Editing Finite field

{{Short description|Algebraic structure}}
{{Redirect|Galois field|Galois field extensions|Galois extension}}
{{more footnotes needed|date=February 2015}}
{{Algebraic structures}}
In [[mathematics]], a '''finite field''' or '''Galois field''' (so-named in honor of [[Évariste Galois]]) is a [[field (mathematics)|field]] that contains a finite number of [[Element (mathematics)|elements]].  As with any field, a finite field is a [[Set (mathematics)|set]] on which the operations of multiplication, addition, subtraction and division are defined and satisfy certain basic rules.  The most common examples of finite fields are the [[integers mod n|integers mod <math>p</math>]] when <math>p</math> is a [[prime number]].

The ''order'' of a finite field is its number of elements, which is either a prime number or a [[prime power]]. For every prime number <math>p</math> and every positive integer <math>k</math> there are fields of order <math>p^k</math>. All finite fields of a given order are [[isomorphism|isomorphic]].

Finite fields are fundamental in a number of areas of mathematics and [[computer science]], including [[number theory]], [[algebraic geometry]], [[Galois theory]], [[finite geometry]], [[cryptography]] and [[coding theory]].

== Properties ==

A finite field is a finite set that is a [[field (mathematics)|field]]; this means that multiplication, addition, subtraction and division (excluding division by zero) are defined and satisfy the rules of arithmetic known as the [[field axioms]].<ref name=":0">{{Cite book |last=Dummit |first=David Steven |title=Abstract algebra |last2=Foote |first2=Richard M. |date=2004 |publisher=Wiley |isbn=978-0-471-43334-7 |edition=3rd |location=Hoboken, NJ}}</ref>

The number of elements of a finite field is called its ''order'' or, sometimes, its ''size''. A finite field of order <math>q</math> exists if and only if <math>q</math> is a [[prime power]] <math>p^k</math> (where <math>p</math> is a prime number and <math>k</math> is a positive integer). In a field of order <math>p^k</math>, adding <math>p</math> copies of any element always results in zero; that is, the [[characteristic (algebra)|characteristic]] of the field is <math>p</math>.<ref name=":0" />

For <math>q=p^k</math>, all fields of order <math>q</math> are [[isomorphic]] (see ''{{slink||Existence and uniqueness}}'' below).<ref name="moore"/> Moreover, a field cannot contain two different finite [[field extension|subfield]]s with the same order. One may therefore identify all finite fields with the same order, and they are unambiguously denoted <math>\mathbb{F}_{q}</math>, <math>\mathbf{F}_q</math> or <math>\mathrm{GF}(q)</math>, where the letters GF stand for "Galois field".<ref>This latter notation was introduced by [[E. H. Moore]] in an address given in 1893 at the International Mathematical Congress held in Chicago {{harvnb|Mullen|Panario|2013|loc = p.&nbsp;10}}.</ref>

In a finite field of order <math>q</math>, the [[polynomial]] <math>X^q-X</math> has all <math>q</math> elements of the finite field as [[root of a polynomial|root]]s.{{Citation needed|date=April 2025}} The non-zero elements of a finite field form a [[multiplicative group]]. This group is [[cyclic group|cyclic]], so all non-zero elements can be expressed as powers of a single element called a [[primitive element (finite field)|primitive element]] of the field. (In general there will be several primitive elements for a given field.)<ref name=":0" />

The simplest examples of finite fields are the fields of prime order: for each [[prime number]] <math>p</math>, the [[prime field]] of order <math>p</math> may be constructed as the [[modular arithmetic|integers modulo <math>p</math>]], <math>\mathbb{Z}/p\mathbb{Z}</math>.<ref name=":0" />

The elements of the prime field of order <math>p</math> may be represented by integers in the range <math>0,\ldots,p - 1</math>. The sum, the difference and the product are the [[Euclidean division|remainder of the division]] by <math>p</math> of the result of the corresponding integer operation.<ref name=":0" /> The multiplicative inverse of an element may be computed by using the extended Euclidean algorithm (see ''{{slink|Extended Euclidean algorithm|Modular integers}}'').{{Citation needed|date=April 2025}}

Let <math>F</math> be a finite field. For any element <math>x</math> in <math>F</math> and any [[integer]] <math>n</math>, denote by <math>n \cdot x</math> the sum of <math>n</math> copies of <math>x</math>. The least positive <math>n</math> such that <math>n \cdot 1 = 0</math> is the characteristic <math>p</math> of the field.<ref name=":0" /> This allows defining a multiplication <math>(k,x) \mapsto k \cdot x</math> of an element <math>k</math> of <math>\mathrm{GF}(p)</math> by an element <math>x</math> of <math>F</math> by choosing an integer representative for <math>k</math>. This multiplication makes <math>F</math> into a <math>\mathrm{GF}(p)</math>-[[vector space]].<ref name=":0" /> It follows that the number of elements of <math>F</math> is <math>p^n</math> for some integer <math>n</math>.<ref name=":0" />

The [[identity (mathematics)|identity]]
<math display="block" id="powersum">(x+y)^p=x^p+y^p</math>
(sometimes called the [[freshman's dream]]) is true in a field of characteristic <math>p</math>.  This follows from the [[binomial theorem]], as each [[binomial coefficient]] of the expansion of <math>(x+y)^p</math>, except the first and the last, is a multiple of <math>p</math>.{{Citation needed|date=April 2025}}

By [[Fermat's little theorem]], if <math>p</math> is a prime number and <math>x</math> is in the field <math>\mathrm{GF}(p)</math> then <math>x^p=x</math>.  This implies the equality
<math display="block">X^p-X=\prod_{a\in \mathrm{GF}(p)} (X-a)</math>
for polynomials over <math>\mathrm{GF}(p)</math>.  More generally, every element in <math>\mathrm{GF}(p^n)</math> satisfies the polynomial equation <math>x^{p^n}-x=0</math>.{{Citation needed|date=April 2025}}

Any finite [[field extension]] of a finite field is [[Separable extension|separable]] and simple.  That is, if <math>E</math> is a finite field and <math>F</math> is a subfield of <math>E</math>, then <math>E</math> is obtained from <math>F</math> by adjoining a single element whose [[Minimal polynomial (field theory)|minimal polynomial]] is [[Separable polynomial|separable]]. To use a piece of jargon, finite fields are [[perfect field|perfect]].<ref name=":0" />

A more general [[algebraic structure]] that satisfies all the other axioms of a field, but whose multiplication is not required to be [[Commutative property|commutative]], is called a [[division ring]] (or sometimes ''skew field''). By [[Wedderburn's little theorem]], any finite division ring is commutative, and hence is a finite field.<ref name=":0" />

== Existence and uniqueness ==
Let <math>q=p^n</math> be a [[prime power]], and <math>F</math> be the [[splitting field]] of the polynomial 
<math display="block">P = X^q-X</math>
over the prime field <math>\mathrm{GF}(p)</math>. This means that <math>F</math> is a finite field of lowest order, in which <math>P</math> has <math>q</math> distinct roots (the [[formal derivative]] of <math>P</math> is <math>P'=-1</math>, implying that <math>\mathrm{gcd}(P,P')=1</math>, which in general implies that the splitting field is a [[separable extension]] of the original). The [[#powersum|above identity]] shows that the sum and the product of two roots of <math>P</math> are roots of <math>P</math>, as well as the multiplicative inverse of a root of <math>P</math>. In other words, the roots of <math>P</math> form a field of order <math>q</math>, which is equal to <math>F</math> by the minimality of the splitting field.

The uniqueness up to isomorphism of splitting fields implies thus that all fields of order <math>q</math> are isomorphic. Also, if a field <math>F</math> has a field of order <math>q=p^k</math> as a subfield, its elements are the <math>q</math> roots of <math>X^q-X</math>, and <math>F</math> cannot contain another subfield of order <math>q</math>.

In summary, we have the following classification theorem first proved in 1893 by [[E.&nbsp;H.&nbsp;Moore]]:<ref name="moore">{{citation|first=E. H.|last=Moore|author-link=E. H. Moore|chapter=A doubly-infinite system of simple groups|editor=E. H. Moore |display-editors=etal |title=Mathematical Papers Read at the International Mathematics Congress Held in Connection with the World's Columbian Exposition|pages=208–242|publisher=Macmillan & Co.|year=1896}}</ref>
<blockquote>
The order of a finite field is a prime power. For every prime power <math>q</math> there are fields of order <math>q</math>, and they are all isomorphic. In these fields, every element satisfies
<math display="block">
 x^q = x,
</math>
and the polynomial <math>X^q - X</math> factors as
<math display="block">
 X^q - X = \prod_{a\in F} (X - a).
</math>
</blockquote>

It follows that <math>\mathrm{GF}(p^n)</math> contains a subfield isomorphic to <math>\mathrm{GF}(p^m)</math> if and only if <math>m</math> is a divisor of <math>n</math>; in that case, this subfield is unique. In fact, the polynomial <math>X^{p^m}-X</math> divides <math>X^{p^n}-X</math> if and only if <math>m</math> is a divisor of <math>n</math>.

== Explicit construction ==

=== Non-prime fields ===
Given a prime power <math>q=p^n</math> with <math>p</math> prime and <math>n > 1 </math>, the field <math>\mathrm{GF}(q)</math> may be explicitly constructed in the following way. One first chooses an [[irreducible polynomial]] <math>P</math> in <math>\mathrm{GF}(p)[X]</math> of degree <math>n</math> (such an irreducible polynomial always exists). Then the [[quotient ring]] 
<math display="block">\mathrm{GF}(q) = \mathrm{GF}(p)[X]/(P)</math>
of the polynomial ring <math>\mathrm{GF}(p)[X]</math> by the ideal generated by <math>P</math> is a field of order <math>q</math>.

More explicitly, the elements of <math>\mathrm{GF}(q)</math> are the polynomials over <math>\mathrm{GF}(p)</math> whose degree is strictly less than <math>n</math>. The addition and the subtraction are those of polynomials over <math>\mathrm{GF}(p)</math>. The product of two elements is the remainder of the [[Euclidean division of polynomials|Euclidean division]] by <math>P</math> of the product in <math>\mathrm{GF}(q)[X]</math>.
The multiplicative inverse of a non-zero element may be computed with the extended Euclidean algorithm; see ''{{slink|Extended Euclidean algorithm#Simple algebraic field extensions}}''.

However, with this representation, elements of <math>\mathrm{GF}(q)</math> may be difficult to distinguish from the corresponding polynomials. Therefore, it is common to give a name, commonly <math>\alpha</math> to the element of <math>\mathrm{GF}(q)</math> that corresponds to the polynomial <math>X</math>. So, the elements of <math>\mathrm{GF}(q)</math> become polynomials in <math>\alpha</math>, where <math>P(\alpha)=0</math>, and, when one encounters a polynomial in <math>\alpha</math> of degree greater or equal to <math>n</math> (for example after a multiplication), one knows that one has to use the relation <math>P(\alpha)=0</math> to reduce its degree (it is what Euclidean division is doing).

Except in the construction of <math>\mathrm{GF}(4)</math>, there are several possible choices for <math>P</math>, which produce isomorphic results. To simplify the Euclidean division, one commonly chooses for <math>P</math> a polynomial of the form 
<math display="block">X^n + aX + b,</math>
which make the needed Euclidean divisions very efficient. However, for some fields, typically in characteristic <math>2</math>, irreducible polynomials of the form <math>X^n+aX+b</math> may not exist. In characteristic <math>2</math>, if the polynomial <math>X^n+X+1</math> is reducible, it is recommended to choose <math>X^n+X^k+1</math> with the lowest possible <math>k</math> that makes the polynomial irreducible. If all these [[trinomial]]s are reducible, one chooses "pentanomials" <math>X^n+X^a+X^b+X^c+1</math>, as polynomials of degree greater than <math>1</math>, with an even number of terms, are never irreducible in characteristic <math>2</math>, having <math>1</math> as a root.<ref>{{citation|publisher=[[National Institute of Standards and Technology]]|url=http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf |archive-url=https://web.archive.org/web/20080719074906/http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf |archive-date=2008-07-19 |url-status=live|title=Recommended Elliptic Curves for Government Use|pages=3|date=July 1999}}</ref>

A possible choice for such a polynomial is given by [[Conway polynomial (finite fields)|Conway polynomials]]. They ensure a certain compatibility between the representation of a field and the representations of its subfields.

In the next sections, we will show how the general construction method outlined above works for small finite fields.

=== Field with four elements ===
The smallest non-prime field is the field with four elements, which is commonly denoted <math>\mathrm{GF}(4)</math> or <math>\mathbb{F}_4.</math> It consists of the four elements <math>0, 1, \alpha, 1 + \alpha</math> such that <math>\alpha^2=1+\alpha</math>, <math>1 \cdot \alpha = \alpha \cdot 1 = \alpha</math>, <math>x+x=0</math>, and <math>x \cdot 0 = 0 \cdot x = 0</math>, for every <math>x \in \mathrm{GF}(4)</math>, the other operation results being easily deduced from the [[distributive law]]. See below for the complete operation tables.

This may be deduced as follows from the results of the preceding section.

Over <math>\mathrm{GF}(2)</math>, there is only one [[irreducible polynomial]] of degree <math>2</math>:
<math display="block">X^2+X+1</math>
Therefore, for <math>\mathrm{GF}(4)</math> the construction of the preceding section must involve this polynomial, and
<math display="block">\mathrm{GF}(4) = \mathrm{GF}(2)[X]/(X^2+X+1).</math>
Let <math>\alpha</math> denote a root of this polynomial in <math>\mathrm{GF}(4)</math>. This implies that
<math display="block">\alpha^2 = 1 + \alpha,</math>
and that <math>\alpha</math> and <math>1+\alpha</math> are the elements of <math>\mathrm{GF}(4)</math> that are not in <math>\mathrm{GF}(2)</math>. The tables of the operations in <math>\mathrm{GF}(4)</math> result from this, and are as follows:
{| style="border-spacing:1.7em 0"
|
{| class="wikitable"
|+ Addition <math>x + y</math>
|-
! style="width:24%;" {{diagonal split header|{{math|''x''}}|{{math|''y''}}}} !! style="width:20%;"| {{math|0}} !! style="width:20%;"| {{math|1}} !! style="width:20%;"| {{math|''α''}} !! style="width:20%;"| {{math|1 + ''α''}}
|-
!style="text-align:left"| {{math|0}}
| {{math|0}}
| {{math|1}}
| {{math|''α''}}
| {{math|1 + ''α''}}
|-
!style="text-align:left"| {{math|1}}
| {{math|1}}
| {{math|0}}
| {{math|1 + ''α''}}
| {{math|''α''}}
|-
!style="text-align:left"| {{math|''α''}}
|| {{math|''α''}}
| {{math|1 + ''α''}}
| {{math|0}}
| {{math|1}}
|-
!style="text-align:left"| {{math|1 + ''α''}}
| {{math|1 + ''α''}}
| {{math|''α''}}
| {{math|1}}
| {{math|0}}
|}
|
{| class="wikitable"
|+ Multiplication <math>x \cdot y</math>
|-
! style="width:28%;" {{diagonal split header|{{math|''x''}}|{{math|''y''}}}} !! style="width:12%;"| {{math|0}} !! style="width:20%;"| {{math|1}} !! style="width:20%;"| {{math|''α''}} !! style="width:20%;"| {{math|1 + ''α''}}
|-
!style="text-align:left"| {{math|0}}
| {{math|0}}
| {{math|0}}
|| {{math|0}}
|| {{math|0}}
|-
!style="text-align:left"| {{math|1}}
| {{math|0}}
| {{math|1}}
|| {{math|''α''}}
|| {{math|1 + ''α''}}
|-
!style="text-align:left"| {{math|''α''}}
|| {{math|0}}
|| {{math|''α''}}
|| {{math|1 + ''α''}}
|| {{math|1}}
|-
!style="text-align:left"| {{math|1 + ''α''}}
|| {{math|0}}
|| {{math|1 + ''α''}}
|| {{math|1}}
|| {{math|''α''}}
|}
|
{| class="wikitable"
|+ Division <math>x \div y</math>
|-
! style="width:24%;" {{diagonal split header|{{math|''x''}}|{{math|''y''}}}} !! style="width:20%;"| {{math|1}} !! style="width:20%;"| {{math|''α''}} !! style="width:20%;"| {{math|1 + ''α''}}
|-
!style="text-align:left"| {{math|0}}
| {{math|0}}
|| {{math|0}}
|| {{math|0}}
|-
!style="text-align:left"| {{math|1}}
| {{math|1}}
|| {{math|1 + ''α''}}
|| {{math|''α''}}
|-
!style="text-align:left"| {{math|''α''}}
|| {{math|''α''}}
|| {{math|1}}
|| {{math|1 + ''α''}}
|-
!style="text-align:left"| {{math|1 + ''α''}}
|| {{math|1 + ''α''}}
|| {{math|''α''}}
|| {{math|1}}
|}
|}
A table for subtraction is not given, because subtraction is identical to addition, as is the case for every field of characteristic 2.
In the third table, for the division of <math>x</math> by <math>y</math>, the values of <math>x</math> must be read in the left column, and the values of <math>y</math> in the top row. (Because <math>0 \cdot z = 0</math> for every <math>z</math> in every [[Ring (mathematics)|ring]] the [[division by 0]] has to remain undefined.) From the tables, it can be seen that the additive structure of <math>\mathrm{GF}(4)</math> is isomorphic to the [[Klein four-group]], while the non-zero multiplicative structure is isomorphic to the group <math>Z_3</math>.

The map
<math display="block"> \varphi:x \mapsto x^2</math>
is the non-trivial field automorphism, called the [[#Frobenius automorphism and Galois theory|Frobenius automorphism]], which sends <math>\alpha</math> into the second root <math>1+\alpha</math> of the above-mentioned irreducible polynomial <math>X^2+X+1</math>.

=== GF(''p''<sup>2</sup>) for an odd prime ''p'' ===
For applying the [[#Non-prime fields|above general construction]] of finite fields in the case of <math>\mathrm{GF}(p^2)</math>, one has to find an irreducible polynomial of degree 2. For <math>p=2</math>, this has been done in the preceding section. If <math>p</math> is an odd prime, there are always irreducible polynomials of the form <math>X^2-r</math>, with <math>r</math> in <math>\mathrm{GF}(p)</math>.

More precisely, the polynomial <math>X^2-r</math> is irreducible over <math>\mathrm{GF}(p)</math> if and only if <math>r</math> is a [[quadratic non-residue]] modulo <math>p</math> (this is almost the definition of a quadratic non-residue). There are <math>\frac{p-1}{2}</math> quadratic non-residues modulo <math>p</math>. For example, <math>2</math> is a quadratic non-residue for <math>p=3,5,11,13,\ldots</math>, and <math>3</math> is a quadratic non-residue for <math>p=5,7,17,\ldots</math>. If <math>p \equiv 3 \mod 4</math>, that is <math>p=3,7,11,19,\ldots</math>, one may choose <math>-1 \equiv p - 1</math> as a quadratic non-residue, which allows us to have a very simple irreducible polynomial <math>X^2+1</math>.

Having chosen a quadratic non-residue <math>r</math>, let <math>\alpha</math> be a symbolic square root of <math>r</math>, that is, a symbol that has the property <math>\alpha^2=r</math>, in the same way that the complex number <math>i</math> is a symbolic square root of <math>-1</math>. Then, the elements of <math>\mathrm{GF}(p^2)</math> are all the linear expressions
<math display="block">a+b\alpha,</math>
with <math>a</math> and <math>b</math> in <math>\mathrm{GF}(p)</math>. The operations on <math>\mathrm{GF}(p^2)</math> are defined as follows (the operations between elements of <math>\mathrm{GF}(p)</math> represented by Latin letters are the operations in <math>\mathrm{GF}(p)</math>):
<math display="block">\begin{align}
-(a+b\alpha)&=-a+(-b)\alpha\\
(a+b\alpha)+(c+d\alpha)&=(a+c)+(b+d)\alpha\\
(a+b\alpha)(c+d\alpha)&=(ac + rbd)+ (ad+bc)\alpha\\
(a+b\alpha)^{-1}&=a(a^2-rb^2)^{-1}+(-b)(a^2-rb^2)^{-1}\alpha
\end{align}</math>

=== GF(8) and GF(27) ===
The polynomial
<math display="block">X^3-X-1</math>
is irreducible over <math>\mathrm{GF}(2)</math> and <math>\mathrm{GF}(3)</math>, that is, it is irreducible [[modulo]] <math>2</math> and <math>3</math> (to show this, it suffices to show that it has no root in <math>\mathrm{GF}(2)</math> nor in <math>\mathrm{GF}(3)</math>). It follows that the elements of <math>\mathrm{GF}(8)</math> and <math>\mathrm{GF}(27)</math> may be represented by [[expression (mathematics)|expressions]]
<math display="block">a+b\alpha+c\alpha^2,</math>
where <math>a, b, c</math> are elements of <math>\mathrm{GF}(2)</math> or <math>\mathrm{GF}(3)</math> (respectively), and <math>\alpha</math> is a symbol such that 
<math display="block">\alpha^3=\alpha+1.</math>

The addition, additive inverse and multiplication on <math>\mathrm{GF}(8)</math> and <math>\mathrm{GF}(27)</math> may thus be defined as follows; in following formulas, the operations between elements of <math>\mathrm{GF}(2)</math> or <math>\mathrm{GF}(3)</math>, represented by Latin letters, are the operations in <math>\mathrm{GF}(2)</math> or <math>\mathrm{GF}(3)</math>, respectively:
<math display="block">
\begin{align}
-(a+b\alpha+c\alpha^2)&=-a+(-b)\alpha+(-c)\alpha^2 \qquad\text{(for } \mathrm{GF}(8), \text{this operation is the identity)}\\
(a+b\alpha+c\alpha^2)+(d+e\alpha+f\alpha^2)&=(a+d)+(b+e)\alpha+(c+f)\alpha^2\\
(a+b\alpha+c\alpha^2)(d+e\alpha+f\alpha^2)&=(ad + bf+ce)+ (ae+bd+bf+ce+cf)\alpha+(af+be+cd+cf)\alpha^2
\end{align}
</math>

=== GF(16) ===
The polynomial
<math display="block">X^4+X+1</math>
is irreducible over <math>\mathrm{GF}(2)</math>, that is, it is irreducible modulo <math>2</math>. It follows that the elements of <math>\mathrm{GF}(16)</math> may be represented by [[expression (mathematics)|expressions]]
<math display="block">a+b\alpha+c\alpha^2+d\alpha^3,</math>
where <math>a,b,c,d</math> are either <math>0</math> or <math>1</math> (elements of <math>\mathrm{GF}(2)</math>), and <math>\alpha</math> is a symbol such that 
<math display="block">\alpha^4=\alpha+1</math>
(that is, <math>\alpha</math> is defined as a root of the given irreducible polynomial).  As the characteristic of <math>\mathrm{GF}(2)</math> is <math>2</math>, each element is its additive inverse in <math>\mathrm{GF}(16)</math>.  The addition and multiplication on <math>\mathrm{GF}(16)</math> may be defined as follows; in following formulas, the operations between elements of <math>\mathrm{GF}(2)</math>, represented by Latin letters are the operations in <math>\mathrm{GF}(2)</math>.
<math display="block">
\begin{align}
(a+b\alpha+c\alpha^2+d\alpha^3)+(e+f\alpha+g\alpha^2+h\alpha^3)&=(a+e)+(b+f)\alpha+(c+g)\alpha^2+(d+h)\alpha^3\\
(a+b\alpha+c\alpha^2+d\alpha^3)(e+f\alpha+g\alpha^2+h\alpha^3)&=(ae+bh+cg+df)
+(af+be+bh+cg+df +ch+dg)\alpha\;+\\
&\quad\;(ag+bf+ce +ch+dg+dh)\alpha^2
+(ah+bg+cf+de +dh)\alpha^3
\end{align}
</math>

The field <math>\mathrm{GF}(16)</math> has eight [[primitive element (finite field)|primitive elements]] (the elements that have all nonzero elements of <math>\mathrm{GF}(16)</math> as integer powers). These elements are the four roots of <math>X^4+X+1</math> and their [[multiplicative inverse]]s. In particular, <math>\alpha</math> is a primitive element, and the primitive elements are <math>\alpha^m</math> with <math>m</math> less than and [[coprime]] with <math>15</math> (that is, 1, 2, 4, 7, 8, 11, 13, 14).

== Multiplicative structure ==

The set of non-zero elements in <math>\mathrm{GF}(q)</math> is an [[abelian group]] under the multiplication, of order <math>q-1</math>. By [[Lagrange's theorem (group theory)|Lagrange's theorem]], there exists a divisor <math>k</math> of <math>q-1</math> such that <math>x^k=1</math> for every non-zero <math>x</math> in <math>\mathrm{GF}(q)</math>. As the equation <math>x^k=1</math> has at most <math>k</math> solutions in any field, <math>q-1</math> is the lowest possible value for <math>k</math>.
The [[Abelian group#Classification|structure theorem of finite abelian groups]] implies that this multiplicative group is [[cyclic group|cyclic]], that is, all non-zero elements are powers of a single element. In summary:

{{block indent | em = 1.5 | text = ''The multiplicative group of the non-zero elements in'' <math>\mathrm{GF}(q)</math> ''is cyclic, i.e.,  there exists an element'' <math>a</math>, ''such that the'' <math>q-1</math> ''non-zero elements of'' <math>\mathrm{GF}(q)</math> ''are'' <math>a,a^2,\ldots,a^{q-2},a^{q-1}=1</math>.}}

Such an element <math>a</math> is called a [[primitive element (finite field)|primitive element]] of <math>\mathrm{GF}(q)</math>. Unless <math>q=2,3</math>, the primitive element is not unique. The number of primitive elements is <math>\phi(q-1)</math> where <math>\phi</math> is [[Euler's totient function]].

The result above implies that <math>x^q=x</math> for every <math>x</math> in <math>\mathrm{GF}(q)</math>. The particular case where <math>q</math> is prime is [[Fermat's little theorem]].

=== Discrete logarithm ===

If <math>a</math> is a primitive element in <math>\mathrm{GF}(q)</math>, then for any non-zero element <math>x</math> in <math>F</math>, there is a unique integer <math>n</math> with <math>0 \le n \le q-2</math> such that <math>x=a^n</math>.
This integer <math>n</math> is called the [[discrete logarithm]] of <math>x</math> to the base <math>a</math>.

While <math>a^n</math> can be computed very quickly, for example using [[exponentiation by squaring]], there is no known efficient algorithm for computing the inverse operation, the discrete logarithm. This has been used in various [[cryptographic protocol]]s, see ''[[Discrete logarithm]]'' for details.

When the nonzero elements of <math>\mathrm{GF}(q)</math> are represented by their discrete logarithms, multiplication and division are easy, as they reduce to addition and subtraction modulo <math>q-1</math>. However, addition amounts to computing the discrete logarithm of <math>a^m+a^n</math>. The identity 
<math display="block">a^m+a^n=a^n\left(a^{m-n}+1\right)</math>
allows one to solve this problem by constructing the table of the discrete logarithms of <math>a^n+1</math>, called [[Zech's logarithm]]s, for <math>n=0,\ldots,q-2</math> (it is convenient to define the discrete logarithm of zero as being <math>-\infty</math>).

Zech's logarithms are useful for large computations, such as [[linear algebra]] over medium-sized fields, that is, fields that are sufficiently large for making natural algorithms inefficient, but not too large, as one has to pre-compute a table of the same size as the order of the field.

=== Roots of unity ===

Every nonzero element of a finite field is a [[root of unity]], as <math>x^{q-1}=1</math> for every nonzero element of <math>\mathrm{GF}(q)</math>.

If <math>n</math> is a positive integer, an <math>n</math>th '''primitive root of unity''' is a solution of the equation <math>x^n=1</math> that is not a solution of the equation <math>x^m=1</math> for any positive integer <math>m<n</math>. If <math>a</math> is a <math>n</math>th primitive root of unity in a field <math>F</math>, then <math>F</math> contains all the <math>n</math> roots of unity, which are <math>1,a,a^2,\ldots,a^{n-1}</math>.

The field <math>\mathrm{GF}(q)</math> contains a <math>n</math>th primitive root of unity if and only if <math>n</math> is a divisor of <math>q-1</math>; if <math>n</math> is a divisor of <math>q-1</math>, then the number of primitive <math>n</math>th roots of unity in <math>\mathrm{GF}(q)</math> is <math>\phi(n)</math> ([[Euler's totient function]]). The number of <math>n</math>th roots of unity in <math>\mathrm{GF}(q)</math> is <math>\mathrm{gcd}(n,q-1)</math>.

In a field of characteristic <math>p</math>, every <math>np</math>th root of unity is also a <math>n</math>th root of unity. It follows that primitive <math>np</math>th roots of unity never exist in a field of characteristic <math>p</math>.

On the other hand, if <math>n</math> is [[coprime]] to <math>p</math>, the roots of the <math>n</math>th [[cyclotomic polynomial]] are distinct in every field of characteristic <math>p</math>, as this polynomial is a divisor of <math>X^n-1</math>, whose [[discriminant]] <math>n^n</math> is nonzero modulo <math>p</math>. It follows that the <math>n</math>th [[cyclotomic polynomial]] factors over <math>\mathrm{GF}(q)</math> into distinct irreducible polynomials that have all the same degree, say <math>d</math>, and that <math>\mathrm{GF}(p^d)</math> is the smallest field of characteristic <math>p</math> that contains the <math>n</math>th primitive roots of unity.

When computing [[Modular representation theory|Brauer characters]], one uses the map <math>\alpha^k \mapsto \exp(2\pi i k / (q-1))</math> to map eigenvalues of a representation matrix to the complex numbers. Under this mapping, the base subfield <math>\mathrm{GF}(p)</math> consists of evenly spaced points around the unit circle (omitting zero).

[[File:Finite field with 25 elements and base subfield of five elements.jpg|thumb|300px|Finite field F_25 under map to complex roots of unity. Base subfield F_5 in red.]]

=== Example: GF(64) ===
The field <math>\mathrm{GF}(64)</math> has several interesting properties that smaller fields do not share: it has two subfields such that neither is contained in the other; not all generators (elements with [[Minimal polynomial (field theory)|minimal polynomial]] of degree <math>6</math> over <math>\mathrm{GF}(2)</math>) are primitive elements; and the primitive elements are not all conjugate under the [[Galois group]].

The order of this field being {{math|2<sup>6</sup>}}, and the divisors of {{math|6}} being {{math|1, 2, 3, 6}}, the subfields of {{math|GF(64)}} are {{math|GF(2)}}, {{math|1=GF(2<sup>2</sup>) = GF(4)}}, {{math|1=GF(2<sup>3</sup>) = GF(8)}}, and {{math|GF(64)}} itself. As {{math|2}} and {{math|3}} are [[coprime]], the intersection of {{math|GF(4)}} and {{math|GF(8)}} in {{math|GF(64)}} is the prime field {{math|GF(2)}}.

The union of {{math|GF(4)}} and {{math|GF(8)}} has thus {{math|10}} elements. The remaining {{math|54}} elements of {{math|GF(64)}} generate {{math|GF(64)}} in the sense that no other subfield contains any of them. It follows that they are roots of irreducible polynomials of degree {{math|6}} over {{math|GF(2)}}. This implies that, over {{math|GF(2)}}, there are exactly {{math|1=9 = {{sfrac|54|6}}}} irreducible [[monic polynomial]]s of degree {{math|6}}. This may be verified by factoring {{math|''X''<sup>64</sup> − ''X''}} over {{math|GF(2)}}.

The elements of {{math|GF(64)}} are primitive <math>n</math>th roots of unity for some <math>n</math> dividing <math>63</math>. As the 3rd and the 7th roots of unity belong to {{math|GF(4)}} and {{math|GF(8)}}, respectively, the {{math|54}} generators are primitive {{math|''n''}}th roots of unity for some {{math|''n''}} in {{math|{9, 21, 63}<nowiki/>}}. [[Euler's totient function]] shows that there are {{math|6}} primitive {{math|9}}th roots of unity, <math>12</math> primitive <math>21</math>st roots of unity, and <math>36</math> primitive {{math|63}}rd roots of unity. Summing these numbers, one finds again <math>54</math> elements.

By factoring the [[cyclotomic polynomial]]s over <math>\mathrm{GF}(2)</math>, one finds that:
* The six primitive <math>9</math>th roots of unity are roots of <math display="block">X^6+X^3+1,</math> and are all conjugate under the action of the Galois group.
* The twelve primitive <math>21</math>st roots of unity are roots of <math display="block">(X^6+X^4+X^2+X+1)(X^6+X^5+X^4+X^2+1).</math> They form two orbits under the action of the Galois group. As the two factors are [[reciprocal polynomial|reciprocal]] to each other, a root and its (multiplicative) inverse do not belong to the same orbit.
* The <math>36</math> primitive elements of <math>\mathrm{GF}(64)</math> are the roots of <math display="block">(X^6+X^4+X^3+X+1)(X^6+X+1)(X^6+X^5+1)(X^6+X^5+X^3+X^2+1)(X^6+X^5+X^2+X+1)(X^6+X^5+X^4+X+1).</math> They split into six orbits of six elements each under the action of the Galois group.

This shows that the best choice to construct <math>\mathrm{GF}(64)</math> is to define it as {{math|GF(2)[''X''] / (''X''<sup>6</sup> + ''X'' + 1)}}. In fact, this generator is a primitive element, and this polynomial is the irreducible polynomial that produces the easiest Euclidean division.

== Frobenius automorphism and Galois theory ==

In this section, <math>p</math> is a prime number, and <math>q=p^n</math> is a power of <math>p</math>.

In <math>\mathrm{GF}(q)</math>, the identity {{math|1=(''x'' + ''y'')<sup>''p''</sup> = ''x<sup>p</sup>'' + ''y<sup>p</sup>''}} implies that the map
<math display="block"> \varphi:x \mapsto x^p</math>
is a <math>\mathrm{GF}(p)</math>-[[linear map|linear endomorphism]] and a [[field automorphism]] of <math>\mathrm{GF}(q)</math>, which fixes every element of the subfield <math>\mathrm{GF}(p)</math>. It is called the [[Frobenius automorphism]], after [[Ferdinand Georg Frobenius]].

Denoting by {{math|''φ<sup>k</sup>''}} the [[function composition|composition]] of {{math|''φ''}} with itself {{math|''k''}} times, we have 
<math display="block"> \varphi^k:x \mapsto x^{p^k}.</math>
It has been shown in the preceding section that {{math|''φ''<sup>''n''</sup>}} is the identity. For {{math|0 < ''k'' < ''n''}}, the automorphism {{math|''φ''<sup>''k''</sup>}} is not the identity, as, otherwise, the polynomial 
<math display="block">X^{p^k}-X</math>
would have more than {{math|''p<sup>k</sup>''}} roots.

There are no other {{math|GF(''p'')}}-automorphisms of {{math|GF(''q'')}}. In other words, {{math|GF(''p<sup>n</sup>'')}} has exactly {{math|''n''}} {{math|GF(''p'')}}-automorphisms, which are 
<math display="block">\mathrm{Id}=\varphi^0, \varphi, \varphi^2, \ldots, \varphi^{n-1}.</math>

In terms of [[Galois theory]], this means that {{math|GF(''p''<sup>''n''</sup>)}} is a [[Galois extension]] of {{math|GF(''p'')}}, which has a [[cyclic group|cyclic]] Galois group.

The fact that the Frobenius map is surjective implies that every finite field is [[perfect field|perfect]].

== Polynomial factorization ==
{{main|Factorization of polynomials over finite fields}}
If {{math|''F''}} is a finite field, a non-constant [[monic polynomial]] with coefficients in {{math|''F''}} is [[irreducible polynomial|irreducible]] over {{math|''F''}}, if it is not the product of two non-constant monic polynomials, with coefficients in {{math|''F''}}.

As every [[polynomial ring]] over a field is a [[unique factorization domain]], every monic polynomial over a finite field may be factored in a unique way (up to the order of the factors) into a product of irreducible monic polynomials.

There are efficient algorithms for testing polynomial irreducibility and factoring polynomials over finite fields. They are a key step for factoring polynomials over the integers or the [[rational numbers]]. At least for this reason, every [[computer algebra system]] has functions for factoring polynomials over finite fields, or, at least, over finite prime fields.

=== Irreducible polynomials of a given degree ===
The polynomial
<math display="block">X^q-X</math> 
factors into linear factors over a field of order {{math|''q''}}. More precisely, this polynomial is the product of all monic polynomials of degree one over a field of order {{math|''q''}}.

This implies that, if {{math|1=''q'' = ''p<sup>n</sup>''}} then {{math|''X<sup>q</sup>'' − ''X''}} is the product of all monic irreducible polynomials over {{math|GF(''p'')}}, whose degree divides {{math|''n''}}. In fact, if {{math|''P''}} is an irreducible factor over {{math|GF(''p'')}} of {{math|''X<sup>q</sup>'' − ''X''}}, its degree divides {{math|''n''}}, as its [[splitting field]] is contained in {{math|GF(''p''<sup>''n''</sup>)}}. Conversely, if {{math|''P''}} is an irreducible monic polynomial over {{math|GF(''p'')}} of degree {{math|''d''}} dividing {{math|''n''}}, it defines a field extension of degree {{math|''d''}}, which is contained in {{math|GF(''p''<sup>''n''</sup>)}}, and all roots of {{math|''P''}} belong to {{math|GF(''p''<sup>''n''</sup>)}}, and are roots of {{math|''X<sup>q</sup>'' − ''X''}}; thus {{math|''P''}} divides {{math|''X<sup>q</sup>'' − ''X''}}. As {{math|''X<sup>q</sup>'' − ''X''}} does not have any multiple factor, it is thus the product of all the irreducible monic polynomials that divide it.

This property is used to compute the product of the irreducible factors of each degree of polynomials over {{math|GF(''p'')}}; see ''[[Distinct degree factorization]]''.

=== Number of monic irreducible polynomials of a given degree over a finite field ===
The number {{math|''N''(''q'', ''n'')}} of monic irreducible polynomials of degree {{math|''n''}} over 
{{math|GF(''q'')}} is given by<ref>{{harvnb|Jacobson|2009|loc=§4.13}}</ref>
<math display="block">N(q,n)=\frac{1}{n}\sum_{d\mid n} \mu(d)q^{n/d},</math>
where {{math|''μ''}} is the [[Möbius function]]. This formula is an immediate consequence of the property of {{math|''X''<sup>''q''</sup> − ''X''}} above and the [[Möbius inversion formula]].

By the above formula, the number of irreducible (not necessarily monic) polynomials of degree {{math|''n''}} over {{math|GF(''q'')}} is {{math|(''q'' − 1)''N''(''q'', ''n'')}}.

The exact formula implies the inequality
<math display="block">N(q,n)\geq\frac{1}{n} \left(q^n-\sum_{\ell\mid n, \ \ell \text{ prime}} q^{n/\ell}\right);</math>
this is sharp if and only if {{math|''n''}} is a power of some prime.
For every {{math|''q''}} and every {{math|''n''}}, the right hand side is positive, so there is at least one irreducible polynomial of degree {{math|''n''}} over {{math|GF(''q'')}}.

== Applications ==
In [[cryptography]], the difficulty of the [[discrete logarithm problem]] in finite fields or in [[elliptic curves]] is the basis of several widely used protocols, such as the [[Diffie–Hellman]] protocol. For example, in 2014, a secure internet connection to Wikipedia involved the elliptic curve Diffie–Hellman protocol ([[ECDHE]]) over a large finite field.<ref>This can be verified by looking at the information on the page provided by the browser.</ref> In [[coding theory]], many codes are constructed as [[linear subspace|subspace]]s of [[vector space]]s over finite fields.

Finite fields are used by many [[error correction code]]s, such as [[Reed–Solomon error correction|Reed–Solomon error correction code]] or [[BCH code]].  The finite field almost always has characteristic of {{math|2}}, since computer data is stored in binary.  For example, a byte of data can be interpreted as an element of {{math|GF(2<sup>8</sup>)}}. One exception is [[PDF417]] bar code, which is {{math|GF(929)}}. Some CPUs have special instructions that can be useful for finite fields of characteristic {{math|2}}, generally variations of [[carry-less product]].

Finite fields are widely used in [[number theory]], as many problems over the integers may be solved by reducing them [[modular arithmetic|modulo]] one or several [[prime number]]s. For example, the fastest known algorithms for [[polynomial factorization]] and [[linear algebra]] over the field of [[rational number]]s proceed by reduction modulo one or several primes, and then reconstruction of the solution by using [[Chinese remainder theorem]], [[Hensel lifting]] or the [[LLL algorithm]].

Similarly many theoretical problems in number theory can be solved by considering their reductions modulo some or all prime numbers. See, for example, ''[[Hasse principle]]''. Many recent developments of [[algebraic geometry]] were motivated by the need to enlarge the power of these modular methods. [[Wiles' proof of Fermat's Last Theorem]] is an example of a deep result involving many mathematical tools, including finite fields.

The [[Weil conjectures]] concern the number of points on [[Algebraic variety|algebraic varieties]] over finite fields and the theory has many applications including [[Exponential sum|exponential]] and [[character sum]] estimates.

Finite fields have widespread application in [[combinatorics]], two well known examples being the definition of [[Paley graph|Paley Graphs]] and the related construction for [[Paley construction|Hadamard Matrices]]. In [[arithmetic combinatorics]] finite fields<ref>{{Citation|last=Shparlinski|first=Igor E.|chapter=Additive Combinatorics over Finite Fields: New Results and Applications|publisher=DE GRUYTER|isbn=9783110283600|doi=10.1515/9783110283600.233|title=Finite Fields and Their Applications| year=2013|pages=233–272}}</ref> and finite field models<ref>{{Citation|last=Green|first=Ben|chapter=Finite field models in additive combinatorics|pages=1–28|publisher=Cambridge University Press|isbn=9780511734885| doi=10.1017/cbo9780511734885.002| title=Surveys in Combinatorics 2005|year=2005|arxiv=math/0409420|s2cid=28297089}}</ref><ref>{{Cite journal|last=Wolf|first=J.| date=March 2015|title=Finite field models in arithmetic combinatorics – ten years on|journal=Finite Fields and Their Applications | volume=32|pages=233–274|doi=10.1016/j.ffa.2014.11.003|issn=1071-5797|doi-access=free|hdl=1983/d340f853-0584-49c8-a463-ea16ee51ce0f|hdl-access=free}}</ref> are used extensively, such as in [[Szemerédi's theorem]] on arithmetic progressions.

== Extensions ==
=== Wedderburn's little theorem ===
A [[division ring]] is a generalization of field. Division rings are not assumed to be commutative. There are no non-commutative finite division rings: [[Wedderburn's little theorem]] states that all finite [[division ring]]s are commutative, and hence are finite fields. This result holds even if we relax the [[associativity]] axiom to [[alternativity]], that is, all finite [[alternative division ring]]s are finite fields, by the [[Artin–Zorn theorem]].<ref>{{cite book | last=Shult | first=Ernest E. | title=Points and lines. Characterizing the classical geometries | series=Universitext | location=Berlin | publisher=[[Springer-Verlag]] | year=2011 | isbn=978-3-642-15626-7 | zbl=1213.51001 | page=123 }}</ref>

=== Algebraic closure ===
A finite field <math>F</math> is not algebraically closed: the polynomial
<math display="block">f(T) = 1+\prod_{\alpha \in F} (T-\alpha),</math>
has no roots in <math>F</math>, since {{math|1=''f''&thinsp;(''α'') = 1}} for all <math>\alpha</math> in <math>F</math>.

Given a prime number {{mvar|p}}, let <math>\overline{\mathbb{F}}_p</math> be an algebraic closure of <math>\mathbb{F}_p.</math> It is not only unique [[up to]] an isomorphism, as do all algebraic closures, but contrarily to the general case, all its subfield are fixed by all its automorphisms, and it is also the algebraic closure of all finite fields of the same characteristic {{mvar|p}}.

This property results mainly from the fact that the elements of <math>\mathbb F_{p^n}</math> are exactly the roots of <math>x^{p^n}-x,</math> and this defines an inclusion <math>\mathbb \mathbb F_{p^n}\subset \mathbb F_{p^{nm}} </math> for <math>m>1.</math> These inclusions allow writing informally <math display="block">\overline{\mathbb{F}}_p = \bigcup_{n \ge 1} \mathbb{F}_{p^n}.</math> The formal validation of this notation results from the fact that the above field inclusions form a [[directed set]] of fields; Its [[direct limit]] is <math>\overline{\mathbb{F}}_p,</math> which may thus be considered as "directed union".

====Primitive elements in the algebraic closure====

Given a [[primitive element (field theory)|primitive element]] <math>g_{mn}</math> of <math>\mathbb{F}_{q^{mn}},</math> then <math>g_{mn}^m</math> is a primitive element of <math>\mathbb{F}_{q^{n}}.</math>

For explicit computations, it may be useful to have a coherent choice of the primitive elements for all finite fields; that is, to choose the primitive element <math>g_{n}</math> of <math>\mathbb{F}_{q^{n}}</math> in order that, whenever <math>n=mh,</math> one has <math>g_{m}=g_n^h,</math> where <math>g_{m}</math> is the primitive element already chosen for <math>\mathbb{F}_{q^{m}}.</math>

Such a construction may be obtained by [[Conway polynomial (finite fields)|Conway polynomials]].

==== Quasi-algebraic closure ====
Although finite fields are not algebraically closed, they are [[Quasi-algebraically closed field|quasi-algebraically closed]], which means that every [[homogeneous polynomial]] over a finite field has a non-trivial zero whose components are in the field if the number of its variables is more than its degree. This was a conjecture of [[Emil Artin|Artin]] and [[Leonard Eugene Dickson|Dickson]] proved by [[Claude Chevalley|Chevalley]] (see ''[[Chevalley–Warning theorem]]'').

== See also ==
* [[Elementary abelian group]]
* [[Field with one element]]
* [[Finite field arithmetic]]
* [[Finite ring]]
* [[Finite group]]
* [[Galois ring]]
* [[Hamming space]]
* [[Quasi-finite field]]

== Notes ==
{{Reflist|colwidth=30em}}

== References ==
{{refbegin}}
* W. H. Bussey (1905) "Galois field tables for {{nowrap|''p''<sup>''n''</sup> ≤ 169}}", [[Bulletin of the American Mathematical Society]] 12(1): 22–38,  {{doi|10.1090/S0002-9904-1905-01284-2}}
* W. H. Bussey (1910) "Tables of Galois fields of order < 1000", ''Bulletin of the American Mathematical Society'' 16(4): 188–206, {{doi|10.1090/S0002-9904-1910-01888-7}}
* {{citation
| last=Jacobson
| first=Nathan
| author-link=Nathan Jacobson
| title=Basic algebra I
| year=2009
| edition=Second
| publisher=Dover Publications
| isbn=978-0-486-47189-1
| orig-year=1985
}}
* {{citation
| last1=Mullen
| first1=Gary L.
| last2=Mummert
| first2=Carl
| title=Finite Fields and Applications I
| year=2007
| publisher=Student Mathematical Library (AMS)
| isbn=978-0-8218-4418-2
}}
* {{citation|first1=Gary L.|last1=Mullen|first2=Daniel|last2=Panario|title=Handbook of Finite Fields|year=2013|publisher=CRC Press|isbn=978-1-4398-7378-6}}
* {{Citation | last1=Lidl | first1=Rudolf | last2=Niederreiter | first2=Harald | author2-link=Harald Niederreiter | title=Finite Fields | edition=2nd | year=1997 | publisher=[[Cambridge University Press]] | isbn=0-521-39231-4 | url-access=registration | url=https://archive.org/details/finitefields0000lidl_a8r3 }}
* {{SpringerEOM
 |title=Galois field
 |id=Galois_field&oldid=34238
 |author-last1=Skopin
 |author-first1=A. I.
}}
{{refend}}

== External links ==
* [http://mathworld.wolfram.com/FiniteField.html Finite Fields] at Wolfram research.
* [https://www.sciencedirect.com/journal/finite-fields-and-their-applications ''Finite Fields and Their Applications'', Science Direct, (Open Access Journal).]

{{Authority control}}

{{DEFAULTSORT:Finite Field}}
[[Category:Finite fields| ]]