Finite Fields
You already know one family of finite fields:
\mathbb{F}_p = \mathbb{Z}/p\mathbb{Z}, the integers modulo a
prime
p. There you can add, subtract, multiply, and — because
p is prime — divide by anything nonzero. But is that all the finite
fields there are? Could there be a field with exactly 6 elements? With
4? With 100?
The answer is one of the cleanest classification theorems in all of algebra. A finite field can only
have p^n elements — a prime power — and for each such size
there is exactly one field, up to
isomorphism. No more, no
fewer. This unique object is the Galois field
\mathrm{GF}(p^n) = \mathbb{F}_{p^n}, named for
Galois, who died at twenty in a duel having already
rewritten the subject. So there is no field of order 6 or
100 (neither is a prime power), but there is a unique field of order
4, of order 8, of order
9, of order 27, and so on.
This one page pins down that classification: why the size must be a prime power, how
to build \mathbb{F}_{p^n}, and the single most useful fact about it — that
its nonzero elements form a cyclic group, generated by a single "primitive" element
whose powers sweep out the whole field.
Why the size must be a prime power
Take any finite field \mathbb{F}. Its
prime
subfield — the copy of \{0, 1, 1+1, \dots\} you generate by
adding 1 to itself — must loop back to 0 after
finitely many steps (the field is finite), and it must loop after a prime number of steps
p, because otherwise there would be zero divisors. So
\mathbb{F} contains a copy of \mathbb{F}_p, and it
has characteristic p.
Now view \mathbb{F} as a
vector space
over that base field \mathbb{F}_p — exactly the field-extension viewpoint. It
is finite, so it has a finite
dimension, say
n. A vector space of dimension n over a field with
p elements has exactly p^n vectors — pick each of
the n coordinates independently from p choices.
That is the whole argument:
\lvert \mathbb{F} \rvert = p^{\,[\mathbb{F} : \mathbb{F}_p]} = p^n.
There is no room for a field of order 6 = 2 \cdot 3: six is not
p^n. The very same counting forbids 10, 12, 15, 100
and every other non-prime-power.
Building the fields
Existence is the other half. For n = 1 we already have
\mathbb{F}_p = \mathbb{Z}/p\mathbb{Z}. For larger
n, the field \mathbb{F}_{p^n} is the
splitting
field of the polynomial
x^{\,p^n} - x \quad \text{over } \mathbb{F}_p.
Its p^n distinct roots are the elements of the field — they form a
subfield, and there are exactly p^n of them. Equivalently, and more usefully
for hand computation, you adjoin a root of an irreducible polynomial of degree
n over \mathbb{F}_p:
\mathbb{F}_{p^n} = \mathbb{F}_p[x]/(f) for any such
f. Different irreducible f of the same degree give
the same field up to isomorphism — that is the uniqueness half of the theorem.
Worked example: the field of four elements
Build \mathbb{F}_4. Over \mathbb{F}_2 = \{0, 1\}
the polynomial x^2 + x + 1 is irreducible: it has no root in
\mathbb{F}_2 (test 0 \mapsto 1,
1 \mapsto 1, neither is 0). Adjoin a root
\alpha, so \alpha^2 + \alpha + 1 = 0, i.e.
\alpha^2 = \alpha + 1 (signs don't matter in characteristic
2). The four elements are
\mathbb{F}_4 = \{\, 0,\ 1,\ \alpha,\ \alpha + 1 \,\}.
Addition is componentwise mod 2: for instance
\alpha + (\alpha + 1) = 2\alpha + 1 = 1, and every element is its own
negative. Multiplication uses the relation
\alpha^2 = \alpha + 1 to fold high powers back down:
\alpha \cdot \alpha = \alpha^2 = \alpha + 1, \qquad
\alpha \cdot (\alpha + 1) = \alpha^2 + \alpha = (\alpha + 1) + \alpha = 1.
That last line says \alpha and \alpha + 1 are
multiplicative inverses — every nonzero element has an inverse inside the set, so
\mathbb{F}_4 really is a field. Notice the three nonzero elements
1, \alpha, \alpha + 1 are just \alpha^3 = 1,
\alpha^1, \alpha^2 — the powers of
\alpha cycle through all of them.
The multiplicative group is cyclic
That last observation is the deepest structural fact about a finite field, and it is worth stating
precisely. The nonzero elements \mathbb{F}_q^{\times} (where
q = p^n) form a group under multiplication of order
q - 1 — and that group is always
cyclic.
-
A finite field has order q = p^n for a prime
p and integer n \ge 1; conversely, for every
such q there is a field of that order, unique up to
isomorphism, written \mathbb{F}_q or
\mathrm{GF}(q).
-
The multiplicative group \mathbb{F}_q^{\times} of nonzero elements is
cyclic of order q - 1: there is a primitive
element g whose powers
g^0, g^1, \dots, g^{q-2} list every nonzero element exactly once.
-
The map \phi : x \mapsto x^p — the Frobenius
automorphism — is a field automorphism fixing \mathbb{F}_p, and
it generates all the symmetries of \mathbb{F}_{p^n} over
\mathbb{F}_p.
Being cyclic means multiplication becomes addition of exponents. Fix a primitive element
g; then every nonzero element is a power g^k, and
g^i \cdot g^j = g^{\,i + j \bmod (q-1)}. Lay the powers evenly around a
circle and multiplication is just rotation — exactly the picture of the
(q-1)th roots of unity. The figure below shows
\mathbb{F}_8^{\times}, cyclic of order 7: seven
powers of a generator spaced around a circle.
The Frobenius map \phi(x) = x^p is the other structural gift. In
characteristic p the "freshman's dream"
(a + b)^p = a^p + b^p is true (the binomial coefficients in between
are all divisible by p), so \phi respects both
operations — it is an automorphism. Its fixed points are exactly the solutions of
x^p = x, which is \mathbb{F}_p itself. Frobenius is
the engine that drives the entire Galois theory of finite fields.
The single most common error is to think the field of order 4 is the clock
ring \mathbb{Z}/4\mathbb{Z} = \{0, 1, 2, 3\}. It is not — and
\mathbb{Z}/4\mathbb{Z} is not even a field. In it,
2 \cdot 2 = 4 \equiv 0: two nonzero elements multiply to zero, so
2 is a zero divisor and can never have a multiplicative
inverse. A field has no zero divisors, so \mathbb{Z}/4\mathbb{Z} is out.
The general rule: \mathbb{Z}/n\mathbb{Z} is a field if and only if
n is prime. When n is composite, some
factor of n is a zero divisor. So for
n = p^k with k > 1, the ring
\mathbb{Z}/p^k\mathbb{Z} and the field
\mathbb{F}_{p^k} are completely different objects of the same size.
The genuine field \mathbb{F}_4 is
\mathbb{F}_2[x]/(x^2 + x + 1) — built by adjoining a root, not by counting
mod 4.
Knowing a generator exists is not the same as knowing which element it is. In
\mathbb{F}_8^{\times} (order 7, prime) every
nonzero element except 1 is a generator, so it is easy. But in a field where
q - 1 has many factors, an element g is primitive
exactly when g^{(q-1)/\ell} \neq 1 for every prime
\ell dividing q - 1. There is no known fast
deterministic algorithm that always writes one down, yet primitive elements are plentiful — a
\varphi(q-1)/(q-1) fraction of the group generates it — so picking at random
and testing works beautifully in practice. This is precisely why finite fields power real cryptography:
cyclic structure that is easy to compute forward and hard to invert.