Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

3.11 Finite Fields

Note: This section is more advanced than the rest of the chapter. It is included because finite fields are often used in cryptography. In particular, finite fields appear in four places in this book. The finite field GF(28) $G F (2^{8})$ is used in AES (Chapter 8). Finite fields give an explanation of some phenomena that are mentioned in Section 5.2. Finally, finite fields are used in Section 21.4, Chapter 22 and in error correcting codes (Chapter 24).

Many times throughout this book, we work with the integers mod p, $p,$ where p $p$ is a prime. We can add, subtract, and multiply, but what distinguishes working mod p $p$ from working mod an arbitrary integer n $n$ is that we can divide by any number that is nonzero mod p. $p .$ For example, if we need to solve 3x≡1 (mod 5), $3 x \equiv 1 (mod 5),$ then we divide by 3 to obtain x≡2 (mod 5). $x \equiv 2 (mod 5) .$ In contrast, if we want to solve 3x≡1 (mod 6), $3 x \equiv 1 (mod 6),$ there is no solution since we cannot divide by 3 (mod 6). $3 (mod 6) .$ Loosely speaking, a set that has the operations of addition, multiplication, subtraction, and division by nonzero elements is called a field. We also require that the associative, commutative, and distributive laws hold.

Example

The basic examples of fields are the real numbers, the complex numbers, the rational numbers, and the integers mod a prime. The set of all integers is not a field since we sometimes cannot divide and obtain an answer in the set (for example, 4/3 is not an integer).

Example

Here is a field with four elements. Consider the set

G F (4) = {0, 1, ω, ω 2},

$G F (4) = {0, 1, ω, ω^{2}},$

with the following laws:

0+x=x $0 + x = x$ for all x. $x .$
x+x=0 $x + x = 0$ for all x. $x .$
1⋅x=x $1 \cdot x = x$ for all x. $x .$
ω+1=ω2. $ω + 1 = ω^{2} .$
Addition and multiplication are commutative and associative, and the distributive law x(y+z)=xy+xz $x (y + z) = x y + x z$ holds for all x, y, z. $x, y, z .$

Since

ω 3 = ω \cdot ω 2 = ω \cdot (1 + ω) = ω + ω 2 = ω + (1 + ω) = 1,

$ω^{3} = ω \cdot ω^{2} = ω \cdot (1 + ω) = ω + ω^{2} = ω + (1 + ω) = 1,$

we see that ω2 $ω^{2}$ is the multiplicative inverse of ω. $ω .$ Therefore, every nonzero element of GF(4) $G F (4)$ has a multiplicative inverse, and GF(4) $G F (4)$ is a field with four elements.

In general, a field is a set containing elements 0 and 1 (with 1≠0 $1 \neq 0$ ) and satisfying the following:

It has a multiplication and addition satisfying (1), (3), (5) in the preceding list.
Every element has an additive inverse (for each x, $x,$ this means there exists an element −x $- x$ such that x+(−x)=0 $x + (- x) = 0$ ).
Every nonzero element has a multiplicative inverse.

A field is closed under subtraction. To compute x−y, $x - y,$ simply compute x+(−y). $x + (- y) .$

The set of 2×2 $2 \times 2$ matrices with real entries is not a field for two reasons. First, the multiplication is not commutative. Second, there are nonzero matrices that do not have inverses (and therefore we cannot divide by them). The set of nonnegative real numbers is not a field. We can add, multiply, and divide, but sometimes when we subtract the answer is not in the set.

For every power pn $p^{n}$ of a prime, there is exactly one finite field with pn $p^{n}$ elements, and these are the only finite fields. We’ll soon show how to construct them, but first let’s point out that if n>1, $n > 1,$ then the integers mod pn $p^{n}$ do not form a field. The congruence px≡1 (mod pn) $p x \equiv 1 (mod p^{n})$ does not have a solution, so we cannot divide by p, $p,$ even though p ≡ 0 (mod pn). $p \equiv 0 (mod p^{n}) .$ Therefore, we need more complicated constructions to produce fields with pn $p^{n}$ elements.

The field with pn $p^{n}$ elements is called GF(pn). $G F (p^{n}) .$ The “GF” is for “Galois field,” named for the French mathematician Evariste Galois (1811–1832), who did some early work related to fields.

Example, continued

Here is another way to produce the field GF(4). $G F (4) .$ Let Z2[X] $Z_{2} [X]$ be the set of polynomials whose coefficients are integers mod 2. For example, 1+X3+X6 $1 + X^{3} + X^{6}$ and X $X$ are in this set. Also, the constant polynomials 0 $0$ and 1 $1$ are in Z2[X]. $Z_{2} [X] .$ We can add, subtract, and multiply in this set, as long as we work with the coefficients mod 2. For example,

(X 3 + X + 1) (X + 1) = X 4 + X 3 + X 2 + 1

$(X^{3} + X + 1) (X + 1) = X^{4} + X^{3} + X^{2} + 1$

since the term 2X $2 X$ disappears mod 2. The important property for our purposes is that we can perform division with remainder, just as with the integers. For example, suppose we divide X2+X+1 $X^{2} + X + 1$ into X4+X3+1. $X^{4} + X^{3} + 1 .$ We can do this by long division, just as with numbers:

X 2 + X + 1 X 2 + 1 X 4 + X 3 + 1 X 4 + X 3 + X 2 - - - - - - - - - - - - - X 2 + 1 X 2 + X + 1 - - - - - - - - - - X

$\begin{array}{l} X^{2} + 1 \\ X^{2} + X + 1 & X^{4} + X^{3} + 1 \\ \underline{X^{4} + X^{3} + X^{2}} \\ X^{2} + 1 \\ \underline{X^{2} + X + 1} \\ X \end{array}$

In words, what we did was to divide by X2+X+1 $X^{2} + X + 1$ and obtain the X2 $X^{2}$ as the first term of the quotient. Then we multiplied this X2 $X^{2}$ times X2+X+1 $X^{2} + X + 1$ to get X4+X3+X2, $X^{4} + X^{3} + X^{2},$ which we subtracted from X4+X3+1, $X^{4} + X^{3} + 1,$ leaving X2+1. $X^{2} + 1 .$ We divided this X2+1 $X^{2} + 1$ by X2+X+1 $X^{2} + X + 1$ and obtained the second term of the quotient, namely 1. Multiplying 1 $1$ times X2+X+1 $X^{2} + X + 1$ and subtracting from X2+1 $X^{2} + 1$ left the remainder X. $X .$ Since the degree of the polynomial X $X$ is less than the degree of X2+X+1, $X^{2} + X + 1,$ we stopped. The quotient was X2+1 $X^{2} + 1$ and the remainder was X: $X :$

X 4 + X 3 + 1 = (X 2 + 1) (X 2 + X + 1) + X .

$X^{4} + X^{3} + 1 = (X^{2} + 1) (X^{2} + X + 1) + X .$

We can write this as

X 4 + X 3 + 1 \equiv X (mod X 2 + X + 1) .

$\begin{matrix} X^{4} + X^{3} + 1 \equiv X & (mod X^{2} + X + 1) . \end{matrix}$

Whenever we divide by X2+X+1 $X^{2} + X + 1$ we can obtain a remainder that is either 0 or a polynomial of degree at most 1 (if the remainder had degree 2 or more, we could continue dividing). Therefore, we define Z2[X] (mod X2+X+1) $Z_{2} [X] (mod X^{2} + X + 1)$ to be the set

{0, 1, X, X + 1}

${0, 1, X, X + 1}$

of polynomials of degree at most 1, since these are the remainders that we obtain when we divide by X2+X+1. $X^{2} + X + 1 .$ Addition, subtraction, and multiplication are done mod X2+X+1. $X^{2} + X + 1 .$ This is completely analogous to what happens when we work with integers mod n. $n .$ In the present situation, we say that two polynomials f(X) $f (X)$ and g(X) $g (X)$ are congruent mod X2+X+1, $X^{2} + X + 1,$ written f(X)≡g(X) (mod X2+X+1), $f (X) \equiv g (X) (mod X^{2} + X + 1),$ if f(X) $f (X)$ and g(X) $g (X)$ have the same remainder when divided by X2+X+1. $X^{2} + X + 1 .$ Another way of saying this is that f(X)−g(X) $f (X) - g (X)$ is a multiple of X2+X+1. $X^{2} + X + 1 .$ This means that there is a polynomial h(X) $h (X)$ such that f(X)−g(X)=(X2+X+1)h(X). $f (X) - g (X) = (X^{2} + X + 1) h (X) .$

Now let’s multiply in Z2[X] (mod X2+X+1). $Z_{2} [X] (mod X^{2} + X + 1) .$ For example,

X \cdot X = X 2 \equiv X + 1 (mod X 2 + X + 1) .

$\begin{matrix} X \cdot X = X^{2} \equiv X + 1 & (mod X^{2} + X + 1) . \end{matrix}$

(It might seem that the right side should be −X−1, $- X - 1,$ but recall that we are working with coefficients mod 2, so +1 $+ 1$ and −1 $- 1$ are the same.) As another example, we have

X 3 \equiv X \cdot X 2 \equiv X \cdot (X + 1) \equiv X 2 + X \equiv 1 (mod X 2 + X + 1) .

$\begin{matrix} X^{3} \equiv X \cdot X^{2} \equiv X \cdot (X + 1) \equiv X^{2} + X \equiv 1 & (mod X^{2} + X + 1) . \end{matrix}$

It is easy to see that we are working with the set GF(4) $G F (4)$ from before, with X $X$ in place of ω. $ω .$

Working with Z2[X] $Z_{2} [X]$ mod a polynomial can be used to produce finite fields. But we cannot work mod an arbitrary polynomial. The polynomial must be irreducible, which means that it doesn’t factor into polynomials of lower degree mod 2. For example, X2+1, $X^{2} + 1,$ which is irreducible when we are working with real numbers, is not irreducible when the coefficients are taken mod 2 since X2+1=(X+1)(X+1) $X^{2} + 1 = (X + 1) (X + 1)$ when we are working mod 2. However, X2+X+1 $X^{2} + X + 1$ is irreducible: Suppose it factors mod 2 into polynomials of lower degree. The only possible factors mod 2 are X $X$ and X+1, $X + 1,$ and X2+X+1 $X^{2} + X + 1$ is not a multiple of either of these, even mod 2.

Here is the general procedure for constructing a finite field with pn $p^{n}$ elements, where p $p$ is prime and n≥1. $n \geq 1 .$ We let Zp $Z_{p}$ denote the integers mod p. $p .$

Zp[X] $Z_{p} [X]$ is the set of polynomials with coefficients mod p. $p .$
Choose P(X) $P (X)$ to be an irreducible polynomial mod p $p$ of degree n. $n .$
Let GF(pn) $G F (p^{n})$ be Zp[X] $Z_{p} [X]$ mod P(X). $P (X) .$ Then GF(pn) $G F (p^{n})$ is a field with pn $p^{n}$ elements.

The fact that GF(pn) $G F (p^{n})$ has pn $p^{n}$ elements is easy to see. The possible remainders after dividing by P(X) $P (X)$ are the polynomials of the form a0+a1X+⋯+an−1Xn−1, $a_{0} + a_{1} X + \dots + a_{n - 1} X^{n - 1},$ where the coefficients are integers mod p. $p .$ There are p $p$ choices for each coefficient, hence pn $p^{n}$ possible remainders.

For each n, $n,$ there are irreducible polynomials mod p $p$ of degree n, $n,$ so this construction produces fields with pn $p^{n}$ elements for each n≥1. $n \geq 1 .$ What happens if we do the same construction for two different polynomials P1(X) $P_{1} (X)$ and P2(X), $P_{2} (X),$ both of degree n $n$ ? We obtain two fields, call them GF(pn)′ $G F (p^{n})^{'}$ and GF(pn)′′. $G F (p^{n})^{''} .$ It is possible to show that these are essentially the same field (the technical term is that the two fields are isomorphic), though this is not obvious since multiplication mod P1(X) $P_{1} (X)$ is not the same as multiplication mod P2(X). $P_{2} (X) .$

3.11.1 Division

We can easily add, subtract, and multiply polynomials in Zp[X], $Z_{p} [X],$ but division is a little more subtle. Let’s look at an example. The polynomial X8+X4+X3+X+1 $X^{8} + X^{4} + X^{3} + X + 1$ is irreducible in Z2[X] $Z_{2} [X]$ (although there are faster methods, one way to show it is irreducible is to divide it by all polynomials of smaller degree in Z2[X] $Z_{2} [X]$ ). Consider the field

G F (28) = Z 2 [X] (mod X 8 + X 4 + X 3 + X + 1) .

$\begin{matrix} G F (2^{8}) = Z_{2} [X] & (mod X^{8} + X^{4} + X^{3} + X + 1) . \end{matrix}$

Since X7+X6+X3+X+1 $X^{7} + X^{6} + X^{3} + X + 1$ is not 0, it should have an inverse. The inverse is found using the analog of the extended Euclidean algorithm. First, perform the gcd calculation for gcd(X7+X6+X3+X+1, X8+X4+X3+X+1). $gcd (X^{7} + X^{6} + X^{3} + X + 1, X^{8} + X^{4} + X^{3} + X + 1) .$ The procedure (remainder → $\to$ divisor → $\to$ dividend → $\to$ ignore) is the same as for integers:

X 8 ​ + ​ X 4 ​ + ​ X 3 ​ + ​ X ​ + ​ 1 X 7 ​ + ​ X 6 ​ + ​ X 3 ​ + ​ X ​ + ​ 1 = = (X ​ + ​ 1) (X 7 ​ + ​ X 6 ​ + ​ X 3 ​ + ​ X ​ + ​ 1) ​ + ​ (X 6 ​ + ​ X 2 ​ + ​ X) (X ​ + ​ 1) (X 6 ​ + ​ X 2 ​ + ​ X) ​ + ​ 1.

$\begin{array}{l} X^{8} + X^{4} + X^{3} + X + 1 & = & (X + 1) (X^{7} + X^{6} + X^{3} + X + 1) + (X^{6} + X^{2} + X) \\ X^{7} + X^{6} + X^{3} + X + 1 & = & (X + 1) (X^{6} + X^{2} + X) + 1. \end{array}$

The last remainder is 1, which tells us that the “greatest common divisor” of X7+X6+X3+X+1 $X^{7} + X^{6} + X^{3} + X + 1$ and X8+X4+X3+X+1 $X^{8} + X^{4} + X^{3} + X + 1$ is 1. Of course, this must be the case, since X8+X4+X3+X+1 $X^{8} + X^{4} + X^{3} + X + 1$ is irreducible, so its only factors are 1 and itself.

Now work the Extended Euclidean algorithm to express 1 as a linear combination of X7+X6+X3+X+1 $X^{7} + X^{6} + X^{3} + X + 1$ and X8+X4+X3+X+1: $X^{8} + X^{4} + X^{3} + X + 1 :$

	x $x$	y $y$
X8+X4+X3+X+1 $X^{8} + X^{4} + X^{3} + X + 1$	1	0
X7+X6+X3+X+1 $X^{7} + X^{6} + X^{3} + X + 1$	0	1
X6+X2+X $X^{6} + X^{2} + X$	1	X+1 $X + 1$	(1st row) −(X+1)⋅ $- (X + 1) \cdot$ (2nd row)
1	X+1 $X + 1$	X2 $X^{2}$	(2nd row) −(X+1)⋅ $- (X + 1) \cdot$ (3rd row).

The end result is

1 = (X 2) (X 7 + X 6 + X 3 + X + 1) + (X + 1) (X 8 + X 4 + X 3 + X + 1) .

$1 = (X^{2}) (X^{7} + X^{6} + X^{3} + X + 1) + (X + 1) (X^{8} + X^{4} + X^{3} + X + 1) .$

Reducing mod X8+X4+X3+X+1, $X^{8} + X^{4} + X^{3} + X + 1,$ we obtain

(X 2) (X 7 ​ + ​ X 6 ​ + ​ X 3 ​ + ​ X ​ + ​ 1) \equiv 1 (mod X 8 ​ + ​ X 4 ​ + ​ X 3 ​ + ​ X ​ + ​ 1),

$\begin{matrix} (X^{2}) (X^{7} + X^{6} + X^{3} + X + 1) \equiv 1 & (mod X^{8} + X^{4} + X^{3} + X + 1), \end{matrix}$

which means that X2 $X^{2}$ is the multiplicative inverse of X7+X6+X3+X+1. $X^{7} + X^{6} + X^{3} + X + 1 .$ Whenever we need to divide by X7+X6+X3+X+1, $X^{7} + X^{6} + X^{3} + X + 1,$ we can instead multiply by X2. $X^{2} .$ This is the analog of what we did when working with the usual integers mod p. $p .$

3.11.2 GF(2⁸)

In Chapter 8, we discuss AES, which uses GF(28), $G F (2^{8}),$ so let’s look at this field a little more closely. We’ll work mod the irreducible polynomial X8+X4+X3+X+1, $X^{8} + X^{4} + X^{3} + X + 1,$ since that is the one used by AES. However, there are other irreducible polynomials of degree 8, and any one of them would lead to similar calculations. Every element can be represented uniquely as a polynomial

b 7 X 7 + b 6 X 6 + b 5 X 5 + b 4 X 4 + b 3 X 3 + b 2 X 2 + b 1 X + b 0,

$b_{7} X^{7} + b_{6} X^{6} + b_{5} X^{5} + b_{4} X^{4} + b_{3} X^{3} + b_{2} X^{2} + b_{1} X + b_{0},$

where each bi $b_{i}$ is 0 or 1. The 8 bits b7b6b5b4b3b2b1b0 $b_{7} b_{6} b_{5} b_{4} b_{3} b_{2} b_{1} b_{0}$ represent a byte, so we can represent the elements of GF(28) $G F (2^{8})$ as 8-bit bytes. For example, the polynomial X7+X6+X3+X+1 $X^{7} + X^{6} + X^{3} + X + 1$ becomes 11001011. $11001011 .$ Addition is the XOR of the bits:

(X 7 + X 6 + X 3 + X + 1) + (X 4 + X 3 + 1) \to 11001011 \oplus 00011001 = 11010010 \to X 7 + X 6 + X 4 + X .

$\begin{array}{l} (X^{7} + X^{6} + X^{3} + X + 1) + (X^{4} + X^{3} + 1) \\ \begin{matrix} \to 11001011 \oplus 00011001 = 11010010 \end{matrix} \\ \begin{matrix} \to X^{7} + X^{6} + X^{4} + X . \end{matrix} \end{array}$

Multiplication is more subtle and does not have as easy an interpretation. That is because we are working mod the polynomial X8+X4+X3+X+1, $X^{8} + X^{4} + X^{3} + X + 1,$ which we can represent by the 9 bits 100011011. First, let’s multiply X7+X6+X3+X+1 $X^{7} + X^{6} + X^{3} + X + 1$ by X: $X :$ With polynomials, we calculate

(X 7 + X 6 + X 3 + X + 1) (X) = X 8 + X 7 + X 4 + X 2 + X = (X 7 + X 3 + X 2 + 1) + (X 8 + X 4 + X 3 + X + 1) \equiv X 7 + X 3 + X 2 + 1 (mod X 8 + X 4 + X 3 + X + 1) .

$\begin{array}{l} (X^{7} + X^{6} + X^{3} + X + 1) (X) = X^{8} + X^{7} + X^{4} + X^{2} + X \\ = (X^{7} + X^{3} + X^{2} + 1) + (X^{8} + X^{4} + X^{3} + X + 1) \\ \begin{matrix} \equiv X^{7} + X^{3} + X^{2} + 1 & (mod X^{8} + X^{4} + X^{3} + X + 1) . \end{matrix} \end{array}$

The same operation with bits becomes

11001011 \to \to = 110010110 110010110 \oplus 100011011 010001101, (shift left and append a 0) (subtract X 8 ​ + ​ X 4 ​ + ​ X 3 ​ + ​ X ​ + ​ 1)

$\begin{matrix} 11001011 & \to & 110010110 & (shift left and append a 0) \\ \to & 110010110 \oplus 100011011 & (subtract X^{8} + X^{4} + X^{3} + X + 1) \\ = & 010001101, \end{matrix}$

which corresponds to the preceding answer. In general, we can multiply by X $X$ by the following algorithm:

Shift left and append a 0 as the last bit.
If the first bit is 0, stop.
If the first bit is 1, XOR with 100011011. $100011011 .$

The reason we stop in step 2 is that if the first bit is 0 then the polynomial still has degree less than 8 after we multiply by X, $X,$ so it does not need to be reduced. To multiply by higher powers of X, $X,$ multiply by X $X$ several times. For example, multiplication by X3 $X^{3}$ can be done with three shifts and at most three XORs. Multiplication by an arbitrary polynomial can be accomplished by multiplying by the various powers of X $X$ appearing in that polynomial, then adding (i.e., XORing) the results.

In summary, we see that the field operations of addition and multiplication in GF(28) $G F (2^{8})$ can be carried out very efficiently. Similar considerations apply to any finite field.

The analogy between the integers mod a prime and polynomials mod an irreducible polynomial is quite remarkable. We summarize in the following.

integers prime number q Z q field with q elements ⟷ ⟷ ⟷ ⟷ Z p [X] irreducible P (X) of degree n Z p [X] (mod P (X)) field with p n elements

$\begin{array}{rcl} integers & ⟷ & Z_{p} [X] \\ prime number q & ⟷ & irreducible P (X) of degree n \\ Z_{q} & ⟷ & Z_{p} [X] (mod P (X)) \\ field with q elements & ⟷ & field with p^{n} elements \end{array}$

Let GF(pn)∗ $G F (p^{n})^{*}$ denote the nonzero elements of GF(pn). $G F (p^{n}) .$ This set, which has pn−1 $p^{n} - 1$ elements, is closed under multiplication, just as the integers not congruent to 0 mod p $p$ are closed under multiplication. It can be shown that there is a generating polynomial g(X) $g (X)$ such that every element in GF(pn)∗ $G F (p^{n})^{*}$ can be expressed as a power of g(X). $g (X) .$ This also means that the smallest exponent k $k$ such that g(X)k≡1 $g (X)^{k} \equiv 1$ is pn−1. $p^{n} - 1 .$ This is the analog of a primitive root for primes. There are ϕ(pn−1) $ϕ (p^{n} - 1)$ such generating polynomials, where ϕ $ϕ$ is Euler’s function. An interesting situation occurs when p=2 $p = 2$ and 2n−1 $2^{n} - 1$ is prime. In this case, every nonzero polynomial f(X)≠1 $f (X) \neq 1$ in GF(2n) $G F (2^{n})$ is a generating polynomial. (Remark, for those who know some group theory: The set GF(2n)∗ $G F (2^{n})^{*}$ is a group of prime order in this case, so every element except the identity is a generator.)

The discrete log problem mod a prime, which we’ll discuss in Chapter 10, has an analog for finite fields; namely, given h(x), $h (x),$ find an integer k $k$ such that h(X)=g(X)k $h (X) = g (X)^{k}$ in GF(pn). $G F (p^{n}) .$ Finding such a k $k$ is believed to be very hard in most situations.

3.11.3 LFSR Sequences

We can now explain a phenomenon that is mentioned in Section 5.2 on LFSR sequences.

Suppose that we have a recurrence relation

x n + m \equiv c 0 x n + c 1 x n + 1 + \dots + c m - 1 x n + m - 1 (mod 2) .

$\begin{matrix} x_{n + m} \equiv c_{0} x_{n} + c_{1} x_{n + 1} + \dots + c_{m - 1} x_{n + m - 1} & (mod 2) . \end{matrix}$

For simplicity, we assume that the associated polynomial

P (X) = X m + c m - 1 X m - 1 + c m - 2 X m - 2 + \dots + c 0

$P (X) = X^{m} + c_{m - 1} X^{m - 1} + c_{m - 2} X^{m - 2} + \dots + c_{0}$

is irreducible mod 2. Then Z2[X] (mod P(X)) $Z_{2} [X] (mod P (X))$ is the field GF(2m). $G F (2^{m}) .$ We regard GF(2m) $G F (2^{m})$ as a vector space over Z2 $Z_{2}$ with basis {1, X, X2, X3, …, Xm−1}. ${1, X, X^{2}, X^{3}, \dots, X^{m - 1}} .$ Multiplication by X $X$ gives a linear transformation of this vector space. Since

X \cdot 1 = X, X \cdot X = X 2, X \cdot X 2 = X 3, \dots

$X \cdot 1 = X, X \cdot X = X^{2}, X \cdot X^{2} = X^{3}, \dots$

X \cdot X m - 1 = X m \equiv c 0 + c 1 X + \dots + c m - 1 X m - 1,

$X \cdot X^{m - 1} = X^{m} \equiv c_{0} + c_{1} X + \dots + c_{m - 1} X^{m - 1},$

multiplication by X $X$ is represented by the matrix

M X = ⎛ ⎝ ⎜ ⎜ ⎜ ⎜ ⎜ ⎜ ⎜ 010 ⋮ 0 001 ⋮ 0 \dots \dots \dots ⋱ 0 000 ⋮ 1 c 0 c 1 c 2 ⋮ c m - 1 ⎞ ⎠ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ .

$M_{X} = (\begin{array}{ccccc} 0 & 0 & \dots & 0 & c_{0} \\ 1 & 0 & \dots & 0 & c_{1} \\ 0 & 1 & \dots & 0 & c_{2} \\ ⋮ & ⋮ & ⋱ & ⋮ & ⋮ \\ 0 & 0 & 0 & 1 & c_{m - 1} \end{array}) .$

Suppose we know (xn, xn+1, xn+2, … , xn+m−1). $(x_{n}, x_{n + 1}, x_{n + 2}, \dots, x_{n + m - 1}) .$ We compute

(x n, x n + 1, x n + 2, \dots, x n + m - 1) M X = (x n + 1, x n + 2, x n + 3, \dots, c 0 x n + \dots + c m - 1 x n + m - 1) \equiv (x n + 1, x n + 2, x n + 3, \dots, x n + m) .

$\begin{array}{rcl} (x_{n}, x_{n + 1}, x_{n + 2}, \dots, x_{n + m - 1}) M_{X} \\ = (x_{n + 1}, x_{n + 2}, x_{n + 3}, \dots, c_{0} x_{n} + \dots + c_{m - 1} x_{n + m - 1}) \\ \equiv (x_{n + 1}, x_{n + 2}, x_{n + 3}, \dots, x_{n + m}) . \end{array}$

Therefore, multiplication by MX $M_{X}$ shifts the indices by 1. It follows easily that multiplication on the right by the matrix MjX $M_{X}^{j}$ sends (x1, x2, … , xm) $(x_{1}, x_{2}, \dots, x_{m})$ to (x1+j, x2+j, … , xm+j). $(x_{1 + j}, x_{2 + j}, \dots, x_{m + j}) .$ If MjX≡I, $M_{X}^{j} \equiv I,$ the identity matrix, this must be the original vector (x1, x2, … , xm). $(x_{1}, x_{2}, \dots, x_{m}) .$ Since there are 2m−1 $2^{m} - 1$ nonzero elements in GF(2m), $G F (2^{m}),$ it follows from Lagrange’s theorem in group theory that X2m−1≡1, $X^{2^{m} - 1} \equiv 1,$ which implies that M2m−1X=I. $M_{X}^{2^{m} - 1} = I .$ Therefore, we know that x1≡x2m, x2≡x2m+1, …. $x_{1} \equiv x_{2^{m}}, x_{2} \equiv x_{2^{m} + 1}, \dots .$

For any set of initial values (we’ll assume that at least one initial value is nonzero), the sequence will repeat after k $k$ terms, where k $k$ is the smallest positive integer such that Xk≡1 (mod P(X)). $X^{k} \equiv 1 (mod P (X)) .$ It can be shown that k $k$ divides 2m−1. $2^{m} - 1 .$

In fact, the period of such a sequence is exactly k. $k .$ This can be proved as follows, using a few results from linear algebra: Let v=(x1, … , xm)≠0 $v = (x_{1}, \dots, x_{m}) \neq 0$ be the row vector of initial values. The sequence repeats when vMjX=v. $v M_{X}^{j} = v .$ This means that the nonzero row vector v $v$ is in the left null space of the matrix MjX−I, $M_{X}^{j} - I,$ so det(MjX−I)=0. $det (M_{X}^{j} - I) = 0 .$ But this means that there is a nonzero column vector w=(a0, … , am−1)T $w = (a_{0}, \dots, a_{m - 1})^{T}$ in the right null space of MjX−I. $M_{X}^{j} - I .$ That is, MjXw=w. $M_{X}^{j} w = w .$ Since the matrix MjX $M_{X}^{j}$ represents the linear transformation given by multiplication by Xj $X^{j}$ with respect to the basis {1, X, … , Xm−1}, ${1, X, \dots, X^{m - 1}},$ this can be changed back into a relation among polynomials:

X j (a 0 + a 1 X + \dots + a m - 1 X m - 1) \equiv a 0 + a 1 X + \dots + a m - 1 X m - 1 (mod P (X)) .

$\begin{matrix} X^{j} (a_{0} + a_{1} X + \dots + a_{m - 1} X^{m - 1}) \equiv a_{0} + a_{1} X + \dots + a_{m - 1} X^{m - 1} & (mod P (X)) . \end{matrix}$

But a0+a1X+⋯+am−1Xm−1 (mod P(X)) $a_{0} + a_{1} X + \dots + a_{m - 1} X^{m - 1} (mod P (X))$ is a nonzero element of the field GF(2m), $G F (2^{m}),$ so we can divide by this element to get Xj≡1 (mod P(X)). $X^{j} \equiv 1 (mod P (X)) .$ Since j=k $j = k$ is the first time this happens, the sequence first repeats after k $k$ terms, so it has period k. $k .$

As mentioned previously, when 2m−1 $2^{m} - 1$ is prime, all polynomials (except 0 and 1) are generating polynomials for GF(2m). $G F (2^{m}) .$ In particular, X $X$ is a generating polynomial and therefore k=2m−1 $k = 2^{m} - 1$ is the period of the recurrence.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for 3.11 Finite Fields

Create new playlist

Sign In

Sign Up

Table of Contents for
3.11 Finite Fields