ALGEBRA II - Uwasalipas.uwasa.fi/~mamo/algebraIIen.pdf · ALGEBRA II 7 Prof.o Let m2Z. By the...

ALGEBRA II

1

2 ALGEBRA II

Contents

1. Results from elementary number theory 3

2. Groups 4

2.1. De�nition, Subgroup, Order of an element 4

2.2. Equivalence relation, Lagrange's theorem, Cyclic group 9

2.3. Homomorphism, Factor group, First isomorphism theorem 12

3. Rings and �elds 15

3.1. Ring, Integral domain, Field, Characteristic 15

3.2. Subring, Ideal, Residue class ring, Finite �eld Fp 17

4. Polynomials 20

4.1. Divisibility in F [x] 22

4.2. Residue class ring F [x]/(f) 25

5. Field extensions 27

6. Finite �elds 33

7. A brief introduction to the error correcting block codes 38

7.1. Cyclic codes 43

ALGEBRA II 3

1. Results from elementary number theory

Recall the division algorithm: for a, d ∈ Z (d 6= 0), there exist unique q, r ∈ Zsuch that

a = qd+ r, 0 ≤ r ≤ |d|

If the remainder r = 0 we say that d divides a (or is a factor of a) and write d | a.We use the notation a mod d for the remainder r.

An integer p > 1 is a prime number if it has only the trivial factors ±1,±p.

Theorem 1.1 (Fundamental Theorem of Arithmetics). Let n > 1 be an integer.

There exist unique prime numbers p1, . . . , pt such that n = p1p2 · · · pt.

Theorem 1.2.

(1) a | a ∀a ∈ N.

(2) a | b and b | a ⇒ a = ±b ∀a, b ∈ N.

(3) a | b and b | c ⇒ a | c ∀a, b ∈ N and c ∈ Z.(4) c | a and c | b ⇒ c | (au+ bv) ∀a, b, u, v ∈ Z and c ∈ N.

De�nition 1.1. Let a, b ∈ Z (b 6= 0). Integer d is a common factor of a and b if it is

a factor of a and b. The greatest common divisor gcd(a, b) of a and b is the greatest

element in the set of common factors of a

The greatest common divisor gcd(a, b) can be calculated by the Euclidean algo-

rithm:

a = q1b+ r1, 0 < r1 < b

b = q2r1 + r2, 0 < r2 < r1

r1 = q3r2 + r3, 0 < r3 < r2...

rn−2 = qnrn−1 + rn, 0 < rn < rn−1

rn−1 = qn+1rn + 0

Here, the last nonzero remainder rn = gcd(a, b).

Theorem 1.3. Let a, b ∈ Z (b 6= 0). There exists u, v ∈ Z such that gcd(a, b) =

au+ bv.

4 ALGEBRA II

De�nition 1.2. Let a, b, n ∈ Z (n > 0). If n is a factor of a − b we say that a is

congruent to b modulo n if a ≡ b (n).

Theorem 1.4. Let a, b, c, d, n ∈ Z (n > 0). Then

(1) a ≡ b (n) and c ≡ d (n) ⇒ a+ c ≡ b+ d (n).

(2) a ≡ b (n) and c ≡ d (n) ⇒ ac ≡ bd (n).

(3) gcd(a, n) = 1 and ab ≡ ac (n)⇒ b ≡ c (n).

(4) a ≡ b (n)⇔ a mod n = b mod n.

Theorem 1.5. Let a, b, n ∈ Z (n > 0). The congruence

(1) ax ≡ b (n)

is solvable if and only if gcd(a, n) | b. The solutions of (1) in the interval [0, n− 1]

are

x0, x0 + nd, x0 + 2n

d, . . . , x0 + (d− 1)n

d,

where d = gcd(a, n), and x0 is the unique solution of

(2) adx ≡ b

d(nd)

in the interval [0, n/d− 1].

Moreover, any solution of (1) is congruent to x0 +k ndfor some k ∈ {0, . . . , d−1}.

Remark 1.1. We show how Euclidean algorithm can be used to �nd the solution

x0 of (2). Since gcd(ad, nd) = 1, Theorem 1.3 implies that

adu+ n

dv = 1

for some u, v ∈ Z. Multiply both sides by bdto get

ad(u b

d) ≡ b

d(nd).

It now follows from Theorem 1.4 (4) that x0 is equal to the remainder u bdmod n

d.

2. Groups

2.1. De�nition, Subgroup, Order of an element.

De�nition 2.1. Let S be a set and let S×S = {(a, b) | a, b ∈ S} (the set of orderedpairs (a, b) with a, b ∈ S). A function S × S → S is called a binary operation on S.

De�nition 2.2. Let G be a non-empty set and ∗ a binary operation on G. The

pair (G, ∗) is called a group if the following three properties hold:

ALGEBRA II 5

(1) ∗ is associative, that is, for any a, b, c ∈ G,

a ∗ (b ∗ c) = (a ∗ b) ∗ c.

(2) There is an identity (or unity) element e in G such that for all a ∈ G,

a ∗ e = e ∗ a = a.

(3) For each a ∈ G, there exists an inverse element a−1 in G such that

a ∗ a−1 = a−1 ∗ a = e.

If the group also satis�es

(4) For all a, b ∈ G,a ∗ b = b ∗ a,

then the group is called abelian or (commutative).

From now on we usually write G instead of (G, ∗) and use multiplicative notation

ab instead of a∗b. Sometimes, especially when G is abelian, we use additive notation

a + b instead of a ∗ b. Respectively, we call G multiplicative or additive. If G is

additive we write −a instead of a−1.

Remark 2.1. It is easy to see that there is only one identity element in G and only

one inverse a−1 for each a in G.

Example 2.1. (Z,+), (Q,+), (R,+), and (C,+) are abelian groups as well as

(R∗, ·) and (C∗, ·). The set of all invertible n × n matrices with entries in R is a

non-abelian group with respect of matrix product.

For n ∈ N and a ∈ G we de�ne the nth power an of a by setting an =

n times︷︸︸︷aa · · · a.

Moreover, we set a0 = e and a−n = (a−1)n.

It is easy to see that

anam = an+m,(3)

(an)m = anm,

for all n,m ∈ Z.If we use the notation + on G, we write na, the nth multiple of a, instead of an.

Now na = a+ a+ · · ·+ a︸︷︷︸n times

, if n ∈ N. Moreover, we set 0a = e and (−n)a = n(−a).

6 ALGEBRA II

Now we have,

na+ma = (n+m)a,

m(na) = (mn)a,

for all n,m ∈ Z.

De�nition 2.3. A group G is cyclic if there is an element g in G such that

G = {gj | j ∈ Z}.

Such an element is a generator of G and we write G = 〈g〉.

Remark 2.2. Property (3) implies that any cyclic group is abelian.

Example 2.2. The generators of the additive group Z are 1 and −1.

Consider next some groups with �nite number of elements.

De�nition 2.4. A group is called �nite (resp. in�nite) if it contains �nitely (resp.

in�nitely) many elements. The number of elements in a �nite group is called its

order. We write |G| for the order of the �nite group G.

Let a, n ∈ Z (n > 0). The residue class a of a modulo n is the set

a := {b ∈ Z | b ≡ a (n)}.

Each element in a is called a representative of a.

Lemma 2.1. Let a, b, n ∈ Z (n > 0). Then

a ≡ b (n)⇔ a ∩ b 6= ∅ ⇔ a = b.

Proof. The �rst equivalence is obvious since c ∈ a ∩ b ⇔ a ≡ c ≡ b (n).

The implication a = b ⇒ a ∩ b 6= ∅ is obvious too, and hence we only need to

prove: a ∩ b 6= ∅ ⇒ a = b.

So, assume c ∈ a ∩ b, and let d ∈ a. Now d ≡ a ≡ c ≡ b (n) and therefore d ∈ b.Hence, a ⊆ b. By the symmetry we also have b ⊆ a. �

Theorem 2.1. The set Zn := {0, 1, . . . , n− 1} of residue classes modulo n forms a

partition of Z, i.e.Z = 0 ∪ 1 ∪ · · · ∪ n− 1,

where the residue classes are pairwise distinct.

ALGEBRA II 7

Proof. Let m ∈ Z. By the division algorithm m ≡ r (n), with 0 ≤ r ≤ n−1. Hence,

m belongs to the union. Obviously the union is a subset of Z.The residue classes are pairwise distinct by the �rst equivalence in Lemma 2.1. �

Now de�ne the two binary operations, the addition + and the multiplication ·, onZn by setting

a+ b = a+ b,

a · b = ab,

where a, b are any representatives of the respective sets a and b.

Remark 2.3. It is easy to see that + and · are well-de�ned i.e. a+ b and a · b areindependent of the choice of the representatives of a and b.

Theorem 2.2. (Zn,+) is a �nite cyclic group.

Proof. (Sketch.) (1) The associativity follows from the de�nition of + on Zn and

the associativity of + on Z. (2) The identity element is 0. (3) The inverse −a of a

is −a. Hence (Zn,+) is a group. It is �nite by the de�nition, and 1 is a generator

for it. �

Example 2.3. The group table of the additive group Z4 is

+ 0 1 2 30 0 1 2 31 1 2 3 02 2 3 0 13 3 0 1 2

Next de�ne the set Z∗n of prime classes modulo n:

Z∗n := {a ∈ Zn | gcd(a, n) = 1}.

Theorem 2.3. (Z∗n, ·) is a �nite abelian group.

Proof. (Sketch.) (1) The associativity follows from the de�nition of · on Zn and the

associativity of · on Z. (2) The identity element is 1. (3) Let a ∈ Z∗n. Now ax = 1

if and only if ax ≡ 1 (n) is solvable. By Theorem 1.5 the congruence is solvable if

gcd(a, n) = 1, and consequently a−1 exists for each a ∈ Z∗n. (4) Since

ab = ab = ba = ba,

8 ALGEBRA II

the multiplicative group Z∗n is abelian. �

Example 2.4. The group table of the multiplicative group Z∗8 is

· 1 3 5 71 1 3 5 73 3 1 7 55 5 7 1 37 7 5 3 1

This group of order 4 is not cyclic, since a2 = 1 for all a ∈ Z∗8.

In the preceding example e.g. the subset {1, 3} is a group. This motivates the

following de�nition.

De�nition 2.5. Let (G, ∗) be a group and let H be a subset of G. If (H, ∗) is group,then it is called a subgroup of (G, ∗).

Every group G has at least two subgroups: {e} and G, the trivial subgroups of G.

Lemma 2.2 (Subgroup criterion). A non-empty set H of a group G is a subgroup

of G if and only if ab−1 ∈ H for all a, b ∈ H.

Proof. Exercise. �

Example 2.5. Z∗8 has subgroups {1, 3}, {1, 5}, {1, 7}. It is easy to see that these

are the only non-trivial subgroups of Z∗8.

Let a be any element of a group G. The set 〈a〉 := {ai | i ∈ Z} is a subgroup of

G by the subgroup criterion. It is called a cyclic subgroup of G.

De�nition 2.6. Let a be an element of a group G. If 〈a〉 is �nite, then its order is

called the order of a. Otherwise, a is called an element of in�nite order.

Theorem 2.4. The order of an element a of a �nite group is the least positive

integer n satisfying an = e.

Proof. Since G is �nite, ai = aj for some 0 < i < j. Hence, aj−i = e. Let n be the

least positive integer with an = e. Let k be any positive integer. Now k = nq + r

for some 0 ≤ r ≤ n− 1, and ak = anqar = ar. Hence 〈a〉 = {1, a, . . . , an−1}, and all

the powers ai with i = 0, . . . , n − 1 are pairwise distinct by the choice of n. Hence

|〈a〉| = n. �

ALGEBRA II 9

2.2. Equivalence relation, Lagrange's theorem, Cyclic group.

Next we generalize the concepts of congruence and residue class modulo n.

De�nition 2.7. Let ∼ be a relation on a set S. It is called an equivalence relation

on S if it has the following three properties

(1) a ∼ a for all a ∈ S (re�exivity).

(2) if a ∼ b then b ∼ a for all a, b ∈ S (symmetry).

(3) if a ∼ b and b ∼ c then a ∼ c for all a, b, c ∈ S (transitivity).

De�nition 2.8. Let ∼ be an equivalence relation on S, and let a ∈ S. The equiva-lence class a of a with respect to ∼ is the set

a := {b ∈ S | b ∼ a}.

Each element in a is a representative of a.

Example 2.6. Clearly the congruence ≡ modulo n is an equivalence relation on Z,and the equivalence class of a ∈ Z with respect to ≡ is the residue class of a modulo

n.

We have analogues of Lemma 2.1 and Theorem 2.1:

Lemma 2.3. Let ∼ be an equivalence relation on S. Then

a ∼ b⇔ a ∩ b 6= ∅ ⇔ a = b.

Proof. We may replace ≡ with ∼ in the proof of Lemma 2.1, since there is used only

the de�ning properties of an equivalence relation. �

Theorem 2.5. Let ∼ be an equivalence relation on S. There exists a subset T of

S such that the set of equivalence classes {t | t ∈ T} with respect to ∼ forms a

partition of G, i.e.

S =⋃t∈T

t,

where the equivalence classes are pairwise distinct.

Proof. Let t ∈ S. Now t ∈ t by the re�exivity. Hence,

S =⋃t∈S

t =⋃

t∈T ′⊆S

t

where a 6= b for all a, b ∈ T ′, a 6= b. By Lemma 2.3 a ∩ b = ∅ for all a, b ∈ T ′, a 6= b.

Hence we may choose T = T ′. �

10 ALGEBRA II

Lemma 2.4. Let H be a subgroup of a group G and de�ne relation ∼ on G as

follows:

a ∼ b⇔ ab−1 ∈ H.Then ∼ is an equivalence relation on G.

Proof. (1) Since aa−1 = 1 ∈ H, a ∼ a. (2) Assume a ∼ b i.e. ab−1 ∈ H. Since H is a

group, the inverse element (ab−1)−1 is also in H. But (ab−1)−1 = ba−1. Hence b ∼ a.

(3) Assume a ∼ b and b ∼ c i.e. ab−1 = h1 and bc−1 = h2 for some h1, h2 ∈ H. Now

ac−1 = a(b−1h2) = a((a−1h1)h2) = (aa−1)(h1h2) ∈ H.

Hence a ∼ c. �

Let a ∈ G. The equivalence class of a with respect the relation ∼ de�ned above

is

a = {b ∈ G | ba−1 ∈ H} = {ha | h ∈ H} =: Ha.

and is called the right coset of a modulo H.

If we had de�ned ∼ as a ∼ b if and only of a−1b ∈ H, then the equivalence class

of a would have been the left coset of a modulo H:

aH := {ah | h ∈ H}.

We consider left cosets and call them just cosets.

Example 2.7. Let n ∈ N, G = (Z,+) and H = 〈n〉. Now the coset of a modulo H

is the set

a+H = {a+ h | h ∈ H} = {a+ nk | k ∈ Z}which is exactly the residue class of a modulo n.

The cardinalities of two cosets modulo H are equal:

Lemma 2.5. Let H be a subgroup of a group G and a ∈ G. Then, the function

f : H → aH, f(x) = ax,

is bijective.

Proof. Let b ∈ aH. Now b = ah for some h ∈ H, and f(h) = b. Hence f is

surjective. It is also injective:

f(h) = f(h′)⇒ ah = ah′ ⇒ h = h′.

�

ALGEBRA II 11

We can now prove an important result:

Theorem 2.6 (Lagrange). Let H be a subgroup of a �nite group G. Then, the order

of H is a factor of order of G.

Proof. By Theorem 2.5 we have partition G =⋃t∈T⊆G tH. By Lemma 2.5, |H| =

|tH| for all t ∈ T , and therefore

|G| =∑t∈T

|tH| = |T | · |H|.

�

Corollary 2.1. Let G be a �nite group. Then, a|G| = e for all a ∈ G.

Proof. Let a ∈ G. By Lagrange's Theorem n := |〈a〉| is a factor |G|, say |G| = nd.

Now, by Theorem 2.4, a|G| = and = (an)d = e. �

Corollary 2.2 (Fermat's little theorem). Let p be a prime number and let a ∈ Z.Then

p - a⇒ ap−1 ≡ 1 (p).

Proof. Since gcd(a, p) = 1, a ∈ Z∗p. Since |Z∗p| = p − 1, Corollary 2.1 implies that

ap−1 = 1, equivalently, ap−1 ≡ 1 (p). �

Theorem 2.7. Let G = 〈g〉 be a cyclic group. Then

(1) each subgroup of H is cyclic.

If, moreover, |G| = n, then

(2) For each factor d of n there exists exactly one subgroup H of G, namely

H = 〈g nd 〉.

Proof. (1) Obviously {e} = 〈e〉. Assume H 6= {e}. The elements of H are of the

form gi, i ∈ Z. Let m be the least positive integer such that gm ∈ H. We show that

H = 〈gm〉.Let gt ∈ H. Now t = qm + r, 0 ≤ r ≤ m − 1, for some q, r ∈ Z, and therefore

gt = gqmgr. Hence, gr = gtg−qm ∈ H. By the minimality of m we must have r = 0,

and therefore gt = gqm ∈ 〈gm〉.(2) Let H be a subgroup of G. If H is trivial we are done. Assume H is non-

trivial. By (1) H = 〈gt〉 for some t ∈ Z, t > 0. Write t = dt′, where d = gcd(t, n).

We show that H = 〈gd〉.

12 ALGEBRA II

Obviously, H ⊆ 〈gd〉. So, we only need to prove that gd ∈ H. Since gcd(t′, n) = 1,

we have t′x0 ≡ 1 (n), for some x0 ∈ Z. Now (gt)x0 = (gdt′)x0 = (gd)t

′x0 = (gd)1+kn

for some integer k. Now, by Corollary 2.1, we get (gt)x0 = gd(gdk)n = gd, and

therefore gd ∈ H. �

Example 2.8. The subgroups of the additive group Z15 are {0}, 〈1〉 = Z15, 〈3〉 =

{0, 3, 6, 9, 12}, and 〈5〉 = {0, 5, 10}.

2.3. Homomorphism, Factor group, First isomorphism theorem.

When comparing the structures of two groups, functions between the groups which

preserve the operations paly an important role.

De�nition 2.9. Let (G, ∗) and (G′, ◦) be groups. A function f : G → G′ is called

a homomorphism if it satis�es the following property:

f(a ∗ b) = f(a) ◦ f(b) ∀a, b ∈ G.

A homomorphism which is also bijection is called an isomorphism. If there is an

isomorphism between G and G′, then they are said to be isomorphic and this is

denoted by G ' G′.

Example 2.9. The groups (R,+) and (R>0, ·), where R>0 is the set of positive real

numbers, are isomorphic since the exponential function f(x) = ex is an isomorphism

from (R,+) onto (R>0, ·).

Lemma 2.6. Let f : G → G′ be a homomorphism, and let e and e′ be the identity

elements of G and G′. Then

(1) f(e) = e′

(2) f(a)−1 = f(a−1) for all a ∈ G.

Proof. (1) f(e) = f(e ∗ e) = f(e) ◦ f(e). Hence, f(e) = e′.

(2) f(a) ◦ f(a−1) = f(a ∗ a−1) = f(e)

(1)︷︸︸︷= e′. Hence, the inverse of f(a) equals

f(a−1). �

De�nition 2.10. The kernel kerf of a homomorphism f : G→ G′ is the set of all

inverse images of e′ under f i.e.

kerf = {a ∈ G | f(a) = e′}.

ALGEBRA II 13

The image imf of f is the value set of f i.e.

imf = {f(a) | a ∈ G}.

Lemma 2.7. The kernel of a homomorphism f : G → G′ is a subgroup of G, and

the image of f is a subgroup of G′.

Proof. By Lemma 2.6 (1), f(e) = e′ and therefore kerf 6= ∅. Let a, b ∈ kerf . Now

f(a∗b−1) = f(a)◦f(b−1) = f(a)◦f(b)−1 = e′◦e′−1 = e′◦e′ = e′. Hence ab−1 ∈ kerf .

Now, by the subgroup criterion kerf is subgroup of G.

Let c, d ∈ imf . Now c = f(a) and d = f(b) for some elements a, b ∈ G. Now

cd−1 = f(a)f(b)−1 = f(a)f(b−1) = f(ab−1). Hence, cd−1 ∈ imf . �

Theorem 2.8. Let f : G → G′ be a homomorphism, and let H = kerf . The set

G/H of cosets modulo H is a group with respect the operation · de�ned by

aH · bH = abH.

Proof. First we show that the operation is well de�ned i.e. we show that if aH = a′H

and bH = b′H, then a′H · b′H = aH · bH.

If aH = a′H and bH = b′H, then a′H · b′H = a′b′H = ah1bh2H for some

h1, h2 ∈ H. We need to show that ah1bh2H = abH, or equivalently, that h1b = bh3

for some h3 ∈ H (by Lemmas 2.3 and 2.4). Since f(b−1h1b) = f(b)−1f(h)f(b) =

f(b)−1f(b) = e′, we have b−1h1b = h3 for some h3 ∈ H.

The associativity follows from the associativity of the operation of G, the identity

element is H and the inverse element of aH is a−1H. �

Note that if H is a subgroup of G satisfying bH = Hb for all b ∈ G, then the

proof above shows that the set G/H of cosets modulo H is a group.

De�nition 2.11. Let H be a subgroup of G. If aH = Ha for all a ∈ G, then H is

said to be normal in G.

Now we can generalize the preceding theorem:

Theorem 2.9. Let H be a normal subgroup of G. Then (G/H, ·) is a group.

De�nition 2.12. The group (G/H, ·) is called a factor group of G modulo H.

14 ALGEBRA II

Example 2.10. Z∗7 is an abelian group and therefore each of its subgroups is normal.

Consider e.g. the factor group Z∗7/〈6〉. The cosets modulo 〈6〉 are

¯1 = 〈6〉 = {1, 6}, ¯2 = 2〈6〉 = {2, 5}, ¯3 = 3〈6〉 = {3, 4},

and the group table of Z∗7/〈6〉 is

· ¯1 ¯2 ¯3¯1 ¯1 ¯2 ¯3¯2 ¯2 ¯3 ¯1¯3 ¯3 ¯1 ¯2

Example 2.11. Let n ∈ Z, n > 0. Obviously f : (Z,+) → Zn, f(a) = a, is a

homomorphism. Now kerf = 〈n〉. The function F : Z/〈n〉 → Zn, F (a + 〈n〉) = a is

an isomorphism.

The example above can be generalized:

Theorem 2.10 (First homomorphism theorem). Let f : G → G′ be a homomor-

phism. Then the function

F : G/kerf → im(f), F (aH) = f(a)

is an isomorphism.

Proof. Let H = kerf . We �rst show that F is well de�ned. Let aH = a′H. Now

a = a′h for some h ∈ H, and therefore f(a) = f(a′h) = f(a′)f(h) = f(a′). Hence

F (aH) = f(a) = f(a′) = F (a′H).

Let c ∈ imf . Now c = f(a) for some a ∈ G, and therefore F (aH) = f(a) = c.

Hence, F is surjective. It is injective too:

F (aH) = F (bH)⇒ f(a) = f(b)⇒ f(ab−1) = f(a)f(b)−1 = e′

⇒ ab−1 ∈ H ⇒ aH = bH.

�

Example 2.12. Let f : C∗ → R∗, f(z) = |z|. Now f(zw) = |zw| = |z||w| =

f(z)f(w), and so f is a homomorphism. Clearly imf = R>0. The kernel kerf =

{z ∈ C∗ | |z| = 1} is the unit circle S1 of the complex plane and so we have

isomorphism C∗/S1 ' R>0.

ALGEBRA II 15

3. Rings and fields

3.1. Ring, Integral domain, Field, Characteristic.

Consider next a set where two binary operations are de�ned and which satisfy

certain axioms.

De�nition 3.1. Let R be a set with at least two elements, and let + and · be twobinary operations de�ned on R. The triple (R,+, ·) is called a ring, if the following

axioms are satis�ed:

(1) (R,+) is an additive abelian group.

(2) · is associative.(3) There exists identity element 1 with respect to ·.(4) The distributive laws hold i.e. for all a, b, c ∈ R we have

a(b+ c) = ab+ ac and (b+ c)a = ba+ ca.

If ab = ba for all a, b ∈ R, then R is called a commutative ring.

Remark 3.1. In a ring R we denote by 0 the identity element with respect to +.

Moreover, the additive inverse of a ∈ R is denoted by −a, and a+(−b) is abbreviatedby a− b.

The following familiar looking rules hold in every ring.

Lemma 3.1. Let R be a ring. Then

(1) 0 · a = 0 = a · 0 for all a ∈ R.(2) 1 6= 0.

(3) (−a)b = −ab = a(−b) for all a, b ∈ R.(4) (−a)(−b) = ab for all a, b ∈ R.


Example 3.1. Some familiar commutative rings are Z, R and C. The matrix ring

(Mn×n(R),+, ·)) is also a ring but not commutative.

Example 3.2. Let n ∈ N. Then (Zn,+, ·) is a �nite commutative ring. Assume

n = mt with m, t > 1. Then mt = 0 although both m 6= 0 and n 6= 0. This

motivates the following de�nition.

16 ALGEBRA II

De�nition 3.2. Let R be commutative ring. R is an integral domain if for all

a, b ∈ R condition ab = 0 implies a = 0 or b = 0.

Example 3.3. Z, R and C are integral domains.

Example 3.4. Let n ∈ N. We show that Zn is an integral domain if and only if n

is a prime number. We have already seen, that Zn is not an integral domain if n is a

composite number. Assume n is a prime. Then Z∗n = {1, . . . , n− 1}. If now ab = 0

and a = 0, then by multiplying the equation by a−1 we get b = 0.

De�nition 3.3. Let R be a ring. If an element a ∈ R has the multiplicative inverse

a−1 it is called an unit in R. The set of units in R is denoted by symbol R∗

Example 3.5. R∗ = R \ {0}, Z∗ = {−1, 1}.

Lemma 3.2. (R∗, ·) is a group.


In this course we are particularly interested in the commutative rings R with R∗

maximal i.e. R∗ = R \ {0}.

De�nition 3.4. Let (F,+, ·) be a commutative ring. If F ∗ = F \ {0}, then F is

called a �eld.

Theorem 3.1. Each �eld is an integral domain. Each �nite integral domain is a

�eld.

Proof. Let F be a �eld and let a, b ∈ F such that ab = 0. If a 6= 0, then by

multiplying by a−1 we get b = 0.

Assume then that R is a �nite integral domain. Let a ∈ R, a 6= 0. To prove that

R is �eld, it is enough to show that a−1 exists. To that end we consider the function

fa : R → R, fa(x) = ax. If fa is bijective, then it follows that fa(b) = 1 for some

b ∈ R, and therefore b = a−1.

We show that fa indeed is a bijection. First,

fa(b) = fa(c)⇒ ab = ac⇒ a(b− c) = 0⇒ b− c = 0⇒ b = c,

and so fa is injective. Now |imf | = |R|, and it follows that f if surjective as well. �

Corollary 3.1. Zp is a �eld if and only if p is a prime number.

ALGEBRA II 17

Proof. By Example 3.4, Zp is an integral domain if and only if p is a prime. �

A big di�erence in the rings Z and Zn is that the order of any nonzero element in

(Z,+) is in�nite while in (Zn,+) nr = 0 for all r ∈ R. We formalize this property.

De�nition 3.5. Let R be a ring. The least positive integer n satisfying nr = 0 for

all r ∈ R is called the characteristic of R. If there does not exist a positive integer

n such that nr = 0 for all r ∈ R, then the characteristic of R is de�ned to be 0. The

characteristic of R is denoted by char(R).

Example 3.6. Obviously char(Z) = char(Q) = char(R) = char(C) = 0. The

characteristic of Zn is n, since nr = 0 for all r ∈ Zn, and this is the least positive

integer satisfying n1 = 0.

Remark 3.2. The characteristic of a ring R is the actually least positive integer n

such that n1 = 0, since if n1 = 0, then nr = (n1)r = 0r = 0 for all r ∈ R.

Theorem 3.2. Let R be an integral domain with positive characteristic. Then

char(R) = p for some prime number p.

Proof. Let char(R) = n, and let n = mt for some integers m, t ≥ 1. Now n1 =

(m1)(t1) = 0, and since R is an integral domain, m1 = 0 or t1 = 0. Since n is the

least positive integer with n1 = 0, we must have m = n or t = n. Hence, n has only

trivial factors and is therefore a prime. �

Corollary 3.2. The characteristic of a �nite �eld is a prime number.

Proof. Let F be a �nite �eld. Since n1 ∈ F for all positive integers n, and F is

�nite, we must have m1 = n1 for some positive integers m,n with m 6= n. Hence

(m−n)1 = 0, and therefore F is an integral domain with positive characteristic. �

3.2. Subring, Ideal, Residue class ring, Finite �eld Fp.

De�nition 3.6. Let S be a subset of a ring (R,+, ·). If also (S,+, ·) is a ring, it is

called a subring of R.

De�nition 3.7. An ideal of a ring (R,+, ·) is a subset I of R satisfying the following

two properties:

(1) (I,+) is a subgroup (R,+).

18 ALGEBRA II

(2) ri ∈ I, for all r ∈ R and for all i ∈ I.

Example 3.7. Let R be a commutative ring and let a ∈ R. Then the set (a) :=

{ra | r ∈ R} is easily seen to be an ideal of R. It is called a principal ideal of R.

Here, element a is called a generator of (a).

Since the additive group (R,+) of a ring R is assumed to be abelian, any ideal

(I,+) of R is normal in (R,+). Hence, we can form the factor group (R/I,+),

where (a+ I)+(b+ I) := a+ b+ I. We de�ne the multiplication · on R/I by setting

(a+ I) · (b+ I) := ab+ I. The second condition in the de�nition of an ideal implies

that this multiplication is well-de�ned, and now we get

Theorem 3.3. Let I be an ideal of a commutative ring R. Then (R/I,+, ·) is a

commutative ring.


We call (R/I,+, ·) as a residue class ring of R modulo I, and its element a+ I is

called the residue class of a modulo I.

Example 3.8. Let n ∈ N. Now, the ring Z/(n) consists of the residue classes

a+ (n) = {a+ nk | k ∈ Z} = a. Hence, (Z/(n),+, ·) = (Zn,+, ·).

The concept of a homomorphism can also be de�ned in the context of ring theory.

De�nition 3.8. Let R and R′ be rings. A function f : R → R′ is called a homo-

morphism if it satis�es the following three conditions for all a, b ∈ R:

(1) f(a+ b) = f(a) + f(b)

(2) f(ab) = f(a)f(b)

(3) f(1R) = 1R′

If f is also a bijection, it is called an isomorphism, and R and R′ are called isomor-

phic. This is denoted by R ' R′.

De�nition 3.9. The kernel of a ring homomorphism f : R→ R′ is the set

kerf = {r ∈ R | f(r) = 0}

Lemma 3.3. The kernel of a ring homomorphism f : R→ R′ is an ideal of R.

ALGEBRA II 19

Proof. Since f is a group homomorphism from (R,+) into (R′,+), we know that

kerf is subgroup of (R,+). Moreover, if r ∈ R and i ∈ kerf , then f(ri) = f(r)f(i) =

f(r)0 = 0 i.e. ri ∈ kerR. �

Like in group theory, we have an isomorphism theorem.

Theorem 3.4. Let f : R→ R′ be a ring homomorphism, and let I = kerf . Then

F : R/I → imf, F (r + I) = f(r)

is a ring isomorphism.


We can use mappings to transfer a structure from an algebraic system to a set

without structure. For instance, let (R,+, ·) be ring and let S be a set. Assume we

have a bijection f : R → S. This bijection can be used to give the structure of R

on S by de�ning + and · on S as follows:

s+ t = f(f−1(s) + f−1(t)) ∀s, t ∈ S,

s · t = f(f−1(s)f−1(t)) ∀s, t ∈ S.

Obviously (S,+, ·) is a ring and isomorphic to (R,+, ·). We say that S has the

ring structure induced by f .

De�nition 3.10. Let p be a prime number, and let Fp denote the set {0, 1 . . . , p−1}with the ring structure induced by the function f : Zp → Fp, f(a) = a for a =

0, . . . , p− 1. Then (Fp,+, ·) is called the �nite �eld (or Galois �eld) of order p.

Remark 3.3. The �nite �eld Fp can be seen as the set consisting of the integers

0, 1, . . . , p− 1, and where a+ b = (a+ b) mod p, and ab = ab mod p.

Example 3.9. The calculation tables of F2 are

+ 0 10 0 11 1 0

· 0 10 0 01 0 1

We have seen the existence of a �nite �eld Fp for each prime number p. We

shall construct all the other existing �nite �elds as residue class rings of (formal)

polynomial rings.

20 ALGEBRA II

4. Polynomials

De�nition 4.1. Let R be an integral domain. Let f : Z≥0 → R, f(i) = fi be a

function with �nite image. Let n be the largest index such that fn 6= 0. Then we

denote

f(x) = f0 + f1x+ · · ·+ fnxn,

where fn 6= 0, and say that f(x) is a (formal) polynomial over R. Moreover,

• Elements fi are the coe�cients of f(x).

• f0 is the constant term of f(x).

• fn is the leading coe�cient of f(x)

• f(x) is monic if the leading coe�cient equals 1.

• n =: deg(f(x)) is the degree of f(x).

• If fi = 0 for all i ∈ Z≥0, then f(x) is the zero polynomial, denoted by

f(x) = 0, and then we set deg(f(x)) = −∞.

• The set of all polynomials over R is denoted by the symbol R[x].

For a polynomial f(x) we use also the abbreviated notation f . By the de�nition

of a polynomial, two polynomials f, g are equal if and only if their coe�cients are

equal for all indices i.e. fi = gi for all i ∈ Z≥0.

Example 4.1. Some familiar set of polynomials: Z[x], R[x], C[x].

Example 4.2. We are especially interested in the sets

Fp[x] = {f0 + f1x+ · · ·+ fnxn | fi ∈ Fp, n ∈ N}.

In this set, for instance 1 +x2 +x7 and 1 + 3x2 +x7 are not equal if p 6= 2. However,

3 = 3 · 1 = 1 in F2, and therefore the polynomials in question are equal in F2[x].

Let f(x) = f0 + f1x+ · · ·+ fmxm ∈ R[x] and g(x) = g0 + g1x+ · · ·+ gnx

n ∈ R[x].

De�ne their addition + and the multiplication · �as usual�:

f(x) + g(x) =

max(m,n)∑i=0

(fi + gi)xi

f(x)g(x) =n+m∑i=0

(i∑t=0

ftgi−t)xi,

ALGEBRA II 21

Remark 4.1. We see that the product can be formed by multiplying all the mono-

mials and then collecting together the monomials of equal degree, and by summing

their coe�cients.

Example 4.3. Let f(x) = 1 + x, g(x) = 1 + x2 + x3 ∈ F2[x]. Now

f(x) + g(x) = 1 + 1 + x+ x2 + x3 = x+ x2 + x3,

and

f(x)g(x) = (1 + x)(1 + x2 + x3) = 1 + x2 + x3 + x+ x3 + x4 = 1 + x2 + x4.

Moreover, deg(f + g) = 3 ja deg(fg) = 4.

Lemma 4.1. Let f, g ∈ R[x]. Then

(1) deg(f + g) ≤ max(deg f, g), (2) deg(fg) = deg f + deg g.


Theorem 4.1. (R[x],+, ·) is an integral domain.

Proof. (Sketch.) It is easy to see that (R[x],+) is an Abelian group; the zero element

is the zero polynomial 0, and the additive inverse −f of f(x) = f0 +f1x+ · · ·+fnxn

is −f(x) = −f0 − f1x− · · · − fnxn.The identity element of R[x] is the constant polynomial 1, and it follows from

the de�nitions of + and ·, that · is associative and commutative, and that the

distributivity holds in R[x]. Moreover, R[x] is an integral domain:

fg = 0⇒ deg(f) + deg(g) = deg(fg) = −∞⇒ deg f < 0 or deg g < 0

⇒ f = 0 or g = 0.

�

Remark 4.2. It follows from Theorem 4.1 that

f(x)g(x) =n∑i=0

m∑j=0

fixigjx

j =n∑i=0

m∑j=0

figjxi+j,

where n = deg(f) ja m = deg(g).

Theorem 4.2. The set of units R[x]∗ in R[x] is the set of units R∗ in R.

Proof. If fg = 1, then deg(f) + deg(g) = 0. Since now deg(f) ≥ 0 and deg(g) ≥ 0,

we get deg f = deg g = 0. �

22 ALGEBRA II

4.1. Divisibility in F [x].

Let F be a �eld. Next we develop some divisibility theory in F [x]. Like in Z we

have

Theorem 4.3 (Division algorithm). Let f, g ∈ F [x], with f 6= 0. Then there exist

unique polynomials q, r ∈ F [x] such that

g = fq + r, deg(r) < deg(f).

Proof. Use �long division�. �

Here r is the remainder of g divided by f . If r = 0, then we say that f divides g

(or is a factor of g), and denote this by f | g.

Example 4.4. When dividing g(x) = x5 + 2x3 + 2x + 1 by f(x) = 2x2 + x + 2 in

F3[x], the long division yields

x5 + 2x3 + 2x+ 1 = (2x2 + x+ 2)(2x3 + 2x2 + x+ 2) + x.

Hence, the remainder of g divided by f is x.

Theorem 4.4. F [x] is a principal ideal domain, i.e. each ideal of F [x] is principal.

Proof. Let I be an ideal of F [x]. If I = {0}, then I = (0). Assume I 6= (0), and let

f be a nonzero polynomial of least degree contained in I. We claim that I = (f).

Let g ∈ I, and divide it by f : g = fq + r, deg(r) < deg(f). Now r = g − fq ∈ I,and by the minimality of deg(f) we must have r = 0. Hence, I = (f). �

Remark 4.3. If f is a generator of an ideal I ⊆ F [x], then it is easy to see that

f−1n f is a generator of I as well. Hence, each ideal I of F [x] is generated by a monic

polynomial, and there is only one monic polynomial generating I.

Theorem 4.5. Let h, g ∈ F [x], h 6= 0. There exists unique monic polynomial

d ∈ F [x] satisfying the following two properties:

(1) d | h and d | g.(2) If c ∈ F [x] and c | h and c | g, then c | d.

Proof. The set (h, g) := {ah + bg | a, b ∈ F [x]} is easily seen to be a nonzero ideal

of F [x]. Now, by Theorem 4.4, (h, g) = (f) for some f ∈ F [x], f 6= 0. If fn is the

ALGEBRA II 23

leading coe�cient of f , then obviously (f) = (f−1n f). We set d = f−1

n f and show

that d satis�es properties (1) and (2).

Since (d) = (h, g), h, g ∈ (d), and therefore h = da and g = db for some a, b ∈ F [x]

i.e. d | h and d | g.Since (d) = (h, g), d ∈ (h, g) and therefore d = ah+ bg for some a, b ∈ F [x]. Now,

if c divides both h and g, then c | d.If d′ is another monic polynomial satisfying the properties (1) and (2), then (d′) =

(h, g) = (d), and therefore d | d′ and d′ | d. It follows that d = d′. �

De�nition 4.2. The polynomial d in Theorem 4.5 is called the greatest common

divisor of h and g and denoted by gcd(h, g).

Remark 4.4. We saw in the proof of Theorems 4.5 we have the following equality

of ideals: (gcd(h, g)) = (h, g).

The greatest common divisor of h 6= 0 and g can be calculated by the Euclidean

algorithm i.e. by using repeatedly the division algorithm:

g = hq1 + r1, deg(r1) < deg(h),

h = r1q2 + r2, deg(r2) < deg(r1),

r1 = r2q3 + r3, deg(r3) < deg(r2),

...

rn−2 = rn−1qn + rn, deg(rn) < deg(rn−1),

rn−1 = rnqn+1 + 0.

Let d = gcd(h, g). We observe that rn ∈ (h, g) = (d), and therefore d | rn. On the

other hand, we see that rn | rn1 , and rn | rn−1 ⇒ rn | rn−2 ⇒ · · · ⇒ rn | h⇒ rn | g.Hence, by Theorem 4.5, rn | d. It now follows, that gcd(h, g) = `−1rn.

24 ALGEBRA II

Example 4.5. We calculate the greatest common divisor of the polynomials x12 +

x10 +x8 +x3 +1, x8 +x7 +x5 +x4 +x2 +1 ∈ F2[x] by using the Euclidean algorithm:

x12 + x10 + x8 + x3 + 1 = (x8 + x7 + x5 + x4 + x2 + x+ 1)(x4 + x3 + x)

+ x7 + x5 + x3 + x2 + x+ 1

x8 + x7 + x5 + x4 + x2 + x+ 1 = (x7 + x5 + x3 + x2 + x+ 1)(x+ 1) + x6 + x2 + x

x7 + x5 + x3 + x2 + x+ 1 = (x6 + x2 + x)x+ x5 + x+ 1

x6 + x2 + x = (x5 + x+ 1)x.

Hence, gcd(x12 + x10 + x8 + x3 + 1, x8 + x7 + x5 + x4 + x2 + 1) = x5 + x+ 1.

Next we de�ne the analogue of a prime number.

De�nition 4.3. A polynomial f ∈ F [x] is said to be irreducible over F if f has

positive degree, and if f = bc for some b, c ∈ F [x], then either b or c is a constant

polynomial. If f is not irreducible, then it is called reducible over F .

Remark 4.5. The irreducibility of a polynomial depends heavily on the �eld over

which the polynomial is considered. For instance, x2 + 1 is irreducible over R, butnot over C or F2.

Example 4.6. We show that x2 + x + 1 is irreducible over F2. If it was reducible,

then its the factors would be of degree one, say x2 + x + 1 = (x + a)(x + b) with

a, b ∈ F2. This implies x2 + x+ 1 = x2 + (a+ b)x+ ab, which implies a+ b = 1 and

ab = 1. But this is impossible.

Lemma 4.2. Let f, b, c ∈ F [x], with f irreducible. Then, if f | bc, then f | b or

f | c.

Proof. Assume that f does not divide b. Then, the greatest common divisor of f

and b is 1. Now (1) = (f, b), and therefore fu + bv = 1, for some u, v ∈ F [x]. We

now get cfu + cbv = c, and since f divides the left hand side, it divides the right

hand side as well. �

Theorem 4.6 (Unique Factorization in F [x]). Let g ∈ F [x] be of positive degree.

Then, there exist irreducible polynomials p1, . . . , pt ∈ F [x] and a constant u ∈ F∗

such that

g(x) = up1p2 · · · pt.

ALGEBRA II 25

This factorization is unique apart from the order in which the factors occur.

Proof. Assume that there exists polynomials of positive degree, which can not be

written in the product of irreducible polynomials. Let g be one of them, and of the

least degree. Now g can not be irreducible, and therefore g = ab for some a, b ∈ F [x]

of positive degree. It follows that 0 < deg(a), deg(b) < deg(g), and therefore a and

b can be written as a product of irreducible polynomials. But then f can be written

as a product of irreducible polynomials as well, and we have a contradiction.

The assertion concerning the uniqueness, follows easily from Lemma 4.2. �

4.2. Residue class ring F [x]/(f).

Next we prove an important result, which shows that irreducible polynomials

produce �elds.

Theorem 4.7. Let f ∈ F [x]. Then the residue class ring F [x]/(f) is a �eld if and

only if f is irreducible over F .

Proof. Assume that f is irreducible. We show that each nonzero element g + (p) ∈F [x]/(f) has the multiplicative inverse. It then follows that F [x]/(f) is a �eld.

Denote g = g + (p). If g 6= 0, then g 6∈ (f), which means that gcd(g, f) = 1. Hence

1 = gu+ fv for some u, v ∈ F [x], and therefore 1 = gu = gu. Hence, u+ (f) is the

inverse of g + (f).

Assume then that f is reducible, say f = ab for some a, b ∈ F [x] of positive

degree. Now, 0 < deg(a), deg(b) < deg(f), and therefore f divides neither a nor

b. Hence, a, b 6= 0, but ab = f = 0, which means that F [x]/(f) is not an integral

domain and therefore not a �eld. �

Remark 4.6. By using the division algorithm, we see that a complete set of repre-

sentatives for the residue classes modulo (f) is the set of polynomials of degree less

than the degree n of f , and therefore

F [x]/(f) = {a0 + a1x+ · · ·+ an−1xn + (f) | a0, . . . , an−1 ∈ F}.

In particular, if F = Fp, then we observe that the number of elements in Fp[x]/(f)

is pn. So:

if f is irreducible over Fp and of degree n, then Fp/(f) is a �nite �eld of degree pn.

26 ALGEBRA II

Example 4.7. We saw in Example 4.6 that f(x) = x2 + x + 1 is irreducible over

F2. Hence, F2[x]/(f) is a �nite �eld of order 4. Denote, α = x + (p), 0 = 0 + (p)

and 1 = 1 + (p). Now α2 = α + 1, and we have

F2[x]/(f) = {0 + (f), 1 + (f), x+ (f), x+ 1 + (f)}

= {0, 1, α, α + 1 | α2 = α + 1} =: F4.

The group tables of (F4,+) and (F∗4, ·) are

+ 0 1 α 1 + α0 0 1 α 1 + α1 1 1 1 + α αα α 1 + α 0 1

1 + α 1 + α α 1 0

· 1 α 1 + α1 1 α 1 + αα α 1 + α 1

1 + α 1 + α 1 α

We end this section by considering polynomial functions.

De�nition 4.4. Let f(x) = f0 + f1x + · · · + fnxn be a polynomial over F . The

polynomial function induced by f(x), is the function

f : F → F, f(a) = f0 + f1a+ · · ·+ fnan.

Example 4.8. Di�erent polynomials can induce the same polynomial function. Let

e.g. f(x) = x, g(x) = x2 ∈ F2[x]. Now f(x) 6= g(x), but f(a) = g(a) for all a ∈ F2

i.e. they induce the same polynomial function from F2 onto F2.

De�nition 4.5. An element b ∈ F is called a root (or a zero) of the polynomial

f ∈ F [x], if f(b) = 0.

Theorem 4.8. An element b ∈ F is a root of a polynomial f ∈ F [x] if and only if

x− b divides f(x).

Proof. By the division algorithm, f(x) = (x − b)g(x) + c, where c ∈ F . Now x − bdivides f(x) if an only if c = 0. But c = f(b), and the theorem follows. �

De�nition 4.6. Let b ∈ F be a root of f ∈ F [x]. If k is a positive integer such that

f(x) is divisible by (x − b)k, but not (x − b)k+1, then k is called the multiplicity of

b. If k = 1, then b is called a simple root (or a simple zero) of f . If k ≥ 2, then b is

called a multiple root (or a multiple zero) of f .

ALGEBRA II 27

Lemma 4.3. Let f ∈ F [x]. If b1, . . . , bm are distinct roots of f with multiplicities

k1, . . . , km, then (x− b1)k1 · · · (x− bm)km divides f(x).

Proof. Each polynomial x−bj is irreducible, and therefore each polynomial (x−bj)kj

occurs as a factor in the factorization of f as a product of irreducible polynomials.

Hence, (x− b1)k1 · · · (x− bm)km appears in the factorization as well. �

Theorem 4.9. Let f be polynomial over F of degree n. Then, f has at most n roots

in F .

Proof. Let b1, . . . , bm be the roots of f in F , and let k1, . . . , km be their multiplicities.

Now, by Lemma 4.3, f(x) = (x − b1)k1 · · · (x − bm)kmg(x) and therefore m ≤ k1 +

· · ·+ km ≤ n. �

The irreducibility of a polynomial f over F is equivalent to the non-existence of

a root of f in F , if the degree of f is small enough.

Theorem 4.10. Any polynomial f ∈ F [x] of degree 2 or 3 is irreducible in F [x] if

and only if f has no root in F .

Proof. If f has a root in F , then f is reducible, by Theorem 4.8. Assume f has not

a root in F . Then, f can not have a factor of degree one, again by Theorem 4.8.

Hence, if deg(f) = 2, it must be irreducible. If deg(f) = 3 and f does not have a

factor of degree one, then it can not have a factor of degree two either, and so f is

irreducible in this case too. �

Example 4.9. The assumption concerning the degree is necessary. For instance,

x4 + 2x2 + 1 has no zeros in R, but it is reducible over R: x4 + 2x2 + 1 = (x2 + 1)2.

Example 4.10. We �nd the irreducible polynomials over F2 of degree three . Let

f(x) = x3 +ax2 + bx+ c ∈ F2[x]. Now, by Theorem 4.10, f is irreducible if and only

if f(0) = f(1) = 1 i.e. c = 1 and a+ b = 1. Hence, the irreducible polynomials over

F2 of degree three are x3 + x2 + 1 and x3 + x+ 1.

5. Field extensions

De�nition 5.1. Let F be a �eld. A subset K of F is called a sub�eld of F , if it is a

�eld under the operations of F . If K is a sub�eld of F , then F is called an extension

(�eld) of K. In this case the phrase �eld extension F/K is also used.

28 ALGEBRA II

Lemma 5.1 (Sub�eld Criterion). Let K be a subset of a �eld F . Then, K is a

sub�eld of F if and only if the following three properties hold:

(1) K contains at least two elements,

(2) a− b ∈ K for all a, b ∈ K,

(3) ab−1 ∈ K for all a, b ∈ K, b 6= 0.

Proof. If K is a sub�eld of F , then the properties are satis�ed by the de�nition of

a �eld. Assume next that K satis�es the properties. By (1), K is non-empty. Now,

(2) implies that (K,+) is a subgroup of (F,+), and (3) implies that (K \ {0}, ·) is

a subgroup of (F \ {0}, ·) (by the subgroup criterion). It remains to show that the

distributive laws hold in K. But this is obvious, because they hold in F . �

Lemma 5.2. The intersection of all sub�elds of a �eld F is a sub�eld of F .

Proof. Since all sub�elds of F has at least 0 and 1, so do their intersection K. Let

a, b ∈ K. Now, a, b are in each sub�eld of F , and therefore a − b belongs to each

sub�eld of F , and if b 6= 0 then also ab−1 belongs to each sub�eld of F . �

De�nition 5.2. The intersection of all sub�elds of a �eld F is called the prime �eld

of F .

Theorem 5.1. Let F be a�eld. If char(F ) = 0, then the prime �eld of F is isomor-

phic to Q. Otherwise, it is isomorphic to Fp, where p = char(F ).

Proof. Let K be the prime �eld of F . Then, the set R of all integer multiples of

the identity element 1 is a subring of K. But since K is a �eld, all the fractions

a/b := ab−1 with a, b ∈ R, b 6= 0, are in K too.

Hence, if char(F ) = 0, then K contains (and is contained to) a �eld isomorphic

to Q, and if char(F ) = p, then it contains (and is contained to) a �eld isomorphic

to Fp. �

De�nition 5.3. Let K be the sub�eld of a �eld F , and letM be a subset of F . The

intersection K(M) of all the sub�elds of F containing both K and M is called the

extension �eld of K obtained by adjoining the element ofM to K. IfM is �nite, say

M = {a1, . . . , an}, then we write K(a1, . . . , an) := K(M). The extension K(a)/K

is said to be simple and a is a de�ning element of the extension.

ALGEBRA II 29

Remark 5.1. Note that K(M) is the �smallest� sub�eld of F containing both K

and M . Moreover, since K(a) is a �eld it contains elements f(a) where f ∈ K[x].

We are especially interested in the extensions K(a)/K where a is a root of a

polynomial over K.

De�nition 5.4. Let K be a sub�eld of F . An element a ∈ F is said to be algebraic

over K, if f(a) = 0 for some f ∈ K[x] \ {0}. Extension F/K is said to be algebraic

(extension) if every element of F is algebraic over K.

Theorem 5.2. Let K be a sub�eld of F , and let a ∈ F . If a is algebraic over K,

then there exists unique monic irreducible polynomial f over K such that f(a) = 0.

Proof. Obviously the set I := {g(x) ∈ K[x] | g(a) = 0} is an ideal of K[x]. By

Remark 4.3, it is generated by a monic unique polynomial f(x) of the least positive

degree contained in I. If f = gh, for some g, h ∈ K[x], then 0 = f(a) = g(a)h(a),

and therefore either f(a) = 0 or g(a) = 0. By the minimality of the degree of f , we

have g ∈ K∗ or h ∈ K∗ implying the irreducibility of f . �

De�nition 5.5. Let a ∈ F be algebraic over K. The monic irreducible polynomial

f over K satisfying f(a) = 0 is called the minimal polynomial of a over K. The

degree of f is called the degree of a.

Example 5.1. We �nd the minimal polynomial of a = 3√

3 + 1 over Q. Now

a − 1 = 3√

3 and it follows that a3 − 3a2 + 3a − 1 = 3. Hence, a is a root of

f(x) = x3− 3x2 + 3x− 4. This monic polynomial of degree 3 has no roots in Q, and

is therefore irreducible. Hence f(x) is the minimal polynomial of 3√

3 + 1 over Q.

Let K be a sub�eld of F . We can consider F as a vector space over K. The

�vectors� are the elements of F , and the scalars are the elements of K.

Lemma 5.3. Let K be a sub�eld of F . Then, F is a vector space over K i.e. for

all α, β ∈ F , and all r, s ∈ K we have

(1) (F,+) is an abelian group,

(2) r(α + β) = rα + rβ,

(3) (r + s)α = rα + sα,

(4) (rs)α = r(sα),

30 ALGEBRA II

(5) 1α = α.

Proof. The lemma follows immediately by the de�nition of a �eld. �

De�nition 5.6. Field extension F/K is called �nite, if F is a �nite dimensional

vector space over K. The dimension of the vector space F over K is then called the

degree of F over K, and denoted by the symbol [F : K].

Theorem 5.3. Every �nite �eld extension is algebraic.

Proof. Let F/K be a �nite �eld extension with n = [F : K], and let α ∈ F . Now,

the n+1 elements 1, α, . . . , αn are linearly dependent overK i.e. there exist elements

a0, . . . , an ∈ K such that at least one of them is nonzero and a0+a1α+· · ·+anαn = 0.

This means that α is algebraic over K. �

Lemma 5.4. Let F/M and M/K be �nite extensions. Then F/K is �nite, and

[F : K] = [F : M ][M : K].

Proof. Let n = [F : M ] and m = [M : K], and let {α1, . . . , αn} be a basis of F

over M and {β1, . . . , βn} a basis of M over K. Now, it is easy to see that the set

{αiβj | 1 ≤ i ≤ n, 1 ≤ j ≤ m} is basis of F over K. �

Next theorem describes the key properties of simple �eld extensions.

Theorem 5.4. Let α ∈ F be algebraic of degree n over K, and let f be the minimal

polynomial of α over K. Then

(1) K(α) is isomorphic to K[x]/(f).

(2) [K(α) : K] = n and {1, α, . . . , αn−1} is a basis of K(α)/K.

(3) Every β ∈ K(α) is algebraic over K, and its degree over K is a factor of n.

Proof. (1) Obviously function ψ : K[x] → K(α), ψ(g(x)) = g(α) is a ring homo-

morphism. By the proof of Theorem 5.2 its kernel is an ideal of K[x] generated by

the minimal polynomial f of α. Since f is irreducible, K[x]/(f) is a �eld, and now

by the isomorphism theorem for rings, it is isomorphic to imψ. But K ⊆ imψ and

α ∈ imψ, and therefore, by the de�nition of K(α), we have imψ = K(α). This

proves (1).

(2) As we saw above, each element β in K(α) is of the form β = g(α) for some g ∈K[x]. By the division algorithm g = fq+r for some q, r ∈ K[x] with deg(r) ≤ n−1.

ALGEBRA II 31

Hence, g(a) = f(a)q(a) + r(a) = r(a), and therefore {1, α, . . . , αn−1} spans K(α)

over K. Assume∑n−1

i=0 aiαi = 0 for some a0, . . . , an ∈ K. Now,

∑n−1i=0 aix

i is in kerψ,

and is therefore a multiple of f . But deg(f) = n, and therefore a0 = · · · = an−1 = 0

i.e. {1, α, . . . , αn−1} is linearly independent over K. This proves (2).

(3) Let β ∈ K(α). Since K(α)/K is �nite, β is algebraic over K by Theorem 5.3.

By Lemma 5.4, [K(β) : K] = [K(α) : K]/[K(α) : K(β)], and by (2), the degree of

β is equal to [K(β) : K]. This proves (3). �

Above we considered simple algebraic extensions K(α)/K where α is an element

of a given �eld F . But how to construct simple algebraic extensions over K without

reference to a previously given larger �eld?

Theorem 5.5. Let f ∈ K[x] be irreducible and monic over the �eld K. Then there

exists an algebraic extension K(α)/K such that f is the the minimal polynomial of

α.

Proof. Let n = deg(f). We know that the residue class ring

K[x]/(f) = {a0x+ a1x+ · · ·+ an−1xn−1 + (f) | a0, . . . , an−1 ∈ K}

is a �eld. Set α := x+ (f) and a := a+ (f) for all a ∈ K. Now, by the de�nition of

addition and multiplication of residue classes modulo (f), we get

K[x]/(f) ' {a0 + a1α + · · ·+ an−1αn−1 | a0, . . . , an−1 ∈ K} = K(α),

where the equality follows from Theorem 5.4 (2). Moreover,

f(α) = f0 +f1α+ · · ·+αn−1 = f0 +f1x+ · · ·+xn−1 +(f) = f(x)+(f) = 0+(f) = 0,

and since f is irreducible and monic, it is the minimal polynomial of α. �

By Theorem 5.5, for each irreducible polynomial f ∈ K[x] there always exists an

extension �eld F of K such that f has a root in F . Based on this we shall see, that

there exist an extension �eld of K over which f factors to the irreducible factors of

degree one, and this extension �eld is unique up to the isomorphism.

Let ψ be a �eld isomorphism fromK ontoK ′, and let f(x) = f0+· · ·+fnxn ∈ K[x].

By the notation ψ(f) we mean the polynomial ψ(f0) + · · ·+ ψ(fn)xn ∈ K ′[x].

Lemma 5.5. Let ψ be a �eld isomorphism from K onto K ′, and let f ∈ K[x] be

a monic irreducible polynomial over K. Let α be a zero of f and let β be a zero of

ψ(f). Then, the �elds K(α) and K ′(β) are isomorphic.

32 ALGEBRA II

Proof. We �rst show that ψ(f) is irreducible over K ′. By Theorem 5.4 (1) it is then

enough to show that the �elds K[x]/(f) and K ′[x]/(ψ(f)) are isomorphic.

It is easy to see that ψ is actually a ring isomorphism from K[x] onto K ′[x]. It

follows that, if ψ(f) = gh for some g, h ∈ K ′[x] then f = ψ−1(g)ψ−1(h). Hence,

ψ(f) is irreducible.

Obviously ψ′ : K[x] → K ′[x]/(ψ(f)), ψ′(g) = ψ(g) + (ψ(f)) is a surjective ring

homomorphism, and the kernel of ψ′ consists of the polynomials g such that ψ(f) |ψ(g) equivalently f | g. Hence, K[x]/(f) and K ′[x]/(ψ(f)) are isomorphic by the

isomorphism theorem for rings. �

De�nition 5.7. Let f ∈ K[x] be of positive degree, and let F be an extension �eld

of K. Then f is said to be split in F , if there exist α1, . . . , αn ∈ F such that

f(x) = a(x− α1)(x− α2) · · · (x− αn),

where a is the leading coe�cient of f . If f splits in F and F = K(α1, . . . , αn), then

F is called a splitting �eld of f over K.

Theorem 5.6. For each f ∈ K[x] of positive degree there exists a splitting �eld of

f over K. Any two splitting �elds of f over K are isomorphic.

Proof. Let f = gk11 h1 where g1, h1 ∈ K[x], g1 irreducible, and g1 - h1. Now, g1 has

a zero α1 in K(α1) and therefore f(x) = (x − α1)k1t1(x) for some t1 ∈ K(α1)[x]

with deg(t1) < deg(f). If deg(t1) = 0, then we are done. Otherwise, we write

t1 = gk22 h2 where g2, h2 ∈ K(α1)[x], g2 irreducible, and g2 - h2. Now, g2 has

a zero α2 in K(α1, α2) and therefore f(x) = (x − α1)k1(x − α2)

k2t2(x) for some

t ∈ K(α1)[x] with deg(t2) < deg(t1). Continuing in this way, we �nally get f(x) =

a(x− α1)k1 · · · (x− αm)km ∈ K(α1, . . . , αm) i.e. K(α1, . . . , αm) is a splitting �eld of

f .

Let K(α′1, . . . , α′n) be another splitting �eld of f over K, and assume m ≤ n.

Choose ψ in Lemma 5.5 be the trivial isomorphism ψ : K → K, ψ(c) = c. Now,

K(α1) ' K(α′1). Next choose K to be K(α1) and K ′ to be K(α′1) in Lemma 5.5,

and we get isomorphism K(α1, α2) ' K(α′1, α′2). Continuing in this way, we obtain

an isomorphism from K(α1, . . . , αm) onto K(α′1, . . . , α′m) which maps each αi to α

′i.

If m < n, then f splits in a proper sub�eld K(α′1, . . . , α′n), which is impossible by

the de�nition of a splitting �eld. Hence, m = n and the proof is complete. �

ALGEBRA II 33

We end this section by giving a criterion whether a polynomial f has a multiple

root in its splitting �eld.

De�nition 5.8. Let f(x) = f0 + f1x + f2x2 + · · · + fnx

n be a polynomial over K.

The (formal) derivative of f is the polynomial f ′(x) = f1 + 2f2x+ · · ·+ nfnxn−1.

Lemma 5.6. Let f, g ∈ K[x]. Then

(1) (f + g)′ = f ′ + g′.

(2) (fg)′ = f ′g + fg′.


Theorem 5.7. Let f ∈ K[x] and let α be a root of f in its splitting �eld over K.

Then, α is a simple root of f(x) if and only if f ′(α) 6= 0.

Proof. Let F be the splitting of f over K. Write f(x) = (x− α)kg(x) where g(x) ∈F [x], (x− α) - g(x), and k is a positive integer.

Now f ′(x) = k(x − α)k−1g(x) + (x − α)kg′(x). If α is simple, then k = 1 and

f ′(α) = g(α) 6= 0. If α is multiple, then k > 1 and f ′(α) = 0. �

6. Finite fields

In this section we characterize the �nite �elds. First we show that the number of

elements in a �nite �eld is a prime power.

Lemma 6.1. Let F be a �nite �eld containing a sub�eld K with q elements. Then

F has qm elements, where m = [F : K].

Proof. Since F is a vector space over K of dimension m, each element α ∈ F can

be uniquely represented in the form α = a1α1 + · · ·+ amαm, where {α1, . . . , αm} isa �xed basis of F over K, and a1, . . . , am ∈ K. Here each �scalar� ai can be chosen

in exactly q ways, and therefore |F | = qm. �

Theorem 6.1. Let F be a �nite �eld. Then F has pn elements, where the prime p

is the characteristic of F and n is the degree of F over its prime �eld.

Proof. Since F is �nite, its characteristic is a prime p by Corollary 3.2. Now, by

Theorem 5.1, the prime �eld of F is isomorphic to Fp, and Lemma 6.1 now completes

the proof. �

34 ALGEBRA II

Next we show that there exists a �nite �eld of order pn for each prime p and

for each positive integer n. We begin with a lemma, which is a generalization of

Fermat's little theorem.

Lemma 6.2. If F is a �nite �eld with q elements, then aq = a for all a ∈ F .

Proof. Obviously aq = a if a = 0. If a 6= 0 then aq−1 = 1, since F ∗ is a group of

order q − 1. This implies that aq = a. �

Theorem 6.2. For every prime p and every positive integer n there exists a �nite

�eld with pn elements.

Proof. Let q = pn and let f(x) = xq − x. Since f ′(x) = −1, each root of f is simple

in the splitting �eld F of f over Fp. It now follows from Theorem 4.9 that f has

exactly q roots in F . We show that the roots of f form a sub�eld of F . First, 0, 1

are roots of f . Second, if α, β are roots of f , then, since char(F ) = p, we have

f(α − β) = (α − β)q − (α − β) = αq − α − (βq − β) = 0 − 0 = 0 by Lemma 6.2.

Third, if β 6= 0, then f(αβ−1) = (αβ−1)q − (αβ−1) = 0 by Lemma 6.2. Now, by the

sub�eld criterion, the roots of f form a �eld with q elements. �

Since the splitting �eld of a polynomial over Fp is unique up to the isomorphisms,

next theorem shows that for a given prime p and for a given positive integer n there

exists (essentially) only one �nite �eld with q = pn elements.

Theorem 6.3. Let F be a �nite �eld with q elements, and let K be a sub�eld of F .

Then, the polynomial xq − x factors in F [x] as

xq − x =∏a∈F

(x− a).

Moreover, F is the splitting �eld of xq − x over K.

Proof. The polynomial xq − x has at most q roots in F , and now by Lemma 6.2,

its roots are exactly the q elements of F . Hence, xq − x splits over F in the given

manner, and it cannot split in any smaller �eld. �

De�nition 6.1. From now on we denote by Fq the �nite �eld with q elements.

Next we characterize the sub�elds of Fq.

ALGEBRA II 35

Theorem 6.4. Every sub�eld of Fpn has pm elements, where m is a posititive factor

of n. Conversely, if m is a positive factor of n, then there is exactly one sub�eld of

Fpn with pm element.

Proof. Let K be a sub�eld of Fpn . By Theorem 6.1, K has pm element for some

positive integer m. By Lemma 6.1, pn = pmt where t = [Fpn : K]. Hence, m is a

factor of n.

Conversely, let m be a positive factor of n. Now, pm − 1 divides pn − 1, and

therefore xpm−1 − 1 divides xp

n−1 − 1. Since Fpn is the splitting �eld of xpn − x by

Theorem 6.3, polynomial xpm − x splits in Fpn . Now, by the proof of Theorem 6.2,

the roots of xpm − x in Fpn form a sub�eld with pm elements. On the other hand, if

K is any sub�eld of Fpn with pm elements, then its elements are the roots xpm − x.

But this polynomial has exactly pm roots, and so there is only one sub�eld with pm

elements. �

Example 6.1. The sub�elds of F220 are F2, F22 , F24 , F25 , F210 and F220 .

Next we prove an important fact.

Theorem 6.5. The multiplicative group F∗q of a �nite �eld Fq is cyclic.

Proof. We may assume that q > 3. Let q − 1 = pk11 · · · pkmm be the canonical prime

decomposition of q − 1. For each i = 1, . . . ,m, let hi = (q − 1)/pi. The polynomial

xhi − 1 has at most hi roots, and therefore there exists ai ∈ F∗q which is not a root

of xhi − 1. Let bi = a(q−1)/p

kii

i . The order of bi is a factor pkii . On the other hand,

bp

ki−1ii = a

(q−1)/pi

i 6= 1, and therefore the order of bi is pkii . We show that b := b1 · · · bm

generates F∗q.Assume on the contrary that the order of b is a non-trivial factor of q − 1, which

means that it is a factor of (q − 1)/pi for at least one i = 1, . . . ,m, say for i = 1.

Now,

1 = b(q−1)/p1 = b(q−1)/p11 b

(q−1)/p12 · · · b(q−1)/p1

m = b(q−1)/p11 · 1 · · · 1 = b

(q−1)/p11 ,

which implies that the order pk11 of b1 is a factor of (q−1)/p1, which is impossible. �

De�nition 6.2. A generator of the cyclic group F∗q is called a primitive element of

Fq.

36 ALGEBRA II

Example 6.2. Let F16 = F2(α) where α is a root of the irreducible polynomial

f(x) = x4 + x3 + x2 + x + 1. Now the order of α is either 3, 5 or 15. Obviously,

α3 6= 1 but α5 = α4 + α3 + α2 + α = 1. On the other hand, the order of an element

β in F4 \ F2 is three, and therefore, by the proof of Theorem 6.5, αβ is a primitive

element of F16.

We next �nd such a β. We observe that the degree of β over F2 is 2, and therefore

it is a root of x2 + x+ 1 in F16. So, it is enough to �nd a0, a1, a2, a3 ∈ F2 such that

(a0 + a1α + a2α2 + a3α

3)2 + a0 + a1α + a2α2 + a3α

3 + 1 = 0,

equivalently,

a0 + a1α2 + a2α

4 + a3α6 + a0 + a1α + a2α

2 + a3α3 + 1 = 0.

Here, α4 = α3 + α2 + α + 1 and α6 = αα5 = α, and therefore we have

a2 + 1 + (a1 + a2 + a3)α + a1α2 + (a2 + a3)α

3 = 0,

equivalently, a2 = 1, a1 = 0, a3 = 1. Hence, we may choose β = α2 + α3 or

β = 1 + α2 + α3.

Theorem 6.6. Let Fq be a sub�eld of the �nite �eld Fqn. Then, Fqn = Fq(γ) where

γ is a primitive element of Fq.

Proof. Since Fq ⊆ Fqn and γ ∈ Fqn , we have Fq(γ) ⊆ Fqn . On the other hand, Fq(γ)

is a �eld and therefore it contains 0 and all the powers of γ. Hence, Fqn ⊆ Fq(γ). �

Corollary 6.1. Let Fq be a �nite �eld and let n be a positive integer. Then, there

exists an irreducible polynomial of degree n over Fq.

Proof. Let γ be the primitive element of Fqn . Then Fqn = Fq(γ) by Theorem 6.6, and

the minimal polynomial of γ over Fq is of degree n by Theorem 5.4 and irreducible

by the de�nition. �

De�nition 6.3. The minimal polynomial of a primitive element of Fqn over Fq iscalled a primitive polynomial over Fq.

We end this section by describing the roots of an irreducible polynomial over a

�nite �eld.

Lemma 6.3. Let f be an irreducible polynomial over Fq of degree m. Then f(x)

divides xqn − x if and only if m divides n.

ALGEBRA II 37

Proof. Let α be a root of f in its splitting �eld over Fq. Assume �rst that f(x) |(xq

n − x). Now αqn

= α which means that α ∈ Fqn by Theorem 6.3. It follows that

Fq(α) is a sub�eld of Fqn , and therefore the degree [Fq(α) : Fq] is a factor of n by

Lemma 5.4. But [Fq(α) : Fq] = m by Theorem 5.4.

Assume then thatm is a factor of n. Now Fqn has the sub�eld Fqm by Theorem 6.4.

On the other hand Fq(α) = Fqm and therefore α ∈ Fqn . Now α is a zero of xqn − x

and therefore f(x) | (xqn − x) by the proof of Theorem 5.2. �

Theorem 6.7. If f is an irreducible polynomial over Fq of degree m, then f has a

root α in Fqm. Moreover, all the roots of f are simple and they are α, αq, . . . , αqm−1

.

Proof. Let α be a root of f in its splitting �eld over Fq. The degree [Fq(α) : Fq] = m

and therefore Fq(α) = Fqm . It follows from Lemma 6.2 that αqiis a root of f for all

non-negative integers i:

f(αqi

) =m∑j=0

fjαjqi

= (m∑j=0

fjαj)q

i

= f(α)qi

= 0.

Since the degree of f is m, it remains to prove that α, αq, . . . , αqm−1

are distinct. If

αqi

= αqjfor some 0 ≤ i < j ≤ m − 1, then by rising this identity to the power of

qm−i we get

α = αqm

= αqm+j−i

.

It follows that f(x) is a divisor of xqm+j−i − x and now, by Lemma 6.3, m divides

m + j − i. But is possible only if m divides j − i which is impossible, since 1 ≤j − i ≤ m− 1. �

De�nition 6.4. Let α ∈ Fqm . Then, the elements α, αq, . . . , αqm−1

are the conjugates

of α over Fq.

Remark 6.1. If α ∈ Fqm and its degree over Fq is d | m. Then, the conjugates of α

over Fq are the elements α, αq, . . . , αqd−1

, each repeated with m/d times.

Theorem 6.8. Let α ∈ Fqm. Then, the conjugates of α over Fq has the same order

in F∗q.

Proof. By theory of cyclic groups. �

Example 6.3. Let γ ∈ F16 be a root of f(x) = x4 + x + 1 ∈ F2[x]. Then, the

conjugates of γ over F2 are γ, γ2, γ4 = γ + 1 and γ8 = γ2 + 1. Since f is a primitive

38 ALGEBRA II

polynomial over F2, the conjugates of γ over F2 are primitive elements of F16, by

Theorem 6.8.

The conjugates of γ over F4 are γ and γ4. Hence, the minimal polynomial of γ

over F2 is (x+ γ)(x+ γ4) = x2 + (γ + γ4)x+ γ5 = x2 + x+ γ2 + γ.

7. A brief introduction to the error correcting block codes

Assume we would like to send information, expressed as a �nite sequence of sym-

bols, over a noisy channel. Then errors may (or will) occure and of course we would

like to correct, or at least detect, the errors in the receiving end of the channel. The

main idea is to transmit redundant information; that is, one extends the sequence

of message symbols to a longer sequence in a systematic manner. We call such a

systematic extension of a message as encoding.

Let Fq be a �nite �eld. We assume that the message word is a vector (a1, . . . , ak) ∈Fkq and it is encoded into a code word (c1, . . . , cn) ∈ Fnq where n > k. In this context

a function from Fkq into Fnq is called a coding scheme, and a function from Fnq into

Fkq a decoding scheme.

A simple coding scheme arises when (a1, . . . , ak) is encoded into a code word

c := (a1, . . . , ak, ck+1, . . . , cn), where the control symbols ck+1, . . . , cn are chosen in a

systematic manner. For instance, let H be an (n− k)× n matrix with entries in Fqthat is of the special form

H = (A | In−k)

where A is an (n− k)× k matrix and In−k is the (n− k)× (n− k) identity matrix.

The control symbols ck+1, . . . , cn are calculated from the system of equations

HcT = 0.

The equations of the this system are called parity-check equations.

Example 7.1. Let q = 2, k = 4, n = 7, and let

H =

1 0 1 1 1 0 01 1 0 1 0 1 01 1 1 0 0 0 1

.

ALGEBRA II 39

The control symbols c5, c6, c7 of the code word c = (a1, a2, a3, a4, c5, c6, c7) are

calculated by solving HcT = 0 for given symbols a1, a2, a3, a4:

a1 + a3 + a4 + c5 = 0

a1 + a2 + a4 + c6 = 0

a1 + a2 + a3 + c7 = 0

and it follows that the coding scheme in this case is the linear map from F42 into F7

2

given by

(a1, a2, a3, a4) 7→ (a1, a2, a3, a4, a1 + a3 + a4, a1 + a2 + a4, a1 + a2 + a3)

In general we use the following terminology.

De�nition 7.1. Let H be an (n− k)× n matrix of rank n− k with entries in Fq.The subset C of Fnq whose elements c satisfy HcT = 0 is called a linear [n, k] code

over Fq. Here,

• n is the length of C,

• k is the dimension of C,

• the elements of C are the code are code words of C,

• H is the (parity-)check matrix of C.

Moreover, if H is of the form (A | In−k) then C is called a systematic code.

Remark 7.1. A linear [n, k] code over Fq is an subspace of dimension k of Fnq , sinceit is the kernel (or the null space) of H.

By the following lemma, linear [n, k] codes over Fq are exactly the subspaces of

Fnq .

Lemma 7.1. Let C be a subspace of Fnq of dimension k. Then there exists (n−k)×nmatrix H of rank n− k with entries in Fq such that HcT = 0 for all c ∈ C.

Proof. Let {c(1), . . . , c(k)} be a basis of C over Fq. The solution space S of the

system of equations

c(1)1 x1 + · · ·+ c(1)

n xn = 0

c(2)1 x1 + · · ·+ c(2)

n xn = 0

...

c(k)1 x1 + · · ·+ c(k)n xn = 0

40 ALGEBRA II

has dimension n − k. Let H be the matrix whose rows form a base of S. Now

HcT = 0 for all c ∈ C. �

The parity-check equationsHcT = 0 withH = (A | In−k) and c = (a1, . . . , ak, ck+1, . . . , cn)

can be written in the form

0 = HcT = A

a1...ak

+

ck+1...cn

⇔

ck+1...cn

= −A

a1...ak

.

Equivalently,

cT =

(Ik−A

)aT =

(a(Ik | −AT)

)T

,

where a = (a1, . . . , ak).

Hence, in this case, the coding scheme from Fkq into Fnq is given by

a 7→ a(Ik | −AT),

and moreover, C is the row space of the matrix (Ik | −AT).

De�nition 7.2. The k×n matrix G = (Ik | −AT) is called the generator matrix of

a linear [n, k] code with check matrix H = (A | In−k).

Example 7.2. The generator matrix G of the linear [7, 4] code in Example 7.1 is

G =

1 0 0 0 1 1 10 1 0 0 0 1 10 0 1 0 1 0 10 0 0 1 1 1 0

and the code words are the 16 linear combinations over F2 of the rows of G.

We generalize this de�nition in an obvious manner:

De�nition 7.3. Let C be a linear [n, k] code over Fq. If C is the row space of an

n× k matrix G of rank k with entries in Fq, then it is called a generator matrix of

C.

Consider next decoding.

De�nition 7.4. If c is a code word and y is the received word after the transmission

of c over a channel, then e = y − c is called the error vector of c.

De�nition 7.5. Let x,y ∈ Fnq . Then,

ALGEBRA II 41

(1) The Hamming distance d(x,y) between x and y is the number of coordinates

in which x and y di�er.

(2) The Hamming weight w(x) of x is the number of nonzero coordinates of x.

We observe that d(x,y) = w(x− y). Moreover, we have the following lemma.

Lemma 7.2. The Hammig distance is a metric on Fnq . That is, for all x,y, z ∈ Fnqwe have

(1) d(x,y) = 0 if and only if x = y,

(2) d(x,y) = d(y,x),

(3) d(x, z) ≤ d(x,y) + d(y, z).


If y is the received word, then, one usually tries to �nd the code word c such that

w(y − c) is as small as possible; that is we assume that it si more likely that few

errors have occured rather than many errors.

Thus, in decoding we are looking for a code word that is closest to the received

word according to the Hamming distance. This rule is called the nearest neighbor

decoding.

Example 7.3. Let the message words be the elements of F4 and encode each of

them by using the generator matrix G in Example 7.2. Assume that the word

y = (1, 1, 0, 0, 1, 0, 1) was received. Now HyT 6= 0, where H is the check matrix of

the code given in Example 7.1, and therefore y is not in the code. Let c be the sum

of the �rst two rows of G i.e. c = (1, 1, 0, 0, 1, 0, 0). Now y and c di�er only in one

coordinate place and we assume that c was sent.

De�nition 7.6. Let t ∈ N. Code C ⊂ Fnq is called t-error-correcting if for any

y ∈ Fnq there is at most one code word c ∈ C such that d(y, c) ≤ t.

De�nition 7.7. For a code C ⊂ Fnq , the number

dC = minu,v∈Cu6=v

d(u,v)

is called the minimum distance of C.

Obviously,

dC = minc∈C, c 6=0

w(c),

42 ALGEBRA II

i.e. the minimum distance of a linear code C is the Hamming weight of a code word

of the least weight in C.

Theorem 7.1. Let C be a code with minimum distance dC. Then, by using the

nearest neighbor decoding, it is possible to correct up to t errors if dC ≥ 2t+ 1.

Proof. It follows from Lemma 7.2 (3) that the closed balls Bt(c) = {x ∈ Fnq |d(x, c) ≤ t} with c ∈ C do not overlap if dC ≥ 2t + 1. Hence, if at most t errors

occurs in a code word c, the resulting word belongs only to the ball Bt(c). �

Lemma 7.3. A linear [n, k] code C over Fq with a check matrix H has minimum

distance dC ≥ s+ 1 if and only if any s columns of H are linearly independent over

Fq.

Proof. We observe that c ∈ C i� HcT = 0 i�∑n

i=1 ciH(i) = 0, where H(i) is the

ith column of the check matrix H of C. Let c ∈ C with w(c) = dC . Now a set of

dC columns is linearly dependent, and moreover, any s columns of H are linearly

independent if s < dC , by the de�nition of the minimum distance. �

Example 7.4. By Lemma 7.3, the minimum distance of the code in Example 7.1

is 3. Hence, the decoding in Example 7.3 is correct if only one one error occured

during the transmission.

In general it is quite di�cult to determine the minimum distances in an in�nite

family of linear codes. The following family is an exception.

De�nition 7.8. Let m ≥ 2. A linear code Cm over F2 of length 2m − 1 is called

a binary Hamming code if the columns of the check matrix of Cm are the binary

representations of the integers 1, 2 . . . , 2m − 1.

Example 7.5. The check matrix H of C3 is

H =

0 0 0 1 1 1 10 1 1 0 0 1 11 0 1 0 1 0 1

.

Hence C3 is a binary [7, 4] code with minimum distance 3.

In general we have

Theorem 7.2. The binary Hamming code Cm is a linear [2m− 1, 2m−m− 1] code

over F2 with minimum distance 3.

ALGEBRA II 43

Proof. The rank of H is obviously m, hence the dimension of Cm is 2m − 1 − m.

Moreover, since H does not contain the all zeros column, and any two distinct

columns are non-equal, the minimum distance is at least three. Since the sum of

any two columns is a column of H, it follows that the the minimum distance is

three. �

7.1. Cyclic codes.

Next we consider a class of linear codes whose mathematical structure is fairly

well known and which admit e�cient decoding algorithm based on the arithmetics

in a �nite �eld.

De�nition 7.9. A linear [n, k] code C over Fq is called cyclic if (a0, a1 . . . , an−1) ∈ Cimplies (an−1, a0 . . . , an−2) ∈ C.

From now on we assume that gcd(n, q) = 1. The residue class ring Fq[x]/(xn− 1)

is a vector space over Fq and it is easy to see that that the function from Fnq into

Fq[x]/(xn − 1) given by

(a0, a1, . . . , an−1) 7→ a0 + a1x+ · · · an−1xn−1 + (xn − 1)

is an vector space isomorphism over Fq.We identify the elements of Fq[x]/(xn − 1) with the elements in the set Rn of

polynomials of degree less than n. Moreover, the multiplication of the elements is

modulo xn − 1 and the addition is the usual addition of polynomials, and it follows

that Rn is ring isomorphic to Fq[x]/(xn − 1).

Because of the isomorphism above, we shall also denote an element a0 + a1x +

· · · an−1xn−1 in Rn as the vector (a0, a1, . . . , an−1).

Lemma 7.4. A linear [n, k] code C over Fq is cyclic if and only if the corresponding

polynomial set is an ideal of Rn.

Proof. Assume C is cyclic. Let g(x) ∈ Rn. Now xg(x) mod xn−1 = (gn−1, g0 . . . , gn−2) ∈C and it follows that xkg(x) ∈ C for all non-negative integers k. Moreover, since Rn

is an vector space over Fq, it now follows that a(x)g(x) ∈ C for all a ∈ Rn. Hence,

C is an ideal of Rn. The converse assertion is seen similarly. �

From now we call the ideals of Rn as cyclic codes. Moreover, a principal ideal of

Rn generated by g(x) is denoted by 〈g(x)〉.

44 ALGEBRA II

Theorem 7.3. Let C be a nonzero cyclic code in Rn. There exists a monic polyno-

mial g(x) ∈ C with the following properties;

(1) C = 〈g(x)〉,(2) g(x) | (xn − 1).

Let k = n− deg(g), and let g(x) =∑n−k

i=0 gixi where gn−k = 1. Then

(3) The dimension of C is k and {g(x), xg(x), . . . , xk−1g(x)} is a basis of C,

(4) A generator matrix for C is

G =

g0 g1 . . . gn−k 0 . . . 0 00 g0 g1 . . . gn−k 0 . . . 0

. . . . . .0 . . . 0 g0 g1 . . . . . . gn−k

.

Proof. (1) Let g be the monic polynomial of least positive degree in C. Let c ∈ C.By the division algorithm c = tg+ r for some polynomials t, r ∈ Fq[x] with deg(r) <

deg(g). But r = c− tg ∈ C, and therefore r = 0.

(2) xn − 1 = 0 ∈ C and the claim follows from (1).

(3) and (4) Let c ∈ C. Now c = tg for some t ∈ C. Obviously we may assume

that deg(t) < k, and it follows that

c = t0g(x) + t1xg(x) + · · ·+ tk−1xk−1g(x).

Hence, {g(x), xg(x), . . . , xk−1g(x)} spans C over Fq, and obviously it is linearly

independent. Items (3) and (4) follow from this. �

De�nition 7.10. Let C = 〈g(x)〉 be a cyclic code in Rn. Then g(x) is called the

generator polynomial of C. Moreover, the polynomial h(x) = (xn− 1)/g(x) is called

the check polynomial of C.

Lemma 7.5. Let h(x) =∑k

i=0 hixi ∈ Fq[x] be the check polynomial of C. Then, a

check matrix of C is

H =

hk hk−1 . . . h0 0 . . . 0 00 hk hk−1 . . . h0 0 . . . 0

. . . . . .0 . . . 0 hk hk−1 . . . . . . h0

.

Proof. We observe that the (i, j)th entry of HGT is∑n−1

s=0 hk−s−j+1gs−i+1 which is

the coe�cient of xk+i+j−2 of h(x)g(x)xi+j−2 = (xn − 1)xi+j−2 = 0 in Rn. Hence,

ALGEBRA II 45

HGT = 0, and it follows that C is contained in the kernel of H. But the dimension

of C is k which is the dimension of the kernel of H, and therefore H is a check

matrix of C. �

Cyclic codes can also be described by means of the roots of the generator poly-

nomial in the the splitting �eld of xn − 1 over Fq.Let g(x) be a factor of degree n − k of xn − 1. Since the derivative of xn − 1

is nxn−1 6= 0 by the assumption gcd(q, n) = 1, it follows that its roots are simple.

Hence, g(x) has exactly n− k roots in the splitting �eld of xn − 1 over Fq.

Lemma 7.6. Let C = 〈g(x)〉 be be a cyclic code of dimension k in Rn, and let

α1, . . . , αn−k be the roots of g(x). Then c(x) ∈ C if and only c(αi) = 0 for all

i = 1, . . . , n− k.

Proof. Let c(x) ∈ Rn. If c(x) ∈ C, then c(x) = t(x)g(x) for some t(x) ∈ Fq[x].

Hence, each root of g(x) is a root of c(x).

If c(x) 6∈ C, then c(x) = t(x)g(x) + r(x) with 0 ≤ deg(r) < deg(g). If each root of

g(x) were a root of c(x), then r(x) would have more roots than deg(r) roots, which

is impossible. �

Since g(αs) = 0 implies g(αqs) = g(αs)q = 0 if g(x) ∈ Fq[x], we consider the

q-cyclotomic cosets modulo n:

Cs(q, n) := {s mod n, sq mod n, sq2 mod n, . . . },

where s is an integer.

Lemma 7.7. The q-cyclotomic cosets modulo n form a partition of {0, 1, . . . , n}.

Proof. It is easy to see that relation ∼ de�ned by

a ∼ b⇔ a ∈ Cb(q, n)

is an equivalence relation on {0, 1, . . . , n}. �

Theorem 7.4. Let α be an element of order n in the splitting �eld xn − 1 over Fq.Then

xn − 1 =∏s∈S

mαs(x),

where S is a complete set of representatives of q-cyclotomic coset of s modulo n and

mαs(x) is the minimal polynomial over Fq of αs.

46 ALGEBRA II

Proof. The irreducible factors over Fq of xn − 1 are the minimal polynomials over

Fq of the roots of xn − 1. The roots of xn − 1 are the elements of 〈α〉 and the

roots of mαs(x) are exactly the the elements αj where j runs over Cs(q, n) (see

Remark 6.1). �

Corollary 7.1. Let Let C = 〈g(x)〉 be be a cyclic code of in Rn. Then g(x) =∏t∈T mt(x) for some subset T of S.

Proof. By the de�nition of a generator polynomial g(x) is a factor of xn − 1. The

corollary now follows from 7.4. �

De�nition 7.11. Let C = 〈g(x)〉 be be a cyclic code of in Rn with g(x) =∏t∈T mαt(x). Then, the set {αt | t ∈ T} is called a de�ning set of C.

Theorem 7.5. Let C = 〈g(x)〉 be be a cyclic code of dimension k in Rn, and let

{αt1 , . . . , αtr} be a de�ning set of C. Let a(x) = a0 +a1x+ · · ·+an−1xn ∈ Rn. Then,

a(x) ∈ C if and only if

1 αt1 α2t1 . . . α(n−1)t1

1 αt2 α2t2 . . . α(n−1)t2

......

......

1 αtr α2tr . . . α(n−1)tr

︸︷︷︸

=:H

a0

a1...

an−1

=

00...0

.

Proof. By Lemma 7.6, a(x) ∈ C if and only if a(αtj ) = 0 for all j = 1, . . . , r if and

only if a0 + a1αtj + · · · an−1α

(n−1)tj = 0 for all j = 1, . . . , r if and only if

(1 αtj α2tj . . . α(n−1)tj

)a0

a1...

an−1

= 0

for all j = 1, . . . , r. �

De�nition 7.12. Let C = 〈g(x)〉 be be a cyclic code of dimension k in Rn, and let

{αt1 , . . . , αtr} be a de�ning set of C. If the roots αt1 , . . . , αtr are in Fqm , then the

matrix H in Theorem 7.5 is called a check matrix of C over Fqm .

Example 7.6. Let F16 = F2(α) with α4 = α + 1. The minimal polynomials of α

and α3 over F2 are mα(x) = x4 + x + 1 and mα3(x) = x4 + x3 + x2 + x + 1. These

ALGEBRA II 47

polynomials are factors of x15 +1, and since their greatest common divisor is 1, their

product is a factor of xn + 1 as well.

Consider cyclic [15, 7] code C = 〈g(x)〉 in R15 with g(x) = mα(x)mα3(x). By

Theorem 7.5 the check matrix of C over F16 is

H =

(1 α α2 . . . α14

1 α3 α6 . . . α42

)We shall see that the minimum distance of C is at least 5 and therefore C can correct

up to 2 errors.

The encoding is simple: each message word a0 + a1x + · · · + a7x7 is encoded to

the word c(x) = a(x)g(x). Consider the decoding. Assume that the received word is

y = (y0, y1, . . . , y14), and write it in the form y = c+e where c is a code word and e

is an error vector with w(e) ≤ 2. We calculate the syndrome of y: HyT = HeT(S1

S3

).

If two errors occured, say say e(x) = xi + xj for some unknown 0 ≤ i < j ≤ 14,

then

HeT =

(αi + αj

α3i + α3j

)=

(S1

S3

).

Hence, to locate the error positions i and j we need to solve the system of equations

x+ y = S1, x3 + y3 = S3, where x = αi and y = αj, equivalently

(4) x2 + S1x+S3

1+S3

S1= 0.

If one error occured, then αi = S1 and α3i = S3, and therefore S31 = S3. We

observe that in this case equation (4) has only one nonzero solution. If no erros

occured during the transmission, then S1 = S3 = 0.

To summarize, by the following decision process we can �nd the transmitted word

c if at most two errors occured during the transmission:

(1) Evaluate the syndrome HyT =(S1

S3

)of the received word y.

(2) If S1 = S3 = 0, then decide that no errors occured.

(3) If S31 = S3 6= 0, then decide that a single error occured at the coordinate

place i, where αi = S1.

(4) If S31 6= S3, then solve equation (4). If it is not solvable, then more than two

errors occured and they can not be located. Otherwise, it has two distinct

solutions x, y and then decide that two errors occured at the coordinate

places i and j, where x = αi and y = αj.

48 ALGEBRA II

More speci�cally, assume that the received word y = 100111000000000. Then

HyT =(S1

S3

), where

S1 = 1 + α3 + α4 + α5 = α2 + α3 = α6, S3 = 1 + α9 + α12 + α15 = 1 + α2.

Now S31 = α18 = α3 6= S3. Hence, we need to solve the equation

x2 + α6x+1 + α6

α6= 0,

equivalently

x2 + α6x+ α9 + 1 = 0.

By trial and error we �nd that the two roots are x = α8 and y = α14. Hence, we

decide that the transmitted word was c = 100111001000001.

This code word corresponds to the polynomial c(x) = 1 + x3 + x4 + x5 + x8 + x14

and by dividing it with the generator polynomial g(x) we get a(x) = 1+x3 +x5 +x6.

Hence the original message word was 1001011.

De�nition 7.13. Let n be a positive integer and let m be the least positive integer

such that qm ≡ 1 (n). Let b be a nonnegative integer and let α ∈ Fqm be of order

n. A BCH code over Fq of length n and designed distance d with 2 ≤ d ≤ n is the

cyclic code with zeros αb, αb+1, . . . , αb+d−2.

If b = 1, the corresponding BCH code is called a narrow sense BCH code. If

n = qm− 1, the BCH code is called primitive. If n = q− 1, the BCH code of length

q − 1 is called a Reed-Solomon (or RS) code.

Theorem 7.6 (BCH bound). The minimum distance of a BCH code of designed

distance d is at least d.

Proof. The BCH code is the kernel (or the null space) of the matrix

H =

1 αb α2b . . . α(n−1)b

1 αb+1 α2(b+1) . . . α(n−1)(b+1)

......

......

1 αb+d−2 α2(b+d−2) . . . α(n−1)(b+d−2)

.

To prove the theorem, it is enough to show that any d − 1 distinct colums of H

are linearly independent (by Lemma 7.3). The determinant of any d − 1 distinct

ALGEBRA II 49

columns of H is∣∣∣∣∣∣∣∣αbi1 αbi2 . . . αbid−1

α(b+1)i1 α(b+1)i2 . . . α(b+1)id−1

......

...α(b+d−2)i1 α(b+d−2)i2 . . . α(b+d−2)id−1

∣∣∣∣∣∣∣∣= αb(i1+i2+···+id−1)

∣∣∣∣∣∣∣∣1 1 . . . 1αi1 αi2 . . . αid−1

......

...α(d−2)i1 α(d−2)i2 . . . α(d−2)id−1

∣∣∣∣∣∣∣∣= αb(i1+i2+···+id−1)

∏1≤k<j≤d−1

(αij − αik) 6= 0.

Hence, any d− 1 distinct colums of H are linearly independent. �

Example 7.7. In Example 7.6 we considered cyclic [15, 7] code C over F2 with a

de�ning set {α, α3}, and claimed that the minimum distance of C is at least 5. Since

α, α2, α3, and α4 are zeros of C, the BCH bound implies that the minimum distance

of C is indeed at least 5.

Date post:	23-Aug-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

ALGEBRA II - Uwasalipas.uwasa.fi/~mamo/algebraIIen.pdf · ALGEBRA II 7 Prof.o Let m2Z. By the...

Documents