20.3 The sub¬eld structure and uniqueness of ¬nite ¬elds

We begin with a result that holds for ¬eld extensions in general.

Theorem 20.12. Let E be an extension of a ¬eld F , and let σ be an F -

algebra automorphism on E. Then the set E := {± ∈ E : σ(±) = ±} is a

sub¬eld of E containing F .

Proof. By de¬nition, σ acts as the identity function on F , and so F ⊆ E .

To show that E is a subring of E, it su¬ces to show that E is closed under

addition and multiplication. To show that E is closed under addition, let

±, β ∈ E . Then σ(± + β) = σ(±) + σ(β) = ± + β, and hence ± + β ∈ E .

Replacing “+” by “·” in the above argument shows that E is closed under

multiplication. We conclude that E is a subring of E.

To complete the proof that E is a sub¬eld of E, we need to show that if

0 = ± ∈ E and β ∈ E with ±β = 1, then β ∈ E . We have

±β = 1 = σ(1) = σ(±β) = σ(±)σ(β) = ±σ(β),

and hence ±β = ±σ(β); canceling ±, we obtain β = σ(β), and so β ∈ E . 2

The sub¬eld E in the above theorem is called the sub¬eld of E ¬xed

20.3 The sub¬eld structure and uniqueness of ¬nite ¬elds 455

by σ. Turning our attention again to ¬nite ¬elds, the following theorem

completely characterizes the sub¬eld structure of a ¬nite ¬eld.

Theorem 20.13. Let E be an extension of degree of a ¬nite ¬eld F , and

let σ be the Frobenius map on E over F . Then the intermediate ¬elds E ,

with F ⊆ E ⊆ E, are in one-to-one correspondence with the divisors k of ,

where the divisor k corresponds to the sub¬eld of E ¬xed by σ k , which has

degree k over F .

Proof. Let q be the cardinality of F . Let k be a divisor of . Now, by

Theorem 20.6, the polynomial Xq ’ X splits into distinct linear factors over

k

E, and by Theorem 20.3, the polynomial Xq ’ X divides Xq ’ X. Hence,

k

Xq ’ X also splits into distinct linear factors over E. This says that the

k

sub¬eld of E ¬xed by σ k , which consists of the roots of Xq ’ X, has precisely

q k elements, and hence is an extension of degree k over F . That proves the

existence part of the theorem.

As for uniqueness, we have to show that any intermediate ¬eld is of this

type. Let E be an intermediate ¬eld of degree k over F . By Theorem 20.6,

k

we have Xq ’ X = ±∈E (X ’ ±) and Xq ’ X = ±∈E (X ’ ±), from which it

k

follows that Xq ’ X divides Xq ’ X, and so by Theorem 20.3, we must have

k | . There can be no other intermediate ¬elds of the same degree k over

k

F , since the elements of such a ¬eld would also be roots of Xq ’ X. 2

The next theorem shows that up to isomorphism, there is only one ¬nite

¬eld of a given cardinality.

Theorem 20.14. Let E, E be extensions of the same degree over a ¬nite

¬eld F . Then E and E are isomorphic as F -algebras.

Proof. Let q be of cardinality F , and let be the degree of the extensions.

As we have argued before, we have E = F [± ] for some ± ∈ E , and so E is

isomorphic as an F -algebra to F [X]/(φ), where φ is the minimal polynomial

of ± over F . As φ is an irreducible polynomial of degree , by Theorem 20.9,

φ divides Xq ’ X, and by Theorem 20.6, Xq ’ X = ±∈E (X ’ ±), from which

it follows that φ has a root ± ∈ E. Since φ is irreducible, φ is the minimal

polynomial of ± over F , and hence F [±] is isomorphic as an F -algebra to

F [X]/(φ). Since ± has degree over F , we must have E = F [±]. 2

Exercise 20.3. This exercise develops an alternative proof for the existence

of ¬nite ¬elds ” however, it does not yield a density result for irreducible

polynomials. Let F be a ¬nite ¬eld of cardinality q, and let ≥ 1 be an

integer. Let E be a splitting ¬eld for the polynomial Xq ’ X ∈ F [X] (see

456 Finite ¬elds

Theorem 17.19), and let σ be the Frobenius map on E over F . Let E be

the sub¬eld of E ¬xed by σ . Show that E is an extension of F of degree .

Exercise 20.4. Let E be an extension of degree over a ¬nite ¬eld F of

cardinality q. Show that at least half the elements of E have degree over

F , and that the total number of elements of degree over F is q + O(q /2 ).

20.4 Conjugates, norms and traces

Throughout this section, F denotes a ¬nite ¬eld of cardinality q, E denotes

an extension over F of degree , and σ denotes the Frobenius map on E

over F .

Consider an element ± ∈ E. We say that β ∈ E is conjugate to ± (over

F ) if β = σ i (±) for some i ∈ Z. The reader may verify that the “conjugate

to” relation is an equivalence relation. We call the equivalence classes of

this relation conjugacy classes, and we call the elements of the conjugacy

class containing ± the conjugates of ±.

Starting with ±, we can start listing conjugates:

±, σ(±), σ 2 (±), . . . .

As σ is the identity map, this list will eventually start repeating. Let

k be the smallest positive integer such that σ k (±) = σ i (±) for some i =

0, . . . , k ’ 1. It must be the case that i = 0 ” otherwise, applying σ ’1

to the equation σ k (±) = σ i (±) would yield σ k’1 (±) = σ i’1 (±), and since

0 ¤ i ’ 1 < k ’ 1, this would contradict the minimality of k.

Thus, ±, σ(±), . . . , σ k’1 (±) are all distinct, and σ k (±) = ±. Moreover,

for any i ∈ Z, we have σ i (±) = σ j (±), where j = i mod k, and so

±, σ(±), . . . , σ k’1 (±) are all the conjugates of ±. Also, σ i (±) = ± if and

only if k divides i. Since σ (±) = ±, it must be the case that k divides .

With ± and k as above, consider the polynomial

k’1

(X ’ σ i (±)).

φ :=

i=0

The coe¬cients of φ obviously lie in E, but we claim that in fact, they lie

in F . This is easily seen as follows. Consider the extension of the map

σ from E to E[X] that applies σ coe¬cient-wise to polynomials. This was

discussed in Example 9.48, where we saw that the extended map, which we

also denote by σ, is a ring homomorphism from E[X] into E[X]. Applying σ

20.4 Conjugates, norms and traces 457

to φ, we obtain

k’1 k’1 k’1

i i+1

(X ’ σ i (±)),

σ(X ’ σ (±)) = (X ’ σ

σ(φ) = (±)) =

i=0 i=0 i=0

since σ k (±) = ±. Thus we see that σ(φ) = φ. Writing φ = i ai Xi , we see

that σ(ai ) = ai for all i, and hence by Theorem 20.8, ai ∈ F for all i. Hence

φ ∈ F [X]. We further claim that φ is the minimal polynomial of ±. To see

this, let f ∈ F [X] be any polynomial over F for which ± is a root. Then for

any integer i, by Theorem 17.1, we have

0 = σ i (0) = σ i (f (±)) = f (σ i (±)).

Thus, all the conjugates of ± are also roots of f , and so φ divides f . That

proves that φ is the minimal polynomial of ±. Since φ is the minimal poly-

nomial of ± and deg(φ) = k, it follows that the number k is none other than

the degree of ± over F .

Let us summarize the above discussion as follows:

Theorem 20.15. Let ± ∈ E be of degree k over F , and let φ be the minimal

polynomial of ± over F . Then k is the smallest positive integer such that

σ k (±) = ±, the distinct conjugates of ± are ±, σ(±), . . . , σ k’1 (±), and φ

factors over E (in fact, over F [±]) as

k’1

(X ’ σ i (±)).

φ=

i=0

Another useful way of reasoning about conjugates is as follows. First,

if ± = 0, then the degree of ± over F is 1, and there is nothing more to

say, so let us assume that ± ∈ E — . If r is the multiplicative order of ±,

then note that any conjugate σ i (±) also has multiplicative order r ” this

follows from the fact that for any positive integer s, ±s = 1 if and only if

(σ i (±))s = 1. Also, note that we must have r | |E — | = q ’ 1, or equivalently,

q ≡ 1 (mod r). Focusing now on the fact that σ is the q-power map, we

k

see that the degree k of ± is the smallest positive integer such that ±q = ±,

k

which holds i¬ ±q ’1 = 1, which holds i¬ q k ≡ 1 (mod r). Thus, the degree

of ± over F is simply the multiplicative order of q modulo r. Again, we

summarize these observations as a theorem: