[rudolf lidl, harald niederreiter] introduction to(bookfi.org)
TRANSCRIPT
ds Introduction to finite fiel and their applicationsRU D O LF L1 DL, /iubart, AWilraliu Unirersil)' (If Tasmania
RE IT FR IIA RA LD N fE D I:R oI ScijJ1Ju's. Vie llna , All.'it/"ia Aus tria /1 Aca dem y
= -= =
~",,;:;,,;~;Z;~~;,~, Iml I II "a, I III I :::::=:::====.. =tJ.
(.J c&",;n~O'l$l
;t, 1 on linear recurring sequences depends mostly on Chapters 2 and 3. Chapters 7. 8, and 9 are devoted to applications and draw on various material in the previous chapters. Chapter 10 supplements parts of Chapters 2, 3, and 9. Each chapter starts with a hrief description of its contents, hence it should not he necessary to give a synopsis of the hook here. In order to enhance the attractiveness of this hook as a text hook, we have inserted worked-out examples at appropriate points in the text and inciuded lists of exercises for Chapters I -9. These exercises range from routine problems to alternative proofs of key theorems, but contain also material going beyond what is covered in the text. With regard to cros~-rcferences, we have numbered all items in the main text consecutively by chapters, regardless of whether they are definitions. theorems, examples, and so on. Thus, "Definition 2.41" refers to item 41 in Chapter 2 (which happens to be a definition) and "Remark 6.23" refers to item 23 in Chapter 6 (which happens to he a remark). In the same vein, "Exercise 5.21" refers to the list of exercises in Chapter 5. We gratefully acknowledge the help of Mrs. Melanic Barton and Mrs. Retty Golding who typed the manuscript with great care and efficiency.R. LIDL
H.
r-;tEllI'RRI'.ITI.R
Chapter I
Algebraic Foundations
Thi' introductory chapter contains a survey of some basic algebraic concept' that will be employed throughout the hook. Elementary algebra uses the operations of arithmetic ,uch a, addition and multiplication, hut replaces particular numbers hy symbol, and thereby ohtains formulas that, by suhstitution, provide solutions to specific numerical problems. In modern algebra the level of abstraction is raised further: instead of dealingwith the familiar operations on real numhers, one treats general operations
-processes of t:omhining two or more clements to yield another element- in general sets. The aim is to study the common properties of all systems consisting of sets on which are defined a fixed number of operations interrelated in some definite way-for instance, sets with two binary
operations behaving like + and for the real numbers. Only the most fundamental definitions and properties of algehraicsystems- that is. of sets together with one or more operations on the
set will be introduced, and the theory will be discussed only to the extent needed for our ,pecial purposes in the study of finite fields later on. We state some standard results without proof. With regard to sets we adopt the naive standpoint. We use the following sets of numbers: the set I'\J of natural numbers, the set 7L of integers, the set Q of rati,mal numhers, the ,et IR of real numbers, and the set C of complex numhers.
2
Algehraic Foundation.,
I.
GROUPS
In the set of all integers the two operations addition and multiplication arc well known. We can generalize the concept of operation to arbitrary sets. Let S be a set and let S X S denote the set of all ordered pairs (s, I) with s E S, IE S. Then a mapping from S X S into S will be called a (billa~v) operalioll on S. Under this definition we require that the image of (5, t) E S X S must be inS; this is the closure property of an operation. By analf{ehraic structure or algehraic system we mean a set S together with one or more operations on S. In elementary arithmetic we are provided with two operations.
addition and multiplication, that have associativity as one of their most important properties. Of the various possible algebraic systems having a single associative operation, the type known as a group has been by far the most extcnsively studied and developed. The theory of groups is one of the oldest parts of abstract algcbra as well as onc particularly rich in applications.
1.1.
Definition. A group is a set G together with a binary operation1.
0
on
G sueb that the following three properties hold;
* is associative; that is. for any a, h, c E
(j,
ao(boc)~ (aob)oc.
2.
There is an identity (or unity) elemelll e in G such that for all aEG, For each a Ea*e=e*a=a. G, there cxists an inverse element a- J E G such that
3.
If the group also satisfies 4. Foralla.hEG,a*h=b*a,
then the group is called abelian (or commutative).It is easily shown tbat the identity element e and lhe inverse clement a J of a given element a E G are uniquely determined by the properties above. Furthermore, (a 0 b) J ~ b- J 0 a J for all a. bEG. For simplicity, we shall frequently use the notation of ordinary multiplication to designate the operation in the group. wriling simply ah instead of a 0 h. But it must be emphasized that by doing so we do not assume that the operation actually is ordinary multiplication. Sometimes it is also convenient to write a + h instead of a 0 hand - a instead of a J. bUI this additive notation is usually reserved for abelian groups.
I.
(jroup~
3
The associative law guarantees that expressions such as a 1Q 2' an with aj E G, I ~ j ~ n, are unambiguous, since no matter how we insert parenthcses, the expression will always represcnt the same clement of G. To indicate the n-fold composite of an element a E G with itself, where n E I'll, we shall writean=aa"'a (nfactorsa) if using multiplicative notation, and we call an the nth power of a. If using additive notation for the operation' on G, we write na=a+a+'" +a (nsummandsa). Following customary notation, we have the following rules:
Multiplicative Notationa-n=(a- I )" a lla m = an t m (a")m=a"m
Additive Notation(-n)a=n(-a) na + ma = (n + m)am(na)~(mn)a
For n = 0 E Z, one adopts the convention aO ~ e in the multiplicative notation and Oa = 0 in the additive notation, where the last "zero" represents the identity element of G. 1.2. Examples Let G be the set of integers with the operation of addition. The ordinary sum of two integers is a unique integer and the associativity is a familiar fact. The identity element is 0 (zero), and the inverse of an integer a is the integer - a. We denote this group by Z. (ii) The set consisting of a single element e, with the operation' defined bye' e ~ e, forms a group. (iii) Let G be the set of remainders of all the integers on division by 6-that is, G ~ CO, 1,2,3,4, 5}-and let a b he the remainder on division by 6 of the ordinary sum of a and b. The existence of an identity element and of inverses is again obvious. In this case, it requires some computation to establish the associativity of '. This group can be readily generalized by replacing the 0 integer 6 hy any positive integer n. These examples lead to an interesting class of groups in which every element is a power of some fixed clement of the group. If the group operation is written as addition, we refer to "multiple" instead of "power" of an element. 1.3. Definition. A multiplicative group G is said to be cyclic if there is an clement a E G such that for any bE (j there is some integer j with b = a i . (i)
4
Algchrail.: roundation:;
Such an dement a is called a gel1eralOr of the cyclic group, and we write G = (a).It follows at once from the definition that every cyclic group is commutative. We also note that a cyclic group may very well have more than one dement that is a generator of the group. For instance, in the additive group il. both I and - I arc generators. With regard to the "additive" group of remainders of the integers on division hy 11, the generalil.ation of Example 1.2(iii). we find that the type of operation used there leads to an equivalence relation on the set of integers. In general, a subset R of S X S is called an equivalel1ce relaliol1 on a set S if it has the following three properties:
(a) (', s) E R for all s E S (reflexiGitv). (b) U (s, I) E R, then (c, s) E R (symmelry). (c) U(S,I), (c.u)E R, then (s.u)E= R (cral1siliviZv). The most ohvious example of an equivalence relation is that of equality. It is an important fact that an equivalence relation R on a set S induces a partition of S -that is, a representation of S as the union of nonempty, mutually disjoint subsets of S. If we collect all clements of 5 equivalent to a fixed S E S. we obtain the equiwlel1ce class of s. denoted by[sl~ (I E S:(S.I) E= R}.
The collection of all distinct equivalence classes forms then the desired partition of S. We note that [s J = [I J precisely if (s. r) E= R. Example 1.2(iii) suggests the following concept.
1.4. Definition. For arbitrary integers a. h and a positive integer 11, we say that a is cOl1gruent to h modulo n, and write a'" hmod 11. if the differcnce a - h is a multiple of n -that is, if a ~ h + kn for some integer k.It is easily verified that I'congruence modulo Jl" is an equivalence relation on the set il. of integers. The relation is ohviously rel1exive and symmetric. The transitivity also follows easily: if a ~ h + kl1 and h = c + In for some integers k and I. then a = c +(k 0 1)11, so that a'" hmod 11 and b '" c mod n together imply a '" C mod 11. Consider now the equivalence classes into which the rclation of congruence modulo n partitions the sct il.. These will bc tic scts
[0]
= {
-211, - n.D.I1,2n .... }.-2n+I,-n~I,I.n-I,211,I .... },
[i]=(
[11 - 1] = { .... - n - I. . I. 11 - I. 211 - I. 3n - I, ... }. We may definc on the set ([D].[I]..... [I1-IJ) of equivalence classes a binary
5
operation (which we shall again write as ordinary addition) by
+, although it is eenainly not( 1.1)
[al+[b]~[a th],
where a and h are any clements of the respective sets [aj and [b] and the sum a I h on the right is the ordinary sum of a and b. In order 10 show that we have actually defined an operation-that is, that this operation is wcll defined- we must verify that the image element of the pair ([aj,[h]) is uniquely determined by raj and [b] alone and does not depend in any way on the representatives a and h. We leave thi1:i proof as an exercise. Associativity of the operation in (1.1) follows from the aS1-.ociativity of ordinary addition. The identity clement is [0] and the inverse of [a] is [- oj. Thus the elements of the set ([OJ,ll]..... [n Ij) form a group. 1.5. Uefinition, The group formed by the set ([OJ,[lj.... ,[n -I]) of equivalence clas.ses modulo n with the operation (1.l) is called the group of illlexers modulo n and denoted hy 1'.".
71" is actually a cyclic group with the equivalence class [I J as a generator, and it is a group of order n according to the following definition.1.6, Definition, A group is called finite (resp. illfinile) if it contains finitely (resp. infinitely) many elements. The number of elements in a finite group is called its order. We shall write: CI for the order of the finite group C.Th~rc is a convenient way of presenting a finite group. i\ table displaying the group operation, nowadays referred to as a Cayler IOhle, is constructed hy indexing the rows and the columns of the tahle hy the group clements. The element appearing in the row indexed hy a and the column indexed hy h is then taken to he ah.
1.7.
Example,
The Cayley tahle for the group 1'., is:
~[OJ[0] [0]
[Il[II [21
[21 [2]
[II [Il[21 . [2]
[3]
[3] [4] [3 J [3] [41 [5] [0] [4] [4] [5] [0] [Il [5] [5] [0] [ I ] [2]
[3] [4] [5] [3] [4] [5] [4] [5] [0] [5] [0] [ I][I] [21[2]u
[3] [3] [4]
A group (j ~ontains certain suhsets that form groups in their own rig,ht under the "peration of G. for instance, the subset ([OJ, [2j, [4j} of 1'., is easil:v :,een to have thi:-. property.
Alg,chra:c
roundation~
1.8. Uefinition. II subset fI of the group G is a subgroup of G if 1I is itself a group with re:-.pect to the operation of G. Subgroups of G other than the frivinlsuhgroup.\ {e} and G ihclf are called nontrivial suhgroups of G. One verifie' at once that for any fixed a in a group G. the set of all powe", of a is a subgroup of G. 1.9. Definition. The subgroup of G consisting of all powers of the clement a of G is called the subgroup generated hy a and is denoted by (a). This subgroup is necessarily cyclic. If (a) is finite. then its order is called the order of the clement a. Otherwise. 11 is called an dement of infillite order. Thus. a is of finite order k if k is the least positive integer such that e. Any other integer m with am = e is then a multiple of k. If S is a nonempty subset of a group G. then the suhgroup /I of G consisting of all finite products of powers of clements of S is called the subgroup genCfaled hy S. denoted by /1- (5). If (S) ~ G. we say that S generate., G. or that G is generated hv S. for a positive element n of the additive group 71. of integers. the subgroup (n) is elo~ely associated with the notion of congruence modulo n, since a '" hmod n if and only if a - b'" (II). Thu, the subgroup (n) defines an equivalence relation on 71... This situation can be generalized as follows..
(lA
1./0. Theorem. If H is a subgroup of G. thell the re/otioll R II on G defilled hy (a. h) E R II if and only if a ~ "h for sO/lle h r 1I. is WI equimlellee relaTion.
The proof is immediate. The equivalence relation R If i' called left congruence modulo II. I.ike any equivalence rehnion, it induces a partition of G into nonempty. mutually disjoint suhsets. These subsets ( - equivalence classes) are called the left coselS of G modulo /I and they arc denoted hyall~
{ah: h
C
H}
(or (/ -'- H (a - h: h'" H) if G is written additively). where a is a fixed clement of G. Similarly, there i:-. a decompositilm of G in\{) right coset5 modulo /I, which have the form I/a .. (ha: h E /I). If G is abelian. then the di:-.tinction between left and right cosclS modulo II is unnecessary. 1.11. Example. Let G ~ 71." and let 1I be the subgroup {IO].13j.[6].[9]}. Then the distinct (left) coset; of G modulo 1I arc given by:
[0]1 H ([01.[3J.[6].[9]). [i]+ /I ([il.[4].[7j.[IO]). [2J-II" ([2].[S].{KJ.lJ I]).1./2. Theorem. If /I is a fillile suhgroup of (;. then ,,"err (I"ft or risht) ('oset of G moduln H has the same number of dements as H.
1.
(jroup~
7
1.13. Definition. If the subgroup I/ of G only yields finitely many distinct left eosets of (; modulo I/. then the number of sucb cosets is called the index of fl in G.Since the kft eosets of G modulo I/ form a partition of G, Theorem 1.12 implies the following important result.1.14. Theorem. The order of afinire group G is equal TO rhe producr of rhe order of any subgroup I/ and rhe index of H in G. In parricular, rhe order of H dieides rhe order of G and rhe order of any e1emenr a E G divides rhe order of G.
The subgroups and the orders of elements arc easy to describe for
cyclic groups. We summarize the rdcvant facts in the suhsequent theorem.1.15.(i)
Theorem
Every suhgroup of a ()'Clic group is ,:rdic. /n a finire cvdic group (a) of order m. rhe elemenr a k generares a suhgroup of order m/ged(k. m), where ged(k, m) denores rhe greatesT common dil:isor of k and m. (iii) If d is a posiriee dieisor of rhe order m of a finire ,ydic group (a). rhen (a) conrain; one and on!r one suhgroup of index d. For any posirive didsor f of m. (a) conrains precisely one subgroup of order f. (iv) Ler f he a posiriee dieisor of rhe order-of a finire cvclic group (a). Then (a) conrains ( elemenrs of order f. Here 9(/) is Euler's function and indicaTes the number of integers n with l.:s;;; n .:s; ; f rhar are relarively prime TO f. (v) A finire cyclic group (a) of order m conrains ( m] generarors-rhar is. e1emenrs a' such rhar (a') = (a). The generarors are rhe powers a' wirh gcd( r, m) = 1.
(ii)
n
Proof (i) Let I/ be a subgroup of the cyclic group (a) with 1/ (e). If a" E H. then a "E I/: hence I/ contains at least one power of a with a positive exponent. Let d be the least positive exponent such that a d ,= H. and let a' E H. Dividing s by d gives s = qd + r, 0", r < d. and q. r E 71.. Thus a'(a-d)q = a' E H. which contradicts the minimality of d, unless r = O. Therefore the exponents of all powers of a that belong to Hare divisible by d. and so I/ = (ad). (ii) Put d = gcd( k, m). The order of (a k ) is the least positive integer n such that a'" = e. The laner identity holds if and only if m divides kn, or equivalently. if and only if mid divides n. The least positive n with this property is n = mid. (iii) If d is given, then (a J ) is a subgroup of order mid. and so of index d. because of (ii). If (a') is another subgroup of index d, then its
=
order is m / d, and so d ~ ged( k, m) by (ii). In particular, d divides k, so that a' E (ad) and (a') is a suhgroup of (ad). But since hoth groups have the same order, they are identical. The second part follows immediately because the subgroups of order I arc precisely the subgroups of index m / f. (iv) Let I(a) I ~ m and m ~ df. By (iii, an clement a' is of order I if and only if ged(k, m) = d. Hence, the numher of clements of order lis equal to the numher of integers k with I,;; k,;; m and ged(k, m) = d. We may write k ~ dh with I,;; h,;; I, the condition ged(k, m) ~ d heing now equivalent to ged(h,j) ~ I. The numher of these h is equal to $(/). (v) The generators of (a) are precisely the elements of order m, so 0 that the first part is implied by (iv). The second purt follows from (ii). When comparing the structures of two groups, mappings hetween the groups that preserve the operations play an important role.1.16, Definition. A mapping/: (i ~ II of the group (i into the group 1/ is culled a homomorphism of G into 1/ if I preserves the operation of G. That b. if * and arc the operations of G and 1/, respectively. then I preserves the operation of G if for all a.hEG we huve l(a*h)~/(a)/(h). If. in adctition, I is onto 1/, then I is called an epimorphism (or homomorphism "onto") and 1/ is a homomorphic image of G. A homomorphism of G into G is called an endomorphism. If I is a one-to-one homomorphism of G onto 1/. then/is called an isomorphism und we say that G und 1/ arc isomorphic. An isomorphism of G onto (j is called an tlUlomorphism.
Consider. for instance, the mapping I of the additive group 1L of the integers onto the group 1L" of the integers modulo n, defined hy I(a I ~ ra]. ThenI(a+h) ~ ra+hl~laJ+lhl~/(a)I I(h)
fora,hElL,
and I is a homomorphism. If I: G -. II is a homomorphism and e is the identity clement in G, then ee ~ e implies I( e )J( e) ~ I( e), so that I( e) ~ e'. the identity clement in II. fromaa-'=eweget/(a ')~(/(a))-' forallac(i. The automorphisms of a group G are often of particular interest, partly heeause they themselves form a group with respect to the usual composition of mappings, as can he easily verified. Important examples of automorphisms are the iflller llUlomorphisms. For fixed t1 c- (j, define Ju hy fo(h) ~ aba I for beG. Then la is an automorphi.sm of G of the indicated type, and ",e get all inner automorphisms of G by letting a run through all clements of G. The elements hand aba I arc said to he ('(JIIjugat", and for a nonempty subset S of G the set aSa I ~ (asa -, : .\ C S) is called a conjugale of S. Thus, the conjugates of S arc just the images of S under the ,arious inner automorphisms of G.
(jf()L1P~
9
1.17. Definition. The kernel of the homomorphismf: G G into the group /I is the setkerf~
~
II of the group
(a'=G:f(a) . e'},
where e' is the identity clement in JI. 1,18. Fxampl/(C' U
.'
>.:-
\ ':.
l~
.~'.
i,omorphic 10 Ihe faclor ring /ker Evaluate 1(3) for 1( x) - X 214 -:1. 2 is a prime, ~how that there ar~ exactly two dements il F U- p sueh that a) - 1. Show: if fElix] and 1(0) '" 1( I) '" I mIld 2. then 1 has no ro,'ts in 1. Let p he a prime and 1 E l[xl. Show: l(a)" Omod p holds for all a c 1 if and only if l(x)'" (XC x)g(x) I ph(x) with 1'. h E 1lxl Let p be a prime integer and (' an ekment of the field F. Show that x P - c is irreducihle over F if and only if x" - c has no root in F. Show that for a polynomial I r Fix] of positive degree the followingpuirwis~ rdatively prime. and arbitrary polynomialscondition~ are cquivi;llcnt:
1.45.
(a) I is irredueihle over F: (h) the principal ideal (/) of F[x] is a maximal ideal: (e) the principal ideal (/) of Fix] is a prime ideal. Show the following properties of the derivative for polynomials in FIx]:(a) (h)(c)
(/,-'"(f~)'~
+ I",)'~ I{+ ... j'g'" II":
I~:
(/""/,,,)'~I
'" Ll,"'I, ,/,'/,.,"-/,,,.=- I
1.46.
1.47. 1.48.
For I c FIx) and I' of characteristic 0, provc that j' ~ 0 if and only if 1 is a constant polynomial. If I' has prime characteristic p, prove thatj'=O if and only if/(x)~g(xP) forsomcgE Flxl. Prove Theorem 1.68. Provc that thc nonzcro polynomial I E F[ x] has a multipk root (in some extension field of F) if and only if I and j' arc not relativcly prime.Usc the criterion in the previous exercise to determine whether the
1.49.
41
following polynomials have a multiple root:(a)
f(x)~x'-5x'+6x'i4x-8EOQ[x]
(h) f(x)~x' ex ' 1 x' 1 xJ-IEf,lx] 1.50, The nth derivativef'"' of f C Fix] is defined recursively a, follows: 4 f'"'= 1./'''' ~ namely. all the elements of F. Thu, the given polynomial splits in F in the indicated manner, and it can no! :-:.plit in any smaller field. c::W...:- ar~ now ahle to prove the main t.:haracteriLution thcon:m for finite fields. the leading idea being contained in Lemma 2.4.
2.5. Jheorem (Existence and Lniquenc>s of finite helds). For every prime p and erery positive inlef.{er n there exists a finite field WiTh p" f~ elemen/s. Any jinife field Ifilh q = p" elemenl.\ is isomorphic 10 Ilze s1;jliil;,~ ,field of x q x orer IF p'Proof (F.xiwncfl For q . p" consider x a x in "pix I. ani let I-" he its splitting field over IF p. This polynomial has I distinct roots in F since I in IFplx] and so can h r S implie., by Theorem 1.46 that (a- Iq ~ a' 1>' ~ a- b. and so a- I> c S: (iii) for a. b Eo S and I> ~ 0 we have (al> ,)q a'l> 'I = ab '. and so Ill> 'c S. Hut. on the other hand, x l( - x must split in S since S conwin.. . all its roots. Thus F = S. and since S has q elements. F i, a finite fidd with q elements. (Uniqueness) Let F be a finite field with q p" elemenl>. Then F has characteristic p by Theorem 2,2 and so contain.;,lF p a~ a ...uhfield. It follows from Lemma 2.4 that F is a splitting field of \"" -.' o,er ~ p' Thu, the desired result is a consequence of the uniquene~." (up !l) isomorphisms) of splitting fields, which was noted in Theorem 1.91. .1
The uniquene.:ss part of Theorem 2.5 provides the ju~tification for speaking of rhe finite field (or rh" Galois field) with q element;. M of I!I" finite field (or rhe Galois field) of order q. We shall denote thi, field hy If". where.: it i~ of course understood that q is a power of the prime characterisl it' p of Fa' The notation (iF(q) is abo used by many authors.q2.6. Theorem (Subfield Criterion). Ler} q I", Ihe fill ire field wah pI/ elen/ems. Then el;ery suhjhdd of IF" has order p'''. where m is a fO'ii{in'
=
divi'ior of 11. Convene/)'. if m is a fosiffl:e diuSOf of 11. {hen (here is eXl1l'fl)' one wl>field of F" wirh p'" elemellls.
Proof. It is dear that a subfidd K of IF q has order pm for some positive integer m :;;; II. Lemma 2.1 shows that q ,- pll must be a pow~r of pn,. and so In is neces~arily a divisor of n. Conversely. if In b a positive divisor of fl, then pm - 1 divides pi' - I.
and ~() Xf'~1 1 -I dividct' x p "' 1 I in iF-vrx]. Consequently. x P "'.- x divides x P " - x "x" - x in IF{,lx J. Thu~. every root of ),./,." - x is a root of Xii - x and so hehmgs to ~ q' It follows that '-" must contain as a subficld a splitting field of x p " x over IF p' and as wc have seen in the proof of Theorem 2.5. such a splitting field has order p"'. If there were two distinct suhfields of order pm in IF q' they would together contain more than pm fools of X p'~ - Xin IF J/K(IX, ..... a n ,) ~ det(A)'.
The following result is now implied by Theorem 2.37.
Fq"'
Ol,",
2.38. Corollary. Let a, ....."m Fq if and only if a, al a,
E
Fq.... Then {a, ..... a m} i, u hu,i, of am q amI
(Xi
O.
;
I a,
I and q ~ 2. This inequality is im.:ompatihlc with the
~tatement
6. Wedderhurn\ Theorem
1>7
that Q"(q) divides q - I. Hence we must have theorem is proved.
II ~
I and D = 7, and the 0
Before we start with the second proof of Wedderburn's theorem, we establish some preparatory results. Let D be a finite division ring with center 7, and let F denote a maximal sllbfield of D; that is, F is a subfic1d of D such that thc only subfield of D containing F is F itself. Then F is an extcnsion of Z, for if there were an element: E Z with z ff- F, we could adjoin: to F and obtain a subfield of D properly containing F. from Theorem 2.10 we know that F ~ 7( 0, where ~ E F* is a root of a monic irreducible polynomial f E Z[xl. If we view D as a vector space over F, then for each a ED the assignment Ta ( d) ~ da for d E D defines a linear operator '1~ on this vector space. We consider now the linear operator 7i. If d is an eigenvector of T" then for some A E F* we have d~ = Ad. This implies d~d A and hence dF*d" ~ F*, thus dE N( F*), the normalizer of 1'* in the group D*. Conversely, if d E N( F*), then d~d '~A for some A E F*. and so d is an eigenvector of 7(. This proves the following result.
'=
2.56. Lemma. if dE N( 1'*).
All elemenf d
EO
D* is
1111
eigmGector of 'Ii if alld ollly
Let A be an eigenvalue of 7( with eigenvector d, then d~ ~ Ad. It follows that ~ df(O ~ f(A)d, hence A must he a root of f. If do is another eigenvector corresponding to the eigenvalue A, then dod 'Add o ' ~ A. and so the element b = dod ' commutes with A and, consequently, with every element of F~ 7(A). Let P be the set of all polynomial expressions in h with coefficients in F. Then it is easily checked that P forms a finite integral domain, and so P is a finite field by Theorem 1.31. But P contains F, and thus P ~ F by the maximality of F. In particular, we havc hE F, and since do ~ hd, we conclude that every eigenspace of T( has dimension 1. We use now the following result from linear algebra.
2.57. Lemma. Let T be a linear operator on the finite-dimensional veCTOr space V OGer the field K. [hen V has a basis consisting of eigenGectors of T if and onlv if the minimal polynomial for [splits in K infO distincI monic linear factors.
Since frO ~ 0, the polynomial f annihilates the linear operator T". Furthermore, f splits in F into distinct monic linear factors by Theorem 2.14. The minimal polynomial for T" dividesf, and so it also splits in F into distinct monic linear factors. It follows then from Lemma 2.57 that D has a basis as a vector space over' F consisting of eigenvectors of "It. Since every eigenspacc of T( has dimension 1. the dimension m of D ovcr F is equal to the number of distinct eigenvalues of T". Let ~ ~ ~" ~, ..... L bc thc distinct eigenvalues of 7( and let I ~ d" d" .... d m bc corresponding eigenvectors.
Structure of }-in:tc Fields
Because N( F*) is closed under multiplication. it follows from Lemma 2.56 that d,d i must correspond to an eigenvalue~,. say, and hence d,dJ~ ~~, d,dl' Using dJ~ ~ ~idi' we ohtain d'~J ~~, d,. or d/Jd, I.~ ~,. This shows that for eal:h i, 1 ~ i ~ m. the mapping that takes ~j to di~jdl I permutes th~ eigenvalues among themselves. Consequently, the coefficients of K(X) c. (x - ~,) ... (x - ~m) commute with the eigenvectors d" d, ... .,d m of T". Since the coefficients of K ohviously belong to F and thus commute with all the clements of F, they commute with all the elements of D. since these can he written as linear comhinations of d ,. d 2 , ... d.1I with coefficientt, in F. Thus the coefficients of g arc elements of the center 7. of D. Since g( ~) ~ O. Lemma 2.12 implies that / divides~. On the other hand. we have already observed that every eigenvalue of 1i must he a root of /. and so / ~ g. It follows thatl F: 7. J - lZ( 0: Zj ~ deg( j) ~ m. :"ow m is also the dimension of Dover F, and so the argument in the proof of Theorem I.X4 shows that D is of dimcnsion m~ over 7.. Since thc lattcr dimension is independ~nt of 1". we conclude that every maximal subfield of D ho> the same degree over L. We state this result in the following equivalent form.1.58.Lemma.All maximal suh/ield, a/ D hal'. Prove also that x' x +4 is irreducible over 0: 11 and show that If "Ix \/( x' + I) is isomorphic to If:dxll(x' , x +4). Show that the :-.um of all dements of a finite field is 0, except for IF l . I.et U, be elements of 0: r. n odd. Sbow tbat u' - ab + h" ~ 0 implies a ,. h ~ O. Determine all primitive clements of IF 7' Determine all primitive clements of 1F]7' Determine all primitive clements of IF'!. Write all elements of IF 25 as linear comhinations of hasis clements over 0:,. Then find a primitive clement fJ of 0:" and determine for each 0: E IF Ii the least nonnegative integer II such that a = If the elements of arc represented as powers of a fixed primitive element h 2, we stan from theprime factor decompositionqffl_1 ~i _.
n P;"I
for 11 din
Proof We apply the multiplicative case of the Moebius inversion formula to the multiplicative group G of nonzero rational functions over K. Let h(n) ~ Q"(x) and 1I(n) = x' - I for all n E N. Tben Theorem 2.45(i) shows that (3.6) is satisfied. and so (3.7) yields the desired result. 0
2.
lrrl'uu~ihlc
Polynomiab
H5
3.28.
Example.
For fields K over which Q" is defined. we havc
Q,,(x) ~
n (X"/d .. I)"'dldl12 _
~ (x" -I)"'(x' - 1)"'''(x 4
I)" I, we set em = cm_ 1 = ... = cm-~+2 = 0 and cm_$~ 1 = 1.
3.42. Example. Let 0 E IF64 be a root of the irreducible polynomial x' + x + I in 1F,[x]. For 13 = 0' + O we havef3o~
1
13 ' ~
0'+0
f3'~ I +0 + 0'+ 0' f3'~ 0+0'+0'
13= 13'=1Therefore, the matrix
+0 +0'+0 f3'~1+0+02 +0
0 + 0'
B is given byI 0 1 0 0 I I 0 0 I I I 0 I
0 0 0 0 0 I I 0 I I 0 0 B= I I 0 0 1 0 I 0 0 I I 0 I 0 1 o; and its rank is r = 3. Hence., ~ m + I - r = 4, so that we set c, = c, = c. ~ 0, c, = l. The remaining coefficients arc determined from (3.10), and this yields c, ~ I, c, = O. Co = I. Consequently, the minimal polynomial of 13 over1F2isg(x)~x'+x'+l.D
Still another method of determininK minimal polynomials is based on Theorem 3.33(v). If we wish to find the minimal polynomial g of 13 E IF qm
95
over IF,. we eakulate the power" {3. fl'. {3". ... until we find the least po,ilJve integer d for which {3'" ". {3. Thi, integer d is the degree of g, and g it'elf i, given byg(x)~(x-{3)(x-{3')",(x-{3q'
'j.
1 he clements {3. fl", .. ,fJ"" , are the distinct conjugates of {3 with respect to ~ q' anJ g is the minimal polynomial ovcr IF q of all these elements. 3.43. Example. We compute thc minimal polynomials over IF, of all elements of IF ",' Let 0 f' IF 16 he a root of the primitive polynomial x 4 + x + I over !F 2' so that every nonzero clement of IF 16 can be written as a power of O. We have the following index table for IF 16:
0'
oI
0'1+0' 0 - 03 10 i 1+0 + 0' 110+0',0' 12 I-O~O'+O' 13 1+0'+0 3 14 1+ 0 3 8 9
I
2 3 4 5 67
0 0' 0' 1+0 0 + 0'
0' + 0 31-0+0 3
The minimal polynomiab of the clements
f3
of IF It> over IF;! are:
{I
(I
0: I:~
g,(x)~x. g,(x)~x+1.
fl
0:
the Jistinet conjugates of 0 with respect to IF, are 0,0',0 4 ,0'. and the minimal polynomial is
g,(x)=(x-O)(x-0')(x-0 4 )(x-0')
fl
~ 0':
+ 1. The di'tinct conjugates of 0' with re'pect to IF, are 0'.0'.0 1',0 240 0'. anJ the minimal polynomial isX
= x4 +
g4(X) = (x - O')(x - 06)(X - 8')(x - 8 1' )
{3
~
8':
x 2 -:- x + 1. Since fJ4 ~ {3. the Jistinct conjugates of this clemcnt with respect to IF, arc 0'. 8 10 and the minimal polynomial is-
= x4 + X 1
g, (x) ~ (x - 8')( x - 8 10 ) ~ x' + x + I.
/i
0':
The distinct conjugates of 8 7 with respect to IF, arc 0",0'4, 0" ~ 0\.'. 8" ~ 8 11 , and the minimal polynomial is
g, ( , )
(x -
0 7 )(.\l
-
8 '1 )( X
-
8 13 )( X
-
8 14 )
=x 4 _x +l.
96
Polynomial~ over
Finite
hcld~
These elements, together with their conjugates with respect to IF ,. exhaustiF ](>.LJ
I\n important problem is that of the rJelermil1alion of primitive polynomials. Onc approach is hased on the fact that the product of all primitive polynomials over IF q of degree m is equal to the cyclotomic polynomial Q, with e ~ qm - I (sec Theorem 2.47(ii) and Excreise 3.42). Thcrcfore. all primitive polynomials over IF q of dcgree m can he determined by applying one of the factorization algorithms in Chapter 4 to the cyclotomic polynomial Q,. Another method dcpends on constructing a primitive clement of IF q" and then determining the minimal polynomial of this clement ovcr IF q by the mcthods described above. To find a primitive element of IF q_' one sturts from the order qm - I of such an element in thc group IF:., and factors it in the form qm -I ~ h, ... h" where the positive integers h, .... ,h, arc pairwise relatively prime. If for each i. I ~ i ~ k. one can find an element XI E IF;~. of order hi' then the product 0: 1'" a" has order qm -1 and is thus a primitive element of IF I is 5ymbolically irreducihle over Fq if the only symbolic decompositions 1.( x) = I.,(x) L,( x) with q-polynomials L, (x), 1.,( x) over F" arc those for which one of the factors has degree I. A symbolically irreducihle polynomial is always reducihle in the ordinary sense since any linearized polynomial of degree > I has the nontrivial factor x. By using l.emma 3.59, one shows immediately that the q-polynomial L(x) is symholically irreducible over Fq if and only if its conventional q-a'Sociate I(x) is irreducible over Fq' hery q-polynomial L(x) over F q of degree> I has a symbolic !aclorizalion into symholically irreducible polynomials over F q and this factorization is essentially unique, in the sense that all other symholic factorilations arc obtained by rearranging factors and by multiplying fac-
tors by nonzero clements of IF q" Using the:
corrcspond~nce
between lin-
earized polynomials and their conventional q-associatcs. DOl: sees that the symholic factorization of I.(x) is obtained by writing down the canonical factorization in !' "Ix J of its conventional q-associate I( x) and then turningto
lineari7.ed q-associatcs.
3.64. Example. Consider the 2-polynomial L(x) ~ x"" x' x' + x over !F:. Its of I.(x). then
L(x)~
fi (-
n,'vi
(x-/3)'"~
for some nonnegative integer k. Since MI.(x)" ."
(/I": /I to
M). we ohtain
IIfir11
(x'-!3")"' ~
nf1~'Af
(x'-IJ}'I' ~ I,(x"),
110
Polynomials over hnit(' Fields
IfL(x) ~
L1=0
n
a,xq'.
then
Li=O
n
aixq''~l.(x)q~L(xq)~I
L0E:
n
a,x q"
so that for 0 ~ i:E; n we have a? = q-polynomial over I' q'
(Xl
and thus
(XI
IF q" Therefore, /J(x) is a D
Any q-polynomial over I' q of degree q is symholieally irreducible over I' q' for q-polynomials of degree > q, the notion of q-modulus can be used to characterize symbolically irreducible polynomials.
3.66. Theorem. The q-polynomial L (x) over I' q of def!,Yee > q is symholically irreducible over I' q if and only if I. (x) has simple roots and the q-modulus M consisting of the roots of L(x) contains no q-modulus olher than (OJ and M itself. Proof Suppose l.(x) is symbolically irreducible over ff'q. If L(x) had multiple roots, Ihen Theorem 3.65 would imply that we could write l.(x)~ L,(x)q with a q-polynomial L,(x) over ff'q of degree> I. But then l.(x) . xqL,(x). a contradiction to the symbolic irreducibility of l.(x). Thus l.(x) has only simple roots. Furthermore, if N is a q-modulus contained in M, then Theorem 3.65 shows that 1.,(x)~II#, N(X-f3) is a q-polynomial over ~ q' Since l.,.(x) divides L(x) in the ordinary sense, it symbolically divides L(x) by Theorem 3.62. But L(x) is symbolically irreducible over I'q' and so deg( L,( x must be either I or deg( L(x)); that is, N is either (OJ or M. To prove the sufficiency of the condition. suppose that L(x) = L,(x) I.,(x) is a symbolic decomposition with q-polynomials L,(x). L,(x) over ~ q' Then l.,(x) symholically divides L(x). and so it divides l.(x) in the ordinary sense by Theorem 3.62. It follows that L,(x) has simple roots and that the q-modulus N consisting of the roots of L,(x) is contained in M. Consequently, N is either (OJ or M. and so deg(l.,(x) is either I or deg(L(x)). Thus, either l.,(x) or l.,(x) is of degree I. which means that L(x) is symbolically irreducible over ff'q. D.~.67. Definition. Let L( x) be a nonzero q-polynomial over I' q"' A root l of L(x) is tailed a q-primi(ir~e root over IF t(" if it is not a root of any noo7cro q-polynomial over i'" of lower degree.
Tbis concept may also be viewed as follows. Let g(x) be the minimal polynomial of Z; ovcr 1'." Then Z; is a q-primitive root of l.(x) over ff'q_ if
4. I ,incaril.cd Polynomiab
III
and only if g(x) divides L(x) and g(x) docs not divide any nonzero q-polynomial over I' q. of lower degree. Given an elementl' of a finite extension field of I' q"" one can always find a nonzero q-polynomial over I' q. for which l' is a q-primitive root over I'q"" To sce this. we procced as in the construction of an affine multiple. Lct g(x) bc the minimal polynomial of l' over I'q let n be the degree of g(x). and calculate for i ~ O.I ..... n the unique polynomial r,(x) of degree ~ n-I with x q ' = r,(x) mod g(x). Then determine elements a, E I' q.' not all O. such that [7-0 a,r,(x) ~ O. This involves n conditions concerning thc vanishing of the coefficients of Xl. 0 ~ j ~ n -I. and thus leads to a homogeneous system of n linear equations for the n + 1 unknowns aD_ a l .. ll:n' Such a system always has a nontrivial solution. and with such a solution we gctL(x)~
L/"" 0
n
a,x q '=
Li=O
n
a,r,(x)=Omodg(x).
so that l.(x) is a nonzero q-polynomial ovcr I'q_ divisible by g(x). By choosing the ", in such a way that L(x) is monic and of the lowest possible degree. one finds that l' is a q-primitive root of L(x) over 1'. It is easily seen that this monic q-polynomial l.(x) over I'q. of Icast positive degree that is divisible by g(x) is uniquely determined; it is called the minimal q-polynomial of l' over I' qm.3.68. Theorem. l.ell' be an element of a finile eXlellsion field of 1'". and leI M(x) be its minimal q-po(ynomial ocer I'q-. Then a q-polyllomial K(x) DCer I'q"' has l' as a root if and only if K(x) ~ L(x)0M(x) for some q-polynomial L(x) over I'q . In particular. for Ihe case m ~ I Ihis means Ihal K(x) has l' as a rOOI if and only if K(x) is symbolically dicisihle hy M(x). Proof If K(x) = L(x)0M(x) that K(l') ~ O. Convcrscly. let~
L(M(x. it follows immediately
M(x) =
, LJ=O
YjX q ,
with Y, = I
and supposeK (x) ~
Lh""'O
"hXq'
with r :;,
I
has l' as a roo!. Put s ~ r -
I
and Y,
=
0 for j < O. and consider the followir.g
112
Polynomiab over Finite rields
system of s
+I
linear equations in the s + I unknowns {3o'{3" .... {3,:{3u+Ylq-tf3l+yl2f32+'"PI
+y,q'sq
f3~=o,
" +
q' " v1,-]""2
+... + vIt
' 5 t tPj - U (- t ,,-
" q' '" . , + y,-,
f3s =
Or
It i' clear that this system has a unique solution involving elements (3o,{3" ... ,{3,oflF q _. WithL(x)~ 'L{3,x q, 0
and
R(x)=K(x)-I.(M(x))
we get
=
"- 0hX h..,.U
"
q"" "" Y,q' q'""- P, ",-0 J-O X
h=U
t (Uh-t y:~,{3,')Xq,1-'-0
It follows from the system ahove that R( x) has degree < q'. But since R(I;) ~ K(I;) - 1.( M(~)) ~ 0, the definition of M(x) implie, that R(x) i' the zero polynomial. Therefore, we have K(x) ~ L( M(x)) ~ L(x)M(x). LJ
We consider now the problem of determining the number Nl. of q-primitive roots over IF q of a nonzero q-polynomial/.(x) over IF q If L(x) has multiple root', then by Theorem 3.65 we can write L(x) ~ L,(x)q with a q-polynomial/.,(x) over IF q Since every root of L(x) is then also a root of L,(x), we have Nl. ~ O. Thus we can assume that L(x) has only simple roots. If I.(x) has degree I, it is obviou, that NJ ~ L If L(x) has degree qn > I and is monic (without loss of generality), letL(x) ~ L,(x)'"\ "v
L,(x) ... I.,(x) L,(x)-' '-y-"-----'
e,
be the symbolic factorization of L(x) with distinct monic symbolically
,, ,"
I ,
113 ,
.
,
irrcducible polynomials L,(x) over IF q' We obtain Nl. by subtracting from th~ .. total number q" of roots the numbcr of roots of L(x) that are already roots' .. of somc nonzero q-polynomial over IFq of degree < q", If I is a root of I,(x) of thc lattcr kind and M(x) is the minimal q-polynomial of lover IF q then deg(M(x)) < q" and M(x) symbolically divides L(x) by Theorem 3,68. It follows that M(x) symbolically divides one of the polynomials K,(x). I,,; i,,; r. obtaincd from the symbolic factorization of L(x) by omitting thc symbolic factor I,,(x). in which case K,(n ~ 0 by Theorem 3.68. Since every root of K,(x) is automatically a root of L(x). it follows that NL is qn minus the number of I that arc roots of somc K,(x). If qn, is the degree of L,(x). tben the degree. and thus tbe number of roots. of K,(x) is qn n,. If i ,..... i, are distinct subscripts. then thc numbcr of common roots of K, ,(x)..... K,(x) is equal to the degree of the greatest common divisor. , which is thc same as the degree of the greatcst common symbolic divisor (see the discussion following Example 3.64). Using symbolic factorizations. one finds that this degree is equal toqll11" .. -11,
Altogether. the inclusion-cxclusion principle of combinatorics yiclds
,
N,.=ql1_ Lql1 11,+1.,..,1 1~I
L< J"" r
qn 11, I1,T ... +{_l)rqn-nl "'-11,
=qn(I_q-n') .. (I_q-n,).
This exprcssion can also bc interpreted in a different way. Let l(x) be the conventional q-associate of L(x). Thenl(x) = l,(x)" l,(x)e.
is the canonical factorization of l(x) in IFqlx]. where l,(x) is the conventional q-associate of L,(x). Wc dcfinc an analog of Euler's -function (see Exercise 1.4) for nonzero f E IF qlx 1by letting q(j(x)) ~ /fl denote the number of polynomials in IF ql x 1 that are of smaller degree than f as well as rclatively prime to f. The following rcsult will thcn imply the identity N L ~ q(l(x)) for thc casc undcr considcration.3.69. Lemma. The function q defined for nonzero polynomials in
IF q[ x 1has the following properties: (i)(ii)
(iii)
q(j) = I if dcg(j) = 0: q(jg) ~ /flq( g) wheneGer f and g are relatiGely prime: if deg(j) ~ n.", 1. then q(f) = qn(l_ q-n,)." (1_ q-n,). where the n, are the degrees of the distinct monic irreducible polynomials appearing in the canonical factorization off in IF qlx].
114
Polynomials over Finite Fields
Proof Property (i) is trivial. For property (ii). lot q(j) ~ sand q(g) ~ I, and let f, .... .[, resp. g, ... ,g, be the polynomials counted by /f) resp. q,q(g). [f h E IFqlx] is a polynomial with deg(h)" deg(jl() and gcd(jl(,h)~I. then gcd(j,h)~gcd(l(.h)=I. and so h=[,modf. h= I(jmod I( for a unique ordered pair (i. j) with [" i "s, [" j " I. On the other hand, given an ordered pair (i, j). the Chinese remainder theorem for IFq[x] (see Exercise 1.37) shows that there exists a unique hE IFq[x] with h [,mod f. h gjmod g, and deg(h) " deg(jl(). This h satisfies gcd(j, h) ~ gcd(l(. h) = I. and so gcd(jl(. h) = I. Therefore. there is a one-to-one correspondence hetween the sl ordered pairs (i, j) and the polynomials hElFq[x] with deg(h)q(f)q(I(). For an irreducible polynomia[ b in IFq[x] of degree m and a positive integer e. we can cakulate q(b') directly. The polynomials h ElF q[x] with deg(h) < deg(h') ~ em that are not relatively prime to h' are exactly those divisible by b, and they are thus of the form h = I(b with dcg(I() < em - m. Since there are q,m-m different choices for g. we get q(b') = q,m _ q,m m = q,m( I - q m). Property (iii) follows now from property (ii). D
=
=
3.70, Theorem, LeI L (x) be a nonzero q-polynomial ocer IF q with conventional q-associale I(x). Then Ihe numher NL of q-primilive rools of I.(x) over IF q is given by NL ~ 0 if L(x) has multiple roots and by N I, = "'q(f(x if L(x) has simple rOOls.
Proof~.
This follows from Lemma 3.69 and the discussion preceding D
3.71. Corollary. Every nonzero q-polynomial over IF q wilh "imple rooa has at least one q-primililJe root over IF q"
Earlier in this section we introduced the notion of a q-modu[us. The results about q-primitive roots can be used to construct a special type of basis for a q-modulus.3,72. Theorem. Let M be a q-modulus of di,!,ensio~ ":' '" I over IFq Then Ihere exiSlS an element I: E M such thaI {1:.l:q.l:q ,. .. I:q ) is a basis of M ocer IF q"
Proof According to Theorem 3.65. L(x) ~ np , M(X - (3) is a qpolynomial over IF q By Corollary 3.7[, L(x) has a q-primitive root I: over IF q Then 1:,l:q.I: I and the hypothesis about this binomial, it follows that y is not an element of I'q' and so there exists a root a of fIx) that is not an element of IF q Then a q ~ a is also a root of fix) and, by what we have already shown, a' - a is a root of the irreducible polynomial X,-l - a over 1'" so that [l'q(aq-a):lFq]=r-\' Since IFq(a'-a)~IF' 2, this is only possible if m ~ r - \. Thus the minimal polynomial of a over IF, is an irrcducible polynomial ovcr IF q of degree r -I that dividesf(x). The result follows now immcdiately. D
~
Binomial!;, and Trinomials
1~1
In the special case of prime fields, one can eharacteri7.c the primitivc polynomials among trinomials of a certain kind.J,84, Theorem, For a prime p, the trinomial x P - x - a to IF x Jis a
rr
primitive po~vllomial over IFp if and only if a is a primitive element of IFp andord(xP-x-I)~(pP-I)/(p-I).
Proof Suppose first that [(x) ~ x P - x - a is a primitive polynomial over IFp Then a must be a primitive clement of IFp because of Theorem 3.18. If f3 is a root of g(x) ~ x P - x - I in somc extension field of IFp' then
o ~ ag(f3) ~ a({3P -
f3 -I) = a P - af3 - a ~ [(af3). f3P
and so af3 is a root of [( x). Conscquently, we have {3' '" I for 0 < r < (pP-I)/(p-I), for othcrwise ,,'(P t'~1 with O k;, I, q evcn, has multiple roots if and only if nand k arc both even. Prove that the degree of cvcry irreducible factor of xl" + x + I in 1F,[x] divides 2n. Prove that the degree of every irreducible factor of x''' , ~ x + I in 1F,[x] divides 3n. Recall the notion of a self-reciprocal polynomial defined in Exercise 3.13. Prove that if f E 1F,[x] is a self-reciprocal polynomial of positive degree, then f divides a trinomial in IF,lxj only if ord(f) is a multiple of 3. Prove also that the convcrse holds if f is irreducible over !F2' Prove that for odd dEN the cyelotomie polynomial Qd E 1F,[x] divides a trinomial in 1F,[x] if and only if d is a multiple of 3. Let f(x) = x" + ax' + b E IFqlxj, n > k;, I, be a trinomial and let mEN be a multiple of ord(f). Prove thatf(x) divides the trinomialg(x)~xrn '+b-'x"-'+ab
3.87. 3.88.
3.89.
3.90. 3.91. 3.92. 3.93.
3.94. 3.95.
'.
3.96. 3.97.
Prove that only if n = Prove that only if n =
the trinomial x'" + x" + I is irreducible over IF, if and 3' for some nonnegative integer k. the trinomial x 4n + x" + I is irreducible over IF 2 if and 3'5 rn for some nonnegative integers k and m.
Chapter 4
Factorization of Polynomials
Any nonconstant polynomial over a field can bc expressed as a product of irreducible pOlynomials. [n the case of finite fields, somc reasonably efficient algorithms can be devised for the actual calCulation of thc irrcducible factors of a given polynomial of positive degree. The availability of feasible factorization algorithms for polynomials over finite fields is important for coding theory and for the study of linear recurrence relations in finite fields. Beyond the realm of finite fields, there are various computational problems in algebra and number theory that depend in one way or another on the factorization of polynomials over finite fields. We mention the factorization of polynomials over the ring of intcgcrs, the determination of the decomposition of rational primes in algebraic numbcr fields. the calculation of the Galois group of an equation over the rationals, and the construction of field extensions. We shall present several algorithms for the factorization of polynomials over finitc fields. The decision on the choice of algorithm for a specific factorization problem usually depends on whether the underlying finite field is "small" or "large." In Section I we describe those algorithms that are better adapted to "small" finite fields and in the next section those that work belter for "large" finite fields. Some of these algorithms reduce the problem of factoring polynomials to that of finding the roots of certain other polynomials. Therefore. Section 3 is devoted to the discussion of the latter problem from the computational vicwpoint.
130
Fal:ton1.ation of
Pol~momials
1.
FACTORIZATION OVER SMALL FINITE FIELDS
Any polynomialf E IFqlx] of positivc degrce has a canonical factorization in IFqlx] by Theorem 1.59. For the discussion of factorization algorithms it will sufficc to consider only monic polynomials. Our goal is thus to express a monic polynomial f E IF .[x] of positive degrce in the formf~f,"f:'.
(4.1)
wherc f\ .... ./k are distinct monic irreducible polynomials in IFqlx] and e I" .. , ek are positive integers. First we simplify our task by showing that thc problem can be reduced to that of factoring a polynomial with no repeated faclOrs. which means that the exponents e\ ..... ek in (4.1) are all equal to I (or. equivalently. that the polynomial has no multiplc roots). To this cnd. we calculated(x) = gcd(f(x).j'(x.
thc greatest common divisor of fix) and its derivative. by thc Euclidean algorithm. If d(x) ~ I. then we know thatf(x) has no repeatcd factors becausc of Thcorem 1.68. If d(x) ~ fix). we must have f'(x) = O. Hcnce fix) = g(x)P. wherc g(x) is a suitable polynomial in IFqlxJ and pis thc characteristic of IFq. If necessary. the reduction process can be continucd by applying the method to g( x). If d(x) = I and d(x) = f(x). thcn d(x) is a nontrivial factor of fix) andf(x)/d(x) has no repeated factors. The factorization off(x) is achievcd by factoring d(x) andf(xJld(x) separately. In casc d(x) still has rcpeated factors. further applications of the rcduction proccss will havc to bc carriedout.
By applying this process sufficiently often. the original problcm is reduced to that of factoring a certain number of polynomials with no repeated factors. The canonical factorizations of these polynomials lead directly to the canonical factorization of the original polynomial. Therefore. we may restrict the attention to polynomials with no repeated factors. The following theorem is crucial.4.1. Theorem. h q ", hmodf. then
If f
E
IFqlx] is monic and
hE
IFqlx] is such that (4.2)
fix) ~
n gcd(f(x). h(x)-c).eE IF q
Proof Each greatest common divisor on thc right-hand side of (4.2) divides fix). Since the polynomials h(x)- c. c E IF q are pairwise relatively prime. so arc the greatest common divisors withf(x}. and thus the product of these greatest common divisors divides fix). On the other hand. fix)
l. Factor1lation oVI,.'r Small Finite FiL'1d:,
131
divides
h(x)q-h(x)=
c E= nq
n (h(x)-c),
and sof(x) divides the right-hand side of (4.2). Thus, the two sides of (4.2) are monic polynomials that divide each other, and therefore they must be equal. D In general, (4.2) does not yield the complete factorization of f since ged(f(x), h(x)- c) may be reducible in IFq[x]. If h(x) '" cmodf(x) for some c E IF q' then Theorem 4.1 gives a trivial factorization of f and therefore is of no use. However, if h is such that Theorem 4.1 yields a nontrivial factorization of f, we say that h is an f-reducing polynomial. Any h with II" '" hmodf and 0< deg(h) < deg(f) is obviously f-redueing. In order to obtain factorization algorithms on the basis of Theorem 4.1. we have to find methods of constructing f-reducing polynomials. It should be clear at this stage already that since the factorization provided by (4.2) depends on the calculation of q greatest common divisors, a direct application of this formula will only be feasible for small finite fields IF q The first method of constructing f-redueing polynomials makes usc of the Chinese remainder theorem for polynomials (see Exercise 1.37). Let us assume that f has no repeated factors, so that f = f, ... fA is a product of distinct monic irreducible polynomials over IF q . If (c" .. .,c,) is any k-tuple of elements of IF", the Chinese remainder theorem implies that there is a unique h E IF qlx] with h(x) '" c, mod j,(x) for I {o and X
L:("{. x)I' = >{(I)q ~ q. and (5.15) is estahCJ lished. The study of the hchavior of Gaussian sums under various transformations of the additive or multiplicative character leads to a number of useful identities.
5.12. Theorem. followinf( properties:(i)
Gaussian sums for the finite field IFq satisfy the
G(>{,Xab)=>{(a) G(f'Xh)foraEIF;.bElFa;G(f,X)~1f(-I)G(f:X2~
(ii) (iii) (iv) (v)
G(.r,X)~Ji;(-I)G(>{.X): G(>{.X)G(.r.X)~"'(-I)qforf=fo.X=x,,; G( ",p. Xh) = (i( >{, XOl bl) for b e: IF q' where p is the charactaisTic
of lF a and a( h) = hP. Proof(i) for,'Eo
lFa we have Xah(c)
~ x,(ahc)'~
Xh(ac) hy the
17{)
Exponential SUI11:'
definition in Theorem 5.7. Therefore,
Now set
a(' ~
d. ThenG(",Xuh)~
den;
L
>/;(a'd)x,,(d)
. >/;(a ')
Ld t: n~
>/;(d)Xh(d)
~ >/;(a) G(>/;.Xh)'
(ii) We have X~XI, for a suitable hFf. and X')~Xh(-c)'~ X h( c) for cEo f q' Therefore. by using (i) with a ~ - I and noting that ,,(- I) ~ 1. I. wc gctG(".X)~G(".X ,,)- >/;(-1) G(>/;,Xh)~>/;(-I)G(>/;.X).
,,(
(i~follows from (ii) that G(f. X) ~ f( - I)G(';'. X) = I)G(';'.X) (iv) By _combining (iii) and (5.15), we obtain G(1J"x)G(f,x)~
y( . I)G(l!q)G(';', X) ';'(-I)IG(1J"x)['~';'(-I)q.(v) Since Tr(a) ~ Tr(a P ) for a E f q by Theorem 2.23(v), we have :1:,(11) ~ x,(a P) according to (5.6). Thus, for c Eo f q we get Xb(c) ~ x,(bc) = x,lliP('P) ~ X",,,ICP), and '0G(>/;P,Xh)~
I:(" f-IF";
';'P(C)xh(C)~
L(" E:-IF~
1J,(C P )xQ'h'(C P),
But
('P
run,
through~; as
c runs through
f;. and thc dcsircd result follows.o
S.U. Remark. In connection with thc properties above, the value.;,( - I) is of interest. Wc obviously have 1{( -I) ~ I. Let m be the order of';': that is, m is th~ least positive integer such that tP rn = t/;o. Then m divides q - 1 ~incl:: \f;iI I Yo' The values of \f are mth roots of unity; in particular, - I can only appear as a value of y if m is even. If X is a primitive clement of IF q' then >/;( K) ~ I. a primitive mth root of unity. If m is even (and so q odd), then >/;( . I) ~ "U".-I,n) ~ I,q '1/'. which is - I precisely if (q - 1)/2 '" m /2 mod m. or. equivalently. (q 1)/ ttl" I mod 2. Therefore. YI - 1) ~ - I if and only if ttl is even and I q .. 1)/ ttl is odd. In all other ca,es we haveY(1)~1.
U
Gaussian sums occur in a variety of contexts, for example in the following. Let y bc a multiplicative character of f q : then, using (5.10). we
may writc
1
(jau~sjan
Sum:,>
171
for any c E IF;. Therefore,I _ ~(c)~ - LG(~,X)x(c) q x
forcEIF;.
(5.16)
where the sum is extended over all additive characters X of IF q' This may be thought of as the Fourier expansion of>} in terms of the additive characters of IF q' with Gaussian sums appearing as Fourier coefficients. Similarly, if X is an additive character of IF q' then. using (5.13), we may write
~_I-I L>}(c) L f(d)x(d)q~de:lf-;
forcEIF;'
Thus we obtain
X(c)
=
-I I " ..,G(>},X)>}(c)
q-
~
for
C
E
IF;,
(5.17)
where the sum is extended over all multiplicative characters ~ of IF q' This can be interpreted as the Fourier expansion of the restriction of X to IF; in terms of the multiplicative characters of IF q' again with Gaussian sums as Fourier coefficients. Therefore, Gaussian sums arc instrumental in the transition from the additive 10 the multiplicative structure (or vice versa) of a finite field. Refore we establish further properties of Gaussian sums, we develop a useful general principle. Let be the set of monic polynomials over IF q' and let A he a complex-valued function on which is multiplicative in the sense thatA(gh)~A(g)A(h)
forallg,hE,
(5.18)
and which satisfies IA(g)1 ",I for all gE and A(l)~1. With , denoting the subset of containing the polynomials of degree k, consider the power series
L(z)~
k -0
f (L,l:'1::lk
A(g))Z'
(5.19)
Since there are q' polynomials in " the coefficient of z' is in absolute value", q', and so the power series converges absolutely for Izl < q' '. Because of (5.IR) and unique factorization in lFalx], we may write
172
t-:..... poncntial Sum"
/.(z)~
L,~
A(g) Z M 8'"
~n(I+A(j)Z'I,,'jl~A(J')Zd" 1 we split up , according to the values of ('j and c". Each given pair ('1'(''') occurs q"-2
times in
~/..'
and so
LXL $.
A(I:) - q'':' (" (
n.,
=q'
2( L
'-cE,n;
y(cll( (,n X(c)). L .q
174
Since one of X and y i, nontrivial. it follows from either (5.9) or (5.12) that
LJ!-lP~
A (g) ~ 0 for k > l.
Therefore, (5.22) is satisfied with 1 ~ 1. furthermore, /-,< -,1) =lp-Jl/2
III I
>/-i( - I).
(5.27)
",{(-I)~
(-1)1. and so~
I
n
>/-(-I)~(-I)""-'P 111'1
( _ I )IP
I lIP
-31/'
(5.28)
1
Furthermore, si nee
if p" I mod4, if p"' 3mod4, it follows from (5.25) that (5.29) Comhining (5.27), (5.28). and (5.29). we get det(T) ~ ( -1)'P 1II'iIP 11'/4( -1)'P IIIP 31/'p'P"2)I'
hence (5.30) "low we compute det(T) utilizing the matrix of T in the hasis
II./, .... Jp I' From (5.26) we finddet(T)~det(U;')I 0 .
det(r)~(-I)(P 1)/2 i
,?
I)/p
21/ l A
withA>O.
Comparison with (5.30) shows that the plus sign always applies in (5.29). and the theorem is estahlished for s ~ I. The general case follows from Theorem 5.14 since the canonical additive character of IFp is lifted to the canonical additive character of IF q by (5.7) and the quadratic character of IF p is lifted to the quadratic character of
Fq
L
Ikeause of (5.14) and Theorem 5.12(i). a formula for C(11.X) can also be established for any additive character X of'lF q' We turn to another special formula for Gaussian sums which applies to a wider range of multiplkative characters but needs a restriction on the underlying field. We shall have to usc the notion of order of a multiplicative character as introduced in Remark 5.13. 5.16. Theorem (Stiekelberger's Theorem). Lei q be a prime power, Ie/ '" be a nontrivial multiplicative character of IF q' of order m dividing q + I, and let X, be the canonical additive character oflF q ,. Then,
I JH
E",pon~'nlial Sum~
('(' )J
, y, XI - \
q
\- q
q .,.1 if m odd or ._- even, m q+ 1 if m even and - - odd. m
Proof We write F. = IF q' and F = IF q' Let y be a primitive clement of L" and set g = yq- '. Then gq-' = I. so that g E F; furthermore, g is a primitive clement of F. Every IX E E* can be written in the form IX = gly' with 0", j < q -I and 0 '" k < q + 1. Since >{(g) = >{q. I(y) = I, we haveq -:. q
G(";,X,)=
L L Lk"
>{(g'y')x,(gly')cj
,-=Ok ..... O-:2
=
.,;'(y)0
L X,(gly') ,= 0 LXI(by').=
=
" Lk=O
>{'(y)
(5.31)
brP
If T, is the canonical additive character of F, then XI(hyk) by (5.7), Therefore,
TI(TrtjF(hy'
LbcF*
X,(by')=
Lhf::.:F"
TI{hTrm(yk)for 1'r"I" ( y') '" 0, for Tr"IF( yk) = 0,
-I= { q-I
(5.32)
because of (5.9). "'ow TrF1F(yk) Tr tjF( yk) = 0
= y' + yk q, and so11 = -
if and only if y"q-
I.
(5.33) and then by
If q is odd, the last condition is equivalent to k = (q (5.32),-I
+ 1)12,
Lb0F"
q+1 for 0 " k < q + I, k '" -2-'fork=
X,(by')=( q_1
q+1 -2-'
Together with (5.31) we getG ( y, X, ) =.A ,
" Lk((,1-
>{k ( Y) + ( q - I ) >Ii q 11/' ( Y)01)/2
1:A 0
q
';"(y)+ qt/-,q. 11I2(y)
~q';"""1I2(y)
,inee y(y)' I and ,;,q;'(y)-I. Now t/-(q-III'(y)-1 if (q+I)/111 is even and I if ('I + 1)/111 i, odd. and thus for q odd we have .f q -/ II --
111
even.
(5.34)odd.
if
12 Im
If q is ewn. then the condition in (5.33) is equivalent to ykiq- Ii - I. and the only k with 0" k < q + I satisfying this property is k ~ O. Then hy (5.32).
-I ( q -I
forl:::;;k~q.
for k
~
O.
and (5.31) yields(i(Y.XI)~-
'-I
1:
q
t/-'(y)-q-l~-
1:k~(l
'I
1fk(y)_q~q.
Comhined with (5.34). this implies the theorem.
We show how to usc G(Jussian sums to estahlish a classical result ofnumber theory. namely the law of quadratic reciprocity. We recall from Example 5.10 that if p is an odd prime and 'I is the quadratic character of ; p' then for c t 0 mod p the I.egendre symbol
(~) is defined hy (~) -11(c).For any di'tinct
5.17. Fhmrem (Law of Quadratic Reciprocity). odd primes [J and r we flat'l'
(~)(~) _ (Proof
I)"
iii'
li/4
I.et 11 he the quadratic character of IF p' let X I he the canoni-
cal additive character of IF,. and put G ~ (i( 1/. XI). Then it follows from (5.25) that (i2. ( I)IP lili p = fi. and so
0"
.(G)"-"/2G~fi"
"1'0'.
(5.35)
Let R he the ring of algehraic integers: that i,. R consists of all complex numbers that arc roots of monic polynomials with integer coefficients. Since the values of (additive and multiplicative) characters of finite fields are complex roots of unity. and since every l.:omplex root of unity is an
algehraic integer, the values of Gaussian sums arc algehraic integers. In particular. G FR. Let (r) he the principal ideal of R generated bv r. Then
IflO
b.poncntial
Sum~
the residue class ring R/(r) has characteristic r. and thus an application of Theorem 1.46 yields
G'~ ( I: ~(cJxI(c)r'" I: ~'(c)Xl(c)mod(r).(,J;Ct&;~ow
by Theorem 5.12(i), and soG'=~(r)Gmod(r).
Together with (5.35) we getpi' 1)/2G=~(r)Gmod(r),
and multiplication by G leads topi' "12p=~(r)pmod(r)
because of G" = p. Since the numbers on both sides of the congruence above arc. in fact. clements of 7L. it follows thatfi"
'I/'P:': ~(r)fimod
r
as a congruence in 7L. But
p and r arc relatively prime. hencepi' 1I/)=~(r)modr.
'low fi - (- I)'? "I'p and p' yiclds
'= I mod r.
thus multiplication by pi'
Ill:!
(-I)'? I", "/4=p,,-1)/2~(r)modr.We havc pl'
(5.36)
'>/.' '" :. I mod r.
congruent to a slJ.uare mod
and the plus sign applies if and only if p is r. Thus.
plr-ll/1
==
(If: )mOdr.
Sinee
~(r) ~
(!.. t we gct from (5.36) pi(- W ''''1)/4
= (~)( ~) mod r.
But the integers on both sides of this congruence can only he :: I. and sinee r ? 3, the congruence holds only if the two sides are identical. 0 We consider now charactc:r ~ums involving the quadratic character 11 of f"q odd, and having a quadratic polynomial in the argument. The following cxplicit formula will he needed in Chaptcr 7, Section 2.a2
I
5,/8. Theorem. LeI fix) ~ a,x' + a,x - a o 0I',[x] wilh q odd and O. Pur d ~ af - 4a oa, and leI ~ he Ihe quadraric charader of 'f q' ,hell
Excrci~~~
L '1 (f( c)} ~ (!:IF = S7 -= O. s.~ -:.- .'1 4 = 55 = s~ '"'" 1, and SfI _ 'J = 5n~7+Sn'4+SIl+I+_f"forn=O.I. .... Find the least p~ri()d of the linear recurring ~equence in IF ~ with So - sl=l, S2"'"""S\ -0, S4=-1. and sn~.~=S'I_4-SIl_3 5 n _ 2 -S>,/ for n = 0, 1. ....
6.35.
6.36.
find the kast period of the linear recurring sequence in IF; with
24R
Linl,.'ar Recurring Scqu('nc('s
'~n' 4
.'in. 3 -i- Sn' 1 .. .'in .-
I for n = O. 1. ... and initial state vector so- SI'''' in IF" hasE
(0, - 1.1,0). 6.37.Prov~
that a k th-unkr
lin~ar recurring :-.cqucncc
least period q' exactly in the following cases: (a) k ~ I, If prime, S"., ~ So - a for n ~ 0, I. with a (h) k~2,q~2,s"_,~s"~1 forll~O.I. . 6.38.
f;:
Given a homogeneous linear recurring sequence in IF" with a nonconstant minimal polynomial mIx) E fq[x] whose roots are nonl.ero and simple, prove that the least period of the sequence is equal to the least positive integer r such that a' ~ I for all roots a of mIx). Prove: if the homogeneous linear recurring sequence 0" in IF 1/ has minimal polynomial fIx) Eo f .[xl with deg(j(x)) = n ;> I, then every sequence in S(j(x)) can be expressed uniquely as a linear combina-
6.39.
tion of6.40.
a""""
a/oJ and the shifted sequences o(l),o(2) ..... o(n
I)
with
coefficients in f q' Let fl(x) .... Jk(x) bc nonconstant monic polynomials over f q that are pairwise relatively prime. Prove that S(jl (x) .. f, (x)) is the direct sum of thc linear suhspaces S(jI(X)).... ,S(j,(x)).
6.41.
Let
SUo SI" ..
be a homogeneous linear recurring sequence in K
=
IF II
with characteristic polynomial f(x) ~ f,(x)' .. f,( x), where the j,(x) arc distinct monic irreducible polynomials over K. For i ~ I ... .,r, let a; be a fixed root of j,(x) in its splitting field F; over K. Prove that there exist uniquely determined clements 0, E FI, .... O, f' f; such thats"~Trr./.(Olail+ ... +Trr./K(O,a~) forn~O,I,....
6.42.
6.43.
With the notation of Exercise 6.41, prove that the sequence so' 51 .... has f(x) as its minimal polynomial if and only if 0, "" for I '" i '" r. Thus show that the number of sequences in S(j(x)) that have fIx) as minimal polynomial is given by (qk, -I) (q" -I), where k, ~ deg(j,(x)) for I", i '" r. Let 01 and 0, be the impulse response sequences in f, associated with
the linear recurrence relations.'i n I 6~
=
sn
I ]
+ .'in ( n ' :; 0.1, ... ) and
.\" . , I .\"( n ~ 0, I, ... ), respectively. I'i nd the least period ofa I b~ I -
sn I 3
I
+ 0,.sn
6.44.
LetS".
the linear recurring sequence in IF] withsequenc~
.'in I ] = .'In ~ 2 -
So for n ~ 0, I, ... and initial state vector (0, I, 0), and let a, be
the linear recurring
in 1F 3 with.'i n . ."
-" -
sn. , - sn
I 2 ......
for
n ~ 0, I, ... and initial state vector (1, I, 1,0, I). Lse the method of Example 6.58 to determine the minimal polynomial of the sum
sequence6.45.
a I + a.'..
l'ind the least period of the sum sequence in Exercise 6.44.
6.46.
Given a homogeneous linear recurring sequence in IF 2 with minimalpolynomial x' ~ x' ~ x 4 + I E f,.[x I, determine the minimal polynomial of its binary complement. Let fIx) ~ x' + x' ~ x 4 + x' ~ x' + x + I," f,lxJ. Determine thele:tlSI nl~riod" of ,fXlllence:" from Sf ff :.: n :.ino the: nllmher of se-
6.47.
249
6.48.
quem:t::-. attaining t:ach pO!'lsihle lc.:ast paiod. Let/(x)~(x 1 I)'(x'-x' 1)r=f,lxl. Determine the least periods of sequences from S(/(X) and the number of sequences attaining
6.49.
each possihle least period. Let I(x) ~ x' - 2x' - x' - I r: I'.,[xl. Determine the least periods of. . . cquenct:s from S( f(x))
and the numbt:r of sequt:nccs uttaining cach
6.50.
possihle least period. hnd a monic polynomial g(x) Co f
31xl
such that5(g(x)).
S(x+I)5(x'+x-I)5(x"-x-l)
6.51.
Find a monic polyn()mial g(x)f'fi',I_\1 such thatS(\'+X-II)S(.\'+x 4,
I)-S(g(x)).
6.52.
For odd q determine a monic g(x) f' fi',,[x 1 for whichS((\ 1)')S((xI)') ~S(g(x)).
6.5}.
What i~ the situation for even I? Prove that f v (gh) (/ V g)(/ v h) for nonconstant polynomials f. g. h" II'qlxJ. provided the two factors on, the right-hand side are
relatively prime.6.54. Consider the impulse n:~ponse sequt.:nce in !F 1 associated with the lint:ar recurrence relation -"1/.4 --, '\n I ) - '\fI' n 0, L and the linear recurring ~equencc in !F.l with sn' ~ "'1/' 11 = O. 1, and initial .,tate vector (0. I. I. 1). Usc these st:quenee~ t{l ~how that thert: is no analog of Theorem 6.:')9 for multiplication of se4uence~. For r " Nand 1'= f ,I x 1with deg( /) > O. let (J,(/) he the sum ()f the
6.55.
6.56.
r th power; of the di;tinct roots of f. Prove that (J,ff v g)(J,(j )(J,( g) for noneonstant polyn()mials I. g r: fi',,[x I. provided that the numher of distinct roots of 1 V g is equal to the product of the numhers of distinct roots of I and g. respeetively. Let SO' 51"" he an arbitrary sequence in IF", and let JI ~ 0 and r ~ 1he integers. Prove that if both Ihmkel determinants [),:~)"2 and J)~" I) arc 0, then also n,::ll "'" O. Prove that the sequence su' -"I ... in 11-1{ is u homogenc()us linear recurring sequence with minim'''''' ;n q:
6.63.
.,f
250
Lincar RCl:urring Sequenccs
order" 4 are given hy 2. I. O. I. .. 2. O. -2. - I. Determine its minimal polynomial by the Berlekamp-Ma"ey algorithm.6.64. The first 10 tcrms of a homogcneous linear recurring st:quence in }3
6.65. 6.66.
of order" 5 are given hy I. - 1.0. -1.0.0.0,0, 1,0. Determine its minimal polynomial by the Berlekamp-Massey algorithm. Find the homogeneous linear recurring sequence in F, of least order whose first 10 terms are 2,0, - I. .. 2,0, O. 2,2. -- I. - 2. Suppose the conditions of Theorem 6.78 hold and assume in addition that the characteristic polynomial fix) of the sequence "'o.s" ... satisfies frO) '" O. Establish the following improvement of (6.31):
I"f. 'x(s,,)',,(j)'/\q'n- u
r)'/2
I
for all U;;O O.
(Him:
6.67.
6.68.6.69.
Note that b - 0 ean he excluded in (6.33).) Suppose the conditions of Theorem 6.84 hold, let r be a multiple of (q' - I )/( q - I) and let (q' .. III rand k he relatively prime. Prove that Z(O) ~ (q' '- I)r I( q' - 1). Suppose the conditions of Theorem 6.84 hold. let q he odd and h ~ (q' -1)/2. Prove that equality holds in (6.37). Let Z(h: No- N) he as in Theorem 6.85. Under the conditions of Theorem 6.84 and using the notation in the proof of this theorem. show thatZ(h: No, N)
~-Z(bH
Nr
(k ) q q -I
1
'\' 7l!-(ft) .... l
.'.(O)G( I iI)G(" A' )",(a)'\o'.v _>/-(a)V" 'I' 'i', 'i', h y(a)-I
6.70.
Deduce from the result of Exercise 6.69 that
I6.71.
Z(O:No,N)-
(q' ,'-I)NI"(I_l)(~q -I q
I
- q-I t-_)q'/2
I
q"I2J
1(~IOg_h_+f)' 'IT q ... I II
where f h ~ 0 for h ~ q - I and f h . ; for h > q - I. Deduce from the result of Exercise 6.69 that
IZ(h : No' N) - q' _'N I" q' I
(2 Iog r + "5 . N(hhr 2. ;:
r)I
)q"-O/2
+(for h =t-
N _ _N
.)q"2
O. and
XII -
'\'1 =
O. while the
three diagonal points are (I. 1.0), I'O'q)' and the q"' '-,- ... - q + I points l)f a hyperplane were removed, there remain qn1 point:-. in AI
k,
where the coefficient matrix has rank m - k. In partieul",. a hyperplane is defined hy
where
11) .... ,0"1 .. I
arc not all O. If aw,,,ill/l
1
are kept constant and
1 m
runs thmugh all elements of 0'" hyperplanes.
then we ohtain a pencil of parallel
2,
COMBII\ATORICS
In thi:- ~ection we Jescrihe :-.omc of the useful aspect~ of finite field~ in comhinatorics. There is a close connection between finite geometric., and designs. The de:-,ign~ we wish to consider con~ist of two nonempty seb of ohjed~. with an incidence relation between ohjects of different sets. For instance, the ohjects may he points and line." with a given point lying or not lying on . a given line. The terminologv that i~ normally used in this area has ih origin in the applications in statistics. in connection with the design of experiment;. The two lypes of ohjects are called varieties (in early applications these were plants or fertili7ers) and blocks. The numher of varieties will. as a rule, he denoted hy L and the number of blocks hy h. A design for which every hlock is incident with the same number k of
varieties and every variety is incident with the same number r of blocks iscalled a wClical configura/ion. Clearly cr~
bk.
(7.3)
If ,; = h, and hence r k, the tactical configuration i~ called symmetric. For instance, the points and lines (If a /,(i(2,O',,) form a symmetric tactical
2.
CombinalUrk~
~63
configuration with v - b ~ q' I q -r I and r ~ k ~ q ~ 1. The property of a finite projective plane that every pair of distinct points is incident with a unique line may serve to motivate the following definition. 7.16. Uefinition. 1\ tactical configuration is called aha/awed il/camp/ele hlock design (BI BD). or (v. k. A) hlock de>ign. if" ;;, k ? 2 and evcry pair of distinct varieties is incident with thc same number A of blocks.If for a fixed variety
a,
(a,. R)with a varietya2~0, anda block
we count in two ways all the ordered pairs B incident with we obtain
0,.0,.
tbe identityr(k1)~A(v
I)
(7.4)
for any (v, k, A) block design. Thus, the parameters hand r of a BIBD are determined by v. k. and A because of (7.3) and (7.4). 7.17. Example. I.ct the set of varicties be {O, 1,2,3.4.5,6} and Ict the blocks be the subsets (O.I,3), {1.2.4}. {2,3,5}. {3.4.6}, {4.5,O}. {5.6, I}, and {6. O. 2}. with the obvious incidence relation between varieties and blocks. This is a symmetric HI HI) with v ~ h ~ 7, r ~ k ~ 3. and A ~ 1. It is equivalent to the Fano plane in Example 7.3. 1\ BIBD with k ~ 3 and i. = I is called a .\'teiner [ripl!' .~vs[em. 0 7.111. Example. 'vIore generally. a BIBD is obtained by taking the points of a projective geometry I'G(m.~q) or of an affine geometry AG(m,lF q ) as varieties and its {-flats for som~ fixed (, I ~ 1 < rn. as hlocks. In the projective case. the parameters of the resulting BIRD arc as follows:
qm-l -1
[1
"
q
I
h-
/
t, q n -----I q' 1m
r~
I
/=
n qmq'-I , . 1-1-1t
I
, 'q. m t'-1
A-
1-1
11
q'_]
where the la>! product is inteopreted to be I if 1- 1. The Bllll) is symmetric in ca"'e [ In -1-- that i:-,. if the hlocks ar~ the hyperpbnes of P(;(m.IF'1). In the affine case, the parameters of the resulting BIBD are as follows:r- -,. ql,
h
=
qftl
[rl qmi-I
[-I
-=- 1
q' - I
r~n1-1[Ii
t
qm /'_1q'-I
--.
k ~q',with the same convention for symmetriC'.
A~
{
/- I
n q ql -- I_1
m
2.
I ~
I as above. Such a BIBD is never U
A tactical configuration can be descrihed by its incidence matrix.
264
Thcorclicall\pplicaliotl~
of I-inite fields
This is a matrix A of v rows and h columns. where the rows correspond to
the varieties and the columns to the hloeks. We numher the varieties and hlocks. and if the ith variety is incident with the jth hloek, we define the (i. j) entry of A to he the integer I. otherwise O. The sum of entries in any row is r and that in any column is k. If A is the incidence matrix of a (c, k. A) block design, then the inner product of two different rows of A is A. Thus, if A'I denotes the transpose of A, then rAA T ~
Ar
A IA
A Ar
~(r-A)i
IAJ.
A
where I is the [! X r identity matrix and J is the (; x v matrix with all entries equal to I. We compute the determinant of AA T by subtracting the first column from the others and then adding to the first row the sum of the others. The result isrkT
0r
det( AA
)
A ~ A
A0()
0 0r
A0
0 0 0
1- rk (r
A)"-I.
I~
r - AI
where we have used (7.4). If v = k, the design is trivial, since each block is incident with all l' varieties. If v> k, then r >;, hy (7.4), and so A AT is of rank D. The matrix A cannot have !olmallcr rank. hence we obtainh",10.
(7.5)
By (7.3). we must abo have r '" k. for a svmlnelric ( c, k. A) block design we have r ~ k, hence AJ ~ JA. and so A commutes with (r - A) 1+ AJ ~ A AI. Since A is nonsingulal' if c>k. we get AIA- AA I -(r A)/- AJ. It follows that any lwn dislinC! h/ocks hll~e exactly A varieties in common. This holds trivially if v...::. k. We have seen that the conditions (7.3) and (7.4), and furthermore (7.5) in the nontrivial case. are necess3l'y for the existence of a B1BD with parameters c, h. r. f,;, A. These conditions are. however. not sufficient for the existence of such a design. For instance. a BIBD with c ~ h ~ 43. r = k ~ 7, and A ~ I is known to he impossihle. The varieties and hloeks of a symmetric (c, k. A) hloek design with k '" 3 and A ~ I satisfy the conditions for points and lines of a finite projective plane. The converse is also true. Thus. the COllcepl:i of a s)'mm(,lric (c. k. I) hlock design wilh k ?' 3 and of a finile projel'tiGe pla"e are equipatent.('on . . idcr the BIRD in F.xamnle 7.17 and intcmret the varieties
2.
Combinatork:~
205
O. I. 2. 3. 4. 5,6 as integers modulo 7. Each hlock of this design has the property that the differences hetween its distinct elements yield all nonzero residues modulo 7. This suggests the following definition. Definition. .. set D ~ (d, ..... d,) of k" 2 distinct residues modulo " is called a (r. k. A) difference sel if for every d '" 0 mod ,. there are exactly A ordered pairs (d,. d,) with d,. d, I with " t: 2 mod 4.
7.29.
Theorem.
Let q, ..... q, he prime powers a1lJ let
he [he e1enw1I[S of ~ ;.' Define [he s-wples
h;..={al'l ..... ai>l)
!orO~k~r=
min (If/-l).1,,;;I:S;.\
and let br . I"'" hn I with n = q I . . . q~ be the remainill/{ s-lUples that cun he formed hy laking in the ilh coordinate an element of IF If: These s-Iup/es are
2. Comhinatoric..
269
added and mulriplred h)' adding alld nlUllip/villg Iheir coordinales. Th('// Ihe arrays
f.,
~
ho h,h, b,b,
h, b,h, + h, b,h,+h, b,hn , + h,
b" bAb l +hll b, h, + b"h~ h'l 1+ b'l
,
,k I .... .r.
,1 ;
\ h"bnform a set of r
mUl/la/~v
orthogonal latin squares of order n.
T aetical configurations and latin square~ are of use in the design of stwistical experiments. for example. suppose that n varieties of wheat arc to he compared as to their mean yield on a certain type of soil. At our disposal is a rectangular field subdivided inw n 2 plots. Ilowcver. even if we are
careFul in the selection of our Field. diFFerences in soil fertility will occur on it. Thus. if all the plots of the first row are occupied by the first variety. it may very well be that the first row is of high fertility and we might ohtain ahigh yield for the first variety although it is not superior to the other varieties. We shall he less likely to vitiate our comparisons if we set every variety onee in every row and once in every column. In other words. the
varieties should be planted on the II' plots in such a way that a latin squareof order/l
is formed.
It is often desirable to teM at the same time other factors influencing the yield. I'or instance. we might want to apply n diFFercnt fertili/.ers andevaluate their effectiveness. We will then arrange fertiliLers and varieties on
the
n'
plots in such a way that hoth the arrangement of Fertilizers and the
arrangement of varieties form a latin ~quare of order n. and such that every Fertili,er is applied exactly once to every variety. Thus. in the language of comhinatorics. the latin squares of fertilizer and v.'.1
11
4
~
l:(1
I -I I I
I I . I I
I -I -I I
[J
We descrihc now a construction method for Hadamard matrices using finite fields.
732.
Theorem.
Li'l a" .... a q he Ihe elemellls of Fq , q" 3mod4,
and /('( 1/ he [he quadrl1lic characTer of IF,,. Then The malrix
hi?
hph2~
hili
-I/)])
h.l. qh'q
1/.
h,j
-I
h,,~'jlh hl/ = 1]( 0: (11)
h'/2
h,,3
- 1i-> a lIadamard matrix of order
jor
l~i.}.::;:;q.i"=l=j.
q' I.Proof Since all c.::ntric.::s arc . I. it "ufflce~ to ~hov. that the mner product of any twO di~tinct rows i~ O. The inner product of the first row with the (i '" I)st row, I ,,; i " q, is1+(-1)+ Lh'/~ L~(a,-(/,)Jto
L..
~()-O
I
I " I
E-Ii,;
by (5.12). The inner product of the (iI ~ i < /.. :( 4- b
~
l)st row with the (k -I)st row.
3. l.im:ur Muuul
'VIaximal period sequences possess a universality property, in the sense that a much larger class of linear recurring sequences can he derived from them by applying decimations. 7.48. Theorem. 1.et a he a gif;ell kIll-order maxima! period sequence in } q' "J'hen every linear recurring sequence in ~ q /zaring an irreducihle minimal polynomial ~(x) with ~(O) -f 0 and deg(x(x)) di,'iding k can he obtained from 0' hy applying a suitahle decimation.I'ro(!f. If the terms of" arc denoted by Theorem 7.47 we haveSO'
then as in the proof of
s, = Tr"'K(Ux')
for all
n '" 0,
where:x is a primitive element of r - Fq~' DE F*. and K = Fq' Let uo, u1.". he a linear recurring sequence in ~ q with irreducible minimal polynomial g{x). where g(O) #0 and III = deg(g(x)) divides k. Then g(x) has a root yF E = J q." and y;" 0 since g(O)" O. Furthermore, Ii is a subficld of F by Theorem 2.6. It follows that there exists an integer d '" I such that y = ad, Ry Theorem 6.24 we have ", = TrE,K({Jy') for all n '" 0,where lie P. Let bEl"" be such that Tr"db) = (I, and choose an integer i> '" 0 with 6U-\ = ah Then by the transitivity of the trace (sec Theorem 2.26) we have'h' ,d = Tr"/K(U~h . 'd) = T r"'K(b/)= TrE/K(ji-;") = ",
= Tr!:'KCrr",,:(6y'))
for all n '" O. and so the sequence U","\, ... is equal to the decimated sequence~),
0
The condition g(O) # 0 in Theorem 7.4~ rules out the case g(x) - x in which the sequence has the form f, O. 0.... with cd:. Such a sequence has pre period I, and thus it cannot be derived from" hy a decimation since every decimatcd scquencc a~hl is periodic.
4. Pseudorandom Sequences
287
In the special case d -=- I we write a\h l = a(hl, which is the sequence obtained by shifting (J hy h tenns. Maximal period scquences can be eharactcri/.cd in tcnns of a structural property of the set of all shifted sequences. We use again the termwise operations for sequences introduced in Chapter 6, Section 5.7.49. Theorem. Jf a is a nonzero periodic sequence of elemems of} q' sequences a(M, Ii = 0, 1, .. . ,togeTher with The zero sequenceform a lJ(!CWr space over!J- q under termwise operations for sequences if and only (f a is a maximal period sequence in } q'l hen l he shifted
Proof If (J is a kth-ordcr maximal period sequence in Fq , then the initial state vectors of the sequences (J'h), h = 0, I, ... , q' 2, and of the lero sequence run exactly through all vectors in };. From this it follows easily that these sequences form a vector space over I q' Note also that any shiftcd sequence (J1-(SIl"~'l-l, ... ,.'inln!I)'
n =0, 1.... ,
also has least period r; in nther words, Sn just depends on the residue class of n modulo r. From ged("" r) = I it follows then that the finite sequence s"w' n - n, 1.... ,r - 1, is a rearrangement of the linite sequence Sn. n -"- O. 1" .. ,1'-1. In particular, for any bF{O,I. ... ,p-l}m tbe numher of 11, o~ II ~ r 1. with SI'l'l = b is the same as the number of n, 0 ~ 11 ~ r - 1, with s, ~ b. The latter number is given by Theorem 7.43. Together with (7.9) this yields the following information: the number of fl, 0,;; n';; r - I. with ~1'n 0 is equul to pI.. m 1, and for any rational numher cp m with CEff, 1 ~ (' < "n!. the numher of n. 0 ~ n ~ r - I, with ~V>1 - C" m is equal to ,," m; this exhausts all possible values of tv n . For (JEff, 0 ~ a < "m, consider a real 1 with ap- m ,;; c < (a + I)p m. Then
and so11',(1)-
cl=, '-,p
,(a I liP'
c)--'- ("-I)P::'~I. p' - I
4. Pseudorandom
SetlUl.:nr..:~!'
291
and
o~hcnce
I-(a-I)p P -I
,
, P,(l)
tl~
pm .
I
Since
1',(1- I)pm
and
p,II)=
(I_~)I_ pm
pm
I
I, it follow, from (7.10) that D,=p-m.
scquence
Theorem 7.52 show, that if m is chosen sufficiently large, then the \\.'0, w 1 .. passes the uniformity test when considered over the full period. For parts of the period that is, for I ~ IV < r-we can establish an upper hound for the quantity 1)" in (7.10). I.et IV O, IV,,. .. he a ,equenee of clements of [0, 11 whose terms arc given by finite digital representationsWn
=
L \1.'~)p;1
m
i,
II =
O. I, ... ,
(7.11)
where the digits l1':i) belong to the set {O. I, .... P - I} and m is independent of 11. For ilEIL we define cr(iI) - dilip), where ell) is the complex exponential function used in Chapter 6, Section 7,7.53. I. emma. Let \\"0' \\"l,'" he u seqw~n(:e vj' "femews of roo IJ .(Iiven hy (7.1 ') und Jet /V he a positire illleyer. LeI U h~ a cOllsLQnt such thm for allY h 1 ... h m E{O, l. ... ,p-l~ thar are nOl allD l .... e Iwce
I
!\
I ,\" , e III 11'(1), "'+11 w1m )) /'( y+x )'"11/'1 .I.el ,11')-- ,1I=.I)-that is. Alz)-L:;'_oA,=';1(:) satisfies the differential cquation ( I - z')then one can verify thatdAd~z) + (I ,=liZ)A (=)~ ( I + z)"with initial condition A(O}Ao = I. This is equivalent toi,1,L~I)-,1, ,-(n-i+2),1,_, fori-2.3 .... ,1Iwith initial c{mdition:-. A o = 1. ;11 =- O.2.CYCLIC COOESCyclic cpdcs arc a special c1a::,s of linear codes that can he implementedfairlv simply and whose mathematical structure is reasonably well known. 8.35. Oefinition. A linear (n. k) code C over IF" is called t:quently.x'(x'11~a,(>' )g(x)+r,(x).r;lxk .... ,11Xl - rj(x) i:,> a code polynomial. und :'>0 is ,\;~).\") = considered modulo x" I. The. polynomials g,(x). j ~ 1, arc linearly independent and form the canonical generatormatrix(I(.R).(II -where I k i~ the k x k identity matrix and R i:, the k x ith row is the vector of cocfficienb of r'l ~ l ' I(X),k) matrix whoseIU8.Exampl