Chapter 7

Finite fields

7.1 The characteristic of a field

Definition 7.1. The characterisitic of a ring A is the additive order of 1, ie
the smallest integer n > 1 such that

n · 1 = |1 + 1 +{z· · · + 1} = 0.
n terms

If there is no such integer the ring is said to be of characteristic 0.

Examples: Z, Q, R, C are all of characteristic 0.

Fp = Z/(p) is of characteristic p.

Proposition 7.1. The characteristic of an integral domain A is either a

prime p, or else 0.
In particular, a finite field is of prime characteristic.

Proof. Suppose A has characteristic n = ab where a, b > 1. By the distribu-

tive law,
· · + 1} = (1| + ·{z
1| + ·{z · · + 1})(1| + ·{z
· · + 1}).
n terms a terms b terms

Hence
· · + 1} = 0 or 1| + ·{z
1| + ·{z · · + 1} = 0,
a terms b terms

contrary to the minimal property of the characteristic.

Proposition 7.2. In a field F of characteristic p the elements 0, 1, . . . , p − 1

form a subfield isomorphic to Fp = Z/(p). This is the only subfield of F
isomorphic to Fp .

7–1
Proof. It is easily verified that the map θ : Fp → F sending

0 7→ 0, 1 7→ 1, 2 7→ 1 + 1, . . . , p − 1 7→ |1 + 1 +{z· · · + 1}
p − 1 terms

is an injective homomorphism.
Conversely, any homomorphism θ : Fp → F must send 0 7→ 0, 1 7→ 1, 2 7→
1 + 1, etc.

Definition 7.2. We call this subfield (which we identify with Fp ) the prime
subfield of F .

Proposition 7.3. In a field F of characteristic p

(a + b)p = ap + bp .

Proof. By the binomial theorem,

     
p p p p−1 p p−2 2 p
(a + b) = a + a b+ a b + ··· + abp−1 + bp .
1 1 p−1

Lemma 7.1. The prime p divides each binomial coefficient pr for 1 ≤ r ≤

p − 1.
Proof. We have  
p p(p − 1) · · · (p − r + 1)
= .
r 1 · 2···r
The result follows (this may require a little thought) since p divides the top
but not the bottom.
The Proposition follows at once.

Corollary 7.1 (1). If F is a field of characteristic p the map Φ : F → F

given by a 7→ ap is an injective homomorphism.

Proof. We have seen that Φ preserves addition, and it is evident that it

preserves multiplicatioon: (ab)p = ap bp . It is injective since ap = 0 =⇒ a =
0.

Corollary 7.2. If F is a finite field of characteristic p then Φ is an auto-

morphism of F .

Proof. It follows by the Pigeon-Hole Principle that Φ is bijective in this

case.

7–2
 Φ is known as the Frobenius automorphism. The group of automorphisms
of a field k is called the “galois group” of k. It is not hard to see tht he galois
group of a finite field is the cyclic group generated by Φ.

Proposition 7.4. A finite field F of characteristic p contains pe elements,

for some e ≥ 1.

Proof. We can consider F as a vector space over its prime subfield Fp . Let
e1 , e2 , . . . , ed be a basis for this vector space. Then each elements of F is
uniquely expressible in the form

x1 e1 + x2 e2 + · · · + xd ed (xi ∈ Fp ).

There are p choices for each coefficient xi , hence pd choices in all.

7.2 Our main result

Recall that a finite field must contain pe elements. We say that the field is
of order pe .

Theorem 7.1. There exists a finite field of each prime-power order pe , and
this field is unique up to isomorphism.

We start by proving an auxiliary result, of some importance on its own

account. Then we show that there is at most one field with pe elements.
Finally we prove that this field exists.

7.3 F × is cyclic
Recall that the multiplicative group A× of a ring A is the group formed by
the invertible elements of A. For example, Z× = {±1}.
If k is a field then its multiplicative group k × = k \ {0}, since every
non-zero element of k is invertible.

Theorem 7.2. The multiplicative group F × of a finite field F is cyclic.

Interestingly, the proof of this result is no simpler for the prime fields Fp
then it is for general finite fields Fq with q = pe .
Proof. We suppose throughout the proof that F is a field of order pe , so that
F× = F \ {0} is a group of order pe − 1.
We will show by a counting argument that F × contains an element of
order pe − 1, which must be a generator of this group.

7–3
 The multiplicative order d of any element a ∈ F × must divide pe − 1, by
Lagrange’s Theorem (in group theory). Let the number of elements of order
d | pe − 1 in F × be f (d).
These elements all satisfy the polynomial equation xd = 1 over the field
Fp . It follows that f (d) ≤ d. (The theorem that a polynomial of degree d
has at most d roots holds just as well over finite fields as it does over R or
C.)
But we can do better. If a is one element of order d then the d elements
1, a, a2 , . . . , ad−1 all satisfy the equation, and so must give all its roots. These
elements form a cyclic group of order d.
Lemma 7.2. If G = hgi is a cylic group of order d generated by g then g r
has order d if and only if gcd(d, r) = 1.
Proof. Suppose gcd(d, r) = 1; and suppose ar has order e. Then are = 1 =⇒
d | re =⇒ d | e since gcd(r, d) = 1.
Conversely, suppose gcd(d, r) = e > 1. Let d = ef, r = es. Then
e = d/f = r/s =⇒ rf = ds. Hence (ar )f = (ad )s = 1, and ar has order
smaller than d.
If follows that f (d) is either 0 (if there are no elements of order d) or else
φ(d). (Recall that φ(d) is the number of numbers r ∈ {1, . . . , d − 1} coprime
to d.)
Now consider the additive group Z/(n). This is a cyclic group of order n.
It certainly has elements of each order d | n; for if n = de then e has order
d. Moreover, if r has order d then n | dr =⇒ de | dr =⇒ e | r.
Thus the elements of order d are all multiples of e, lying in the cyclic
subgroup generated by e. So the Lemma above shows that there are precisely
φ(d) elements in Z/(n) of order d. Hence
X
φ(d) = n.
d|n

Returning to the group F× , we saw that there were either 0 or φ(d)

elements of order d for each d | pe −1. But from the formula above, to account
for pe − 1 elements there must be φ(d) elements of each order d | pe − 1. In
particular there must be φ(pe − 1) > 0 elements of order pe − 1: that is,
generators of the group F× .

7.3.1 Primitive roots

p a primi-
Definition 7.3. We call a generator of the multiplicative group F×
tive root modulo p.

7–4
Corollary 7.3. There are exaclty φ(p − 1) primitive roots modulo p for each
prime p. If π is one primitive root then the others are π r for r coprime to d.

Example: Suppose p = 23. There are φ(22) = 10 primitive roots modulo

23.
In general there is no better way of finding a primitive root other than
trying 2, 3, 5, 6, . . . successively. (There is no need to try 4, since if 2 is not
a primitive root then 22 certainly cannot be.)
Let us try 2. We know that any element of F× 23 has order d | 22, ie
d = 1, 2, 11 or 22. Evidently 2 does not have order 1 or 2.
Working modulo 23 throughout, 25 = 32 ≡ 9. Hence 210 ≡ 92 = 81 ≡ 12;
and so 211 ≡ 24 ≡ 1. So 2 has order 11 and is not a primitive root modulo
23.
Moving on to 3, we have 33 = 27 ≡ 4. Hence 36 ≡ 16 ≡ −7, and so
312 ≡ 49 ≡ 3 =⇒ 311 ≡ 1. So 3 is not a primitive root either.
Next we try 5. We have

52 = 25 ≡ 2 =⇒ 510 = (52 )5 ≡ 25 = 32 ≡ 9 =⇒ 211 ≡ 45 ≡ −1.

So we have found a primitive root mod 23.

From the last Lemma, knowing one primitive root π, the full set is π d ,
where d runs over d coprime to p. In this case there are φ(22) = 11 primitive
roots, namely 5d for d = 1, 3, 5, 7, 9, 13, 17, 19, 21. Note that the inverse of 5d
is 522−d , which may be easier to calculate.
From the work above,

53 ≡ 5 · 52 ≡ 5 · 2 = 10,
55 ≡ 25 · 53 = 250 ≡ 20 ≡ −3,
57 ≡ −75 ≡ −6,
59 ≡ 5 · 24 = 80 ≡ 11,
513 ≡ 11−1 ≡ −2,
515 ≡ −50 ≡ −4,
517 ≡ −3−1 ≡ −8,
519 ≡ 510 · 59 ≡ 99 ≡ 7,
521 ≡ 5 · 57 · 513 ≡ 60 ≡ −9.

Thus the primitive roots modulo 23 are: −9, −8, −6, −4, −2, 5, 7, 10, 11. (It
is a matter of personal preference whether or not to replace remainders > p/2
by ther negative equivalent.)

7–5
7.3.2 Uniqueness
First an auxiliary result.

Proposition 7.5. Suppose F is a field of order pe . Let

e
U (x) = xp − x.

Then every element a ∈ F satisfies U (x) = 0; and

Y
U (x) = (x − a).
a∈F

Proof. F × = F \ {0} has order pe − 1. So by Lagrange’s Theorem every

elements a ∈ F × satisfies the equation
e −1
xp − 1.

If we multiply the equation by x then 0 will also satisfy the equation:

e −1 e
x(xp − 1) = xp − x = U (x).

Since this polynomial has degree pe , and we have pe roots, it factorizes com-
pletely over F into linear terms:
Y
U (x) = (x − a).
a∈F

(A polynomial of degree d over any field k has at most d roots, just like a
polyomial over R or C.)
Note that we can express this result in the form: Φe (a) = a for all a ∈ F .
U (x) is sometimes called the universal polynomial of the field F .
A little result we shall need later.

Lemma 7.3. The universal polynomial U (x) is separable, ie it has no mul-

tiple roots.

Proof. If α is a multiple root of f (x) then f 0 (α) = 0. But the derivative

U 0 (x) = −1

never vanishes.

Theorem 7.3. If F, F 0 are two fields of the same order pe then there exists
an isomorphism Φ : F → F 0 .

7–6
Proof. Let π be a generator of F × ; and let m(x) be the minimal polynomial
of π over Fp . Since U (π) = 0 it follows that
m(x) | U (x).
Note that this is a result in the polynomial ring Fp [x].
Now pass to F 0 . Then
Y
m(x) | U (x) = (x − b).
b∈F 0

Since U (x) factors over F 0 into linear polynomials, so does m(x), say
m(x) = (x − b1 ) · · · (x − bd ).
Choose π 0 to be any of b1 , . . . , bd . We define the map Θ : F → F 0 by
π r 7→ π 0r (0 ≤ r < pn − 1)
and 0 7→ 0. Since π is of order pe − 1, while π 0 , even if it is not a generator
of F 0× , still satisfies the equation xp −1 = 1, the map is well-defined; for
e

π r = π s =⇒ π r−s = 1 =⇒ (pe − 1) | r − s =⇒ π 0(r−s) = 1 =⇒ π 0r = π 0s .

We claim that Θ is a homomorphism. It is easy to see that multiplication
is preserved:
π r π s = π r+s 7→ π 0(r+s) = π 0r π 0s .
For addition, suppose a + b = c, where
a = πr , b = πs, c = πt.
Let f (x) = xr + xs − xt . Then
f (π) = 0 =⇒ m(x) | f (x) =⇒ f (π 0 ) = 0 =⇒ π 0r + π 0s − π 0t = 0.
The same argument holds if a + b = 0, with g(x) = xr + xs :
g(π) = 0 =⇒ m(x) | g(x) =⇒ f (π 0 ) = 0 =⇒ π 0r + π 0s = 0.
Finally, a non-zero homomorphism Θ : F → F2 from one field to another
is necessarily injective. For if x 6= 0 then x has an inverse y, and then
Θ(x) = 0 =⇒ Θ(1) = Θ(xy) = Θ(x)Θ(y) = 0,
contrary to fact that Θ(1) = 1. (We are using the fact that Θ is a homomor-
phism of additive groups, so that ker Θ = 0 implies that Θ is injective.)
Since F and F 0 contain the same number of elements, we conclude that
Θ is bijective, and so an isomorphim.

7–7
7.4 Existence
Theorem 7.4. There exists a field F of every prime power pn .
We give two very different proofs — take your choice. The first constructs
F by a series of smaller extensions. The second uses a counting argument
pe
to show that there exist irreducible polynomials over Fp of every degree.

7.4.1 First proof: a tower of extensions

Proof. The result is trivial if e = 1, so will assume that e > 1. The universal
polynomial
e
Ue (x) = xp − x
(we add the suffix e since we will be considering other extensions of Fp ) has
just p linear factors over Fp , namely x, x − 1, x − 2, . . . x − p + 1. Let f(x)
be any other irreducible factor over Fp . Suppose f (x) is of degree f . Then
Fp [x]/(f (x)) is an extension field of degree f over Fp , containing pf elements.
This field is generated by α = x mod f (x), ie the elements of the field are
polynomials in α with coefficients in Fp , eg

β = a0 + a1 α + · · · + af −1 αf −1 ,

with ai ∈ Fp .
Now U (α) = 0 since f (α) = 0 and f (x) | U (x). In other words, Φe (α) =
α. In addition, Φe (ai ) = ai for 0 ≤ i < f . Hence

Φe (β) = β

for all elements β of the field, since Φe preserves addition and multiplication.
We know there is only one field of order pf so we can denote it by Fpf .
Now suppose π is a generator of the multiplicative group F× pf
. Then π is
of order p − 1. But Φ (π) = π, ie π = π =⇒ π
f e pe pe −1
= 1 also. Hence

pf − 1 | pe − 1.

We need a simple arithmetic result.

Lemma 7.4. pf − 1 | pe − 1 if and only if f | e.
Proof. Suppose first that f | e, say e = f d. We have x − 1 | xd − 1 in Z[x].
Substituting x = y f ,

y f − 1 | (y f )d − 1 = y e − 1.

The result follows on setting y = p.

7–8
 Conversely, suppose f - e, say
e = fq + r
where 0 < r < f . Let h(x) = xf − 1. Then
xf ≡ 1 mod h(x) =⇒ (xf )d ≡ 1 mod h(x) =⇒ xe ≡ xr mod h(x).
Setting x = p,
pe ≡ pr mod pf − 1 =⇒ pe − 1 ≡ pr − 1 mod pf − 1.
But pf − 1 | pe − 1, by hypothesis. Hence pf − 1 | pr − 1, which is impossible
since pr − 1 < pf − 1.
We see therefore that
f | e.
If f = e we are done. Otherwise we repeat the same construction with
F = Fpf playing the role of Fp . Thus we start with an irreducible factor f (x)
of Ue (x) over F of degree d > 1 (we know there is such a factor since there
are only pf linear factors), and consider the extension field F[x]/(f (x)) of
order pg , where g = f d. Again, the field is generated by α = x mod f (x), ie
its elements are polynomials in α,
β = a0 + a1 α + · · · + ad−1 αd−1 ,
with ai ∈ F. As before,
Φe (α) = α, Φe (ai ) = ai =⇒ Φe (β) = β.
Now we choose a generator π of Fp . This is of order pg − 1, and
g

e −1
Φe (π) = π =⇒ π p = 1.
Hence
pg − 1 | pe − 1 =⇒ g|e.
Thus we have constructed a larger field Fpg , with f | g | e. Continuing in
this way, we must finally reach the field Fpe .

7.4.2 Second proof: a counting argumeng

Proof. We know that if f (x) ∈ Fp [x] is of degree n, then Fp [x]/(f (x)) is a
field of order pn . Thus the result will follow if we can show that there exist
irreducible polynomials f (x) ∈ Fp [x] of all degrees n ≥ 1.
[Conversely, if Fpe exists then there is an irreducible polynomial over Fp
of degree e. For consider the minimial polynomial m(x) of a generator π of
F×pe . If this has degree d then π generates an extension field of degree d over
Fp , containing pd elements. But this field must contain all the powers of π,
ie all the elements of F× pe . Since it also contains 0 it is in fact the whole of
Fp , so that d = e.]
e

7–9
Möbius inversion
It is convenient at this point to introduce an auxiliary idea, used widely in
combinatorics and elsewhere outside of number theory.
Definition 7.4. The Möbius function µ(n) is defined for positive integers n
by (
0 if n has a square factor
µ(n) =
(−1)r if n is square-free and has r prime factors
Thus

µ(1) = 1, µ(2) = −1, µ(3) = −1, µ(4) = 0, µ(5) = −1,

µ(6) = 1, µ(7) = −1, µ(8) = 0, µ(9) = 0, µ(10) = 1.

By an arithmetic function we mean a function with values in N \ {0}.

Theorem 7.5. Given an arithmetic function f (n), suppose
X
g(n) = f (n).
d|n

Then X
f (n) = µ(n/d)g(n).
d|n

Proof.
Lemma 7.5. We have
(
X 1 if n = 1
µ(d) =
d|n
0 otherwise.

Proof. Suppose n = pe11 · · · pnen . Then it is clear that only the factors of
p1 · · · pr will contribute to the sum, so we may assume that n = p1 · · · pr .
But in this case the terms in the sum correspond to the terms in the
expansion of
(1 − 1)(1 − 1) · · · (1 − 1)
| {z }
r products

giving 0 unless r = 0, ie n = 1.
Given arithmetic functions u(n), v(n) let us define the arithmetic function
u ◦ v by X X
(u ◦ v)(n) = u(d)v(n/d) = u(x)v(y).
d|n n=xy

7–10
[This is analogous to the convolution operation in analysis.] This operation
is commutative and associative, ie v ◦ u = u ◦ v and (u ◦ v) ◦ w = u ◦ (v ◦ w).
The latter follows from
X
((u ◦ v) ◦ w)(n) = u(x)v(y)w(z).
n=xyz

Let us define δ(n), (n) by

(
1 if n = 1
δ(n) =
0 otherwise,
(n) = 1 for all n

It is easy to see that

δ◦f =f
for all arithmetic functions f . Also the Lemma above can be written as

µ ◦  = δ,

while the result we are trying to prove is

g =  ◦ f =⇒ f = µ ◦ g.

This follows since

µ ◦ g = µ ◦ ( ◦ f ) = (µ ◦ ) ◦ f = δ ◦ f = f.

The following multiplicative form of this result can be proved in the same
way.
Corollary 7.4. Given an arithmetic function f (n), suppose
Y
g(n) = f (n).
d|n

Then Y
f (n) = g(n)µ(n/d) .
d|n

7–11
Return to second proof
There are pn monic polynomials of degree n in Fp [x]. Let us associate to
each such polynomial the weight xn . Then all these terms add up to the
generating function
X 1
p n xn = .
n∈N
1 − px
Now consider the factorisation of each polynomial

f (x) = f1 (x)e1 · · · fr (x)er

into irreducible polynomials. If the degree of fi (x) is di this product corre-

sponds to the power
xd1 e1 +···+dr er .
Putting all these terms together, we obtain a product formula analagous to
Euler’s formula. Suppose there are σ(n) irreducible polynomials of degree n.
Let d(f ) denote the degree of the polynomial f (x). Then
1 Y
1 + xd(f ) + x2d(f ) + · · ·


=
1 − px
irreducible f (x)
Y 1
=
1 − xd(f )
irreducible f (x)
Y
= (1 − xd )−σ(d) .
d∈N

As we have seen, we can pass from infinite products to infinite series by

taking logarithms. When dealing with infinite products of functions it is
usually easier to use logarithmic differentiation:
f 0 (x) u0 (x) u0 (x)
f (x) = u1 (x) · · · ur (x) =⇒ = 1 + ··· + r .
f (x) u1 (x) ur (x)
Extending this to infinite products, and applying it to the product formula
above,
p X dσ(d) xd−1 X X
= = dσ(d) xtd−1
1 − px d∈N 1 − xd d∈N t≥1

(This is justified by the fact that terms on the right after the nth only involve
powers greater than xn .)
Comparing the terms in xn−1 on each side,
X
pn = dσ(d).
d|n

7–12
Applying Möbius inversion,
X
nσ(n) = µ(n/d)pd .
d|n

The leading term pn (arising when d = 1) will dominate the remaining

terms. For these will consist of terms ±pe for various different e < n. Thus
their absolute sum is
X
≤ pe
e≤n−1
n
p −1
=
p−1
< pn .

It follows that σ(n) > 0. ie there exists at least one irreducible polynomial
of degree n.

Corollary 7.5. The number of irreducible polynomials of degree n over Fp

is
1X
µ(n/d)pd .
n
d|n

Examples: The number of polynomials of degree 3 over F2 is

1
23 − 2
µ(1)23 + µ(3)2 = = 2,
3 3
namely the polynmials x3 + x2 + 1, x3 + x + 1.
The number of polynomials of degree 4 over F2 is

1 4 2

24 − 22
µ(1)2 + µ(3)2 + µ(1)2 = = 3.
4 4
(Recall that µ(4) = 0, since 4 has a square factor.)
The number of polynomials of degree 10 over F2 is
1 10
990
2 − 25 − 22 + 2 = = 99
10 10
The number of polynomials of degree 4 over F3 is
1 4
72
3 − 32 = = 9.
4 8

7–13