$\newcommand{\identity}{\mathrm{id}} \newcommand{\notdivide}{\nmid} \newcommand{\notsubset}{\not\subset} \newcommand{\lcm}{\operatorname{lcm}} \newcommand{\gf}{\operatorname{GF}} \newcommand{\inn}{\operatorname{Inn}} \newcommand{\aut}{\operatorname{Aut}} \newcommand{\Hom}{\operatorname{Hom}} \newcommand{\cis}{\operatorname{cis}} \newcommand{\chr}{\operatorname{char}} \newcommand{\Null}{\operatorname{Null}} \newcommand{\transpose}{\text{t}} \newcommand{\lt}{<} \newcommand{\gt}{>} \newcommand{\amp}{&}$

## Section22.1Structure of a Finite Field

Recall that a field $F$ has characteristic $p$ if $p$ is the smallest positive integer such that for every nonzero element $\alpha$ in $F\text{,}$ we have $p \alpha = 0\text{.}$ If no such integer exists, then $F$ has characteristic $0\text{.}$ From Theorem 16.19 we know that $p$ must be prime. Suppose that $F$ is a finite field with $n$ elements. Then $n \alpha = 0$ for all $\alpha$ in $F\text{.}$ Consequently, the characteristic of $F$ must be $p\text{,}$ where $p$ is a prime dividing $n\text{.}$ This discussion is summarized in the following proposition.

Throughout this chapter we will assume that $p$ is a prime number unless otherwise stated.

Let $\phi : {\mathbb Z} \rightarrow F$ be the ring homomorphism defined by $\phi(n) = n \cdot 1\text{.}$ Since the characteristic of $F$ is $p\text{,}$ the kernel of $\phi$ must be $p {\mathbb Z}$ and the image of $\phi$ must be a subfield of $F$ isomorphic to ${\mathbb Z}_p\text{.}$ We will denote this subfield by $K\text{.}$ Since $F$ is a finite field, it must be a finite extension of $K$ and, therefore, an algebraic extension of $K\text{.}$ Suppose that $[F : K] = n$ is the dimension of $F\text{,}$ where $F$ is a $K$ vector space. There must exist elements $\alpha_1, \ldots, \alpha_n \in F$ such that any element $\alpha$ in $F$ can be written uniquely in the form

\begin{equation*} \alpha = a_1 \alpha_1 + \cdots + a_n \alpha_n, \end{equation*}

where the $a_i$'s are in $K\text{.}$ Since there are $p$ elements in $K\text{,}$ there are $p^n$ possible linear combinations of the $\alpha_i$'s. Therefore, the order of $F$ must be $p^n\text{.}$

We will prove this lemma using mathematical induction on $n\text{.}$ We can use the binomial formula (see Chapter 2, Example 2.4) to verify the case for $n = 1\text{;}$ that is,

\begin{equation*} (a + b)^p = \sum_{k = 0}^{p} \binom{p}{k} a^k b^{p - k}. \end{equation*}

If $0 \lt k \lt p\text{,}$ then

\begin{equation*} \binom{p}{k} = \frac{p!}{k!(p - k)!} \end{equation*}

must be divisible by $p\text{,}$ since $p$ cannot divide $k!(p - k)!\text{.}$ Note that $D$ is an integral domain of characteristic $p\text{,}$ so all but the first and last terms in the sum must be zero. Therefore, $(a + b)^p = a^p + b^p\text{.}$

Now suppose that the result holds for all $k\text{,}$ where $1 \leq k \leq n\text{.}$ By the induction hypothesis,

\begin{equation*} (a + b)^{p^{n + 1}} = ((a + b)^p)^{p^{n}} = (a^p + b^p)^{p^{n}} = (a^p)^{p^{n}} + (b^p)^{p^{n}} = a^{p^{n + 1}} + b^{p^{n + 1}}. \end{equation*}

Therefore, the lemma is true for $n + 1$ and the proof is complete.

Let $F$ be a field. A polynomial $f(x) \in F[x]$ of degree $n$ is separable if it has $n$ distinct roots in the splitting field of $f(x)\text{;}$ that is, $f(x)$ is separable when it factors into distinct linear factors over the splitting field of $f\text{.}$ An extension $E$ of $F$ is a separable extension of $F$ if every element in $E$ is the root of a separable polynomial in $F[x]\text{.}$

###### Example22.4

The polynomial $x^2 - 2$ is separable over ${\mathbb Q}$ since it factors as $(x - \sqrt{2}\, )(x + \sqrt{2}\, )\text{.}$ In fact, ${\mathbb Q}(\sqrt{2}\, )$ is a separable extension of ${\mathbb Q}\text{.}$ Let $\alpha = a + b \sqrt{2}$ be any element in ${\mathbb Q}(\sqrt{2}\, )\text{.}$ If $b = 0\text{,}$ then $\alpha$ is a root of $x - a\text{.}$ If $b \neq 0\text{,}$ then $\alpha$ is the root of the separable polynomial

\begin{equation*} x^2 - 2 a x + a^2 - 2 b^2 = (x - (a + b \sqrt{2}\, ))(x - (a - b \sqrt{2}\, )). \end{equation*}

Fortunately, we have an easy test to determine the separability of any polynomial. Let

\begin{equation*} f(x) = a_0 + a_1 x + \cdots + a_n x^n \end{equation*}

be any polynomial in $F[x]\text{.}$ Define the derivative of $f(x)$ to be

\begin{equation*} f'(x) = a_1 + 2 a_2 x + \cdots + n a_n x^{n - 1}. \end{equation*}

Let $f(x)$ be separable. Then $f(x)$ factors over some extension field of $F$ as $f(x) = (x - \alpha_1) (x - \alpha_2) \cdots (x - \alpha_n)\text{,}$ where $\alpha_i \neq \alpha_j$ for $i \neq j\text{.}$ Taking the derivative of $f(x)\text{,}$ we see that

\begin{align*} f'(x) & = (x - \alpha_2) \cdots (x - \alpha_n)\\ & + (x - \alpha_1) (x - \alpha_3) \cdots (x - \alpha_n)\\ & + \cdots + (x - \alpha_1) \cdots (x - \alpha_{n - 1}). \end{align*}

Hence, $f(x)$ and $f'(x)$ can have no common factors.

To prove the converse, we will show that the contrapositive of the statement is true. Suppose that $f(x) = (x - \alpha)^k g(x)\text{,}$ where $k \gt 1\text{.}$ Differentiating, we have

\begin{equation*} f'(x) = k ( x - \alpha)^{k-1} g(x) + (x- \alpha)^k g'(x). \end{equation*}

Therefore, $f(x)$ and $f'(x)$ have a common factor.

Let $f(x) = x^{p^n} - x$ and let $F$ be the splitting field of $f(x)\text{.}$ Then by Lemma 22.5, $f(x)$ has $p^n$ distinct zeros in $F\text{,}$ since $f'(x) = p^n x^{p^n - 1} - 1 = -1$ is relatively prime to $f(x)\text{.}$ We claim that the roots of $f(x)$ form a subfield of $F\text{.}$ Certainly 0 and 1 are zeros of $f(x)\text{.}$ If $\alpha$ and $\beta$ are zeros of $f(x)\text{,}$ then $\alpha + \beta$ and $\alpha \beta$ are also zeros of $f(x)\text{,}$ since $\alpha^{p^n} + \beta^{p^n} = (\alpha + \beta)^{p^n}$ and $\alpha^{p^n} \beta^{p^n} = (\alpha \beta)^{p^n}\text{.}$ We also need to show that the additive inverse and the multiplicative inverse of each root of $f(x)$ are roots of $f(x)\text{.}$ For any zero $\alpha$ of $f(x)\text{,}$ we know that $-\alpha$ is also a zero of $f(x)\text{,}$ since

\begin{equation*} f(-\alpha) = (-\alpha)^{p^n} - (-\alpha) = -\alpha^{p^n} + \alpha = -(\alpha^{p^n} - \alpha) = 0, \end{equation*}

provided $p$ is odd. If $p = 2\text{,}$ then

\begin{equation*} f(-\alpha) = (-\alpha)^{2^n} - (-\alpha) = \alpha + \alpha = 0. \end{equation*}

If $\alpha \neq 0\text{,}$ then $(\alpha^{-1})^{p^n} = (\alpha^{p^n})^{-1} = \alpha^{-1}\text{.}$ Since the zeros of $f(x)$ form a subfield of $F$ and $f(x)$ splits in this subfield, the subfield must be all of $F\text{.}$

Let $E$ be any other field of order $p^n\text{.}$ To show that $E$ is isomorphic to $F\text{,}$ we must show that every element in $E$ is a root of $f(x)\text{.}$ Certainly 0 is a root of $f(x)\text{.}$ Let $\alpha$ be a nonzero element of $E\text{.}$ The order of the multiplicative group of nonzero elements of $E$ is $p^n-1\text{;}$ hence, $\alpha^{p^n-1} =1$ or $\alpha^{p^n} -\alpha = 0\text{.}$ Since $E$ contains $p^n$ elements, $E$ must be a splitting field of $f(x)\text{;}$ however, by Corollary 21.34, the splitting field of any polynomial is unique up to isomorphism.

The unique finite field with $p^n$ elements is called the Galois field of order $p^n\text{.}$ We will denote this field by $\gf(p^n)\text{.}$

Let $F$ be a subfield of $E = \gf(p^n)\text{.}$ Then $F$ must be a field extension of $K$ that contains $p^m$ elements, where $K$ is isomorphic to ${\mathbb Z}_p\text{.}$ Then $m \mid n\text{,}$ since $[E:K] = [E:F][F:K]\text{.}$

To prove the converse, suppose that $m \mid n$ for some $m \gt 0\text{.}$ Then $p^m -1$ divides $p^n -1\text{.}$ Consequently, $x^{p^m -1} - 1$ divides $x^{p^n -1} -1\text{.}$ Therefore, $x^{p^m} - x$ must divide $x^{p^n} - x\text{,}$ and every zero of $x^{p^m} - x$ is also a zero of $x^{p^n} - x\text{.}$ Thus, $\gf(p^n)$ contains, as a subfield, a splitting field of $x^{p^m} - x\text{,}$ which must be isomorphic to $\gf(p^m)\text{.}$

###### Example22.8

The lattice of subfields of $\gf(p^{24})$ is given in Figure 22.9. Figure 22.9 Subfields of $\gf(p^{24})$

With each field $F$ we have a multiplicative group of nonzero elements of $F$ which we will denote by $F^*\text{.}$ The multiplicative group of any finite field is cyclic. This result follows from the more general result that we will prove in the next theorem.

Let $G$ be a finite subgroup of $F^\ast$ of order $n\text{.}$ By the Fundamental Theorem of Finite Abelian Groups (Theorem 13.4),

\begin{equation*} G \cong {\mathbb Z}_{p_1^{e_1}} \times \cdots \times {\mathbb Z}_{p_k^{e_k}}, \end{equation*}

where $n = p_1^{e_1} \cdots p_k^{e_k}$ and the $p_1, \ldots, p_k$ are (not necessarily distinct) primes. Let $m$ be the least common multiple of $p_1^{e_1}, \ldots, p_k^{e_k}\text{.}$ Then $G$ contains an element of order $m\text{.}$ Since every $\alpha$ in $G$ satisfies $x^r - 1$ for some $r$ dividing $m\text{,}$ $\alpha$ must also be a root of $x^m - 1\text{.}$ Since $x^m -1$ has at most $m$ roots in $F\text{,}$ $n \leq m\text{.}$ On the other hand, we know that $m \leq |G|\text{;}$ therefore, $m = n\text{.}$ Thus, $G$ contains an element of order $n$ and must be cyclic.

Let $\alpha$ be a generator for the cyclic group $E^{\ast}$ of nonzero elements of $E\text{.}$ Then $E = F( \alpha )\text{.}$

###### Example22.13

The finite field $\gf(2^4)$ is isomorphic to the field ${\mathbb Z}_2/ \langle 1 + x + x^4 \rangle\text{.}$ Therefore, the elements of $\gf(2^4)$ can be taken to be

\begin{equation*} \{ a_0 + a_1 \alpha + a_2 \alpha^2 + a_3 \alpha^3 : a_i \in {\mathbb Z}_2 \text{ and } 1 + \alpha + \alpha^4 = 0 \}. \end{equation*}

Remembering that $1 + \alpha +\alpha^4 = 0\text{,}$ we add and multiply elements of $\gf(2^4)$ exactly as we add and multiply polynomials. The multiplicative group of $\gf(2^4)$ is isomorphic to ${\mathbb Z}_{15}$ with generator $\alpha\text{:}$

\begin{align*} & \alpha^1 = \alpha & & \alpha^6 = \alpha^2 + \alpha^3 & & \alpha^{11} = \alpha + \alpha^2 + \alpha^3 &\\ & \alpha^2 = \alpha^2 & & \alpha^7 = 1 + \alpha + \alpha^3 & & \alpha^{12} = 1 + \alpha + \alpha^2 + \alpha^3 &\\ & \alpha^3 = \alpha^3 & & \alpha^8 = 1 + \alpha^2 & & \alpha^{13} = 1 + \alpha^2 + \alpha^3 &\\ & \alpha^4 = 1 + \alpha & & \alpha^9 = \alpha + \alpha^3 & & \alpha^{14} = 1 + \alpha^3 &\\ &\alpha^5 = \alpha + \alpha^2 & & \alpha^{10} = 1 + \alpha + \alpha^2 & & \alpha^{15} = 1. & \end{align*}