Fields and Their Applications

AES-256 encrypts every HTTPS request. Every SubBytes operation is a multiplicative inverse computation in GF(2^8). A bug in that field multiplication is a cryptographic break. NIST selected AES in 2001 precisely because the algebra of GF(2^8) makes the cipher mathematically analyzable. Reed-Solomon over GF(2^8) is the backbone of QR codes, CDs, DVDs, and satellite communications. Bitcoin ECDSA lives in E(F_p) - an elliptic curve group over a prime field. Behind all of this: one structure, written by Galois the night before he died at 20.

• AES: SubBytes and MixColumns are linear algebra over GF(2^8). The entire cipher is arithmetic in a finite field
• Reed-Solomon: codes over GF(2^8) recover QR code data (up to 30% loss), CD/DVD, RAID-6, 5G NR
• ECDSA (Bitcoin, TLS 1.3): signatures are elements of field F_n, where n is the order of the secp256k1 group
• CRYSTALS-Kyber (NIST PQC 2024): NTT over Z_3329 is a discrete transform in a finite field

Предварительные знания

• Rings: Addition and Multiplication

What Is a Field: Axioms and Examples

1830. Evariste Galois is 18. The night before a duel, he writes a theory that will explain why degree-5 equations cannot be solved in radicals. One hundred and seventy years later, his Galois fields guard every TLS connection on the internet.

A **field** is a commutative ring with unity where every nonzero element has a multiplicative inverse. Two operations, full invertibility for multiplication. Q, R, C are fields. Z is not: 2 has no inverse among integers. GF(2) = {0,1} with 1+1=0 is also a field - and this is not exotic: it is the foundation of all binary arithmetic.

**Characteristic of a field**: the smallest n such that 1+1+...+1 (n times) = 0. For Q, R, C the characteristic is 0 - no such n exists. For GF(p) the characteristic is the prime p. This invariant completely separates fields: characteristic-0 fields contain a copy of Q; characteristic-p fields contain a copy of GF(p).

Finite Fields GF(p^n): Structure and Uniqueness

Q, R, C are all fields. GF(2) = {0,1} is also a field: 1+1=0. GF(p^n) are finite fields with exactly p^n elements. They exist for every prime p and every n - and nowhere else. This rigidity makes them ideal for cryptography: there is no 'nearby' field with a slightly different element count to exploit.

**Galois's theorem**: a finite field exists if and only if its order equals p^n for a prime p and n >= 1. Such a field is unique up to isomorphism. Notation: GF(p^n) or F_{p^n}. Note that GF(4) != Z/4Z - because 4 = 2^2 is not prime.

**Why GF(2^8) for AES**: XOR between bytes is addition in GF(256). Multiplication goes through shifts and XOR with the modulus polynomial. All of AES is linear algebra over GF(256). NIST chose this structure because the algebra of a finite field makes the cipher mathematically analyzable - and provably sound.

Field Extensions and Applications: from GF(4) to Kyber

A **field extension** F ⊆ K is a situation where K is itself a field containing F as a subfield. The tower Q ⊆ R ⊆ C is the familiar example. Finite fields are constructed via extensions: GF(p^n) = GF(p)[x]/(f(x)), where f is an irreducible polynomial of degree n over GF(p). Literally a quotient ring of polynomials by an irreducible modulus.

**Abel-Ruffini theorem**: a general polynomial of degree >= 5 cannot be solved in radicals. The proof goes through Galois theory: the Galois group of the extension F ⊆ K encodes the symmetries of the roots. Solvability of the equation corresponds to solvability of the group. For degree >= 5, the group S_5 is not solvable. Galois wrote this in a letter to a friend the night before his duel.

**IEEE 754: not a field**: floating-point numbers violate associativity: (a+b)+c != a+(b+c) due to rounding. This is precisely why ML training results are not reproducible: GPU operation order changes, sums arrive in different sequences. Finite fields do not have this problem - associativity is exact.

Key Ideas

• Field = commutative ring with unity where every nonzero element is invertible. Division always works
• Z/nZ is a field if and only if n is prime. Composite n produces zero divisors
• GF(p^n): finite fields exist and are unique for each prime power p^n. Nowhere else
• GF(p^n) = GF(p)[x]/(f), where f is irreducible of degree n. A quotient ring of polynomials
• AES, Reed-Solomon, ECDSA, Kyber all operate inside Galois fields
• IEEE 754 violates associativity - not a field. Hence ML non-reproducibility

What's next

Quotient groups and Galois theory close the picture: symmetries of field extensions explain equation solvability.

• Quotient Groups — G/N generalizes the quotient ring; first isomorphism theorem
• Galois Theory: Introduction — The Galois group of an extension encodes the symmetries of the equation's roots
• Algebra in Cryptography — RSA, ECDSA, AES as concrete applications of finite fields

Вопросы для размышления

• Construct GF(4) explicitly: write out addition and multiplication tables for {0, 1, a, a+1} where a^2 = a+1. Verify that every nonzero element has an inverse.
• Why is IEEE 754 not a field? Find a concrete counterexample of associativity failure with small numbers.
• Reed-Solomon over GF(2^8) can recover 14 corrupted bytes out of 255. Why is 255 = 2^8 - 1 not a coincidence?

Связанные уроки

• aa-04-rings — A field is a special commutative ring with multiplicative inverses
• aa-06-quotient — Quotient ring F_p[x]/(f) constructs field extensions
• aa-10-galois-intro — Galois theory studies symmetries of field extensions
• aa-21-algebra-crypto — RSA, ECDSA, AES all live inside finite fields
• aa-22-linear-codes — Reed-Solomon over GF(2^8) is the basis of QR and DVD
• nt-03 — Z/nZ at prime n is the prototype of a finite field GF(p)
• crypto-04-algebraic-structures
• crypto-26-ecc-math