Blahut Chapter 4

Mathematics

THE INTEGER RING

The set of integers (positive, negative, and zero) forms a ring under the usual
operations of addition and multiplication. This ring is conventionally denoted by
the label Z.

We say that the integer s is divisible by the integer r, or that r divides s

(or that r is a factor of s) if

ra=s for some integer a

r divides s and is divisible by s, then

r = + s.

Since s= ra and r= sb  r= rab,

a, b = 1, -1

• A positive integer p greater than 1 that is divisible only by + p or + 1 is

called a prime integer.

• A positive integer greater than 1 that is not prime is called composite.

• The greatest common divisor of two integers r and s, denoted by GCD(r, s)

is the largest positive integer that divides both of them.
e.g GCD(8, 20) = 4

• The least common multiple of two integers r and s, denoted by LCM(r, S),
is the smallest positive integer that is divisible by both of them.
e.g LCM(8, 20) = 40

• Two integers are said to be relatively prime if their GCD = 1.

e.g GCD(3, 7) = 1

Within the ring of integers, division is not possible in general. We do,

however, have the two next-best things: cancellation and division with
remnainder. Because cancellation is possible, the integer ring is an integral
domain.

Error Control Coding 33 Fall 21

Division Algorithm
For every pair of integers c and d with d  0, there is a unique pair of integers Q
(the quotient) and s (the remainder) such that c = dQ + s, where 0 < s <|d|.

• s = Rd[c]
s is the remainder or residue of c when divided by d

• s  c (mod d).

s is congruent to c modulo d.
It means that s and c have the same remainder when divided by d, but s is not
necessarily smaller than d.

Hence,
(i) Rd[a + b] = Rd { Rd [a] + Rd [b] }
(ii) Rd [a . b] = Rd { Rd [a] . Rd [b]}

Euclidean Algorithm
Given two distinct non-zero integers r and s, their GCD can be computed by an
iterative application of the division algorithm. Suppose that r < s and that both are
positive; the algorithm is

s = Q1r + r1 • process stops when a

r = Q2r1 + r2 remainder of zero is obtained
r1 = Q3r2 + r3
:
rn-1 = Qn+1rn  GCD(r, s) = rn

Corollary : For any integers r and s, there exist integers a and b such that
GCD(r, s) = ar + bs.

e.g Find GCD(803, 154)

803 = 5 . 154 + 33
154 = 4 . 33 + 22
33 = 1 . 22 + 11
22 = 2 . 11 + 0
So, GCD = 11

11 = 33 – 22
= 33 – (154 – 33 . 4)
= 5 . 33 – 154 = 5(803 – 5 . 154) – 154
Error Control Coding 34 Fall 21
 = 5 . 803 – 26 . 154
= 5 . 803 + (-26) . 154
GCD = a . r + b .s

FINITE FIELDS BASED ON THE INTEGER RING

Definition : Let q be a positive integer. The quotient ring, called the ring of
integers modulo q and denoted by Z/(q), is the set {0,...,q- 1} with addition and
multiplication defined by

a + b = Rq[a + b]
a.b = Rq[ab]

• Two elements a and b of Z that map into the same element of Z/(q) are
congruent modulo q, and

a= b+ mq for some integer m.

Theorem : The quotient ring Z/(q) is a ring.

Proof: Exercise.

Recall that GF(2), GF(3) can be described as addition and multiplication modulo
2 and 3.

 GF(2) = Z/(2), GF(3) = Z/(3)

But GF(4)  Z/(4)

Theorem : The quotient ring Z/(q) is a field if and only if q is a prime integer.

Proof
Suppose that q is a prime.
 We must show that every nonzero element has a multiplicative inverse
s (0)  Z/(q) . Then
1 < s < q-l
Because q is prime, GCD(s, q)= 1
 1 = aq + bs for some integers a and b.
 1 = Rq[1] = Rq[aq + bs] = Rq{Rq[aq] + Rq[bs]}
= Rq[bs] = Rq{Rq[b] Rq[s]}
= Rq{Rq[b] . s}
Error Control Coding 35 Fall 21
Hence Rq[b] is a multiplicative inverse for s under modulo-q multiplication.
Now suppose that q is composite. Then q = rs. If the ring is a field, then r has an
inverse r-1. Hence

s = Rq[s] = Rq[r-1rs] = Rq[r-1q] = 0

But s  0  contradiction  the ring is not a field

Whenever the quotient ring Z/(q) is a field, it is also called by the name GF(q).

POLYNOMIAL RINGS
A polynomial over the field GF(q)

f(x)=fn-1xn-1+fn-2xn-2+ … + f1x+f0

where fn-1, fn-2, …, f1, f0  GF(q)

The zero polynomial is f(x) = 0

A monic polynomial is a polynomial with leading coefficient fn-1 equal to 1.

Degree of f(x) = n-1

• The set of all polynomials over GF(q) forms a ring if addition and multi-
plication are defined as the usual addition and multiplication of
polynomials.

 GF(q)[x]

f(x) + g(x) =  (fi + gi)xi

i
e.g. over GF(2)

(x4 + x2 +1) + (x2 + x +1)

= x4 + (1+1) x2 + x +(1+1)
= x4 + x + 0

A polynomial ring is analogous in many ways to the ring of integers.

* s(x) is divisible by the polynomial r(x)  r(x)a(x)= s(x)

• A polynomial p(x) that is divisible only by p(x) or   GF(q)
 irreducible polynomial

Error Control Coding 36 Fall 21

* A monic irreducible polynomial of degree of at least 1 is called a prime
polynomial.

GCD[r(x), s(x)] = the monic polynomial of largest degree that divides r(x), s(x).
LCM[r(x), s(x)] = the monic polynomial of smallest degree divisible by r(x), s(x)

r(x) and s(x)  relatively prime  GCD[r(x), s(x)] =1

Formal Derivative.

r(x)=rn-1xn-1+rn-2xn-2+ … + r1x+r0
r’(x)=((n-1))rn-1xn-2 + ((n-2)) rn-2 xn-3+ … + r1
((i)) = 1 + 1+ … + 1

Theorem (Division Algorithm for Polynomials)

For every pair of polynomials c(x) and d(x) with d(x) not equal to zero, there is a
unique pair of polynomials Q(x), the quotient polynomial, and s(x), the remainder
polynomial, such that
c(x) = d(x) Q(x) + s(x)
and
deg s(x) < deg d(x)

The remainder
s(x) = Rd(x) [c(x)]
s(x)  c(x) (mod d(x))

Theorem : Let d(x) be a multiple of g(x). Then for any a(x)

Rg(x) [a(x)] = Rg(x) [Rd(x) [a(x)]]

Proof Let d(x)=g(x)h(x) for some h[x).

R.H.S a(x) = Q1(x)d(x) + Rd(x) [a(x)]

= Q1(x)h(x)g(x) + Q2(x) g(x) + Rg(x) [Rd(x) [a(x)]]

L.H.S a(x) = Q(x)g(x) + Rg(x) [a(x)]

Uniqueness from division algorithm

Rg(x) [a(x)] = Rg(x) [Rd(x) [a(x)]]

Theorem
(i) Rd(x)[a(x)+ b(x)] = Rd(x)[a(x)] + Rd(x)[b(x)]
(ii) Rd(x)[a(x) . b(x)] = Rd(x){Rd(x)[a(x)] . Rd(x)[b(x)]}
Error Control Coding 37 Fall 21
Theorem (Unique Factorization Theorem)
A nonzero polynomial p(x) over a field has a unique factorization (up to the order
of the factors) into a field element times a product of prime polynomials over the
field.

Proof the field element pn-1  factor it out

prove the theorem for monic polynomials

If the theorem is false, then

p(x) = al(x) a2(x) . . . ak(x) = bl(x).b2(x) . . . bj(x)

lowest deg: prime polynomials

ak(x)’s are different from all of the bj(x)’s  otherwise common terms
could be canceled to give a lower-degree polynomial
Suppose that b1(x) has degree not larger than that of a1(x). Then

 a1(x) = b1(x) h(x} + s(x)

where deg s(x) < deg b1(x) < deg a1(x). Then

s(x) a2(x) … . . ak(x) = b1(x) [b2(x) . . . bj(x) - h(x).a2(x) ... ak(x)].

Factor both s(x) and the bracketed term into their prime factors
 Divide by a field element to make all factors monic.
 Because b1(x) does not appear on the left side, we have two different
factorizations of a monic polynomial whose degree is smaller than the
degree of p(x).
 The contradiction proves the theorem.

From the unique factorization theorem,

GCD[r(x), s(x)] and LCM[r(x), s(x)] are unique.

Theorem (Euclidean Algorithm for Polynomials)

Given two polynomials r(x) and s(x) over GF(q), their greatest common divisor
can be computed by an iterative application of the division algorithm.
If deg s(x) > deg r(x) > 0,

s(x) = Ql(x)r(x) + r1(x)

r(x) = Q2(x)rl(x) + r2(x)
r1(x) = Q3(x) r2(x) + r3(x)
:
rn-1(x) = Qn+1(x)rn(x)
Error Control Coding 38 Fall 21
 rn(x) =  GCD[r(x), s(x)]

where a(x), b(x) over GF(q).

• GCD[r(x), s(x)] = a(x)r(x) +b(x)s(x) where a(x), b(x) over GF(q).

• A polynomial over GF(q) can be evaluated at any element  of GF(q).

 This is done by substituting the field element  for x.

• If p() = 0   - zero of the polynomial or a root of p(x) = 0

• A polynomial doesn’t necessarily have zeros in its own fields.

Theorem : A polynomial p(x) has field element  as a zero if and only if (x -) is
a factor of p(x). Furthermore, at most n field elements are zeros.

FINITE FIELDS BASED ON POLYNOMIAL RINGS

Definition : For any monic polynomial p(x) with nonzero degree over the field F,
the ring of polynomial modulo p(x) is the set of all polynomials with degree
smaller than that of p(x), together with polynomial addition and polynomial
multiplication modulo p(x).

 F[x]/(p(x)).

F[x] – Ring of polynomials over the field F.

For all r(x)  F[x]  F[x]/(p(x))  Rp(x)[r(x)].

a(x)  b(x) (mod p(x))

 b(x)= a(x) + Q(x)p(x) for some polynomial Q(x).

Theorem : F[x]/(p(x)) is a ring.

Exercise.

E.g the ring of polynomials over GF(2), choose p(x)= x3 + 1. Then the ring of
polynomials modulo p(x) is GF(2)[x]/(x3 + 1).
{0, 1, x, x+1, x2, x2+1, x2+x, x2+x+1}
Error Control Coding 39 Fall 21
In this ring, (x2+1).(x2) = R [(x2 +1) . x2]
x 3 +1
=R [x(x3+1)+x2+x] = x2+x
x 3 +1
( because x4=x(x3+1)+x = x4+x+x )

Theorem : The ring of polynomials modulo a monic polynomial p(x) is a field if

and only if p(x) is a prime polynomial.

Proof Suppose that p(x) is prime. To prove that the ring is a field, we must show
that every nonzero element has a multiplicative inverse.
Let s(x)  F[x]/((p(x))).Then, deg s(x) < deg p(x).

Because p(x) is a prime polynomial, GCD[s(x), p(x)]= 1.

1 = a(x)p(x) + b(x)s(x) for some polynomials a(x) and b(x).

Hence,
1 = Rp(x)[1] = Rp(x)[a(x) p(x) + b(x) s(x)]
= Rp(x){ Rp(x)[b(x)] Rp(x)[s(x)]}
= Rp(x){ Rp(x)[b(x)] . s(x)}

 Rp(x)[b(x)] is a multiplicative inverse for s(x) in the ring.

Now suppose that p(x) whose degree is at least 2 is not prime.

Then p(x) = r(x)s(x).
If the ring is a field, then r(x) has an inverse polynomial r-1(x). Hence

s(x) = Rp(x)[s(x)] = Rp(x)[r-1(x) r(x) s(x)]

= Rp(x)[r-1(x) . p(x)]
=0
But s(x)0, and thus we have a contradiction. Hence, the ring is not a field when
p(x) is not prime.

Whenever we can find a prime polynomial of degree n over GF(q), then we can
construct a Galois field with qn elements. In this construction, the elements are
represented by polynomials over GF(q) of degree less than n. There are qn such
polynomials and hence this many elements in the field.

 We get GF(qn) (***)

Error Control Coding 40 Fall 21

Some Prime polynomials over GF(2)

Degree Primitive Polynomials

2 x2+ x+ 1
3
3 x +x+1
4 x4+ x+ 1
5 x5+ x2+ l
6 x6+ x + 1
7 x7+ x3+ 1
8 x8+ x4+ x3+ x2+ 1
9 x9+ x4+ 1
10 x10 +x3+ 1

Test all possible factorizations.

• Are these the only prime polynomials ?

Construction of GF(4)
Select p(x) = x2 + x +1 over GF(2). Field elements are
{0, 1, x, x+1}

+ 0 1 x x+1 . 0 1 x x+1
0 0 1 x x+1 0 0 0 0 0
1 1 0 x+1 x 1 0 1 x x+1
x x x+1 0 1 x 0 x x+1 1
x+1 x+1 x 1 0 x+1 0 x+1 1 x

Replace Polynomial notation by integer or desired notation

0 00 0 0
1 01 1 1 x2 = x2 +x +1 + x +1
x 10 2 x Rp(x)[x2] = x + 1
x+1 11 3 x2
Binary Integer Exponential

GF(4)
+ 0 1 2 3 . 0 1 2 3
0 0 1 2 3 0 0 0 0 0
1 1 0 3 2 1 0 1 2 3
2 2 3 0 1 2 0 2 3 1
3 3 2 1 0 3 0 3 1 2

Error Control Coding 41 Fall 21

PRIMITIVE ELEMENTS

Definition : A primitive field element of GF(q) is an element  such that every

field element except zero can be expressed as a power of .

For example in the field GF(5)

21=2, 22 = 4, 23 = 3, 24 = 1

and thus 2 is a primitive element of GF(5).

Similarly, 31=3, 32 = 4, 33 = 2, 34 = 1
3 is also a primitive element of GF(5).

Abelian group under the addition operation

Field Abelian group under the multiplication operation for elements except
zero.

Order of this group is divisible by the order of any of its elements. [h, h 2, h3, …,
hc=1]

Theorem : Let 1, 2 , ….., q-1 denote the nonzero field elements of GF(q). Then
xq-1 - 1  (x - 1) ( x - 2)....(x -q-1).

Proof
GF(q) – contains q elements
The group under the multiplication contains q-1 elements (zero is not included)
Let  be any nonzero element of GF(q), and let h be its order under the operation
of multiplication.
h = 1  h divides q-1.
(because ,  , …, h-1, h =1 is a subgroup 
2
order of a subgroup divides
order of group  coset decomposition)

 q-1 = (h)(q-1)/h = 1(q-1)/h = 1

  is a zero of xq-1 –1.
 xq-1 – 1 = (x-1) (x-2) …(x-q-1) has q-1 roots since 1, …, q-1 are all
distinct and each of them is a root of xq-1– 1 =0.

Theorem : The group of nonzero elements of GF(q) under multiplication is a

cyclic group.

Proof
If q- 1 is a prime  every element except 0 and 1 has order q- l
Error Control Coding 42 Fall 21
 Every element is primitive
 GF(q) under multiplication is a cyclic group.

For composite q- 1 : Consider tile prime factorization of q – 1.

s
q-1 =  pi i
v
i =1

Consider x (q −1) /p i - 1  only (q- l)/pi roots.  there exists at least

one element not a root of this but belongs to GF(q) since (q-1) > (q-1)/pi.

  i,  ai (0) ,  GF(q) such that a i

(q −1) /p i  1.

(q −1) /p iv i
Let bi = a i
s
b=  bi
i =1

v
• The element bi has order p i i .

(q −1) /p iv i
 b i i = a i(q −1) = 1
v
p i
Proof : bi = a i
v
 order of bi divides p i i .
n
 order of bi - p i i if ni < vi

( v −1)
pi i
bi =1
( v −1)
p i (q −1) /p i
But b i i = ai 1

v
 bi has order p i i .

Theorem : The group of elements of GF(q) under multiplication is a cyclic group.

Theorem : Every Galois field has a primitive element.

Proof As a cyclic group, the nonzero elements of GF(q) include an element of

order q - 1. This is a primitive element.

Error Control Coding 43 Fall 21

e.g. GF(8), every nonzero element has order that divides 8-1=7. Because 7 is
prime, every element except 0 and 1 has order 7 and thus is primitive.
GF(8) prime polynomial over GF(2)  p(z)=z3+z+l.Based on the primitive
element  = z (order 7)

 =z
2 = z2
3 = z + l
4 = z4  (z3 + z + 1) z + z2 + z  z2 + z
5 = z5  (z3 + z + 1) z2 + z3 + z2  (z+1) + z2
6 = z6  (z3 + z + 1) z3 + z4 + z3  (z2 + z ) + (z+1)  z2 +1
7 = z7  (z3 + z + 1) z4 + z5 + z4  (z2 + z +1) + (z2 + z )  1

45 = 9 = 7.2 = 2 = z2
13 = 76 = 6 = z2 +1

* GF(16) q-1 = 15  every nonzero element has order that divides 15.
i.e. 1, 3, 5, or 15. An element with order 15 is primitive.

To construct the extension field as in this case it is convenient if the polynomial x

corresponds to a primitive element of the field.

Definition : A primitive polynomial p(x),over GF(q) is a prime polynomial over

GF(q) with the property that in the extension field constructed modulo p(x), the
field element represented by x is primitive.

 Primitive polynomial is a prime polynomial having a primitive element as a

zero.

THESTRUCTURE OF FINITE FIELDS

Definition : The number of clements in the smallest subfield of GF(q) is called the
characteristic of GF(q).

Theorem : Each Galois field contains a unique smallest subfield, which has a
prime number of elements. Hence the characteristic of every Galois field is a
prime number.

Proof
The field contains the elements 0 and 1. To define the subfield, consider the
subset G = {0, 1, 1+1, 1+1+1, ….}  {0, 1, 2, 3, …}
 a cyclic subgroup under addition
Error Control Coding 44 Fall 21
 contains a finite number, p, of elements

In G, addition is modulo p because it is a cyclic group under addition.

. = (1 + 1 + … + l ) .  =  +  + … + 

 multiplication is modulo p.

Each element  has an inverse under multiplication

, 2, 3,.…..

is a cyclic subgroup of G. It contains 1, so that

 = 1 for some  in G.

Thus the subset G contains the identity clement, is closed under addition and
multiplication, and contains all inverses under addition and multiplication.
 G is a subfield, and it has modulo p arithmetic.
 According to definition of fields, p must be a prime.
 G  GF(p).

The original field GF(q) is an extension field of the subfield GF(p).

Definition : Let GF(q) be a field and let GF(Q) be an extension field of GF(q). Let
 be in GF(Q). The prime polynomial f(x) of smallest degree over GF(q) with f()
= 0 is called the minimal polynomial of  over GF(q).

Theorem : Every element  of GF(Q) has a unique minimal polynomial over

GF(q). Further, if  has the minimal polynomial f(x) and a polynomial g(x) has 
as a zero, then f(x) divides g(x).

Proof
 is always a zero of xQ-x which is a polynomial over GF(q). Now use the unique
factorization theorem:

xQ-x = f1(x) f2(x) …fk(x)

where the factors on the right side are all prime polynomials over GF(q).

 If  is a zero of the left side, then it must be a zero of some term on the
right side

g(x) = f(x)h(x) + s(x)

Error Control Coding 45 Fall 21

where s(x) has a smaller degree than f(x) and hence cannot have  as a zero. But

g() = 0 = f()h() + s() = s()

Hence s(x) must be zero, and the theorem is proved.

Corollary : If f1(x),...,fk(x) are the distinct polynomials that are minimal

polynomials over GF(q) for one or more elements in GF(Q), then

xQ - x = f1(x).f2(x)....fk(x)

Proof

This follows from the theorem because every  is a zero of xQ- x.

When Q is equal to q, this reduces to

xq - x = x(x - 1) (x - 2) . . . (x - q-1)

as seen earlier.

The minimal polynomial over GF(q) of an element  of GF(q) is the first-degree

polynomial f(x)= x - .

Theorem : Let g(x) be any polynomial over GF(q). Then there exists an
extension field GF(Q) in which g(x) can be expressed as the product of linear
factors.

Definition : Any extension field of GF(q) in which g(x),a polynomial over GF(q),
factors into linear and constant terms is called a splitting field of g(x).

Theorem : Let a be a primitive clement in a Galois field GF(Q), an extension

field of GF(q). Let m be the degree of f(x), the minimal polynomial of  over
GF(q). Then the number of elements in the field is Q = qm, and each element 
can be written,

 = am- lm-1+ am- 2m- 2 + ... + a1 + a0

where am-1, … , a0 are elements of GF(q).

Error Control Coding 46 Fall 21

Proof Clearly, if

 = arn- lm-1+ am- 2m- 2 + ... + a1 + a0  GF(Q)

Also if

 = brn- lm-1+ bm- 2m- 2 + ... + b1 + b0

 0 = (arn- l-bm-1)m-1+ (am- 2-bm-2)m- 2 + ... + (a1-b1) + (a0-b0)
  is a zero of a polynomial of degree m – 1. This is a contradiction to
the definition of m (the minimal polynomial is the one with the
smallest degree such that f()=0)

Also f() = 0

 m + frn- lm-1+ fm- 2m- 2 + ... + f1 + f0 = 0

m = -( frn- lm-1+ fm- 2m- 2 + ... + f1 + f0)
m+1 = -( frn- lm+ fm- 2m- 1 + ... + f12 + f0)
= - frn- lm- fm- 2m- 1 - ... - f12 - f0
= - frn- l (-frn- lm-1- fm- 2m- 2 - ... - f1 - f0) - fm- 2m- 1 - ... - f12 - f0

Similarly , any power of  can be produced as a linear combination of m-1, m-2,

… , 0).
 Q is not larger than qm
 number of elements in Q = qm

Corollary : Every Galois field has pm elements for some positive integer m and
prime p.

Proof
• Every Galois field has a subfield with p elements to which the earlier
theorem applies.
• For every prime p and positive integer m, there is a Galois field with p m
elements.
• For every finite field GF(q) and positive integer m, there exists at least one
prime polynomial over GF(q) of degree m.
• For every finite field GF(q) and positive integer m, there exists at least one
primitive polynomial over GF(q) of degree m.

Let  be a primitive element in GF(qm). Let f(x) be the minimal polynomial of 

over GF(q). Then, in the field of polynomials modulo f(x), the primitive element
 = x is a zero of f(x) and thus polynomial x represents a primitive element of the
field.
Error Control Coding 47 Fall 21
Summary :

1. In any Galois field, the number of elements is a power of a prime.

2. If p is prime and m is a positive integer, the smallest subfield of GF(p m)is
GF(p). The elements of GF(p) are called the integers of GF(p m), and p is
called its characteristic.
3. In a Galois field of characteristic 2, -= for every  in the field.
4. If p is a prime and m is an integer, then there is a Galois field with p m
elements.
5. Every Galois field GF(q) has at least one primitive element.
6. Every Galois field GF(q) has at least one primitive polynomial over it of
every positive degree.
7. Every primitive element has over any subfield a minimal polynomial that is a
prime polynomial.
8. Two Galois fields with the same number of elements are isomorphic.
9. For any prime power q and positive integer m, GF(q) is a subfield of GF(q m),
and GF(qm) is an extension field of GF(q).
10. GF(qm) is not a subfield of GF(qm) if n does not divide m.
11. The degree of the minimal polynomial over GF(q) of any element of GF(q m)
is a divisor of m.

e.g. GF(8) = GF(23), GF(16) = GF(24)

 3 does not divide 4.

So, GF(8) is not a subfield of GF(16).

But GF(4) = GF(22) is a subfield of GF(16).

Error Control Coding 48 Fall 21