Extension Field - Shuang's Crypto Notes

Table of Contents

What is an Extension Field?

An extension field \( \mathbb{F}_{q^m} \) is constructed by extending a smaller field \( \mathbb{F}_q \) (the base field) with additional elements, typically through the introduction of a root of an irreducible polynomial over \( \mathbb{F}_q \).

\( q \): The size (cardinality) of the base field \( \mathbb{F}_q \), often a prime \( p \) or a power \( p^k \).
\( m \): The extension degree, which determines the size of the extension field \( \mathbb{F}_{q^m} \).

The extension field \( \mathbb{F}_{q^m} \) has \( q^m \) elements and can represent more values than the base field \( \mathbb{F}_q \).

Example:

I have a binary field with two element {0,1}, I can represent 2 element, but I want to be able to represent 4 elements, so I introduce complex number i, now I can represent 4 elements as a+bi with a and b belongs to {0,1}, then this is the extension field? can you give me more rigorous description of what i described?

Rigorous Description

1. The Base Field

The base field is \( \mathbb{F}_2 = \{0, 1\} \), the finite field with two elements. The field operations (addition and multiplication) follow the rules of modulo 2 arithmetic:

\( 0 + 0 = 0, \, 1 + 1 = 0, \, 1 + 0 = 1 \)
\( 0 \cdot 0 = 0, \, 1 \cdot 1 = 1, \, 1 \cdot 0 = 0 \)

This field has size \( 2 = 2^1 \), where \( 1 \) is the degree of the field.

2. The Goal

You want a field with \( 4 = 2^2 \) elements. To achieve this, you construct an extension field \( \mathbb{F}_{2^2} \), which is a degree-2 extension of \( \mathbb{F}_2 \).

3. Constructing the Extension Field

To construct an extension field, we use the concept of a polynomial ring over \( \mathbb{F}_2 \):

Consider polynomials of the form \( f(x) = a_0 + a_1x + a_2x^2 + \dots \), where coefficients \( a_i \in \mathbb{F}_2 \).
To limit the size of the field, choose an irreducible polynomial \( p(x) \) of degree 2 over \( \mathbb{F}_2 \). For example, \( p(x) = x^2 + x + 1 \) is irreducible over \( \mathbb{F}_2 \).

Now, define the extension field \( \mathbb{F}_{2^2} \) as the set of polynomials modulo \( p(x) \). The elements of \( \mathbb{F}_{2^2} \) are:

\( \mathbb{F}_{2^2} = \{ a + bx \mid a, b \in \mathbb{F}_2 \}, \)

where \( x \) satisfies the relation \( x^2 + x + 1 = 0 \) (from \( p(x) \)).

4. Field Elements

The elements of \( \mathbb{F}_{2^2} \) are:

\( \{ 0, 1, x, 1 + x \}, \)

where \( x \) is the root of the irreducible polynomial \( p(x) = x^2 + x + 1 \).

These elements can also be represented as \( a + bx \), with \( a, b \in \mathbb{F}_2 \).

What is an Irreducible Polynomial?

An irreducible polynomial is a non-constant polynomial that cannot be factored into the product of two smaller-degree polynomials over the same field. It is analogous to a prime number in integer arithmetic.

Key Properties of an Irreducible Polynomial:

It has no roots in the base field.
It cannot be written as \( f(x) = g(x) \cdot h(x) \), where \( g(x) \) and \( h(x) \) are polynomials with lower degrees and coefficients in the base field.

For example, over \( \mathbb{F}_2 \):

\( x^2 + x + 1 \) is irreducible because it cannot be factored into lower-degree polynomials with coefficients in \( \mathbb{F}_2 \).
\( x^2 + 1 \) is not irreducible because it can be factored as \( (x + 1)(x + 1) \) in \( \mathbb{F}_2 \).

We use irreducible polynomials to construct extension fields, ensuring the result is a proper field (closed under addition, multiplication, and inverses).

Why Do We Use Irreducible Polynomials and Modulo \( p(x) \)?

1. Defining the Extension Field

An irreducible polynomial \( p(x) \) creates a structure where:

The set of all polynomials modulo \( p(x) \) forms a field \( \mathbb{F}_{q^m} \).
Every nonzero element has a multiplicative inverse, ensuring it satisfies all field properties.

2. Preventing Factoring or Splitting

Irreducible polynomials ensure that the field does not “break apart” into smaller components. If \( p(x) \) were reducible, the resulting structure would not be a field (it might be a ring but not a field).

3. Efficient Computation

Modulo \( p(x) \) arithmetic ensures we only work with polynomials of degree \( < m \). This keeps the representation compact and simplifies computations.

Analogy with Integer Modulo Arithmetic

This concept is similar to modular arithmetic for integers:

Integers modulo \( n \) (e.g., \( \mathbb{Z}/n\mathbb{Z} \)) form a cyclic group.
Prime numbers \( n \) correspond to irreducible polynomials \( p(x) \). Just as prime numbers are used to create modular arithmetic groups (e.g., \( \mathbb{Z}/p\mathbb{Z} \)), irreducible polynomials are used to create polynomial fields \( \mathbb{F}_q[x]/p(x) \).