Special properties of binary Galois field

Question

Consider two finite field $A=GF(2^{2k})$ and $B=GF(2^{2n+1})$, where by $GF$ mean Galois field and $k$ and $n$ are two natural number. Assume the following equation $$ x^2+x+1=0 \tag{1} $$ First question: How to prove that the equation $(1)$ has exactly two solutions in the finite field $A$ and there is no solution for the equation $(1)$ in the Galois field $B$.

Second question: Assume the following two condtions

$$ \begin{array}{ccc} \sum_{i=1}^4\, \alpha_i=\alpha_1+\alpha_2+\alpha_3+\alpha_4=0 & & \\ &&\tag{2} \\ \sum_{i=1}^4\, \alpha_i^5=\alpha_1^5+\alpha_2^5+\alpha_3^5+\alpha_4^5=0 & & \end{array} $$ where $\alpha_i$, $1\leq i \leq 4$, are elements of a finite field. How to show that the conditions $(2)$ hold by the four elements of finite field $A$ but there are no four elements in the finite field $B$ such that satisfy in the conditions $(2)$.

For example, consider the Galois field $A=GF(2^4)$ that is constructed by the polynomial $\beta^4+\beta^3+1=0$. We can check that the following four elements of finite field $A=GF(2^4)$ hold in the conditions $(2)$: $$ (\alpha_1,\alpha_2,\alpha_3,\alpha_4)=(1,\beta,\beta^2+1,\beta^2+\beta)\,. $$ Thanks for any suggestion.

Edition:

One of the most important matrix in the cryptography is MDS matrix. An interesting method for construction of MDS matrix is by Vandermonde matrix. A vandermonde matrix is defined as follows

\begin{equation} A=\left( \begin{array}{ccccc} 1 & a_1 & a_1^2 & \cdots & a_1^{n-1}\\ 1 & a_2 & a_2^2 & \cdots & a_2^{n-1}\\ \vdots & \vdots & \vdots & \vdots &\vdots \\ \vdots & \vdots & \vdots & \vdots &\vdots \\ 1 & a_{n-1} & a_{n-1}^2 & \cdots & a_{n-1}^{n-1}\\ 1 & a_n & a_n^2 & \cdots & a_n^{n-1}\\ \end{array} \right)\, . \end{equation}

where $a_i$, $1\leq i \leq n$, are elements of $GF(2^{q})$, that is denoted with

$$ A=van(a_1,a_2,\cdots, a_n)\, . $$

It is proved in this article that if

$$ A=van(a_1,a_2,\cdots, a_n) \quad , \quad B=van(b_1,b_2,\cdots, b_n)\, . $$

be two vandermonde matrix such that $a_i\neq b_j$ for $1\leq i,j \leq n$ then the matrices $A\,B^{-1}$ and $B\, A^{-1}$ are MDS matrices. Now, consider the following vandermonde matrix of order $4$:

\begin{equation} C=\left( \begin{array}{cccc} 1 & \alpha_1 & \alpha_1^2 & \alpha_1^3\\ 1 & \alpha_2 & \alpha_2^2 & \alpha_2^3\\ 1 & \alpha_3 & \alpha_3^2 & \alpha_3^3\\ 1 & \alpha_4 & \alpha_4^2 & \alpha_4^3\\ \end{array} \right)\, . \end{equation}

where $\alpha_i$, $1\leq i \leq n$, are elements of $GF(2^{2q})$ and satisfy in the condition $(2)$ and are distinct. It can be proved that the inverses of matrix $C$, denoted with $C^{-1}$, can be obtained in the following form

\begin{equation} C^{-1}=\left( \begin{array}{cccc} u\,\alpha_1^3 +u\,v & u\,\alpha_2^3 + u\,v & u\, \alpha_3^3 +u\, v & u\, \alpha_4^3 + u\, v \\ u\, \alpha_1^2 & u\, \alpha_2^2 &u\, \alpha_3^2 &u\, \alpha_4^2\\ u\, \alpha_1 & u\, \alpha_2 & u\, \alpha_3 & u\, \alpha_4\\ u & u & u & u\\ \end{array} \right)\, . \end{equation}

where $u$ and $v$ are defined as follows $$ u=\sum_{i=1}^4\, \alpha_i^{-3}\quad , \quad v=\sum_{i=1}^4\, \alpha_i^{3} $$

The last result about the form of $C^{-1}$ matrix, is part of my research about MDS matrix.

Thanks for all useful comments and answer Professor Jyrki Lahtonen.

Answer 1

This depends on Newton's identities relating certain symmetric polynomials to each other (alternatively you can just crank this out with pencil-and-paper work).

If we denote by $e_1,e_2,e_3,e_4$ the elementary symmetric functions, i.e. the coefficients of $$ P(x)=(x-\alpha_1)(x-\alpha_2)(x-\alpha_3)(x-\alpha_4)=x^4+e_1x^3+e_2x^2+e_3x+e_4, $$ and by $p_i, i\in\Bbb{N},$ the power sum $$ p_i=\alpha_1^i+\alpha_2^i+\alpha_3^i+\alpha_4^i, $$ then by the so called Freshman's dream (in characteristic two) we get $$ \begin{aligned} p_1&=e_1,\\ p_2&=\alpha_1^2+\alpha_2^2+\alpha_3^2+\alpha_4^2=(\alpha_1+\alpha_2+\alpha_3+\alpha_4)^2=e_1^2,\\ p_4&=e_1^4, \end{aligned} $$ and then a couple of applications of Newton's identities eventually give that $$ p_5=e_1^5+e_2e_1^3+e_3e_1^2+e_2^2e_1+e_2e_3+e_1e_4.\qquad(*) $$

Your system $(2)$ states that $p_1=e_1=0$ and that $p_5=0$. Plugging in $e_1=0$ into $(*)$ then gives the simple consequence $$ 0=p_5=e_2e_3. $$ So we can conclude that if $(\alpha_1,\alpha_2,\alpha_3,\alpha_4)$ is a solution of $(2)$ then either $e_3=0$ or $e_2=0$.

Let us first look at the case $e_3=e_1=0$. Then we have $$ \begin{aligned} P(x)&=x^4+e_1x^3+e_2x^2+e_3x+e_4\\ &=x^4+e_2x^2+e_4\\ &=(x^2+\sqrt{e_2}x+\sqrt{e_4})^2, \end{aligned} $$ by the Freshman's dream and the fact that in any finite field of characteristic two every element has a (unique) square root. This shows that all the roots of $P(x)$ are double roots contradicting the assumption that the $\alpha_i$s were to be distinct. Observe that this argument works equally well for the field $A$ as well as the field $B$.

The other case $e_2=e_1=0$ is different. This time $$ P(x)=x^4+e_3x+e_4. $$ Let us fix the field $K=GF(2^m)$. The following trick from the theory of linearized polynomials allows us to make progress. Let $L(x)=x^4+e_3x$. Again by Freshman's dream we have $$ L(a+b)=L(a)+L(b)\qquad(**) $$ for all $a,b\in K$. If $\alpha_i,i=1,2,3,4,$ are four distinct zeros of $P(x)$, then $L(\alpha_i)=P(\alpha_i)+e_4=e_4$. By $(**)$ this implies that for all $i=2,3,4$ we have $$ L(\alpha_i-\alpha_1)=L(\alpha_i)+L(\alpha_1)=e_4+e_4=0. $$ As $L(0)=0$ the (linearized) polynomial $L(x)$ also has four zeros. But $$ L(x)=x(x^3+e_3), $$ so the non-zero roots of $L(x)$ are exactly the cubic roots of $e_3$. This explains why we get different behavior according to parity of $m=[K:GF(2)]$. Namely:

• If $m$ is odd, then $3\nmid 2^m-1$. As the group $K^*$ is cyclic of order $2^m-1$ this implies that every element of $K$ has a unique cube root in $K$. Applying this to $e_3\in K$ implies that $L(x)$ has exactly two roots in $K$, and therefore $P(x)$ cannot have four roots in $K$ either.
• On the other hand id $m$ is even, then $3\mid 2^m-1$, and the cubes of $K^*$ form a subgroup of index three - each with three cube roots. In this case the polynomial $L(x)$ has four distinct roots in $K$ whenever $e_3$ is a non-zero cube in $K$. Therefore for some choice of $(e_3,e_4)$ the polynomial $P(x)$ has the required four distinct solutions. Consequently system $(2)$ also has solutions of the required type. An easy example is when $\alpha_i,i=1,2,3,4,$ range over the elements of the subfield $GF(4)$. In that case $\alpha_i^5=\alpha_i^2$ and it is easy to check that you get a solution.