Standardconstructionforcertainfinitefields BachelorThesis

Bachelor Thesis

Standard construction for certain finite fields

Author:

J.E.F. Rood math@jobrood.nl

Supervisor:

Dr. B. de Smit

March 23, 2015

1 Introduction

A finite field always has pⁿ elements for some prime number p and a positive number n. Moreover for every prime number p and positive number n there exists a finite field with pⁿ elements. Furthermore any two fields of the same cardinality are isomorphic. For a prime number p and positive integer n a finite field of cardinality p can be represented as Z/pZ and a field of cardinality pⁿ can be constructed as (Z/pZ)[X]/(f) with f ∈ (Z/pZ)[X] a monic irreducible polynomial of degree n.

We are looking for an algorithm such that on input of a prime number p and positive integer n it will give as output a field of cardinality pⁿ. A possible algorithm would be to randomly pick a polynomial of degree n and check if it is irreducible in (Z/pZ)[X]. Such an algorithm is relatively fast, but such an algorithm could produce different output on multiple runs. Another example is the commonly used Conway polynomials, these are defined inductively as the minimal irreducible polynomial of a lexicographical ordering such that the Con- way polynomial cp,nis compatible with the polynomials cp,m for all m dividing n. There are two algorithms to produce such a polynomial cp,n, which results in a deterministic output, but these are also time consuming [8]. We would like an algorithm that combines the best aspect of the previous two examples, it has to be fast and it results in the same output every time it runs on the same input.

De Smit and Lenstra defined an effective construction for a finite field based upon prime ideals instead of polynomials [4]. For this construction there is a probabilistic algorithm that on input of a prime number p and positive integer n carries out the construction in polynomial time [5]. Moreover, it is a randomized algorithm of the type Las Vegas algorithms [10], so for a certain p and n it will always produce the same field. Thus the method of De Smit and Lenstra should combine the aspects we are looking for in the algorithm for a finite field. For some aspects of the method no proof has been published yet.

The purpose of this thesis is to prove for any prime number p and a positive integer n such that gcd(p, n) = 1 that the definition of De Smit and Lenstra defines a construction of a finite field of cardinality pⁿ.

Definition 1. Let r be a prime number and define r := r·gcd(2, r). For i ∈ Z≥0

we define

Ar,i:= Z[X0, X1, X2, ..., Xi]/(

r−1

X

i=0

X₀^rri; X_j^r− Xj−1 : 0 < j ≤ i).

Note that the residue class of Xi is a primitive root ζrrⁱ of order rrⁱ. Also notice for i ∈ Z≥0 that Ar,i is a ring and that Ar,j ⊂ Ar,i for j < i. Thus we can define Ar as the unionS∞

i=0Ar,i. In Section 2 we will show that the ring Ar is the ring of integers of the field Q(ζrrⁱ: i ≥ 0). Also we will show that the Galois group of Q(ζrrⁱ: i ≥ 0) over Q is the unit group Z^∗r of the ring of r-adic integers.

Notation. Denote the torsion subgroup of the Galois group of Q(ζrr^j : j > 0) over Q by ∆r.

We will see in Lemma 12 that ∆r is isomorphic to (Z/rZ)^∗, which is also isomorphic to the Galois group of Q(ζr) over Q. The group ∆ris cyclic of order ϕ(r) where ϕ denotes the Euler phi function.

Definition 2. Define Br,k as the set {a ∈ Ar,k|∀δ ∈ ∆r: δ(a) = a} and Bras the unionS∞

i=0Br,i.

Let p be a prime number. Notice that Br,0 = Z and thus Br,0/pBr,0 is a field of cardinality p. In this thesis we will look for ideals p of the ring Br,k for all k ∈ Z≥0 such that Br,k/pBr,k is a field with characteristic p, in other words prime ideals such that p ∈ p.

Notation. For prime numbers r and p such that p 6= r we will denote the set of prime ideals of Br containingp as Sp,r.

Theorem 3. Let l := ordr

_pϕ(r)−1 r/r



, where ordr is ther-adic valuation. The cardinality of Sp,r is r^l and for every prime ideal P ∈Sp,r there is a unique prime ideal p of Br,l such that P= p · Br.

This implies that given generators of a prime ideal of Br,l containing p, we will have the generators for a prime ideal in Sp,r.

Definition 4. For i a non-negative integer, k a positive integer and r a prime number let ηr,k,i:=P

δ∈∆rσδ(ζ_rr^1+irrk ^k−1) ∈ Br,k.

We will show that the elements ηr,k,iwith 0 ≤ i < r form a module basis for Br,k[¹_r] over Br,k−1[¹_r]. Combining this fact and Theorem 3 we will prove the following theorem.

Theorem 5. For p ∈ Sp,r there is a unique system (ap,j)0≤j<lr of integers ap,j ∈ {0, 1, . . . , p − 1} such that p is generated as a module over Br by p and {ηr,j+1,i− ap,i+jr: 0 ≤ j < l, 0 ≤ i < r}.

As a consequence of Theorem 5 we can define a prime ideal of Br as the smallest in a lexicographical ordering as done in Definition 6.

Definition 6. Let pp,r be the unique prime ideal in Sp,r such that for every prime ideal q in Sp,r there is a j ∈ {0, 1, ..., lr − 1} such that for all i < j we have ap_p,r,i= aq,i and ap_p,r,j ≤ aq,j.

Theorem 7. Denote the prime ideal pp,r∩ Br,i as pp,r,i and letηp,r,k= ηp,r,k

(mod pp,r,k). For all k ≥ 0 the field Fp(ηr,l+k,0) has cardinality p^rk.

For a non-negative integer k and distinct prime numbers p, r, the field of cardinality p^rk constructed in Theorem 7 is the standard model for a field of cardinality p^rk as defined by De Smit and Lenstra.

We conclude this thesis with an argument using tensor products, which proves that the defined construction of De Smit and Lenstra is a construction of a finite field of cardinality pⁿ for p a prime number and n a positive integer such that gcd(p, n) = 1.

2 Cyclotomic rings

Let r be a prime number and define r := r · gcd(2, r). We consider the ring

Q[X0, X1, X2, ...]/(

r−1

X

i=0

X₀^rri; X_j^r− Xj−1: j > 0).

The residue class ζrrⁱ of Xi is a root of unity of order rrⁱ. Note that this ring is a field which is generated as a field extension of Q by {ζrr^j : j ≥ 0}.

Lemma 8. For n a positive integer, let q = rrⁿ. There is an isomorphism (Z/qZ)^∗→ Gal(Q(ζq)/Q) , such that a 7→ (ζq 7→ ζ_q^a).

Proof. We know ζ_q^q = 1 and ζ_q^j 6= 1 for any 1 ≤ j < q. It follows that for an automorphism σ ∈ Gal(Q(ζq)/Q) the identities σ(ζq)^q = 1 and σ(ζq)^j 6= 1 hold.

Now σ(ζq) is a root of X^q− 1, but not of X^j− 1 and thus σ(ζq) = ζ_q^a where a is relatively prime to q. Thus there is an injection from Gal(Q(ζq)/Q) to (Z/qZ)^∗. Proposition 6.2 (b) in Milne’s course notes [9] gives us that # Gal(Q(ζq)/Q) = ϕ(q) = #(Z/qZ)^∗, therefore our injection is even a bijection.

Notation. The cyclic group of m elements we will denote as Cm.

For a prime power q Gauss [6] showed that (Z/qZ)^∗ is isomorphic to either the cyclic group C_ϕ(q)or the product of two cyclic groups C2and C_q/4depending on q (mod 2), combined with Lemma 8 we find:

Gal(Q(ζq)/Q) ∼=

(C2× Cq/4 if 2|q and q 6= 2, Cϕ(q) else.

Then for q = rrⁿ with n ≥ 0 a positive integer we have # Gal(Q(ζq)/Q) = ϕ(r)rⁿ.

Definition 9. Let K be an algebraic field extension of Q. The ring of integers OK of K is the set of all a ∈ K such that a is a root of a monic polynomial f ∈ Z[X]. For an element x ∈ OK we say it is integral over Z.

From Proposition 6.2 (b) in Milne’s course notes [9] we have that Z[ζq] is the ring of integers of Q(ζq). Thus the ring Ar,i as in Definition 1 is the ring of integers of Q(ζrrⁱ).

Lemma 10.

I. For a chain of field extensionsK0⊂ K1⊂ ... we have the identity of rings of integers

O_∪i≥0Ki= [

i>0

OKi.

II. For an extension of fieldsK ⊂ L with G = Aut(L/K) we have the identity of rings of integers

O^G_L = OL^G.

Proof. Note that for a chain of field extensions K0⊂ K1⊂ ... we have x ∈ [

i≥0

O_Ki⇔ there is an i ≥ 0 such that x ∈ OKi

⇔ there is an i ≥ 0 such that x ∈ Ki and x is integral over Z.

⇔ x ∈ [

i≥0

Ki and x is integral over Z.

⇔ x ∈ O_∪i≥0Ki.

Likewise we have the following equivalences for the fields K ⊂ L with G = Aut(L/K).

x ∈ OL^G⇔ x ∈ L^G and x is integral over Z.

⇔ x ∈ L and for every σ ∈ G we have σ(x) = x and x is integral over Z.

⇔ x ∈ O^G_L.

Since the ring Aris defined as the union over the Ar,iit is the ring of integers of the field Q(ζrrⁱ : i ≥ 0) by Lemma 10.I. The ring Br,idefined in Definition 2 is the ring of integers of the field Q(ζrr^j : 0 ≤ j ≤ i)^∆rby Lemma 10.II and then Br

is the ring of integers of the fieldS

i≥0Q(ζrr^j : 0 ≤ j ≤ i)^∆r = Q(ζr^j : j ≥ 0)^∆r again by Lemma 10.I.

The Galois group of Q(ζrrⁱ : i ≥ 0) over Q is isomorphic to the projective limit lim←−k≥0Gal(Q(ζrr^k)/Q) by Theorem 28.14 of Stevenhagen’s course notes [11].

Definition 11. The ring of r-adic numbers is defined as lim←−k≥0Z/r^kZ and denoted as Zr.

Notation. For u ∈ Z^∗r, the ring automorphism σu denotes the automorphism in Gal(Q(ζrrⁱ : i ≥ 0)/Q) that sends ζrr^k to ζ_rr^uk for all k ≥ 0 and where u = u (mod rr^k) .

Remark. The limit lim←−k≥0(Z/r^kZ)^∗ is isomorphic to Z^∗r.

Therefore Gal(Q(ζrrⁱ: i ≥ 0)/Q) ∼= Z^∗rand thus for every u ∈ Z^∗r there is an unique ring automorphism σu of Ar. The Galois group of Q(ζrrⁱ : i ≥ 0) over Q acts as an automorphism group on the ring of integers Arand Z. Recall that

∆ris defined as the torsion subgroup of Gal(Q(ζrrⁱ : i ≥ 0)/Q).

Lemma 12. The group∆r is cyclic of orderϕ(r).

For a proof of this lemma see Corollary 4.5.10 of Gouvea [7].

Corollary 13. The field degree of Q(ζrr^j : 0 ≤ j ≤ i)^∆r over Q is rⁱ.

3 Galois extensions and ring of integers

In this section let K be a finite Galois extension of Q with degree n. Also we say that an ideal I of OK divides another ideal J if J ⊂ I

Lemma 14. Letp be a prime number and P be the set of prime ideals dividing the idealpOK. There are unique integerse, f, g ≥ 1 such that

(1) #P = g,

(2) [OK: Z/pZ] = f for all p ∈ P , (3) sup{i : pⁱ|pOK} = e for all p ∈ P , (4) ef g = n,

(5) pOK =Q

p∈Pp^e.

Notation. The number e in the previous Lemma is called the ramification index and the number f is called the residue degree.

Lemma 15. LetL be a Galois extension of K and let q ⊂ OL be a prime ideal, then there is an unique prime ideal p ⊂ O_K s.t. p= q ∩ OK.

Lemma 14 and 15 are well known statements from algebraic number theory and a proof can be found in Chapter 8 of Ash [1] or section 3 of Milne [9].

Definition 16. The decomposition group of a prime ideal P of OK is the subgroup DP= {σ ∈ Gal(K/Q) : σ(P) = P} of Gal(K/Q).

Lemma 17. For a given ideal P of O_K such thatp ∈ P, the number of elements of DP is equal to the product of the ramification indexe and the residue degree f .

Proof. The Galois group Gal(K/Q) acts transitively on the prime ideals above p as shown in Theorem 8.1. of [11]. Thus the orbit of P contains g elements.

Note that DP is the stabilizer of the prime ideal P and from Lemma 14 and the orbit-stabilizer theorem we find that DP= ^[K:Q]_g = f e.

An element σ ∈ DP naturally induces an element of Gal((OK/P)/Fp), that is the map x + P 7→ σ(x) + P.

Lemma 18. The natural mapDP→ Gal((OK/P)/Fp) is surjective.

For a proof of this lemma see Lemma 8.4. of [11].

Definition 19. The inertia group IPis the kernel of DP→ Gal((OK/P)/Fp).

Thus the induced map DP/Ip→ Gal((OK/P)/Fp) is bijective.

Lemma 20. The number of elements of IP is the ramification indexe.

Proof. The number of elements in Gal((OK/P)/Fp) is f as defined in Lemma 14. Thus because the bijection DP/IP has f elements, while by Lemma 17 the number of elements of DP is f e. Thus #IP= e.

Corollary 21. If the ramification index is 1, then the number of elements in IP is1, thus DP/IP= DP and thereforeDP→ Gal((OK/P)/Fp) is bijective.

In the situation that we can apply this Corollary, we can calculate the residue degree as the order of the decomposition group.

4 Frobenius

Let K be a finite Galois extension of Q and k ∈ Z≥0 and p a prime number.

Definition 22. For P ⊂ OK a prime ideal of the ring of integers of K such that p ∈ P and the ramification index e = 1, a Frobenius of P is an element σ ∈ Aut_Q(K) satisfying the following conditions:

(1) σ(P) = P

(2) For every α ∈ OK, σ(α) ≡ α^p (mod P).

For a proof of existence see p. 140 of [9]. This map should not be confused with the Frobenius map defined on a finite field.

Notation. For q a power of p, we denote the Frobenius Fq → Fq, x 7→ x^p in Gal(Fq/Fp) as F .

Lemma 23. The Frobenius defined in Definition 22 is unique and its order is equal to the residue degreef .

Proof. Let σ be a map satisfying Definition 22 for a prime ideal P ⊂ OK

with ramification index 1. Then σ is an element of DP. Since by assumption the ramification index is 1, we can apply Corollary 21 and thus φ : DP → Gal((OK/P)/Fp) is an isomorphism. Under that isomorphism φ the map σ is sent to the map x + P 7→ σ(x) + P. By the second condition in Definition 22 this is the map F . Thus φ(σ) = F and thus Frobenius of P is unique.

Because F is a generator of Gal((OK/P)/Fp), it has order f . By the iso- morphism φ the Frobenius of P will then also have order f .

Notation. We denote the Frobenius of a prime ideal P as FrobP.

Let p, r be distinct prime numbers and let p be a prime ideal of Br,k such that p ∈ p. For the remainder of the thesis we will use these notations. In order to define a Frobenius of p we need to determine the ramification index of Br,k. Lemma 24. The ramification index over Q of a prime ideal containing p in Ar,i andBr,i is1 for all i ≥ 0.

Proof. In the case of Ar,i see Proposition 6.2 (d) of Milne [9]. In the case of Br,i, let i ∈ Z>0 and assume there is a prime ideal P in Br,i dividing (p) with ramification index e > 1. Let Q ⊂ Ar,i a prime ideal dividing P. Thus P^e|(p) and Q|P and thus Q^e|(p). This contradicts our first result and thus every ideal of Br,k containing p has ramification index 1.

Lemma 25. Let q be a prime ideal of Ar,k such that p ∈ q. The map Frobq is the image ofp ∈ (Z/rr^k/Z)^∗ by the isomorphism of Lemma 8.

Proof. The image of p is the map σ defined by σ(ζrr^k) = ζ_rr^pk. Let a ∈ Ar,k, then there are a1, a2, ..., at ∈ Z such that a = Pt

i=1aiζ_rrⁱ k. Now observe that σ(a) = Pt

i=1aiζ_rr^pik ≡ a^p (mod p). Since p ∈ q, we have pAr,k ⊂ q and thus σ(a) ≡ a^p (mod q). Now assume that a ∈ q, then σ(a) ≡ a^p≡ 0 (mod q) and thus σ(a) ∈ q. Now both statements of Definition 22 are satisfied and thus the map Frobqis σ.

This lemma, the functoriality of the Frobenius element [3] and Lemma 24 give us that for a prime ideal p ⊂ q of Br,k the Frobp corresponds to p ∈ (Z/rr^kZ)^∗/∆r.

5 Computing the residue degree of B

Using Lemma 23 we can compute the degree f of the residue field with the order of Frobp in Gal(Q(ζr^j : k > j ≥ 0)^∆r/Q), which we found to be equal to the order of p in (Z/rr^kZ)^∗/∆r. To compute the latter we have the following theorem.

Theorem 26. For l := ordr

p^ϕ(r)−1 r/r



, the order ofp in (Z/rⁿZ)^∗/∆r is1 for gcd(r, 2) ≤ n ≤ l and it is r^n−l forn ≥ l.

Before we prove this theorem we will first consider two lemmas.

Lemma 27. For n ≥ gcd(r, 2) the map ψ : (Z/rⁿZ)^∗ → (Z/rrⁿ⁻¹Z)^∗ defined for every a ∈ Z by a + rⁿZ 7→ a^ϕ(r)+ rrⁿ⁻¹Z is a well-defined homomorphism with kernel∆r.

Proof. First let r = 2 and thus r = 4 and n ≥ 2 and thus we have ψ : (Z/2ⁿZ)^∗ → (Z/2ⁿ⁺¹Z)^∗, a + 2ⁿZ 7→ a²+ 2ⁿ⁺¹Z. First we will show that ψ is well-defined. Let a, b ∈ Z such that a + 2ⁿZ = b + 2ⁿZ, in other words there is an c ∈ Z such that a = b + c · 2ⁿ. Then we have

ψ(a + 2ⁿZ) = a²+ 2ⁿ⁺¹aZ + 2²ⁿZ = a²+ 2ⁿ⁺¹Z

= (b + c · 2ⁿ)²+ 2ⁿ⁺¹Z

= b²+ c · 2ⁿ⁺¹+ c · 2²ⁿ+ 2ⁿ⁺¹Z

= b²+ 2ⁿ⁺¹Z = ψ(b + 2ⁿZ) and this shows that ψ is well-defined.

Secondly we will show that ψ is a homomorphism. Clearly ψ(1) = 1. Also for a, b ∈ Z we have

ψ(ab + 2ⁿZ) = (ab + 2ⁿZ)²= (ab)²+ 2ⁿ⁺¹abZ + 2²ⁿZ = (ab)²+ 2ⁿ⁺¹Z, on the other hand we have

ψ(a + 2ⁿZ)ψ(b + 2ⁿZ) = (a + 2ⁿZ)²(b + 2ⁿZ)²

= a²b²+ (a²b2+ ab²)2ⁿ⁺¹Z + 2²ⁿZ

= (ab)²2ⁿ⁺¹Z.

Thus ψ(a + 2ⁿZ)ψ(b + 2ⁿZ) = (ab)²+ 2ⁿ⁺¹Z = ψ(ab + 2ⁿZ) and thus ψ is a homomorphism in the case r = 2.

Thirdly the kernel of ψ for r = 2 consists of the elements a + 2ⁿZ where a ∈ Z such that a² ≡ 1 (mod 2ⁿ⁺¹). Then also a² ≡ 1 (mod 2ⁿ) and since (Z/2ⁿZ)^∗∼= C2× C2ⁿ⁻² as mentioned after Lemma 8, we know that the set that consists of all elements with an order in (Z/2ⁿZ)^∗ that divides 2 for n = 2 is {±1} ⊂ (Z/2ⁿZ)^∗, and for n > 2 is {±1, 2ⁿ⁻¹± 1} ⊂ (Z/2ⁿZ)^∗. But for the elements 2ⁿ⁻¹± 1 we have (2ⁿ⁻¹± 1)²≡ 1 ± 2ⁿ (mod 2ⁿ⁺¹) 6≡ 1 (mod 2ⁿ⁺¹).

Thus the kernel is ∆r∼= h−1i ⊂ (Z/2ⁿZ)^∗

Now let r an odd prime number and n ≥ 1. The map ψ : (Z/rⁿZ)^∗ → (Z/rⁿZ)^∗, a mod rⁿ 7→ a^ϕ(r)mod rⁿ clearly is an endomorphism. The ker- nel consists of the elements a such that ord(a)|r − 1. As mentioned before (Z/rⁿZ)^∗ ∼= Cϕ(r)rⁿ⁻¹, of which the subgroup ∆r consist of all elements of order dividing r − 1, since ∆r has order r − 1 as stated in Lemma 12.

Corollary 28. The induced homomorphism ψ : (Z/rⁿZ)^∗/∆r → (Z/rrⁿ⁻¹Z)^∗ is injective. Thus for ana ∈ Z\rZ, the order in (Z/rⁿZ)^∗/∆r of(a + rⁿZ) mod

∆r is equal to the order in(Z/rrⁿ⁻¹Z)^∗ ofa^ϕ(r)+ rrⁿ⁻¹Z.

Lemma 29. Let a ∈ Z such that a ≡ 1 mod r, n ≥ 0 and let l⁰ := ordr(a − 1).

The order of a (mod rⁿ) in (Z/rⁿZ)^∗ is1 for n ≤ l⁰ andr^n−l0 forn ≥ l⁰. Proof. First we will address the case n ≤ l⁰. By definition l⁰ is the greatest power of r that divides a − 1. Thus the order of a (mod rⁿ) in (Z/rⁿZ)^∗ is 1 for n ≤ l⁰.

Let n > l⁰ and m ≥ 0. Now let am= a^rm and lm= ordr(am− 1). Putting x = am− 1 for a given m we find that by the binomium theorem that

(1 + x)^r≡ 1 + rx (mod rx², x^r)

≡ 1 + rx (mod r^{min(2lm+1,rlm)}).

Note that for r = 2 we have l⁰ ≥ 2 and for r an odd prime integer we have l⁰≥ 1. Now for m = 0 we have ordr(rx) = lm+ 1 < min(2lm+ 1, rlm) and thus we find that ordr(a^r₀− 1) = ordr(rx) = l0+ 1. Moreover, we have l1= l0+ 1 and thus for m = 1 we also have ordr(rx) = lm+ 1 < min(2lm+ 1, rlm) and thus ordr(a^r_m− 1) = ordr(rx) = lm+ 1. Now iteratively we find that lm= l0+ m and that l⁰+ m + 1 = ordr(a^r_m− 1) = ord(a^rm+1) for m > 0. Thus rⁿ|(a^n−l0− 1) and rⁿ 6 |(a^n−l0−1− 1), so the order of a (mod rⁿ) in (Z/rⁿZ)^∗ is r^n−l0

Proof. (Theorem 26). Notice for r an odd prime number that Fermat’s little theorem states that for a ∈ Z \ rZ we have a^r−1 ≡ 1 (mod r). For r = 2 with a ∈ Z\rZ we have that a²≡ 1 mod 8, since (1+2b)²= 1+4b+4b²= 1+8b(b+1) for b ∈ Z. Thus we can apply Lemma 29 to Corollary 28 for an element a ∈ Z \ rZ. Let l⁰:= ordr(a^ϕ(r)− 1), then

ord_(Z/rⁿ_Z)^∗/∆r(a + rⁿZ mod ∆r) =

(1 if n + gcd(2, r) − 1 ≤ l⁰, r^{n+gcd(2,r)−1−l0} if n + gcd(2, r) − 1 ≥ l⁰. To simplify we use l := ordr

p^ϕr−1 r/r

instead of l⁰:

ord_(Z/rⁿ_Z)^∗/∆r(a + rⁿZ mod ∆r) =

(1 if n ≤ l, r^n−l if n ≥ l.

Corollary 30. The residue degreef of Br,k is 1 fork ≤ l and is r^k−lfork ≥ l.

6 Prime ideals of B

In the last section we determined the residue degree for the rings Br,k. In this section we will determine the number of prime ideals of their union Br. Recall that we defined l := ordr

_pϕr−1 r/r



Lemma 31. For k ≥ l the number of prime ideals g of Br,k is equal to the number of prime ideals of Br,l.

Proof. In the previous section we determined the residue degree of Br,k, while in Lemma 24 we determined the ramification index and Corollary 13 gives us the field degree. Now we can calculate with lemma 14 the number of prime ideals g as _efⁿ = _1·r^rk−l^k , which is equal to the number of prime ideals of Br,l. Corollary 32. For every prime ideal pl⊂ Br,land everyk ≥ l the ideal plBr,k

is a prime ideal.

Proof. Lemma 15 gives us that for every prime ideal q ⊂ Br,k there is a unique prime ideal of p ⊂ Br,l such that p = q ∩ Br,l. Note that q divides pBr,l and Lemma 31 gives that the number of prime ideals of Br,k is equal to Br,l, thus q= pBr,l.

Lemma 33. For every prime ideal p ⊂ Br,l the ideal pBR = S∞

i=lpBr,i is a prime ideal of Br.

Proof. Let a, b ∈ Br and ab ∈ pBr. There is a k > l such that ab ∈ pBr,k and also there is a k⁰ > k such that a, b ∈ Br,k⁰. Since pBr,k⊂ pBr,k⁰ we have that ab ∈ pBr,k⁰ and since it is prime either a ∈ pBr,k⁰ or b ∈ pBr,k⁰. Thus either a ∈ pBr or b ∈ pBr, making pBra prime ideal.

In the introduction we denoted Sp,ras the set of prime ideals of Brcontaining p and it now follows that Sp,r has at least as many prime ideals containing p as Bp,l.

Lemma 34. For p a prime ideal of Br,l the quotientBr/pBr is a field.

Proof. We know that Br,k/pBr,k is a finite field. Because of the primality of pBr the ring Br/pBr is an integral domain, which implies that Br/pBr is a commutative ring. Now we only have to find an inverse for elements of Br/pBr. Let a ∈ Br, then there is an positive integer k such that a ∈ Br,k. There is an element b ∈ Br,k, such that ab ≡ 1 (mod pBr,k). Then b is also in Brand since pBr,k⊂ pBralso ab ≡ 1 ± odpBr. Therefore b is the inverse of a in Br/pBr. Theorem 3. The cardinality of Sp,r is r^l and for every prime ideal P ∈Sp,r

there is a unique prime ideal p ofBr,l such that P= p · Br,l.

Proof. Let q ∈ Sp,r, then by Lemma 15 there is a unique prime ideal p of Br,l

such that p = q ∩ Br,l. Likewise for k ≥ l we find pBr,k = q ∩ Br,k, since by Lemma 31 the primes of Br,kand Br,lcorrespond. It follows thatS∞

i=lpBr,i⊂ q, and then by Lemma 34 it follows that pBr= q.

7 Finding bases

A⁰_r,k+1

A⁰_r,k B⁰_r,k+1

B_r,k⁰ Xr

Tr∆

Yr

Figure 1: bases In the previous section we found that

there are r^ldistinct prime ideals of Br

that contain p and in this section we will make a choice among these prime ideals.

In the quotient Br/p, where p ∈ Sp,r, the elements of Br,l are mapped under the quotient map to an element in Fp. To know where elements of Br,k

are mapped to under the quotient map, we will have to look at the ring gener- ators of Br,k+1over Br,k. The bases of the rings Ar,k and Ar,k+1will help use

find the generators of Br,k. A visual representation is given in Figure 1 which shows the steps we make towards finding the ring generators of Br,k+1.

Before we look at any basis, we will need to add¹_r to our rings to avoid some problems with the traces for r = 2. The localization should also make our lives easier for any prime r, when we want to find a basis for Ar,k[¹_r] as a module over Br,k[¹_r].

Notation. We will denote the ring Br,k[¹_r], Br[¹_r], Ar,k[¹_r] and Ar[¹_r] as respec- tively B⁰_r,k, B_r⁰, A⁰_r,k and A⁰_r.

Notation. We will write the set of the first n natural numbers {0, 1, 2, ..., n−1}

as Nn.

Consider the sets Xr which we define for r = 2 as the set {1, ζ4} and for r equal to an odd prime number as the set {ζ_rⁱ : i ∈ (Z/rZ)^∗}.

Lemma 35. The setXr is a basis forA⁰_r,i as a module over B_r,i⁰ for all i ≥ 0.

Proof. The set Xris a basis for Ar,0= Z[ζr] over Z thus also for A⁰r,i over B_r,i⁰ with i = 0. Proposition 6.2(d) from [9] for ζr implies that the discriminant of Ar,0 over Z is a power of r. Thus the greatest common divisor of this dis- criminant and of the discriminant of Br,i over Z is thus also a r power. Now we observe Br,i and Ar,i for i > 0, we know that Br,i· Ar,0 ⊂ Ar,i and thus B⁰_r,i· A⁰_r,0⊂ A⁰_r,i.

Lemma 8 and Corollary 13 tell us that the fields Q[ζr], Q[ζrrⁱ]^∆r and Q[ζrrⁱ] have respectively degree ϕ(r), rⁱ and ϕ(r)rⁱ over Q and therefore we can apply Lemma 6.5 from [9]. Applying our knowledge about the discriminant we see that for some N ∈ Z>0 the relation Ar,i⊂ _r¹NAr,0· Br,i holds. Since _r¹N ∈ Z⁰ it follows that the relation A⁰_r,0·B_r,i⁰ =_r¹NA⁰_r,0·B⁰_r,iholds and thus A⁰_r,i⊂ A⁰_r,0·B_r,i⁰ . Thus we find that A⁰_r,i = A⁰_r,0· B_r,i⁰ and thus the set Xr is also a basis for A⁰_r,i over B⁰_r,i

Remark. The set {1, ζ4} is not a basis for Z[ζ8] = A2,1 over Z[√

2] = B2,1, since ζ8=

√2(1+ζ4)

2 .

Lemma 36. The trace Tr∆r fromA⁰_r,i toB_r,i⁰ is surjective for alli ≥ 0.

Proof. From Lemma 12 it follows that #∆r = ϕ(r) and thus Tr∆r(Br,i) = ϕ(r) · Br,i. Now for r = 2 we find that Tr∆r(B_r,i⁰ ) = B_r,i⁰ and thus the trace Tr∆2 from A⁰_2,ito B_2,i⁰ is surjective. Now for r an odd prime number, notice that ζr∈ Ar,i and that Tr∆_r(ζr) = ζr+ ζ_r²+ ... + ζ_r^r−1= −1. The image Tr∆_r(Ar,i) is an ideal in Br,i and since −1 ∈ Tr∆_r(Ar,i) it follows that Tr∆_r(Ar,i) = Br,i.

Lemma 37. For odd prime numbers r the natural map ∆r ,→ (Z/rZ)^∗ is injective.

Proof. Let α ∈ ∆rsuch that α 6= 1 and notice that α^r−1= 1, since by Lemma 12 we have #∆r= r − 1. Note that the zeros in Zrof the polynomial X^r−1− 1 are precisely the elements of ∆r. Note that (X − α)(X − 1)|X^r−1 − 1 and we have the natural map q : Zr → Z/rZ such that for (ai)i≥0 ∈ Zr we have q((ai)_i≥0) = a1. Note that if q(α) = 1, then (X − q(α))(X − 1) = (X − 1)² and then X^r−1− 1 would be inseparable in Fr[X]. We know that X^r−1− 1 is separable in Fr[X], so we have a contradiction and thus q(α) 6= 1.

Let Yr,kfor r = 2 be the set {1, ζrr^k+1} and for r 6= 2 be the set {ζ_rr^δk+1: δ ∈

∆r} ∪ {1}.

Lemma 38. The setYr,k forms a basis forA⁰_r,k+1as an A⁰_r,k-module fork ≥ 0.

Proof. The set {1, ζrrⁱ, ζ_rr²i, ..., ζ_rr^ϕ(rri ⁱ⁾⁻¹} is a module basis for Ar,i over Z for all i ≥ 0, as also shown in Theorem 6.4 of [9]. Let a ∈ Ar,k+1, then there are zi∈ Z such that a =P

i∈N_{ϕ(rrk+1 )}ziζ_rrⁱ k+1. Now let yn :=P

j∈N_{ϕ(rrk )}zn+jr·ζ_rr^jk. Then the element a can be written as P

i∈Nryiζ_rrⁱ k+1. Thus for k ≥ 0 the set {ζ_rrⁱ k+1 : i ∈ Nr} is a module basis for Ar,k+1 over Ar,k. Now for r = 2 the lemma holds. Now assume r 6= 2 such that we can apply Lemma 37. Lemma 37 tells us that for every element y of Yr,k there precisely is one element ζ of {ζ_rrⁱ k+1: i ∈ Nr} such that ζ = ζ_rr^uky for u ∈ Z. Thus the lemma holds also for r 6= 2.

Lemma 39. Let , δ ∈ ∆r. The element Tr∆r(σδ(ζr)σ(ζrr^k)) is equal to the element Tr∆_r(ζrr^kσ⁻¹δ(ζr)).

Proof. The trace of σδ(ζr)σ(ζrr^k) can be written as the sum of conjugates.

Some manipulations with automorphisms give the identities below.

Tr∆r(σδ(ζr)σ(ζrr^k)) = X

u∈∆r

σu(σδ(ζr)σ(ζrr^k))

= X

u∈∆r

σu(σδ(ζr))σu(σ(ζ_rr^k))

= X

u∈∆r

σuδ(ζr)σu(ζrr^k)

Further notice that ∆r is a multiplicative group. Thus multiplying with an ele- ment is an automorphism of ∆r. Thus we can continue with our manipulations

using v = u.

X

u∈∆r

σuδ(ζr)σu(ζrr^k) = X

v∈∆r

σv⁻¹δ(ζr)σv(ζrr^k)

= Tr∆r(σ⁻¹δ(ζr)ζrr^k)

Now we will recall a definition from the introduction, which are the elements in the form of the previous lemma, since ζr= ζ_rr^rrk^k−1.

Definition 4. Define the elements ηr,k,i as Tr∆r(ζ_rr^1+irrk ^k−1).

Lemma 40. The ring B_r,k+1⁰ is generated as a module over B_r,k⁰ by the set {ηr,k+1,i+1: i ∈ Nr−1} ∪ {1}.

Proof. For r an odd prime number Lemma 38 gives a module basis for A⁰_r,k+1 over A⁰_r,k, such that for δ = δ (mod rr^k) we have the relation

A⁰_r,k+1= M

δ∈∆r

ζ_rr^δ k+1A⁰_r,k

⊕ A⁰_r,k.

Lemma 35 gives in the same case a module basis for A⁰_r,k over B_r,k⁰ such that for  =  (mod rr^k) we have

A⁰_r,k+1= M

δ∈∆r,∈∆r

ζ_rr^ k+1ζr^δB_r,k⁰ 

⊕ A⁰_r,k.

For r = 2 Lemma 38 gives a module basis for A⁰_r,k+1over A⁰_r,k, and we have the relation

A⁰_r,k+1= A⁰_r,k⊕ ζrr^k+1A⁰_r,k.

Furthermore we find a module basis for A⁰_r,k over B⁰_r,k from Lemma 35 such that

A⁰_r,k+1= (B_r,k⁰ ⊕ ζ4B_r,k⁰ ) ⊕ (ζ_rr^k+1B_r,k⁰ ⊕ ζ_rr^k+1ζ4B_r,k⁰ ).

For r equal to an odd prime number we define the sets E, D as ∆rand for r = 2 we will define E, D as {0, 1}.

There are elements bδ,∈ B⁰_r,kand a^† ∈ A⁰_r,ksuch that an element a ∈ A⁰_r,k+1 can be writen as:

a = a^†+ X

δ∈D,∈E

bδ,ζ_rr^ k+1ζ_r^δ.

Lemma 36 states that for b ∈ B⁰_r,k+1 there is an ab ∈ A⁰_r,k+1 such that b = Tr∆r(ab). Thus there are cδ,∈ B_r,k⁰ , a^†_b∈ A⁰_r,k such that

b = Tr∆r(a^†_b+ X

δ∈D,∈E

cδ,ζ_rr^ k+1ζ_r^δ).

From Lemma 39 and the linearity of the trace over B_r,k+1⁰ we find that b = Tr∆r(a^†_b) + X

δ∈D,∈E

cδ,Tr∆r(ζ_rr^k+1ζ_r^−1·δ).

Note that ⁻¹∆r = ∆r for all  ∈ ∆r. Thus for each δ⁰ ∈ ∆r we can define dδ⁰ :=P

δ,∈∆r:⁻¹δ=δ⁰bδ,such that we have b = Tr∆r(a^†) + X

δ⁰∈∆r

dδ⁰η_r,k+1,δ0.

The element Tr∆r(a^†) is an element of B⁰_r,k since a^†∈ Ar,k and for all δ⁰∈ ∆r

is dδ⁰ an element of B_r,k⁰ , because it is the sums of elements of B_r,k⁰ . Thus every element of B⁰_r,k+1can be written as the sum of products of an element of {ηr,k+1,i+1: i ∈ Nr−1} ∪ {1} times an element of B⁰_r,k.

8 The Standard Construction

Corollary 30 gives that B_r,l⁰ is mapped into Fpby the natural quotient map of a prime ideal from Sp,r. Theorem 3 tells us that given generators for an ideal of Br,lwe have generators for an ideal in Sp,r. Using a relation between the ideals containing p of B_r,l⁰ and Br,l we can use the ring generators of B⁰_r,l over Z to order Sp,r. We will use use the smallest prime ideal in terms of this ordering to define our standard field of characteristic p and degree r^l.

Theorem 5. For P ∈ Sp,r there is a unique system (aP,j)0≤j<lr of integers aP,j ∈ Np such that P is generated as a module over Br by p and {ηr,j+1,i− aP,i+jr: j ∈ Nl, i ∈ Nr}.

Proof. First we will find a set of ring generators for B_r,l⁰ over Z. Lemma 40 tells us that the set {ηr,j+1,i : i ∈ Nr−1}∪{1} generates B_r,j+1⁰ as a module over B⁰_r,j. If we take the union of these sets for j < l, then {ηr,j+1,i : i ∈ Nl, j ∈ Nr−1}∪{1}

we find a set of ring generators for B_r,l⁰ over B_r,0⁰ = Z.

Given a prime ideal p of Br,l such that p ∈ p, then by Lemma 7.6 of [2]

the localization of the quotient (Br,k/p)[¹_r] is canonically isomorphic to the quotient B_r,k⁰ /pB⁰_r,k. Note that gcd(p, r) = 1 and thus (Br,k/p)[¹_r] = (Br,k/p) and Corollary 30 gives then that B_r,k⁰ /pB⁰_r,k∼= Z/pZ. Note that a ring generator of B⁰_r,kis sent to an a ∈ Z/pZ by the quotient map of pB_r,k⁰ . Thus for j ∈ Nlr we can define apBr,j as the element in Npsuch that for j ∈ Nland i ∈ Nrwe have ηr,j+1,i− apBr,i+jr ≡ 0 (mod pB_r,l⁰ ). Then follows that pB_r,l⁰ = (p, ηr,j+1,i− aP,i+jr: j ∈ Nl, i ∈ Nr).

Now we will show that the generating set of p and pB⁰_r,l are equal. In the ring Br,l the ideal (p, ηr,j+1,i − aP,i+jr : j ∈ Nl, i ∈ Nr) ⊂ p has p-power index and after localization we have (p, ηr,j+1,i− aP,i+jr : j ∈ Nl, i ∈ Nr) = p⁰ and thus the p-power was also an r-power and since gcd(p, r) = 1 we find that(p, ηr,j+1,i− aP,i+jr: j ∈ Nl, i ∈ Nr) = p.

By Theorem 3 are the ideals in Sp,r of the form qBr with q ⊂ Br,l a prime ideal such that p ∈ q, in other words the generating set of q is also the generating set of an ideal in Sp,r.

Now every prime ideal in Sp,r corresponds to a system (ap,j)j∈Nlr of integers ap,j ∈ Np. Thus we can lexicographically order the set of prime ideals by this system.

Definition 6. Define pp,r as the prime ideal such that for a prime ideal q in Sp,r there is a j ∈ Nlr such that for i < j ap_p,r,i= aq,iand ap_p,r,j ≤ aq,j.

The prime ideal pp,r will function as the prime ideal under which we take the quotient.

Theorem 7. Denote the prime ideal p_p,r∩ Br,i as p_p,r,i and let ηp,j,i = ηp,j,i

(mod pp,r,k). For all k ≥ 0 the field Fp(ηr,l+k,0) has cardinality p^rk.

Proof. First note that ηr,l,0∈ Fp by Theorem 5 and thus for k = 0 the Lemma follows. For all k > 0 the ring B_r,k+l⁰ is generated as a module over B_r,k+1⁰ ₋₁ by the set {ηr,k+l,i+1: i ∈ Nr−1} ∪ {1} and notice that

ηr,j,0= − Tr∆r(ζ_rrk· −1) = − Tr∆r



ζ_rrk· X

i∈Nr−1

ζ_rⁱ⁺¹



= − X

i∈Nr−1

ηr,j,i+1.

Thus we can change the base by removing ηr,k+l,r−1and adding ηr,k+l,0, now we have a relative integral basis for Br,k+lover Br,k+l−1. Furthermore by Corollary 30 we have [Br,l+k/pp,r,l+k: Br,l+k−1/pp,r,l+k−1] = r and thus the set {ηr,k+l,i: i ∈ Nr−1} ∪ {1} is a vector basis for Br,l+k/pp,r,l+k over Br,l+k−1/pp,r,l+k−1.

Since ηr,k+l,0 is an element in a vector basis containing 1, we have that ηr,k+l,0 6∈ Br,l+k−1/pp,r,l+k−1. This means that ηr,k+l,0p^rk−1 6= ηr,k+l,0, while ηr,k+l,0p^rk = ηr,k+l,0 that is to say Fp(ηr,k+l,0) has cardinality p^rk.

So we find that Z/pZ is our field Fp for a prime number p and for r^k > 1 a prime power such that gcd(p, r) = 1 we found our standard field F_prk as Fp(ηr,k+l,0).

Note that for fields k, K, L such that K ∼= k[X]/(f (X) and L ∼= k[X]/(g(X)) with irreducible polynomials g, f ∈ k[X] we have an identity for tensor products

K ⊗kL ∼= L[X]/(f (X)).

For a prime number p and positive integer n there are prime numbers r1, r2, ..., rt

and positive numbers a1, a2, ..., at such that n = Qt

i=1r^a_iⁱ and for the field F with cardinality pⁿ we can apply this identity to find

F ∼= F1⊗kF2⊗k... ⊗kFt

where Fi is the finite field of cardinality p^raii for i ∈ {1, 2, ..., t}. Thus in fact have we shown that the algorithm of De Smit and Lenstra constructs correctly the finite fields of cardinality pⁿ where p is a prime number and n an integer such that p - n.

In the construction given by De Smit and Lenstra [4] there is a method such that F_ppk for p a prime number and k a positive integer is defined. With this remaining case the tensor product argument shows that the definition of De Smit and Lenstra is correct for Fpⁿ for p a prime number and n any positive integer.

References

[1] Robert B. Ash. A course in algebraic number theory, 2003. Chapter 8.1.3.

[2] Pete L. Clark. Commutative algebra. http://math.uga.edu/~pete/.

[3] Keith Conrad. Math 676. quadratic characters associated to quadratic fields.

[4] Bart de Smit and Hendrik W. Lenstra. Standard models for finite fields:

the definition.

[5] Bart de Smit and Hendrik W. Lenstra. Standard models for finite fields.

In Gary L Mullen, editor, Handbook of finite fields, Discrete Mathematics and Its Applications. CRC Press, Hoboken, NJ, 2013.

[6] Carl F. Gauss. Disquisitiones arithmeticae. 1801.

[7] Fernando Q. Gouvea. p-adic Numbers: An Introduction. Structure and Bonding. U.S. Government Printing Office, 1997.

[8] Frank L¨ubeck. Conway polynomials for finite fields. http://www.math.

rwth-aachen.de/~Frank.Luebeck/data/ConwayPol/index.html. Re- trieved 2014-7-2.

[9] James S. Milne. Algebraic number theory (v3.06), 2014. Available at www.jmilne.org/math/.

[10] Vreda Pieterse and Paul E. Black. Algorithms and theory of computa- tion handbook, 1999. http://www.nist.gov/dads/HTML/lasVegas.html (retrieved:2014-07-02).

[11] Peter Stevenhagen. Algebra 3, 2012. websites.math.leidenuniv.nl/algebra.