57 Finite Fields

Objects in the category IsFFE are used to implement elements of finite fields. In this manual, the term finite field element always means an object in IsFFE. All finite field elements of the same characteristic form a family in GAP (see Families). Any collection of finite field elements (see IsCollection) lies in IsFFECollection, and a collection of such collections (e.g., a matrix) lies in IsFFECollColl.

For creating elements of a finite field the function Z can be used. The call Z(p,d) (alternatively Z( p^d )) returns the designated generator of the multiplicative group of the finite field with p^d elements. p must be a prime.

GAP can represent elements of all finite fields GF(p^d) such that either (1) p^d <= 65536 (in which case an extremely efficient internal representation is used); (2) d = 1, (in which case, for large p, the field is represented the machinery of Residue Class Rings (see section Residue Class Rings) or (3) if the Conway Polynomial of degree d over GF(p) is known, or can be computed, (see Conway Polynomial).

If you attempt to construct an element of GF(p^d) for which d > 1 and the relevant Conway Polynomial is not known, and not necessarily easy to find (see IsCheapConwayPolynomial), then GAP will stop with an error and enter the break loop. If you leave this break loop by entering return; GAP will attempt to compute the Conway Polynomial, which may take a very long time.

The root returned by Z is a generator of the multiplicative group of the finite field with p^d elements, which is cyclic. The order of the element is of course p^d−1. The p^d−1 different powers of the root are exactly the nonzero elements of the finite field.

Thus all nonzero elements of the finite field with p^d elements can be entered as Z(p^d)^i. Note that this is also the form that GAP uses to output those elements when they are stored in the internal representation. In larger fields, it is more convenient to enter and print elements as linear combinations of powers of the primitive element. See section Printing, Viewing and Displaying Finite Field Elements.

The additive neutral element is 0*Z(p). It is different from the integer 0 in subtle ways. First IsInt( 0*Z(p) ) (see IsInt) is false and IsFFE( 0*Z(p) ) (see IsFFE) is true, whereas it is just the other way around for the integer 0.

The multiplicative neutral element is Z(p)^0. It is different from the integer 1 in subtle ways. First IsInt( Z(p)^0 ) (see IsInt) is false and IsFFE( Z(p)^0 ) (see IsFFE) is true, whereas it is just the other way around for the integer 1. Also 1+1 is 2, whereas, e.g., Z(2)^0 + Z(2)^0 is 0*Z(2).

The various roots returned by Z for finite fields of the same characteristic are compatible in the following sense. If the field GF(pⁿ) is a subfield of the field GF(p^m), i.e., n divides m, then Z(pⁿ) = Z(p^m)^{(pm−1)/(pn−1)}. Note that this is the simplest relation that may hold between a generator of GF(pⁿ) and GF(p^m), since Z(pⁿ) is an element of order p^m−1 and Z(p^m) is an element of order pⁿ−1. This is achieved by choosing Z(p) as the smallest primitive root modulo p and Z(pⁿ) as a root of the n-th Conway polynomial (see ConwayPolynomial) of characteristic p. Those polynomials were defined by J. H. Conway, and many of them were computed by R. A. Parker.

gap> a:= Z( 32 );
Z(2^5)
gap> a+a;
0*Z(2)
gap> a*a;
Z(2^5)^2
gap> b := Z(3,12);
z
gap> b*b;
z2
gap> b+b;
2z
gap> Print(b^100,"\n");
Z(3)^0+Z(3,12)^5+Z(3,12)^6+2*Z(3,12)^8+Z(3,12)^10+Z(3,12)^11

gap> Z(11,40);
Error, Conway Polynomial 11^40 will need to computed and might be slow
return to continue called from
FFECONWAY.ZNC( p, d ) called from
<function>( <arguments> ) called from read-eval-loop
Entering break read-eval-print loop ...
you can 'quit;' to quit to outer loop, or
you can 'return;' to continue
brk> 

Elements of finite fields can be compared using the operators = and <. The call a = b returns true if and only if the finite field elements a and b are equal. Furthermore a < b tests whether a is smaller than b. The exact behaviour of this comparison depends on which of two Categories the field elements belong to:

Finite field elements are ordered in GAP (by <) first by characteristic and then by their degree (ie the size of the smallest field containing them). Amongst irreducible elements of a given field, the ordering depends on which of these categories the elements of the field belong to (all elements of a given field should belong to the same one)

Elements in 'IsLexOrderedFFE' are ordered lexicographically by their coefficients with respect to the canonical basis of the field

Elements in 'IsLogOrderedFFE' are ordered according to their discrete logarithms with respect to the 'PrimitiveElement' of the field.

For the comparison of finite field elements with other GAP objects, see Comparisons.

gap> Z( 16 )^10 = Z( 4 )^2;  # this illustrates the embedding of GF(4) in GF(16)
true
gap> 0 < 0*Z(101);
true
gap> Z(256) > Z(101);
false
gap> Z(2,20) < Z(2,20)^2; # this illustrates the lexicographic ordering 
false

57.2 Operations for Finite Field Elements

Since finite field elements are scalars, the operations Characteristic, One, Zero, Inverse, AdditiveInverse, Order can be applied to then (see Attributes and Properties of Elements). Contrary to the situation with other scalars, Order is defined also for the zero element in a finite field, with value 0.

gap> Characteristic( Z( 16 )^10 );  Characteristic( Z( 9 )^2 );
2
3
gap> Characteristic( [ Z(4), Z(8) ] );
2
gap> One( Z(9) );  One( 0*Z(4) );
Z(3)^0
Z(2)^0
gap> Inverse( Z(9) );  AdditiveInverse( Z(9) );
Z(3^2)^7
Z(3^2)^5
gap> Order( Z(9)^7 );
8

DegreeFFE returns the degree of the smallest finite field F containing the element z, respectively all elements of the vector vec over a finite field (see Row Vectors), or matrix mat over a finite field (see Matrices).

gap> DegreeFFE( Z( 16 )^10 );
2
gap> DegreeFFE( Z( 16 )^11 );
4
gap> DegreeFFE( [ Z(2^13), Z(2^10) ] );
130

LogFFE returns the discrete logarithm of the element z in a finite field with respect to the root r. An error is signalled if z is zero, or if z is not a power of r.

The discrete logarithm of an element z with respect to a root r is the smallest nonnegative integer i such that rⁱ = z.

gap> LogFFE( Z(409)^116, Z(409) );  LogFFE( Z(409)^116, Z(409)^2 );
116
58

IntFFE returns the integer corresponding to the element z, which must lie in a finite prime field. That is IntFFE returns the smallest nonnegative integer i such that i * One( z ) = z.

The correspondence between elements from a finite prime field of characteristic p (for p < 2¹⁶) and the integers between 0 and p−1 is defined by choosing Z(p) the element corresponding to the smallest primitive root mod p (see PrimitiveRootMod).

IntFFE is installed as a method for the operation Int (see Int) with argument a finite field element.

gap> IntFFE( Z(13) );  PrimitiveRootMod( 13 );
2
2
gap> IntFFE( Z(409) );
21
gap> IntFFE( Z(409)^116 );  21^116 mod 409;
311
311

For a finite prime field element z, IntFFESymm returns the corresponding integer of smallest absolute value. That is IntFFESymm returns the integer i of smallest absolute value that i * One( z ) = z.

For a vector vec, the operation returns the result if applying IntFFESymm to every entry of the vector.

The correspondence between elements from a finite prime field of characteristic p (for p < 2¹⁶) and the integers between −p/2 and p/2 is defined by choosing Z(p) the element corresponding to the smallest positive primitive root mod p (see PrimitiveRootMod) and reducing results to the −p/2·.p/2 range.

gap> IntFFE(Z(13)^2);IntFFE(Z(13)^3);
4
8
gap> IntFFESymm(Z(13)^2);IntFFESymm(Z(13)^3);
4
-5

is the list of integers corresponding to the vector vecffe of finite field elements in a prime field (see IntFFE).

57.3 Creating Finite Fields

DefaultField (see DefaultField) and DefaultRing (see DefaultRing) for finite field elements are defined to return the smallest field containing the given elements.

gap> DefaultField( [ Z(4), Z(4)^2 ] );  DefaultField( [ Z(4), Z(8) ] );
GF(2^2)
GF(2^6)

GaloisField returns a finite field. It takes two arguments. The form GaloisField( p, d ), where p, d are integers, can also be given as GaloisField( p^d ). GF is an abbreviation for GaloisField.

The first argument specifies the subfield S over which the new field F is to be taken. It can be a prime or a finite field. If it is a prime p, the subfield is the prime field of this characteristic.

The second argument specifies the extension. It can be an integer or an irreducible polynomial over the field S. If it is an integer d, the new field is constructed as the polynomial extension with the Conway polynomial (see ConwayPolynomial) of degree d over the subfield S. If it is an irreducible polynomial pol over S, the new field is constructed as polynomial extension of the subfield S with this polynomial; in this case, pol is accessible as the value of DefiningPolynomial (see DefiningPolynomial) for the new field, and a root of pol in the new field is accessible as the value of RootOfDefiningPolynomial (see RootOfDefiningPolynomial).

Note that the subfield over which a field was constructed determines over which field the Galois group, conjugates, norm, trace, minimal polynomial, and trace polynomial are computed (see GaloisGroup!of field, Conjugates, Norm, Trace!for field elements, MinimalPolynomial!over a field, TracePolynomial).

The field is regarded as a vector space (see Vector Spaces) over the given subfield, so this determines the dimension and the canonical basis of the field.

gap> f1:= GF( 2^4 );
GF(2^4)
gap> Size( GaloisGroup ( f1 ) );
4
gap> BasisVectors( Basis( f1 ) );
[ Z(2)^0, Z(2^4), Z(2^4)^2, Z(2^4)^3 ]
gap> f2:= GF( GF(4), 2 );
AsField( GF(2^2), GF(2^4) )
gap> Size( GaloisGroup( f2 ) );
2
gap> BasisVectors( Basis( f2 ) );
[ Z(2)^0, Z(2^4) ]

A primitive root of a finite field is a generator of its multiplicative group. A primitive root is always a primitive element (see PrimitiveElement), the converse is in general not true.

gap> f:= GF( 3^5 );
GF(3^5)
gap> PrimitiveRoot( f );
Z(3^5)

57.4 FrobeniusAutomorphism

returns the Frobenius automorphism of the finite field F as a field homomorphism (see Ring Homomorphisms).

The Frobenius automorphism f of a finite field F of characteristic p is the function that takes each element z of F to its p-th power. Each automorphism of F is a power of f. Thus f is a generator for the Galois group of F relative to the prime field of F, and an appropriate power of f is a generator of the Galois group of F over a subfield (see GaloisGroup!of field).

gap> f := GF(16);
GF(2^4)
gap> x := FrobeniusAutomorphism( f );
FrobeniusAutomorphism( GF(2^4) )
gap> Z(16) ^ x;
Z(2^4)^2
gap> x^2;
FrobeniusAutomorphism( GF(2^4) )^2

The image of an element z under the i-th power of f is computed as the pⁱ-th power of z. The product of the i-th power and the j-th power of f is the k-th power of f, where k is i j mod Size(F )−1. The zeroth power of f is IdentityMapping( F ).

57.5 Conway Polynomials

is the Conway polynomial of the finite field GF(pⁿ) as polynomial over the prime field in characteristic p.

The Conway polynomial Φ_n,p of GF(pⁿ) is defined by the following properties.

First define an ordering of polynomials of degree n over GF(p) as follows. f = ∑_i=0ⁿ (−1)ⁱ f_i xⁱ is smaller than g = ∑_i=0ⁿ (−1)ⁱ g_i xⁱ if and only if there is an index m ≤ n such that f_i = g_i for all i > m, and [(f_m)~] < [(g_m)~], where [(c)~] denotes the integer value in { 0, 1, …, p−1 } that is mapped to c ∈ GF(p) under the canonical epimorphism that maps the integers onto GF(p).

Φ_n,p is primitive over GF(p) (see IsPrimitivePolynomial). That is, Φ_n,p is irreducible, monic, and is the minimal polynomial of a primitive root of GF(pⁿ).

For all divisors d of n the compatibility condition Φ_d,p( x^{[(pn−1)/(pm−1)]} ) ≡ 0 mod Φ_n,p(x) holds. (That is, the appropriate power of a zero of Φ_n,p is a zero of the Conway polynomial Φ_d,p.)

With respect to the ordering defined above, Φ_n,p shall be minimal.

The computation of Conway polynomials can be time consuming. Therefore, GAP comes with a list of precomputed polynomials. If a requested polynomial is not stored then GAP prints a warning and computes it by checking all polynomials in the order defined above for the defining conditions. If n is not a prime this is probably a very long computation. (Some previously known polynomials with prime n are not stored in GAP because they are quickly recomputed.) Use the function IsCheapConwayPolynomial to check in advance if ConwayPolynomial will give a result after a short time.

Note that primitivity of a polynomial can only be checked if GAP can factorize pⁿ−1. A sufficiently new version of the FactInt package contains many precomputed factors of such numbers from various factorization projects.

See L03 for further information on known Conway polynomials.

If pol is a result returned by ConwayPolynomial the command Print( InfoText( pol ) ); will print some info on the origin of that particular polynomial.

For some purposes it may be enough to have any primitive polynomial for an extension of a finite field instead of the Conway polynomial, see RandomPrimitivePolynomial below.

gap> ConwayPolynomial( 2, 5 );  ConwayPolynomial( 3, 7 );
x_1^5+x_1^2+Z(2)^0
x_1^7-x_1^2+Z(3)^0

Returns true if ConwayPolynomial( p, n ) will give a result in reasonable time. This is either the case when this polynomial is pre-computed, or if n is a not too big prime.

For a finite field F and a positive integer n this function returns a primitive polynomial of degree n over F, that is a zero of this polynomial has maximal multiplicative order |F |ⁿ−1. If i is given then the polynomial is written in variable number i over F (see Indeterminate), the default for i is 1.

Alternatively, F can be a prime power q, then F = GF(q) is assumed. And i can be a univariate polynomial over F, then the result is a polynomial in the same variable.

This function can work for much larger fields than those for which Conway polynomials are available, of course GAP must be able to factorize |F |ⁿ−1.

57.6 Printing, Viewing and Displaying Finite Field Elements

Internal finite field elements are Viewed, Printed and Displayed (see section View and Print for the distinctions between these operations) as powers of the primitive root (except for the zero element, which is displayed as 0 times the primitive root). Thus:

gap> Z(2);
Z(2)^0
gap> Z(5)+Z(5);
Z(5)^2
gap> Z(256);
Z(2^8)
gap> Zero(Z(125));
0*Z(5)

Note also that each element is displayed as an element of the field it generates. Note also that the size of the field is printed as a power of the characteristic.

Elements of larger fields are printed as GAP expressions with represent them as a sum of low powers of the primitive root:

gap> Print(Z(3,20)^100,"\n");
2*Z(3,20)^2+Z(3,20)^4+Z(3,20)^6+Z(3,20)^7+2*Z(3,20)^9+2*Z(3,20)^10+2*Z(3,20)^1\
2+2*Z(3,20)^15+2*Z(3,20)^17+Z(3,20)^18+Z(3,20)^19
gap> Print(Z(3,20)^((3^20-1)/(3^10-1)),"\n");
Z(3,20)^3+2*Z(3,20)^4+2*Z(3,20)^7+Z(3,20)^8+2*Z(3,20)^10+Z(3,20)^11+2*Z(3,20)^\
12+Z(3,20)^13+Z(3,20)^14+Z(3,20)^15+Z(3,20)^17+Z(3,20)^18+2*Z(3,20)^19
gap> Z(3,20)^((3^20-1)/(3^10-1)) = Z(3,10);
true

Note from the second example above, that these elements are not always written over the smallest possible field before being output.

The View and Display methods for these large finite field elements use a slightly more compact, but mathematically equivalent representation. The primitive root is represented by z; its ith power by zi and k times this power by kzi.

gap> Z(5,20)^100;
z2+z4+4z5+2z6+z8+3z9+4z10+3z12+z13+2z14+4z16+3z17+2z18+2z19

This output format is always used for Display. For View it is used only if its length would not exceed ViewLength lines. Longer output is replaced by <<an element of GF(p, d)>>.

gap> Z(2,409)^100000;
<<an element of GF(2, 409)>>
gap> Display(Z(2,409)^100000);
z2+z3+z4+z5+z6+z7+z8+z10+z11+z13+z17+z19+z20+z29+z32+z34+z35+z37+z40+z45+z46+z\
48+z50+z52+z54+z55+z58+z59+z60+z66+z67+z68+z70+z74+z79+z80+z81+z82+z83+z86+z91\
+z93+z94+z95+z96+z98+z99+z100+z101+z102+z104+z106+z109+z110+z112+z114+z115+z11\
8+z119+z123+z126+z127+z135+z138+z140+z142+z143+z146+z147+z154+z159+z161+z162+z\
168+z170+z171+z173+z174+z181+z182+z183+z186+z188+z189+z192+z193+z194+z195+z196\
+z199+z202+z204+z205+z207+z208+z209+z211+z212+z213+z214+z215+z216+z218+z219+z2\
20+z222+z223+z229+z232+z235+z236+z237+z238+z240+z243+z244+z248+z250+z251+z256+\
z258+z262+z263+z268+z270+z271+z272+z274+z276+z282+z286+z288+z289+z294+z295+z29\
9+z300+z301+z302+z303+z304+z305+z306+z307+z308+z309+z310+z312+z314+z315+z316+z\
320+z321+z322+z324+z325+z326+z327+z330+z332+z335+z337+z338+z341+z344+z348+z350\
+z352+z353+z356+z357+z358+z360+z362+z364+z366+z368+z372+z373+z374+z375+z378+z3\
79+z380+z381+z383+z384+z386+z387+z390+z395+z401+z402+z406+z408

Finally note that elements of large prime fields are stored and displayed as residue class objects. So

gap> Z(65537);
ZmodpZObj( 3, 65537 )

[Top] [Up] [Previous] [Next] [Index]

GAP 4 manual
March 2006