Constructing Fields
(Handout February 20, 2013)
Suppose E ⊇ F is an extension of fields (or equivalently, F is a subfield of E). This
means that F is a subset of E, and that the operations of addition and multiplication in F
agree with those in E, restricted to the subset F . By this we mean that if a, b ∈ F , then
computing the element a + b ∈ F gives the same answer using the rule for addition in F as
if we use the rule for addition in E; and similarly for multiplication. For example, C is an
extension of R: for any two real numbers a, b the values of a + b and ab don’t depend on
whether we apply the operations (of addition and multiplication) in C or in R. However,
F2 is not a subfield of R since 1 + 1 = 0 in F2 but not in R.
If E ⊇ F is an extension of fields, it is clear (from the axioms for a vector space)
that E is a vector space over F . We refer to the dimension of E over F (considered as a
vector space) as the degree of E over F , and we denote this degree by [E : F ]. Note that
[E : F ] ≥ 1.
For example [C : R] = 2 since {1, i} is a basis for C over R; this simply means that
every complex number can be uniquely represented in the form
a1 + bi = a + bi
for unique values of a, b ∈ R. However, the extension R ⊃ Q has infinite degree since the
real numbers
√ √ √ √ √ √ √
1, 2, 3, 5, 7, 11, 13, 17, . . .
are linearly independent over Q; none of them is expressible as a rational linear combination
of the others (although this is not so obvious).
Note that if E ⊇ F is an extension of degree 1, then E = F . An extension of degree 2
(such as C ⊃ R) is a quadratic extension, and an extension of degree 3 is a cubic extension.
If [E : F ] is finite, we call E a finite extension of F ; otherwise E is an infinite extension
of F . In this course, finite extensions are the most important examples considered.
For our purposes, the most important examples of fields are probably the field of
rational numbers
na
o
Q=
: a, b ∈ Z, b 6= 0
b
and, for every prime p, the field of order p:
Fp = {0, 1, 2, . . . , p−1} with addition and multiplication mod p.
1
These examples are important because every field is an extension of one (and only one)
of these! Indeed, if E is any field, then E has a unique smallest subfield F which is either
Q or Fp for some prime p. Thus in order to understand fields in general, it suffices to
consider, for each of the fields Q or Fp , the possible extension fields which may arise. The
following construction is general enough to include all possible finite extensions.
Let F be any field. Recall that F [X] is the ring of polynomials in X with coefficients
in F . A polynomial f(X) ∈ F [X] is monic if its leading coefficient (the coefficient of the
highest power of X appearing in f(X) is 1; in particular this means f(X) is not the zero
polynomial. The following are examples of monic polynomials:
1, X+3, X 5 −5X 4 +X 2 .
Given two polynomials f(X), g(X) ∈ F [X], we say g(X) divides f(X) (written g(X) f(X)) if f(X) = g(X)h(X) for some h(X) ∈ F [X]. The Division Algorithm for polynomi-
als states that if f(X), d(X) ∈ F [X] with d(X) 6= 0, then there exist unique polynomials
q(X), r(X) ∈ F [X] such that
f(X) = q(X)d(X) + r(X)
with deg r(X) < deg d(X).
(Note that r(X) may be zero; this happens whenever d(X) divides f(X).)
Let f(X) ∈ F [X] and a ∈ F . If f(a) = 0, we say that a is a root of f, or a zero of f.
Theorem 1.
f(X).
Let f(X) ∈ F [X] and a ∈ F . Then a is a root of f iff X−a divides
Proof. If X−a divides f(X) then f(X) = (X − a)q(X) for some q(X) ∈ F [X]; but then
f(a) = (a − a)q(a) = 0.
Conversely, suppose f(a) = 0. By the Division Algorithm, we have
f(X) = q(X)(X − a) + r
for some r ∈ F, q(X) ∈ F [X].
(Recall that the remainder has degree less than the degree of X − a, so the remainder must
be a constant.) Now evaluating at a gives 0 = 0 + r so r = 0, i.e. f(X) = (X − a)q(X).
2
Given two nonzero polynomials f(X), g(X) ∈ F [X], the greatest common divisor of
f(X) and g(X) is the unique monic polynomial d(X) of largest degree, which divides both
f(X) and g(X). In this case we write d(X) = gcd(f(X), g(X)). If the irreducible factors
of f(X) and g(X) are known, then their gcd is apparent; however, since factorization is
in general a difficult problem, in general the gcd of two polynomials is in general much
more easily computed using Euclid’s Algorithm, which works just like the corresponding
procedure for integers. The extended version of Euclid’s Algorithm is also very important:
it produces polynomials r(X), s(X) ∈ F [X] such that
gcd(f(X), g(X)) = r(X)f(X) + s(X)g(X).
For example we compute gcd(X 4 +X 2 −2, X 3 −1) in Q[X] by Euclid’s Algorithm. As usual,
this involves repeated application of the Division Algorithm:
X 4 +X 2 −2 = X(X 3 −1) + (X 2 +X−2)
X 3 −1 = (X−1)(X 2 +X−2) + (3X−3)
X 2 +X−2 = 31 X+ 23 (3X−3) + 0
We stop when we reach zero remainder; and the gcd is the last nonzero remainder, in this
case 3X−3, multiplied by a factor
1
3
in order to make it monic:
gcd(X 4 +X 2 −2, X 3 −1) = X−1.
(Note that X−1 divides both X 4 +X 2 −2 and X 3 −1, as does 3X−3; but we choose the
monic polynomial X−1 in order that the gcd will be well-defined.) The extended version of
Euclid’s Algorithm proceeds by solving for the gcd in terms of the original two polynomials:
3X−3 = (X 3 −1) − (X−1)(X 2 +X−2)
= (X 3 −1) − (X−1)[(X 4 +X 2 −2) − X(X 3 −1)]
= −(X−1)(X 4 +X 2 −2) + (X 2 −X+1)(X 3 −1).
Thus we have written
gcd(X 4 +X 2 −2, X 3 −1) = X−1 = r(X)(X 4 +X 2 −2) + s(X)(X 3 −1)
where in this case r(X) = − 13 X−1 ; s(X) =
in MAPLE as follows:
3
1
3
X 2 −X+1 . This may be implemented
This is formally quite similar to the computation of integer gcd’s. For example we
compute gcd(40, 94) by Euclid’s Algorithm as follows:
94 = 2·40 + 14
40 = 2·14 + 12
14 = 1·12 + 2
12 = 6·2 + 0
From the last nonzero remainder we find gcd(40, 94) = 2. Moreover, the extended version
4
of Euclid’s algorithm expresses 2 as an integer linear combination of 40 and 92 as follows:
2 = 14 − 12
= 14 − (40 − 2·14)
= 3·14 − 40
= 3(94 − 2·40) − 40
= 3·94 − 7·40.
(Check: 3·94 − 7·40 = 282 − 280 = 2.) Here we perform the same computation using
MAPLE:
Computations in Fp [X] are much easier than in Q[X] because there is no need for
messy denominators. For example we compute the gcd of the two polynomials X 5 +1 and
X 8 +X in F5 [X] using Euclid’s Algorithm as follows:
X 8 +X = X 3 (X 5 +1) + (4X 3 +X)
X 5 +1 = (4X 2 +4)(4X 3 +X) + (X+1)
(4X 3 +X) = (4X 2 +X)(X+1) + 0
so
gcd(X 5 +1, X 8 +X) = X+1 in F5 [X].
As before, the Extended Euclidean Algorithm expresses the gcd as a combination of the
original two polynomials:
X+1 = (X 5 +1) − (4X 2 +4)(4X 3 +X)
= (X 5 +1) − (4X 2 +4)[(X 8 +X) − X 3 (X 5 +1)]
= (4X 5 +4X 3 +1)(X 5 +1) + (X 2 +1)(X 8 +X).
5
We find the same result using MAPLE:
A polynomial f(X) ∈ F [X] is reducible over F if it factors as f(X) = u(X)v(X) where
both factors u(X), v(X) ∈ F [X] have degree less than the degree of f(X). Otherwise we
say f(X) is irreducible. The following very general construction of fields allows us to
construct all extensions of finite degree (including, in particular, all finite fields).
Theorem 2. Let F be a field, and let f(X) = X n +an−1 X n−1 +· · ·+a1 X+a0 ∈ F [X]
be any monic polynomial of degree n ≥ 1 which is over F . Introduce a symbol α which
denotes a root of f in an extension field. Then
E = F [α] = {c0 + c1 X + c2 X 2 + · · · + cn−1αn−1 : c0 , c1 , . . . , cn−1 ∈ F } ⊇ F
is an extension field of degree n with basis {1, α, α2 , . . . , αn−1 }.
This extension is denoted E = F [X]/(f(X)). Rather than immediately explaining this
notation, we will explain, with reference to a few examples, how E is constructed; in
particular, how to add, multiply and divide in E. Addition is easy; to multiply, we make
use of the identity
αn = −an−1 αn−1 − · · · − a1 α − a0 ∈ E
6
which allows us to write polynomials in α (having coefficients in F ) as polynomials of
degree less than n, which are therefore elements of E by definition. This gives the following
algorithm for multiplying two elements g(α), h(α) ∈ E:
To multiply g(α), h(α) ∈ E:
(1) First multiply the polynomials g(X) and h(X) to obtain a new polynomial
g(X)h(X) ∈ F [X], whose degree may typically exceed n.
(2) Divide by f(X) using the Division Algorithm to obtain g(X)h(X) = q(X)f(X)+
r(X) where q(X), r(X) ∈ F [X] and the remainder r(X) has degree less than n.
(3) Evaluate the latter polynomial identity at α and use the fact that f(α) = 0 to
obtain g(α)h(α) = r(α) ∈ E.
These steps are quite analogous to the usual procedure for multiplying in the ring Zm =
{0, 1, 2, . . . , m−1} of integers mod m, where the last step (simplification in Zm ) requires
that we divide by m and keep the remainder.
Division in E is just slightly trickier. It suffices to explain how to compute the multiplicative inverse g(α)−1 ∈ E for every nonzero element g(α) ∈ E. This proceeds as
follows:
To find the multiplicative inverse g(α)−1 ∈ E for a nonzero element g(α) ∈ E:
(1) Use the Extended Euclidean Algorithm to find polynomials r(X), s(X) ∈ F [X]
such that r(X)f(X) + s(X)g(X) = 1.
(2) Evaluate the latter polynomial identity at α and use the fact that f(α) = 0 to
obtain s(α)g(α) = 1; thus g(α)−1 = s(α) ∈ E.
To explain why (1) works, it’s enough to explain why gcd(f(X), g(X)) = 1. If the polynomials f(X), g(X) ∈ F [X] are not relatively prime, then they have a common factor
of degree at least 1; but since f(X) is irreducible, the only such factor is f(X) itself.
This means that we can factor g(X) = q(X)f(X) for some q(X) ∈ F [X]. But then
g(α) = q(α)f(α) = 0, contrary to the assumption that g(α) 6= 0.
Example 1: Constructing the Complex Numbers
The polynomial f(X) = X 2 +1 is irreducible over R. (It has no real roots since f(a) ≥ 1 for
all a ∈ R, and therefore f(X) has no factors of degree 1 by Theorem 1.) This polynomial
has a root in an extension field E. Call this root i (rather than the generic name α used
above), so that
E = {a + bi : a, b ∈ R}
7
where i2 = −1. As examples of addition, multiplication and division, consider z1 = 6 − 5i
and z2 = 3 + 2i. We have
z1 + z2 = (6 − 5i) + (3 + 2i) = 9 − 3i.
Also
z1 z2 = (6 − 5i)(3 + 2i) = 18 − 3i − 10i2 = 18 − 3i + 10 = 28 − 3i.
An equivalent approach to simplifying the product z1 z2 uses the general procedure above:
18 − 3X − 10X 2 = −10X(X 2 + 1) + (−3X + 28)
18 − 3i − 10i2 = (−3i + 28)
which agrees with the previous approach. To divide, we may use the familiar process of
‘rationalizing the denominator’; but to illustrate the general procedure we instead proceed
as follows.
X 2 + 1 = 12 X − 34 (2X + 3) + 13
4
2
13
1
3
4 = (X + 1) − 2 X − 4 (2X + 3)
4
2
3
1 = 13
X 2 + 1 − 13
X − 13
(2X + 3)
2
3
1 = − 13
i − 13
(2i + 3)
−1
2
3
3
2
z2 = − 13 i − 13 = 13
− 13
i
and then we compute
z1
= z1 z2−1 = (6 − 5i)
z2
3
13
−
2
13 i
=
8
13
−
27
13 i
by performing multiplication as before. You should check that this is the same answer as
one obtains by ‘rationalizing the deonominator’.
Clearly the extension field E ⊃ R of Example 1 is really just the field C of complex
numbers. It is worth contemplating how the complex numbers are ‘created’: One starts
with a polynomial X 2 + 1 ∈ R[X] having no real roots, then ‘inventing’ a root i and
extending the real number system to a new number system C = R[i] in which X 2 + 1 does
have a root. This sounds alot like wishful thinking: we imagine X 2 + 1 has a root in some
larger field, and this imagination leads to the creation of such a field! Actually there is more
happening here than meets the eye. Just because we want something to exist, doesn’t mean
it does! (For example, if someone wishes for a solution of 2X +3 = 3X −5 in some extension
of R, this doesn’t make it possible.) In order to justify Theorem 2, we need a proof of
Theorem 2 which shows that our construction does indeed give a field! i.e. that E = F [α]
satisfies the usual field axioms including commutativity, associativity, distributivity, and
8
(especially) existence of multiplicative inverses. While a proof of Theorem 2 could be given
here, we are instead giving examples!
Example 2: The Field of Order 9
Take F = F3 = {0, 1, 2}. The polynomial X 2 + 1 is irreducible over F3 . Denote by i
a root of f in an extension field
E = {a + bi : a, b ∈ F3 } = {0, 1, 2, i, 1+i, 2+i, 2i, 1+2i, 2+2i}.
Addition, multiplication and division are performed as in Example 1, but here everything is
easier because there are no messy denominators. The resulting field E with nine elements
is denoted F9 .
√
Example 3: The Field Q[ 2]
√
Take F = Q. The polynomial X 2 − 2 is irreducible over Q. Denote by 2 a root of f
in an extension field
√
√
Q[ 2] = {a + b 2 : a, b ∈ Q}.
Addition, multiplication and division are performed by following the general procedure
indicated above. Note that division can also be accomplished by ‘rationalizing the denominator’.
Example 4: The Field of Order 25
Take F = F5 = {0, 1, 2, 3, 4}. The polynomial X 2 +1 = (X +2)(X +3) is reducible over
F so if we want to construct F25 , we cannot simply use F5 [i] where i2 = −1. (Actually
√
i = −1 = ±2 in this case so F5 [i] = F5 .) But the polynomial f(X) = X 2 − 2 is
irreducible over F5 by Theorem 1, since we check that f has no roots in F5 :
a
f(a)
So we may construct
0
3
1
4
2
2
3
2
4
4
√
√
F25 = F5 [ 2] = {a + b 2 : a, b ∈ F5 }.
Addition, multiplication and division here are very similar to Example 3, except that we
avoid messy denominators.
Example 5: The Field of Order 4
Take F = F2 = {0, 1}. The polynomial f(X) = X 2 + X + 1 is irreducible over F2
since f(0) = f(1) = 1. Denote by α a root of f in the extension field
E = F4 = {a + bα : a, b ∈ F2 } = {0, 1, α, β}.
9
Example 6: The Field of Order 8
Take F = F2 = {0, 1}. The polynomial f(X) = X 3 + X + 1 is irreducible over F2 by
Theorem 1 since f(0) = f(1) = 1. (Note that if f is reducible then f(X) has a factor of
degree 1 and hence a root in F2 , and this is not possible.) Denote by α a root of f in the
extension field
E = F4 = {a + bα + cα2 : a, b, c ∈ F2 } = {0, 1, α, β}.
For example to find (α2 + α)−1 in F8 :
X 3 + X + 1 = (X + 1)(X 2 + X) + 1
1 = (X 3 + X + 1) + (X + 1)(X 2 + X)
1 = (α + 1)(α2 + α)
so (α2 + α)−1 = α + 1. Now to divide (α2 + 1)/(α2 + α), for example:
α2 + 1
= (α2 + 1)(α + 1) = α3 + α2 + α + 1 = α2
2
α +α
since α3 + α + 1 = 0.
Example 7: The Field of Order 256
One may show that the polynomial f(X) = X 8 + X 4 + X 3 + X 2 + 1 is irreducible over
F2 . This case has practical significance in that it shows how every byte (8 bits) may be
interpreted as an element of F256 . Indeed many practical implementations of Reed-Solomon
codes use F256 as alphabet (implemented as computer bytes).
10