algebra ii - uwasalipas.uwasa.fi/~mamo/algebraiien.pdf · algebra ii 7 prof.o let m2z. by the...
TRANSCRIPT
ALGEBRA II
1
2 ALGEBRA II
Contents
1. Results from elementary number theory 3
2. Groups 4
2.1. De�nition, Subgroup, Order of an element 4
2.2. Equivalence relation, Lagrange's theorem, Cyclic group 9
2.3. Homomorphism, Factor group, First isomorphism theorem 12
3. Rings and �elds 15
3.1. Ring, Integral domain, Field, Characteristic 15
3.2. Subring, Ideal, Residue class ring, Finite �eld Fp 17
4. Polynomials 20
4.1. Divisibility in F [x] 22
4.2. Residue class ring F [x]/(f) 25
5. Field extensions 27
6. Finite �elds 33
7. A brief introduction to the error correcting block codes 38
7.1. Cyclic codes 43
ALGEBRA II 3
1. Results from elementary number theory
Recall the division algorithm: for a, d ∈ Z (d 6= 0), there exist unique q, r ∈ Zsuch that
a = qd+ r, 0 ≤ r ≤ |d|
If the remainder r = 0 we say that d divides a (or is a factor of a) and write d | a.We use the notation a mod d for the remainder r.
An integer p > 1 is a prime number if it has only the trivial factors ±1,±p.
Theorem 1.1 (Fundamental Theorem of Arithmetics). Let n > 1 be an integer.
There exist unique prime numbers p1, . . . , pt such that n = p1p2 · · · pt.
Theorem 1.2.
(1) a | a ∀a ∈ N.
(2) a | b and b | a ⇒ a = ±b ∀a, b ∈ N.
(3) a | b and b | c ⇒ a | c ∀a, b ∈ N and c ∈ Z.(4) c | a and c | b ⇒ c | (au+ bv) ∀a, b, u, v ∈ Z and c ∈ N.
De�nition 1.1. Let a, b ∈ Z (b 6= 0). Integer d is a common factor of a and b if it is
a factor of a and b. The greatest common divisor gcd(a, b) of a and b is the greatest
element in the set of common factors of a
The greatest common divisor gcd(a, b) can be calculated by the Euclidean algo-
rithm:
a = q1b+ r1, 0 < r1 < b
b = q2r1 + r2, 0 < r2 < r1
r1 = q3r2 + r3, 0 < r3 < r2...
rn−2 = qnrn−1 + rn, 0 < rn < rn−1
rn−1 = qn+1rn + 0
Here, the last nonzero remainder rn = gcd(a, b).
Theorem 1.3. Let a, b ∈ Z (b 6= 0). There exists u, v ∈ Z such that gcd(a, b) =
au+ bv.
4 ALGEBRA II
De�nition 1.2. Let a, b, n ∈ Z (n > 0). If n is a factor of a − b we say that a is
congruent to b modulo n if a ≡ b (n).
Theorem 1.4. Let a, b, c, d, n ∈ Z (n > 0). Then
(1) a ≡ b (n) and c ≡ d (n) ⇒ a+ c ≡ b+ d (n).
(2) a ≡ b (n) and c ≡ d (n) ⇒ ac ≡ bd (n).
(3) gcd(a, n) = 1 and ab ≡ ac (n)⇒ b ≡ c (n).
(4) a ≡ b (n)⇔ a mod n = b mod n.
Theorem 1.5. Let a, b, n ∈ Z (n > 0). The congruence
(1) ax ≡ b (n)
is solvable if and only if gcd(a, n) | b. The solutions of (1) in the interval [0, n− 1]
are
x0, x0 + nd, x0 + 2n
d, . . . , x0 + (d− 1)n
d,
where d = gcd(a, n), and x0 is the unique solution of
(2) adx ≡ b
d(nd)
in the interval [0, n/d− 1].
Moreover, any solution of (1) is congruent to x0 +k ndfor some k ∈ {0, . . . , d−1}.
Remark 1.1. We show how Euclidean algorithm can be used to �nd the solution
x0 of (2). Since gcd(ad, nd) = 1, Theorem 1.3 implies that
adu+ n
dv = 1
for some u, v ∈ Z. Multiply both sides by bdto get
ad(u b
d) ≡ b
d(nd).
It now follows from Theorem 1.4 (4) that x0 is equal to the remainder u bdmod n
d.
2. Groups
2.1. De�nition, Subgroup, Order of an element.
De�nition 2.1. Let S be a set and let S×S = {(a, b) | a, b ∈ S} (the set of orderedpairs (a, b) with a, b ∈ S). A function S × S → S is called a binary operation on S.
De�nition 2.2. Let G be a non-empty set and ∗ a binary operation on G. The
pair (G, ∗) is called a group if the following three properties hold:
ALGEBRA II 5
(1) ∗ is associative, that is, for any a, b, c ∈ G,
a ∗ (b ∗ c) = (a ∗ b) ∗ c.
(2) There is an identity (or unity) element e in G such that for all a ∈ G,
a ∗ e = e ∗ a = a.
(3) For each a ∈ G, there exists an inverse element a−1 in G such that
a ∗ a−1 = a−1 ∗ a = e.
If the group also satis�es
(4) For all a, b ∈ G,a ∗ b = b ∗ a,
then the group is called abelian or (commutative).
From now on we usually write G instead of (G, ∗) and use multiplicative notation
ab instead of a∗b. Sometimes, especially when G is abelian, we use additive notation
a + b instead of a ∗ b. Respectively, we call G multiplicative or additive. If G is
additive we write −a instead of a−1.
Remark 2.1. It is easy to see that there is only one identity element in G and only
one inverse a−1 for each a in G.
Example 2.1. (Z,+), (Q,+), (R,+), and (C,+) are abelian groups as well as
(R∗, ·) and (C∗, ·). The set of all invertible n × n matrices with entries in R is a
non-abelian group with respect of matrix product.
For n ∈ N and a ∈ G we de�ne the nth power an of a by setting an =
n times︷ ︸︸ ︷aa · · · a.
Moreover, we set a0 = e and a−n = (a−1)n.
It is easy to see that
anam = an+m,(3)
(an)m = anm,
for all n,m ∈ Z.If we use the notation + on G, we write na, the nth multiple of a, instead of an.
Now na = a+ a+ · · ·+ a︸ ︷︷ ︸n times
, if n ∈ N. Moreover, we set 0a = e and (−n)a = n(−a).
6 ALGEBRA II
Now we have,
na+ma = (n+m)a,
m(na) = (mn)a,
for all n,m ∈ Z.
De�nition 2.3. A group G is cyclic if there is an element g in G such that
G = {gj | j ∈ Z}.
Such an element is a generator of G and we write G = 〈g〉.
Remark 2.2. Property (3) implies that any cyclic group is abelian.
Example 2.2. The generators of the additive group Z are 1 and −1.
Consider next some groups with �nite number of elements.
De�nition 2.4. A group is called �nite (resp. in�nite) if it contains �nitely (resp.
in�nitely) many elements. The number of elements in a �nite group is called its
order. We write |G| for the order of the �nite group G.
Let a, n ∈ Z (n > 0). The residue class a of a modulo n is the set
a := {b ∈ Z | b ≡ a (n)}.
Each element in a is called a representative of a.
Lemma 2.1. Let a, b, n ∈ Z (n > 0). Then
a ≡ b (n)⇔ a ∩ b 6= ∅ ⇔ a = b.
Proof. The �rst equivalence is obvious since c ∈ a ∩ b ⇔ a ≡ c ≡ b (n).
The implication a = b ⇒ a ∩ b 6= ∅ is obvious too, and hence we only need to
prove: a ∩ b 6= ∅ ⇒ a = b.
So, assume c ∈ a ∩ b, and let d ∈ a. Now d ≡ a ≡ c ≡ b (n) and therefore d ∈ b.Hence, a ⊆ b. By the symmetry we also have b ⊆ a. �
Theorem 2.1. The set Zn := {0, 1, . . . , n− 1} of residue classes modulo n forms a
partition of Z, i.e.Z = 0 ∪ 1 ∪ · · · ∪ n− 1,
where the residue classes are pairwise distinct.
ALGEBRA II 7
Proof. Let m ∈ Z. By the division algorithm m ≡ r (n), with 0 ≤ r ≤ n−1. Hence,
m belongs to the union. Obviously the union is a subset of Z.The residue classes are pairwise distinct by the �rst equivalence in Lemma 2.1. �
Now de�ne the two binary operations, the addition + and the multiplication ·, onZn by setting
a+ b = a+ b,
a · b = ab,
where a, b are any representatives of the respective sets a and b.
Remark 2.3. It is easy to see that + and · are well-de�ned i.e. a+ b and a · b areindependent of the choice of the representatives of a and b.
Theorem 2.2. (Zn,+) is a �nite cyclic group.
Proof. (Sketch.) (1) The associativity follows from the de�nition of + on Zn and
the associativity of + on Z. (2) The identity element is 0. (3) The inverse −a of a
is −a. Hence (Zn,+) is a group. It is �nite by the de�nition, and 1 is a generator
for it. �
Example 2.3. The group table of the additive group Z4 is
+ 0 1 2 30 0 1 2 31 1 2 3 02 2 3 0 13 3 0 1 2
Next de�ne the set Z∗n of prime classes modulo n:
Z∗n := {a ∈ Zn | gcd(a, n) = 1}.
Theorem 2.3. (Z∗n, ·) is a �nite abelian group.
Proof. (Sketch.) (1) The associativity follows from the de�nition of · on Zn and the
associativity of · on Z. (2) The identity element is 1. (3) Let a ∈ Z∗n. Now ax = 1
if and only if ax ≡ 1 (n) is solvable. By Theorem 1.5 the congruence is solvable if
gcd(a, n) = 1, and consequently a−1 exists for each a ∈ Z∗n. (4) Since
ab = ab = ba = ba,
8 ALGEBRA II
the multiplicative group Z∗n is abelian. �
Example 2.4. The group table of the multiplicative group Z∗8 is
· 1 3 5 71 1 3 5 73 3 1 7 55 5 7 1 37 7 5 3 1
This group of order 4 is not cyclic, since a2 = 1 for all a ∈ Z∗8.
In the preceding example e.g. the subset {1, 3} is a group. This motivates the
following de�nition.
De�nition 2.5. Let (G, ∗) be a group and let H be a subset of G. If (H, ∗) is group,then it is called a subgroup of (G, ∗).
Every group G has at least two subgroups: {e} and G, the trivial subgroups of G.
Lemma 2.2 (Subgroup criterion). A non-empty set H of a group G is a subgroup
of G if and only if ab−1 ∈ H for all a, b ∈ H.
Proof. Exercise. �
Example 2.5. Z∗8 has subgroups {1, 3}, {1, 5}, {1, 7}. It is easy to see that these
are the only non-trivial subgroups of Z∗8.
Let a be any element of a group G. The set 〈a〉 := {ai | i ∈ Z} is a subgroup of
G by the subgroup criterion. It is called a cyclic subgroup of G.
De�nition 2.6. Let a be an element of a group G. If 〈a〉 is �nite, then its order is
called the order of a. Otherwise, a is called an element of in�nite order.
Theorem 2.4. The order of an element a of a �nite group is the least positive
integer n satisfying an = e.
Proof. Since G is �nite, ai = aj for some 0 < i < j. Hence, aj−i = e. Let n be the
least positive integer with an = e. Let k be any positive integer. Now k = nq + r
for some 0 ≤ r ≤ n− 1, and ak = anqar = ar. Hence 〈a〉 = {1, a, . . . , an−1}, and all
the powers ai with i = 0, . . . , n − 1 are pairwise distinct by the choice of n. Hence
|〈a〉| = n. �
ALGEBRA II 9
2.2. Equivalence relation, Lagrange's theorem, Cyclic group.
Next we generalize the concepts of congruence and residue class modulo n.
De�nition 2.7. Let ∼ be a relation on a set S. It is called an equivalence relation
on S if it has the following three properties
(1) a ∼ a for all a ∈ S (re�exivity).
(2) if a ∼ b then b ∼ a for all a, b ∈ S (symmetry).
(3) if a ∼ b and b ∼ c then a ∼ c for all a, b, c ∈ S (transitivity).
De�nition 2.8. Let ∼ be an equivalence relation on S, and let a ∈ S. The equiva-lence class a of a with respect to ∼ is the set
a := {b ∈ S | b ∼ a}.
Each element in a is a representative of a.
Example 2.6. Clearly the congruence ≡ modulo n is an equivalence relation on Z,and the equivalence class of a ∈ Z with respect to ≡ is the residue class of a modulo
n.
We have analogues of Lemma 2.1 and Theorem 2.1:
Lemma 2.3. Let ∼ be an equivalence relation on S. Then
a ∼ b⇔ a ∩ b 6= ∅ ⇔ a = b.
Proof. We may replace ≡ with ∼ in the proof of Lemma 2.1, since there is used only
the de�ning properties of an equivalence relation. �
Theorem 2.5. Let ∼ be an equivalence relation on S. There exists a subset T of
S such that the set of equivalence classes {t | t ∈ T} with respect to ∼ forms a
partition of G, i.e.
S =⋃t∈T
t,
where the equivalence classes are pairwise distinct.
Proof. Let t ∈ S. Now t ∈ t by the re�exivity. Hence,
S =⋃t∈S
t =⋃
t∈T ′⊆S
t
where a 6= b for all a, b ∈ T ′, a 6= b. By Lemma 2.3 a ∩ b = ∅ for all a, b ∈ T ′, a 6= b.
Hence we may choose T = T ′. �
10 ALGEBRA II
Lemma 2.4. Let H be a subgroup of a group G and de�ne relation ∼ on G as
follows:
a ∼ b⇔ ab−1 ∈ H.Then ∼ is an equivalence relation on G.
Proof. (1) Since aa−1 = 1 ∈ H, a ∼ a. (2) Assume a ∼ b i.e. ab−1 ∈ H. Since H is a
group, the inverse element (ab−1)−1 is also in H. But (ab−1)−1 = ba−1. Hence b ∼ a.
(3) Assume a ∼ b and b ∼ c i.e. ab−1 = h1 and bc−1 = h2 for some h1, h2 ∈ H. Now
ac−1 = a(b−1h2) = a((a−1h1)h2) = (aa−1)(h1h2) ∈ H.
Hence a ∼ c. �
Let a ∈ G. The equivalence class of a with respect the relation ∼ de�ned above
is
a = {b ∈ G | ba−1 ∈ H} = {ha | h ∈ H} =: Ha.
and is called the right coset of a modulo H.
If we had de�ned ∼ as a ∼ b if and only of a−1b ∈ H, then the equivalence class
of a would have been the left coset of a modulo H:
aH := {ah | h ∈ H}.
We consider left cosets and call them just cosets.
Example 2.7. Let n ∈ N, G = (Z,+) and H = 〈n〉. Now the coset of a modulo H
is the set
a+H = {a+ h | h ∈ H} = {a+ nk | k ∈ Z}which is exactly the residue class of a modulo n.
The cardinalities of two cosets modulo H are equal:
Lemma 2.5. Let H be a subgroup of a group G and a ∈ G. Then, the function
f : H → aH, f(x) = ax,
is bijective.
Proof. Let b ∈ aH. Now b = ah for some h ∈ H, and f(h) = b. Hence f is
surjective. It is also injective:
f(h) = f(h′)⇒ ah = ah′ ⇒ h = h′.
�
ALGEBRA II 11
We can now prove an important result:
Theorem 2.6 (Lagrange). Let H be a subgroup of a �nite group G. Then, the order
of H is a factor of order of G.
Proof. By Theorem 2.5 we have partition G =⋃t∈T⊆G tH. By Lemma 2.5, |H| =
|tH| for all t ∈ T , and therefore
|G| =∑t∈T
|tH| = |T | · |H|.
�
Corollary 2.1. Let G be a �nite group. Then, a|G| = e for all a ∈ G.
Proof. Let a ∈ G. By Lagrange's Theorem n := |〈a〉| is a factor |G|, say |G| = nd.
Now, by Theorem 2.4, a|G| = and = (an)d = e. �
Corollary 2.2 (Fermat's little theorem). Let p be a prime number and let a ∈ Z.Then
p - a⇒ ap−1 ≡ 1 (p).
Proof. Since gcd(a, p) = 1, a ∈ Z∗p. Since |Z∗p| = p − 1, Corollary 2.1 implies that
ap−1 = 1, equivalently, ap−1 ≡ 1 (p). �
Theorem 2.7. Let G = 〈g〉 be a cyclic group. Then
(1) each subgroup of H is cyclic.
If, moreover, |G| = n, then
(2) For each factor d of n there exists exactly one subgroup H of G, namely
H = 〈g nd 〉.
Proof. (1) Obviously {e} = 〈e〉. Assume H 6= {e}. The elements of H are of the
form gi, i ∈ Z. Let m be the least positive integer such that gm ∈ H. We show that
H = 〈gm〉.Let gt ∈ H. Now t = qm + r, 0 ≤ r ≤ m − 1, for some q, r ∈ Z, and therefore
gt = gqmgr. Hence, gr = gtg−qm ∈ H. By the minimality of m we must have r = 0,
and therefore gt = gqm ∈ 〈gm〉.(2) Let H be a subgroup of G. If H is trivial we are done. Assume H is non-
trivial. By (1) H = 〈gt〉 for some t ∈ Z, t > 0. Write t = dt′, where d = gcd(t, n).
We show that H = 〈gd〉.
12 ALGEBRA II
Obviously, H ⊆ 〈gd〉. So, we only need to prove that gd ∈ H. Since gcd(t′, n) = 1,
we have t′x0 ≡ 1 (n), for some x0 ∈ Z. Now (gt)x0 = (gdt′)x0 = (gd)t
′x0 = (gd)1+kn
for some integer k. Now, by Corollary 2.1, we get (gt)x0 = gd(gdk)n = gd, and
therefore gd ∈ H. �
Example 2.8. The subgroups of the additive group Z15 are {0}, 〈1〉 = Z15, 〈3〉 =
{0, 3, 6, 9, 12}, and 〈5〉 = {0, 5, 10}.
2.3. Homomorphism, Factor group, First isomorphism theorem.
When comparing the structures of two groups, functions between the groups which
preserve the operations paly an important role.
De�nition 2.9. Let (G, ∗) and (G′, ◦) be groups. A function f : G → G′ is called
a homomorphism if it satis�es the following property:
f(a ∗ b) = f(a) ◦ f(b) ∀a, b ∈ G.
A homomorphism which is also bijection is called an isomorphism. If there is an
isomorphism between G and G′, then they are said to be isomorphic and this is
denoted by G ' G′.
Example 2.9. The groups (R,+) and (R>0, ·), where R>0 is the set of positive real
numbers, are isomorphic since the exponential function f(x) = ex is an isomorphism
from (R,+) onto (R>0, ·).
Lemma 2.6. Let f : G → G′ be a homomorphism, and let e and e′ be the identity
elements of G and G′. Then
(1) f(e) = e′
(2) f(a)−1 = f(a−1) for all a ∈ G.
Proof. (1) f(e) = f(e ∗ e) = f(e) ◦ f(e). Hence, f(e) = e′.
(2) f(a) ◦ f(a−1) = f(a ∗ a−1) = f(e)
(1)︷︸︸︷= e′. Hence, the inverse of f(a) equals
f(a−1). �
De�nition 2.10. The kernel kerf of a homomorphism f : G→ G′ is the set of all
inverse images of e′ under f i.e.
kerf = {a ∈ G | f(a) = e′}.
ALGEBRA II 13
The image imf of f is the value set of f i.e.
imf = {f(a) | a ∈ G}.
Lemma 2.7. The kernel of a homomorphism f : G → G′ is a subgroup of G, and
the image of f is a subgroup of G′.
Proof. By Lemma 2.6 (1), f(e) = e′ and therefore kerf 6= ∅. Let a, b ∈ kerf . Now
f(a∗b−1) = f(a)◦f(b−1) = f(a)◦f(b)−1 = e′◦e′−1 = e′◦e′ = e′. Hence ab−1 ∈ kerf .
Now, by the subgroup criterion kerf is subgroup of G.
Let c, d ∈ imf . Now c = f(a) and d = f(b) for some elements a, b ∈ G. Now
cd−1 = f(a)f(b)−1 = f(a)f(b−1) = f(ab−1). Hence, cd−1 ∈ imf . �
Theorem 2.8. Let f : G → G′ be a homomorphism, and let H = kerf . The set
G/H of cosets modulo H is a group with respect the operation · de�ned by
aH · bH = abH.
Proof. First we show that the operation is well de�ned i.e. we show that if aH = a′H
and bH = b′H, then a′H · b′H = aH · bH.
If aH = a′H and bH = b′H, then a′H · b′H = a′b′H = ah1bh2H for some
h1, h2 ∈ H. We need to show that ah1bh2H = abH, or equivalently, that h1b = bh3
for some h3 ∈ H (by Lemmas 2.3 and 2.4). Since f(b−1h1b) = f(b)−1f(h)f(b) =
f(b)−1f(b) = e′, we have b−1h1b = h3 for some h3 ∈ H.
The associativity follows from the associativity of the operation of G, the identity
element is H and the inverse element of aH is a−1H. �
Note that if H is a subgroup of G satisfying bH = Hb for all b ∈ G, then the
proof above shows that the set G/H of cosets modulo H is a group.
De�nition 2.11. Let H be a subgroup of G. If aH = Ha for all a ∈ G, then H is
said to be normal in G.
Now we can generalize the preceding theorem:
Theorem 2.9. Let H be a normal subgroup of G. Then (G/H, ·) is a group.
De�nition 2.12. The group (G/H, ·) is called a factor group of G modulo H.
14 ALGEBRA II
Example 2.10. Z∗7 is an abelian group and therefore each of its subgroups is normal.
Consider e.g. the factor group Z∗7/〈6〉. The cosets modulo 〈6〉 are
¯1 = 〈6〉 = {1, 6}, ¯2 = 2〈6〉 = {2, 5}, ¯3 = 3〈6〉 = {3, 4},
and the group table of Z∗7/〈6〉 is
· ¯1 ¯2 ¯3¯1 ¯1 ¯2 ¯3¯2 ¯2 ¯3 ¯1¯3 ¯3 ¯1 ¯2
Example 2.11. Let n ∈ Z, n > 0. Obviously f : (Z,+) → Zn, f(a) = a, is a
homomorphism. Now kerf = 〈n〉. The function F : Z/〈n〉 → Zn, F (a + 〈n〉) = a is
an isomorphism.
The example above can be generalized:
Theorem 2.10 (First homomorphism theorem). Let f : G → G′ be a homomor-
phism. Then the function
F : G/kerf → im(f), F (aH) = f(a)
is an isomorphism.
Proof. Let H = kerf . We �rst show that F is well de�ned. Let aH = a′H. Now
a = a′h for some h ∈ H, and therefore f(a) = f(a′h) = f(a′)f(h) = f(a′). Hence
F (aH) = f(a) = f(a′) = F (a′H).
Let c ∈ imf . Now c = f(a) for some a ∈ G, and therefore F (aH) = f(a) = c.
Hence, F is surjective. It is injective too:
F (aH) = F (bH)⇒ f(a) = f(b)⇒ f(ab−1) = f(a)f(b)−1 = e′
⇒ ab−1 ∈ H ⇒ aH = bH.
�
Example 2.12. Let f : C∗ → R∗, f(z) = |z|. Now f(zw) = |zw| = |z||w| =
f(z)f(w), and so f is a homomorphism. Clearly imf = R>0. The kernel kerf =
{z ∈ C∗ | |z| = 1} is the unit circle S1 of the complex plane and so we have
isomorphism C∗/S1 ' R>0.
ALGEBRA II 15
3. Rings and fields
3.1. Ring, Integral domain, Field, Characteristic.
Consider next a set where two binary operations are de�ned and which satisfy
certain axioms.
De�nition 3.1. Let R be a set with at least two elements, and let + and · be twobinary operations de�ned on R. The triple (R,+, ·) is called a ring, if the following
axioms are satis�ed:
(1) (R,+) is an additive abelian group.
(2) · is associative.(3) There exists identity element 1 with respect to ·.(4) The distributive laws hold i.e. for all a, b, c ∈ R we have
a(b+ c) = ab+ ac and (b+ c)a = ba+ ca.
If ab = ba for all a, b ∈ R, then R is called a commutative ring.
Remark 3.1. In a ring R we denote by 0 the identity element with respect to +.
Moreover, the additive inverse of a ∈ R is denoted by −a, and a+(−b) is abbreviatedby a− b.
The following familiar looking rules hold in every ring.
Lemma 3.1. Let R be a ring. Then
(1) 0 · a = 0 = a · 0 for all a ∈ R.(2) 1 6= 0.
(3) (−a)b = −ab = a(−b) for all a, b ∈ R.(4) (−a)(−b) = ab for all a, b ∈ R.
Proof. Exercise. �
Example 3.1. Some familiar commutative rings are Z, R and C. The matrix ring
(Mn×n(R),+, ·)) is also a ring but not commutative.
Example 3.2. Let n ∈ N. Then (Zn,+, ·) is a �nite commutative ring. Assume
n = mt with m, t > 1. Then mt = 0 although both m 6= 0 and n 6= 0. This
motivates the following de�nition.
16 ALGEBRA II
De�nition 3.2. Let R be commutative ring. R is an integral domain if for all
a, b ∈ R condition ab = 0 implies a = 0 or b = 0.
Example 3.3. Z, R and C are integral domains.
Example 3.4. Let n ∈ N. We show that Zn is an integral domain if and only if n
is a prime number. We have already seen, that Zn is not an integral domain if n is a
composite number. Assume n is a prime. Then Z∗n = {1, . . . , n− 1}. If now ab = 0
and a = 0, then by multiplying the equation by a−1 we get b = 0.
De�nition 3.3. Let R be a ring. If an element a ∈ R has the multiplicative inverse
a−1 it is called an unit in R. The set of units in R is denoted by symbol R∗
Example 3.5. R∗ = R \ {0}, Z∗ = {−1, 1}.
Lemma 3.2. (R∗, ·) is a group.
Proof. Exercise. �
In this course we are particularly interested in the commutative rings R with R∗
maximal i.e. R∗ = R \ {0}.
De�nition 3.4. Let (F,+, ·) be a commutative ring. If F ∗ = F \ {0}, then F is
called a �eld.
Theorem 3.1. Each �eld is an integral domain. Each �nite integral domain is a
�eld.
Proof. Let F be a �eld and let a, b ∈ F such that ab = 0. If a 6= 0, then by
multiplying by a−1 we get b = 0.
Assume then that R is a �nite integral domain. Let a ∈ R, a 6= 0. To prove that
R is �eld, it is enough to show that a−1 exists. To that end we consider the function
fa : R → R, fa(x) = ax. If fa is bijective, then it follows that fa(b) = 1 for some
b ∈ R, and therefore b = a−1.
We show that fa indeed is a bijection. First,
fa(b) = fa(c)⇒ ab = ac⇒ a(b− c) = 0⇒ b− c = 0⇒ b = c,
and so fa is injective. Now |imf | = |R|, and it follows that f if surjective as well. �
Corollary 3.1. Zp is a �eld if and only if p is a prime number.
ALGEBRA II 17
Proof. By Example 3.4, Zp is an integral domain if and only if p is a prime. �
A big di�erence in the rings Z and Zn is that the order of any nonzero element in
(Z,+) is in�nite while in (Zn,+) nr = 0 for all r ∈ R. We formalize this property.
De�nition 3.5. Let R be a ring. The least positive integer n satisfying nr = 0 for
all r ∈ R is called the characteristic of R. If there does not exist a positive integer
n such that nr = 0 for all r ∈ R, then the characteristic of R is de�ned to be 0. The
characteristic of R is denoted by char(R).
Example 3.6. Obviously char(Z) = char(Q) = char(R) = char(C) = 0. The
characteristic of Zn is n, since nr = 0 for all r ∈ Zn, and this is the least positive
integer satisfying n1 = 0.
Remark 3.2. The characteristic of a ring R is the actually least positive integer n
such that n1 = 0, since if n1 = 0, then nr = (n1)r = 0r = 0 for all r ∈ R.
Theorem 3.2. Let R be an integral domain with positive characteristic. Then
char(R) = p for some prime number p.
Proof. Let char(R) = n, and let n = mt for some integers m, t ≥ 1. Now n1 =
(m1)(t1) = 0, and since R is an integral domain, m1 = 0 or t1 = 0. Since n is the
least positive integer with n1 = 0, we must have m = n or t = n. Hence, n has only
trivial factors and is therefore a prime. �
Corollary 3.2. The characteristic of a �nite �eld is a prime number.
Proof. Let F be a �nite �eld. Since n1 ∈ F for all positive integers n, and F is
�nite, we must have m1 = n1 for some positive integers m,n with m 6= n. Hence
(m−n)1 = 0, and therefore F is an integral domain with positive characteristic. �
3.2. Subring, Ideal, Residue class ring, Finite �eld Fp.
De�nition 3.6. Let S be a subset of a ring (R,+, ·). If also (S,+, ·) is a ring, it is
called a subring of R.
De�nition 3.7. An ideal of a ring (R,+, ·) is a subset I of R satisfying the following
two properties:
(1) (I,+) is a subgroup (R,+).
18 ALGEBRA II
(2) ri ∈ I, for all r ∈ R and for all i ∈ I.
Example 3.7. Let R be a commutative ring and let a ∈ R. Then the set (a) :=
{ra | r ∈ R} is easily seen to be an ideal of R. It is called a principal ideal of R.
Here, element a is called a generator of (a).
Since the additive group (R,+) of a ring R is assumed to be abelian, any ideal
(I,+) of R is normal in (R,+). Hence, we can form the factor group (R/I,+),
where (a+ I)+(b+ I) := a+ b+ I. We de�ne the multiplication · on R/I by setting
(a+ I) · (b+ I) := ab+ I. The second condition in the de�nition of an ideal implies
that this multiplication is well-de�ned, and now we get
Theorem 3.3. Let I be an ideal of a commutative ring R. Then (R/I,+, ·) is a
commutative ring.
Proof. Exercise. �
We call (R/I,+, ·) as a residue class ring of R modulo I, and its element a+ I is
called the residue class of a modulo I.
Example 3.8. Let n ∈ N. Now, the ring Z/(n) consists of the residue classes
a+ (n) = {a+ nk | k ∈ Z} = a. Hence, (Z/(n),+, ·) = (Zn,+, ·).
The concept of a homomorphism can also be de�ned in the context of ring theory.
De�nition 3.8. Let R and R′ be rings. A function f : R → R′ is called a homo-
morphism if it satis�es the following three conditions for all a, b ∈ R:
(1) f(a+ b) = f(a) + f(b)
(2) f(ab) = f(a)f(b)
(3) f(1R) = 1R′
If f is also a bijection, it is called an isomorphism, and R and R′ are called isomor-
phic. This is denoted by R ' R′.
De�nition 3.9. The kernel of a ring homomorphism f : R→ R′ is the set
kerf = {r ∈ R | f(r) = 0}
Lemma 3.3. The kernel of a ring homomorphism f : R→ R′ is an ideal of R.
ALGEBRA II 19
Proof. Since f is a group homomorphism from (R,+) into (R′,+), we know that
kerf is subgroup of (R,+). Moreover, if r ∈ R and i ∈ kerf , then f(ri) = f(r)f(i) =
f(r)0 = 0 i.e. ri ∈ kerR. �
Like in group theory, we have an isomorphism theorem.
Theorem 3.4. Let f : R→ R′ be a ring homomorphism, and let I = kerf . Then
F : R/I → imf, F (r + I) = f(r)
is a ring isomorphism.
Proof. Exercise. �
We can use mappings to transfer a structure from an algebraic system to a set
without structure. For instance, let (R,+, ·) be ring and let S be a set. Assume we
have a bijection f : R → S. This bijection can be used to give the structure of R
on S by de�ning + and · on S as follows:
s+ t = f(f−1(s) + f−1(t)) ∀s, t ∈ S,
s · t = f(f−1(s)f−1(t)) ∀s, t ∈ S.
Obviously (S,+, ·) is a ring and isomorphic to (R,+, ·). We say that S has the
ring structure induced by f .
De�nition 3.10. Let p be a prime number, and let Fp denote the set {0, 1 . . . , p−1}with the ring structure induced by the function f : Zp → Fp, f(a) = a for a =
0, . . . , p− 1. Then (Fp,+, ·) is called the �nite �eld (or Galois �eld) of order p.
Remark 3.3. The �nite �eld Fp can be seen as the set consisting of the integers
0, 1, . . . , p− 1, and where a+ b = (a+ b) mod p, and ab = ab mod p.
Example 3.9. The calculation tables of F2 are
+ 0 10 0 11 1 0
· 0 10 0 01 0 1
We have seen the existence of a �nite �eld Fp for each prime number p. We
shall construct all the other existing �nite �elds as residue class rings of (formal)
polynomial rings.
20 ALGEBRA II
4. Polynomials
De�nition 4.1. Let R be an integral domain. Let f : Z≥0 → R, f(i) = fi be a
function with �nite image. Let n be the largest index such that fn 6= 0. Then we
denote
f(x) = f0 + f1x+ · · ·+ fnxn,
where fn 6= 0, and say that f(x) is a (formal) polynomial over R. Moreover,
• Elements fi are the coe�cients of f(x).
• f0 is the constant term of f(x).
• fn is the leading coe�cient of f(x)
• f(x) is monic if the leading coe�cient equals 1.
• n =: deg(f(x)) is the degree of f(x).
• If fi = 0 for all i ∈ Z≥0, then f(x) is the zero polynomial, denoted by
f(x) = 0, and then we set deg(f(x)) = −∞.
• The set of all polynomials over R is denoted by the symbol R[x].
For a polynomial f(x) we use also the abbreviated notation f . By the de�nition
of a polynomial, two polynomials f, g are equal if and only if their coe�cients are
equal for all indices i.e. fi = gi for all i ∈ Z≥0.
Example 4.1. Some familiar set of polynomials: Z[x], R[x], C[x].
Example 4.2. We are especially interested in the sets
Fp[x] = {f0 + f1x+ · · ·+ fnxn | fi ∈ Fp, n ∈ N}.
In this set, for instance 1 +x2 +x7 and 1 + 3x2 +x7 are not equal if p 6= 2. However,
3 = 3 · 1 = 1 in F2, and therefore the polynomials in question are equal in F2[x].
Let f(x) = f0 + f1x+ · · ·+ fmxm ∈ R[x] and g(x) = g0 + g1x+ · · ·+ gnx
n ∈ R[x].
De�ne their addition + and the multiplication · �as usual�:
f(x) + g(x) =
max(m,n)∑i=0
(fi + gi)xi
f(x)g(x) =n+m∑i=0
(i∑t=0
ftgi−t)xi,
ALGEBRA II 21
Remark 4.1. We see that the product can be formed by multiplying all the mono-
mials and then collecting together the monomials of equal degree, and by summing
their coe�cients.
Example 4.3. Let f(x) = 1 + x, g(x) = 1 + x2 + x3 ∈ F2[x]. Now
f(x) + g(x) = 1 + 1 + x+ x2 + x3 = x+ x2 + x3,
and
f(x)g(x) = (1 + x)(1 + x2 + x3) = 1 + x2 + x3 + x+ x3 + x4 = 1 + x2 + x4.
Moreover, deg(f + g) = 3 ja deg(fg) = 4.
Lemma 4.1. Let f, g ∈ R[x]. Then
(1) deg(f + g) ≤ max(deg f, g), (2) deg(fg) = deg f + deg g.
Proof. Exercise. �
Theorem 4.1. (R[x],+, ·) is an integral domain.
Proof. (Sketch.) It is easy to see that (R[x],+) is an Abelian group; the zero element
is the zero polynomial 0, and the additive inverse −f of f(x) = f0 +f1x+ · · ·+fnxn
is −f(x) = −f0 − f1x− · · · − fnxn.The identity element of R[x] is the constant polynomial 1, and it follows from
the de�nitions of + and ·, that · is associative and commutative, and that the
distributivity holds in R[x]. Moreover, R[x] is an integral domain:
fg = 0⇒ deg(f) + deg(g) = deg(fg) = −∞⇒ deg f < 0 or deg g < 0
⇒ f = 0 or g = 0.
�
Remark 4.2. It follows from Theorem 4.1 that
f(x)g(x) =n∑i=0
m∑j=0
fixigjx
j =n∑i=0
m∑j=0
figjxi+j,
where n = deg(f) ja m = deg(g).
Theorem 4.2. The set of units R[x]∗ in R[x] is the set of units R∗ in R.
Proof. If fg = 1, then deg(f) + deg(g) = 0. Since now deg(f) ≥ 0 and deg(g) ≥ 0,
we get deg f = deg g = 0. �
22 ALGEBRA II
4.1. Divisibility in F [x].
Let F be a �eld. Next we develop some divisibility theory in F [x]. Like in Z we
have
Theorem 4.3 (Division algorithm). Let f, g ∈ F [x], with f 6= 0. Then there exist
unique polynomials q, r ∈ F [x] such that
g = fq + r, deg(r) < deg(f).
Proof. Use �long division�. �
Here r is the remainder of g divided by f . If r = 0, then we say that f divides g
(or is a factor of g), and denote this by f | g.
Example 4.4. When dividing g(x) = x5 + 2x3 + 2x + 1 by f(x) = 2x2 + x + 2 in
F3[x], the long division yields
x5 + 2x3 + 2x+ 1 = (2x2 + x+ 2)(2x3 + 2x2 + x+ 2) + x.
Hence, the remainder of g divided by f is x.
Theorem 4.4. F [x] is a principal ideal domain, i.e. each ideal of F [x] is principal.
Proof. Let I be an ideal of F [x]. If I = {0}, then I = (0). Assume I 6= (0), and let
f be a nonzero polynomial of least degree contained in I. We claim that I = (f).
Let g ∈ I, and divide it by f : g = fq + r, deg(r) < deg(f). Now r = g − fq ∈ I,and by the minimality of deg(f) we must have r = 0. Hence, I = (f). �
Remark 4.3. If f is a generator of an ideal I ⊆ F [x], then it is easy to see that
f−1n f is a generator of I as well. Hence, each ideal I of F [x] is generated by a monic
polynomial, and there is only one monic polynomial generating I.
Theorem 4.5. Let h, g ∈ F [x], h 6= 0. There exists unique monic polynomial
d ∈ F [x] satisfying the following two properties:
(1) d | h and d | g.(2) If c ∈ F [x] and c | h and c | g, then c | d.
Proof. The set (h, g) := {ah + bg | a, b ∈ F [x]} is easily seen to be a nonzero ideal
of F [x]. Now, by Theorem 4.4, (h, g) = (f) for some f ∈ F [x], f 6= 0. If fn is the
ALGEBRA II 23
leading coe�cient of f , then obviously (f) = (f−1n f). We set d = f−1
n f and show
that d satis�es properties (1) and (2).
Since (d) = (h, g), h, g ∈ (d), and therefore h = da and g = db for some a, b ∈ F [x]
i.e. d | h and d | g.Since (d) = (h, g), d ∈ (h, g) and therefore d = ah+ bg for some a, b ∈ F [x]. Now,
if c divides both h and g, then c | d.If d′ is another monic polynomial satisfying the properties (1) and (2), then (d′) =
(h, g) = (d), and therefore d | d′ and d′ | d. It follows that d = d′. �
De�nition 4.2. The polynomial d in Theorem 4.5 is called the greatest common
divisor of h and g and denoted by gcd(h, g).
Remark 4.4. We saw in the proof of Theorems 4.5 we have the following equality
of ideals: (gcd(h, g)) = (h, g).
The greatest common divisor of h 6= 0 and g can be calculated by the Euclidean
algorithm i.e. by using repeatedly the division algorithm:
g = hq1 + r1, deg(r1) < deg(h),
h = r1q2 + r2, deg(r2) < deg(r1),
r1 = r2q3 + r3, deg(r3) < deg(r2),
...
rn−2 = rn−1qn + rn, deg(rn) < deg(rn−1),
rn−1 = rnqn+1 + 0.
Let d = gcd(h, g). We observe that rn ∈ (h, g) = (d), and therefore d | rn. On the
other hand, we see that rn | rn1 , and rn | rn−1 ⇒ rn | rn−2 ⇒ · · · ⇒ rn | h⇒ rn | g.Hence, by Theorem 4.5, rn | d. It now follows, that gcd(h, g) = `−1rn.
24 ALGEBRA II
Example 4.5. We calculate the greatest common divisor of the polynomials x12 +
x10 +x8 +x3 +1, x8 +x7 +x5 +x4 +x2 +1 ∈ F2[x] by using the Euclidean algorithm:
x12 + x10 + x8 + x3 + 1 = (x8 + x7 + x5 + x4 + x2 + x+ 1)(x4 + x3 + x)
+ x7 + x5 + x3 + x2 + x+ 1
x8 + x7 + x5 + x4 + x2 + x+ 1 = (x7 + x5 + x3 + x2 + x+ 1)(x+ 1) + x6 + x2 + x
x7 + x5 + x3 + x2 + x+ 1 = (x6 + x2 + x)x+ x5 + x+ 1
x6 + x2 + x = (x5 + x+ 1)x.
Hence, gcd(x12 + x10 + x8 + x3 + 1, x8 + x7 + x5 + x4 + x2 + 1) = x5 + x+ 1.
Next we de�ne the analogue of a prime number.
De�nition 4.3. A polynomial f ∈ F [x] is said to be irreducible over F if f has
positive degree, and if f = bc for some b, c ∈ F [x], then either b or c is a constant
polynomial. If f is not irreducible, then it is called reducible over F .
Remark 4.5. The irreducibility of a polynomial depends heavily on the �eld over
which the polynomial is considered. For instance, x2 + 1 is irreducible over R, butnot over C or F2.
Example 4.6. We show that x2 + x + 1 is irreducible over F2. If it was reducible,
then its the factors would be of degree one, say x2 + x + 1 = (x + a)(x + b) with
a, b ∈ F2. This implies x2 + x+ 1 = x2 + (a+ b)x+ ab, which implies a+ b = 1 and
ab = 1. But this is impossible.
Lemma 4.2. Let f, b, c ∈ F [x], with f irreducible. Then, if f | bc, then f | b or
f | c.
Proof. Assume that f does not divide b. Then, the greatest common divisor of f
and b is 1. Now (1) = (f, b), and therefore fu + bv = 1, for some u, v ∈ F [x]. We
now get cfu + cbv = c, and since f divides the left hand side, it divides the right
hand side as well. �
Theorem 4.6 (Unique Factorization in F [x]). Let g ∈ F [x] be of positive degree.
Then, there exist irreducible polynomials p1, . . . , pt ∈ F [x] and a constant u ∈ F∗
such that
g(x) = up1p2 · · · pt.
ALGEBRA II 25
This factorization is unique apart from the order in which the factors occur.
Proof. Assume that there exists polynomials of positive degree, which can not be
written in the product of irreducible polynomials. Let g be one of them, and of the
least degree. Now g can not be irreducible, and therefore g = ab for some a, b ∈ F [x]
of positive degree. It follows that 0 < deg(a), deg(b) < deg(g), and therefore a and
b can be written as a product of irreducible polynomials. But then f can be written
as a product of irreducible polynomials as well, and we have a contradiction.
The assertion concerning the uniqueness, follows easily from Lemma 4.2. �
4.2. Residue class ring F [x]/(f).
Next we prove an important result, which shows that irreducible polynomials
produce �elds.
Theorem 4.7. Let f ∈ F [x]. Then the residue class ring F [x]/(f) is a �eld if and
only if f is irreducible over F .
Proof. Assume that f is irreducible. We show that each nonzero element g + (p) ∈F [x]/(f) has the multiplicative inverse. It then follows that F [x]/(f) is a �eld.
Denote g = g + (p). If g 6= 0, then g 6∈ (f), which means that gcd(g, f) = 1. Hence
1 = gu+ fv for some u, v ∈ F [x], and therefore 1 = gu = gu. Hence, u+ (f) is the
inverse of g + (f).
Assume then that f is reducible, say f = ab for some a, b ∈ F [x] of positive
degree. Now, 0 < deg(a), deg(b) < deg(f), and therefore f divides neither a nor
b. Hence, a, b 6= 0, but ab = f = 0, which means that F [x]/(f) is not an integral
domain and therefore not a �eld. �
Remark 4.6. By using the division algorithm, we see that a complete set of repre-
sentatives for the residue classes modulo (f) is the set of polynomials of degree less
than the degree n of f , and therefore
F [x]/(f) = {a0 + a1x+ · · ·+ an−1xn + (f) | a0, . . . , an−1 ∈ F}.
In particular, if F = Fp, then we observe that the number of elements in Fp[x]/(f)
is pn. So:
if f is irreducible over Fp and of degree n, then Fp/(f) is a �nite �eld of degree pn.
26 ALGEBRA II
Example 4.7. We saw in Example 4.6 that f(x) = x2 + x + 1 is irreducible over
F2. Hence, F2[x]/(f) is a �nite �eld of order 4. Denote, α = x + (p), 0 = 0 + (p)
and 1 = 1 + (p). Now α2 = α + 1, and we have
F2[x]/(f) = {0 + (f), 1 + (f), x+ (f), x+ 1 + (f)}
= {0, 1, α, α + 1 | α2 = α + 1} =: F4.
The group tables of (F4,+) and (F∗4, ·) are
+ 0 1 α 1 + α0 0 1 α 1 + α1 1 1 1 + α αα α 1 + α 0 1
1 + α 1 + α α 1 0
· 1 α 1 + α1 1 α 1 + αα α 1 + α 1
1 + α 1 + α 1 α
We end this section by considering polynomial functions.
De�nition 4.4. Let f(x) = f0 + f1x + · · · + fnxn be a polynomial over F . The
polynomial function induced by f(x), is the function
f : F → F, f(a) = f0 + f1a+ · · ·+ fnan.
Example 4.8. Di�erent polynomials can induce the same polynomial function. Let
e.g. f(x) = x, g(x) = x2 ∈ F2[x]. Now f(x) 6= g(x), but f(a) = g(a) for all a ∈ F2
i.e. they induce the same polynomial function from F2 onto F2.
De�nition 4.5. An element b ∈ F is called a root (or a zero) of the polynomial
f ∈ F [x], if f(b) = 0.
Theorem 4.8. An element b ∈ F is a root of a polynomial f ∈ F [x] if and only if
x− b divides f(x).
Proof. By the division algorithm, f(x) = (x − b)g(x) + c, where c ∈ F . Now x − bdivides f(x) if an only if c = 0. But c = f(b), and the theorem follows. �
De�nition 4.6. Let b ∈ F be a root of f ∈ F [x]. If k is a positive integer such that
f(x) is divisible by (x − b)k, but not (x − b)k+1, then k is called the multiplicity of
b. If k = 1, then b is called a simple root (or a simple zero) of f . If k ≥ 2, then b is
called a multiple root (or a multiple zero) of f .
ALGEBRA II 27
Lemma 4.3. Let f ∈ F [x]. If b1, . . . , bm are distinct roots of f with multiplicities
k1, . . . , km, then (x− b1)k1 · · · (x− bm)km divides f(x).
Proof. Each polynomial x−bj is irreducible, and therefore each polynomial (x−bj)kj
occurs as a factor in the factorization of f as a product of irreducible polynomials.
Hence, (x− b1)k1 · · · (x− bm)km appears in the factorization as well. �
Theorem 4.9. Let f be polynomial over F of degree n. Then, f has at most n roots
in F .
Proof. Let b1, . . . , bm be the roots of f in F , and let k1, . . . , km be their multiplicities.
Now, by Lemma 4.3, f(x) = (x − b1)k1 · · · (x − bm)kmg(x) and therefore m ≤ k1 +
· · ·+ km ≤ n. �
The irreducibility of a polynomial f over F is equivalent to the non-existence of
a root of f in F , if the degree of f is small enough.
Theorem 4.10. Any polynomial f ∈ F [x] of degree 2 or 3 is irreducible in F [x] if
and only if f has no root in F .
Proof. If f has a root in F , then f is reducible, by Theorem 4.8. Assume f has not
a root in F . Then, f can not have a factor of degree one, again by Theorem 4.8.
Hence, if deg(f) = 2, it must be irreducible. If deg(f) = 3 and f does not have a
factor of degree one, then it can not have a factor of degree two either, and so f is
irreducible in this case too. �
Example 4.9. The assumption concerning the degree is necessary. For instance,
x4 + 2x2 + 1 has no zeros in R, but it is reducible over R: x4 + 2x2 + 1 = (x2 + 1)2.
Example 4.10. We �nd the irreducible polynomials over F2 of degree three . Let
f(x) = x3 +ax2 + bx+ c ∈ F2[x]. Now, by Theorem 4.10, f is irreducible if and only
if f(0) = f(1) = 1 i.e. c = 1 and a+ b = 1. Hence, the irreducible polynomials over
F2 of degree three are x3 + x2 + 1 and x3 + x+ 1.
5. Field extensions
De�nition 5.1. Let F be a �eld. A subset K of F is called a sub�eld of F , if it is a
�eld under the operations of F . If K is a sub�eld of F , then F is called an extension
(�eld) of K. In this case the phrase �eld extension F/K is also used.
28 ALGEBRA II
Lemma 5.1 (Sub�eld Criterion). Let K be a subset of a �eld F . Then, K is a
sub�eld of F if and only if the following three properties hold:
(1) K contains at least two elements,
(2) a− b ∈ K for all a, b ∈ K,
(3) ab−1 ∈ K for all a, b ∈ K, b 6= 0.
Proof. If K is a sub�eld of F , then the properties are satis�ed by the de�nition of
a �eld. Assume next that K satis�es the properties. By (1), K is non-empty. Now,
(2) implies that (K,+) is a subgroup of (F,+), and (3) implies that (K \ {0}, ·) is
a subgroup of (F \ {0}, ·) (by the subgroup criterion). It remains to show that the
distributive laws hold in K. But this is obvious, because they hold in F . �
Lemma 5.2. The intersection of all sub�elds of a �eld F is a sub�eld of F .
Proof. Since all sub�elds of F has at least 0 and 1, so do their intersection K. Let
a, b ∈ K. Now, a, b are in each sub�eld of F , and therefore a − b belongs to each
sub�eld of F , and if b 6= 0 then also ab−1 belongs to each sub�eld of F . �
De�nition 5.2. The intersection of all sub�elds of a �eld F is called the prime �eld
of F .
Theorem 5.1. Let F be a�eld. If char(F ) = 0, then the prime �eld of F is isomor-
phic to Q. Otherwise, it is isomorphic to Fp, where p = char(F ).
Proof. Let K be the prime �eld of F . Then, the set R of all integer multiples of
the identity element 1 is a subring of K. But since K is a �eld, all the fractions
a/b := ab−1 with a, b ∈ R, b 6= 0, are in K too.
Hence, if char(F ) = 0, then K contains (and is contained to) a �eld isomorphic
to Q, and if char(F ) = p, then it contains (and is contained to) a �eld isomorphic
to Fp. �
De�nition 5.3. Let K be the sub�eld of a �eld F , and letM be a subset of F . The
intersection K(M) of all the sub�elds of F containing both K and M is called the
extension �eld of K obtained by adjoining the element ofM to K. IfM is �nite, say
M = {a1, . . . , an}, then we write K(a1, . . . , an) := K(M). The extension K(a)/K
is said to be simple and a is a de�ning element of the extension.
ALGEBRA II 29
Remark 5.1. Note that K(M) is the �smallest� sub�eld of F containing both K
and M . Moreover, since K(a) is a �eld it contains elements f(a) where f ∈ K[x].
We are especially interested in the extensions K(a)/K where a is a root of a
polynomial over K.
De�nition 5.4. Let K be a sub�eld of F . An element a ∈ F is said to be algebraic
over K, if f(a) = 0 for some f ∈ K[x] \ {0}. Extension F/K is said to be algebraic
(extension) if every element of F is algebraic over K.
Theorem 5.2. Let K be a sub�eld of F , and let a ∈ F . If a is algebraic over K,
then there exists unique monic irreducible polynomial f over K such that f(a) = 0.
Proof. Obviously the set I := {g(x) ∈ K[x] | g(a) = 0} is an ideal of K[x]. By
Remark 4.3, it is generated by a monic unique polynomial f(x) of the least positive
degree contained in I. If f = gh, for some g, h ∈ K[x], then 0 = f(a) = g(a)h(a),
and therefore either f(a) = 0 or g(a) = 0. By the minimality of the degree of f , we
have g ∈ K∗ or h ∈ K∗ implying the irreducibility of f . �
De�nition 5.5. Let a ∈ F be algebraic over K. The monic irreducible polynomial
f over K satisfying f(a) = 0 is called the minimal polynomial of a over K. The
degree of f is called the degree of a.
Example 5.1. We �nd the minimal polynomial of a = 3√
3 + 1 over Q. Now
a − 1 = 3√
3 and it follows that a3 − 3a2 + 3a − 1 = 3. Hence, a is a root of
f(x) = x3− 3x2 + 3x− 4. This monic polynomial of degree 3 has no roots in Q, and
is therefore irreducible. Hence f(x) is the minimal polynomial of 3√
3 + 1 over Q.
Let K be a sub�eld of F . We can consider F as a vector space over K. The
�vectors� are the elements of F , and the scalars are the elements of K.
Lemma 5.3. Let K be a sub�eld of F . Then, F is a vector space over K i.e. for
all α, β ∈ F , and all r, s ∈ K we have
(1) (F,+) is an abelian group,
(2) r(α + β) = rα + rβ,
(3) (r + s)α = rα + sα,
(4) (rs)α = r(sα),
30 ALGEBRA II
(5) 1α = α.
Proof. The lemma follows immediately by the de�nition of a �eld. �
De�nition 5.6. Field extension F/K is called �nite, if F is a �nite dimensional
vector space over K. The dimension of the vector space F over K is then called the
degree of F over K, and denoted by the symbol [F : K].
Theorem 5.3. Every �nite �eld extension is algebraic.
Proof. Let F/K be a �nite �eld extension with n = [F : K], and let α ∈ F . Now,
the n+1 elements 1, α, . . . , αn are linearly dependent overK i.e. there exist elements
a0, . . . , an ∈ K such that at least one of them is nonzero and a0+a1α+· · ·+anαn = 0.
This means that α is algebraic over K. �
Lemma 5.4. Let F/M and M/K be �nite extensions. Then F/K is �nite, and
[F : K] = [F : M ][M : K].
Proof. Let n = [F : M ] and m = [M : K], and let {α1, . . . , αn} be a basis of F
over M and {β1, . . . , βn} a basis of M over K. Now, it is easy to see that the set
{αiβj | 1 ≤ i ≤ n, 1 ≤ j ≤ m} is basis of F over K. �
Next theorem describes the key properties of simple �eld extensions.
Theorem 5.4. Let α ∈ F be algebraic of degree n over K, and let f be the minimal
polynomial of α over K. Then
(1) K(α) is isomorphic to K[x]/(f).
(2) [K(α) : K] = n and {1, α, . . . , αn−1} is a basis of K(α)/K.
(3) Every β ∈ K(α) is algebraic over K, and its degree over K is a factor of n.
Proof. (1) Obviously function ψ : K[x] → K(α), ψ(g(x)) = g(α) is a ring homo-
morphism. By the proof of Theorem 5.2 its kernel is an ideal of K[x] generated by
the minimal polynomial f of α. Since f is irreducible, K[x]/(f) is a �eld, and now
by the isomorphism theorem for rings, it is isomorphic to imψ. But K ⊆ imψ and
α ∈ imψ, and therefore, by the de�nition of K(α), we have imψ = K(α). This
proves (1).
(2) As we saw above, each element β in K(α) is of the form β = g(α) for some g ∈K[x]. By the division algorithm g = fq+r for some q, r ∈ K[x] with deg(r) ≤ n−1.
ALGEBRA II 31
Hence, g(a) = f(a)q(a) + r(a) = r(a), and therefore {1, α, . . . , αn−1} spans K(α)
over K. Assume∑n−1
i=0 aiαi = 0 for some a0, . . . , an ∈ K. Now,
∑n−1i=0 aix
i is in kerψ,
and is therefore a multiple of f . But deg(f) = n, and therefore a0 = · · · = an−1 = 0
i.e. {1, α, . . . , αn−1} is linearly independent over K. This proves (2).
(3) Let β ∈ K(α). Since K(α)/K is �nite, β is algebraic over K by Theorem 5.3.
By Lemma 5.4, [K(β) : K] = [K(α) : K]/[K(α) : K(β)], and by (2), the degree of
β is equal to [K(β) : K]. This proves (3). �
Above we considered simple algebraic extensions K(α)/K where α is an element
of a given �eld F . But how to construct simple algebraic extensions over K without
reference to a previously given larger �eld?
Theorem 5.5. Let f ∈ K[x] be irreducible and monic over the �eld K. Then there
exists an algebraic extension K(α)/K such that f is the the minimal polynomial of
α.
Proof. Let n = deg(f). We know that the residue class ring
K[x]/(f) = {a0x+ a1x+ · · ·+ an−1xn−1 + (f) | a0, . . . , an−1 ∈ K}
is a �eld. Set α := x+ (f) and a := a+ (f) for all a ∈ K. Now, by the de�nition of
addition and multiplication of residue classes modulo (f), we get
K[x]/(f) ' {a0 + a1α + · · ·+ an−1αn−1 | a0, . . . , an−1 ∈ K} = K(α),
where the equality follows from Theorem 5.4 (2). Moreover,
f(α) = f0 +f1α+ · · ·+αn−1 = f0 +f1x+ · · ·+xn−1 +(f) = f(x)+(f) = 0+(f) = 0,
and since f is irreducible and monic, it is the minimal polynomial of α. �
By Theorem 5.5, for each irreducible polynomial f ∈ K[x] there always exists an
extension �eld F of K such that f has a root in F . Based on this we shall see, that
there exist an extension �eld of K over which f factors to the irreducible factors of
degree one, and this extension �eld is unique up to the isomorphism.
Let ψ be a �eld isomorphism fromK ontoK ′, and let f(x) = f0+· · ·+fnxn ∈ K[x].
By the notation ψ(f) we mean the polynomial ψ(f0) + · · ·+ ψ(fn)xn ∈ K ′[x].
Lemma 5.5. Let ψ be a �eld isomorphism from K onto K ′, and let f ∈ K[x] be
a monic irreducible polynomial over K. Let α be a zero of f and let β be a zero of
ψ(f). Then, the �elds K(α) and K ′(β) are isomorphic.
32 ALGEBRA II
Proof. We �rst show that ψ(f) is irreducible over K ′. By Theorem 5.4 (1) it is then
enough to show that the �elds K[x]/(f) and K ′[x]/(ψ(f)) are isomorphic.
It is easy to see that ψ is actually a ring isomorphism from K[x] onto K ′[x]. It
follows that, if ψ(f) = gh for some g, h ∈ K ′[x] then f = ψ−1(g)ψ−1(h). Hence,
ψ(f) is irreducible.
Obviously ψ′ : K[x] → K ′[x]/(ψ(f)), ψ′(g) = ψ(g) + (ψ(f)) is a surjective ring
homomorphism, and the kernel of ψ′ consists of the polynomials g such that ψ(f) |ψ(g) equivalently f | g. Hence, K[x]/(f) and K ′[x]/(ψ(f)) are isomorphic by the
isomorphism theorem for rings. �
De�nition 5.7. Let f ∈ K[x] be of positive degree, and let F be an extension �eld
of K. Then f is said to be split in F , if there exist α1, . . . , αn ∈ F such that
f(x) = a(x− α1)(x− α2) · · · (x− αn),
where a is the leading coe�cient of f . If f splits in F and F = K(α1, . . . , αn), then
F is called a splitting �eld of f over K.
Theorem 5.6. For each f ∈ K[x] of positive degree there exists a splitting �eld of
f over K. Any two splitting �elds of f over K are isomorphic.
Proof. Let f = gk11 h1 where g1, h1 ∈ K[x], g1 irreducible, and g1 - h1. Now, g1 has
a zero α1 in K(α1) and therefore f(x) = (x − α1)k1t1(x) for some t1 ∈ K(α1)[x]
with deg(t1) < deg(f). If deg(t1) = 0, then we are done. Otherwise, we write
t1 = gk22 h2 where g2, h2 ∈ K(α1)[x], g2 irreducible, and g2 - h2. Now, g2 has
a zero α2 in K(α1, α2) and therefore f(x) = (x − α1)k1(x − α2)
k2t2(x) for some
t ∈ K(α1)[x] with deg(t2) < deg(t1). Continuing in this way, we �nally get f(x) =
a(x− α1)k1 · · · (x− αm)km ∈ K(α1, . . . , αm) i.e. K(α1, . . . , αm) is a splitting �eld of
f .
Let K(α′1, . . . , α′n) be another splitting �eld of f over K, and assume m ≤ n.
Choose ψ in Lemma 5.5 be the trivial isomorphism ψ : K → K, ψ(c) = c. Now,
K(α1) ' K(α′1). Next choose K to be K(α1) and K ′ to be K(α′1) in Lemma 5.5,
and we get isomorphism K(α1, α2) ' K(α′1, α′2). Continuing in this way, we obtain
an isomorphism from K(α1, . . . , αm) onto K(α′1, . . . , α′m) which maps each αi to α
′i.
If m < n, then f splits in a proper sub�eld K(α′1, . . . , α′n), which is impossible by
the de�nition of a splitting �eld. Hence, m = n and the proof is complete. �
ALGEBRA II 33
We end this section by giving a criterion whether a polynomial f has a multiple
root in its splitting �eld.
De�nition 5.8. Let f(x) = f0 + f1x + f2x2 + · · · + fnx
n be a polynomial over K.
The (formal) derivative of f is the polynomial f ′(x) = f1 + 2f2x+ · · ·+ nfnxn−1.
Lemma 5.6. Let f, g ∈ K[x]. Then
(1) (f + g)′ = f ′ + g′.
(2) (fg)′ = f ′g + fg′.
Proof. Exercise. �
Theorem 5.7. Let f ∈ K[x] and let α be a root of f in its splitting �eld over K.
Then, α is a simple root of f(x) if and only if f ′(α) 6= 0.
Proof. Let F be the splitting of f over K. Write f(x) = (x− α)kg(x) where g(x) ∈F [x], (x− α) - g(x), and k is a positive integer.
Now f ′(x) = k(x − α)k−1g(x) + (x − α)kg′(x). If α is simple, then k = 1 and
f ′(α) = g(α) 6= 0. If α is multiple, then k > 1 and f ′(α) = 0. �
6. Finite fields
In this section we characterize the �nite �elds. First we show that the number of
elements in a �nite �eld is a prime power.
Lemma 6.1. Let F be a �nite �eld containing a sub�eld K with q elements. Then
F has qm elements, where m = [F : K].
Proof. Since F is a vector space over K of dimension m, each element α ∈ F can
be uniquely represented in the form α = a1α1 + · · ·+ amαm, where {α1, . . . , αm} isa �xed basis of F over K, and a1, . . . , am ∈ K. Here each �scalar� ai can be chosen
in exactly q ways, and therefore |F | = qm. �
Theorem 6.1. Let F be a �nite �eld. Then F has pn elements, where the prime p
is the characteristic of F and n is the degree of F over its prime �eld.
Proof. Since F is �nite, its characteristic is a prime p by Corollary 3.2. Now, by
Theorem 5.1, the prime �eld of F is isomorphic to Fp, and Lemma 6.1 now completes
the proof. �
34 ALGEBRA II
Next we show that there exists a �nite �eld of order pn for each prime p and
for each positive integer n. We begin with a lemma, which is a generalization of
Fermat's little theorem.
Lemma 6.2. If F is a �nite �eld with q elements, then aq = a for all a ∈ F .
Proof. Obviously aq = a if a = 0. If a 6= 0 then aq−1 = 1, since F ∗ is a group of
order q − 1. This implies that aq = a. �
Theorem 6.2. For every prime p and every positive integer n there exists a �nite
�eld with pn elements.
Proof. Let q = pn and let f(x) = xq − x. Since f ′(x) = −1, each root of f is simple
in the splitting �eld F of f over Fp. It now follows from Theorem 4.9 that f has
exactly q roots in F . We show that the roots of f form a sub�eld of F . First, 0, 1
are roots of f . Second, if α, β are roots of f , then, since char(F ) = p, we have
f(α − β) = (α − β)q − (α − β) = αq − α − (βq − β) = 0 − 0 = 0 by Lemma 6.2.
Third, if β 6= 0, then f(αβ−1) = (αβ−1)q − (αβ−1) = 0 by Lemma 6.2. Now, by the
sub�eld criterion, the roots of f form a �eld with q elements. �
Since the splitting �eld of a polynomial over Fp is unique up to the isomorphisms,
next theorem shows that for a given prime p and for a given positive integer n there
exists (essentially) only one �nite �eld with q = pn elements.
Theorem 6.3. Let F be a �nite �eld with q elements, and let K be a sub�eld of F .
Then, the polynomial xq − x factors in F [x] as
xq − x =∏a∈F
(x− a).
Moreover, F is the splitting �eld of xq − x over K.
Proof. The polynomial xq − x has at most q roots in F , and now by Lemma 6.2,
its roots are exactly the q elements of F . Hence, xq − x splits over F in the given
manner, and it cannot split in any smaller �eld. �
De�nition 6.1. From now on we denote by Fq the �nite �eld with q elements.
Next we characterize the sub�elds of Fq.
ALGEBRA II 35
Theorem 6.4. Every sub�eld of Fpn has pm elements, where m is a posititive factor
of n. Conversely, if m is a positive factor of n, then there is exactly one sub�eld of
Fpn with pm element.
Proof. Let K be a sub�eld of Fpn . By Theorem 6.1, K has pm element for some
positive integer m. By Lemma 6.1, pn = pmt where t = [Fpn : K]. Hence, m is a
factor of n.
Conversely, let m be a positive factor of n. Now, pm − 1 divides pn − 1, and
therefore xpm−1 − 1 divides xp
n−1 − 1. Since Fpn is the splitting �eld of xpn − x by
Theorem 6.3, polynomial xpm − x splits in Fpn . Now, by the proof of Theorem 6.2,
the roots of xpm − x in Fpn form a sub�eld with pm elements. On the other hand, if
K is any sub�eld of Fpn with pm elements, then its elements are the roots xpm − x.
But this polynomial has exactly pm roots, and so there is only one sub�eld with pm
elements. �
Example 6.1. The sub�elds of F220 are F2, F22 , F24 , F25 , F210 and F220 .
Next we prove an important fact.
Theorem 6.5. The multiplicative group F∗q of a �nite �eld Fq is cyclic.
Proof. We may assume that q > 3. Let q − 1 = pk11 · · · pkmm be the canonical prime
decomposition of q − 1. For each i = 1, . . . ,m, let hi = (q − 1)/pi. The polynomial
xhi − 1 has at most hi roots, and therefore there exists ai ∈ F∗q which is not a root
of xhi − 1. Let bi = a(q−1)/p
kii
i . The order of bi is a factor pkii . On the other hand,
bp
ki−1ii = a
(q−1)/pi
i 6= 1, and therefore the order of bi is pkii . We show that b := b1 · · · bm
generates F∗q.Assume on the contrary that the order of b is a non-trivial factor of q − 1, which
means that it is a factor of (q − 1)/pi for at least one i = 1, . . . ,m, say for i = 1.
Now,
1 = b(q−1)/p1 = b(q−1)/p11 b
(q−1)/p12 · · · b(q−1)/p1
m = b(q−1)/p11 · 1 · · · 1 = b
(q−1)/p11 ,
which implies that the order pk11 of b1 is a factor of (q−1)/p1, which is impossible. �
De�nition 6.2. A generator of the cyclic group F∗q is called a primitive element of
Fq.
36 ALGEBRA II
Example 6.2. Let F16 = F2(α) where α is a root of the irreducible polynomial
f(x) = x4 + x3 + x2 + x + 1. Now the order of α is either 3, 5 or 15. Obviously,
α3 6= 1 but α5 = α4 + α3 + α2 + α = 1. On the other hand, the order of an element
β in F4 \ F2 is three, and therefore, by the proof of Theorem 6.5, αβ is a primitive
element of F16.
We next �nd such a β. We observe that the degree of β over F2 is 2, and therefore
it is a root of x2 + x+ 1 in F16. So, it is enough to �nd a0, a1, a2, a3 ∈ F2 such that
(a0 + a1α + a2α2 + a3α
3)2 + a0 + a1α + a2α2 + a3α
3 + 1 = 0,
equivalently,
a0 + a1α2 + a2α
4 + a3α6 + a0 + a1α + a2α
2 + a3α3 + 1 = 0.
Here, α4 = α3 + α2 + α + 1 and α6 = αα5 = α, and therefore we have
a2 + 1 + (a1 + a2 + a3)α + a1α2 + (a2 + a3)α
3 = 0,
equivalently, a2 = 1, a1 = 0, a3 = 1. Hence, we may choose β = α2 + α3 or
β = 1 + α2 + α3.
Theorem 6.6. Let Fq be a sub�eld of the �nite �eld Fqn. Then, Fqn = Fq(γ) where
γ is a primitive element of Fq.
Proof. Since Fq ⊆ Fqn and γ ∈ Fqn , we have Fq(γ) ⊆ Fqn . On the other hand, Fq(γ)
is a �eld and therefore it contains 0 and all the powers of γ. Hence, Fqn ⊆ Fq(γ). �
Corollary 6.1. Let Fq be a �nite �eld and let n be a positive integer. Then, there
exists an irreducible polynomial of degree n over Fq.
Proof. Let γ be the primitive element of Fqn . Then Fqn = Fq(γ) by Theorem 6.6, and
the minimal polynomial of γ over Fq is of degree n by Theorem 5.4 and irreducible
by the de�nition. �
De�nition 6.3. The minimal polynomial of a primitive element of Fqn over Fq iscalled a primitive polynomial over Fq.
We end this section by describing the roots of an irreducible polynomial over a
�nite �eld.
Lemma 6.3. Let f be an irreducible polynomial over Fq of degree m. Then f(x)
divides xqn − x if and only if m divides n.
ALGEBRA II 37
Proof. Let α be a root of f in its splitting �eld over Fq. Assume �rst that f(x) |(xq
n − x). Now αqn
= α which means that α ∈ Fqn by Theorem 6.3. It follows that
Fq(α) is a sub�eld of Fqn , and therefore the degree [Fq(α) : Fq] is a factor of n by
Lemma 5.4. But [Fq(α) : Fq] = m by Theorem 5.4.
Assume then thatm is a factor of n. Now Fqn has the sub�eld Fqm by Theorem 6.4.
On the other hand Fq(α) = Fqm and therefore α ∈ Fqn . Now α is a zero of xqn − x
and therefore f(x) | (xqn − x) by the proof of Theorem 5.2. �
Theorem 6.7. If f is an irreducible polynomial over Fq of degree m, then f has a
root α in Fqm. Moreover, all the roots of f are simple and they are α, αq, . . . , αqm−1
.
Proof. Let α be a root of f in its splitting �eld over Fq. The degree [Fq(α) : Fq] = m
and therefore Fq(α) = Fqm . It follows from Lemma 6.2 that αqiis a root of f for all
non-negative integers i:
f(αqi
) =m∑j=0
fjαjqi
= (m∑j=0
fjαj)q
i
= f(α)qi
= 0.
Since the degree of f is m, it remains to prove that α, αq, . . . , αqm−1
are distinct. If
αqi
= αqjfor some 0 ≤ i < j ≤ m − 1, then by rising this identity to the power of
qm−i we get
α = αqm
= αqm+j−i
.
It follows that f(x) is a divisor of xqm+j−i − x and now, by Lemma 6.3, m divides
m + j − i. But is possible only if m divides j − i which is impossible, since 1 ≤j − i ≤ m− 1. �
De�nition 6.4. Let α ∈ Fqm . Then, the elements α, αq, . . . , αqm−1
are the conjugates
of α over Fq.
Remark 6.1. If α ∈ Fqm and its degree over Fq is d | m. Then, the conjugates of α
over Fq are the elements α, αq, . . . , αqd−1
, each repeated with m/d times.
Theorem 6.8. Let α ∈ Fqm. Then, the conjugates of α over Fq has the same order
in F∗q.
Proof. By theory of cyclic groups. �
Example 6.3. Let γ ∈ F16 be a root of f(x) = x4 + x + 1 ∈ F2[x]. Then, the
conjugates of γ over F2 are γ, γ2, γ4 = γ + 1 and γ8 = γ2 + 1. Since f is a primitive
38 ALGEBRA II
polynomial over F2, the conjugates of γ over F2 are primitive elements of F16, by
Theorem 6.8.
The conjugates of γ over F4 are γ and γ4. Hence, the minimal polynomial of γ
over F2 is (x+ γ)(x+ γ4) = x2 + (γ + γ4)x+ γ5 = x2 + x+ γ2 + γ.
7. A brief introduction to the error correcting block codes
Assume we would like to send information, expressed as a �nite sequence of sym-
bols, over a noisy channel. Then errors may (or will) occure and of course we would
like to correct, or at least detect, the errors in the receiving end of the channel. The
main idea is to transmit redundant information; that is, one extends the sequence
of message symbols to a longer sequence in a systematic manner. We call such a
systematic extension of a message as encoding.
Let Fq be a �nite �eld. We assume that the message word is a vector (a1, . . . , ak) ∈Fkq and it is encoded into a code word (c1, . . . , cn) ∈ Fnq where n > k. In this context
a function from Fkq into Fnq is called a coding scheme, and a function from Fnq into
Fkq a decoding scheme.
A simple coding scheme arises when (a1, . . . , ak) is encoded into a code word
c := (a1, . . . , ak, ck+1, . . . , cn), where the control symbols ck+1, . . . , cn are chosen in a
systematic manner. For instance, let H be an (n− k)× n matrix with entries in Fqthat is of the special form
H = (A | In−k)
where A is an (n− k)× k matrix and In−k is the (n− k)× (n− k) identity matrix.
The control symbols ck+1, . . . , cn are calculated from the system of equations
HcT = 0.
The equations of the this system are called parity-check equations.
Example 7.1. Let q = 2, k = 4, n = 7, and let
H =
1 0 1 1 1 0 01 1 0 1 0 1 01 1 1 0 0 0 1
.
ALGEBRA II 39
The control symbols c5, c6, c7 of the code word c = (a1, a2, a3, a4, c5, c6, c7) are
calculated by solving HcT = 0 for given symbols a1, a2, a3, a4:
a1 + a3 + a4 + c5 = 0
a1 + a2 + a4 + c6 = 0
a1 + a2 + a3 + c7 = 0
and it follows that the coding scheme in this case is the linear map from F42 into F7
2
given by
(a1, a2, a3, a4) 7→ (a1, a2, a3, a4, a1 + a3 + a4, a1 + a2 + a4, a1 + a2 + a3)
In general we use the following terminology.
De�nition 7.1. Let H be an (n− k)× n matrix of rank n− k with entries in Fq.The subset C of Fnq whose elements c satisfy HcT = 0 is called a linear [n, k] code
over Fq. Here,
• n is the length of C,
• k is the dimension of C,
• the elements of C are the code are code words of C,
• H is the (parity-)check matrix of C.
Moreover, if H is of the form (A | In−k) then C is called a systematic code.
Remark 7.1. A linear [n, k] code over Fq is an subspace of dimension k of Fnq , sinceit is the kernel (or the null space) of H.
By the following lemma, linear [n, k] codes over Fq are exactly the subspaces of
Fnq .
Lemma 7.1. Let C be a subspace of Fnq of dimension k. Then there exists (n−k)×nmatrix H of rank n− k with entries in Fq such that HcT = 0 for all c ∈ C.
Proof. Let {c(1), . . . , c(k)} be a basis of C over Fq. The solution space S of the
system of equations
c(1)1 x1 + · · ·+ c(1)
n xn = 0
c(2)1 x1 + · · ·+ c(2)
n xn = 0
...
c(k)1 x1 + · · ·+ c(k)n xn = 0
40 ALGEBRA II
has dimension n − k. Let H be the matrix whose rows form a base of S. Now
HcT = 0 for all c ∈ C. �
The parity-check equationsHcT = 0 withH = (A | In−k) and c = (a1, . . . , ak, ck+1, . . . , cn)
can be written in the form
0 = HcT = A
a1...ak
+
ck+1...cn
⇔
ck+1...cn
= −A
a1...ak
.
Equivalently,
cT =
(Ik−A
)aT =
(a(Ik | −AT)
)T
,
where a = (a1, . . . , ak).
Hence, in this case, the coding scheme from Fkq into Fnq is given by
a 7→ a(Ik | −AT),
and moreover, C is the row space of the matrix (Ik | −AT).
De�nition 7.2. The k×n matrix G = (Ik | −AT) is called the generator matrix of
a linear [n, k] code with check matrix H = (A | In−k).
Example 7.2. The generator matrix G of the linear [7, 4] code in Example 7.1 is
G =
1 0 0 0 1 1 10 1 0 0 0 1 10 0 1 0 1 0 10 0 0 1 1 1 0
and the code words are the 16 linear combinations over F2 of the rows of G.
We generalize this de�nition in an obvious manner:
De�nition 7.3. Let C be a linear [n, k] code over Fq. If C is the row space of an
n× k matrix G of rank k with entries in Fq, then it is called a generator matrix of
C.
Consider next decoding.
De�nition 7.4. If c is a code word and y is the received word after the transmission
of c over a channel, then e = y − c is called the error vector of c.
De�nition 7.5. Let x,y ∈ Fnq . Then,
ALGEBRA II 41
(1) The Hamming distance d(x,y) between x and y is the number of coordinates
in which x and y di�er.
(2) The Hamming weight w(x) of x is the number of nonzero coordinates of x.
We observe that d(x,y) = w(x− y). Moreover, we have the following lemma.
Lemma 7.2. The Hammig distance is a metric on Fnq . That is, for all x,y, z ∈ Fnqwe have
(1) d(x,y) = 0 if and only if x = y,
(2) d(x,y) = d(y,x),
(3) d(x, z) ≤ d(x,y) + d(y, z).
Proof. Exercise. �
If y is the received word, then, one usually tries to �nd the code word c such that
w(y − c) is as small as possible; that is we assume that it si more likely that few
errors have occured rather than many errors.
Thus, in decoding we are looking for a code word that is closest to the received
word according to the Hamming distance. This rule is called the nearest neighbor
decoding.
Example 7.3. Let the message words be the elements of F4 and encode each of
them by using the generator matrix G in Example 7.2. Assume that the word
y = (1, 1, 0, 0, 1, 0, 1) was received. Now HyT 6= 0, where H is the check matrix of
the code given in Example 7.1, and therefore y is not in the code. Let c be the sum
of the �rst two rows of G i.e. c = (1, 1, 0, 0, 1, 0, 0). Now y and c di�er only in one
coordinate place and we assume that c was sent.
De�nition 7.6. Let t ∈ N. Code C ⊂ Fnq is called t-error-correcting if for any
y ∈ Fnq there is at most one code word c ∈ C such that d(y, c) ≤ t.
De�nition 7.7. For a code C ⊂ Fnq , the number
dC = minu,v∈Cu6=v
d(u,v)
is called the minimum distance of C.
Obviously,
dC = minc∈C, c 6=0
w(c),
42 ALGEBRA II
i.e. the minimum distance of a linear code C is the Hamming weight of a code word
of the least weight in C.
Theorem 7.1. Let C be a code with minimum distance dC. Then, by using the
nearest neighbor decoding, it is possible to correct up to t errors if dC ≥ 2t+ 1.
Proof. It follows from Lemma 7.2 (3) that the closed balls Bt(c) = {x ∈ Fnq |d(x, c) ≤ t} with c ∈ C do not overlap if dC ≥ 2t + 1. Hence, if at most t errors
occurs in a code word c, the resulting word belongs only to the ball Bt(c). �
Lemma 7.3. A linear [n, k] code C over Fq with a check matrix H has minimum
distance dC ≥ s+ 1 if and only if any s columns of H are linearly independent over
Fq.
Proof. We observe that c ∈ C i� HcT = 0 i�∑n
i=1 ciH(i) = 0, where H(i) is the
ith column of the check matrix H of C. Let c ∈ C with w(c) = dC . Now a set of
dC columns is linearly dependent, and moreover, any s columns of H are linearly
independent if s < dC , by the de�nition of the minimum distance. �
Example 7.4. By Lemma 7.3, the minimum distance of the code in Example 7.1
is 3. Hence, the decoding in Example 7.3 is correct if only one one error occured
during the transmission.
In general it is quite di�cult to determine the minimum distances in an in�nite
family of linear codes. The following family is an exception.
De�nition 7.8. Let m ≥ 2. A linear code Cm over F2 of length 2m − 1 is called
a binary Hamming code if the columns of the check matrix of Cm are the binary
representations of the integers 1, 2 . . . , 2m − 1.
Example 7.5. The check matrix H of C3 is
H =
0 0 0 1 1 1 10 1 1 0 0 1 11 0 1 0 1 0 1
.
Hence C3 is a binary [7, 4] code with minimum distance 3.
In general we have
Theorem 7.2. The binary Hamming code Cm is a linear [2m− 1, 2m−m− 1] code
over F2 with minimum distance 3.
ALGEBRA II 43
Proof. The rank of H is obviously m, hence the dimension of Cm is 2m − 1 − m.
Moreover, since H does not contain the all zeros column, and any two distinct
columns are non-equal, the minimum distance is at least three. Since the sum of
any two columns is a column of H, it follows that the the minimum distance is
three. �
7.1. Cyclic codes.
Next we consider a class of linear codes whose mathematical structure is fairly
well known and which admit e�cient decoding algorithm based on the arithmetics
in a �nite �eld.
De�nition 7.9. A linear [n, k] code C over Fq is called cyclic if (a0, a1 . . . , an−1) ∈ Cimplies (an−1, a0 . . . , an−2) ∈ C.
From now on we assume that gcd(n, q) = 1. The residue class ring Fq[x]/(xn− 1)
is a vector space over Fq and it is easy to see that that the function from Fnq into
Fq[x]/(xn − 1) given by
(a0, a1, . . . , an−1) 7→ a0 + a1x+ · · · an−1xn−1 + (xn − 1)
is an vector space isomorphism over Fq.We identify the elements of Fq[x]/(xn − 1) with the elements in the set Rn of
polynomials of degree less than n. Moreover, the multiplication of the elements is
modulo xn − 1 and the addition is the usual addition of polynomials, and it follows
that Rn is ring isomorphic to Fq[x]/(xn − 1).
Because of the isomorphism above, we shall also denote an element a0 + a1x +
· · · an−1xn−1 in Rn as the vector (a0, a1, . . . , an−1).
Lemma 7.4. A linear [n, k] code C over Fq is cyclic if and only if the corresponding
polynomial set is an ideal of Rn.
Proof. Assume C is cyclic. Let g(x) ∈ Rn. Now xg(x) mod xn−1 = (gn−1, g0 . . . , gn−2) ∈C and it follows that xkg(x) ∈ C for all non-negative integers k. Moreover, since Rn
is an vector space over Fq, it now follows that a(x)g(x) ∈ C for all a ∈ Rn. Hence,
C is an ideal of Rn. The converse assertion is seen similarly. �
From now we call the ideals of Rn as cyclic codes. Moreover, a principal ideal of
Rn generated by g(x) is denoted by 〈g(x)〉.
44 ALGEBRA II
Theorem 7.3. Let C be a nonzero cyclic code in Rn. There exists a monic polyno-
mial g(x) ∈ C with the following properties;
(1) C = 〈g(x)〉,(2) g(x) | (xn − 1).
Let k = n− deg(g), and let g(x) =∑n−k
i=0 gixi where gn−k = 1. Then
(3) The dimension of C is k and {g(x), xg(x), . . . , xk−1g(x)} is a basis of C,
(4) A generator matrix for C is
G =
g0 g1 . . . gn−k 0 . . . 0 00 g0 g1 . . . gn−k 0 . . . 0
. . . . . .0 . . . 0 g0 g1 . . . . . . gn−k
.
Proof. (1) Let g be the monic polynomial of least positive degree in C. Let c ∈ C.By the division algorithm c = tg+ r for some polynomials t, r ∈ Fq[x] with deg(r) <
deg(g). But r = c− tg ∈ C, and therefore r = 0.
(2) xn − 1 = 0 ∈ C and the claim follows from (1).
(3) and (4) Let c ∈ C. Now c = tg for some t ∈ C. Obviously we may assume
that deg(t) < k, and it follows that
c = t0g(x) + t1xg(x) + · · ·+ tk−1xk−1g(x).
Hence, {g(x), xg(x), . . . , xk−1g(x)} spans C over Fq, and obviously it is linearly
independent. Items (3) and (4) follow from this. �
De�nition 7.10. Let C = 〈g(x)〉 be a cyclic code in Rn. Then g(x) is called the
generator polynomial of C. Moreover, the polynomial h(x) = (xn− 1)/g(x) is called
the check polynomial of C.
Lemma 7.5. Let h(x) =∑k
i=0 hixi ∈ Fq[x] be the check polynomial of C. Then, a
check matrix of C is
H =
hk hk−1 . . . h0 0 . . . 0 00 hk hk−1 . . . h0 0 . . . 0
. . . . . .0 . . . 0 hk hk−1 . . . . . . h0
.
Proof. We observe that the (i, j)th entry of HGT is∑n−1
s=0 hk−s−j+1gs−i+1 which is
the coe�cient of xk+i+j−2 of h(x)g(x)xi+j−2 = (xn − 1)xi+j−2 = 0 in Rn. Hence,
ALGEBRA II 45
HGT = 0, and it follows that C is contained in the kernel of H. But the dimension
of C is k which is the dimension of the kernel of H, and therefore H is a check
matrix of C. �
Cyclic codes can also be described by means of the roots of the generator poly-
nomial in the the splitting �eld of xn − 1 over Fq.Let g(x) be a factor of degree n − k of xn − 1. Since the derivative of xn − 1
is nxn−1 6= 0 by the assumption gcd(q, n) = 1, it follows that its roots are simple.
Hence, g(x) has exactly n− k roots in the splitting �eld of xn − 1 over Fq.
Lemma 7.6. Let C = 〈g(x)〉 be be a cyclic code of dimension k in Rn, and let
α1, . . . , αn−k be the roots of g(x). Then c(x) ∈ C if and only c(αi) = 0 for all
i = 1, . . . , n− k.
Proof. Let c(x) ∈ Rn. If c(x) ∈ C, then c(x) = t(x)g(x) for some t(x) ∈ Fq[x].
Hence, each root of g(x) is a root of c(x).
If c(x) 6∈ C, then c(x) = t(x)g(x) + r(x) with 0 ≤ deg(r) < deg(g). If each root of
g(x) were a root of c(x), then r(x) would have more roots than deg(r) roots, which
is impossible. �
Since g(αs) = 0 implies g(αqs) = g(αs)q = 0 if g(x) ∈ Fq[x], we consider the
q-cyclotomic cosets modulo n:
Cs(q, n) := {s mod n, sq mod n, sq2 mod n, . . . },
where s is an integer.
Lemma 7.7. The q-cyclotomic cosets modulo n form a partition of {0, 1, . . . , n}.
Proof. It is easy to see that relation ∼ de�ned by
a ∼ b⇔ a ∈ Cb(q, n)
is an equivalence relation on {0, 1, . . . , n}. �
Theorem 7.4. Let α be an element of order n in the splitting �eld xn − 1 over Fq.Then
xn − 1 =∏s∈S
mαs(x),
where S is a complete set of representatives of q-cyclotomic coset of s modulo n and
mαs(x) is the minimal polynomial over Fq of αs.
46 ALGEBRA II
Proof. The irreducible factors over Fq of xn − 1 are the minimal polynomials over
Fq of the roots of xn − 1. The roots of xn − 1 are the elements of 〈α〉 and the
roots of mαs(x) are exactly the the elements αj where j runs over Cs(q, n) (see
Remark 6.1). �
Corollary 7.1. Let Let C = 〈g(x)〉 be be a cyclic code of in Rn. Then g(x) =∏t∈T mt(x) for some subset T of S.
Proof. By the de�nition of a generator polynomial g(x) is a factor of xn − 1. The
corollary now follows from 7.4. �
De�nition 7.11. Let C = 〈g(x)〉 be be a cyclic code of in Rn with g(x) =∏t∈T mαt(x). Then, the set {αt | t ∈ T} is called a de�ning set of C.
Theorem 7.5. Let C = 〈g(x)〉 be be a cyclic code of dimension k in Rn, and let
{αt1 , . . . , αtr} be a de�ning set of C. Let a(x) = a0 +a1x+ · · ·+an−1xn ∈ Rn. Then,
a(x) ∈ C if and only if
1 αt1 α2t1 . . . α(n−1)t1
1 αt2 α2t2 . . . α(n−1)t2
......
......
1 αtr α2tr . . . α(n−1)tr
︸ ︷︷ ︸
=:H
a0
a1...
an−1
=
00...0
.
Proof. By Lemma 7.6, a(x) ∈ C if and only if a(αtj ) = 0 for all j = 1, . . . , r if and
only if a0 + a1αtj + · · · an−1α
(n−1)tj = 0 for all j = 1, . . . , r if and only if
(1 αtj α2tj . . . α(n−1)tj
)a0
a1...
an−1
= 0
for all j = 1, . . . , r. �
De�nition 7.12. Let C = 〈g(x)〉 be be a cyclic code of dimension k in Rn, and let
{αt1 , . . . , αtr} be a de�ning set of C. If the roots αt1 , . . . , αtr are in Fqm , then the
matrix H in Theorem 7.5 is called a check matrix of C over Fqm .
Example 7.6. Let F16 = F2(α) with α4 = α + 1. The minimal polynomials of α
and α3 over F2 are mα(x) = x4 + x + 1 and mα3(x) = x4 + x3 + x2 + x + 1. These
ALGEBRA II 47
polynomials are factors of x15 +1, and since their greatest common divisor is 1, their
product is a factor of xn + 1 as well.
Consider cyclic [15, 7] code C = 〈g(x)〉 in R15 with g(x) = mα(x)mα3(x). By
Theorem 7.5 the check matrix of C over F16 is
H =
(1 α α2 . . . α14
1 α3 α6 . . . α42
)We shall see that the minimum distance of C is at least 5 and therefore C can correct
up to 2 errors.
The encoding is simple: each message word a0 + a1x + · · · + a7x7 is encoded to
the word c(x) = a(x)g(x). Consider the decoding. Assume that the received word is
y = (y0, y1, . . . , y14), and write it in the form y = c+e where c is a code word and e
is an error vector with w(e) ≤ 2. We calculate the syndrome of y: HyT = HeT(S1
S3
).
If two errors occured, say say e(x) = xi + xj for some unknown 0 ≤ i < j ≤ 14,
then
HeT =
(αi + αj
α3i + α3j
)=
(S1
S3
).
Hence, to locate the error positions i and j we need to solve the system of equations
x+ y = S1, x3 + y3 = S3, where x = αi and y = αj, equivalently
(4) x2 + S1x+S3
1+S3
S1= 0.
If one error occured, then αi = S1 and α3i = S3, and therefore S31 = S3. We
observe that in this case equation (4) has only one nonzero solution. If no erros
occured during the transmission, then S1 = S3 = 0.
To summarize, by the following decision process we can �nd the transmitted word
c if at most two errors occured during the transmission:
(1) Evaluate the syndrome HyT =(S1
S3
)of the received word y.
(2) If S1 = S3 = 0, then decide that no errors occured.
(3) If S31 = S3 6= 0, then decide that a single error occured at the coordinate
place i, where αi = S1.
(4) If S31 6= S3, then solve equation (4). If it is not solvable, then more than two
errors occured and they can not be located. Otherwise, it has two distinct
solutions x, y and then decide that two errors occured at the coordinate
places i and j, where x = αi and y = αj.
48 ALGEBRA II
More speci�cally, assume that the received word y = 100111000000000. Then
HyT =(S1
S3
), where
S1 = 1 + α3 + α4 + α5 = α2 + α3 = α6, S3 = 1 + α9 + α12 + α15 = 1 + α2.
Now S31 = α18 = α3 6= S3. Hence, we need to solve the equation
x2 + α6x+1 + α6
α6= 0,
equivalently
x2 + α6x+ α9 + 1 = 0.
By trial and error we �nd that the two roots are x = α8 and y = α14. Hence, we
decide that the transmitted word was c = 100111001000001.
This code word corresponds to the polynomial c(x) = 1 + x3 + x4 + x5 + x8 + x14
and by dividing it with the generator polynomial g(x) we get a(x) = 1+x3 +x5 +x6.
Hence the original message word was 1001011.
De�nition 7.13. Let n be a positive integer and let m be the least positive integer
such that qm ≡ 1 (n). Let b be a nonnegative integer and let α ∈ Fqm be of order
n. A BCH code over Fq of length n and designed distance d with 2 ≤ d ≤ n is the
cyclic code with zeros αb, αb+1, . . . , αb+d−2.
If b = 1, the corresponding BCH code is called a narrow sense BCH code. If
n = qm− 1, the BCH code is called primitive. If n = q− 1, the BCH code of length
q − 1 is called a Reed-Solomon (or RS) code.
Theorem 7.6 (BCH bound). The minimum distance of a BCH code of designed
distance d is at least d.
Proof. The BCH code is the kernel (or the null space) of the matrix
H =
1 αb α2b . . . α(n−1)b
1 αb+1 α2(b+1) . . . α(n−1)(b+1)
......
......
1 αb+d−2 α2(b+d−2) . . . α(n−1)(b+d−2)
.
To prove the theorem, it is enough to show that any d − 1 distinct colums of H
are linearly independent (by Lemma 7.3). The determinant of any d − 1 distinct
ALGEBRA II 49
columns of H is∣∣∣∣∣∣∣∣αbi1 αbi2 . . . αbid−1
α(b+1)i1 α(b+1)i2 . . . α(b+1)id−1
......
...α(b+d−2)i1 α(b+d−2)i2 . . . α(b+d−2)id−1
∣∣∣∣∣∣∣∣= αb(i1+i2+···+id−1)
∣∣∣∣∣∣∣∣1 1 . . . 1αi1 αi2 . . . αid−1
......
...α(d−2)i1 α(d−2)i2 . . . α(d−2)id−1
∣∣∣∣∣∣∣∣= αb(i1+i2+···+id−1)
∏1≤k<j≤d−1
(αij − αik) 6= 0.
Hence, any d− 1 distinct colums of H are linearly independent. �
Example 7.7. In Example 7.6 we considered cyclic [15, 7] code C over F2 with a
de�ning set {α, α3}, and claimed that the minimum distance of C is at least 5. Since
α, α2, α3, and α4 are zeros of C, the BCH bound implies that the minimum distance
of C is indeed at least 5.