ds Introduction to finite fiel and their applicationsRU D O LF L1 DL, /iubart, AWilraliu Unirersil)' (If Tasmania

RE IT FR IIA RA LD N fE D I:R oI ScijJ1Ju's. Vie llna , All.'it/"ia Aus tria /1 Aca dem y

= -= =

~",,;:;,,;~;Z;~~;,~, Iml I II "a, I III I :::::=:::====.. =tJ.

p"~lonJ phb".'/>(.J c&",;n~O'l$l

;t, 1 on linear recurring sequences depends mostly on Chapters 2 and 3. Chapters 7. 8, and 9 are devoted to applications and draw on various material in the previous chapters. Chapter 10 supplements parts of Chapters 2, 3, and 9. Each chapter starts with a hrief description of its contents, hence it should not he necessary to give a synopsis of the hook here. In order to enhance the attractiveness of this hook as a text hook, we have inserted worked-out examples at appropriate points in the text and inciuded lists of exercises for Chapters I -9. These exercises range from routine problems to alternative proofs of key theorems, but contain also material going beyond what is covered in the text. With regard to cros~-rcferences, we have numbered all items in the main text consecutively by chapters, regardless of whether they are definitions. theorems, examples, and so on. Thus, "Definition 2.41" refers to item 41 in Chapter 2 (which happens to be a definition) and "Remark 6.23" refers to item 23 in Chapter 6 (which happens to he a remark). In the same vein, "Exercise 5.21" refers to the list of exercises in Chapter 5. We gratefully acknowledge the help of Mrs. Melanic Barton and Mrs. Retty Golding who typed the manuscript with great care and efficiency.R. LIDL

H.

r-;tEllI'RRI'.ITI.R

Chapter I

Algebraic Foundations

Thi' introductory chapter contains a survey of some basic algebraic concept' that will be employed throughout the hook. Elementary algebra uses the operations of arithmetic ,uch a, addition and multiplication, hut replaces particular numbers hy symbol, and thereby ohtains formulas that, by suhstitution, provide solutions to specific numerical problems. In modern algebra the level of abstraction is raised further: instead of dealingwith the familiar operations on real numhers, one treats general operations

-processes of t:omhining two or more clements to yield another element- in general sets. The aim is to study the common properties of all systems consisting of sets on which are defined a fixed number of operations interrelated in some definite way-for instance, sets with two binary

operations behaving like + and for the real numbers. Only the most fundamental definitions and properties of algehraicsystems- that is. of sets together with one or more operations on the

set will be introduced, and the theory will be discussed only to the extent needed for our ,pecial purposes in the study of finite fields later on. We state some standard results without proof. With regard to sets we adopt the naive standpoint. We use the following sets of numbers: the set I'\J of natural numbers, the set 7L of integers, the set Q of rati,mal numhers, the ,et IR of real numbers, and the set C of complex numhers.

2

Algehraic Foundation.,

I.

GROUPS

In the set of all integers the two operations addition and multiplication arc well known. We can generalize the concept of operation to arbitrary sets. Let S be a set and let S X S denote the set of all ordered pairs (s, I) with s E S, IE S. Then a mapping from S X S into S will be called a (billa~v) operalioll on S. Under this definition we require that the image of (5, t) E S X S must be inS; this is the closure property of an operation. By analf{ehraic structure or algehraic system we mean a set S together with one or more operations on S. In elementary arithmetic we are provided with two operations.

addition and multiplication, that have associativity as one of their most important properties. Of the various possible algebraic systems having a single associative operation, the type known as a group has been by far the most extcnsively studied and developed. The theory of groups is one of the oldest parts of abstract algcbra as well as onc particularly rich in applications.

1.1.

Definition. A group is a set G together with a binary operation1.

0

on

G sueb that the following three properties hold;

* is associative; that is. for any a, h, c E

(j,

ao(boc)~ (aob)oc.

2.

There is an identity (or unity) elemelll e in G such that for all aEG, For each a Ea*e=e*a=a. G, there cxists an inverse element a- J E G such that

3.

If the group also satisfies 4. Foralla.hEG,a*h=b*a,

then the group is called abelian (or commutative).It is easily shown tbat the identity element e and lhe inverse clement a J of a given element a E G are uniquely determined by the properties above. Furthermore, (a 0 b) J ~ b- J 0 a J for all a. bEG. For simplicity, we shall frequently use the notation of ordinary multiplication to designate the operation in the group. wriling simply ah instead of a 0 h. But it must be emphasized that by doing so we do not assume that the operation actually is ordinary multiplication. Sometimes it is also convenient to write a + h instead of a 0 hand - a instead of a J. bUI this additive notation is usually reserved for abelian groups.

I.

(jroup~

3

The associative law guarantees that expressions such as a 1Q 2' an with aj E G, I ~ j ~ n, are unambiguous, since no matter how we insert parenthcses, the expression will always represcnt the same clement of G. To indicate the n-fold composite of an element a E G with itself, where n E I'll, we shall writean=aa"'a (nfactorsa) if using multiplicative notation, and we call an the nth power of a. If using additive notation for the operation' on G, we write na=a+a+'" +a (nsummandsa). Following customary notation, we have the following rules:

Multiplicative Notationa-n=(a- I )" a lla m = an t m (a")m=a"m

Additive Notation(-n)a=n(-a) na + ma = (n + m)am(na)~(mn)a

For n = 0 E Z, one adopts the convention aO ~ e in the multiplicative notation and Oa = 0 in the additive notation, where the last "zero" represents the identity element of G. 1.2. Examples Let G be the set of integers with the operation of addition. The ordinary sum of two integers is a unique integer and the associativity is a familiar fact. The identity element is 0 (zero), and the inverse of an integer a is the integer - a. We denote this group by Z. (ii) The set consisting of a single element e, with the operation' defined bye' e ~ e, forms a group. (iii) Let G be the set of remainders of all the integers on division by 6-that is, G ~ CO, 1,2,3,4, 5}-and let a b he the remainder on division by 6 of the ordinary sum of a and b. The existence of an identity element and of inverses is again obvious. In this case, it requires some computation to establish the associativity of '. This group can be readily generalized by replacing the 0 integer 6 hy any positive integer n. These examples lead to an interesting class of groups in which every element is a power of some fixed clement of the group. If the group operation is written as addition, we refer to "multiple" instead of "power" of an element. 1.3. Definition. A multiplicative group G is said to be cyclic if there is an clement a E G such that for any bE (j there is some integer j with b = a i . (i)

4

Algchrail.: roundation:;

Such an dement a is called a gel1eralOr of the cyclic group, and we write G = (a).It follows at once from the definition that every cyclic group is commutative. We also note that a cyclic group may very well have more than one dement that is a generator of the group. For instance, in the additive group il. both I and - I arc generators. With regard to the "additive" group of remainders of the integers on division hy 11, the generalil.ation of Example 1.2(iii). we find that the type of operation used there leads to an equivalence relation on the set of integers. In general, a subset R of S X S is called an equivalel1ce relaliol1 on a set S if it has the following three properties:

(a) (', s) E R for all s E S (reflexiGitv). (b) U (s, I) E R, then (c, s) E R (symmelry). (c) U(S,I), (c.u)E R, then (s.u)E= R (cral1siliviZv). The most ohvious example of an equivalence relation is that of equality. It is an important fact that an equivalence relation R on a set S induces a partition of S -that is, a representation of S as the union of nonempty, mutually disjoint subsets of S. If we collect all clements of 5 equivalent to a fixed S E S. we obtain the equiwlel1ce class of s. denoted by[sl~ (I E S:(S.I) E= R}.

The collection of all distinct equivalence classes forms then the desired partition of S. We note that [s J = [I J precisely if (s. r) E= R. Example 1.2(iii) suggests the following concept.

1.4. Definition. For arbitrary integers a. h and a positive integer 11, we say that a is cOl1gruent to h modulo n, and write a'" hmod 11. if the differcnce a - h is a multiple of n -that is, if a ~ h + kn for some integer k.It is easily verified that I'congruence modulo Jl" is an equivalence relation on the set il. of integers. The relation is ohviously rel1exive and symmetric. The transitivity also follows easily: if a ~ h + kl1 and h = c + In for some integers k and I. then a = c +(k 0 1)11, so that a'" hmod 11 and b '" c mod n together imply a '" C mod 11. Consider now the equivalence classes into which the rclation of congruence modulo n partitions the sct il.. These will bc tic scts

[0]

= {

-211, - n.D.I1,2n .... }.-2n+I,-n~I,I.n-I,211,I .... },

[i]=(

[11 - 1] = { .... - n - I. . I. 11 - I. 211 - I. 3n - I, ... }. We may definc on the set ([D].[I]..... [I1-IJ) of equivalence classes a binary

5

operation (which we shall again write as ordinary addition) by

+, although it is eenainly not( 1.1)

[al+[b]~[a th],

where a and h are any clements of the respective sets [aj and [b] and the sum a I h on the right is the ordinary sum of a and b. In order 10 show that we have actually defined an operation-that is, that this operation is wcll defined- we must verify that the image element of the pair ([aj,[h]) is uniquely determined by raj and [b] alone and does not depend in any way on the representatives a and h. We leave thi1:i proof as an exercise. Associativity of the operation in (1.1) follows from the aS1-.ociativity of ordinary addition. The identity clement is [0] and the inverse of [a] is [- oj. Thus the elements of the set ([OJ,ll]..... [n Ij) form a group. 1.5. Uefinition, The group formed by the set ([OJ,[lj.... ,[n -I]) of equivalence clas.ses modulo n with the operation (1.l) is called the group of illlexers modulo n and denoted hy 1'.".

71" is actually a cyclic group with the equivalence class [I J as a generator, and it is a group of order n according to the following definition.1.6, Definition, A group is called finite (resp. illfinile) if it contains finitely (resp. infinitely) many elements. The number of elements in a finite group is called its order. We shall write: CI for the order of the finite group C.Th~rc is a convenient way of presenting a finite group. i\ table displaying the group operation, nowadays referred to as a Cayler IOhle, is constructed hy indexing the rows and the columns of the tahle hy the group clements. The element appearing in the row indexed hy a and the column indexed hy h is then taken to he ah.

1.7.

Example,

The Cayley tahle for the group 1'., is:

~[OJ[0] [0]

[Il[II [21

[21 [2]

[II [Il[21 . [2]

[3]

[3] [4] [3 J [3] [41 [5] [0] [4] [4] [5] [0] [Il [5] [5] [0] [ I ] [2]

[3] [4] [5] [3] [4] [5] [4] [5] [0] [5] [0] [ I][I] [21[2]u

[3] [3] [4]

A group (j ~ontains certain suhsets that form groups in their own rig,ht under the "peration of G. for instance, the subset ([OJ, [2j, [4j} of 1'., is easil:v :,een to have thi:-. property.

Alg,chra:c

roundation~

1.8. Uefinition. II subset fI of the group G is a subgroup of G if 1I is itself a group with re:-.pect to the operation of G. Subgroups of G other than the frivinlsuhgroup.\ {e} and G ihclf are called nontrivial suhgroups of G. One verifie' at once that for any fixed a in a group G. the set of all powe", of a is a subgroup of G. 1.9. Definition. The subgroup of G consisting of all powers of the clement a of G is called the subgroup generated hy a and is denoted by (a). This subgroup is necessarily cyclic. If (a) is finite. then its order is called the order of the clement a. Otherwise. 11 is called an dement of infillite order. Thus. a is of finite order k if k is the least positive integer such that e. Any other integer m with am = e is then a multiple of k. If S is a nonempty subset of a group G. then the suhgroup /I of G consisting of all finite products of powers of clements of S is called the subgroup genCfaled hy S. denoted by /1- (5). If (S) ~ G. we say that S generate., G. or that G is generated hv S. for a positive element n of the additive group 71. of integers. the subgroup (n) is elo~ely associated with the notion of congruence modulo n, since a '" hmod n if and only if a - b'" (II). Thu, the subgroup (n) defines an equivalence relation on 71... This situation can be generalized as follows..

(lA

1./0. Theorem. If H is a subgroup of G. thell the re/otioll R II on G defilled hy (a. h) E R II if and only if a ~ "h for sO/lle h r 1I. is WI equimlellee relaTion.

The proof is immediate. The equivalence relation R If i' called left congruence modulo II. I.ike any equivalence rehnion, it induces a partition of G into nonempty. mutually disjoint suhsets. These subsets ( - equivalence classes) are called the left coselS of G modulo /I and they arc denoted hyall~

{ah: h

C

H}

(or (/ -'- H (a - h: h'" H) if G is written additively). where a is a fixed clement of G. Similarly, there i:-. a decompositilm of G in\{) right coset5 modulo /I, which have the form I/a .. (ha: h E /I). If G is abelian. then the di:-.tinction between left and right cosclS modulo II is unnecessary. 1.11. Example. Let G ~ 71." and let 1I be the subgroup {IO].13j.[6].[9]}. Then the distinct (left) coset; of G modulo 1I arc given by:

[0]1 H ([01.[3J.[6].[9]). [i]+ /I ([il.[4].[7j.[IO]). [2J-II" ([2].[S].{KJ.lJ I]).1./2. Theorem. If /I is a fillile suhgroup of (;. then ,,"err (I"ft or risht) ('oset of G moduln H has the same number of dements as H.

1.

(jroup~

7

1.13. Definition. If the subgroup I/ of G only yields finitely many distinct left eosets of (; modulo I/. then the number of sucb cosets is called the index of fl in G.Since the kft eosets of G modulo I/ form a partition of G, Theorem 1.12 implies the following important result.1.14. Theorem. The order of afinire group G is equal TO rhe producr of rhe order of any subgroup I/ and rhe index of H in G. In parricular, rhe order of H dieides rhe order of G and rhe order of any e1emenr a E G divides rhe order of G.

The subgroups and the orders of elements arc easy to describe for

cyclic groups. We summarize the rdcvant facts in the suhsequent theorem.1.15.(i)

Theorem

Every suhgroup of a ()'Clic group is ,:rdic. /n a finire cvdic group (a) of order m. rhe elemenr a k generares a suhgroup of order m/ged(k. m), where ged(k, m) denores rhe greatesT common dil:isor of k and m. (iii) If d is a posiriee dieisor of rhe order m of a finire ,ydic group (a). rhen (a) conrain; one and on!r one suhgroup of index d. For any posirive didsor f of m. (a) conrains precisely one subgroup of order f. (iv) Ler f he a posiriee dieisor of rhe order-of a finire cvclic group (a). Then (a) conrains ( elemenrs of order f. Here 9(/) is Euler's function and indicaTes the number of integers n with l.:s;;; n .:s; ; f rhar are relarively prime TO f. (v) A finire cyclic group (a) of order m conrains ( m] generarors-rhar is. e1emenrs a' such rhar (a') = (a). The generarors are rhe powers a' wirh gcd( r, m) = 1.

(ii)

n

Proof (i) Let I/ be a subgroup of the cyclic group (a) with 1/ (e). If a" E H. then a "E I/: hence I/ contains at least one power of a with a positive exponent. Let d be the least positive exponent such that a d ,= H. and let a' E H. Dividing s by d gives s = qd + r, 0", r < d. and q. r E 71.. Thus a'(a-d)q = a' E H. which contradicts the minimality of d, unless r = O. Therefore the exponents of all powers of a that belong to Hare divisible by d. and so I/ = (ad). (ii) Put d = gcd( k, m). The order of (a k ) is the least positive integer n such that a'" = e. The laner identity holds if and only if m divides kn, or equivalently. if and only if mid divides n. The least positive n with this property is n = mid. (iii) If d is given, then (a J ) is a subgroup of order mid. and so of index d. because of (ii). If (a') is another subgroup of index d, then its

=

order is m / d, and so d ~ ged( k, m) by (ii). In particular, d divides k, so that a' E (ad) and (a') is a suhgroup of (ad). But since hoth groups have the same order, they are identical. The second part follows immediately because the subgroups of order I arc precisely the subgroups of index m / f. (iv) Let I(a) I ~ m and m ~ df. By (iii, an clement a' is of order I if and only if ged(k, m) = d. Hence, the numher of clements of order lis equal to the numher of integers k with I,;; k,;; m and ged(k, m) = d. We may write k ~ dh with I,;; h,;; I, the condition ged(k, m) ~ d heing now equivalent to ged(h,j) ~ I. The numher of these h is equal to $(/). (v) The generators of (a) are precisely the elements of order m, so 0 that the first part is implied by (iv). The second purt follows from (ii). When comparing the structures of two groups, mappings hetween the groups that preserve the operations play an important role.1.16, Definition. A mapping/: (i ~ II of the group (i into the group 1/ is culled a homomorphism of G into 1/ if I preserves the operation of G. That b. if * and arc the operations of G and 1/, respectively. then I preserves the operation of G if for all a.hEG we huve l(a*h)~/(a)/(h). If. in adctition, I is onto 1/, then I is called an epimorphism (or homomorphism "onto") and 1/ is a homomorphic image of G. A homomorphism of G into G is called an endomorphism. If I is a one-to-one homomorphism of G onto 1/. then/is called an isomorphism und we say that G und 1/ arc isomorphic. An isomorphism of G onto (j is called an tlUlomorphism.

Consider. for instance, the mapping I of the additive group 1L of the integers onto the group 1L" of the integers modulo n, defined hy I(a I ~ ra]. ThenI(a+h) ~ ra+hl~laJ+lhl~/(a)I I(h)

fora,hElL,

and I is a homomorphism. If I: G -. II is a homomorphism and e is the identity clement in G, then ee ~ e implies I( e )J( e) ~ I( e), so that I( e) ~ e'. the identity clement in II. fromaa-'=eweget/(a ')~(/(a))-' forallac(i. The automorphisms of a group G are often of particular interest, partly heeause they themselves form a group with respect to the usual composition of mappings, as can he easily verified. Important examples of automorphisms are the iflller llUlomorphisms. For fixed t1 c- (j, define Ju hy fo(h) ~ aba I for beG. Then la is an automorphi.sm of G of the indicated type, and ",e get all inner automorphisms of G by letting a run through all clements of G. The elements hand aba I arc said to he ('(JIIjugat", and for a nonempty subset S of G the set aSa I ~ (asa -, : .\ C S) is called a conjugale of S. Thus, the conjugates of S arc just the images of S under the ,arious inner automorphisms of G.

(jf()L1P~

9

1.17. Definition. The kernel of the homomorphismf: G G into the group /I is the setkerf~

~

II of the group

(a'=G:f(a) . e'},

where e' is the identity clement in JI. 1,18. Fxampl/(C' U

.'

>.:-

\ ':.

l~

.~'.

i,omorphic 10 Ihe faclor ring /ker .~

+

0

16

If h is any nonzero dement of the ring 7L of integers. then- the additive order of b is infinite; that is. nh _. 0 implies II O. lloweva. in the ring lL/( p). p prime. the additive order of every nonl.ef\) ekment b is p: that is. pb ~ O. and p is the kast positive intcger for which this holds. It is of interest to formali7c this property.::..0

If R is an arhitrary ring and thcre exists a positive such that nr = 0 for every r E:::: R. then the least ~uch p{)sitivc integer n is called the charaClcrislic of Rand R i, said to have (positive) characteristic n. If no such positive integl'r 11 exists. R is said to have characteristic O.1.43. Definition.11

integer

1.44. Theorem. A ring R '1=- {O} of posilire cJll1f(lCleristk hoeing WI identizv and no ;ero divisors mUll have prime clwracfuisfir.Ii ~

Proof Since R contain~ nonzero clements. R has chara~teristic 2. If n were not prime. we could write n = km with k. m E lL. I < k. m < Ii. Then 0 ~ nc ~ (km)e ~ (ke)(me). and this implies that either ke ~ 0 or mc ~ 0 since R has no zero divisors. It follows that either kr ~ (ke)r .~ 0 for all r E R or mr - (me)r- 0 for all r E: R. in contradiction to the_J

definition of the '.:haractcrislic n. 1.45. Corollary.A finil" field has prim" charaumsliL

Prvvf Ily Theorem 1.44 it sufficcs to show that a finite field F has a positive charactcristic. Consider the multiples c.2e.3e.... of thc identity.Since F c.:ontains only finitely many distinct elements. there exist integers k and m with 1 ~ k < m such that k" m". or (m - k)c ~ O. and so F has a positive characteristic. ..JThe finitc field lL/( p) (or, equivakntly. IF p) obviously has characteristic p. wherea, the ring lL of integers and thc field Q of rational number,

have characteristic O. We note that in a ring R of charal'tcristic 2 we have 2a a -'- a ~ O. hence a = - Q for all Q E R. !I. useful property of commutative rings of prime characteristic is thl.: following.1.46.p.1Ileli

Theorem.

I.e! R be

l

cvmmUlatire ring vf prime charaClt'fi'ilic

(a + h)r ~ v p " + h P and (a - b)"" ~ aP' forQ.

hr

h E: R and

Ii

"N.

Proof

We usc the facl thatp(p-I) .. (p l'P) ., - - I T:':. -'i-i+l) i '= II mod

p

for all i E lL with 0 < i < p. which follow, from I;') heing an intcgcr and the observation that the factor p in thc numerator cannot bc cancellcd. Then hy

2. Ring:'. and held:.

17

the binomial theorem (see Exercise 1.8),

(a+b)P~aP+(~)ap

'b ... \

(p~l)ahP-'+hP~ap+bP.

and induction on n completes the proof of the first identity. By what we have shown, we getaP'~ a- h) 1 h)P" ~ (a-h)P' +h P'.

and the second identity follows.

o

Next we will show for the case of commutative rings with identitywhich ideals give rise to factor rings that are integral domains or fields. ror

this we need some definitions from ring theory. I.ct R bl.: a commutative ring with identity. An element u E:: R is called a diui",r of heR if there exists e Eo R such that ae ~ h. A unil of R is a-J-livisQr_91J.h.e.id..c.ntity; two dements a, b E R are said to hi_~Q5,~)~f there is a unit t: of R :"luch that a _. hL An element (' E R is called a prime dement if it is no u~i.~_~.~_d i~ .i.t ha~.~..>n}.x~~h~-~.~i~;~"~~f B.,~.l:!d_ the associatcs of (' as divis(;r'CAnideal p; R of the ring .K.is.qllc.dLPJ:i!.ntJdeaJ. if for a. hER we have ah E' P only if either a r: P or h E' P. An ideal M < R of R is called a maximal ideal of R if for any ideal J of R the property Me Jimplie, J R or J ~ M. Furthermore. R is said to be a prillcipal ideal domain if R is an integral domain and if every ideal J of R is principal-that is. if there is a generating clement a for J such that J (a) ~ (ra: r E R).

1.47.(i)

Theorem.

l.et R he

II

commuTative ring with idenTity. Then:

(ii)

(iii)tiv)

An ideal M of R i\ a maximal ideal if and only if RIM is a field. lin ideal P of R is a prime ideal if and onlv if RIP is all illlegral domain. Fr;ery maximal idelll of R is u prime ideal. If R i' a principal ideal domaill, Ihell RI(e) is afield if alld ollly if (' i'i a prime element of R.

!)roo;'(i) I.et M he a maximal ideal of R. Then for a if M, aEo

R, the set

J ~ (ar . m: r r R. m EM) is an ideal of R properly containing M, and therefore J . R. In particular. ar -'- m I for some sliitahle r cR. m E= AI. where I denotes the multiplicative iden-

tity element of R. In other words. if a - M' 0 1 M is an clement of RIM different from the zero clement in RIM. then it posscsses a multiplicative inverse, hecau:-.c (ll + M)( r + M) = ar ~ M ~ (I m) \ M ~ I + M. Therefore. RIM is a field. Conversely. let RIM be a field and let J ~ M. J .. M, be an ideal of R. Then for a c. J. a 2 and nonzero polynomials I" one first computes gcd(j,./,), then gcd(gcd(jl./' )./3)' and so on, hy the Euelidean algorithm. 1.56. Example. The Euclidean algorithm applied tog(X)~X4 +X'+2XE0'3[X]

l(x)~2x6+x'+x'+2lJ! ~ I for I,;; i < j,;; k -then for any integers a l' ... a" the system of congruences y == a I mod mI ' i = 1,2, .... k. has a simultaneous solution,. that is uniquely determined modulo m 111 1 '" m". (Chinese Remainder Theorem) Solve the system of congruences 5x:c. 20mod6. 6x '" 6mod5. 4x '" 5 mod 77. For a commutative ring R of prime characteristic p. show that((11

+ ... -a,) p " " . .-. ... .:....:af

p~ +(1\

1.16.

for all a, ..... a, E Rand n E' I'll. Deduce from Exercise 1.11 that in a commutative ring R of prime characteristic p we havep ,

(a-h)" : ;

LII

alh" , ,

foralla.hC" R.

1.17.1.18.

Let F be a field and f0 Fix]. Prove that (K(j(x)):KE F[x]) is equal to FIx] if and only if deg(j) - I. Show that p'(x)- xq'(x) ~ xr'(x) for p. q. r E D;l[ x] implies p ~ q ~

r ~ O.1.19.1.20. Show that if f. K Eo Fix]. then the principal ideal (j) is contained in the principal ideal (K) if and only if K dividesf. Prove: iff. K E Fix] are relatively prime and not both constant. then tbere exist a. b E F[x] such that af + hK ~ I and deg(a) < deg(g). deg( b) < deg(j). Let f, .....f" E Fix] with gcd(j, !.,) ~ d. so that !, ~ dl(, with K, E FIx] for 1,;; i,;; n. Prove that g, K" arc relatively prime. Prove that ged(j, ... ..f,) ~ ged(ged(j, J, ,). f,) for II ;, 3. Prove: if f.l(. h E FIx]. f divides I(h. and ged(j.1( ).- I. then f divides h. Use the Euclidean algorithm to compute ged(j. g) for the polynomials f and I( with coefficients in the indicated field F:(a)(h) (c)F~Q. f(X)~X7+2x'+2x'-x+2. l(x)~x'-2X'-X41

1.21. 1.22. 1.23. 1.24.

x 2 +2x.-+ 3F~IF,,f(x)~x'+x+l.l(x)~x6I x'+x 4 +1 F~1F3' f(X)~X8-i-2xs~X3 ex'+I. g(X)~2X6+X5+2xlF=1F2,f(X)~x7~1.I(x)~xs+xl-j x

tl

(d)

+2x'

+2

Exercises

.19

1.25.

1.26. 1.27.

1.2B. 1.29.

Let 1, .... ./" be nonzero polynomials in F[x]. By considering the intersection (/,)(1 ... n(/,,) of principal ideals. prove the existence and uniqueness of the monic polynomial mE F[x] with the properties attributed to the least common multiple of 1, .... ./" Prove (1.6). If I, ...../" to FIx] are nonzero polynomials that arc pairwise relatively prime. show that Icm(/, ... .. I,,) ~ a "/, ... I". where a is the leading coefficient of I, ... I". Prove that lem( I,. .f~) ~ Iem(lem( f, .... ./" ,). /,,) for n '" 3. Let 1, .... ./" to F[x] he nonzero polynomials. Write the canonical factorization of each j" I ~ i ~ II, in the form

where u/

E::

F, the product is extended over all monic irreducihle

polynomials pin Flx]. the e,( p) arc nonnegative integers. and for each i we have e,( p) > 0 for only finitely many p. For each p set m( p) ~ min(e,( p)..... e,,( pi) and M( p) - max(e,( p)..... e,,( pl). Prove that{)-nU'IP' gc d(11' 'In (J

IemU, ... ../,,) ~ 11 pMII".1.30. Kronecker's method for finding divisors of degree.;; s of a noneanstant polynomial IE Q[x] proceeds as follows: (I) By multiplying I by a constant. we can assume I E Z[x]. (2) Choose distinct elements ao, ... a,E Z that are not roots of I and determine all divisors of I(a,) for each i.O';; i.;; s. (3) For each (s + I)-tuple (h" ..... h,) with h, dividing I(a,) for 0.;; i.;; s. determine the polynomial g E Q[x] with deg(g).;; s and g(a,)=h, for O.;;i.;;s (for instance. hy the Lagrange interpolation formula). (4) Decide which of these polynomials g in (3) are divisors of f. If deg(j) = n ?> I and s is taken to be the greatest integer . Then F has characteristic p by Theorem 2,2 and so contain.;,lF p a~ a ...uhfield. It follows from Lemma 2.4 that F is a splitting field of \"" -.' o,er ~ p' Thu, the desired result is a consequence of the uniquene~." (up !l) isomorphisms) of splitting fields, which was noted in Theorem 1.91. .1The uniquene.:ss part of Theorem 2.5 provides the ju~tification for speaking of rhe finite field (or rh" Galois field) with q element;. M of I!I" finite field (or rhe Galois field) of order q. We shall denote thi, field hy If". where.: it i~ of course understood that q is a power of the prime characterisl it' p of Fa' The notation (iF(q) is abo used by many authors.q2.6. Theorem (Subfield Criterion). Ler} q I", Ihe fill ire field wah pI/ elen/ems. Then el;ery suhjhdd of IF" has order p'''. where m is a fO'ii{in'=divi'ior of 11. Convene/)'. if m is a fosiffl:e diuSOf of 11. {hen (here is eXl1l'fl)' one wl>field of F" wirh p'" elemellls.Proof. It is dear that a subfidd K of IF q has order pm for some positive integer m :;;; II. Lemma 2.1 shows that q ,- pll must be a pow~r of pn,. and so In is neces~arily a divisor of n. Conversely. if In b a positive divisor of fl, then pm - 1 divides pi' - I.and ~() Xf'~1 1 -I dividct' x p "' 1 I in iF-vrx]. Consequently. x P "'.- x divides x P " - x "x" - x in IF{,lx J. Thu~. every root of ),./,." - x is a root of Xii - x and so hehmgs to ~ q' It follows that '-" must contain as a subficld a splitting field of x p " x over IF p' and as wc have seen in the proof of Theorem 2.5. such a splitting field has order p"'. If there were two distinct suhfields of order pm in IF q' they would together contain more than pm fools of X p'~ - Xin IF ' an obvious contradiction. L The proof of Theorem 2.6 shows that the unique subfield of IF p" of order pm, where In is a positive divisor of n, consists precisely of the roots of the polynomial x p - x Eo IFrlx] in IF r ,.2.7. Example. The suhfields of the finite field IF", ean be determined by listing all positive divisors of 30. The containment relations hetween these variou, suhfields are displayed in the following diagram.1F2~/~D-i"IF21()1F , .-IXIX"~I/ IF,IF). I!F l ,lF1sBy Thcon.:m 2.6. the containment relations are equivalent to divisibility r.: relations among the positive divi~()rs of 30.For a finite field IF q we denote by' IF; the multiplicative group of nnnzero elements of iF,," The following result enunt.:iates a useful property of thi, group. 1.8. Theorem. J-I" e"ery finile field IF q lhe muliiplieali"e group IF; of nonzero e/emems of IF q is (yc!ic. Proof We may a"ume q;;, 3. Let h ~ P;'P2"" p;';- be the prime factor decompo,it;on of the order h ~ q - 1 of the group IF;. For every i. I ~i~m. the polynomial X hIP . I ha, at most hlp, roots in IF q Since h/ PI < II. it follows that there are nonzero clements in IF,! that are not ronb of this polynomial. Let 1 1 he such an element and set b l = a;/P>. We have b(- I. hence the order of b,. is a divisor of p;' and i~ therefore of the form P; with () ~ s, ~ r,. On the other hand.h('= a:I!Jl:JI,and ~o the order of h, i~ 1';-. We: claim that the element h = hlh., ... bm has order II. Suppose. on the contrary. that the order of h is a proper divi~or of II2.Root~of lrn:dudblc Polynomials47and is therefore a divisor of at kast one of the m integers hip" I 2. hom Theorem 2.21 and the remarks following it, we know that tbe distinct automorphisms of F over K arc given by La. a',. . .,a m '. where e is the identity mapping on F, a( a) - a' for a Eo F. and a power a I refers to the j-fold composition of a with itself. Because of o(a t /3l ~ a(a)+ a(/3) and a(ca) = a(c)a(a) ~ car a) for a, /3 F F and CEo K, the mapping a may also be considered as a linear operator on the vector sptlce F over K. Since am = E, the polynomial x m - I c= K [xl annihilates a. Lemma 2.33, applied to e, a, a 2,. .. , am 'viewed as endomorphisms of P. shows that no nonzero polynomial in K[x] of degree less than m annihilates 0. Consequently, xf'l - I is the minimal polynomial for the linear operator a. Since the characteristic polynomial for a is a monic polynomial of degree m that is divisible by the minimal polynomial for a, it follows that the characteristic polynomial for a is also given by x m - 1. Lemma 2.34 implies thcn the existence of an element a E F such that a.a(a),a'(:..and b\ applying the trace function we get('~Trr;K(Ct:IOi)..;... ...+ CmTr,../K(a*1O':j) =0forl~j~m.linearly independent. it folio",' that ar~ linearly independent over K.Rut since the row vector:, of the determinant defining Ll OK (ol ..... a*1) are (I ~ . . . ~ c' n ~ O. Therefore. a l ... .. a .., CThere:.: is another determinant of order m that :-.erve:, the same purpose as the discriminant ,j,flK(Ct:I ..... Ct: m ). The e:.:ntries of this determinant arc. however. elements of the extension field F. For Ct:l ..... o m E F. let5~Structuft' (If !:'nill' hl..'ldsA he the m x In matrix. whose entry in the ith row and jth column i~ af-I, where q is the number of elements of K. If AT denotes the transpose of A. then a simple calculation shows that A 'A ~ R. where B is the m x m matrix whose entry in the ith row and jth column is TrF/K(aia J ). By taking determinants. we ohtain:>J/K(IX, ..... a n ,) ~ det(A)'.The following result is now implied by Theorem 2.37.Fq"'Ol,",2.38. Corollary. Let a, ....."m Fq if and only if a, al a,EFq.... Then {a, ..... a m} i, u hu,i, of am q amI(XiO.;I a,'"a~..Ci~;"From the criterion above we are led to a relatively simple way of checking whether a given element gives rise to a normal hasis. 2.39. Theorem. For 0: E IF({-. {a. all. Qq! .. alj~ '} is a normal ha.~is of F .. Olea F if and only if the polvnomials x m . I and ax m '+ :j 2 q ... ) ...., -1 aqx m -l- . . . . . . . . c/I X + a" in IF l/~,lx I arc rf:'la(iee~v prime.Proof When (Xl Corollary 2.3R becomesa q" a-lX,4 0':2 = 0. , ... a"l-a q" a q" .. aqa q '"the determinant10aqIa q" aqa q" aaq aq a q,"(2.6)a q'aaafter a suitable permutation of the rows. Now consider the resultant R(f. g) of the polynomials fix) ~ x m -I and g(x) - ax m '+ aqx m 2 + ... + a"m' \ "t' a'/"'- I of formal degree m resp. m - I. which is given hy a determinant of order 2m - I in accordance with Definition 1.93. In this determinant. add the (m + 1)st column to the first column, the (m + 2)nd column to the second column. and so on, finally adding the (2m - I)st column to the (m - I)st column. The resulting determinant factorizes into the determinant of the diagonal matrix of order m - I with entries - I along the main diagonal and the determinant in (2.6). Therefore. R(f. g) is. apart from the sign, equal to the determinant in (2.6). The statement of the theorem follows4. Routs of Unity and (v(:lotolnH.: Polynomiab59then from Corollary 2.38 and the fact that R(j.g) = 0 if and'only if f and g 0 are relatively prime.In connection with the preceding discussion. we mention without proof the following refinement of the normal basis theorem.2.40 Theorem. Fo,. any fillite ext elISion F of a jinite .field K there exists a normal hasis of F oz.;er K tllat consiSTS (?l primilive elements of f. 4. ROOTS OF (;!'IITY AND CYCI.OTO:vJ1C POI.YNOMIALSIn this section we investigate the splitting field of the polynomial x" - I over an arhitrary field K. where n is a positivc integer. At the same time we ohtain a generalization of the concept of a root of unity. well kno"n for complex numbers. 2.41. Delinition. Let 11 be a positive integer. The splitting field of x" - I over a field K is called the nIh cvclolomic field over K and denoted by K '" '. The roots of x" - 1 in K Ull are called the 11th roots of unit)' over K and the set of all these roob is denoted by F.(t/).1\ special case of this general definition is ohtained if K is the field of rational numbers. Then K (111 is a suhfidd of the field of complex numbers and the nth roots of unity have their known geometric interpretation as the vcrtices of a regular polyg~)fi with 1l vertices on the unit circle in the complex plane. For our purposes. the most important case is that of a finite field J(. The hasic properties of rooh of unity can. however. he established without using this restriction. The structure .of 1;.'.{nl .i~ determined hy the relation of 1l to the characteristic of K. as the following thcorem show:... When"we refer to the characteristic"p ~)f k in this discussion. we permit the case p = 0 a~ well.2.42. Theurem. llCTenstll' p. Then:(i)Lei n he u posilire inleger and K a field uf char-(ii)If P dues nor divide n. then 1:.'('1) is a cyclic group of order n with respect to multiplication in K llll . If P diridt!s n. ',1.rite n = mp" with positive i1llegers m and e and m not dieisihle hy p. Then K,t/} = K 1no Ern) = Elm,. and the roots of .\.n - I in KIn) art! the m elements of Elml. ellch a!1ained widE mulliplicily p".Proof (i) The case n = I is trivial. For n ~ 2. x" - I and its derivative nx') 1 hav~ no common roots. as nx n I only has the root 0 in KIn). Therefore. by Theorem 1.68. x" I cannot have multipic roots. and hence f;'"' has n clements. I'ow if t.~E fY'. then (t~ 1)"=t"(~")-1 =1. thus60Structure of Finill' Fil'kls1;1/ IE E lnl . It follows that 1::'"' is a multiplicative group. Let n ~ pi'p,'" .. p{' be the prime factor decomposition of n. Then one shows bythe same argument as in the proof of Theorem 2.8 that for each i, ) I and q ~ 2. This inequality is im.:ompatihlc with the~tatement6. Wedderhurn\ Theorem1>7that Q"(q) divides q - I. Hence we must have theorem is proved.II ~I and D = 7, and the 0Before we start with the second proof of Wedderburn's theorem, we establish some preparatory results. Let D be a finite division ring with center 7, and let F denote a maximal sllbfield of D; that is, F is a subfic1d of D such that thc only subfield of D containing F is F itself. Then F is an extcnsion of Z, for if there were an element: E Z with z ff- F, we could adjoin: to F and obtain a subfield of D properly containing F. from Theorem 2.10 we know that F ~ 7( 0, where ~ E F* is a root of a monic irreducible polynomial f E Z[xl. If we view D as a vector space over F, then for each a ED the assignment Ta ( d) ~ da for d E D defines a linear operator '1~ on this vector space. We consider now the linear operator 7i. If d is an eigenvector of T" then for some A E F* we have d~ = Ad. This implies d~d A and hence dF*d" ~ F*, thus dE N( F*), the normalizer of 1'* in the group D*. Conversely, if d E N( F*), then d~d '~A for some A E F*. and so d is an eigenvector of 7(. This proves the following result.'=2.56. Lemma. if dE N( 1'*).All elemenf dEOD* is1111eigmGector of 'Ii if alld olllyLet A be an eigenvalue of 7( with eigenvector d, then d~ ~ Ad. It follows that ~ df(O ~ f(A)d, hence A must he a root of f. If do is another eigenvector corresponding to the eigenvalue A, then dod 'Add o ' ~ A. and so the element b = dod ' commutes with A and, consequently, with every element of F~ 7(A). Let P be the set of all polynomial expressions in h with coefficients in F. Then it is easily checked that P forms a finite integral domain, and so P is a finite field by Theorem 1.31. But P contains F, and thus P ~ F by the maximality of F. In particular, we havc hE F, and since do ~ hd, we conclude that every eigenspace of T( has dimension 1. We use now the following result from linear algebra.2.57. Lemma. Let T be a linear operator on the finite-dimensional veCTOr space V OGer the field K. [hen V has a basis consisting of eigenGectors of T if and onlv if the minimal polynomial for [splits in K infO distincI monic linear factors.Since frO ~ 0, the polynomial f annihilates the linear operator T". Furthermore, f splits in F into distinct monic linear factors by Theorem 2.14. The minimal polynomial for T" dividesf, and so it also splits in F into distinct monic linear factors. It follows then from Lemma 2.57 that D has a basis as a vector space over' F consisting of eigenvectors of "It. Since every eigenspacc of T( has dimension 1. the dimension m of D ovcr F is equal to the number of distinct eigenvalues of T". Let ~ ~ ~" ~, ..... L bc thc distinct eigenvalues of 7( and let I ~ d" d" .... d m bc corresponding eigenvectors.Structure of }-in:tc FieldsBecause N( F*) is closed under multiplication. it follows from Lemma 2.56 that d,d i must correspond to an eigenvalue~,. say, and hence d,dJ~ ~~, d,dl' Using dJ~ ~ ~idi' we ohtain d'~J ~~, d,. or d/Jd, I.~ ~,. This shows that for eal:h i, 1 ~ i ~ m. the mapping that takes ~j to di~jdl I permutes th~ eigenvalues among themselves. Consequently, the coefficients of K(X) c. (x - ~,) ... (x - ~m) commute with the eigenvectors d" d, ... .,d m of T". Since the coefficients of K ohviously belong to F and thus commute with all the clements of F, they commute with all the elements of D. since these can he written as linear comhinations of d ,. d 2 , ... d.1I with coefficientt, in F. Thus the coefficients of g arc elements of the center 7. of D. Since g( ~) ~ O. Lemma 2.12 implies that / divides~. On the other hand. we have already observed that every eigenvalue of 1i must he a root of /. and so / ~ g. It follows thatl F: 7. J - lZ( 0: Zj ~ deg( j) ~ m. :"ow m is also the dimension of Dover F, and so the argument in the proof of Theorem I.X4 shows that D is of dimcnsion m~ over 7.. Since thc lattcr dimension is independ~nt of 1". we conclude that every maximal subfield of D ho> the same degree over L. We state this result in the following equivalent form.1.58.Lemma.All maximal suh/ield, a/ D hal'. Prove also that x' x +4 is irreducible over 0: 11 and show that If "Ix \/( x' + I) is isomorphic to If:dxll(x' , x +4). Show that the :-.um of all dements of a finite field is 0, except for IF l . I.et U, be elements of 0: r. n odd. Sbow tbat u' - ab + h" ~ 0 implies a ,. h ~ O. Determine all primitive clements of IF 7' Determine all primitive clements of 1F]7' Determine all primitive clements of IF'!. Write all elements of IF 25 as linear comhinations of hasis clements over 0:,. Then find a primitive clement fJ of 0:" and determine for each 0: E IF Ii the least nonnegative integer II such that a = If the elements of arc represented as powers of a fixed primitive element h 1 dinProof We apply the multiplicative case of the Moebius inversion formula to the multiplicative group G of nonzero rational functions over K. Let h(n) ~ Q"(x) and 1I(n) = x' - I for all n E N. Tben Theorem 2.45(i) shows that (3.6) is satisfied. and so (3.7) yields the desired result. 02.lrrl'uu~ihlcPolynomiabH53.28.Example.For fields K over which Q" is defined. we havcQ,,(x) ~n (X"/d .. I)"'dldl12 _~ (x" -I)"'(x' - 1)"'''(x 4I)"+x 1x4-X ll=X12+X+1.DAll monic irreducible polynomials in !'q[x] of degree n can be determined hy factoring I(q. n; x). for this purpose it is advantagcous to have I(q. n; x) availahle in a partially factored form. This is achicved by the following result. 3.31. we have Theorem. Let l(q.lI;x) he as1(". n;IIITheorem 3.29. Then for n > I(}.X)xl =nQm(xl.mPolynomiah ovcr Finite held!';where the product is extended over all positive divisors m of qn - I for which n is the multiplicative order of q modulo m, and where Qm(x) is the mth cyclotomic polynomial over IF q' Proof For n > I let S be the set of clements of IF q" that arc of degree n over IF q' Then every a E S has a minimal polynomial over IF q of degree n and is thus a root of I( q, n; x). On the other hand, if fJ is a root of I(q, n; x), then fJ is a root of some monic irreducible polynomial in IFqlx] of degree n, which implies that fJ E S. Therefore,I(q,n;x)~n (x-a).aE:SIf a E S, then a E IF;", and so the order of a in that multiplicative group is a divisor of q" - I. We note that y E IF;" is an element of a proper subfield IF q" of IF q" if and only if yq"~ y-that is, if and only if the order of y divides qd _ I. Thus. the order m of an element a of 8 must be such that n is the least positive integer with q" '" I mod m -that is, such that n is the multiplicative order of q modulo m. For a positive divisor m of qn - I with this property. let 8m be the set of elements of S of order m. Then S is the disjoint union of the subsets Sm' so that we can writel(q,n;x)=nm al'::Smn(x- a).Now Sm contains exactly all clements of IF;" of order m. In other words, 8m is the set of primitive mth roots of unity over IF q' From the definition of cyclotomic polynomials (sec Oefinition 2.44), it follows thatnaES",(x-a)~Qm(x).Dand so (3.8) is established.3.32. Example. We determine all (monic) irreducible polynomials in 1F,lx] of degree 4. The identity (3.8) yields 1(2,4; x) ~ Q,(x)Q,,(x). By Theorem 2.47(ii),Q,(x)~x'.;-x'+x'+x-rl is irreducible in 1F,lx]. By the same theorem, Q,,(x) factors into two irreducible polynomials in 1F,[x] of degree 4. Since Q,(x+I)=x'+xJ+I is irreducible in 1F,[x], this polynomial must divide Q,,(x), and soQ,,(x) =x'+x 7+x' +x + x' +x+ I = (x' +k' + I)(x'Therefore, the irreducible polynomials in 1F,[xj of degree 4 arc + x + I. x' + x) + 1. and x 4 + x + I.T X+ I). Dx'., x' + x'Irreducible polynomials often arise as minimal polynomials of elements of an extension field. Minimal polynomials were introduced in Definition 1.81 and their fundamental properties established in Theorem 1.82. With special reference to finite fields, we summarize now the most useful facts about minimal pOlynomials..\ Construt'tivn of Irn:ducib1c Polynomiab873.33. Theorem. LeI" be an elemen/ vf Ihe eXlension field IF q' vf IF q' Suppose (/WI Ihe degree of" ocer IF q is d and Ihal g E IFq[x] is Ihe minimal polYllomial oj " vver IF q' Then:(i) (ii) (iii)g is irreducible acer IF q and ils degree d divides m. A polynomial f ElF q[ x 1salisfies f (,,) = 0 if and only if g dividesj. If f is a monic irreducible polynomial in IF ,[x 1 wi/h f( ,,) = O. (hen j= g. (iv) g(x) divides X,d - x and x q ' - x. (v) The rool,' of g are ". ,,'... ",' " and g iI Ihe minimal polynomial acer IF, oj alllhese elemen/s. (vi) If" '" O. Ihen ord(g) is equal 10 Ihe vrder of" in Ihe mulliplica-tive group IF;",.(vii) g is a primilive polynomial over IF, if and only ij" is of order q d - I ' IF' In q""Proof (i) The first part follows from Theorem 1.82(i) and the second part from Theorem 1.86. (ii) This follows from Theorem 1.82(ii). (iii) This is an immediate consequence of (ii). (iv) This follows from (i) and Lemma 2.13. (v) The first part follows from (i) and Theorem 2.14 and the second part from (iii). (vi) Since" E IF;, and IF;, is a subgroup of IF;., the result is contained in Theorem 3.3. (vii) If g is primitive over IF" then ord(g) = qd -1, and SO" is of order qd - I in IF;., because of (vi). Conversely, if " is of order qd - I in IF;. and so in IF;d, then a is a primitive element of IF qd. and therefore g is primitive over IF, by Definition 3.15. 03. CONSTRUCTION OF IRREDUCIBLE POLYNOMIALSWe first deserihe a general principle of obtaining new irreducible polynomials from known ones. It depends on an auxiliary result from number theory. We recall that if n is a positive integer and the integer b is relatively prime to n. then the least positive integer k for which bk I mod n is called the multiplicalive order of b modulo n. We note that tbis multiplicative order divides any other positive integer h for which b h = I mod n.=3.34. Lemma. l.el s;" 2 and e ;" 2 be relalively prime inlegers and leI m be Ihe muiliplicalice order of s modulo e. LeI I;" 2 be an in/eger whose prime faclOrs divide e bUI not (sm - I)/e. Assume also Ihal sm I mod4 if I " 0 mod4. Then Ihe mulliplicalive order of s modulo et iI equal to mt.=PolXnomials over Finite FieldsI,Proof We proceed by induction on the number of prime factors of each counted with its multiplicity. First, let 1 bc a prime number. Writing d = (sm -I)/e, we have sm = I + de, and sos""=(I+de)'=1+( :)de+U)d'e'+'"+C~I)d'-'e''-rd'e'.In the last expression, each term except the first and the last is divisible by el because of a property of binomial coefficients noted in the proof of Theorem 1,46. Furthermore, the last term is divisible by el since 1 divides e. Therefore, sm, = I mod el, and so the multiplicative order k of s modulo el divides mI. Also, s' = I mod el implies s' = I mod e, and so k is divisible by m. Since I is a prime number, k can only be m or mI. If k = m, then sm = I mod el, hence de = omod el and I divides d, a contradiction, Thus we must have k = ml, I\ow suppose that 1 has at least two prime factors and write I = rio, where r is a prime factor of I. By what we have already shown, the multiplicative order of s modulo er is equal to mr. If we can prove that each prime factor of 10 divides er but not do = (sm, -I)/er, then the induction hypothesis applied to 10 yields that the multiplicative order of s modulo ert o = el is equal to mrt o = mi. Let ro be a prime factor of 10 , Since every prime factor of I divides e, it is trivial that ro divides er. We write again d=(sm-I)/e.Wehavesm'-I=c(sm-l)withe=sm" "+ .. , +sm+1. thus do = e(sm -Iller = ed/r. Furthermore, since sm = I mode and r divides e, we get sm=lmodr, and so e=r=Omodr, Thus e/r is an integer. Since ro docs not divide d, it suffices to demonstrate that ro docs not divide elr in order to prove that ro does not divide do = edlr. We notc that sm=lmodro, and so e=rmodro' If ro"'r, then elr=lmodro, thus ro does not divide elr. Now let ro = r, Then sm = I + brmod r 2 for some bE Z, hence sml = (I + br)1 = I + }brmod r' for all);> 0, and thus , e=r+br It follows thate r(r-I) -=I+b modr . r 2L, }=r+brr(r-I) 2 modr'.r OIf r is odd, then elr = I modr, so that ro = r does not divide elr. In the remaining case we have ro = r = 2. Thcn I = 0 mod 4, and so s m '" I mod 4 by hypothesis. Since e = sm + I in this case, we get e = 2 mod 4, and thus clr = cl2 = I mod2. It follows again that ro does not divide clr. 0 3.35, Theorem, LeI /,(.(e)/m hy the formula in Exercise 1.4. part (c), it follows that the number of monic irreducible polynomials in IF qlx] of degree ml and order el is also equal to N. Therefore. it remains to show that each of the polynomialsJ;(x'). I" j" N. is irreducible in IFq[x] and of order el. Since the roots of each !,(x) are primitive eth roots of unity over IFq by Theorem 3.3. it follows that !,(x) divides the cyclotomic polynomial Q,(x) over IF q. Then !,(x') divides Q,(x'). and repeated use of the property enunciated in Exercise 2.57. part (b), shows that Q,(x') ~ Q,,(x). Thus J;(x') divides Q,,(x). According to Theorem 2.47(ii). the degree of each irrcducible factor of Q,,(x) in IFq[x] is equal to the multiplicative order of q modulo el. which is mI. Since!,(x') has degree mI. it follows thatJ;(x') is irreducible in IFq[x]. Furthermore, since.!i(x') divides Q,,(x). the order of J;(x') is el. 03.36. Example. The irreducible polynomials in IF,lx] of degree 4 and order 15 are x 4 + x + I and x 4 + x 3 + I. Then the irreducible polynomials in 1F,[x] of degree 12 and order 45 are x" + x 3 + I and x" + x 9 + 1. The irreducible polynomials in 1F,[x] of degree 60 and order 225 are x 60 + XIS + I and x 60 + x., + I. The irreducible polynomials in 1F,[x] of degree 100 and order 375 are X'OO + x" + I and x"1O + x" + I. 0 The case in which I " Omod4 and qrn" - I mod 4 is not covered in Theorem 3.35. Here we must have q" - 1 mod4 and m odd. The result referring to this case is somewhat more complicated than Theorem 3.35.3.37. Theorem. /..el f,(x). f,(x), ... ,fN(x) be alllhe dislincl monic irreducible polynomials in IFq[x] of odd degree m and of order e. LeI q = 2"u - I. I ~ 2bc wilh a, b ~ 2. where u and v are odd and all prime factors of I divide e hUI nOI (qrn - l)j e. LeI k be the smaller of a and b. Then each of Ihe polynomials J; (x') faclors as a producl of 2 k -, monic irreducible polynomials g,,(x) in IFq[x] of degree ml2' - '. The 2 k -'N polynomials g,/x) are alllhe dislincl monic irreducible polynomials in IFq[x] of degree mt2' k and order et. Proof If v ~ 3. then Theorem 3.35 implies that f,(x"). f,(x V ) . . . . , fN(x") are all the distinct monic irreducible polynomials in IFq[x] of odd degree mv and of order ev. Thus we will be done once the special case I = 2 h is settled. Let now 1= 2b and note that as in the proof of Theorcm 3.35 we obtain that m is the multiplicative order of q modulo e, N = >(e)/m. andYOPolynomial!:. over Finite Fieldseachfj(x') divides Q,,(x). By Theorem 2.47(ii), Q,.,(x) factors into distinct monic irreducible polynomials in 8'q[x] of degree d, where d is the multiplicative order of q modulo el. Since qd" I mod el, we have qd" I mod e, and so m divides d. Consider first the case a", h. Then q2m - I = (qm _I)(qm + I), and the first factor is divisible bye, whereas the second factor is divisible by I since q" - I mod2" implies q" - I mod I, and thus qm" (_ I)m" - I mod I. Altogether, we get q'm" I mod el, and so d can only be m or 1m. If d ~ m, then qm" I mod el, hence qm" 1mod I, a contradiction. Thus d = 1m = m2 h - ' . , since k ~ b in this case. Now consider the case a < b. We prove hy induction on h thatqm2'" I +.w2 a"h modl a"h" where w is odd. For h = 1 we get q2m = (la u _ I )2m =l-l a+'um+ 2mfor all hEN,(3.9)L.(2;')(_1},m.nlnaun"l+w2a"modla'2n' 2with w = - urn. If (3.9) is shown for some hEN, thenhqm2 =I + w2 ai h + C2 u - hiIfor some (' E lL.It follows thatand so the proof of (3.9) is complete. Applying (3.9) with h ~ b - a + I. we get qm2 b ,,~I =. ] mod 2b .... I. Furthermore, qrn.= 1mod e implies qm2 b 01 == 1mod e, and so qm2' 0"" I mod L. whcre L is the least common multiple of and e. Now e is even since all prime factors of 1 divide e, but also e"$ Omod4 since qm" 1mod e and qrn " - I mod4. Thcrefore, L ~ el b ~ el, and thus qm2' 0"" 1mod e1. On the other hand, using (3.9) with h = h - a we get1""'qm2'0" I + w2 b '" I mod2 h ''.which implies qm2' 0", 1mod el. Consequently, we must have d ~ ml b - a ' , = ml b k+' since k = a in this case. Therefore, the formula d ~ ml b , . , = mlll - k is valid in both cases. Since Q,,(x) factors into distinct monic irreducible polynomials in IFq [x] of degree mIl' -k, each Jj(x') factors into such polynomials. By comparing degrecs, the number of factors is found to be 1" '. Since each irreducihle factor g,/x) of Jj(x') divides Q,,(x), each g'l(x) is of order el. The various polynomials g,/x), I.; i.; 2' " I.;).; N, are distinct, for otherwise one such polynomial, say g(x). would dividcf,,(x') andf,,(x') for )1'" )2' and then any root (3 of g(x) would lead to a common root (3' of Jj-,( x) and Jj,( x). a contradiction. By Theorcm 3.5. the number of monic3. Construuion of Irreducible Polynomiah91irreducible polynomials in IF qlx I of degree m12 1 - k and order el is >(el)/mI21 = 2' I",(et)/ml = 2k I",(e)/m ~ 2 k - IN. and so the gi/X) .-' yield all such polynomials. D We will show how. from a given irreducible polynomial of order e. all the irreducible polynomials whose orders divide e may be obtained. Since in all cases g(x) ~ x will be among the laller polynomials, we only consider polynomials g with g(O) "" O. Let f be a monic irreducible polynomial in IF ql x] of degree m and order e and with f(O) "" O. Let lX E IFq" be a root of f, and for every I E 1'\1 let g, E IFql x] be the minimal polynomial of lX' over IF q' Let T~ (II' 1" .... 1.) be a set of positive integers such that for each IE 1'\1 there ex.ists a uniquely determined I, I" I" n. with I'" I,qbmod e for some integer b:;, O. Such a set T can. for instance, be constructed as follows. Put 1 1 =1 and. when 11.1, ..... 1;_1 have been constructed. let Ij be the least positive integer such that Ij '" I,qbmod e for 1" I < j and all integers h:;, O. This procedure stops after finitely many steps. With the notation introduced above. we have then the following general result.3.38. Theorem. The polynomials g", g" .... ,g" are all Ihe dlsllncl monic IrredUcible polynomials in IFqlx] whose orders divide e and whose constant terms are nonzero. Proof Each g" is monic and irreducible in IFqlx] by definition and satisfies g, (0) "" O. Furthermore. since g, has the root lX" whose order in the group 1F;;divides the order of lX, it foll~ws from Theorem 3.3 that ord(g,) divides e. Let g be an arbitrary monic irreducible polynomial in IFqlx] of order d dividing e and with g(O) "" O. If /3 is a root of g. then /3d ~ I implies /3' = 1. and so /3 is an eth root of unity over IFq' Since a is a primitive eth root of unity over IF q' it follows from Theorem 2.42(i) that /3 ~ lX' for some IE 1'\1. Then the definiti0n of the set T implies that I'" liqbmod e for some I. I" i.;; n. and some b:;, O. Hence /3 = a' = (a,,)q', and so /3 is a root of g, because of Theorem 2.14. Since g is the minimal polynomial of /3 over IFq' it follows from Theorem 3.33(iii) that g = g, .. It remains to show that the polyn~mials g,. I.;; I "n, are distinct. Suppose g, = g, for i"" j. Then a" and ,,'j are roots of g,. and so a', ~ (a")"" for ~ome b:;, O. This implies I; '" I,qbmod e. but sin~e we also have I, '" l,qOmod e, we obtain a contradiction to the definition of the set T.DThe minimal polynomial g, of a' E IF q" over IF q is usually calculated by means of the characteristic polynomial f, of a' E IF q" over IFq' From the discussion following Definition 2.22 we know that f, = where r ~ m / k and k is the degree of g,. Since g, is irreducible in IFq[x]. k is the multiplicative order of q modulo d = ord(g,). and d is equal to the order ofgr.92Polynomials over Finite Fieldsa' in the group IF;"" which is e/gcd(t, e) by Theorem 1.l5(ii), Therefore d, and so k and r, can be determined easily. Several methods are known for calculating!,. One of them is based on a useful relationship between!, and the given polynomial f.3.39, Theorem, Let J he a monic irreducihle polynomial in IFq[x] oj degree m. Let a E IF q" he a root oj J, and Jor tEN let!, be the characteristic polynomial oj a' E IF q" over IF q' Then,!,(x')=(-l)ml'+l)nJ(w;x),1-"'1where WI".' \ Wt are the [th roots of unity over IF q counted according to multiplicity.Proof Let a = a" a, ,, .. ,am be al1 the roots of f. Then a:, are the roots of!, counted according to multiplicity. Thus !,(x')=a~, .. .,a~i-'-l'" n (x' -a:)/"'-1 J=l='" , n n (x-a,w '" , n n wJ(w= 1j )=j'x-a,).I ..... ] }A comparison of coefficients in the identityx' -I=n (x - w)1-'-1shows that,nw;=(-I)"',/=1and soJ,(x')=(_1)"'1'-1), '" n n (W;-'x - a,)I~= ( -I) ml' -I)sincen J( W 'x) = ( - I)I = IJ,1i = 1ml' I)n J( w;x)J= 1q',w,'" .. ,"',- , run exactly through alit th roots of unity over IF403.40. Example. Consider the irreducihle polynomial J(x) = x + X + I in 1F,[x]. To ealculateJ,. we note that the third roots of unity over IF, are I, w.J. Construction of Irreduc:iblc Polynomial!:.0.1and (.,i. where w is a root of x 2 + x + 1 in IF 4' Thenfl(X l ) = (-I)'6 f (x)f(wx)f(w'x)=(x 4 + X + l)(wx 4 + wx+ 1)(w'x 4 + w2 x + I)= X 12 + x 9 + X O + x 3 + I, 4 + xl + x' + x + 1. so thatf)(x) = xoAnother method of calculating I, is hased on matrix theory. Let fIx) ~ x m - am ,x m ' - ... - a,x - a o and let A be the companion matrix of f. which is defined to be the m X m matrix(o1A=000Io o oam'Io0Then f is the characteristic polynomial of A in the sense of linear algehra: that is. f( x ) ~ det( x I - A) with I being the m X m identity matrix over IF q' For each tEN, I, is the characteristic polynomial of A', the Ith power of A. Thus, by calculating the powers of A one ohtains the polynomials 1,.3,4 1. Example. It is of interest to determine which polynomials I, are irreducible in IFq[x]. From the discussion prior to Theorem 3.39 it follows immediately that I, is irreducible in IFq[x] if and only if k ~ m, that is. if and only if m is the multiplicative order of q modulo d ~ e/gcd(l, e). Consider. for instance. the case q ~ 2, m = 6. e ~ 63. Since the multiplicative order of q modulo a divisor of e must be a divisor of m. the only possibilities for the multiplicative order apart from mare k ~ 1.2.3. Then q' - I = I, 3. 7. and q'" I mod d is only possible when d ~ 1.3.7. Thus I, is reducible in 1F,[x] precisely if gcd(l,63) ~ 9.21,63. Since it suffices to consider values of t with 1 over IF;! are:{I(I0: I:~g,(x)~x. g,(x)~x+1.fl0:the Jistinet conjugates of 0 with respect to IF, are 0,0',0 4 ,0'. and the minimal polynomial isg,(x)=(x-O)(x-0')(x-0 4 )(x-0')fl~ 0':+ 1. The di'tinct conjugates of 0' with re'pect to IF, are 0'.0'.0 1',0 240 0'. anJ the minimal polynomial isX= x4 +g4(X) = (x - O')(x - 06)(X - 8')(x - 8 1' ){3~8':x 2 -:- x + 1. Since fJ4 ~ {3. the Jistinct conjugates of this clemcnt with respect to IF, arc 0'. 8 10 and the minimal polynomial is-= x4 + X 1g, (x) ~ (x - 8')( x - 8 10 ) ~ x' + x + I./i0':The distinct conjugates of 8 7 with respect to IF, arc 0",0'4, 0" ~ 0\.'. 8" ~ 8 11 , and the minimal polynomial isg, ( , )(x -0 7 )(.\l-8 '1 )( X-8 13 )( X-8 14 )=x 4 _x +l.96Polynomial~ overFinitehcld~These elements, together with their conjugates with respect to IF ,. exhaustiF ](>.LJI\n important problem is that of the rJelermil1alion of primitive polynomials. Onc approach is hased on the fact that the product of all primitive polynomials over IF q of degree m is equal to the cyclotomic polynomial Q, with e ~ qm - I (sec Theorem 2.47(ii) and Excreise 3.42). Thcrcfore. all primitive polynomials over IF q of dcgree m can he determined by applying one of the factorization algorithms in Chapter 4 to the cyclotomic polynomial Q,. Another method dcpends on constructing a primitive clement of IF q" and then determining the minimal polynomial of this clement ovcr IF q by the mcthods described above. To find a primitive element of IF q_' one sturts from the order qm - I of such an element in thc group IF:., and factors it in the form qm -I ~ h, ... h" where the positive integers h, .... ,h, arc pairwise relatively prime. If for each i. I ~ i ~ k. one can find an element XI E IF;~. of order hi' then the product 0: 1'" a" has order qm -1 and is thus a primitive element of IF ~I.3.44. Example. We determine a primitive polynomial over IF, of degree 4. Since 34 , I ~ 165. we first construct two clements of IF 8' of order 16 and 5, respectively. The elements of order 16 arc the roots of the cyclotomic polynomial Q,,(x) ~ x' - IE 1F,,[x]. Since the multiplicative order of 3 modulo 16 is 4, Q" factors into two monic irreducible polynomials in 1F,[x] of degree 4, :-.Jowx' + I = (x 4 - I)' ., x 4~(x4-I+x')(x4- I-x'),and so I(x) = x 4 - x' - I is irredueihle over IF] and with a root 0 of I we have IF,\ ~IF](O). Furthermore, 0 is an element of IF 8' of order 16. To find an elemcnt a of order 5, we write a ~ a _ bO + cO' + dO] with a, h, c, d ElF], and since we must have a lO = I, we getI ~ a'a= (a+ hO' + cO" + dO")(a + hO + cO' + dO])~ (a - bO + cO' - dO])(a + bO+ cO' + dO')-~ (a=+ CO,)2 _ (bO + dOl)' ~ a' + (2ac - h2 )0 2 + (c' - 2bd) 0 4d'Oa' + c' - d' + bd + (c' + d 2 - b' - ac + hd )0 2A comparison of coefficients yieldsa' + (', - d' + hd ~ 1. c 2 + d 2 - h' - ac + hd = O. Setting a ~ d = O. we get h' = c' ~ I. Take b ~ c ~ I. and then it is easily checked that a ~ 0 + 0' has order 5. Therefore. t ~ Oa ~ 0' - 0] has order 80 and is thus a primitive clement of IF". The minimal polynomial Ii of t3.Con~tructjollof I rrcducihlc Polynomials97over IF] isg(x) ~(x - n(x _;-3)(X -;-')(x _;-27)0' - 03)(x-1 +0 + O')(x- 0' + O')(x -1- + 0')~ (x -and we have thus obtained a primitive polynomial over 1F 3 of degree 4.03.45. Example. We determine a primitive polynomial over IF, of degree 6. Since 26 -1 ~ 97. we first construct two elements of IF:, of ordcr 9 and 7. respectively. The multiplicative ordcr of 2 modulo 9 is 6, and so the cyclotomic polynomial Q,(x) ~ x' + X 3 + I is irreducible over IF,. A root of Q, has order 9 and 1F6,=IF,(0). An element "elF'::' of order 7 satisfies a H = a, thus writing a = L;.. . oa I 8' with OJ E 1F 2 , 0 ~ i ~ 5, we get5 L 0,0' ~ (5 L/=0 /= 00;0;)85=,L0 i 8R1+ 0,0' + 0,07 + 0306 + 0,0 5 + 05' + 03 + 0,0 + 0,0' + 0 30 3 + (a, + 05)0' + (a, + a,)OS,~ au ~ 00and a comparison of coefficients yields a, ~ 0, a, = a" a, = a, + a,. Choose aO~aJ=a,~0,a,~a,=a5=1, so that ",~O+O'+O' is an clement of order 7. Thus, ;- = 0", ~ 1 + 0' is a primitiVe element of IF... Then ;-' = I + 0',;-3 ~ 0' + 0' + 0',;-' ~ I + 0' + 0 5,;-5 ~ I + + 0',;-6 = 1 + 0' + oj + 0' + 0' An application of the method in Example 3.42 yields thc minimal polynomial g(x) = x 6 + x' + x' + x + I of ;- over IF, and thus a primitive polynomial over IF, of degree 6. 0If a primitivc polynomial g over IF q of dcgree m is known, all other such primitive polynomials can be obtained by considering a root of g in IF q' and detcrmining the minimal polynomials over IF q of all c1cmcnts 0', where I runs through all positive integers,;;; qm - I that are relatively prime to qm - 1. The calculation of these minimal polynomials is carried out by the methods described earlicr in this section. It is useful to be able to decide whcther an irreduciblc polynomial over a finite field remains irreducible over a ccrtain finite extension ficld. The following results address themselves to this question.3.46. Theorem. I.el f be an irreducible polynomial over IFq of degree n and leI keN. fhen f facrors into d irreducible polynomials in IFq.[x] of Ihe same degree n / d, where d ~ gcd( k, n ).Polynomials over Finite FieldsProof Since the case frO) ~ 0 is trivial, we can assume frO) ~ o. Let g be an irreducihle factor of fin 0' q' rx]. If ord(f) ~ e. then also ord( g) ~ e hy Theorem 3.3 since the roots of Ii are also roots of f. By Theorem 3.5 the multiplicative ordcr of q modulo e is Ii and the degree of g is equal to the multiplicative order of q' modulo e. Thc powers ql, j ~ 0, I, ... ,considered modulo e, form a cyclic group of order Ii. Thus it follows from Theorem 1.15(ii) that the multiplicative order of q' modulo e is Ii/d, and so the degree of Ii is n! d. 0 3.47. Corollary. An irreducihle po!vnomial over 0' q of deliree remains irreducihle ocer IF I is 5ymbolically irreducihle over Fq if the only symbolic decompositions 1.( x) = I.,(x) L,( x) with q-polynomials L, (x), 1.,( x) over F" arc those for which one of the factors has degree I. A symbolically irreducihle polynomial is always reducihle in the ordinary sense since any linearized polynomial of degree > I has the nontrivial factor x. By using l.emma 3.59, one shows immediately that the q-polynomial L(x) is symholically irreducible over Fq if and only if its conventional q-a'Sociate I(x) is irreducible over Fq' hery q-polynomial L(x) over F q of degree> I has a symbolic !aclorizalion into symholically irreducible polynomials over F q and this factorization is essentially unique, in the sense that all other symholic factorilations arc obtained by rearranging factors and by multiplying fac-tors by nonzero clements of IF q" Using the:corrcspond~ncebetween lin-earized polynomials and their conventional q-associatcs. DOl: sees that the symholic factorization of I.(x) is obtained by writing down the canonical factorization in !' "Ix J of its conventional q-associate I( x) and then turningtolineari7.ed q-associatcs.3.64. Example. Consider the 2-polynomial L(x) ~ x"" x' x' + x over !F:. Its of I.(x). thenL(x)~fi (-n,'vi(x-/3)'"~for some nonnegative integer k. Since MI.(x)" ."(/I": /I toM). we ohtainIIfir11(x'-!3")"' ~nf1~'Af(x'-IJ}'I' ~ I,(x"),110Polynomials over hnit(' FieldsIfL(x) ~L1=0na,xq'.thenLi=Onaixq''~l.(x)q~L(xq)~IL0E:na,x q"so that for 0 ~ i:E; n we have a? = q-polynomial over I' q'(Xland thus(XIIF q" Therefore, /J(x) is a DAny q-polynomial over I' q of degree q is symholieally irreducible over I' q' for q-polynomials of degree > q, the notion of q-modulus can be used to characterize symbolically irreducible polynomials.3.66. Theorem. The q-polynomial L (x) over I' q of def!,Yee > q is symholically irreducible over I' q if and only if I. (x) has simple roots and the q-modulus M consisting of the roots of L(x) contains no q-modulus olher than (OJ and M itself. Proof Suppose l.(x) is symbolically irreducible over ff'q. If L(x) had multiple roots, Ihen Theorem 3.65 would imply that we could write l.(x)~ L,(x)q with a q-polynomial L,(x) over ff'q of degree> I. But then l.(x) . xqL,(x). a contradiction to the symbolic irreducibility of l.(x). Thus l.(x) has only simple roots. Furthermore, if N is a q-modulus contained in M, then Theorem 3.65 shows that 1.,(x)~II#, N(X-f3) is a q-polynomial over ~ q' Since l.,.(x) divides L(x) in the ordinary sense, it symbolically divides L(x) by Theorem 3.62. But L(x) is symbolically irreducible over I'q' and so deg( L,( x must be either I or deg( L(x)); that is, N is either (OJ or M. To prove the sufficiency of the condition. suppose that L(x) = L,(x) I.,(x) is a symbolic decomposition with q-polynomials L,(x). L,(x) over ~ q' Then l.,(x) symholically divides L(x). and so it divides l.(x) in the ordinary sense by Theorem 3.62. It follows that L,(x) has simple roots and that the q-modulus N consisting of the roots of L,(x) is contained in M. Consequently, N is either (OJ or M. and so deg(l.,(x) is either I or deg(L(x)). Thus, either l.,(x) or l.,(x) is of degree I. which means that L(x) is symbolically irreducible over ff'q. D.~.67. Definition. Let L( x) be a nonzero q-polynomial over I' q"' A root l of L(x) is tailed a q-primi(ir~e root over IF t(" if it is not a root of any noo7cro q-polynomial over i'" of lower degree.Tbis concept may also be viewed as follows. Let g(x) be the minimal polynomial of Z; ovcr 1'." Then Z; is a q-primitive root of l.(x) over ff'q_ if4. I ,incaril.cd PolynomiabIIIand only if g(x) divides L(x) and g(x) docs not divide any nonzero q-polynomial over I' q. of lower degree. Given an elementl' of a finite extension field of I' q"" one can always find a nonzero q-polynomial over I' q. for which l' is a q-primitive root over I'q"" To sce this. we procced as in the construction of an affine multiple. Lct g(x) bc the minimal polynomial of l' over I'q let n be the degree of g(x). and calculate for i ~ O.I ..... n the unique polynomial r,(x) of degree ~ n-I with x q ' = r,(x) mod g(x). Then determine elements a, E I' q.' not all O. such that [7-0 a,r,(x) ~ O. This involves n conditions concerning thc vanishing of the coefficients of Xl. 0 ~ j ~ n -I. and thus leads to a homogeneous system of n linear equations for the n + 1 unknowns aD_ a l .. ll:n' Such a system always has a nontrivial solution. and with such a solution we gctL(x)~L/"" 0na,x q '=Li=Ona,r,(x)=Omodg(x).so that l.(x) is a nonzero q-polynomial ovcr I'q_ divisible by g(x). By choosing the ", in such a way that L(x) is monic and of the lowest possible degree. one finds that l' is a q-primitive root of L(x) over 1'. It is easily seen that this monic q-polynomial l.(x) over I'q. of Icast positive degree that is divisible by g(x) is uniquely determined; it is called the minimal q-polynomial of l' over I' qm.3.68. Theorem. l.ell' be an element of a finile eXlellsion field of 1'". and leI M(x) be its minimal q-po(ynomial ocer I'q-. Then a q-polyllomial K(x) DCer I'q"' has l' as a root if and only if K(x) ~ L(x)0M(x) for some q-polynomial L(x) over I'q . In particular. for Ihe case m ~ I Ihis means Ihal K(x) has l' as a rOOI if and only if K(x) is symbolically dicisihle hy M(x). Proof If K(x) = L(x)0M(x) that K(l') ~ O. Convcrscly. let~L(M(x. it follows immediatelyM(x) =, LJ=OYjX q ,with Y, = Iand supposeK (x) ~Lh""'O"hXq'with r :;,Ihas l' as a roo!. Put s ~ r -Iand Y,=0 for j < O. and consider the followir.g112Polynomiab over Finite rieldssystem of s+Ilinear equations in the s + I unknowns {3o'{3" .... {3,:{3u+Ylq-tf3l+yl2f32+'"PI+y,q'sqf3~=o," +q' " v1,-]""2+... + vIt' 5 t tPj - U (- t ,,-" q' '" . , + y,-,f3s =OrIt i' clear that this system has a unique solution involving elements (3o,{3" ... ,{3,oflF q _. WithL(x)~ 'L{3,x q, 0andR(x)=K(x)-I.(M(x))we get="- 0hX h..,.U"q"" "" Y,q' q'""- P, ",-0 J-O Xh=Ut (Uh-t y:~,{3,')Xq,1-'-0It follows from the system ahove that R( x) has degree < q'. But since R(I;) ~ K(I;) - 1.( M(~)) ~ 0, the definition of M(x) implie, that R(x) i' the zero polynomial. Therefore, we have K(x) ~ L( M(x)) ~ L(x)M(x). LJWe consider now the problem of determining the number Nl. of q-primitive roots over IF q of a nonzero q-polynomial/.(x) over IF q If L(x) has multiple root', then by Theorem 3.65 we can write L(x) ~ L,(x)q with a q-polynomial/.,(x) over IF q Since every root of L(x) is then also a root of L,(x), we have Nl. ~ O. Thus we can assume that L(x) has only simple roots. If I.(x) has degree I, it is obviou, that NJ ~ L If L(x) has degree qn > I and is monic (without loss of generality), letL(x) ~ L,(x)'"\ "vL,(x) ... I.,(x) L,(x)-' '-y-"-----'e,be the symbolic factorization of L(x) with distinct monic symbolically,, ,"I ,113 ,.,irrcducible polynomials L,(x) over IF q' We obtain Nl. by subtracting from th~ .. total number q" of roots the numbcr of roots of L(x) that are already roots' .. of somc nonzero q-polynomial over IFq of degree < q", If I is a root of I,(x) of thc lattcr kind and M(x) is the minimal q-polynomial of lover IF q then deg(M(x)) < q" and M(x) symbolically divides L(x) by Theorem 3,68. It follows that M(x) symbolically divides one of the polynomials K,(x). I,,; i,,; r. obtaincd from the symbolic factorization of L(x) by omitting thc symbolic factor I,,(x). in which case K,(n ~ 0 by Theorem 3.68. Since every root of K,(x) is automatically a root of L(x). it follows that NL is qn minus the number of I that arc roots of somc K,(x). If qn, is the degree of L,(x). tben the degree. and thus tbe number of roots. of K,(x) is qn n,. If i ,..... i, are distinct subscripts. then thc numbcr of common roots of K, ,(x)..... K,(x) is equal to the degree of the greatest common divisor. , which is thc same as the degree of the greatcst common symbolic divisor (see the discussion following Example 3.64). Using symbolic factorizations. one finds that this degree is equal toqll11" .. -11,Altogether. the inclusion-cxclusion principle of combinatorics yiclds,N,.=ql1_ Lql1 11,+1.,..,1 1~IL< J"" rqn 11, I1,T ... +{_l)rqn-nl "'-11,=qn(I_q-n') .. (I_q-n,).This exprcssion can also bc interpreted in a different way. Let l(x) be the conventional q-associate of L(x). Thenl(x) = l,(x)" l,(x)e.is the canonical factorization of l(x) in IFqlx]. where l,(x) is the conventional q-associate of L,(x). Wc dcfinc an analog of Euler's -function (see Exercise 1.4) for nonzero f E IF qlx 1by letting q(j(x)) ~ /fl denote the number of polynomials in IF ql x 1 that are of smaller degree than f as well as rclatively prime to f. The following rcsult will thcn imply the identity N L ~ q(l(x)) for thc casc undcr considcration.3.69. Lemma. The function q defined for nonzero polynomials inIF q[ x 1has the following properties: (i)(ii)(iii)q(j) = I if dcg(j) = 0: q(jg) ~ /flq( g) wheneGer f and g are relatiGely prime: if deg(j) ~ n.", 1. then q(f) = qn(l_ q-n,)." (1_ q-n,). where the n, are the degrees of the distinct monic irreducible polynomials appearing in the canonical factorization off in IF qlx].114Polynomials over Finite FieldsProof Property (i) is trivial. For property (ii). lot q(j) ~ sand q(g) ~ I, and let f, .... .[, resp. g, ... ,g, be the polynomials counted by /f) resp. q,q(g). [f h E IFqlx] is a polynomial with deg(h)" deg(jl() and gcd(jl(,h)~I. then gcd(j,h)~gcd(l(.h)=I. and so h=[,modf. h= I(jmod I( for a unique ordered pair (i. j) with [" i "s, [" j " I. On the other hand, given an ordered pair (i, j). the Chinese remainder theorem for IFq[x] (see Exercise 1.37) shows that there exists a unique hE IFq[x] with h [,mod f. h gjmod g, and deg(h) " deg(jl(). This h satisfies gcd(j, h) ~ gcd(l(. h) = I. and so gcd(jl(. h) = I. Therefore. there is a one-to-one correspondence hetween the sl ordered pairs (i, j) and the polynomials hElFq[x] with deg(h)q(jg) ~ sl ~ q(f)q(I(). For an irreducible polynomia[ b in IFq[x] of degree m and a positive integer e. we can cakulate q(b') directly. The polynomials h ElF q[x] with deg(h) < deg(h') ~ em that are not relatively prime to h' are exactly those divisible by b, and they are thus of the form h = I(b with dcg(I() < em - m. Since there are q,m-m different choices for g. we get q(b') = q,m _ q,m m = q,m( I - q m). Property (iii) follows now from property (ii). D==3.70, Theorem, LeI L (x) be a nonzero q-polynomial ocer IF q with conventional q-associale I(x). Then Ihe numher NL of q-primilive rools of I.(x) over IF q is given by NL ~ 0 if L(x) has multiple roots and by N I, = "'q(f(x if L(x) has simple rOOls.Proof~.This follows from Lemma 3.69 and the discussion preceding D3.71. Corollary. Every nonzero q-polynomial over IF q wilh "imple rooa has at least one q-primililJe root over IF q"Earlier in this section we introduced the notion of a q-modu[us. The results about q-primitive roots can be used to construct a special type of basis for a q-modulus.3,72. Theorem. Let M be a q-modulus of di,!,ensio~ ":' '" I over IFq Then Ihere exiSlS an element I: E M such thaI {1:.l:q.l:q ,. .. I:q ) is a basis of M ocer IF q"Proof According to Theorem 3.65. L(x) ~ np , M(X - (3) is a qpolynomial over IF q By Corollary 3.7[, L(x) has a q-primitive root I: over IF q Then 1:,l:q.I: I and the hypothesis about this binomial, it follows that y is not an element of I'q' and so there exists a root a of fIx) that is not an element of IF q Then a q ~ a is also a root of fix) and, by what we have already shown, a' - a is a root of the irreducible polynomial X,-l - a over 1'" so that [l'q(aq-a):lFq]=r-\' Since IFq(a'-a)~IF' 2, this is only possible if m ~ r - \. Thus the minimal polynomial of a over IF, is an irrcducible polynomial ovcr IF q of degree r -I that dividesf(x). The result follows now immcdiately. D~Binomial!;, and Trinomials1~1In the special case of prime fields, one can eharacteri7.c the primitivc polynomials among trinomials of a certain kind.J,84, Theorem, For a prime p, the trinomial x P - x - a to IF x Jis arrprimitive po~vllomial over IFp if and only if a is a primitive element of IFp andord(xP-x-I)~(pP-I)/(p-I).Proof Suppose first that [(x) ~ x P - x - a is a primitive polynomial over IFp Then a must be a primitive clement of IFp because of Theorem 3.18. If f3 is a root of g(x) ~ x P - x - I in somc extension field of IFp' theno ~ ag(f3) ~ a({3P -f3 -I) = a P - af3 - a ~ [(af3). f3Pand so af3 is a root of [( x). Conscquently, we have {3' '" I for 0 < r < (pP-I)/(p-I), for othcrwise ,,'(P t'~1 with O k '" I is given by0/ thetrinomial x' + ax' + bED(x'+ax'+b)=(-I)"'-I)/2 b'-1 '(nNb N- K _( -I)N(n _ k)N- KeaN)d, where d = ged(n. k), N~nld, K = kid.EXERCISES3.1. 3.2. 3,3. 3.4.Determine the order of the polynomial (x 2 + x + 1)5(x' + Xover 0=2'+ I)",. ord(f) for all monic irreducible polynomials/in ",Ix] of DetermineDetermine the order of the polynomial x' - x + x 4-x2+ x overdegree 3. Prove that the polynomial x 8 + x' + x' + x + I is irredueihle over" 2 and determine its order. 3.5. Let / E "qlx] be a polynomial of degree m '" I with /(0) = 0 and suppose that the roots "I'" .,"m of / in the splitting field of / over I' q arc all simple. Prove that ord(f) is equal to the least positive integer e such that af = I for 1 :!S; i ~ m. 3.6. Prove that ord(Q,)= e for all e for which the cyclotomic polynomial Q, E "qlx] is defined. 3.7. Let / be irredueihle over"q with /(0) = O. for e E N relatively prime to q, prove that ord(f) ~ e if and only if / divides the cyclotomic polynomial Q" 3.8. Let / E "qlx] be as in Exercise 3,5 and let bEN. find a general formula showing the relationship between ord(fh) and ord(f). 3.9. Let f q be a finite field of characteristic p, and let / E fqlxl he a1233.10.3.11.3.12. 3.13.3.14. 3.15.3.16. 3.17. 3.18. 3.19.3.20. 3.21.3.22.polynomial of positive degree with/(O) * O. Prove that ord(j(x P )) = p ord(j( x)). Let I be an irreducible polynomial in IF qlx] with 1(0) * 0 and ord(j) = e. and let r be a prime not dividing q. Prove: (i) if r divides e. then every irreducible factor of I(x') in IFqlx] has order er; (ii) if r does not divide e. then one irreducible factor of I(x') in IFqlx] has ordcr e and the other faclOrs have ordcr er. Deduce from Exercise 3.10 that if I E IF qlx] is a polynomial of positive degree with 1(0) =O. and if r is a prime not dividing q. then ord(j(x')) = rord(j(x)). Prove that the reciprocal polynomial of an irreducible polynomial I over IF q with 1(0) * 0 is again irreducihle over IF q' A nonzero polynomial I E IF qlx] is called sell-reciprocal if 1= 1*. Prove that if I = gh. whcre g and h are irreducible in IFq[x] and I is self-reciprocal. thcn cithcr (i) h* = ag with a E IF;; or (ii) g* = bg, h* = hh with b = :!: 1. Prove: if I is a self-reciprocal irreducible polynomial in IFqlx] of degree m > I. then m must be even. Prove: if I is a self-reciprocal irredueihle polynomial in IF ql x] of degree> 1 and of order e, then every irreducible polynomial in IFqlxl of degree> 1 whose order divides e is self-reciprocal. Show that x' + x' + x' + x + I is a primitive polynomial over IF,. Show that x' + x' + x' -;- x + I is a primitive polynomial over IF,. Show that x' -x+ 1 is a primitive polynomial over IF,. Let I E IF ql x] be monic of degree m ;, 1. Prove that I is primitive over IF q if and only if I is an irredueihle faclOr over IF q of the cyciOiomic polynomial Qd E IFqlx] with d = qm - I. Determine the number of primitive polynomials over IF" of degree m. If mEN is not a prime. prove that not every monic irreducible polynomial over IF q of degree m can he a primitive polynomial over IF q' If m is a prime. prove that all monic irreducible polynomials over IF q of degree m are primitive over IF q if and only if q = 2 and 2m - I is aprime.3.23. 3.24.If I is a primitive polynomial over IF q' prove that 1(0)primitive over IFq.'/*is again3.25. 3.26.Prove that the only self-reciprocal primitive polynomials are x I 1 and x' +x+ lover IF, and x+ lover IF, (see Exercise 3.13 for the definition of a self-reciprocal polynomial). Prove: if I(x) is irreducible in IF qlx]. then I( ax + h) is irreducible in IF qlx] for any a, h E IF q with a * O. Prove that Nq(n) '" (ljn)(q" - q) with equality if and only if n is prime.124Polynomials over Finite Fidds3.27.Prove thatN (nb .!.q' - -q._--(q'I' q n n ( q -- I)-I).3.28. 3.29. 3.30.Give a detailed proof of the fact that (3.5) implies (3.4). Prove that the Moebius function p. satisfies p.(mn) = p.(m)p.(n) for all m,nEN with gcd(m.n)=1. Prove the identityLdinp.(d)~$(n)foralinEN.dn3.31. 3.32.Prove that '[d"p.(d)$(d) ~ 0 for every even integer n;" 2. Prove the identity '[dl,Ip.(d)1 ~ 2k where k is the numher of distinct prime factors of n E N. 3.33. Prove that Nq(n) is divisihle hy eq provided that n;" 2, e is a divisor of q - I, and gcd(eq, n) = 1. 3.34. Caleulatc the cyclotomic polynomials QI2 and Q30 from the explicit formula in Theorem 3.27. 3.35. Establish the properties of cyclotomic polynomials listed in Exercise 2.57. Parts (a)-(f), by using the explicit formula in Theorem 3.27. 3.36. Prove that the cyclotomic polynomial Qn with gcd(n,q)=1 is irreducihle over IF q if and only if the multiplicative order of q modulo n is

!.3.49.3.50. 3.51. 3.52. 3.53. 3.54.3.55. 3.56.3.57. 3.58. 3.59. 3.60. 3.61. 3.62.3.63.Prove that over a finite field of odd order q the polynomial -)(1 + x,q 1)/' +(1- x),q+ 1)/') is the square of a polynomial. Determine all irreducible polynomials in O=,[x] of degree 6 and order 21 and then all irreducible polynomials in O=,[x] of degree 294 and order 1029. Determine all monic irreducible polynomials in O=,[x] of degree 3 and order 26 and then all monic irreducible polynomials in O=,[x] of degree 6 and order 104. Proceed as in Example 3.41 to determine which polynomials /, are irreducible in 0=q[ x] in the case q = 5, m = 4, e = 78. In the notation of Example 3.41, prove that if I is a prime with I - I dividing m - I, then /, is irreducible in 0=, [x]. Given the irreducible polynomial I(x) ~ x' - x 2 + X + lover 0=" calculate I, and Is by the matrix-theoretic method. Calculate I, and Is in the previous exercise by using the result of Theorem 3.39. Use a root of the primitive polynomial x' - x + lover 0=, to represent all elements of 0=;, and compute the minimal polynomials over 0=, of all elements of 0=27' Let 0 E 0=64 be a root of the irreducible polynomial x + x + I in O=,[x]. Find the minimal polynomial of f3 ~ I + 0' + 0' over 0=2' Let 0 E 0='4 be a root of the irreducible polynomial x' + x 4 + x' + x + I in o=,[x]. Find the minimal polynomial of f3 = I + 0 + Os over 0=, . Determine all primitive polynomials over 0=, of degree 2. Determine all primitive polynomials over 0=4 of degree 2. Determine a primitive polynomial over O=s of degree 3. Factor the polynomial g E O=,[x] from Example 3.44 in O=q[x] to obtain primitive polynomials over 0=9' ractor the polynomial Ii E O=,[x] from Example 3.45 In O=,[x] to obtain primitive polynomials over 0=,. Find the roots of the following lineari7.ed polynomials in thcir splitting fields: (a) L(x) ~ x' x 4 + x' + X E O=,[x]; q (b) I,(x) ~ x + x E o=,[x]. find the roots of the following polynomials in the indicated fields by126Polynomials over finite fiddsfirst determining an affine multiple: (a) !(x)~x'+x'+x'+x'+ I k;, I, be a trinomial and let mEN be a multiple of ord(f). Prove thatf(x) divides the trinomialg(x)~xrn '+b-'x"-'+ab3.87. 3.88.3.89.3.90. 3.91. 3.92. 3.93.3.94. 3.95.'.3.96. 3.97.Prove that only if n = Prove that only if n =the trinomial x'" + x" + I is irreducible over IF, if and 3' for some nonnegative integer k. the trinomial x 4n + x" + I is irreducible over IF 2 if and 3'5 rn for some nonnegative integers k and m.Chapter 4Factorization of PolynomialsAny nonconstant polynomial over a field can bc expressed as a product of irreducible pOlynomials. [n the case of finite fields, somc reasonably efficient algorithms can be devised for the actual calCulation of thc irrcducible factors of a given polynomial of positive degree. The availability of feasible factorization algorithms for polynomials over finite fields is important for coding theory and for the study of linear recurrence relations in finite fields. Beyond the realm of finite fields, there are various computational problems in algebra and number theory that depend in one way or another on the factorization of polynomials over finite fields. We mention the factorization of polynomials over the ring of intcgcrs, the determination of the decomposition of rational primes in algebraic numbcr fields. the calculation of the Galois group of an equation over the rationals, and the construction of field extensions. We shall present several algorithms for the factorization of polynomials over finitc fields. The decision on the choice of algorithm for a specific factorization problem usually depends on whether the underlying finite field is "small" or "large." In Section I we describe those algorithms that are better adapted to "small" finite fields and in the next section those that work belter for "large" finite fields. Some of these algorithms reduce the problem of factoring polynomials to that of finding the roots of certain other polynomials. Therefore. Section 3 is devoted to the discussion of the latter problem from the computational vicwpoint.130Fal:ton1.ation ofPol~momials1.FACTORIZATION OVER SMALL FINITE FIELDSAny polynomialf E IFqlx] of positivc degrce has a canonical factorization in IFqlx] by Theorem 1.59. For the discussion of factorization algorithms it will sufficc to consider only monic polynomials. Our goal is thus to express a monic polynomial f E IF .[x] of positive degrce in the formf~f,"f:'.(4.1)wherc f\ .... ./k are distinct monic irreducible polynomials in IFqlx] and e I" .. , ek are positive integers. First we simplify our task by showing that thc problem can be reduced to that of factoring a polynomial with no repeated faclOrs. which means that the exponents e\ ..... ek in (4.1) are all equal to I (or. equivalently. that the polynomial has no multiplc roots). To this cnd. we calculated(x) = gcd(f(x).j'(x.thc greatest common divisor of fix) and its derivative. by thc Euclidean algorithm. If d(x) ~ I. then we know thatf(x) has no repeatcd factors becausc of Thcorem 1.68. If d(x) ~ fix). we must have f'(x) = O. Hcnce fix) = g(x)P. wherc g(x) is a suitable polynomial in IFqlxJ and pis thc characteristic of IFq. If necessary. the reduction process can be continucd by applying the method to g( x). If d(x) = I and d(x) = f(x). thcn d(x) is a nontrivial factor of fix) andf(x)/d(x) has no repeated factors. The factorization off(x) is achievcd by factoring d(x) andf(xJld(x) separately. In casc d(x) still has rcpeated factors. further applications of the rcduction proccss will havc to bc carriedout.By applying this process sufficiently often. the original problcm is reduced to that of factoring a certain number of polynomials with no repeated factors. The canonical factorizations of these polynomials lead directly to the canonical factorization of the original polynomial. Therefore. we may restrict the attention to polynomials w