250 likes | 635 Views
Chapter 4 – Finite Fields Introduction. will now introduce finite fields of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public Key start with concepts of groups, rings, fields from abstract algebra. Algebraic System.
E N D
Chapter 4 – Finite Fields Introduction • will now introduce finite fields • of increasing importance in cryptography • AES, Elliptic Curve, IDEA, Public Key • start with concepts of groups, rings, fields from abstract algebra
Algebraic System • Binary Operation: Given a nonempty set S and a function op : S×SS, then op is a binary operation on S. • Examples: S= N and op = × :the multiple of integer; S= N and op = +: the addition of integer. • Algebratic Systems: (S, op1, op2, …, opn), where S is a nonenmpty set and there are at least one binary operation on S. • Examples: (R, +, ×) and (Z, +, ×)
Properties of Algebratic Systems • Closure: a op b S, where a and b S. • Associative: (a op b) op c= a op (b op c) for (S, op), where a, b, and c S. • Communicative: a op b = b op a for (S, op) for a and b S. • (Z, -) have no communicative property. • Identity: For (S, op), eS, aS, such that a op e= e op a= a. • Example: For (Z, +), e=0, for (Z, ×), e= 1. • Inverses: For (S, op), aS, bS, such that a op b = b op a = e. • Symbol : a-1 or -a.
Example: For (Z, +), the inverse of a is -a. • Example: For (R/{0}, ×), the inverse of a is a-1 while, for (Z, ×), there is no inverse for any integer. • Distribution: For (S, +, *), a*(b+c)= a*b+a*c, where a, b, and cS. • Semigroup (G,*): An algebratic system (G, *) with the following properties: Closure, association, and an identity. • Theorem: For a semigroup (G, *), the identity is unique.
Groups (G, *) : A semigroup (G, *) with inverses. • Examples:(Z, +), (R/{0}, *) are groups. • Abelian (Commutative) Groups: the group with communitative property • Theorem: For a group (G, *), the inverse of an element in G is unique. • Field (F, +, *): • (F, +) is a commutative group. • (F, *) is a semigroup and (F-{0}, *) is a commutative group, where 0 is the identity for the operation +.
Finite Fields • Finite Group (G, *): A group (G, *) with finite elements in G. • Example: ({0, 1, …, N-1}, +N) is a finite group, where N is an integer. • Cyclic Group (G, *): For a group (G, *), there exists an element a such that G= {an|nZ}, where an =a*a* …*a (n-1 times). • a:primitive root (with the order n=|G|). • Example: ({1, …, 6}, *7) is a cyclic group with the primitive root 3. [{3, 2, 6, 4, 5, 1}, & order= 6]
Generator with order m: am=1. • Finite Fields: A field (F, +, *) with finite elements in F. • Example:GF(P)= ({0, 1, …, P-1}, +P, *P) for a prime number P. [The first finite fields].
Some Famous Finite Fields [P is a prime number] • GF(P) or ZP. • GF(Pn): Given an irreducible polynomial Q(x) of degree n over GF(P). • GF(2n) for P= 2. • Example: Q(x)= x3+x+1 over GF(2) • (x+1)+ (x)= 1. • (x+1)*x2= x2+x+1.
Congruences • Given integers a, b, and n 0, a, is congruent to b modulo n, written ab mod n if and only if ab = kn for some integer k. Ex. 41 93 mod13. 18 10 mod8.
If ab mod n, then b is called a residue of a modulo n (conversely, a is a residue of b modulo n). • A set of n integers {r1, …, rn} is called a complete set of residues modulo n if, for every integer a, there is exactly one ri in the set such that ari mod n. • For any modulus n, the set of integers {0, 1,…, n1} forms a complete set of residues modulo n.
Greatest Common Divisor (GCD) • a common problem in number theory • GCD (a,b) of a and b is the largest number that divides evenly into both a and b • eg GCD(60,24) = 12 • often want no common factors (except 1) and hence numbers are relatively prime • eg GCD(8,15) = 1 • hence 8 & 15 are relatively prime
Euclidean Algorithm • an efficient way to find the GCD(a,b) • uses theorem that: • GCD(a,b) = GCD(b, a mod b) • Euclidean Algorithm to compute GCD(a,b) is: EUCLID(a,b) 1. A = a; B = b 2. if B = 0 return A = gcd(a, b) 3. R = A mod B 4. A = B 5. B = R 6. goto 2
Example GCD(1970,1066) 1970 = 1 x 1066 + 904 gcd(1066, 904) 1066 = 1 x 904 + 162 gcd(904, 162) 904 = 5 x 162 + 94 gcd(162, 94) 162 = 1 x 94 + 68 gcd(94, 68) 94 = 1 x 68 + 26 gcd(68, 26) 68 = 2 x 26 + 16 gcd(26, 16) 26 = 1 x 16 + 10 gcd(16, 10) 16 = 1 x 10 + 6 gcd(10, 6) 10 = 1 x 6 + 4 gcd(6, 4) 6 = 1 x 4 + 2 gcd(4, 2) 4 = 2 x 2 + 0 gcd(2, 0)
Finding Inverses EXTENDED EUCLID(m, b) 1. (A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); no inverse 3. if B3 = 1 return B3 = gcd(m, b); B2 = b–1 mod m 4. Q = A3 div B3 5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) 6. (A1, A2, A3)=(B1, B2, B3) 7. (B1, B2, B3)=(T1, T2, T3) 8. goto 2
Computing Inverses • Unlike ordinary integer arithmetic, modular arithmetic sometimes permits the computation of multiplicative inverse • That is, given an integer a in the range [0, n1], it may be possible to find a unique integer x in the range [0, n1] such that ax mod n = 1. • Ex. 3 and 7 are multiplicative inverses mod 10 because 21 mod 10 = 1. • Thm. If gcd(a, n) = 1, then (ai mod n) (aj mod n) for each i, j such that 0 i < j < n.
This property implies that each ai mod n (i = 0, ..., n1) is a distinct residue mod n, and that the set {ai mod n}i=0, ..., n1 • is a permutation of the complete set of residues {0, ..., n 1}. • This property does not hold when a and n have a common factor. • If gcd(a, n) = 1, then there exists an integer x, 0 < x < n, such that ax mod n = 1.
Ex. n = 5 and a = 3: 30 mod 5 = 0 31 mod 5 = 3 32 mod 5 = 1 33 mod 5 = 4 34 mod 5 = 2. • Ex. n = 4 and a = 2: 20 mod 4 = 0 21 mod 4 = 2 22 mod 4 = 0 23 mod 4 = 2.
Solving for Inverse • Euler's generalization of Fermat's theorem gives us an algorithm for solving the equation ax mod n = 1, where gcd(a, n) = 1. Since a(n) mod n = 1, we may compute x as axa(n) , or x = a(n)1 mod n. If n is prime, this is simply x = a(n1)1 mod n = an2 mod n.
Ex. Let a = 3 and n = 7. Then x = 35 mod 7 = 5. • Ex. Let a = 2 and n = 15. Then x = 27 mod 15 = 8. • With this approach, to compute x, you have to know (n).
Another Approach • x can also be computed using an extension of Euclid's algorithm for computing the greatest common divisor. • This is more suitable for computers to do. Euclid's algorithm for computing greatest common divisor : gcd(a, n) g0n g1a i 1 whilegi 0 gi+1gi1modgi ii + 1 returngi1
Extended Euclid's Algorithm • Extended Euclid's algorithm for computing inverse (loop invariant: gi = uin + via): • inv(a, n) g0n; g1a; u0 1; v0 0; u1 0; v1 1; i 1 whilegi 0 ygi1divgi gi+1gi1ygi ui+1ui1yui vi+1vi1yvi ii + 1 xvi1 ifx 0 returnx else returnx + n
Example • Ex. To solve 3x mod 7 = 1 using the algorithm, we have • Because v2 = 2 is negative, the solution is x = 2 + 7 = 5.