Goto Chapter: Top 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 Bib Ind

This chapter describes the special functionality which exists in **GAP** for finite fields and their elements. Of course the general functionality for fields (see Chapter 58) also applies to finite fields.

In the following, the term *finite field element* is used to denote **GAP** objects in the category `IsFFE`

(59.1-1), and *finite field* means a field consisting of such elements. Note that in principle we must distinguish these fields from (abstract) finite fields. For example, the image of the embedding of a finite field into a field of rational functions in the same characteristic is of course a finite field but its elements are not in `IsFFE`

(59.1-1), and in fact **GAP** does currently not support such fields.

Special representations exist for row vectors and matrices over small finite fields (see sections 23.3 and 24.14).

`‣ IsFFE` ( obj ) | ( category ) |

`‣ IsFFECollection` ( obj ) | ( category ) |

`‣ IsFFECollColl` ( obj ) | ( category ) |

`‣ IsFFECollCollColl` ( obj ) | ( category ) |

Objects in the category `IsFFE`

are used to implement elements of finite fields. In this manual, the term *finite field element* always means an object in `IsFFE`

. All finite field elements of the same characteristic form a family in **GAP** (see 13.1). Any collection of finite field elements (see `IsCollection`

(30.1-1)) lies in `IsFFECollection`

, and a collection of such collections (e.g., a matrix of finite field elements) lies in `IsFFECollColl`

.

`‣ Z` ( p^d ) | ( function ) |

`‣ Z` ( p, d ) | ( function ) |

For creating elements of a finite field, the function `Z`

can be used. The call `Z(`

(alternatively `p`,`d`)`Z(`

) returns the designated generator of the multiplicative group of the finite field with `p`^`d`)`p^d` elements. `p` must be a prime integer.

**GAP** can represent elements of all finite fields `GF(`

such that either (1) `p^d`)`p^d` \(<= 65536\) (in which case an extremely efficient internal representation is used); (2) d = 1, (in which case, for large `p`, the field is represented using the machinery of residue class rings (see section 14.5) or (3) if the Conway polynomial of degree `d` over the field with `p` elements is known, or can be computed (see `ConwayPolynomial`

(59.5-1)).

If you attempt to construct an element of `GF(`

for which `p^d`)`d` \(> 1\) and the relevant Conway polynomial is not known, and not necessarily easy to find (see `IsCheapConwayPolynomial`

(59.5-2)), then **GAP** will stop with an error and enter the break loop. If you leave this break loop by entering `return;`

**GAP** will attempt to compute the Conway polynomial, which may take a very long time.

The root returned by `Z`

is a generator of the multiplicative group of the finite field with `p^d` elements, which is cyclic. The order of the element is of course `p^d` \(-1\). The `p^d` \(-1\) different powers of the root are exactly the nonzero elements of the finite field.

Thus all nonzero elements of the finite field with `p^d` elements can be entered as `Z(`

\(i\). Note that this is also the form that `p^d`)^**GAP** uses to output those elements when they are stored in the internal representation. In larger fields, it is more convenient to enter and print elements as linear combinations of powers of the primitive element, see section 59.6.

The additive neutral element is `0 * Z(`

. It is different from the integer `p`)`0`

in subtle ways. First `IsInt( 0 * Z(`

(see `p`) )`IsInt`

(14.2-1)) is `false`

and `IsFFE( 0 * Z(`

(see `p`) )`IsFFE`

(59.1-1)) is `true`

, whereas it is just the other way around for the integer `0`

.

The multiplicative neutral element is `Z(`

. It is different from the integer `p`)^0`1`

in subtle ways. First `IsInt( Z(`

(see `p`)^0 )`IsInt`

(14.2-1)) is `false`

and `IsFFE( Z(`

(see `p`)^0 )`IsFFE`

(59.1-1)) is `true`

, whereas it is just the other way around for the integer `1`

. Also `1+1`

is `2`

, whereas, e.g., `Z(2)^0 + Z(2)^0`

is `0 * Z(2)`

.

The various roots returned by `Z`

for finite fields of the same characteristic are compatible in the following sense. If the field `GF(`

\(n\)`p`,`)`

is a subfield of the field `GF(`

\(m\)`p`,`)`

, i.e., \(n\) divides \(m\), then `Z`

\((\textit{p}^n) = \)`Z`

\((\textit{p}^m)^{{(\textit{p}^m-1)/(\textit{p}^n-1)}}\). Note that this is the simplest relation that may hold between a generator of `GF(`

\(n\)`p`,`)`

and `GF(`

\(m\)`p`,`)`

, since `Z`

\((\textit{p}^n)\) is an element of order \(\textit{p}^m-1\) and `Z`

\((\textit{p}^m)\) is an element of order \(\textit{p}^n-1\). This is achieved by choosing `Z(`

as the smallest primitive root modulo `p`)`p` and `Z(`

`p^n``)`

as a root of the \(n\)-th *Conway polynomial* (see `ConwayPolynomial`

(59.5-1)) of characteristic `p`. Those polynomials were defined by J. H. Conway, and many of them were computed by R. A. Parker.

gap> a:= Z( 32 ); Z(2^5) gap> a+a; 0*Z(2) gap> a*a; Z(2^5)^2 gap> b := Z(3,12); z gap> b*b; z2 gap> b+b; 2z gap> Print(b^100,"\n"); Z(3)^0+Z(3,12)^5+Z(3,12)^6+2*Z(3,12)^8+Z(3,12)^10+Z(3,12)^11

gap> Z(11,40); Error, Conway Polynomial 11^40 will need to computed and might be slow return to continue called from FFECONWAY.ZNC( p, d ) called from <function>( <arguments> ) called from read-eval-loop Entering break read-eval-print loop ... you can 'quit;' to quit to outer loop, or you can 'return;' to continue brk>

`‣ IsLexOrderedFFE` ( ffe ) | ( category ) |

`‣ IsLogOrderedFFE` ( ffe ) | ( category ) |

Elements of finite fields can be compared using the operators `=`

and `<`

. The call

returns `a` = `b``true`

if and only if the finite field elements `a` and `b` are equal. Furthermore

tests whether `a` < `b``a` is smaller than `b`. The exact behaviour of this comparison depends on which of two categories the field elements belong to:

Finite field elements are ordered in **GAP** (by `\<`

(31.11-1)) first by characteristic and then by their degree (i.e. the sizes of the smallest fields containing them). Amongst irreducible elements of a given field, the ordering depends on which of these categories the elements of the field belong to (all irreducible elements of a given field should belong to the same one)

Elements in `IsLexOrderedFFE`

are ordered lexicographically by their coefficients with respect to the canonical basis of the field.

Elements in `IsLogOrderedFFE`

are ordered according to their discrete logarithms with respect to the `PrimitiveElement`

(58.2-3) attribute of the field. For the comparison of finite field elements with other **GAP** objects, see 4.12.

gap> Z( 16 )^10 = Z( 4 )^2; # illustrates embedding of GF(4) in GF(16) true gap> 0 < 0*Z(101); true gap> Z(256) > Z(101); false gap> Z(2,20) < Z(2,20)^2; # this illustrates the lexicographic ordering false

Since finite field elements are scalars, the operations `Characteristic`

(31.10-1), `One`

(31.10-2), `Zero`

(31.10-3), `Inverse`

(31.10-8), `AdditiveInverse`

(31.10-9), `Order`

(31.10-10) can be applied to them (see 31.10). Contrary to the situation with other scalars, `Order`

(31.10-10) is defined also for the zero element in a finite field, with value `0`

.

gap> Characteristic( Z( 16 )^10 ); Characteristic( Z( 9 )^2 ); 2 3 gap> Characteristic( [ Z(4), Z(8) ] ); 2 gap> One( Z(9) ); One( 0*Z(4) ); Z(3)^0 Z(2)^0 gap> Inverse( Z(9) ); AdditiveInverse( Z(9) ); Z(3^2)^7 Z(3^2)^5 gap> Order( Z(9)^7 ); 8

`‣ DegreeFFE` ( z ) | ( attribute ) |

`‣ DegreeFFE` ( vec ) | ( method ) |

`‣ DegreeFFE` ( mat ) | ( method ) |

`DegreeFFE`

returns the degree of the smallest finite field `F` containing the element `z`, respectively all elements of the row vector `vec` over a finite field (see 23), or the matrix `mat` over a finite field (see 24).

gap> DegreeFFE( Z( 16 )^10 ); 2 gap> DegreeFFE( Z( 16 )^11 ); 4 gap> DegreeFFE( [ Z(2^13), Z(2^10) ] ); 130

`‣ LogFFE` ( z, r ) | ( operation ) |

`LogFFE`

returns the discrete logarithm of the element `z` in a finite field with respect to the root `r`. An error is signalled if `z` is zero. `fail`

is returned if `z` is not a power of `r`.

The *discrete logarithm* of the element `z` with respect to the root `r` is the smallest nonnegative integer \(i\) such that \(\textit{r}^i = \textit{z}\) holds.

gap> LogFFE( Z(409)^116, Z(409) ); LogFFE( Z(409)^116, Z(409)^2 ); 116 58

`‣ IntFFE` ( z ) | ( attribute ) |

`‣ Int` ( z ) | ( method ) |

`IntFFE`

returns the integer corresponding to the element `z`, which must lie in a finite prime field. That is, `IntFFE`

returns the smallest nonnegative integer \(i\) such that \(i\)` * One( `

`z`` ) = `

`z`.

The correspondence between elements from a finite prime field of characteristic \(p\) (for \(p < 2^{16}\)) and the integers between \(0\) and \(p-1\) is defined by choosing `Z(`

\(p\)`)`

the element corresponding to the smallest primitive root mod \(p\) (see `PrimitiveRootMod`

(15.3-3)).

`IntFFE`

is installed as a method for the operation `Int`

(14.2-3) with argument a finite field element.

gap> IntFFE( Z(13) ); PrimitiveRootMod( 13 ); 2 2 gap> IntFFE( Z(409) ); 21 gap> IntFFE( Z(409)^116 ); 21^116 mod 409; 311 311

See also `IntFFESymm`

(59.2-4).

`‣ IntFFESymm` ( z ) | ( attribute ) |

`‣ IntFFESymm` ( vec ) | ( attribute ) |

For a finite prime field element `z`, `IntFFESymm`

returns the corresponding integer of smallest absolute value. That is, `IntFFESymm`

returns the integer \(i\) of smallest absolute value such that \(i\)` * One( `

`z`` ) = `

`z` holds.

For a vector `vec` of FFEs, the operation returns the result of applying `IntFFESymm`

to every entry of the vector.

The correspondence between elements from a finite prime field of characteristic \(p\) (for \(p < 2^{16}\)) and the integers between \(-p/2\) and \(p/2\) is defined by choosing `Z(`

\(p\)`)`

the element corresponding to the smallest positive primitive root mod \(p\) (see `PrimitiveRootMod`

(15.3-3)) and reducing results to the \(-p/2 .. p/2\) range.

gap> IntFFE(Z(13)^2);IntFFE(Z(13)^3); 4 8 gap> IntFFESymm(Z(13)^2);IntFFESymm(Z(13)^3); 4 -5

See also `IntFFE`

(59.2-3)

`‣ IntVecFFE` ( vecffe ) | ( operation ) |

is the list of integers corresponding to the vector `vecffe` of finite field elements in a prime field (see `IntFFE`

(59.2-3)).

`‣ AsInternalFFE` ( ffe ) | ( attribute ) |

return an internal FFE equal to `ffe` if one exists, otherwise `fail`

`‣ DefaultField` ( list ) | ( function ) |

`‣ DefaultRing` ( list ) | ( function ) |

`DefaultField`

and `DefaultRing`

for finite field elements are defined to return the *smallest* field containing the given elements.

gap> DefaultField( [ Z(4), Z(4)^2 ] ); DefaultField( [ Z(4), Z(8) ] ); GF(2^2) GF(2^6)

`‣ GaloisField` ( p^d ) | ( function ) |

`‣ GF` ( p^d ) | ( function ) |

`‣ GaloisField` ( p, d ) | ( function ) |

`‣ GF` ( p, d ) | ( function ) |

`‣ GaloisField` ( subfield, d ) | ( function ) |

`‣ GF` ( subfield, d ) | ( function ) |

`‣ GaloisField` ( p, pol ) | ( function ) |

`‣ GF` ( p, pol ) | ( function ) |

`‣ GaloisField` ( subfield, pol ) | ( function ) |

`‣ GF` ( subfield, pol ) | ( function ) |

`GaloisField`

returns a finite field. It takes two arguments. The form `GaloisField( `

, where `p`, `d` )`p`, `d` are integers, can also be given as `GaloisField( `

. `p`^`d` )`GF`

is an abbreviation for `GaloisField`

.

The first argument specifies the subfield \(S\) over which the new field is to be taken. It can be a prime integer or a finite field. If it is a prime `p`, the subfield is the prime field of this characteristic.

The second argument specifies the extension. It can be an integer or an irreducible polynomial over the field \(S\). If it is an integer `d`, the new field is constructed as the polynomial extension w.r.t. the Conway polynomial (see `ConwayPolynomial`

(59.5-1)) of degree `d` over \(S\). If it is an irreducible polynomial `pol` over \(S\), the new field is constructed as polynomial extension of \(S\) with this polynomial; in this case, `pol` is accessible as the value of `DefiningPolynomial`

(58.2-7) for the new field, and a root of `pol` in the new field is accessible as the value of `RootOfDefiningPolynomial`

(58.2-8).

Note that the subfield over which a field was constructed determines over which field the Galois group, conjugates, norm, trace, minimal polynomial, and trace polynomial are computed (see `GaloisGroup`

(58.3-1), `Conjugates`

(58.3-6), `Norm`

(58.3-4), `Trace`

(58.3-5), `MinimalPolynomial`

(58.3-2), `TracePolynomial`

(58.3-3)).

The field is regarded as a vector space (see 61) over the given subfield, so this determines the dimension and the canonical basis of the field.

gap> f1:= GF( 2^4 ); GF(2^4) gap> Size( GaloisGroup ( f1 ) ); 4 gap> BasisVectors( Basis( f1 ) ); [ Z(2)^0, Z(2^4), Z(2^4)^2, Z(2^4)^3 ] gap> f2:= GF( GF(4), 2 ); AsField( GF(2^2), GF(2^4) ) gap> Size( GaloisGroup( f2 ) ); 2 gap> BasisVectors( Basis( f2 ) ); [ Z(2)^0, Z(2^4) ]

`‣ PrimitiveRoot` ( F ) | ( attribute ) |

A *primitive root* of a finite field is a generator of its multiplicative group. A primitive root is always a primitive element (see `PrimitiveElement`

(58.2-3)), the converse is in general not true.

gap> f:= GF( 3^5 ); GF(3^5) gap> PrimitiveRoot( f ); Z(3^5)

`‣ FrobeniusAutomorphism` ( F ) | ( attribute ) |

returns the Frobenius automorphism of the finite field `F` as a field homomorphism (see 32.12).

The *Frobenius automorphism* \(f\) of a finite field \(F\) of characteristic \(p\) is the function that takes each element \(z\) of \(F\) to its \(p\)-th power. Each field automorphism of \(F\) is a power of \(f\). Thus \(f\) is a generator for the Galois group of \(F\) relative to the prime field of \(F\), and an appropriate power of \(f\) is a generator of the Galois group of \(F\) over a subfield (see `GaloisGroup`

(58.3-1)).

gap> f := GF(16); GF(2^4) gap> x := FrobeniusAutomorphism( f ); FrobeniusAutomorphism( GF(2^4) ) gap> Z(16) ^ x; Z(2^4)^2 gap> x^2; FrobeniusAutomorphism( GF(2^4) )^2

The image of an element \(z\) under the \(i\)-th power of \(f\) is computed as the \(p^i\)-th power of \(z\). The product of the \(i\)-th power and the \(j\)-th power of \(f\) is the \(k\)-th power of \(f\), where \(k\) is \(i j \bmod \) `Size(`

\(-1\). The zeroth power of \(f\) is `F`)`IdentityMapping( `

.`F` )

`‣ ConwayPolynomial` ( p, n ) | ( function ) |

is the Conway polynomial of the finite field \(GF(p^n)\) as polynomial over the prime field in characteristic `p`.

The *Conway polynomial* \(\Phi_{{n,p}}\) of \(GF(p^n)\) is defined by the following properties.

First define an ordering of polynomials of degree \(n\) over \(GF(p)\), as follows. \(f = \sum_{{i = 0}}^n (-1)^i f_i x^i\) is smaller than \(g = \sum_{{i = 0}}^n (-1)^i g_i x^i\) if and only if there is an index \(m \leq n\) such that \(f_i = g_i\) for all \(i > m\), and \(\tilde{{f_m}} < \tilde{{g_m}}\), where \(\tilde{{c}}\) denotes the integer value in \(\{ 0, 1, \ldots, p-1 \}\) that is mapped to \(c \in GF(p)\) under the canonical epimorphism that maps the integers onto \(GF(p)\).

\(\Phi_{{n,p}}\) is *primitive* over \(GF(p)\) (see `IsPrimitivePolynomial`

(66.4-12)). That is, \(\Phi_{{n,p}}\) is irreducible, monic, and is the minimal polynomial of a primitive root of \(GF(p^n)\).

For all divisors \(d\) of \(n\) the compatibility condition \(\Phi_{{d,p}}( x^{{\frac{{p^n-1}}{{p^m-1}}}} ) \equiv 0 \pmod{{\Phi_{{n,p}}(x)}}\) holds. (That is, the appropriate power of a zero of \(\Phi_{{n,p}}\) is a zero of the Conway polynomial \(\Phi_{{d,p}}\).)

With respect to the ordering defined above, \(\Phi_{{n,p}}\) shall be minimal.

The computation of Conway polynomials can be time consuming. Therefore, **GAP** comes with a list of precomputed polynomials. If a requested polynomial is not stored then **GAP** prints a warning and computes it by checking all polynomials in the order defined above for the defining conditions. If \(n\) is not a prime this is probably a very long computation. (Some previously known polynomials with prime \(n\) are not stored in **GAP** because they are quickly recomputed.) Use the function `IsCheapConwayPolynomial`

(59.5-2) to check in advance if `ConwayPolynomial`

will give a result after a short time.

Note that primitivity of a polynomial can only be checked if **GAP** can factorize \(p^n-1\). A sufficiently new version of the **FactInt** package contains many precomputed factors of such numbers from various factorization projects.

See [Lüb03] for further information on known Conway polynomials.

An interactive overview of the Conway polynomials known to **GAP** is provided by the function `BrowseConwayPolynomials`

from the **GAP** package **Browse**, see `BrowseGapData`

(Browse: BrowseGapData).

If `pol` is a result returned by `ConwayPolynomial`

the command `Print( InfoText( `

will print some info on the origin of that particular polynomial.`pol` ) );

For some purposes it may be enough to have any primitive polynomial for an extension of a finite field instead of the Conway polynomial, see `RandomPrimitivePolynomial`

(59.5-3) below.

gap> ConwayPolynomial( 2, 5 ); ConwayPolynomial( 3, 7 ); x_1^5+x_1^2+Z(2)^0 x_1^7-x_1^2+Z(3)^0

`‣ IsCheapConwayPolynomial` ( p, n ) | ( function ) |

Returns `true`

if `ConwayPolynomial( `

will give a result in `p`, `n` )*reasonable* time. This is either the case when this polynomial is pre-computed, or if `n` is a not too big prime.

`‣ RandomPrimitivePolynomial` ( F, n[, i] ) | ( function ) |

For a finite field `F` and a positive integer `n` this function returns a primitive polynomial of degree `n` over `F`, that is a zero of this polynomial has maximal multiplicative order \(|\textit{F}|^n-1\). If `i` is given then the polynomial is written in variable number `i` over `F` (see `Indeterminate`

(66.1-1)), the default for `i` is 1.

Alternatively, `F` can be a prime power q, then `F` = GF(q) is assumed. And `i` can be a univariate polynomial over `F`, then the result is a polynomial in the same variable.

This function can work for much larger fields than those for which Conway polynomials are available, of course **GAP** must be able to factorize \(|\textit{F}|^n-1\).

`‣ ViewObj` ( z ) | ( method ) |

`‣ PrintObj` ( z ) | ( method ) |

`‣ Display` ( z ) | ( method ) |

Internal finite field elements are viewed, printed and displayed (see section 6.3 for the distinctions between these operations) as powers of the primitive root (except for the zero element, which is displayed as 0 times the primitive root). Thus:

gap> Z(2); Z(2)^0 gap> Z(5)+Z(5); Z(5)^2 gap> Z(256); Z(2^8) gap> Zero(Z(125)); 0*Z(5)

Note also that each element is displayed as an element of the field it generates, and that the size of the field is printed as a power of the characteristic.

Elements of larger fields are printed as **GAP** expressions which represent them as sums of low powers of the primitive root:

gap> Print( Z(3,20)^100, "\n" ); 2*Z(3,20)^2+Z(3,20)^4+Z(3,20)^6+Z(3,20)^7+2*Z(3,20)^9+2*Z(3,20)^10+2*Z\ (3,20)^12+2*Z(3,20)^15+2*Z(3,20)^17+Z(3,20)^18+Z(3,20)^19 gap> Print( Z(3,20)^((3^20-1)/(3^10-1)), "\n" ); Z(3,20)^3+2*Z(3,20)^4+2*Z(3,20)^7+Z(3,20)^8+2*Z(3,20)^10+Z(3,20)^11+2*\ Z(3,20)^12+Z(3,20)^13+Z(3,20)^14+Z(3,20)^15+Z(3,20)^17+Z(3,20)^18+2*Z(\ 3,20)^19 gap> Z(3,20)^((3^20-1)/(3^10-1)) = Z(3,10); true

Note from the second example above, that these elements are not always written over the smallest possible field before being output.

The `ViewObj`

and `Display`

methods for these large finite field elements use a slightly more compact, but mathematically equivalent representation. The primitive root is represented by `z`

; its \(i\)-th power by `z`

\(i\) and \(k\) times this power by \(k\)`z`

\(i\).

gap> Z(5,20)^100; z2+z4+4z5+2z6+z8+3z9+4z10+3z12+z13+2z14+4z16+3z17+2z18+2z19

This output format is always used for `Display`

. For `ViewObj`

it is used only if its length would not exceed the number of lines specified in the user preference `ViewLength`

(see `SetUserPreference`

(3.2-3). Longer output is replaced by `<<an element of GF(`

.`p`, `d`)>>

gap> Z(2,409)^100000; <<an element of GF(2, 409)>> gap> Display(Z(2,409)^100000); z2+z3+z4+z5+z6+z7+z8+z10+z11+z13+z17+z19+z20+z29+z32+z34+z35+z37+z40+z\ 45+z46+z48+z50+z52+z54+z55+z58+z59+z60+z66+z67+z68+z70+z74+z79+z80+z81\ +z82+z83+z86+z91+z93+z94+z95+z96+z98+z99+z100+z101+z102+z104+z106+z109\ +z110+z112+z114+z115+z118+z119+z123+z126+z127+z135+z138+z140+z142+z143\ +z146+z147+z154+z159+z161+z162+z168+z170+z171+z173+z174+z181+z182+z183\ +z186+z188+z189+z192+z193+z194+z195+z196+z199+z202+z204+z205+z207+z208\ +z209+z211+z212+z213+z214+z215+z216+z218+z219+z220+z222+z223+z229+z232\ +z235+z236+z237+z238+z240+z243+z244+z248+z250+z251+z256+z258+z262+z263\ +z268+z270+z271+z272+z274+z276+z282+z286+z288+z289+z294+z295+z299+z300\ +z301+z302+z303+z304+z305+z306+z307+z308+z309+z310+z312+z314+z315+z316\ +z320+z321+z322+z324+z325+z326+z327+z330+z332+z335+z337+z338+z341+z344\ +z348+z350+z352+z353+z356+z357+z358+z360+z362+z364+z366+z368+z372+z373\ +z374+z375+z378+z379+z380+z381+z383+z384+z386+z387+z390+z395+z401+z402\ +z406+z408

Finally note that elements of large prime fields are stored and displayed as residue class objects. So

gap> Z(65537); ZmodpZObj( 3, 65537 )

generated by GAPDoc2HTML