# Subfields

## 1. What is a subfield?

A large field can contain a smaller field. For instance, $\mathbb{F}_{2^k}$ always contains as a sub-field the 2-element subset $\mathcal{S} = \left\{0,1\right\}$ consisting of constant polynomials — it is easy to check that this subset satisfies the definition of field (it is closed under addition and multiplication; it contains a zero element and an identity element; every element has an opposite element in $\mathcal{S}$ since $-0 = 0$ and $-1 = 1$ in $\mathbb{F}_{2^k}$; addition and multiplication are commutative etc.). Another way to see that this two-element subset is a field is to notice that it can be identified with $\mathbb{F}_{2} = \mathbb{Z}_{2}$, as the addition and multiplication of elements $0$ and $1$ are defined in $\mathbb{F}_{2^k}$ the same way as in $\mathbb{F}_{2}$ (so one can say that $\mathbb{F}_{2^k}$ contains $\mathbb{F}_{2}$ as a subfield). More generally:

Let $\mathcal F$ be a field. A subset $\mathcal{S} \subseteq \mathcal F$ is called a **subfield** of $\mathcal F$ if $\mathcal{S}$ is a field itself with respect to the operations of $\mathcal F$.

By this definition, every field is a subfield of itself. But it may also contain strictly smaller subfields. Those are called the **proper subfields**. For example, as we saw, $\mathbb{F}_{2}$ is a proper subfield of $\mathbb{F}_{2^k}$ for $k > 1$.

A practical criterion for checking whether a subset of a field is a subfield is the following:

**Proposition (Subfield criterion).** Let $\mathcal F$ be a field. A subset $\mathcal{S} \subseteq \mathcal F$ is a subfield of $\mathcal F$ if and only if it contains the zero and identity element of $\mathcal F$, is closed under the multiplication, addition and taking opposite elements of $\mathcal F$, and $\mathcal{S}\setminus \{0\}$ (the set of non-zero elements belonging to $\mathcal{S}$) is closed under taking inverses in $\mathcal F$.

Which of the following sets of real numbers are subfields of the field $\mathbb R$?

- $\mathbb Q$, the set of rational numbers Answer
- $\mathbb Z$, the set of integers Answer
- $\{ \ldots, \frac14, \frac12, 1, 2, 4, 8, \ldots \}$, the set of integer powers of $2$ Answer
- $\mathbb R$, the set of all real numbers Answer
- $\{0\}$, the one-element set consisting of number zero Answer
- $\{0, 1\}$ Answer

## 2. Subfields in finite fields

The definition and criterion above hold for both finite and infinite fields. But the simplest way to find a sub-field of a finite field is to find an non-invertible element that generates the entire multiplicative group of a sub-field. Such an element must exist, since the multiplicative group of a finite field is always generated by a single element, as we know from the previous lesson Multiplicative group in finite fields.

For example, $\mathbb{F}_{16}$ specified by the polynomial $\alpha^4+\alpha^3+ \alpha^2+\alpha+ 1$ might contain subfields of size $2$ and $4$, as elements in the multiplicative group have orders $1$, $3$, $5$ and field sizes must be powers of primes. For instance, let us consider the element $\alpha^3+ \alpha^2$ and see whether it generates the multiplicative group of some subfield. The element $\alpha^3+ \alpha^2$ has order $3$ in the multiplicative group of $\mathbb{F}_{16}$ since \[\begin{align*} (\alpha^3+ \alpha^2)(\alpha^3+ \alpha^2)&=\alpha^3+\alpha+ 1,\\ (\alpha^3+ \alpha^2)(\alpha^3+\alpha+ 1)&=1\enspace. \end{align*}\]

So it is plausible that these three powers of $\alpha^3+ \alpha^2$ together with zero could form a subfield of $\mathbb{F}_{16}$, which is a representation of the four-element field $\mathbb{F}_4$. To check that this four-element subset $\{0,\ 1,\ \alpha^3+ \alpha^2,\ \alpha^3+\alpha+ 1\}$ is indeed a subfield by using Proposition (Subfield criterion), we need to check that it is closed under addition and taking opposite element, since closedness of the three-element subset $\{1,\ \alpha^3+ \alpha^2,\ \alpha^3+\alpha+ 1\}$ under multiplication and inverses follows from the fact that it is the fact that by construction it is a subgroup of the multiplicative group of $\mathbb{F}_{16}$ (namely the one generated by the element $\alpha^3+ \alpha^2$) and a subset of a field that is closed under multiplication obviously stays so if we add zero to it. Closedness under taking opposite element is also obvious, since in the field $\mathbb{F}_{16}$, the opposite of any element is the element itself. Closedness under addition is easy to verify by direct computation (basically by computing the 4-by-4 addition table of this four-element set and check that all the entries lie in the set — but for most entries this is trivially true, so not much actual computation is needed). Therefore the four-element subset $\{0,\ 1,\ \alpha^3+ \alpha^2,\ \alpha^3+\alpha+ 1\} \subset \mathbb{F}_{16}$ turns indeed out to be a subfield. So $\mathbb{F}_{16}$ contains $\mathbb{F}_{4}$ as a subfield.

Actually it turns out that this manual verification of closedness under addition and opposite element was unnecessary, thanks to the following result, which we will not prove here.

**Theorem.** Let $p$ be a prime, $k$ a positive integer and $a$ a non-zero element of $\mathbb F_{p^k}$. The set of all integer powers of $a$ together with the zero element is a subfield of $\mathcal F$ if and only if the order of $a$ in the multiplicative group of $\mathbb F_{p^k}$ is of the form $p^\ell - 1$ where $j$ is a positive integer.

Indeed, the theorem says that since the order of $\alpha^3+ \alpha^2$ in the multiplicative group is of the form $2^\ell-1$ (because $3 = 2^2-1$), the powers of $\alpha^3+ \alpha^2$ together with $0$ must form a subfield of $\mathbb F_{16}$.

Prove that $\mathbb{F}_{p^\ell}$ is a sub-field of $\mathbb{F}_{p^k}$ if and only if $p^\ell-1$ divides $p^k-1$.

*Hint:* Consider the orders of generators.

Which of the fields $\mathbb{F}_4,\mathbb{F}_8,\mathbb{F}_{16},\ldots,\mathbb{F}_{256}$ contain proper subfields of size more than two? Solution.

Since we know that our example subfield $\{0,\ 1,\ \alpha^3+ \alpha^2,\ \alpha^3+\alpha+ 1\} \subset \mathcal F_{16}$ is the four-element field $\mathbb F_4$, we could obviously use raw encoding of these polynomials $0000$, $0001$, $1100$ and $1011$ to represent $\mathbb{F}_4$. However, this representation is wasteful: since $\mathbb{F}_4$ contains four elements, these elements can be represented by two bits instead of four. Moreover, we know that $\mathbb{F}_4$ can be constructed as a set of polynomials of first degree with coefficients in $\mathbb Z_2$; these coefficients can be stored in two bits in a natural way, so it is also convenient to make computations in the two-bit representation (in other words, packing the elements into two bits does not come at the expense of CPU usage). So we haven't found a better representation of $\mathbb{F}_4$ than we knew before, but knowing that the field $\mathbb{F}_{16}$ contains $\mathbb{F}_4$ is still a nice mathematical insight, which may be useful. For example, if we have variables with values in the field $\mathbb{F}_{16}$ and at some point we realize that the values of the variables actually only belong to the set $\{0000, 0001, 1100, 1011\}$ then we can re-encode the variables into two bits to enchance memory and CPU efficiency of the field operations.

Let $\mathbb{F}_4$ be specified by the polynomial $\beta^2+\beta+ 1$. Define the corresponding isomorphism from $\mathbb{F}_4$ to the subset $\{0,\ 1,\ \alpha^3+ \alpha^2,\ \alpha^3+\alpha+ 1\}$ of $\mathbb{F}_{16}$.