In view of Fermat's little theorem we have x^q = x for each x F. Hence X - x divides X^q - X. As gcd(X - x,X - y) = 1 for x, y F with x y, their product _{x F} (X - x) divides X^q - X. But both polynomials are of degree q, and their leading coefficients are both 1, so they are equal.

It follows from an earlier proposition that the subset M = {x F | x^r = x} is a subfield of F.

It remains to verify that the subfield has order r. As b | a, we have r - 1 = p^b - 1 |p^a - 1 = q - 1 , and so X^{r - 1} - 1 | X^{q - 1} - 1, whence X^r - X | X^q - X. According to Part 1, the latter polynomial factors completely into linear factors, and hence so does X^r - X. This means that M has exactly r elements.

Put L = Z/pZ[X]/(f). Let b = X + (f) L. Then b is a zero of f in L, but also of X^q - X. Since both are polynomials of Z/pZ[X], their gcd, that is, gcd(f,X^q - X) is not a constant. But since f is irreducible, the gcd coincides with f and so f divides X^q - X.

Now let x F be a root of f. Then

: Z/pZ[X] -> F,     g(X) -> g(x)

is a morphism of fields with kernel (f). The image of is the subring Z/pZ[x] of F generated by x. The First Isomorphism Theorem for Rings gives that L = Z/pZ[X]/(f) is isomorphic to Z/pZ[x]. But L has order p^a, so

| Z/pZ[x]| = p^a = |F|.

Thus Z/pZ[x], being a subring of F of the same size as F, coincides with F.

In conclusion, we have found a ring isomorphism L -> F. Since the inverse of an element is uniquely determined by the ring structure, it also is an isomorphism of fields.

The quotient ring Z[X]/(f) is a finite field of order p^b in which X + (f) is a zero of f. Therefore, f and X^pb - X have a zero in common. By an earlier lemma, this implies that gcd(f,X^pb - X) has degree at least 1, and so, as f is irreducible, is equal to f. In other words, f divides X^pb - X.