. This involves n conditions concerning thc vanishing of the coefficients of Xl. 0 ~ j ~ n -I. and thus leads to a homogeneous system of n linear equations for the n + 1 unknowns aD_ a l •.. •• ll:n' Such a system always has a nontrivial solution. and with such a solution we gct n
L(x)~
L
n
a,x q '=
/"" 0
L
a,r,(x)=Omodg(x).
i=O
so that l.(x) is a nonzero q-polynomial ovcr I'q_ divisible by g(x). By choosing the ", in such a way that L(x) is monic and of the lowest possible degree. one finds that l' is a q-primitive root of L(x) over 1'••. It is easily seen that this monic q-polynomial l.(x) over I'q. of Icast positive degree that is divisible by g(x) is uniquely determined; it is called the minimal q-polynomial of l' over I' qm. 3.68. Theorem. l.ell' be an element of a finile eXlellsion field of 1'". and leI M(x) be its minimal q-po(ynomial ocer I'q-. Then a q-polyllomial K(x) DCer I'q"' has l' as a root if and only if K(x) ~ L(x)0M(x) for some q-polynomial L(x) over I'q •. In particular. for Ihe case m ~ I Ihis means Ihal K(x) has l' as a rOOI if and only if K(x) is symbolically dicisihle hy M(x). Proof If K(x) = L(x)0M(x) that K(l') ~ O. Convcrscly. let
M(x) =
, L
~
L(M(x». it follows immediately
YjX q ,
with Y, = I
"hXq'
with r :;,
J=O
and suppose K (x) ~
L
I
h""'O
has l' as a roo!. Put s ~ r -
I
and Y,
=
0 for j < O. and consider the followir.g
Polynomiab over Finite rields
112
system of s
+I
linear equations in the s + I unknowns {3o'{3" .... {3,: {3u+Ylq-tf3l+yl2f32+'"
" +
PI
q' " v1,-]""2
f3~=o,
+y,q's
+... + vIt
q
' 5 t tPj , , -- U (- t
q' '"" . , + y,-,
f3s =
Or
It i' clear that this system has a unique solution involving elements (3o,{3" ... ,{3,oflF q _. With L(x)~ 'L{3,x q ,
and
R(x)=K(x)-I.(M(x))
0
we get
=
"
"- 0hX h..,.U
q"" "" Y,q' q'" -
"- P, ",-0 J-O
X
t (Uh-t y:~,{3,')Xq,
h=U
1-'-0
It follows from the system ahove that R( x) has degree < q'. But since R(I;) ~ K(I;) - 1.( M(~)) ~ 0, the definition of M(x) implie, that R(x) i' the zero polynomial. Therefore, we have K(x) ~ L( M(x)) ~ L(x)®M(x). LJ
We consider now the problem of determining the number Nl. of q-primitive roots over IF q of a nonzero q-polynomial/.(x) over IF q • If L(x) has multiple root', then by Theorem 3.65 we can write L(x) ~ L,(x)q with a q-polynomial/.,(x) over IF q • Since every root of L(x) is then also a root of L,(x), we have Nl. ~ O. Thus we can assume that L(x) has only simple roots. If I.(x) has degree I, it is obviou, that NJ• ~ L If L(x) has degree qn > I and is monic (without loss of generality), let L(x) ~ L,(x)®'" \
"v
®L,(x) ® ... ® I.,(x)®··· ®L,(x) -'
'-
-y-"-----'
e,
be the symbolic factorization of L(x) with distinct monic symbolically
,, , "
,I
113 ,
irrcducible polynomials L,(x) over IF q' We obtain Nl. by subtracting from th~ .. total number q" of roots the numbcr of roots of L(x) that are already roots' .. of somc nonzero q-polynomial over IFq of degree < q", If I is a root of I,(x) of thc lattcr kind and M(x) is the minimal q-polynomial of lover IF q• then deg(M(x)) < q" and M(x) symbolically divides L(x) by Theorem 3,68. It follows that M(x) symbolically divides one of the polynomials K,(x). I,,; i,,; r. obtaincd from the symbolic factorization of L(x) by omitting thc symbolic factor I,,(x). in which case K,(n ~ 0 by Theorem 3.68. Since every root of K,(x) is automatically a root of L(x). it follows that NL is qn minus the number of I that arc roots of somc K,(x). If qn, is the degree of L,(x). tben the degree. and thus tbe number of roots. of K,(x) is qn n,. If i ,..... i, are distinct subscripts. then thc numbcr of common roots of K, ,(x)..... K,(x) is equal to the degree of the greatest common divisor. , which is thc same as the degree of the greatcst common symbolic divisor (see the discussion following Example 3.64). Using symbolic factorizations. one finds that this degree is equal to qll
11"
..• -11,
Altogether. the inclusion-cxclusion principle of combinatorics yiclds
,
L
N,.=ql1_ Lql1 11,+ 1.,..,1
1~
I
qn 11, I1,T ... +{_l)rqn-nl "'-11,
< J"" r
=qn(I_q-n')· .. (I_q-n,).
This exprcssion can also bc interpreted in a different way. Let l(x) be the conventional q-associate of L(x). Then l(x) = l,(x)"·· ·l,(x)e.
is the canonical factorization of l(x) in IFqlx]. where l,(x) is the conventional q-associate of L,(x). Wc dcfinc an analog of Euler's -function (see Exercise 1.4) for nonzero f E IF qlx 1by letting q(j(x)) ~ /fl denote the number of polynomials in IF ql x 1 that are of smaller degree than f as well as rclatively prime to f. The following rcsult will thcn imply the identity N L ~ q(l(x)) for thc casc undcr considcration. 3.69.
Lemma.
The function q defined for nonzero polynomials in
IF q[ x 1has the following properties: (i) (ii)
(iii)
q(j) = I if dcg(j) = 0: q(jg) ~ /flq( g) wheneGer f and g are relatiGely prime: if deg(j) ~ n.", 1. then q(f) = qn(l_ q-n,)." (1_ q-n,). where the n, are the degrees of the distinct monic irreducible polynomials appearing in the canonical factorization off in IF qlx].
.
,
114
Polynomials over Finite Fields
Proof Property (i) is trivial. For property (ii). lot q(j) ~ sand q(g) ~ I, and let f, .... .[, resp. g, •... ,g, be the polynomials counted by /f) resp. q,q(g). [f h E IFqlx] is a polynomial with deg(h)" deg(jl() and gcd(jl(,h)~I. then gcd(j,h)~gcd(l(.h)=I. and so h=[,modf. h= I(jmod I( for a unique ordered pair (i. j) with [" i "s, [" j " I. On the other hand, given an ordered pair (i, j). the Chinese remainder theorem for IFq[x] (see Exercise 1.37) shows that there exists a unique hE IFq[x] with h [,mod f. h gjmod g, and deg(h) " deg(jl(). This h satisfies gcd(j, h) ~ gcd(l(. h) = I. and so gcd(jl(. h) = I. Therefore. there is a one-to-one correspondence hetween the sl ordered pairs (i, j) and the polynomials hElFq[x] with deg(h)<deg(jg) and gcd(jl(.h)~1. Consequently. q(jg) ~ sl ~ q(f)q(I(). For an irreducible polynomia[ b in IFq[x] of degree m and a positive integer e. we can cakulate q(b') directly. The polynomials h ElF q[x] with deg(h) < deg(h') ~ em that are not relatively prime to h' are exactly those divisible by b, and they are thus of the form h = I(b with dcg(I() < em - m. Since there are q,m-m different choices for g. we get q(b') = q,m _ q,m m = q,m( I - q m). Property (iii) follows now from property (ii). D
=
=
3.70, Theorem, LeI L (x) be a nonzero q-polynomial ocer IF q with conventional q-associale I(x). Then Ihe numher NL of q-primilive rools of I.(x) over IF q is given by NL ~ 0 if L(x) has multiple roots and by N I, = "'q(f(x» if L(x) has simple rOOls.
Proof ~.
This follows from Lemma 3.69 and the discussion preceding D
3.71. Corollary. Every nonzero q-polynomial over IF q wilh "imple rooa has at least one q-primililJe root over IF q"
Earlier in this section we introduced the notion of a q-modu[us. The results about q-primitive roots can be used to construct a special type of basis for a q-modulus. 3,72. Theorem. Let M be a q-modulus of di,!,ensio~ ":' '" I over IFq • Then Ihere exiSlS an element I: E M such thaI {1:.l:q.l:q ,. .. •I:q ) is a basis of M ocer IF q"
Proof According to Theorem 3.65. L(x) ~ np , M(X - (3) is a qpolynomial over IF q • By Corollary 3.7[, L(x) has a q-primitive root I: over IF q • Then 1:,l:q.I: I and the hypothesis about this binomial, it follows that y is not an element of I'q' and so there exists a root a of fIx) that is not an element of IF q • Then a q ~ a is also a root of fix) and, by what we have already shown, a' - a is a root of the irreducible polynomial X,-l - a over 1'" so that [l'q(aq-a):lFq]=r-\' Since IFq(a'-a)~IF' 2, this is only possible if m ~ r - \. Thus the minimal polynomial of a over IF, is an irrcducible polynomial ovcr IF q of degree r -I that dividesf(x). The result follows now immcdiately. D
~
1~1
Binomial!;, and Trinomials
In the special case of prime fields, one can eharacteri7.c the primitivc polynomials among trinomials of a certain kind. J,84,
Theorem,
rr
For a prime p, the trinomial x P - x - a to IF x Jis a
primitive po~vllomial over IFp if and only if a is a primitive element of IFp and ord(xP-x-I)~(pP-I)/(p-I).
Proof Suppose first that [(x) ~ x P - x - a is a primitive polynomial over IFp • Then a must be a primitive clement of IFp because of Theorem 3.18. If f3 is a root of g(x) ~ x P - x - I in somc extension field of IFp' then
o ~ ag(f3) ~ a({3P -
f3 -I) = a Pf3P - af3 - a ~ [(af3).
,,=
and so af3 is a root of [( x). Conscquently, we have {3' '" I for 0 < r < (pP-I)/(p-I), for othcrwise ,,'(P t'~1 with O!.
dl"
3.47. 3.48.
3.49.
3.50. 3.51. 3.52. 3.53. 3.54.
3.55. 3.56.
3.57. 3.58. 3.59. 3.60. 3.61. 3.62.
3.63.
Prove that over a finite field of odd order q the polynomial -)(1 + x,q· 1)/' +(1- x),q+ 1)/') is the square of a polynomial. Determine all irreducible polynomials in O=,[x] of degree 6 and order 21 and then all irreducible polynomials in O=,[x] of degree 294 and order 1029. Determine all monic irreducible polynomials in O=,[x] of degree 3 and order 26 and then all monic irreducible polynomials in O=,[x] of degree 6 and order 104. Proceed as in Example 3.41 to determine which polynomials /, are irreducible in 0=q[ x] in the case q = 5, m = 4, e = 78. In the notation of Example 3.41, prove that if I is a prime with I - I dividing m - I, then /, is irreducible in 0=, [x]. Given the irreducible polynomial I(x) ~ x' - x 2 + X + lover 0=" calculate I, and Is by the matrix-theoretic method. Calculate I, and Is in the previous exercise by using the result of Theorem 3.39. Use a root of the primitive polynomial x' - x + lover 0=, to represent all elements of 0=;, and compute the minimal polynomials over 0=, of all elements of 0=27' Let 0 E 0=64 be a root of the irreducible polynomial x· + x + I in O=,[x]. Find the minimal polynomial of f3 ~ I + 0' + 0' over 0=2' Let 0 E 0='4 be a root of the irreducible polynomial x' + x 4 + x' + x + I in o=,[x]. Find the minimal polynomial of f3 = I + 0 + Os over 0=, . Determine all primitive polynomials over 0=, of degree 2. Determine all primitive polynomials over 0=4 of degree 2. Determine a primitive polynomial over O=s of degree 3. Factor the polynomial g E O=,[x] from Example 3.44 in O=q[x] to obtain primitive polynomials over 0=9' ractor the polynomial Ii E O=,[x] from Example 3.45 In O=,[x] to obtain primitive polynomials over 0=,. Find the roots of the following lineari7.ed polynomials in thcir splitting fields: (a) L(x) ~ x'·· x 4 + x' + X E O=,[x]; q (b) I,(x) ~ x + x E o=,[x]. find the roots of the following polynomials in the indicated fields by
126
Polynomials over finite fidds
first determining an affine multiple: (a) !(x)~x'+x'+x'+x'+ I k;, I, be a trinomial and let mEN be a multiple of ord(f). Prove thatf(x) divides the trinomial g(x)~xrn '+b-'x"-'+ab
3.96. 3.97.
Prove that only if n = Prove that only if n =
'.
the trinomial x'" + x" + I is irreducible over IF, if and 3' for some nonnegative integer k. the trinomial x 4n + x" + I is irreducible over IF 2 if and 3'5 rn for some nonnegative integers k and m.
Chapter 4
Factorization of Polynomials
Any nonconstant polynomial over a field can bc expressed as a product of irreducible pOlynomials. [n the case of finite fields, somc reasonably efficient algorithms can be devised for the actual calCulation of thc irrcducible factors of a given polynomial of positive degree. The availability of feasible factorization algorithms for polynomials over finite fields is important for coding theory and for the study of linear recurrence relations in finite fields. Beyond the realm of finite fields, there are various computational problems in algebra and number theory that depend in one way or another on the factorization of polynomials over finite fields. We mention the factorization of polynomials over the ring of intcgcrs, the determination of the decomposition of rational primes in algebraic numbcr fields. the calculation of the Galois group of an equation over the rationals, and the construction of field extensions. We shall present several algorithms for the factorization of polynomials over finitc fields. The decision on the choice of algorithm for a specific factorization problem usually depends on whether the underlying finite field is "small" or "large." In Section I we describe those algorithms that are better adapted to "small" finite fields and in the next section those that work belter for "large" finite fields. Some of these algorithms reduce the problem of factoring polynomials to that of finding the roots of certain other polynomials. Therefore. Section 3 is devoted to the discussion of the latter problem from the computational vicwpoint.
Fal:ton1.ation of
130
1.
Pol~momials
FACTORIZATION OVER SMALL FINITE FIELDS
Any polynomialf E IFqlx] of positivc degrce has a canonical factorization in IFqlx] by Theorem 1.59. For the discussion of factorization algorithms it will sufficc to consider only monic polynomials. Our goal is thus to express a monic polynomial f E IF .[x] of positive degrce in the form f~f,"···f:'.
(4.1)
wherc f\ .... ./k are distinct monic irreducible polynomials in IFqlx] and e I" .. , ek are positive integers. First we simplify our task by showing that thc problem can be reduced to that of factoring a polynomial with no repeated faclOrs. which means that the exponents e\ ..... ek in (4.1) are all equal to I (or. equivalently. that the polynomial has no multiplc roots). To this cnd. we calculate d(x) = gcd(f(x).j'(x».
thc greatest common divisor of fix) and its derivative. by thc Euclidean algorithm. If d(x) ~ I. then we know thatf(x) has no repeatcd factors becausc of Thcorem 1.68. If d(x) ~ fix). we must have f'(x) = O. Hcnce fix) = g(x)P. wherc g(x) is a suitable polynomial in IFqlxJ and pis thc characteristic of IFq. If necessary. the reduction process can be continucd by applying the method to g( x). If d(x) = I and d(x) = f(x). thcn d(x) is a nontrivial factor of fix) andf(x)/d(x) has no repeated factors. The factorization off(x) is achievcd by factoring d(x) andf(xJld(x) separately. In casc d(x) still has rcpeated factors. further applications of the rcduction proccss will havc to bc carried out.
By applying this process sufficiently often. the original problcm is reduced to that of factoring a certain number of polynomials with no repeated factors. The canonical factorizations of these polynomials lead directly to the canonical factorization of the original polynomial. Therefore. we may restrict the attention to polynomials with no repeated factors. The following theorem is crucial. 4.1. Theorem. h q ", hmodf. then
If f
fix) ~
E
IFqlx] is monic and
hE
n gcd(f(x). h(x)-c).
IFqlx] is such that (4.2)
eE IF q
Proof Each greatest common divisor on thc right-hand side of (4.2) divides fix). Since the polynomials h(x)- c. c E IF q• are pairwise relatively prime. so arc the greatest common divisors withf(x}. and thus the product of these greatest common divisors divides fix). On the other hand. fix)
l. Factor1lation oVI,.'r Small Finite FiL'1d:,
131
divides
h(x)q-h(x)=
n (h(x)-c),
c E= nq
and sof(x) divides the right-hand side of (4.2). Thus, the two sides of (4.2) are monic polynomials that divide each other, and therefore they must be equal. D In general, (4.2) does not yield the complete factorization of f since ged(f(x), h(x)- c) may be reducible in IFq[x]. If h(x) '" cmodf(x) for some c E IF q' then Theorem 4.1 gives a trivial factorization of f and therefore is of no use. However, if h is such that Theorem 4.1 yields a nontrivial factorization of f, we say that h is an f-reducing polynomial. Any h with II" '" hmodf and 0< deg(h) < deg(f) is obviously f-redueing. In order to obtain factorization algorithms on the basis of Theorem 4.1. we have to find methods of constructing f-reducing polynomials. It should be clear at this stage already that since the factorization provided by (4.2) depends on the calculation of q greatest common divisors, a direct application of this formula will only be feasible for small finite fields IF q • The first method of constructing f-redueing polynomials makes usc of the Chinese remainder theorem for polynomials (see Exercise 1.37). Let us assume that f has no repeated factors, so that f = f, ... fA is a product of distinct monic irreducible polynomials over IF q . If (c" .. .,c,) is any k-tuple of elements of IF", the Chinese remainder theorem implies that there is a unique h E IF qlx] with h(x) '" c, mod j,(x) for I
141
the 6 x 6 matrix
R
I 5 -10
~,
o
0 0 10
o
7
o\
o
0
R
-10
10
o
-3 I
-8
10
7 9
7 2
9 - II 2
-I
II
0
9 - 4
-3
0
-10
-- 9 ;
and thus B-1 is given by
R- I
0 5 -10 0
~
0
0
0
0
-I
-I
8
10
9 9 -4 -10
0 -9
-3 I
0 10 -9
10
-II
7
0 0
2 2 -10 ; Reduction to column echelon form shows that R - I has rank r ~ 3. so that I has k ~ 6 - r ~ 3 distinct monic irreducible factors in IF,,lx 1- A basis for the null space of R - I is given by the vectors h, ~ (1,0,0,0.0,0), h, ~ (0,4,2,1.0,0), h, ~ (0. - 2.9.0, I, I), which correspond to the polynomials h,(x)-Lh,(x)~x3+2x'1-4x.h,(x)~x'+x4+9x'2x. We take the I-reducing polynomial h,(x) and consider II - 3
6
7
9
l-(y)~R{f(x).h,(x)- y)
16 0
~I~
,0
I~
'0
-3 I
5
0 2
-3 I 4
I
2
0 0 0 0
I
0 0 0
9 5 -3
-y 4 2 I 0 0
-5 -9 5 0 -y
6
-5 -9 0 0
4 2 I' 0
Y 4 2 I
7 6
0 7 6
-5 0 0 0 -y 4 2
~I 7
0 0 0
0
0
0
-.I"
4
~l'
-~I
In this case a direct computation of F( y) is feasible. and we obtain F(y)~y'+4y'+3v4-7v·'+IOy'+lly+7.Since I has three distinct monic irreducible factors in 1F,.,[xj. the polynomial Fean have at most three roots in IF". By using either the methods to he discussed in the next section or trial and error, one determines the roots of F in IF" to he - 3. 2. and 6.
Furthc.:rmore. ged{f(x).h,(x)-3) -x -4, ged{f(x),,,,(x)-2)~.\'-.\17.
ged{f( x). ",(x )-6) ~ x'
+ 2x' + 4x - 6,
Fat:torization of Polynomials
so that f{ X) ~ (X .- 4)( x' - x -7)( x) + lx' ~ 4x - 6)
is thc canonical factorization off(x) in IFdxl.
D
Another method of eharaeterizjng thc elements c E IF q for which the greatest common divisors in (4.2) need to bc calculated is hascd on the following considerations. With the notation as ahovc, Ict C be the set of all c '" IF q such that ged(f(x), h(x)- c) * 1. Then (4.2) implies f{x)~
n gcd(f{x),h{x)-c),
(4.14)
( cC
and so fIx) divides nc~c(h(x)- c). We introduec the polynomial G{y)~
n Lv-c).
r" C
Then fIx) dividcs G(h(x» and the polynomial G(y) may be characterized a, follows. 4.11. Theorem. Among 0/1 the polynomial, g E IF q[Y 1such that f(x) divides g(h(x)), the polynomial G(y) is the unique monic polynomial of least degree. Proof We have already shown that the monic polynom;al G(y) is such that fIx) divides G(h(x)). It is easily seen that the polynomials g E IFq[Yl with fIx) dividing g(h(x)) form a nonzero ideal of IFq[y]. By Theorem 1.54, this ideal is a principal ideal generated by a uniquely determined monic polynomial Go E IFq[y]. It follows that Go(y) divides G(y), and so Go{Y)~
n
(Y-c)
ce::C 1
for some subset C, of C. Furthermore, fIx) divides Go(h(x»
n,., c,(h(x)-c), and hence f{x) =
~
n gcd(f{x), h{x)-c). cE:i::C 1
A comparison with (4.14) shows that C, the theorem follows.
~
C. Therefore Go(y) = G(y), and D
This result is applied in the following manner. Let m be the number of clemcots of the set C. Then we write G( y ) =
m
n (y - c) ~ rE C
L I
0
bJ y}
143
2. I-"at'lorilation over 1:ar/z'l' Flnill' Fit::1ds
with coefficient' b,
EO
IF,. !':ow J(x} divides G(h(x». so that we have
L"' J
hjh(x)J:oOmodJ(x). I)
Since bnj = I. this may be viewed as a nomriviallinear dependence relation over IF" of the residues of L h(x). h(x)' ....• h(xj"'modJ(x). Thcorem 4.8 says that with the normalization bm = I this linear dep~ndcnc~ re\(.ltion is unique. and that the rc,idue, of I.h(x}.h(x)' ..... h(x)"' 'modJ(x) are k follows from (4.14). linearly independent over IF,. The bound The polynomial G can thus be determined by calculating the residues modJ(x) of I. h(x). h(x}' .... until wc findthc smalle't power of h(x) that i, linearly depcndcnt (over IF,) on it, predecessors. Thc coefficient' of this first linear dependence relation. in the normalized form, ar~ the coefficients of G. We know that we need not go heyond h(x)' to find this linear depende)1ce relation. and k can he ohtuined from Ikrlekamp's algorithm. The clements of C are now precisely the roots of thc polynomial G. This mcthod of reducing the problem of finding the element' of C to that of calculating the roots of a polynomial in IF q is called the Zussellhulls ulgo-
In"
rifllm.
4.9. Example. Consider again thc polynomial J E 1F2J[x] from Example 4.7. From Berlekamp's algorithm we obtained k ~ 3 and the J-reducing polynomial h(x) ~ xl + 2x' ... 4x E IF ,.,[x]. We apply thc Zassenhaus algorithm in order to determine the clement' (' ElF" for which ged(J( x). h(x}- c} '" L We have h(x) 2
modJ(x).
=: -
4
.., lt
{{4" fJ3 ~ /~:1~3;
l/~)
'J{' , 11x11
N"' -
t
/1)'(. /1J I /~
(fJ~ rfi· 1)'(: '{/1~-r/~' llx -/1~' fJ~
(fi~,/~l_/~lxl_
,.
x 3Z .....
/1' 1)x24-(/f~
(/~)-f3)xJ~fJ~){ltJ':1J~3.{{I-/1'1
(f3~
j
~ 13 2 .
{{4 - {{3
H
t
l)x 2 '(f34
1
fJ'l_t·
W I /1'
, Thus.f(x) divid~s X M
-
x and so has four distinct roots in 1F(J4" We consider
now S(x) =.'(, x 2 +.'(4 t xl!·\
X
l6
-\
x J2 . from the congrucncc:~ above we
ohtuin Six)
=.
({3' + P' + fl' + {3·1 I)x'" {3'x' , ({33
i
{32)X
T fl3 , {3' -r I mOdf(x). and therefore ged(j(x).S(x))~ged(j(x).(fis+fl'I {3'-t {3-'-I)x J +/i'x' ~(fl'
I {32)X
tfl'
i-{3' 11)
~x' t-({34-'-fl'r{32),,'-r(f3'+p'-rI)x+{3'" {3'~K(')
say. and ged(j(x).S(x) -1)" ged(f(x).({3'-r{3'-r{3'
I
{3-I)x'+{3'x'
"(fl' "{32)""'P'+fl')=x
i
{35
Then (4.24) yields f(x)~
g(x)(xTfl')·
To find the roots of g( x). we next usc (4.25) with j
S( flx)
(4.26 ) ~
~
I. We have
{3xr {32 x' + {34 x 4 + fl'x' + p'ox'o -t {3"x" " {3x -'- {3' X 2 T {34 x ' + ( {3' + {32 ) XX ... ( {3"+ {3 +
1) X '0 -'- ({3' + I) x" .
155
and the congruences above yield
S(f3x)=((I'+llx'-(f3'+(I+I)x'-(f3'+f3"
f3'
I
13' .f3+l)x
4
_f3 +f3'-'-f3mndf(x). Since g( x) divides I( x). this congruence holds also mod g(x l. and '" .'i ( f3x ) " ((I'
+ 1).\' - ( 13' + 13 + 1) x' - (f3' I f3' + 13'
+ 13'
f
I-
13) - 13 + I) x
13'1 f3
" (13' + 13' )x' - 13 3X ~ 13 '" f3' . f3 mod g (x). Thu.. . , gcd(g(x).S(f3x))-gcd(g(x).(f3'
I
f3')x'-f3'x-t
~x'-(flJ+I)x-f34-f3''13'
fl'
j
f33'fl)
'f3=h(x).
say. and gcd(g(x).S(f3x)-I)~gcd(g(x).(f!'·f32).\.' .f33 X +f3'-'-f33+f3+l) ~
Then (4.25) with)
~ I
x _ 13' - f3' + J.
yields
(4.27) Tn find the ronts of h(x). we usc (4.25) with) ~ 2. We have
5( 13 'x ) ~ f3'x + f3'x' + f3'x' + f3"x' • f3"x" -t f3"x" 13 'x + (I'x' + (f3J -'- f3')x' +(13' + 13 -I)x' f (13 3 - I )x" _ f3x·\l. and a similar calculation as for S( f3x) yields
S( 13 '.\ ) '" (fl'
f
13 2 + I) x - 13 5 + 13 ' + f3' mod h ( x ).
Therefore. gcd(h(x).S(f3'X»)~gcd(h(x).(f3'+f3)f I)X~f3'+f33 ~x-f3-
i
fl2)
I
and ged(h(x).S(f3'x)-I)~gcd(h(x).(f3'+f3'+I)x4 13'· 13.\+(1'+1)
-x "13 3 -13. so that from (4.25) with)
~
2 we get
h (x) - (x
i
f3
I
1)( x ~ 13' + 13).
(4.2X)
raclOr:z.:lIion of Polynomiab
15(,
Comhining (4.26). (4.27). and (4.28). we arrive at the factorization f( x ) ~ ( x
+ f3 - I) (x
f3' -'- fl)( x - f34 + f3' + 1)( x -'- f3' ).
0
f3 - I. fJ3
and so the roots of f(x) are
-r
f3. f34 + fl' + I. and f35
[]
Finally we consider the root-finding problem for large finite fields" 4 with large characteristic p. As we have seen hefore. it suffices to know how to treat polynomials of the form f(x)~n(x-y,)
E"
i=1
with distinct elements y,,, ... y" q' To cheek whether f(x) has this form. we need only verify the congruence x q " xmodf(x) (compare with the first part of Example 4.16). We can assume that q is the least power of p for which this holds. The polynomial f(x) will. of course. be given by its standard representation
L "/'.
fix)'
i -'- 0
E IF'I for 0 ~ j ~ 1l and an = 1. It will he our first aim to find a nontrivial factor of f(x). To exelude a trivial J and define the polynomials
where
0.,
n
f,(X)~LIX{xi
(4.29)
forO,;;',;;m-l.
i ... 0
so that fo(x) Furthermore.
~
f(x) and each f,(x) is a monic polynomial over {I/
f/
f, ( y,P')
~
L
IX;' YiP'
~I
J' 0
L
\
IX I yi )
pA
~
\ I _. 0
"q.
°
for I ~ i ~ n. O::s; k ::s; m - 1. and so n
f, (x) ~
n (x - Yo")
for 0 ,;; , ,;;
In -
I.
i-I
We ealeulate now the polynomial m-l
F(x)~
[J f,('), /..
-
(4.30)
()
This is a polynomial over IF p sin
15R
hence thc Y, arc exactly all thc conjugatcs of YI with respect to 0'r" Consequently,.!(x) is thc minimal polynomial of y, over O'p' and thus irredudhlc over IF pd.
Thcrefore, corresponding to the cases (A) and (ll) above we have thc following alternativcs: (A)
(ll)
gcd(j(x),j,(x)) is a nontrivial factor of f(x) for some k,l.,;k<m/II: gcd(j(x), f,(x)) ~ I for I .,; k < d = min EN andf(x) = falX) is the minimal polynomial of YI over 0' p"
In alternative (A)
OUf
aim of finding a nontrivial factor of !(x) has
bcen achicved. Furthcr work is needcd in alternative (Il). Let f3 again dcnote a defining element of 0', over 0' P' Then I' p'( f3) ~ 0' q ~ 0'r.' and so /3 is of degrec mid ~ n over lOr" In particular, wc havc f3' '" lOp' for I.,; j.,; n-1. Now let thc coefficients a, of f{x) be such that a" = 0 for some jl1 with I.:::; Jo ~ n -I. Consider f(x)~f3
nf(f3x),
(4.33)
which is a monic polynomial of dcgree n ovcr 0',. Since f3"'j., '" lOr' and a j.l E 1"" it _follows that the coefficicnt of Xl., in f(x) is not an elemcnt of p O'p" Thus fIx) is not a polynomial over lOr" and so .the altcrnative (ll) cannot occur if thc proccdure above is applied to f(x). Since f(x)·' fl"f{ f3 IX), any nontrivial factor of j(x) yields immcdiately a nontrivial factor of f(x). It remains to consider the cast: where alternative (8) is valid and a, ~ 0 for l.,;j";n-1. Thcnf(x) is thc hinomialx" -,-""Cl'p"lx]. !\ow II is not a multiple of p, for otherwise we would havcf{x) ~ (x"/r.,. at )r, which would contradict the irreducihility of f(x) over lOr" We set (4.34 ) and thcn it is casily seen from fl ' 'f lOr' that the coefficicnt of x" I in j(x) is not in IFp'" Thus. the alternative (B) cannot ~ccur if the procedure descrihed ahovc is applied to f(x). Since f{ x) = Wf( fl I( x - I n, any non· trivial factor of j(x) yields immediatcly a nontrivial factor of fIx). This ",,)t·finding algorithm is thus carried l'ut as follows. We first form the polynomials f,(x) according to (4.29) and then thc polynomial F( x) EO 0' pl x] according to (4.30). !\ext, wc apply a factorization algorithm to y,(I(')=e'''''/lq
I)
fork
~0,1, ... ,q-2
defines a multiplicative character of IF q' and every multiplicative character of IF q is obtained in this way. Proof
This follows immediately from Example 5.1.
0
No matter what g is, the character.yo will always represent the trivial multiplicative character, which satisfies .yo(c) ~ I for all c E IF;' 5.9. Corollary. The group of multiplicative characters of IF q is cyclic of order q - 1 with identity element .yo' Proof
Every character.yJ in Theorem 5.8 with} relatively prime to 0
q - I is a generator of the group in question.
5.10. Example, Let q be odd and let 'I be the real-valued function on IF; with '1(c) ~ 1 if c is the square of an element of IF; and '1(c) = -I otherwise. Then 'I is a multiplicative character of IFq' It can also be obtained from the characters in Theorem 5.8 by setting} ~ (q -1)/2. The character 'I annihilates the subgroup of IF; consisting of the squares of elements of IF;, and by Theorem 5.6 it is the only nontrivial character of IF; with this property. This uniquely determined character 'I is called the quadratic character of IFq' If q is an odd prime, then for c E IF; we have '1(e) = (~), the Legendre symbol from elementary number theory. 0 The orthogonality relations (5.3) and (5.4), when applied to additive or multiplicative characters of IFq , yield several fundamental identitie;. We consider first the case of additive characters. in which we use the notation from Theorem 5.7. Then, for additive characters Xu and Xh we have
Exponential SUn1~
16R
fora=h, = b.
(5.H)
fora
In particular, L
Xa(c)=O
(5.9)
fora*O.
cFlF"q
Furthermorc, for e1cmcnts c, d
E
0: q we obtain fOfC"'d, forc=d.
(5.10)
I'or multiplicative characters 'i and T of 0: q we have forY~T,
(5.11 )
for1f=T.
In particular, (5.12)
L'i(c)=Ofor'i"''in' cf:i::
If c, d
E
F;
0:;, then L1f(c)1f(d) =
"
{~_I
forc"'d, forc=d,
wherc thc sum is extended over all multiplicative eharactcrs
2,
(5.13)
y of 0: q'
GAUSSIAN SU:vJS
Lct y be a multiplicativc and X an additive character of 0: q' Then thc Gaussian sum G( 'i, X) is dcfined by
G('i,X)
L
=
Y(c)X(c)·
rEIF:
The ahsolute value of G( 'i, X) can obviously he at most q - 1, hut is in general much smaller, as the following theorem shows. We recall that 'in denotes the trivial multiplicative character and Xo the trivial additive character of 0: q'
5,1/. Theorem, Lei 'i he a rnuliiplicalice and X an addilice character oj 0: q' lhen the Gaussian sum G( 'i, X) salisjies G('i,X)=
{
q-l
jor'i='io,X=Xo'
-I
jor'i='io'X"'Xo'
°
jory'" Yo' X = Xo'
(5.14)
169
If ~ *"
"4- 0
alld X =1"'_
XO'
{hen (5.15 )
Proof The first case in (5.14) is trivial. the third case follows from (5.12). and in the second case we have
L:
G(",o.X)=
X(c)~
("{(c) x(e) >{(e,)x(e,)
cfE=iF;
; L: L:
>{(c 'c,h(c,-c). ,;C:..:r; In the inner sum we suhstitute (' 1('1 = d. Then. rt.::lr;
L: L
IG(>{.x)I'=
Cf:-~;
",(d)X(c(d-I»
dE-irq
dF.; f(d{E., X(c(d -1»- X(O») L:
~
",(d)
dc.lf;
L:
X(c(d- I»)
rE::Ir'l
by (5.12). The inner sum has the value q if d = I and the value 0 if d'" I. according to (5.9). Therefore. IG(>{. x)I' = >{(I)q ~ q. and (5.15) is estahCJ lished. The study of the hchavior of Gaussian sums under various transformations of the additive or multiplicative character leads to a number of useful identities.
5.12. Theorem. followinf( properties: (i)
Gaussian sums for the finite field IFq satisfy the
G(>{,Xab)=>{(a) G(f'Xh)foraEIF;.bElFa;
(ii) (iii)
G(f,X)~1f(-I)G(f:X2~
(iv) (v)
G(>{.X)G(.r.X)~"'(-I)qforf=fo.X=x,,; G( ",p. Xh) = (i( >{, XOl bl) for b e: IF q' where p is the charactaisTic
G(.r,X)~Ji;(-I)G(>{.X):
of lF a and a( h) = hP. Proof
(i) for
,'Eo
lFa we have Xah(c)
~ x,(ahc)'~
Xh(ac) hy the
Exponential SUI11:'
17{)
definition in Theorem 5.7. Therefore,
Now set
a(' ~
d. Then G(",Xuh)~
L
>/;(a'd)x,,(d)
den;
. >/;(a ')
L
>/;(d)Xh(d)
d t: n~
~ >/;(a) G(>/;.Xh)'
(ii) We have X~XI, for a suitable hFf. and X«')~Xh(-c)'~ X h( c) for cEo f q' Therefore. by using (i) with a ~ - I and noting that ,,(- I) ~ 1. I. wc gct G(".X)~G(".X ,,)- >/;(-1) G(>/;,Xh)~>/;(-I)G(>/;.X).
,,(
(i~follows from (ii) that G(f. X) ~ f( - I)G(';'. X) = I)G(';'.X)· (iv) By _combining (iii) and (5.15), we obtain G(1J"x)G(f,x)~
y( . I)G(l!q)G(';', X) ·';'(-I)IG(1J"x)['~';'(-I)q. (v) Since Tr(a) ~ Tr(a P ) for a E f q by Theorem 2.23(v), we have :1:,(11) ~ x,(a P) according to (5.6). Thus, for c Eo f q we get Xb(c) ~ x,(bc) = x,lliP('P) ~ X",,,ICP), and '0 G(>/;P,Xh)~
I:
';'P(C)xh(C)~
(" f-IF";
But
('P
run,
through~; as
c runs through
L
1J,(C P )xQ'h'(C P),
(" E:-IF~
f;. and thc dcsircd result follows. o
S.U. Remark. In connection with thc properties above, the value.;,( - I) is of interest. Wc obviously have 1{( -I) ~ ± I. Let m be the order of';': that is, m is th~ least positive integer such that tP rn = t/;o. Then m divides q - 1 ~incl:: \f;iI I Yo' The values of \f are mth roots of unity; in particular, - I can only appear as a value of y if m is even. If X is a primitive clement of IF q' then >/;( K) ~ I. a primitive mth root of unity. If m is even (and so q odd), then >/;( . I) ~ "U".-I,n) ~ I,q '1/'. which is - I precisely if (q - 1)/2 '" m /2 mod m. or. equivalently. (q 1)/ ttl" I mod 2. Therefore. YI - 1) ~ - I if and only if ttl is even and I q .. 1)/ ttl is odd. In all other ca,es we have Y(1)~1.
U
Gaussian sums occur in a variety of contexts, for example in the following. Let y bc a multiplicative character of f q : then, using (5.10). we
may writc
1
(jau~sjan
171
Sum:,>
for any c E IF;. Therefore, I _ ~(c)~ - LG(~,X)x(c) q x
forcEIF;.
(5.16)
where the sum is extended over all additive characters X of IF q' This may be thought of as the Fourier expansion of>} in terms of the additive characters of IF q' with Gaussian sums appearing as Fourier coefficients. Similarly, if X is an additive character of IF q' then. using (5.13), we may write
~_I-I L>}(c) L f(d)x(d) q-
~
forcEIF;'
de:lf-;
Thus we obtain
X(c)
=
-I I "£..,G(>},X)>}(c)
q-
~
for
C
E
IF;,
(5.17)
where the sum is extended over all multiplicative characters ~ of IF q' This can be interpreted as the Fourier expansion of the restriction of X to IF; in terms of the multiplicative characters of IF q' again with Gaussian sums as Fourier coefficients. Therefore, Gaussian sums arc instrumental in the transition from the additive 10 the multiplicative structure (or vice versa) of a finite field. Refore we establish further properties of Gaussian sums, we develop a useful general principle. Let be the set of monic polynomials over IF q' and let A he a complex-valued function on which is multiplicative in the sense that A(gh)~A(g)A(h)
forallg,hE,
(5.18)
and which satisfies IA(g)1 ",I for all gE and A(l)~1. With , denoting the subset of containing the polynomials of degree k, consider the power series
L(z)~
f (L
k -0
A(g))Z'
(5.19)
,l:'1::¢lk
Since there are q' polynomials in " the coefficient of z' is in absolute value", q', and so the power series converges absolutely for Izl < q' '. Because of (5.IR) and unique factorization in lFalx], we may write
t-:..... poncntial Sum"
172
/.(z)~
L
A(g) Z M 8'"
,~
~n(I+A(j)Z'I,,'jl~A(J')Zd"<J"+... ) I
~
n(1 + A(J)Zd,g<J'+A(J)2Z2"O"J'~ ... ). I
where the product is taken over all monic irreducible polynomialsfin IFJx]. It follows that L(z)~ n(I-A(J)Z",,,,,)-1 I
Now apply logarithmic differentiation and multiply the result by z to get
dlogL(z) z-dz'Expansion of (1- A(flz"O"f')
7--1~Tf)zd,g'/J
A(j)deg(fl=",·"f'
= 1
into a geometric series leads to
zdlogL(z) ~ LA(J)deg(J)z'lo"J' dz f
.(1 + A(flz d,g'J'+A(f)'Z2rl"'J'+
... )
~ Ldeg{f)(A(f)z"""I' tA{f)'Z2""'J' I T
A{f)JzJd"'jl_ ... ),
and collecting equal powers of z we ohtain (5.20)
with L, =
L deg( f)A(f) '/do"n.
(5.21 )
I
where the sum is extended over all monic irreducible polynomialsfin with dcg(j) dividing s. Now suppose there exists a positive integer t such that
L
A(g) ~ 0
for all k >
I.
~qlxJ
(5.22)
XC etJ k
Then 1.( Z) is a complex polynomial of degree", t with constant term I. so that we can write
L(z)
~ (1-
"'1=)(1- w2z)'" (1- "',z)
(5.23)
2.
(jau~"ian Sllm~
with complex
Z
number~ wI'
u.:z ....• w,. It follow1:i that
dlog I. (z) ~ _ " dz '-
Wml
,
= -
x
L ," 'X
- L
L
Wml
i-
I i
!
W~,Zj 0 'X
IL
101m-I
/!
\
W~'-')z'-' ~ - L i L W:")"" \" I
\m-l
and comparison with (5.20) yields
1.\
= -
W1 -
w2 -
... -
u:!~
for all s
~
I.
(5.24)
As an application of the principle expressed in (5.24), we consider the following situation. Let X be an additive and if a multiplicative character of I'q. and let F. be a finite extension field of I'q. Then X and y can be "lifted" to F. by setting x'(/3)~x(Tr,./,"({3)) for {3E E and y'({3)= y(N ,/>,/;0' ~"",,>/;P 2 of IFp described in Theorem 5.8 also form a basis for V. Let \ ~ e";/p, and define a linear operator T on V by letting Th for h E' V be given by p - 1
(Jh)(c)-
L k
t'h(k)
forc-I.2 ..... p-1.
(5.26 )
1
Then Theorem 5.12(i) implies that T~ = G( >/;. XI),[' for every multiplicative character ~ of IF P' Since ~ ." ~ precisely for the trivial character and the quadratic character. th~ matrix T in the basis Yo. l/;l····.1ft p 2 contains two diagonal entries-namely. G(~",XI)= .. I and G(1).x,)-and a collection of blocks
i
0 \ G(y,X,)
corresponding to pairs
G(;ro'x,l',')
1ft. ~ of conjugate characters that are nontrivial and
nonquadratic. If we compute the determinant of T. then each block contributes
lxponeotia\ Sum,
176
hy'l heorem 5.12(iv). Thu, we obtain (p .. ))/2
II
det(T) ~ - G( '), XI)( - p)IP' 311'
I
l'ow >/-,< -,1) = lp-Jl/2
n
I
",{(-I)~
(-1)1. and so
>/-(-I)~(-I)""-'P 111'
1
(5.27)
>/-i( - I).
I
~
( _ I )IP
I lIP
-31/'
(5.28)
1
Furthermore, si nee
if p" I mod4, if p"' 3mod4, it follows from (5.25) that (5.29) Comhining (5.27), (5.28). and (5.29). we get det(T) ~ ±( -1)'P 1II'iIP 11'/4( -1)'P IIIP 31/'p'P"2)I'
hence (5.30) "low we compute det(T) utilizing the matrix of T in the hasis
II./, .... Jp I' From (5.26) we find det(T)~det(U;')I<j.,
0. (2 smp.
and so det(r)~(-I)(P 1)/2 i
,?
I)/p
21/ l A
withA>O.
Comparison with (5.30) shows that the plus sign always applies in (5.29). and the theorem is estahlished for s ~ I. The general case follows from Theorem 5.14 since the canonical additive character of IFp is lifted to the canonical additive character of IF q by (5.7) and the quadratic character of IF p is lifted to the quadratic character of
Fq •
L
Ikeause of (5.14) and Theorem 5.12(i). a formula for C(11.X) can also be established for any additive character X of'lF q' We turn to another special formula for Gaussian sums which applies to a wider range of multiplkative characters but needs a restriction on the underlying field. We shall have to usc the notion of order of a multiplicative character as introduced in Remark 5.13. 5.16. Theorem (Stiekelberger's Theorem). Lei q be a prime power, Ie/ '" be a nontrivial multiplicative character of IF q' of order m dividing q + I, and let X, be the canonical additive character oflF q ,. Then,
E",pon~'nlial Sum~
I JH
('(' )J
q .,.1 if m odd or ._- even, m q+ 1 if m even and - - odd. m
q
, y, XI - \
\- q
Proof We write F. = IF q' and F = IF q' Let y be a primitive clement of L" and set g = yq- '. Then gq-' = I. so that g E F; furthermore, g is a primitive clement of F. Every IX E E* can be written in the form IX = gly' with 0", j < q -I and 0 '" k < q + 1. Since >{(g) = >{q. I(y) = I, we have q -:.
q
L L
G(";,X,)=
>{(g'y')x,(gly')
,-=Ok ..... O "
cj
L
=
.,;'(y) 0
k
L"
=
-:2
L X,(gly') ,= 0 L
>{'(y)
If T, is the canonical additive character of F, then XI(hyk) by (5.7), Therefore,
L
L
X,(by')=
bcF*
=
TI(TrtjF(hy'»
TI{hTrm(yk»)
hf::.:F"
-I
for 1'r"I" ( y') '" 0,
= { q-I
for Tr"IF( yk) = 0,
Tr tjF( yk) = 0
if and only if y"q-
11 = -
If q is odd, the last condition is equivalent to k = (q (5.32), -I ( q_1
I.
+ 1)12,
fork
=
q+1 -2-'
Together with (5.31) we get G ( y, X, ) =
L"
. A ,
k ((,1-
>{k ( Y) + ( q - I ) >Ii q• 11/' ( Y) 0
1)/2
(5.33) and then by
q+1 for 0 " k < q + I, k '" -2-'
X,(by')=
b0F"
(5.32)
= y' + yk q, and so
because of (5.9). "'ow TrF1F(yk)
L
(5.31)
XI(by').
brP
k=O
q
1: A
';"(y)+ qt/-,q. 11I2(y) 0
~q';"""1I2(y)
,inee y(y)' I and ,;,q;'(y)-I. Now t/-(q-III'(y)-1 if (q+I)/111 is even and· I if ('I + 1)/111 i, odd. and thus for q odd we have .f q -/ I I
--
even.
if
12 I
odd.
111
(5.34)
m
If q is ewn. then the condition in (5.33) is equivalent to ykiq- Ii - I. and the only k with 0" k < q + I satisfying this property is k ~ O. Then hy (5.32).
-I ( q -I
forl:::;;k~q. ~
for k
O.
and (5.31) yields q
(i(Y.XI)~-
1:
'-I
'I
t/-'(y)-q-l~-
1:
1fk(y)_q~q.
k~(l
Comhined with (5.34). this implies the theorem.
We show how to usc G(Jussian sums to estahlish a classical result of number theory. namely the law of quadratic reciprocity. We recall from Example 5.10 that if p is an odd prime and 'I is the quadratic character of ; p' then for c t 0 mod p the I.egendre symbol
(~) is defined hy (~) -11(c).
5.17. Fhmrem (Law of Quadratic Reciprocity). odd primes [J and r we flat'l'
(~)(~) _ ( Proof
I)"
iii'
For any di'tinct
li/4
I.et 11 he the quadratic character of IF p' let X I he the canoni-
cal additive character of IF,. and put G ~ (i( 1/. XI). Then it follows from (5.25) that (i2. ( I)IP lili p = fi. and so
0"
.(G··)"-"/2G~fi"
"1'0'.
(5.35)
Let R he the ring of algehraic integers: that i,. R consists of all complex numbers that arc roots of monic polynomials with integer coefficients. Since the values of (additive and multiplicative) characters of finite fields are complex roots of unity. and since every l.:omplex root of unity is an
algehraic integer, the values of Gaussian sums arc algehraic integers. In particular. G FR. Let (r) he the principal ideal of R generated bv r. Then
IflO
b.poncntial
Sum~
the residue class ring R/(r) has characteristic r. and thus an application of Theorem 1.46 yields
G'~ ( I: ~(cJxI(c)r'" I: ~'(c)Xl(c)mod(r). (,J;
Ct&;
~ow
by Theorem 5.12(i), and so G'=~(r)Gmod(r).
Together with (5.35) we get pi' 1)/2G=~(r)Gmod(r),
and multiplication by G leads to pi' "12p=~(r)pmod(r)
because of G" = p. Since the numbers on both sides of the congruence above arc. in fact. clements of 7L. it follows that fi"
as a congruence in 7L. But
'I/'P:': ~(r)fimod
r
p and r arc relatively prime. hence pi' 1I/)=~(r)modr.
'low fi - (- I)'? "I'p and p' yiclds
'= I mod r.
thus multiplication by pi'
(-I)'? I", "/4=p,,-1)/2~(r)modr. We havc pl'
and the plus sign applies if and only if p is r. Thus.
plr-ll/1
~(r) ~
(5.36)
'>/.' '" :±. I mod r.
congruent to a slJ.uare mod
Sinee
Ill:!
==
(If: )mOdr.
(!..pit we gct from (5.36) (- W ''''
1)/4
= (~)( ~) mod r.
But the integers on both sides of this congruence can only he :: I. and sinee r ? 3, the congruence holds only if the two sides are identical. 0 We consider now charactc:r ~ums involving the quadratic character 11 of f"q odd, and having a quadratic polynomial in the argument. The following cxplicit formula will he needed in Chaptcr 7, Section 2. a2
I
5,/8. Theorem. LeI fix) ~ a,x' + a,x - a o 0I',[x] wilh q odd and O. Pur d ~ af - 4a oa, and leI ~ he Ihe quadraric charader of 'f q' ,hell
Excrci~~~
L '1 (f( c)} ~ (!:IF 0 and no;;' 0 such that sn I r = sn for all n )- no, then the sequence is called UITimalely periodic and r is called a period of the sequence. The smallest numher among all the possible periods of an ultimately periodic sequence is called the leusl period of the sequence. 6.4. Lemma. Every period of un uilimalelv periodic sequence is divisible hy Ihe leasl period. Proof Let r be an arbitrary period of the ultimately periodic sequence so' SI.· .• and let r\ he its least period. so that we have s1/ {r = sn for alln ~ no and Sn~ r l = SII for all n)- n\ with suitable nonnegative integers no and n,. If r were not divisible by rio we could use the division algorithm for integers to write r ~ mr, + I with integers m;;, 1 and 0 < I < rio Then, for all n;;, max(n o' {/,) we get and so I is a period of the sequence. which contradicts the definition of the least period. 0 6.5. Definition. An ultimately periodic sequence "0,5, period r is called periodic if sn', = 5 n holds for all n = O. I .
with least
The following condition, which is sometimes found in the literature. is equivalent to the definition of a periodic sequence. 6.6.
Lemma.
The sequence so'
exiSTS an inreg,er r > 0 such thaT
SII t
r
5" ..• is periodic if and = s" for all n = O. 1.....
only if Ihere
Proof The necessity of the condition is obvious. Conversely, if the condition is satisfied, then the sequence is ultimately periodic and has a least period rl' Therefore. with a suitable no we have sn+rl = sn for all n)- no' Now let n be an arhitrary nonnegative integer. and choose an integer In ~ no with m == nmod r. Then s""f"r = sm I rl = sm = sn' which shows that the l 0 sequence is periodic in the sense of Definition 6.5. If so. ", .... is ultimately periodic with least period r, then the least nonnegative integer no such that Sn_r = sn for all n ~ 11 0 is called the preperind. The sequence is periodic precisely if the preperiod is O. W~ return now to linear recurring sequences in finite fields and establish the basic results concerning the periodicity behavior of such sequences.
6.7.
Thearem.
Lel I'q he any finile field and k any posilice inreger.
Then every kTh-order linear recurrinfS sequence in IF q i.f ultimaTe~v periodic with least period r SaTisfying r ~ qk. and r .:::;; qk - I If the sequence is honzo!Seneous.
Proof We note that there arc exactly q' distinct k-tuples of elements of IF q' Therefore, hy considering the state vcctor~ sm' 0 ~ rn ~ q~. of a given k lh-order linear recurring sequence in IF q' it follows that s, = Sj for some i and j with 0 ~ i < j ~ qf... Using the linear recurrence relation and indU. CharacI('n.:ilic Polynomial
195
Then bOTh 51)' SI"" and iTS corresponding impulse response sequence are periodic and They have The same leasT period.
Let r be the least period of s", s" ... . For I '" j '" k we have by using Lemma 6.12, and so A' is the k xk identity , , ' matrix over IF q' Thus we get s, = soAr = so. which shows that su_ s! •.•. is periodic. Similarly, if d" denotes the nth state vector of the impulse response sequence. then d, ~ doA' ~ do, and an application of Theorem 6.16 completes the proof. 0
Proof
'mA'~sn, .,~sm
6.20. Example. The condition m l ;;, no in Theorem 6.19 is needed since there are k th-order homogeneous linear recurring .scqucnce.s that are not periodic hut contain k linearly independent state vectors. Let do. d, •... be the second-order impu1.sc rc.sponse sequence in IF 4' with d n 2 = d n . I for n ~ 0. I. .... The terms of this sequence arc 0, I, I, I, .... Clearly, the state vectors do and d l are linearly independent over I' q' hut the sequence is not periodic (notc that no ~ I in this case). The converse of Theorem 6.19 is not in 1', with true. Consider the third-order linear recurring sequence so' 5" 5"._,~5" for n~O.I, ... and so~(I,I.O). Then both so,s, and its corresponding impulse response sequence arc periodic with least period 3, 0 but any three state vectors of s", s, .... arc linearly dependent over 1',. t
Let s". s, .... he a kth-order homogeneous linear recurring sequence in IF q satisfying the linear recurrem.:c relation sn_k
where a i
=
Ok -ISn+k _I -:- Uk _ 2 Sn_k _ 2 -
E
I' q for 0 '" j '" k - I. The polynomial
f(x)~xk-a, ,x'
•.. -..
aus n for n -=- 0, I.....
(6.7)
'-a,_,x' ' - "'-aEI'[x] "
q
is called the characteristic polynomial of the linear recurring sequence. It depends, of course, only on the linear recurrence relation (6.7). If A is the matrix in (6.3), then it is easily seen that f(x) is identical with the characteristic polynomial of A in the sense of linear algebra- that is, f(x) = det(xl - A) with I being the k X k identity matrix over 1',. On the other hand, the matrix A may be thought of as the companion matrix of the monic polynomial f( x). As a first application of the characteristic polynomial, we show how the terms of a linear recurring sequence may be represented explicitly in an important 5lpecial case.
6.21.
Theorem.
Let so' SI .... be a kth-order homogeneoas linear
recurrinr, .'lequence in IF q WiTh charaCTerisTic polynomial f(x). If !he roofs
", ..... ", of f(x) are all distinct. then
,
s" ~
L {J1"7 J= I
for n ~ 0, I .....
(6.8)
1%
Linear Recurring. Se, 1.... divides lhe minimal pnlynomiu! m (x) of The origillal sequence. If 'n' 't .... is periodic. [hen 111, ( x) 111 ( "). Prvo! To prove the first a~sertion, it suffices to ~how hecausc of Theorem 6.42 that every homogeneous linear recurrence relation satisfied hy the original sequence is abo . . ati:,fied hy the shifted sequence. Hut this is immediately evident. For the second part. let S'Ilh'A =U k
lSn.b'"
be a homogeneous linear quence. Let r be a period choose an integer c with a with n replaced by n ! cr th," 5'llk.
=a k
I
~
••• +ll()SplD'
n=O.1. ... ,
recurrence relution sati~fied hy the ~hifted seof so' .'Ii ..... S() that ~'n~' = .'i'l f{)r all n? 0, and ~ h. Then, hy u~ing the linear recurrence relation h and invoking the periodicity property. we find
I S I7'!
k "k I~Owitheocffieientsb",b".... hk_IE!'qnotallofwhich arc /.ero. \o1ultiplying from the right hy powers of the matrix ;I in (6.3) associated with the given linear recurrence relation yields
Proilf
"O'rl ] hl"'rl' I -
...
:
hI 2 an integer. The minimal polynomial of any sequence from S(j(x)) with nonzero initial state vector is then of the form g(x)' with I '" c '" h. According to Theorem 6.53, we have S(g(x») C;; S(g(x)')
Therefore, if deg(g(x»
c .. · "j(x)(i(x)
Xl",
(6.25) (0.26)
r,!x)+x1modx l " .
Both (6.25) and (6.26) arc true for )=0 because of (6.19), (6.11), and the .
,
l,lnl'ar Rl.:currinF,
j
~'
ScquCnl'l'~
0, we get
gj
, :(
x ) G' (x) ~ g, ( x ) G ( x ) - ", h, ( ., ) G ( x )
.-uJ(x)+b(J(': - U·) • I (
x)
I
e;
ejll).:},1
, 1-r'
h,(t)x)tx1+df_1xJ'I)
, : mod x J
' ,
with ~uitahle t:ocfficienb (J' I' d). l' ('j. ~ ~ IF I ( Sint:e \rn,1 ~ j, af- is seen easily by induetion. we have deg( uj , I (x»" i fmm (6.24). Therefore. ")" I is the coefficient of x j ' 1 in g, ~ 1(x )G( x). and so eJ . 1 -= h;. I' The induction ,top for (6.26) i, earried out similarly. Next. 0ne estahlishes by u :-,traightforwmu induction argument that h j (.')lI j (X)-gj(x)",(x), x' l\(lW
>(0)
foreaeh);>O.
s(x)G(x)~ II(X)
let s(x) and u(x) he polynomials over n'q with I. Then hv (6.26). h,(.' )II(X)
~(l
and
.1(X)"j(x ll(x)( h,(x )G(x) - "J(x»)
== s(x )x' -= ximod x j4
and
(6.27)
1,
for some lJ;(x)Ef,,[xj we have hJ(x)u(x)-,(x)J;,(.y)~x'V,(x)
with V,(O) ~ I.
(6.2R)
Similarly. ,me u,e, (6.25) 10 ,how that there exists J:;(x)c-n'"lx] with g,( dll(.')-S(x)u,(x)~."J:;(x).
(6.29)
I\O\\,.' suppo,e the minimal polynomial m(x) of the given homogelinear recurring sequenl'e satisfies deg(m(x)) ~ f..:. and let s(x) he the reeipr,'eal minimal polynomial. Then s(O) = I and deg(s(x) " k, and from
IlL'OliS
(6.15) we know that there exists U(x)En'Qlx] with \(x)C(x)- u(x) and deg( II( ,)) " deg( m( x)) 1" k - I. Consider (6.2g) with) ~ H, Lsing (6.23) .lOd (6.24), we l)htain deg( h ,', ( x ) II ( .,. ))
"
;
(2 k
+ 2 + m" ) -
k - I
2 k\ ; m "
and
and so deg(h,,(x)u(x)-s(x)r,,(x» '" H
+ ;m".
On the other hand, deg(h" (x )II(X )-s(x )r" (x» = deg(x"U" (x»);> H, and these inequalities are only mmpatible if m'k ;> O. Lsing again (6.23) and (6.24), one verifies that deg(g,,(x)u(x)) and deg(s(x)u,,(x)) are hath
7.
DIstribution Properties of Linear Recurring
~ 2k
-! - 1m".
Sequenec~
235
hence (6.29) shows that
deg( x" V" (x)) ~ deg( g" (x) u(x) - six )11" (x») < 2k. But this is only possible if V,,(x) is the zero polynomial. Consequently.
(6.29) yields g" (x )u(x) = s(x)u ,,(x). and multiplying (6.2R) for j = 2k by g" (x) leads to h
2k (x )g" (x )u( x)- six )g" (x) c" (x) ~ six )(h,,(x )II,,(X)- g" (x )c" (x») ~ x"u" (x)g" (x).
Together with (6.27). we get six) ~ U,,(x)g,,(x). which implies II(X) = U" (x )11" (x). Since s(x) is the reciprocal minimal polynomial. it follows from the second part of Theorem 6.40 that six) and u(x) arc relatively prime. Because of this fact. U,,(x) must be a constant polynomiaL and since U,,(O) ~ I by (6.2R). we actually have U,,(x) ~ I. Therefore .,(x) ~ g,,(x). and as a by-product we obtain u(x)~ u,,(x). If deg(m(x» -- k. then
m(x)~x's(~)~X'g2k(~)' as we claimed earlier. If deg(m(x» ~ I';; k. then we have s(x) - g,,(x). u(x) ~ u,,(x). and O. Clearly. max(deg(s(x)).1 I deg(lI(x))),;; I. and the second part of Theorem 6.40 implies that
m" '"
1~
max(deg(s(x».1 +deg(u(x))).
It follows then from (6.23) and (6.24) that 1
= max( deg( g,,( x). I + deg( u" (x))) "
1
+
!-
1m".
and so In" ~ 0 or I. Furthermore. we note that g ,( x) - s(x) and hJ - 0 for all j:;, 21. so that m J ~ m" + j -21 for all j:;, 21 hy the definition of mi' Setting}
= 2k.
we obtain
(=
k + ~m21" ~m2J,. and sinc~
nl.'., -'-"
0 or I, w~
conclude that Therefore. m(x)-
x's(~) ~X,g,,(~).
in accordance with our claim.
7.
I>ISTRIBUTION PROPERTIES OF LINEAR RECURRING SEQUENCES
We are interested in the number of occurrences of a given clement of IF q in
either the full period or parts of the period of a linear recurring sequence in
230
I "ncar Kt.'Cluring, St'quentl'S
FfI' In order to provide general information on this question. we first carry nut a detailed study of exponential f,ums that involve linear recurring sequenees. It will then become apparent that in the case of linear recurring sequences for which the least period is large, the elements of the underlying finite field appear about equally often in the full period and also in large segments of the full pcriod. Let so. 51 ... · he a k th-order linear recurring sequence in IF q satisfying (6.1), let r be its least period and " 0 its preperiod, so that ""., ~ .." for n ;3 no- With this sequence we associate a positive integer R in the following way. Consider the impulse response sequence do, d ,.... satisfying (6.6), let r j be it!:. least period and n l its preperiod: then we set R = r 1 + n 1• Of course, R depends only On the linear recurrence relation (6.1) and not on the ~pecifil' form of the sequence. If so' St .... is a homogeneous linear recurring sequence with characteristic polynomial I(x) E IF q[x], then r l ~ or
'"
hll ' -l-h~ ISf1t~ l)e ( ----;).
()
Sinct: the general ll:rm of this sum \\·ritt:
ha~
period r as a function of n, we can
, ' I
a(b;h)=
L
X(hIJS'lII-hl.\n~2-
....f
+-.!l)
h A I·, n • A )e (!l(n r '
"j
237
O:e rhe minimal polynomial m(x) of rhe sequence is irreducihle OlW IF q • has degree k, and satisfies m(O) '" O. Ler h he rhe least common multiple of rand q - 1. Then,
1.)(!__ r .)qA/2 q h q' _ I and
l
. q ' I r I /-(O)G(f.;\). q(q -I)"~A
where the ",terisk indicates that the trivial multiplicative character is deleted from the range of summation. Since Ais nontrivial. we have IG( f. X)I = q'/2'
for evcry nontrivial J/t. and so 7(0)- (q' ,'-I)ri~ (q ~ I)r (IAI-I)qk/2 q - I , q( q .. I) 1
(6.42)
Let l/ be the smallest subgroup of F* containing a and K*. The clement a has order r in the cyclic group F*. therefore IHI ~ h. the least common multiple of rand q - 1. Furthermore. we have>/- E A if and only if >/-(/3) ~ 1 for all f3 E n. In other words. A is the annihilator of H in (F*)' (see p. 165), and so
IF* I q' - I IAI ~1-iIT ~ - h -
(6.43)
by Theorem 5.6. The inequality (6.37) follows now from (6.42) and (6.43). For h ~ O. we go back to (6.41) and note first that the additive
character i\~ i1:i thcn nontrivial. Therefore, the trivial multiplicative character contributes I to the sum in (6.41), so that we can write ,
I
7(h)-~~ ---(q
I
- [*";'(O)G(>/-.X)GWA~). q( q - I) c cJ
Now G( >/-'. A~) ~ - I if";" is trivial and IG( ";". A~) I ~ q'/7 if >/-' is nontrivial, which implies
. q' 'r 1 ~--(IAI-l+(IJI-IAI)qll2)q('/2' r :7(b)--I. q' - I q' - 1
I
Since J is the annihilator in (F*)' of the subgroup of F* generatod b)' a. we have IJI ~ (qk -I)/r by Theorem 5.6. This is combined with (6.43) to complete the proof of (6.3R). [J
One can also ohtain rC1:iUlb about the distrihution of element1:i in parts of the period. Let so' 51 •... be an arbitrary linear recurring 1:icquenee in ~ q with least period rand preperiod " 0 , For h" IF", for No" no and I ~ N ~ r, let Z(h; No, N) he the number of n. Nil" II ~ No -+- N -1. with sn
h.
6.85. Theorem. Ler so. St •... he a krh-order linear recurring sequence in IF If with least period rand preperiod Ill). and let R be as in Theorem 6.7R. '!'hen. for any h E IF q we hace
245
1:.Xl·rt'i~l·'"
IZ(h;
NO' N)-
jor No ;:: no alld I Proof
~
~I" (I-~)( ~ (' q'12(~log,o lc5 _ N) ,
N.:s;,; r.
Proceeding as in the proof of Theorcm 6.82 and using the
same notation as there. we arrivc at the identity
On the basis of Theorem 6.81 we obtain then
" sincc thac ar~ q
2 + -;:N) . R q / - ;: log, . 5" (I- q1)(')'/),,(2
I nontrivial additive characters of IF 'I .
n
The method in the proof of Thcorem 6.84 ean alw be adapted to produce rcsults on the distrihution of elements in parts of the period (compare with Exercises 6.69. 6.70. and 6.71).
EXERCISES
6.1. 6.2. 6.3.
6.4.
Design a feedback shift register implementing the linear recurrence reiationslj_s=slj.4-SIj.3-.'n,l+slj.n=0,I. ... , inlF.~. Design a feedhaek shift register implementing the linear recurrence re!ations,/.7..:::3sn_s-2slj.4+sn.d+2sn+l.n=0,1, inlF 7 · l.et, he a period of the ultimately periodic sequence so. 5, and let flf) he the least nonnegativc integer such that Sn t r'= slj for all n ~ flO' Prove that no is equal to the preperiod of the sequence. Determine the order of the matrix
A=
6.5. 6.6.
6.7.
(~
o o o o I o o I
in the general linear group CL(4.1F,). Obtain the results of Example 6.1 R by the methods of Section 5. Usc (6. R) to give an explicit formula for the terms of the linear recurring sequence in IF.~ with So ="1 = I, !J'2 = 0, and sn-+ 3 =- Sn I l + sn for fl = 0, I..... Lse the result in Remark 6.13 10 give an explicit formula for the
I.lne = S7 -= O. s.~ -:.- .'1 4 = 55 = s~ '"'" 1, and SfI _ 'J = 5n~7+Sn'4+SIl+I+_f"forn=O.I. .... Find the least p~ri()d of the linear recurring ~equence in IF ~ with So - sl=l, S2"'"""S\ -0, S4=-1. and sn~.~=S'I_4-SIl_3· 5 n _ 2 -S>,/ for n = 0, 1. ....
6.36.
find the kast period of the linear recurring sequence in IF; with
Linl,.'ar Recurring Scqu('nc('s
24R
'~n' 4
.'in. 3 -i- Sn' 1 .. .'in .-
I for n = O. 1. ... and initial state vector
(0, - 1.1,0). 6.37.
Prov~
that a k th-unkr
lin~ar recurring :-.cqucncc
so- SI'''' in IF" has
least period q' exactly in the following cases: (a) k ~ I, If prime, S"., ~ So - a for n ~ 0, I. with a (h) k~2,q~2,s"_,~s"~1 forll~O.I. . 6.38.
6.39.
6.41.
f;:
Given a homogeneous linear recurring sequence in IF" with a nonconstant minimal polynomial mIx) E fq[x] whose roots are nonl.ero and simple, prove that the least period of the sequence is equal to the least positive integer r such that a' ~ I for all roots a of mIx). Prove: if the homogeneous linear recurring sequence 0" in IF 1/ has minimal polynomial fIx) Eo f .[xl with deg(j(x)) = n ;> I, then every sequence in S(j(x)) can be expressed uniquely as a linear combina-
tion of 6.40.
E
a/oJ and the shifted sequences o(l),o(2) ..... o(n
a""""
with
I)
coefficients in f q' Let fl(x) .... Jk(x) bc nonconstant monic polynomials over f q that are pairwise relatively prime. Prove that S(jl (x)· .. f, (x)) is the direct sum of thc linear suhspaces S(jI(X)).... ,S(j,(x)).
Let
SUo SI" ..
be a homogeneous linear recurring sequence in K
=
IF II
with characteristic polynomial f(x) ~ f,(x)' .. f,( x), where the j,(x) arc distinct monic irreducible polynomials over K. For i ~ I ... .,r, let a; be a fixed root of j,(x) in its splitting field F; over K. Prove that there exist uniquely determined clements 0, E FI, .... O, f' f; such that s"~Trr./.(Olail+ ... +Trr./K(O,a~) forn~O,I,....
6.42.
6.43.
With the notation of Exercise 6.41, prove that the sequence so' 51 .... has f(x) as its minimal polynomial if and only if 0, "" for I '" i '" r. Thus show that the number of sequences in S(j(x)) that have fIx) as minimal polynomial is given by (qk, -I)··· (q" -I), where k, ~ deg(j,(x)) for I", i '" r. Let 01 and 0, be the impulse response sequences in f, associated with
°
the linear recurrence relations.'i n I 6 ~
6.44.
=
sn
I ]
+ .'in ( n ' :; 0.1, ... ) and
.\" . , I .\"( n ~ 0, I, ... ), respectively. I'i nd the least period of
Let S".
a I b~ I -
the linear recurring sequence in IF] with
°
I
sn I 3
+ 0,.
.'in I ] = .'In ~ 2 -
So for n ~ 0, I, ... and initial state vector (0, I, 0), and let a, be
the linear recurring
sequenc~
in 1F 3 with.'i n . ."
-" -
sn. , - sn
I 2 ......
sn
for
n ~ 0, I, ... and initial state vector (1, I, 1,0, I). Lse the method of Example 6.58 to determine the minimal polynomial of the sum
sequence
a I + a.'..
6.45.
l'ind the least period of the sum sequence in Exercise 6.44.
6.46.
Given a homogeneous linear recurring sequence in IF 2 with minimal
6.47.
polynomial x' ~ x' ~ x 4 + I E f,.[x I, determine the minimal polynomial of its binary complement. Let fIx) ~ x' + x' ~ x 4 + x' ~ x' + x + I," f,lxJ. Determine the le:tlSI nl~riod" of ,fXlllence:" from Sf ff :.: n :.ino the: nllmher of se-
249
6.48.
6.49.
quem:t::-. attaining t:ach pO!'lsihle lc.:ast paiod. Let/(x)~(x 1 I)'(x'-x' 1)r=f,lxl. Determine the least periods of sequences from S(/(X») and the number of sequences attaining
each possihle least period. Let I(x) ~ x' - 2x' - x' - I r: I'.,[xl. Determine the least periods of . . . cquenct:s from S( f(
6.50.
x))
and the numbt:r of sequt:nccs uttaining cach
possihle least period. hnd a monic polynomial g(x) Co f
31xl
such that
S(x+I)5(x'+x-I)5(x"-x-l)
6.51.
Find a monic polyn()mial g(x)f'fi',I_\1 such that S(\'+X-II)S(.\'+x 4
6.52.
,
I)-S(g(x)).
For odd q determine a monic g(x) f' fi',,[x 1 for which S((\
6.5}.
5(g(x)).
1)')S((x
I)') ~S(g(x)).
What i~ the situation for even £I? Prove that f v (gh) (/ V g)(/ v h) for nonconstant polynomials f. g. h" II'qlxJ. provided the two factors on, the right-hand side are
relatively prime. 6.54.
6.55.
6.56.
6.57.
Consider the impulse n:~ponse sequt.:nce in !F 1 associated with the lint:ar recurrence relation -"1/.4 --, '\n I ) - '\fI' n 0, L and the linear recurring ~equencc in !F.l with sn' ~ "'1/' 11 = O. 1, and initial .,tate vector (0. I. I. 1). Usc these st:quenee~ t{l ~how that thert: is no analog of Theorem 6.:')9 for multiplication of se4uence~. For r " Nand 1'= f ,I x 1with deg( /) > O. let (J,(/) he the sum ()f the
r th power; of the di;tinct roots of f. Prove that (J,ff v g)(J,(j )(J,( g) for noneonstant polyn()mials I. g r: fi',,[x I. provided that the numher of distinct roots of 1 V g is equal to the product of the numhers of distinct roots of I and g. respeetively. Let SO' 51"" he an arbitrary sequence in IF", and let JI ~ 0 and r ~ 1 he integers. Prove that if both Ihmkel determinants [),:~)"2 and J)~" I) arc 0, then also n,::ll "'" O. Prove that the sequence su' -"I •... in 11-1{ is u homogenc()us linear recurring sequence with minim'''''' ;n q:
.,f
250
Lincar RCl:urring Sequenccs
order" 4 are given hy 2. I. O. I. .. 2. O. -·2. - I. Determine its minimal polynomial by the Berlekamp-Ma"ey algorithm. 6.64.
6.65. 6.66.
The first 10 tcrms of a homogcneous linear recurring st:quence in }
I"·f. 'x(s,,)',,(j)'/\q'
for all U;;O O.
r)'/2
I
n- u
Note that b - 0 ean he excluded in (6.33).) Suppose the conditions of Theorem 6.84 hold, let r be a multiple of (q' - I )/( q - I) and let (q' .. III rand k he relatively prime. Prove that Z(O) ~ (q' '- I)r I( q' - 1). Suppose the conditions of Theorem 6.84 hold. let q he odd and h ~ (q' -1)/2. Prove that equality holds in (6.37). Let Z(h: No- N) he as in Theorem 6.85. Under the conditions of Theorem 6.84 and using the notation in the proof of this theorem. show that
(Him:
6.67.
6.68. 6.69.
Z(h: No, N)
N
~-Z(bH
r
7'\'
1
(k ) q q -I
.'.(O)G( I iI)G(" A' )",(a)'\o'.v _>/-(a)V" 'I' 'i', 'i', h y(a)-I
l!-(ft) .... l
6.70.
Deduce from the result of Exercise 6.69 that Z(O:No,N)-
I
(q' ,'-I)NI"(I_l)(~ q -I
q
I 6.71.
3
of order" 5 are given hy I. - 1.0. -1.0.0.0,0, 1,0. Determine its minimal polynomial by the Berlekamp-Massey algorithm. Find the homogeneous linear recurring sequence in F, of least order whose first 10 terms are 2,0, - I. .. 2,0, O. 2,2. -- I. - 2. Suppose the conditions of Theorem 6.78 hold and assume in addition that the characteristic polynomial fix) of the sequence "'o.s" ... satisfies frO) '" O. Establish the following improvement of (6.31):
I
- qt-_)q'/2 -I
1(~IOg_h_+f)' 'IT q ... I II
q"I2J
where f h ~ 0 for h ~ q - I and f h .• ; for h > q - I. Deduce from the result of Exercise 6.69 that 'N I IZ(h - : No' N) - q' q' _ I "
(2;: Iog r + "52.•. N(hhr
+( for h =t-
n
N _ _N
h
q'
.)q! product is inteopreted to be I if 1- 1. The Bllll) is symmetric in ca"'e [ In -1·-- that i:-,. if the hlocks ar~ the hyperpbnes of P(;(m.IF'1). In the affine case, the parameters of the resulting BIBD are as follows: r- -,. q»l,
h
=
qftl
[rl qm i-I
k ~q',
-=- 1
[-I
q' - I
A~
--.
t
qm /·'_1
1-1
q'-I
r~n-
n q ql -- I_
{
1
m
[Ii
2.
/- I
with the same convention for symmetriC'.
I ~
I as above. Such a BIBD is never U
A tactical configuration can be descrihed by its incidence matrix.
Thcorclicall\pplicaliotl~
264
of I-inite fields
This is a matrix A of v rows and h columns. where the rows correspond to
the varieties and the columns to the hloeks. We numher the varieties and hlocks. and if the ith variety is incident with the jth hloek, we define the (i. j) entry of A to he the integer I. otherwise O. The sum of entries in any row is r and that in any column is k. If A is the incidence matrix of a (c, k. A) block design, then the inner product of two different rows of A is A. Thus, if A'I denotes the transpose of A, then
AA T ~
r
A
A
r
A A
IA
A
r
~(r-A)i
IAJ.
where I is the [! X r identity matrix and J is the (; x v matrix with all entries equal to I. We compute the determinant of AA T by subtracting the first column from the others and then adding to the first row the sum of the others. The result is 0
rk
det( AA
T
)
A ~ A
I~
0 ()
0 0 0
0 0
A
r
A
r
0
1- rk (r
A)"-I.
r - AI
where we have used (7.4). If v = k, the design is trivial, since each block is incident with all l' varieties. If v> k, then r >;, hy (7.4), and so A AT is of rank D. The matrix A cannot have !olmallcr rank. hence we obtain h",
10.
(7.5)
By (7.3). we must abo have r '" k. for a svmlnelric ( c, k. A) block design we have r ~ k, hence AJ ~ JA. and so A commutes with (r - A) 1+ AJ ~ A AI. Since A is nonsingulal' if c>k. we get AIA- AA I -·(r A)/- AJ. It follows that any lwn dislinC! h/ocks h£ll~e exactly A varieties in common. This holds trivially if v...::. k. We have seen that the conditions (7.3) and (7.4), and furthermore (7.5) in the nontrivial case. are necess3l'y for the existence of a B1BD with parameters c, h. r. f,;, A. These conditions are. however. not sufficient for the existence of such a design. For instance. a BIBD with c ~ h ~ 43. r = k ~ 7, and A ~ I is known to he impossihle. The varieties and hloeks of a symmetric (c, k. A) hloek design with k '" 3 and A ~ I satisfy the conditions for points and lines of a finite projective plane. The converse is also true. Thus. the COllcepl:i of a s)'mm(,lric (c. k. I) hlock design wilh k ?' 3 and of a finile projel'tiGe pla"e are equipatent. ('on . . idcr the BIRD in F.xamnle 7.17 and intcmret the varieties
2.
Combinatork:~
205
O. I. 2. 3. 4. 5,6 as integers modulo 7. Each hlock of this design has the property that the differences hetween its distinct elements yield all nonzero residues modulo 7. This suggests the following definition. Definition. .. set D ~ (d, ..... d,) of k" 2 distinct residues modulo " is called a (r. k. A) difference sel if for every d '" 0 mod ,. there are exactly A ordered pairs (d,. d,) with d,. d, of n yield the (15.7. .1) difference set (0.2. .1,(,.0.13.14).
n
!\nnther hrant:h of comhinatoric:-- in which finite fields are useful the theory of orthl)glmal latin square:--.
IS
7.25.
Oefinition.
An array
I.
(a" )
a"
(il.'
(i i 1/
u.' I
U .'./
i l l . II
ani
(11/ .'.
UI/'I
~
;
i:-- called a !min square of order n if each row and each column contains every dement of a set of n elements exactly once. Two latin squares «(11/) and (h l / ) of order n are ~aid to he Orl!z0Kona! if the n'2 ordcfI.::d pairs (ll". h ii ) arc all different.
7.26. integer
Theorem.
II
!min squure of order
11
exists for
('I.·C(I"
pmirire
fl.
Proof Consider (all) with u i /:.::. i - }mod n. I ~ (/'1 ~ n. Then ill/ = implies i + ) == i - k mod n. and so j == k mod n. which means} = k sincc I ~ i. j. k :s;;; n. Similarly. a ii "'" (l;./ impli~s i = k. Thus the elements of each D row and each column arc distinct.
(1lk
Orthogonal latin squares were first studied ~y Fuler. He conjectured that there did not exist pairs of orthogonal latin squares of order n if II is twice an odd integer. This was disproved in 1959 by the construction of a pair of orthogonallalin squares of order 22. It is now known thaI the values of n for which there exists a pair of orthogonal latin squares of order II arc precisely all n> 2 with n # 6. for some values of n, more than t\\l(.) latin :--quare:-- \)f order 11 exi~t that are mutually orthogonal (i.e.. orthogonal in pairs). We shall :--how that if 11 q. a prime power. then there exist q - I mutually orthogonal latin s4uares of order q. by u:--ing the existence \)f finite fidd~ of l)rder (I.
7.27. Theorem. Then lhe arrays
I.,
~
Lei
ao
al
ll;. a l
+01 0J..U~ + 0 1
a,,(l?
UkU q
00
I
I
he the elemenTs of IF".
aq
(1k(l]
uAa q
= O. a],a 2 ••• .,a ll
-r a]
aq
a;.a]
I
atl)
!orO~k~r=
min (If/-l). 1,,;;
I:S;.\
and let br . I"'" hn I with n = q I . . . q~ be the remainill/{ s-lUples that cun he formed hy laking in the ilh coordinate an element of IF If: These s-Iup/es are
269
2. Comhinatoric..
added and mulriplred h)' adding alld nlUllip/villg Iheir coordinales. Th('// Ihe arrays
f.,
ho h,h, b,b,
~
\ h"bn form a set of r
,
h, b,h, + h, b,h,+h,
b" bAb l +hll b, h, + b"
b,hn • , + h,
h~ h'l 1+ b'l
mUl/la/~v
, k
I .... .r.
, 1 ;
orthogonal latin squares of order n.
T aetical configurations and latin square~ are of use in the design of stwistical experiments. for example. suppose that n varieties of wheat arc to he compared as to their mean yield on a certain type of soil. At our disposal is a rectangular field subdivided inw n 2 plots. Ilowcver. even if we are
careFul in the selection of our Field. diFFerences in soil fertility will occur on it. Thus. if all the plots of the first row are occupied by the first variety. it may very well be that the first row is of high fertility and we might ohtain a high yield for the first variety although it is not superior to the other varieties. We shall he less likely to vitiate our comparisons if we set every variety onee in every row and once in every column. In other words. the
varieties should be planted on the II' plots in such a way that a latin square of order
/l
is formed.
It is often desirable to teM at the same time other factors influencing the yield. I'or instance. we might want to apply n diFFercnt fertili/.ers and evaluate their effectiveness. We will then arrange fertiliLers and varieties on
the
n'
plots in such a way that hoth the arrangement of Fertilizers and the
arrangement of varieties form a latin ~quare of order n. and such that every Fertili,er is applied exactly once to every variety. Thus. in the language of comhinatorics. the latin squares of fertilizer and v.'.1
-I
h2~
h.l. q h'q
- 1
h,j
/)])
-I
h,,-
h'/2
h,,3
l~i.}.::;:;q.i"=l=j.
i-> a lIadamard matrix of order
q' I. Proof Since all c.::ntric.::s arc . I. it "ufflce~ to ~hov. that the mner product of any twO di~tinct rows i~ O. The inner product of the first row with the (i '" I)st row, I ,,; i " q, is
L
1+(-1)+ Lh'/~ L~(a,-(/,)J
to
I
I " I
by (5.12). The inner product of the (i I ~ i < /.. :( 4- b
..
~
~«()-O
E-Ii,;
l)st row with the (k -I)st row.
271
3. l.im:ur Muuul
where 1/
Proof
(i) Let
I ~
I
I ~
~
i! I
~
0,
i!l:;' I.
0 in Definition 7.34(5), then s( I)
which proves (i) for
D
-
( ) - { CA' 'B
~
As(O) + Hu(O),
I. Assume (i) is true for some
I:
A"'s(O)+ ,
I :;,
I, Ihcn
A' ;Bu(i)
0
proves (i) for I + I. (ii) By (i) and Definition 734(5) we have
~CA's(O)+
I:
FI(I-i)u(i),
1=0
where H(t - i) ~ CA' , 'B when
1-
i:;, 1 and H(I - i) ~ D when
t -
i ~ O. ::J
By Theorem 7.36(ii) we can decompose the output of an L'-'1S into two components, the free component
y( t )r", ohlained in case u(t)
~
~
CA's(O)
0 for all t :;, 0, and the !or
'VIaximal period sequences possess a universality property, in the sense that a much larger class of linear recurring sequences can he derived from them by applying decimations. 7.48. Theorem. 1.et a he a gif;ell kIll-order maxima! period sequence in } q' "J'hen every linear recurring sequence in ~ q /zaring an irreducihle minimal polynomial ~(x) with ~(O) -f 0 and deg(x(x)) di,'iding k can he obtained from 0' hy applying a suitahle decimation. I'ro(!f. If the terms of" arc denoted by Theorem 7.47 we have
s, = Tr"'K(Ux')
for all
SO'
then as in the proof of
n '" 0,
where:x is a primitive element of r - Fq~' DE F*. and K = Fq' Let uo, u1.". he a linear recurring sequence in ~ q with irreducible minimal polynomial g{x). where g(O) #0 and III = deg(g(x)) divides k. Then g(x) has a root yF E = J q." and y;" 0 since g(O)" O. Furthermore, Ii is a subficld of F by Theorem 2.6. It follows that there exists an integer d '" I such that y = ad, Ry Theorem 6.24 we have ", = TrE,K({Jy') for all n '" 0, where lie P. Let bEl"" be such that Tr"db) = (I, and choose an integer i> '" 0 with 6U-\ = ah Then by the transitivity of the trace (sec Theorem 2.26) we have 'h' ,d = Tr"/K(U~h . 'd) = T r"'K(b/)
= Tr!:'KCrr",,:(6y'))
= TrE/K(ji-;") = ",
for all n '" O. and so the sequence U","\, ... is equal to the decimated sequence ~),
0
The condition g(O) # 0 in Theorem 7.4~ rules out the case g(x) - x in which the sequence has the form f, O. 0.... with cd:. Such a sequence has pre period I, and thus it cannot be derived from" hy a decimation since every decimatcd scquencc a~hl is periodic.
287
4. Pseudorandom Sequences
In the special case d -=- I we write a\h l = a(hl, which is the sequence obtained by shifting (J hy h tenns. Maximal period scquences can be eharactcri/.cd in tcnns of a structural property of the set of all shifted sequences. We use again the termwise operations for sequences introduced in Chapter 6, Section 5. 7.49. Theorem. Jf a is a nonzero periodic sequence of elemems of} q' sequences a(M, Ii = 0, 1, .. . ,togeTher with The zero sequenceform a lJ(!CWr space over!J- q under termwise operations for sequences if and only (f a is a maximal period sequence in } q' l hen l he shifted
Proof If (J is a kth-ordcr maximal period sequence in Fq , then the initial state vectors of the sequences (J'h), h = 0, I, ... , q' 2, and of the lero sequence run exactly through all vectors in };. From this it follows easily that these sequences form a vector space over I q' Note also that any shiftcd sequence (J1 - C" m is equal to ,," m; this exhausts all possible values of tv n . For (JEff, 0 ~ a < "m, consider a real 1 with ap- m ,;; c < (a + I)p m. Then
and so 11',(1)-
,(a I liP'
cl=, '-, p
c)--'-· ("-I)P::'~I. p' - I
4. Pseudorandom
291
SetlUl.:nr..:~!'
and
o~
I-(a-I)p
,
P -I
hcnce tl~
, P,(l)
Since
and
1',(1- I)
p,II)=
pm
I
pm .
(I_~)I_ pm
I
pm
I, it follow, from (7.10) that D,=p-m.
Theorem 7.52 show, that if m is chosen sufficiently large, then the \\.'0, w 1•· .. passes the uniformity test when considered over the full period. For parts of the period that is, for I ~ IV < r-we can establish an upper hound for the quantity 1)" in (7.10). I.et IV O, IV,,. .. he a ,equenee of clements of [0, 11 whose terms arc given by finite digital representations
scquence
m
Wn
=
L \1.'~)p
i,
II =
O. I, ... ,
(7.11)
;·1
where the digits l1':i) belong to the set {O. I, .... P - I} and m is independent of 11. For ilEIL we define cr(iI) - dilip), where ell) is the complex exponential function used in Chapter 6, Section 7, 7.53. I. emma. Let \\"0' \\"l,'" he u seqw~n(:e vj' "femews of roo IJ .(Iiven hy (7.1 ') und Jet /V he a positire illleyer. LeI U h~ a cOllsLQnt such thm for allY h 1 ... ··h m E{O, l. ... ,p-l~ thar are nOl allD l .... e Iwce
I
I
I ,\" , e III 11'(1), "'+11 w1m )) k. We r~gaf(..1 th~ code word as an lH.limcn~ional row vector (' in IF;. Thus/in l-"igurc X.I is a function from IFI~ into IF;. called a coding scheme. and g: IF; ·.... IF; is a de('(}ding scheme. ~'ymhols
{'j
E::
11-", where
11
~·~~lrd \-l~~~ar.e a
I, l)(:co(\\'(\ .i....k.s~at'.'-'-," rI
_
C
]
_." '!rnn,mIS,I011 (liannd
~~~\'~~d Ml..,~~...----_J
CIC a FtGI:RE ~.1 A communication system.
--
~---L.-_---, ...---
.....--- "'\oiq~"
301
I. Linear Cot.ks
J\. simpk typ~ of coding scheme arises when each hlock a Ji.: ... 'llc~~age :-:'ylllhois i~
Uk
of
encoded into a code word of the form
where the first II. symhols arc the original messuf!.l' symhols and the additional 11 k symhols in iF'l arc cOn/rol .\ymhols. Sueh coding ~chemes arc (\ften presented in the following way. Let /I he a givcn (n - k)x II matrix with entries in IF/I that is of the special form
wheTC A is an (Il A..)X k matrix and 1'1 /.. is the identity matrix of order k. The ~(mtr()1 symhob ck t 1•••• 'C n can then he.: calculated from the system ()f equations 11
He' for c\)de cl/uatiof/.\. 8.1.
word~
Example.
~O
c. The clluations of this syste.:m arc called parity-check
I.el /I he the following 3 X 7 matrix over 1',: /I
: I
o
I ,I
I I
i
I 0 I
I I 0
o
I 0 0
0'
I 0). o I,
Then the control ~.vlllhois can he calculated hy solving Hc r = O. give.:n l'1' ('2' ('!' ('4:
'"
~O
+C;';('4IC~
~O
-C n
-","0 + c.; ('~
..-- (:
C;=C 1
c, C)
-
I
("4
-r
l'4
L I
0
(n - :- 1)( q _ I)'. I
Proo]. We prove this theorem by constructing an (n - k) X II parity-check matrix H for such a code. We choosc the first column of /I as any nonzero (n _. k )-tuplc over I' q' The sccond column is any (n - k )-tuplc ovcr I' q that is not a scalar multi pic of the first column. In general. suppose .i - I columns have becn chosen so that any d - I of them arc linearly independent. There arc at most
~~,: (.i ~ I ) (q_ I)' vector... ohtaincd hy linear (om hi nations of d - 2 ()f fewer of the~c j - 1 columns. If the inequality of the theorcm holds, then it will be possible to choose a jth column that is linearly independent l)f any d - 2 of the first .i - I columns. The construction can be carried out in such a way that H has rank II - k. Thc rcsulting code has minimum distance ~ d by Lemma 8.14.
o We define the dual code of a given linear code C by means of the following concepts. Let U=(II" .... II,), .=(v, .... ,c,,)E:I';, then u·.~ II, v, + ... + II,c, denotes thc dot prodllct of u and v. If u·. ~ 0, then u and • are called orthogonal.
8.28. I>efinilion. Let C be a linear (11, k) code over I'q. Then its dllal (or orthogonal) ('ode C' is defined as C" ~{UEI';:U'v'~O forall.ECl. The code C is a k-dimensional subspace of the dimension of (' ,
1';,
1. Linear Codes
JOY
is n _. k. C J is a linear (n, n - k) code. It is easy to show that C ~ has generator matrix H if C has parity-check matrix 1/ and that C ~ has parity-check matrix G if C has generator matrix G. Considerahle information on a code is obtained from the weight enumeration. For instance. to determine decoding error prohabilitics or in certain decoding algorithms it is important to know the distribution of the weights of code words. There is a fundamental connection between the weight distribution of a linear code and of its dual code. This will be derived in the following theorem. 8.29. Definition. Let A; denote the number of code words c E C of weight i. 0 " i " n. Then the polynomial
L:"
A(x,y)=
1"-
A,x;y""
0
in the indeterminates x and y over the complex numbers is called the weight enumeralor of C. We shall need characters of finite fields. as discussed in Chapter 5. 8.30. Definition. l.et X be a nontrivial additive character of 0: q and let v· U denote the dot product of '·.U E 0:;. We define for fixed v EO:; the mapping X,,:IF~' -~C by X,(u) = X(v'u) for u E 0:;.
f
If V is a vector space over C and define g/: 0:; --. V hy
gf(u)
L: ·x,(u)f(v)
=
0:;
a mapping from
into V, then we
for u EO:;.
v EF;
8.31. I.emma. l.et E be a subspace of 0:;, E" its orthogonal complement, f: IF; - V a mapping from IF; into a vector space V over C and X a nOflirivial additive character of IF q. Then
1:
L:
gr(u) ~ lEI
ufo-I-."
f(v).
\,1;-
Proof
L:
gr(u)
urI:
L: L:
=
x,(u)f(v)
ur.L"E'-n~·
. ·IEI
L:
I • U F.:
L:
!(v)+
L: L:
x(c)f(v).
\.f/./;'. (E:IFl
H-O=;
"
L PI
,
~
. .•
n
n[X(u,t.,}x""y'
,',]
1.~,r"I-1
L
[x(u,G)x" y'
1=1 t,;"=:IF,,
"'I·
h" u, ~ 0 we have X(u,G) ~ X(O) - I. hence the corresponding factor in the product i:-. (q - T)x + y. For li l I 0 the corre~ponding factor i~
L
y-x
X(,,)
Y
x.
1·(""1.;
'I herefore. g/ (u) ~ (y - x) ''"'( r - (q - I) x)"
I.emma 8.31 implies IC:A'(x.y}~'C1
L
f(v)
\ (. C
I'inally. 'C, - q' hy hypothesis.
L
gl(u)~A(r-x.y+(q-l)x}.
u~(·
CJ
8.33. Corollary. Lei x = z and y . . I in the weif!,lll enumerQ/Ors A ( x. r) alld A - (x. y) alld del/Of(' fhe re.IUIlillg polYllomial, by A(z) and
J \1
2. Cydir..: Codl:s
A : (;:-). respectively. Then thl! MacWilliams identity can he wrillen in the jorm
,1"(z)~q 8.34.
Example.
and dimt:nsion
'(I+(q-I)Z)",1(
1_-:-_=_). I) =
I ' (q
I.et Cm be Ihe binary Hamming code of length
11 -
m over IF J.' Tht: dual codt:
('.n
l
II
=
2m
-
I
has as its generator matrix
the parity-check matrix If of Cm • which consists of all nonzero column vector.., of length In over lF 2 • Cm.1 consists of the 7.ero vector and 2 m - 1 vectors of weight 2"1 I. Thus the weight enumerator of Cm.1 IS
y" I (2 m
..
I )xJ"' 'y"
Ily Theorem R.32 the weight enumerator for C,,, is given by I [( y+x )" A ( x.y ) =n+l
';"11
( y-x )'». 1>/'( y+x )'"
I.el ,11')-- ,1I=.I)·-that is. Alz)-L:;'_oA,='
11/'1 .
then one can verify that
;1(:) satisfies the differential cquation ( I - z')
dAd~z) + (I ,
with initial condition A(O}
i,1,
=
liZ)
A (=)
~ ( I + z)"
Ao = I. This is equivalent to
L~I)-,1, ,-(n-i+2),1,_, fori-2.3 .... ,1I
with initial c{mdition:-. A o = 1. ;11 =- O.
2.
CYCLIC COOES
Cyclic cpdcs arc a special c1a::,s of linear codes that can he implemented
fairlv simply and whose mathematical structure is reasonably well known. 8.35.
Oefinition.
(GO.GI ..... G n
A linear (n. k) code C over IF" is called ,l~\
,"~'
~'.
':
,.
\(1.\ 1'1';)'
'N:')!
/9'
8.37. Urfin!ti..n. Let C (g(x» he a cyclic code. Then g(x) is called th~.:· generulOr pol)'nonllal of C and h(x) ~ (x" - I )/g( x) is called the paril:~,rhe'ik:.:: a code polynomial. und :'>0 is ,\;~).\") = considered modulo x" I. The. polynomials g,(x). j ~ 1, arc linearly independent and form the canonical generator
Con:,>t:quently. x'(x' 11
r;lx»
k .... ,11
matrix
(I(.
R).
where I k i~ the k x k identity matrix and R i:, the k x ith row is the vector of cocfficienb of r'l ~ l ' I(X),
IU8.
Exampl