"There are those who are destined to be good, but never to experience it. I believe I am one of them."

"There are those who are destined to be good, but never to experience it. I believe I am one of them." --- Evariste Galois (1811-1832)

Mathematical Background: A Revision • finite fields (FF) required for understanding • AES • Elliptic Curve Cryptography • To study FF, we shall revise the concepts of • groups, rings, fields from abstract algebra • Modular arithmetic and Euclidean Algorithm • Finite fields of the form GF(p), where p is a prime number

Group Theory: History • Groups: First used by Evariste Galois (b.1811- d.1832) in his work, without defining a Group • Galois, a student ofM. Vernierin 1827and a contemporary ofCauchy, Poisson, Abel, Jacobi, Fourier, Gauss and Napolean (ruled during 1800-1815) • He failed to join Ecole Polytechnique, though he appeared twice in the entrance tests. • An ardent Republican, he was sent to prison twice by the King.

Quest for Academy Award • 1829: Galois (only 18 years old) submitted two papers to Académie des Sciences for publication in its ‘Memoirs’; Cauchy was the referee for the papers. • Galois read a posthumous paper of Abel and found that there was an overlap between his and Abel’s work. So he consulted Cauchy. Cauchy (winner of Grand prix in 1816) advised him to rewrite it and submit it for Grand Prix. • Feb 1830: Galois submitted the modified paper to Fourier for Grand Prix; Fourier died in April 1830 and the paper was lost; Abel and Jacobi got the Grand Prix prize.

Last Night • 1831: Galois again submitted to Académie des Sciences; Poisson was the Reviewer. He did not understand the paper and rejected it. • night of 30 May 1832: injured at the duel with Perscheux d'Herbinville over the prison’s physician’s daughter named Stephanie-Felice du Motel: abandoned by both Perscheux as well as his seconds. A peasant took him to a hospital, where he died at the age of 21 in 1832. • A story?: an injured Galois wrote notes on the rejected paper; a night of furious writings by Galois

First definitions • Liouville, Galois’s elder brother, copied his papers and sent them to Gauss, Jacobi and others • 14 years later” 1846: Liouville got Galois' papers published • 1845: Cauchy defined a "conjugate system of substitutions“, another name of Groups. During 1845-46, he wrote 25 papers on it. • 1854: The first person to try to give (not completely correct) an abstract definition of a group: Cayley. • 1863: Jordan’s commentary on Galois paper and his book used the term GROUP

Group Theory the first modern book • Walter Ledermann's book Introduction to the theory of finite groups, published by publisher Oliver & Boyd in Edinburgh 1949 (when Ledermann was 38 years old, assistant lecturer at St Andrews ) • was based on Schur's lectures on group theory.

Group Theory and communism • Ledermann wrote it in the British Museum Library (sitting in the same chair where Karl Marx wrote Das Capital) • Ledermann came for a lecture on Group Theory at University of Notre Dame in the United States; the parcel of books was stopped by US Customs, who mistook it as a book of Communist groups, till the Head of Dept of Notre Dame personally spoke to Customs.

A note on types of numbers • Positive integers and Integers • Rational numbers: “A rational number is any number that can be written as a ratio of two integers.” Reference: [1] http://bing.search.sympatico.ca/?q=difference%20between%20a%20real%20number%20and%20a%20rational%20number&mkt=en-ca&setLang=en-CA • Examples: Integers, fractions, mixed numbers, and decimals; together with their negative images. • Examples of irrational numbers: √2, √3, √5, pi (π), e π = a mathematical constant whose value is the ratio of any circle 's circumference to its diameter =3.14159265358979323846264338327950288419716939937510 e = base of the natural logarithm; known as Napier's constant; symbol honors Euler = 2.718281828459045235360287471352662497757…………. = is the unique number with the property that the area of the region bounded by the hyperbola y = 1/x, the x-axis, and the vertical lines x = 1 and x = e is 1. In other words 1∫e (dx/x) = ln e = 1.

A note on types of numbers………………..2 • Real numbers: • Any number that can be found on the number line; • a number required to label any point on the number line; • a number whose absolute value names the distance of any point from 0. • both rational and irrational numbers; • Between any two rational numbers on the number line there is an irrational number. [1] • Between any two irrational numbers there is a rational number [1]

A note on types of numbers………………..3 • Complex numbers: Example: x + i y , where • x and y: real numbers and • i = √(-1) . • The field of complex numbers includes the field of real numbers as a subfield. References: (i) http://www.themathpage.com/aPreCalc/rational-irrational-numbers.htm (ii) http://mathworld.wolfram.com/ComplexNumber.html

Group DEFINITION: • a set of elements or “numbers” • with some operation whose result is also in the set (closure) (The operation is shown through the symbol “.” in the examples below.) • obeys: • associative law: (a.b).c = a.(b.c) • has an identity element e so that for all a Є G, e.a = a.e = a • For each a Є G, there exists an inverse element a-1 Є G,such thata.a-1 = e

Example of a group Example 1: N = a set of n distinct symbols = {1,2,…..,n} S = set of all permutations of the n symbols S is a Group, under the operation of permutation. Prove • Closure • Association • Existence of an identity element as a member of the group • Existence of an inverse for every member of the Group A Finite Group: if the number of members of the group is finite. An Infinite Group

Abelian Group If in addition to the three properties stated in slide 2, the property of commutation is satisfied, G is said to be an abelian group. Commutative: if for all a,b Є G, a.b = b.a Examples: 2. Prove that S, as defined in Example 1, is not an Abelian group. 3. Prove that the set of integers (positive, negative and zero) is an Abelian group under addition. Hint: Identity element = 0, Inverse element of X is –X.

Some Definitions and the definition of a Cyclic Group • Exponentiation:defined as repeated application of an operator. • example: a3 = a.a.a • Identity Element : e=a0 • If a’ be the inverse of a, a-n = (a’)n • A Group is cyclic if every member of the Group is generated by a single element “a”, (called the Generator) through exponentiation. “a” is a member of the Group. A cyclic group is Abelian.

Cyclic Group (continued) Cyclic group: • b =ak For some integer value of k, b should stand for every member of the Group • A cyclic Group may be finite or infinite. • Subgroups of a cyclic group are also cyclic. • A cyclic group may have more than one generator element. • Example 4a: A group of integers, under the operation of addition, is a cyclic group. Both 1 and –1 are the generators.

Cyclic Groups of Finite Group Order • A cyclic group of finite group order n is denoted as Cn with a generator element a and an identity element e such that e =an. The operations of such a group may be defined mod n. Example 4b: Zn is a finite cyclic group of integers 0,1,2……(n-1), under the operation of “addition mod n”, with a generator element of 1 and an identity element of 0

Generator of a Field • GENERATOR: an element whose successive powers take on every element of the field except the zero • For Prime number fields: a = gj modp • Not every element of a field is a generator. • For every 0<j<=(p-1), a different element is obtained. • ORDER of a generator element: the smallest exponent j (< p), that gets the identity element. gj mod p = 1

Example of a generator and order Examples1: Modulo 13: 4 and 5 are NOT generator elements. a = 2 is a generator element. Its order is 12. exponent, b ab mod13

Another Example: a generator and order Examples 2: Modulo 11: 2, 6, 7 and 8 are examples of generator elements. Order of 2, 6, 7 and 8: 10.

Ring Consider a set of “numbers” with two binary operations, called addition and multiplication. • If the set constitutes an Abelian group with addition operation, and, • if with multiplication operation, the set: • has closure: For a, b Є G, a.b Є G • is associative: For a, b, c Є G, (a.b).c = a.(b.c) • distributive over addition: a.(b+c) = a.b + a.c the set constitutes a Ring. In a Ring, we can do multiplication, addition and subtraction without leaving the Ring.

Commutative Ring Ex 5: The set of all square matrices is a Ring over addition and multiplication. • For a Ring, if multiplication operation is commutative, the set forms a commutative ring. Examples : Ex 6: The set of matrices of Ex 5 is NOT a commutative Ring. Ex 7: The set S2 of even integers ( positive, negative and 0), under the operations of addition and multiplication, is a Commutative Ring.

Integral Domain • A commutative ring R is said to constitute an Integral Domain if, • multiplication operation has an identity: a.1 = 1.a for alla Є R, and if, • for a, b Є R, if a.b = 0, then either a = 0 or b = 0. Ex 8: S3, the set of integers (positive, negative and 0) under the operations of addition and multiplication is an Integral domain.

Field a Field: a set of elements F, with two binary operations, called addition and multiplication, such that • F is an Integral Domain, and, • For each a Є F, except 0, there is an element a-1 in F such that a. a-1 = a-1.a = 1 (Existence of multiplicative inverse)

Field (continued) Thus in a Field, we can do addition, subtraction, multiplication and division without leaving the set. Ex 9.The set of all integers S3 is not a Field. 10.The following are Fields: • The set of Rational Numbers • The set of real numbers • The set of complex numbers. All of the above examples of Fields have infinite number of elements. We shall see that Fields can be finite also.

Group, Ring and Field [A1] closure under addition: [A2] Associativity of addition: [A3] Additive identity: [A4] Additive inverse: Group Abelian Group [A5] Commutativity of addition: [M1] closure under multiplication: [M2] Associativity of multiplication: Ring [M3] Distributive laws: [M4] Commutativity of multiplication: Commutative Ring [M5] Multiplicative identity: Integral domain [M6] No zero divisors: Field [M7] Multiplicative inverse:

Mathematical properties 1 A1: If a and b belong to S, then a + b is also in S A2: a + (b+c) = (a+b) + c for all a,b,c in S A3: There is an element 0 in R such that a + 0 = 0 + a = a for all a in S A4: For each a in S there is an element –a in S such that a + (-a) = (-a) + a = 0 A5: a + b = b + a for all a,b in A M1: If a and b belong to S, then ab is also in S M2: a (bc) = (ab) c for all a, b, c in S

Mathematical properties 2 M3: a(b+c) = ab + ac for all a, b, c in S (a+b)c = ac + bc for all a, b, c in S M4: ab = ba for all a, b in S M5: There is an element 1 is S such that a1 = 1a = a for all a in S M6: If a , b in S and ab = 0, then either a = 0 or b = 0 M7: If a belongs to S and a  0, there is an element a-1 in S such that a. a-1 = a-1.a = 1

Agenda After defining Rings and Fields: • Modular arithmetic • Divisors, GCD, Euclid’s theorem • prime numbers • Fields of type Zp • Finite Fields, Extended Euclid’s Theorem for finding multiplicative inverse Polynomial arithmetic

Modular Arithmetic: Definitions • modulo operator: a mod n= b where b is the remainder when a is divided by n; b is called the residue of a mod n. • a = q.n + b 0 <= b < n; q = a/n where x is the largest integer less than or equal to x Example 13: a = (b+c)mod 8 In the next slide, b is the element given in the first column (outside the box). c is the element given in the top row (outside the box). The values of a are given in the box.

Modulo 8 Example

Congruency mod n • If a mod n = b mod n, a and b are said to be congruent mod n. The above statement may be written as, a=b mod n • reducing k modulo n: The process of finding the smallest Non-negative integer, to which k is congruent

Modular Arithmetic: A Revision (continued) • Modular Arithmetic: • a = qn + r. r 0 1.n 2.n q.n a (q+1).n r 0 -q.n a -(q-1).n -3.n -2.n -n Thus 11 = 1.7 + 4  r = 4 = 11 mod 7 -11 = -2.7 + 3  r = 3 =-11mod 7

k mod m • 11 mod 7 = 4 • (-11) mod 7 = 3 • In general, If r = k mod m, ( - k) mod m = m - r if r ≠ 0; But ( - k) mod m = 0 if r = 0. i.e. k mod m may or may not be equal to (-k) mod m. r = k mod m = k mod (-m) = k mod(lml)

Reducing k modulo 7: Example 12 ... -21 -20 -19 -18 -17 -16 -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 ... All the elements in a column are congruent mod 7 • [O] = {….,-21,-14,-7,0,7,14….} is called a Residue Class. (Every column constitutes a Residue Class.) • The Smallest Non-negative integer of the class is used to represent the class. Reduced values

Modular Arithmetic: • [a mod n + b mod n] mod n = (a + b)mod n • [a mod n - b mod n] mod n = (a - b)mod n • [a mod n x b mod n] mod n = (a x b)mod n Ex 14 of Exponentiation:To evaluate 1211mod 7: 122mod 7 = 4; 128mod 7 = 44mod 7 = 4; 12 x 122 x 128 mod 7= 5 x 4 x 4 mod 7 = 3

“Note that the positions of primes constitute just about the most fundamental, inarguable, nontrivial information available to our consciousness. This transcends history, culture, and opinion. It would appear to exist 'outside' space and time and yet to be accessible to any consciousness with some sense of repetition, rhythm, or counting.” -- Matthew R. Watkins, School of Mathematical Sciences at Exeter University, UK http://www.maths.ex.ac.uk/%7Emwatkins/zeta/ss-b.htm, as of November 3, 2007

Modular Arithmetic Additive and multiplicative inverses additive inverse: Let c be the inverse of a. Then a + c = 0 mod n. Example 15: Additive inverse of 5 mod 8: 5 + c = 0 mod 8. Therefore c = 3 multiplicative inverse: Let c be the inverse of a. Then a x c = 1 mod n. Example 16: Multiplicative inverse of 5 mod 8: 5 x c = 1 mod 8. Therefore c = 5, 13, ….

Relatively Prime Numbers • Two integers are said to be relatively prime if their only common positive integer factor is 1. • In Example 16, 5 and 8 are relatively prime. • Consider the case where ‘a’ and ‘n’ have a common factor other than 1 (i. e. the case where ‘a’ and ‘n’ are not relatively prime)

Multiplicative Inverse (continued…) • Example 17: a=6 & n=8 • 6.c = 1 mod 8 No value of c, that satisfies the above, can be found . In general an integer has a multiplicative inverse in Zn if that integer is relatively prime to n.

Inverses for modulo 8

Multiplicative Inverse: Table 2 a =5 is the multiplicative inverse of 5 mod 8.

Multiplicative Inverse: Table 2 Continued a =13 is the multiplicative inverse of 5 mod 8.

Multiplicative Inverse • Let c be the Multiplicative Inverse of b mod n. b.c = 1 mod n = k.n + 1 Therefore b.(c + n) = (k + b).n + 1 = k1.n + 1 Thus c, c + n, c + 2n……. are all multiplicative inverses of c. However for a field Zp, with members as 0,1,2,3…….(p-1), the smallest positive number would be said to be the Multiplicative Inverse.

Some properties of modulo operator some peculiarities • if (a+b)≡(a+c) mod n then b≡c mod n • but if (a.b)≡(a.c) mod n then b≡c mod n only if a is relatively prime to n • Proof: • Given (a+b) = (a+c) mod n • Add -a (the additive inverse of a) to both sides. [-a +a+b] = [-a +a+c] mod n b = c mod n

properties of modulo operator:Proof • Proof: • Given (a x b) = (a x c) mod n • Multiply with a-1 (Multiplicative inverse of a) on both sides: a-1 (a x b) = [a-1 (a x c)] mod n b = c mod n • REVISION: However the multiplicative inverse of ‘a’ exists only if ‘a’ and ‘n‘ are relatively prime. • a ≡ b mod n if n|(a-b)

Agenda After studying examples of modular arithmetic: • Modular arithmetic • Divisors, GCD, Euclid’s theorem • prime numbers • Fields of type Zp • Finite Fields, Extended Euclid’s Theorem for finding multiplicative inverse Polynomial arithmetic

Divisors • If for some m,a=mb (a,b,m all integers), that is b divides into a with no remainder , • denote this as b|a • and say that b is a divisor of a • eg. all of 1,2,3,4,6,8,12,24 are the divisors of 24.

Greatest Common Divisor • gcd(a,b) = max [k, such that k|a and k|b] • Properties: 1. gcd is required to be positive. gcd(a,b) = gcd(a, -b) = gcd(-a,b) = gcd(-a,-b) = gcd(|a|,|b|) 2. gcd(a,0) = |a| 3. If gcd(a,b) = 1, a and b are relatively prime.

"There are those who are destined to be good, but never to experience it. I believe I am one of them."